syzbot

 sign-in | mailing list | source | docs
🐞 Open [712]
🐞 Fixed [297]
🐞 Invalid [838]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: trying to register non-static key in l2cap_sock_teardown_cb

Status: auto-closed as invalid on 2022/05/18 04:11
Reported-by: syzbot+34e50fe1cd107030371e@syzkaller.appspotmail.com
First crash: 1415d, last: 1073d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 INFO: trying to register non-static key in l2cap_sock_teardown_cb 9 1320d 1470d 0/1 auto-closed as invalid on 2021/09/13 12:54
upstream INFO: trying to register non-static key in l2cap_sock_teardown_cb bluetooth C done done 88 1152d 1455d 20/28 fixed on 2022/03/08 16:11

Sample crash report:
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 PID: 8124 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 assign_lock_key kernel/locking/lockdep.c:728 [inline]
 register_lock_class+0xe82/0x11c0 kernel/locking/lockdep.c:754
 __lock_acquire+0x17d/0x3ff0 kernel/locking/lockdep.c:3304
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
 _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168
 spin_lock_bh include/linux/spinlock.h:334 [inline]
 lock_sock_nested+0x3b/0x110 net/core/sock.c:2884
 l2cap_sock_teardown_cb+0xa0/0x6d0 net/bluetooth/l2cap_sock.c:1348
 l2cap_chan_del+0xbc/0xa50 net/bluetooth/l2cap_core.c:603
 l2cap_conn_del+0x3a6/0x6e0 net/bluetooth/l2cap_core.c:1733
 l2cap_disconn_cfm net/bluetooth/l2cap_core.c:7445 [inline]
 l2cap_disconn_cfm+0x98/0xd0 net/bluetooth/l2cap_core.c:7438
 hci_disconn_cfm include/net/bluetooth/hci_core.h:1263 [inline]
 hci_conn_hash_flush+0x127/0x260 net/bluetooth/hci_conn.c:1512
 hci_dev_do_close+0x6bc/0x1020 net/bluetooth/hci_core.c:1687
 hci_unregister_dev+0x14f/0x460 net/bluetooth/hci_core.c:3288
 vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354
 __fput+0x2ce/0x890 fs/file_table.c:278
 task_work_run+0x148/0x1c0 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0xbf3/0x2be0 kernel/exit.c:870
 do_group_exit+0x125/0x310 kernel/exit.c:967
 __do_sys_exit_group kernel/exit.c:978 [inline]
 __se_sys_exit_group kernel/exit.c:976 [inline]
 __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:976
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f53b900bfe9
Code: Bad RIP value.
RSP: 002b:00007ffc28c9f468 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000064 RCX: 00007f53b900bfe9
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 00007f53b906525c R08: 000000000000000c R09: 0000555556a8e3bc
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016
R13: 00007ffc28ca0740 R14: 0000555556a8e3bc R15: 00007ffc28ca1840
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8124 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__write_once_size include/linux/compiler.h:290 [inline]
RIP: 0010:__pv_queued_spin_lock_slowpath+0x539/0xae0 kernel/locking/qspinlock.c:437
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 dd 04 00 00 4a 03 1c e5 00 af cf 89 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 ad 04 00 00 4c 8d 6b 44 48 89 6c 24 08 48 8b 2c
RSP: 0018:ffff8880958c7948 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 00070490fca874f0 RCX: ffffffff814b98df
RDX: 0000e0921f950e9e RSI: 0000000000000002 RDI: ffffffff89d1aef0
RBP: ffff8880b0d336c8 R08: 0000000000000001 R09: ffffed10161a66d9
R10: ffff8880b0d336cb R11: ffffffff8c66505b R12: 0000000000003ffe
R13: 0000000000000001 R14: 0000000000080000 R15: ffff8880ba12be00
FS:  0000555556a8e400(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f53b900bfbf CR3: 00000000a04e7000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:679 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:53 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:88 [inline]
 do_raw_spin_lock+0x189/0x220 kernel/locking/spinlock_debug.c:113
 spin_lock_bh include/linux/spinlock.h:334 [inline]
 lock_sock_nested+0x3b/0x110 net/core/sock.c:2884
 l2cap_sock_teardown_cb+0xa0/0x6d0 net/bluetooth/l2cap_sock.c:1348
 l2cap_chan_del+0xbc/0xa50 net/bluetooth/l2cap_core.c:603
 l2cap_conn_del+0x3a6/0x6e0 net/bluetooth/l2cap_core.c:1733
 l2cap_disconn_cfm net/bluetooth/l2cap_core.c:7445 [inline]
 l2cap_disconn_cfm+0x98/0xd0 net/bluetooth/l2cap_core.c:7438
 hci_disconn_cfm include/net/bluetooth/hci_core.h:1263 [inline]
 hci_conn_hash_flush+0x127/0x260 net/bluetooth/hci_conn.c:1512
 hci_dev_do_close+0x6bc/0x1020 net/bluetooth/hci_core.c:1687
 hci_unregister_dev+0x14f/0x460 net/bluetooth/hci_core.c:3288
 vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354
 __fput+0x2ce/0x890 fs/file_table.c:278
 task_work_run+0x148/0x1c0 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0xbf3/0x2be0 kernel/exit.c:870
 do_group_exit+0x125/0x310 kernel/exit.c:967
 __do_sys_exit_group kernel/exit.c:978 [inline]
 __se_sys_exit_group kernel/exit.c:976 [inline]
 __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:976
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f53b900bfe9
Code: Bad RIP value.
RSP: 002b:00007ffc28c9f468 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000064 RCX: 00007f53b900bfe9
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 00007f53b906525c R08: 000000000000000c R09: 0000555556a8e3bc
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016
R13: 00007ffc28ca0740 R14: 0000555556a8e3bc R15: 00007ffc28ca1840
Modules linked in:
---[ end trace 5c57e1d741940c8e ]---
RIP: 0010:__write_once_size include/linux/compiler.h:290 [inline]
RIP: 0010:__pv_queued_spin_lock_slowpath+0x539/0xae0 kernel/locking/qspinlock.c:437
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 dd 04 00 00 4a 03 1c e5 00 af cf 89 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 ad 04 00 00 4c 8d 6b 44 48 89 6c 24 08 48 8b 2c
RSP: 0018:ffff8880958c7948 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 00070490fca874f0 RCX: ffffffff814b98df
RDX: 0000e0921f950e9e RSI: 0000000000000002 RDI: ffffffff89d1aef0
RBP: ffff8880b0d336c8 R08: 0000000000000001 R09: ffffed10161a66d9
R10: ffff8880b0d336cb R11: ffffffff8c66505b R12: 0000000000003ffe
R13: 0000000000000001 R14: 0000000000080000 R15: ffff8880ba12be00
FS:  0000555556a8e400(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f53b900bfbf CR3: 00000000a04e7000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	48 89 fa             	mov    %rdi,%rdx
   3:	48 c1 ea 03          	shr    $0x3,%rdx
   7:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   b:	0f 85 dd 04 00 00    	jne    0x4ee
  11:	4a 03 1c e5 00 af cf 	add    -0x76305100(,%r12,8),%rbx
  18:	89
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 da             	mov    %rbx,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 ad 04 00 00    	jne    0x4e1
  34:	4c 8d 6b 44          	lea    0x44(%rbx),%r13
  38:	48 89 6c 24 08       	mov    %rbp,0x8(%rsp)
  3d:	48                   	rex.W
  3e:	8b                   	.byte 0x8b
  3f:	2c                   	.byte 0x2c

