general protection fault in hci_uart_write

general protection fault in hci_uart_write_work
Status: fixed on 2019/03/28 12:00
Reported-by: syzbot+257790c15bcdef6fe00c@syzkaller.appspotmail.com
Fix commit: 32a7b4cb Bluetooth: hci_ldisc: Initialize hci_dev before open()
First crash: 535d, last: 486d

Sample crash report:

R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
Bluetooth: Invalid header checksum
kasan: GPF could be caused by NULL-ptr deref or user memory access
Bluetooth: Can't allocate HCI device
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.0.0-rc8 #87
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events hci_uart_write_work
RIP: 0010:hci_uart_write_work+0x1b6/0x710 drivers/bluetooth/hci_ldisc.c:180
Code: 0f 85 6a 04 00 00 49 8b b4 24 c8 00 00 00 4c 89 ef e8 de 57 53 02 89 c6 48 8b 45 d0 48 8d b8 5c 10 00 00 48 89 f8 48 c1 e8 03 <0f> b6 14 18 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 1d
RSP: 0018:ffff8880aa287cb0 EFLAGS: 00010203
RAX: 000000000000020b RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000105c
RBP: ffff8880aa287d30 R08: ffff8880aa272300 R09: ffff8880aa272bc8
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880948e0000
R13: ffff88808f889480 R14: ffff88808f12d068 R15: ffff8880948e0070
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004a2368 CR3: 000000008d627000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 process_one_work+0x98e/0x1790 kernel/workqueue.c:2173
 worker_thread+0x98/0xe40 kernel/workqueue.c:2319
 kthread+0x357/0x430 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace adfcc63cbdcbd549 ]---
RIP: 0010:hci_uart_write_work+0x1b6/0x710 drivers/bluetooth/hci_ldisc.c:180
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Code: 0f 85 6a 04 00 00 49 8b b4 24 c8 00 00 00 4c 89 ef e8 de 57 53 02 89 c6 48 8b 45 d0 48 8d b8 5c 10 00 00 48 89 f8 48 c1 e8 03 <0f> b6 14 18 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 1d
RSP: 0018:ffff8880aa287cb0 EFLAGS: 00010203
RAX: 000000000000020b RBX: dffffc0000000000 RCX: 0000000000000000
CPU: 1 PID: 7598 Comm: syz-executor881 Tainted: G      D           5.0.0-rc8 #87
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000105c
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RBP: ffff8880aa287d30 R08: ffff8880aa272300 R09: ffff8880aa272bc8
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0x1b lib/fault-inject.c:149
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880948e0000
R13: ffff88808f889480 R14: ffff88808f12d068 R15: ffff8880948e0070
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
 __should_failslab+0x121/0x190 mm/failslab.c:32
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 should_failslab+0x9/0x14 mm/slab_common.c:1604
CR2: 00000000004a2368 CR3: 0000000008871000 CR4: 00000000001406f0
 slab_pre_alloc_hook mm/slab.h:423 [inline]
 slab_alloc mm/slab.c:3374 [inline]
 kmem_cache_alloc_trace+0x2d1/0x760 mm/slab.c:3613
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 kmalloc include/linux/slab.h:545 [inline]
 kzalloc include/linux/slab.h:740 [inline]
 hci_alloc_dev+0x43/0x1d00 net/bluetooth/hci_core.c:3116

