syzbot


BUG: unable to handle kernel paging request in btintel_read_version

Status: upstream: reported C repro on 2024/03/27 02:05
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+431cb687015204d8ad1a@syzkaller.appspotmail.com
First crash: 250d, last: 243d
Bug presence (2)
Date Name Commit Repro Result
2024/03/27 linux-6.1.y (ToT) e5cd595e23c1 C [report] BUG: unable to handle kernel paging request in btintel_read_version
2024/03/27 upstream (ToT) 7033999ecd7b C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in btintel_read_version bluetooth C error 5 309d 320d 25/28 fixed on 2024/04/10 03:59
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/04/01 17:03 2h07m fix candidate upstream OK (0) job log

Sample crash report:
Unable to handle kernel paging request at virtual address dfff80000000000e
KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff80000000000e] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4242 Comm: kworker/u5:7 Not tainted 6.1.83-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Workqueue: hci3 hci_power_on
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : btintel_read_version+0x90/0x194 drivers/bluetooth/btintel.c:414
lr : btintel_read_version+0x3c/0x194 drivers/bluetooth/btintel.c:407
sp : ffff80001dda7420
x29: ffff80001dda7420 x28: ffff80001dda74c0 x27: ffff80001dda7640
x26: 0000000000000000 x25: ffff700003bb4e98 x24: ffff0000d7cc9fb8
x23: dfff800000000000 x22: ffff80001dda7620 x21: ffff0000d7cc8000
x20: ffff80001dda7620 x19: 0000000000000000 x18: ffff80001dd87480
x17: ffff8000188cc000 x16: ffff8000084f9258 x15: 0000000000000000
x14: 0000000000000002 x13: ffff0000d7c3d340 x12: 0000000000ff0100
x11: 0000000000ff0100 x10: 0000000000000003 x9 : 000000000000000e
x8 : 0000000000000070 x7 : ffff8000082db800 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : 0000000000000031 x0 : 0000000000000000
Call trace:
 btintel_read_version+0x90/0x194 drivers/bluetooth/btintel.c:414
 ag6xx_setup+0x1a4/0xd0c drivers/bluetooth/hci_ag6xx.c:169
 hci_uart_setup+0x330/0x7d8 drivers/bluetooth/hci_ldisc.c:423
 hci_dev_setup_sync net/bluetooth/hci_sync.c:4678 [inline]
 hci_dev_init_sync net/bluetooth/hci_sync.c:4748 [inline]
 hci_dev_open_sync+0x35c/0x3078 net/bluetooth/hci_sync.c:4846
 hci_dev_do_open net/bluetooth/hci_core.c:483 [inline]
 hci_power_on+0x150/0x68c net/bluetooth/hci_core.c:984
 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
 worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
Code: f2fbfff7 d343fd09 1200090a 11000d4a (38f76929) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	f2fbfff7 	movk	x23, #0xdfff, lsl #48
   4:	d343fd09 	lsr	x9, x8, #3
   8:	1200090a 	and	w10, w8, #0x7
   c:	11000d4a 	add	w10, w10, #0x3
* 10:	38f76929 	ldrsb	w9, [x9, x23] <-- trapping instruction

Crashes (56):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/27 04:17 linux-6.1.y e5cd595e23c1 454571b6 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/04/03 00:08 linux-6.1.y e5cd595e23c1 eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/04/02 14:44 linux-6.1.y e5cd595e23c1 eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/04/02 13:16 linux-6.1.y e5cd595e23c1 eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/04/02 04:27 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/04/02 03:09 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/04/01 22:23 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/04/01 11:19 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/31 14:36 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/31 12:47 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/30 20:30 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/30 16:37 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/30 16:12 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/29 20:33 linux-6.1.y e5cd595e23c1 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/29 10:57 linux-6.1.y e5cd595e23c1 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/29 07:55 linux-6.1.y e5cd595e23c1 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/29 07:38 linux-6.1.y e5cd595e23c1 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/28 21:18 linux-6.1.y e5cd595e23c1 e91187ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/28 20:21 linux-6.1.y e5cd595e23c1 e91187ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/28 17:09 linux-6.1.y e5cd595e23c1 e91187ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/28 16:52 linux-6.1.y e5cd595e23c1 e91187ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/28 01:49 linux-6.1.y e5cd595e23c1 120789fd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/28 01:47 linux-6.1.y e5cd595e23c1 120789fd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/28 01:38 linux-6.1.y e5cd595e23c1 120789fd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/27 03:57 linux-6.1.y e5cd595e23c1 454571b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/03/27 02:04 linux-6.1.y e5cd595e23c1 454571b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in btintel_read_version
2024/04/03 00:08 linux-6.1.y e5cd595e23c1 eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/04/02 07:00 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/04/01 10:15 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/31 14:27 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/31 03:10 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/30 16:35 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/30 16:17 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/30 02:03 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/29 20:38 linux-6.1.y e5cd595e23c1 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/29 12:26 linux-6.1.y e5cd595e23c1 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/29 10:55 linux-6.1.y e5cd595e23c1 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/29 10:50 linux-6.1.y e5cd595e23c1 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/29 07:39 linux-6.1.y e5cd595e23c1 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/28 21:08 linux-6.1.y e5cd595e23c1 e91187ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/28 20:25 linux-6.1.y e5cd595e23c1 e91187ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/28 17:09 linux-6.1.y e5cd595e23c1 e91187ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/28 17:02 linux-6.1.y e5cd595e23c1 e91187ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/28 16:41 linux-6.1.y e5cd595e23c1 e91187ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/28 15:18 linux-6.1.y e5cd595e23c1 e91187ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/28 14:34 linux-6.1.y e5cd595e23c1 e91187ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/28 01:50 linux-6.1.y e5cd595e23c1 120789fd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/28 01:48 linux-6.1.y e5cd595e23c1 120789fd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/28 01:48 linux-6.1.y e5cd595e23c1 120789fd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/28 01:43 linux-6.1.y e5cd595e23c1 120789fd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
2024/03/27 06:17 linux-6.1.y e5cd595e23c1 454571b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in btintel_read_version
* Struck through repros no longer work on HEAD.