syzbot


INFO: trying to register non-static key in hci_uart_flush (2)
Status: upstream: reported syz repro on 2019/09/03 19:04
Reported-by: syzbot+576dfca25381fb6fbc5f@syzkaller.appspotmail.com
First crash: 996d, last: 15d

Cause bisection: failed (bisect log)

Fix bisection: failed (bisect log)
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 INFO: trying to register non-static key in hci_uart_flush syz done 4 739d 983d 1/1 fixed on 2020/06/16 10:47
upstream INFO: trying to register non-static key in hci_uart_flush 1 1199d 1199d 0/22 auto-closed as invalid on 2019/08/10 04:39

Sample crash report:
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 PID: 18762 Comm: syz-executor.5 Not tainted 5.15.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 assign_lock_key kernel/locking/lockdep.c:939 [inline]
 register_lock_class+0xf79/0x10c0 kernel/locking/lockdep.c:1251
 __lock_acquire+0x105/0x54a0 kernel/locking/lockdep.c:4894
 lock_acquire kernel/locking/lockdep.c:5625 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590
 percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
 hci_uart_flush+0x11b/0x550 drivers/bluetooth/hci_ldisc.c:240
 hci_uart_close+0x1d/0x70 drivers/bluetooth/hci_ldisc.c:266
 hci_uart_tty_close+0xb1/0x2a0 drivers/bluetooth/hci_ldisc.c:533
 tty_ldisc_close+0x110/0x190 drivers/tty/tty_ldisc.c:474
 tty_ldisc_kill+0x94/0x150 drivers/tty/tty_ldisc.c:629
 tty_ldisc_release+0xe3/0x2a0 drivers/tty/tty_ldisc.c:803
 tty_release_struct+0x20/0xe0 drivers/tty/tty_io.c:1706
 tty_release+0xc70/0x1200 drivers/tty/tty_io.c:1878
 __fput+0x288/0x9f0 fs/file_table.c:280
 task_work_run+0xdd/0x1a0 kernel/task_work.c:164
 get_signal+0x1b35/0x2160 kernel/signal.c:2641
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7feac4112739
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007feac3868188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: 0000000000000000 RBX: 00007feac4217038 RCX: 00007feac4112739
RDX: 0000000000000002 RSI: 00000000400455c8 RDI: 0000000000000003
RBP: 00007feac416ccc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007feac4217038
R13: 00007feac474ab1f R14: 00007feac3868300 R15: 0000000000022000
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 1 PID: 18762 Comm: syz-executor.5 Not tainted 5.15.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__wake_up_common+0xdf/0x650 kernel/sched/wait.c:101
Code: 05 00 00 4c 8b 43 40 49 83 e8 18 49 8d 78 18 48 3b 3c 24 0f 84 6a 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 40 05 00 00 49 8b 40 18 89 54 24 10 31 db 48 bd
RSP: 0018:ffffc900041f7910 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff88801cfd0cc8 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 1ffffffff1adcf41 RDI: 0000000000000000
RBP: ffff88801cfd0d18 R08: ffffffffffffffe8 R09: 0000000000000000
R10: fffff5200083ef1c R11: 0000000000000000 R12: ffff88801cfd0cc0
R13: 0000000000000297 R14: 0000000000000000 R15: 0000000000000000
FS:  00007feac3868700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f47c8beb0c0 CR3: 000000005c023000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rcu_sync_func+0x119/0x180 kernel/rcu/sync.c:87
 rcu_sync_enter+0x150/0x2e0 kernel/rcu/sync.c:150
 percpu_down_write+0x57/0x3e0 kernel/locking/percpu-rwsem.c:220
 hci_uart_tty_close+0x162/0x2a0 drivers/bluetooth/hci_ldisc.c:536
 tty_ldisc_close+0x110/0x190 drivers/tty/tty_ldisc.c:474
 tty_ldisc_kill+0x94/0x150 drivers/tty/tty_ldisc.c:629
 tty_ldisc_release+0xe3/0x2a0 drivers/tty/tty_ldisc.c:803
 tty_release_struct+0x20/0xe0 drivers/tty/tty_io.c:1706
 tty_release+0xc70/0x1200 drivers/tty/tty_io.c:1878
 __fput+0x288/0x9f0 fs/file_table.c:280
 task_work_run+0xdd/0x1a0 kernel/task_work.c:164
 get_signal+0x1b35/0x2160 kernel/signal.c:2641
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7feac4112739
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007feac3868188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: 0000000000000000 RBX: 00007feac4217038 RCX: 00007feac4112739
RDX: 0000000000000002 RSI: 00000000400455c8 RDI: 0000000000000003
RBP: 00007feac416ccc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007feac4217038
R13: 00007feac474ab1f R14: 00007feac3868300 R15: 0000000000022000
Modules linked in:
---[ end trace 320eb7d76c19c9b1 ]---
RIP: 0010:__wake_up_common+0xdf/0x650 kernel/sched/wait.c:101
Code: 05 00 00 4c 8b 43 40 49 83 e8 18 49 8d 78 18 48 3b 3c 24 0f 84 6a 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 40 05 00 00 49 8b 40 18 89 54 24 10 31 db 48 bd
RSP: 0018:ffffc900041f7910 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff88801cfd0cc8 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 1ffffffff1adcf41 RDI: 0000000000000000
RBP: ffff88801cfd0d18 R08: ffffffffffffffe8 R09: 0000000000000000
R10: fffff5200083ef1c R11: 0000000000000000 R12: ffff88801cfd0cc0
R13: 0000000000000297 R14: 0000000000000000 R15: 0000000000000000
FS:  00007feac3868700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f47c8beb0c0 CR3: 000000005c023000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	05 00 00 4c 8b       	add    $0x8b4c0000,%eax
   5:	43                   	rex.XB
   6:	40                   	rex
   7:	49 83 e8 18          	sub    $0x18,%r8
   b:	49 8d 78 18          	lea    0x18(%r8),%rdi
   f:	48 3b 3c 24          	cmp    (%rsp),%rdi
  13:	0f 84 6a 02 00 00    	je     0x283
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 f9             	mov    %rdi,%rcx
  26:	48 c1 e9 03          	shr    $0x3,%rcx
* 2a:	80 3c 01 00          	cmpb   $0x0,(%rcx,%rax,1) <-- trapping instruction
  2e:	0f 85 40 05 00 00    	jne    0x574
  34:	49 8b 40 18          	mov    0x18(%r8),%rax
  38:	89 54 24 10          	mov    %edx,0x10(%rsp)
  3c:	31 db                	xor    %ebx,%ebx
  3e:	48                   	rex.W
  3f:	bd                   	.byte 0xbd

