syzbot


general protection fault in hci_uart_write_work

Status: fixed on 2019/03/28 12:00
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+257790c15bcdef6fe00c@syzkaller.appspotmail.com
Fix commit: 32a7b4cbe93b Bluetooth: hci_ldisc: Initialize hci_dev before open()
First crash: 1900d, last: 1850d
Discussions (8)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 5.0 001/262] CIFS: fix POSIX lock leak and invalid ptr deref 284 (284) 2019/04/04 13:22
[PATCH AUTOSEL 4.14 001/123] CIFS: fix POSIX lock leak and invalid ptr deref 123 (123) 2019/03/27 18:16
[PATCH AUTOSEL 4.19 001/192] CIFS: fix POSIX lock leak and invalid ptr deref 192 (192) 2019/03/27 18:10
[PATCH 5.0 00/52] 5.0.5-stable review 61 (61) 2019/03/27 05:06
[PATCH 4.19 00/45] 4.19.32-stable review 51 (51) 2019/03/27 04:04
[PATCH 4.14 00/41] 4.14.109-stable review 47 (47) 2019/03/26 23:15
[PATCH] Bluetooth: hci_ldisc: Initialize hci_dev before open() 2 (2) 2019/02/18 12:55
general protection fault in hci_uart_write_work 0 (1) 2019/01/14 17:03

Sample crash report:
R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
Bluetooth: Invalid header checksum
kasan: GPF could be caused by NULL-ptr deref or user memory access
Bluetooth: Can't allocate HCI device
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.0.0-rc8 #87
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events hci_uart_write_work
RIP: 0010:hci_uart_write_work+0x1b6/0x710 drivers/bluetooth/hci_ldisc.c:180
Code: 0f 85 6a 04 00 00 49 8b b4 24 c8 00 00 00 4c 89 ef e8 de 57 53 02 89 c6 48 8b 45 d0 48 8d b8 5c 10 00 00 48 89 f8 48 c1 e8 03 <0f> b6 14 18 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 1d
RSP: 0018:ffff8880aa287cb0 EFLAGS: 00010203
RAX: 000000000000020b RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000105c
RBP: ffff8880aa287d30 R08: ffff8880aa272300 R09: ffff8880aa272bc8
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880948e0000
R13: ffff88808f889480 R14: ffff88808f12d068 R15: ffff8880948e0070
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004a2368 CR3: 000000008d627000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 process_one_work+0x98e/0x1790 kernel/workqueue.c:2173
 worker_thread+0x98/0xe40 kernel/workqueue.c:2319
 kthread+0x357/0x430 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace adfcc63cbdcbd549 ]---
RIP: 0010:hci_uart_write_work+0x1b6/0x710 drivers/bluetooth/hci_ldisc.c:180
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Code: 0f 85 6a 04 00 00 49 8b b4 24 c8 00 00 00 4c 89 ef e8 de 57 53 02 89 c6 48 8b 45 d0 48 8d b8 5c 10 00 00 48 89 f8 48 c1 e8 03 <0f> b6 14 18 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 1d
RSP: 0018:ffff8880aa287cb0 EFLAGS: 00010203
RAX: 000000000000020b RBX: dffffc0000000000 RCX: 0000000000000000
CPU: 1 PID: 7598 Comm: syz-executor881 Tainted: G      D           5.0.0-rc8 #87
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000105c
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RBP: ffff8880aa287d30 R08: ffff8880aa272300 R09: ffff8880aa272bc8
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0x1b lib/fault-inject.c:149
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880948e0000
R13: ffff88808f889480 R14: ffff88808f12d068 R15: ffff8880948e0070
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
 __should_failslab+0x121/0x190 mm/failslab.c:32
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 should_failslab+0x9/0x14 mm/slab_common.c:1604
CR2: 00000000004a2368 CR3: 0000000008871000 CR4: 00000000001406f0
 slab_pre_alloc_hook mm/slab.h:423 [inline]
 slab_alloc mm/slab.c:3374 [inline]
 kmem_cache_alloc_trace+0x2d1/0x760 mm/slab.c:3613
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 kmalloc include/linux/slab.h:545 [inline]
 kzalloc include/linux/slab.h:740 [inline]
 hci_alloc_dev+0x43/0x1d00 net/bluetooth/hci_core.c:3116