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/01/18 04:10 linux-4.19.y 3f8a27f9e27b 731a2d23 .config console log report info ci2-linux-4-19 INFO: trying to register non-static key in l2cap_sock_teardown_cb
2021/10/10 04:48 linux-4.19.y e34184f53363 838e7e2c .config console log report info ci2-linux-4-19 INFO: trying to register non-static key in l2cap_sock_teardown_cb
2021/08/15 07:05 linux-4.19.y addba38e7c3b 2489ab88 .config console log report info ci2-linux-4-19 INFO: trying to register non-static key in l2cap_sock_teardown_cb
2021/08/05 18:19 linux-4.19.y 6ca2f514c578 d2d6e680 .config console log report info ci2-linux-4-19 INFO: trying to register non-static key in l2cap_sock_teardown_cb
2021/04/26 10:59 linux-4.19.y 2965db2e004c e60b7df1 .config console log report info ci2-linux-4-19 INFO: trying to register non-static key in l2cap_sock_teardown_cb
2021/04/22 13:09 linux-4.19.y 2965db2e004c 33c28d03 .config console log report info ci2-linux-4-19 INFO: trying to register non-static key in l2cap_sock_teardown_cb
2021/04/21 23:55 linux-4.19.y 2965db2e004c 2bc8999a .config console log report info ci2-linux-4-19 INFO: trying to register non-static key in l2cap_sock_teardown_cb
2021/03/24 11:52 linux-4.19.y 78fec1611cbf e613994b .config console log report info ci2-linux-4-19 INFO: trying to register non-static key in l2cap_sock_teardown_cb
2021/02/17 09:32 linux-4.19.y 811218eceeaa 052f8d9f .config console log report info ci2-linux-4-19 INFO: trying to register non-static key in l2cap_sock_teardown_cb
2021/02/10 19:25 linux-4.19.y 811218eceeaa 9c8b8541 .config console log report info ci2-linux-4-19 INFO: trying to register non-static key in l2cap_sock_teardown_cb
* Struck through repros no longer work on HEAD.