Crashes (84):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-kasan-gce-smack-root	2019/02/25 16:30	upstream	5908e6b7	a70141bf	.config	log	report	syz	C	johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/02/17 04:29	upstream	64c0133e	f42dee6d	.config	log	report	syz	C	johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-root	2019/01/14 07:51	upstream	6b529fb0	c3f3344c	.config	log	report	syz	C	johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-386	2019/01/14 08:30	upstream	6b529fb0	c3f3344c	.config	log	report	syz	C	johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-linux-next-kasan-gce-root	2019/02/17 23:57	linux-next	7a92eb7c	3e98cc30	.config	log	report	syz	C	johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-smack-root	2019/03/04 12:48	upstream	1c163f4c	7c693b52	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-smack-root	2019/03/03 02:53	upstream	c93d9218	1c0e457a	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-selinux-root	2019/03/01 15:44	upstream	7d762d69	8a4b3a6b	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-smack-root	2019/03/01 03:14	upstream	7d762d69	09aeeba4	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/02/27 12:41	upstream	7d762d69	083cfd0e	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/02/26 16:00	upstream	7d762d69	a36ecd98	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-selinux-root	2019/02/25 07:43	upstream	c3619a48	7a06e792	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-selinux-root	2019/02/24 01:50	upstream	e60b5f79	7a06e792	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-smack-root	2019/02/23 15:53	upstream	cb268d80	18107ce0	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-selinux-root	2019/02/20 23:39	upstream	2137397c	c95f0707	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/02/19 22:35	upstream	b5372fe5	4df543c9	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/02/18 21:31	upstream	a3b22b9f	59f36113	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-root	2019/02/17 07:53	upstream	64c0133e	f42dee6d	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-selinux-root	2019/02/16 07:52	upstream	5ded5871	f42dee6d	.config	log	report			akpm@linux-foundation.org, hmclauchlan@fb.com, joe@perches.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, mhocko@suse.com, rientjes@google.com
ci-upstream-kasan-gce-smack-root	2019/02/15 15:51	upstream	cb5b020a	f6f233c0	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/02/15 13:45	upstream	cb5b020a	f6f233c0	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/02/14 11:21	upstream	1f947a7a	6a46f448	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-root	2019/02/13 07:23	upstream	57902dc0	1eedba36	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/02/13 05:15	upstream	57902dc0	1eedba36	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/02/12 20:49	upstream	aa0c38cf	6ecc6d0f	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/02/10 09:25	upstream	df3865f8	b4f792e4	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/02/08 21:56	upstream	74e96711	fa6c7b70	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-root	2019/02/06 14:15	upstream	8834f560	d25487bc	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-root	2019/02/06 11:25	upstream	8834f560	d672172c	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-smack-root	2019/02/05 08:34	upstream	8834f560	d672172c	.config	log	report			linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-selinux-root	2019/02/05 08:31	upstream	8834f560	d672172c	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/02/03 05:58	upstream	12491ed3	c198d5dd	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-smack-root	2019/02/03 01:47	upstream	12491ed3	c198d5dd	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-selinux-root	2019/02/02 20:19	upstream	cd984a5b	c198d5dd	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-root	2019/02/02 04:31	upstream	5eeb6335	564f9a4f	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-smack-root	2019/02/02 01:48	upstream	5eeb6335	564f9a4f	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-smack-root	2019/01/29 20:47	upstream	4aa9fc2a	aa432daf	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-selinux-root	2019/01/29 05:00	upstream	4aa9fc2a	aa432daf	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/01/28 14:16	upstream	f17b5f06	629c2a27	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/01/26 20:42	upstream	ba606975	c73f090a	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/01/26 02:33	upstream	ba606975	ebf7a37c	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce	2019/01/15 05:37	upstream	c962cb32	ebacf5cb	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-root	2019/01/14 07:34	upstream	6b529fb0	c3f3344c	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-386	2019/03/03 04:00	upstream	c93d9218	1c0e457a	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-386	2019/03/01 06:22	upstream	7d762d69	8a4b3a6b	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-386	2019/02/07 10:01	upstream	b0314565	aa4feb03	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-kasan-gce-386	2019/01/14 07:32	upstream	6b529fb0	c3f3344c	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-linux-next-kasan-gce-root	2019/02/16 15:49	linux-next	7a92eb7c	f42dee6d	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-linux-next-kasan-gce-root	2019/02/10 13:06	linux-next	a46228f6	b4f792e4	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-linux-next-kasan-gce-root	2019/02/08 04:58	linux-next	1bd831d6	aa4feb03	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-linux-next-kasan-gce-root	2019/02/08 01:09	linux-next	1bd831d6	aa4feb03	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-linux-next-kasan-gce-root	2019/02/07 07:09	linux-next	1a82ba1c	d25487bc	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-linux-next-kasan-gce-root	2019/02/04 20:07	linux-next	dc4c8999	d672172c	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-linux-next-kasan-gce-root	2019/02/01 14:25	linux-next	dc4c8999	0c07abcf	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-linux-next-kasan-gce-root	2019/02/01 14:22	linux-next	dc4c8999	0c07abcf	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org
ci-upstream-linux-next-kasan-gce-root	2019/01/14 19:43	linux-next	8ce4d582	95485883	.config	log	report			johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org