Crashes (84):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/02/25 16:30 upstream 5908e6b738e3 a70141bf .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/02/17 04:29 upstream 64c0133eb88a f42dee6d .config console log report syz C ci-upstream-kasan-gce
2019/01/14 07:51 upstream 6b529fb0a3ea c3f3344c .config console log report syz C ci-upstream-kasan-gce-root
2019/01/14 08:30 upstream 6b529fb0a3ea c3f3344c .config console log report syz C ci-upstream-kasan-gce-386
2019/02/17 23:57 linux-next 7a92eb7cc1dc 3e98cc30 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/03/04 12:48 upstream 1c163f4c7b3f 7c693b52 .config console log report ci-upstream-kasan-gce-smack-root
2019/03/03 02:53 upstream c93d9218ea56 1c0e457a .config console log report ci-upstream-kasan-gce-smack-root
2019/03/01 15:44 upstream 7d762d69145a 8a4b3a6b .config console log report ci-upstream-kasan-gce-selinux-root
2019/03/01 03:14 upstream 7d762d69145a 09aeeba4 .config console log report ci-upstream-kasan-gce-smack-root
2019/02/27 12:41 upstream 7d762d69145a 083cfd0e .config console log report ci-upstream-kasan-gce
2019/02/26 16:00 upstream 7d762d69145a a36ecd98 .config console log report ci-upstream-kasan-gce
2019/02/25 07:43 upstream c3619a482e15 7a06e792 .config console log report ci-upstream-kasan-gce-selinux-root
2019/02/24 01:50 upstream e60b5f79bd75 7a06e792 .config console log report ci-upstream-kasan-gce-selinux-root
2019/02/23 15:53 upstream cb268d806972 18107ce0 .config console log report ci-upstream-kasan-gce-smack-root
2019/02/20 23:39 upstream 2137397c92ae c95f0707 .config console log report ci-upstream-kasan-gce-selinux-root
2019/02/19 22:35 upstream b5372fe5dc84 4df543c9 .config console log report ci-upstream-kasan-gce
2019/02/18 21:31 upstream a3b22b9f11d9 59f36113 .config console log report ci-upstream-kasan-gce
2019/02/17 07:53 upstream 64c0133eb88a f42dee6d .config console log report ci-upstream-kasan-gce-root
2019/02/16 07:52 upstream 5ded5871030e f42dee6d .config console log report ci-upstream-kasan-gce-selinux-root
2019/02/15 15:51 upstream cb5b020a8d38 f6f233c0 .config console log report ci-upstream-kasan-gce-smack-root
2019/02/15 13:45 upstream cb5b020a8d38 f6f233c0 .config console log report ci-upstream-kasan-gce
2019/02/14 11:21 upstream 1f947a7a011f 6a46f448 .config console log report ci-upstream-kasan-gce
2019/02/13 07:23 upstream 57902dc0670c 1eedba36 .config console log report ci-upstream-kasan-gce-root
2019/02/13 05:15 upstream 57902dc0670c 1eedba36 .config console log report ci-upstream-kasan-gce
2019/02/12 20:49 upstream aa0c38cf39de 6ecc6d0f .config console log report ci-upstream-kasan-gce
2019/02/10 09:25 upstream df3865f8f568 b4f792e4 .config console log report ci-upstream-kasan-gce
2019/02/08 21:56 upstream 74e96711e337 fa6c7b70 .config console log report ci-upstream-kasan-gce
2019/02/06 14:15 upstream 8834f5600cf3 d25487bc .config console log report ci-upstream-kasan-gce-root
2019/02/06 11:25 upstream 8834f5600cf3 d672172c .config console log report ci-upstream-kasan-gce-root
2019/02/05 08:34 upstream 8834f5600cf3 d672172c .config console log report ci-upstream-kasan-gce-smack-root
2019/02/05 08:31 upstream 8834f5600cf3 d672172c .config console log report ci-upstream-kasan-gce-selinux-root
2019/02/03 05:58 upstream 12491ed354d2 c198d5dd .config console log report ci-upstream-kasan-gce
2019/02/03 01:47 upstream 12491ed354d2 c198d5dd .config console log report ci-upstream-kasan-gce-smack-root
2019/02/02 20:19 upstream cd984a5be215 c198d5dd .config console log report ci-upstream-kasan-gce-selinux-root
2019/02/02 04:31 upstream 5eeb63359b1e 564f9a4f .config console log report ci-upstream-kasan-gce-root
2019/02/02 01:48 upstream 5eeb63359b1e 564f9a4f .config console log report ci-upstream-kasan-gce-smack-root
2019/01/29 20:47 upstream 4aa9fc2a435a aa432daf .config console log report ci-upstream-kasan-gce-smack-root
2019/01/29 05:00 upstream 4aa9fc2a435a aa432daf .config console log report ci-upstream-kasan-gce-selinux-root
2019/01/28 14:16 upstream f17b5f06cb92 629c2a27 .config console log report ci-upstream-kasan-gce
2019/01/26 20:42 upstream ba6069759381 c73f090a .config console log report ci-upstream-kasan-gce
2019/01/26 02:33 upstream ba6069759381 ebf7a37c .config console log report ci-upstream-kasan-gce
2019/01/15 05:37 upstream c962cb323ec2 ebacf5cb .config console log report ci-upstream-kasan-gce
2019/01/14 07:34 upstream 6b529fb0a3ea c3f3344c .config console log report ci-upstream-kasan-gce-root
2019/03/03 04:00 upstream c93d9218ea56 1c0e457a .config console log report ci-upstream-kasan-gce-386
2019/03/01 06:22 upstream 7d762d69145a 8a4b3a6b .config console log report ci-upstream-kasan-gce-386
2019/02/07 10:01 upstream b0314565da2b aa4feb03 .config console log report ci-upstream-kasan-gce-386
2019/01/14 07:32 upstream 6b529fb0a3ea c3f3344c .config console log report ci-upstream-kasan-gce-386
2019/02/16 15:49 linux-next 7a92eb7cc1dc f42dee6d .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/10 13:06 linux-next a46228f6598a b4f792e4 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/08 04:58 linux-next 1bd831d68d55 aa4feb03 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/08 01:09 linux-next 1bd831d68d55 aa4feb03 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/07 07:09 linux-next 1a82ba1c69e3 d25487bc .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/04 20:07 linux-next dc4c89997735 d672172c .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/01 14:25 linux-next dc4c89997735 0c07abcf .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/01 14:22 linux-next dc4c89997735 0c07abcf .config console log report ci-upstream-linux-next-kasan-gce-root
2019/01/14 19:43 linux-next 8ce4d582f564 95485883 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.