Crashes (33):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce 2021/09/19 10:53 upstream 93ff9f13be91 70b76c1d .config log report syz INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-selinux-root 2019/11/18 01:32 upstream cbb104f91dfe d5696d51 .config log report syz
ci-upstream-kasan-gce-root 2019/11/13 21:29 upstream 0e3f1ad80fc8 048f2d49 .config log report syz
ci-upstream-kasan-gce 2019/11/13 11:42 upstream 0e3f1ad80fc8 048f2d49 .config log report syz
ci-upstream-kasan-gce-root 2019/11/13 08:26 upstream eb094f06963b 048f2d49 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/09/24 23:22 upstream 4c07e2ddab5b 0942eab8 .config log report syz
ci-upstream-kasan-gce-root 2019/09/24 12:08 upstream e94f8ccde471 c68252d2 .config log report syz
ci-upstream-kasan-gce-386 2019/11/13 08:54 upstream eb094f06963b 048f2d49 .config log report syz
ci-upstream-linux-next-kasan-gce-root 2020/03/16 22:25 linux-next 770fbb32d34e 749688d2 .config log report syz
ci-upstream-kasan-gce-smack-root 2022/05/10 04:23 upstream 9be9ed2612b5 8b277b8e .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-root 2021/12/03 10:18 upstream 5f58da2befa5 61f86278 .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-root 2021/12/02 21:40 upstream a51e3ac43ddb 61f86278 .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-smack-root 2021/11/29 04:34 upstream d06c942efea4 63eeac02 .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-selinux-root 2021/11/23 23:11 upstream 5d9f4cf36721 545ab074 .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-root 2021/11/04 04:52 upstream ce840177930f 4c1be0be .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-smack-root 2021/10/19 23:09 upstream d9abdee5fd5a 466b7db1 .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-selinux-root 2021/10/17 10:39 upstream d999ade1cc86 0c5d9412 .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-root 2021/10/16 02:58 upstream 8fe31e0995f0 0c5d9412 .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-smack-root 2021/09/25 13:13 upstream 7d42e9818258 8cac236e .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-selinux-root 2021/08/24 21:02 upstream 6e764bcd1cf7 b599f2fc .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-smack-root 2021/08/18 12:52 upstream 614cb2751d31 a2fe1cb5 .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce 2021/06/24 09:08 upstream 7426cedc7dad ec865f6a .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce 2021/05/13 20:29 upstream c06a2ba62fc4 80f9b418 .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-386 2021/10/04 11:30 upstream 9e1ff307c779 ce697b49 .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-386 2021/08/30 04:39 upstream 90ac80dcd313 be2c130d .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-386 2021/08/30 04:35 upstream 90ac80dcd313 be2c130d .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-386 2021/05/03 20:02 upstream d2b6f8a17919 ad61f371 .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-linux-next-kasan-gce-root 2022/02/15 05:39 linux-next ef6b35306dd8 8b9ca619 .config log report info INFO: trying to register non-static key in hci_uart_flush
ci-upstream-kasan-gce-root 2020/06/24 14:04 upstream 7ae77150d94d 54566aff .config log report
ci-upstream-kasan-gce 2020/02/29 01:22 upstream f8788d86ab28 59b57593 .config log report
ci-upstream-kasan-gce-root 2019/12/25 04:21 upstream 46cf053efec6 be5c2c81 .config log report
ci-upstream-kasan-gce-root 2019/11/13 06:23 upstream eb094f06963b 048f2d49 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/09/02 03:28 linux-next 6d028043b55e bad3cce2 .config log report