syzbot


KASAN: null-ptr-deref Write in __pm_runtime_resume
Status: fixed on 2022/03/08 16:11
Reported-by: syzbot+7d41312fe3f123a6f605@syzkaller.appspotmail.com
Fix commit: 2fc7acb69fa3 Bluetooth: hci_uart: fix GPF in h5_recv
First crash: 287d, last: 91d

Cause bisection: introduced by (bisect log) :
commit 66f077dde74943e9dd84a9205b4951b19556c9ea
Author: Archie Pusaka <apusaka@chromium.org>
Date: Fri Jul 23 11:31:55 2021 +0000

  Bluetooth: hci_h5: add WAKEUP_DISABLE flag

Crash: BUG: sleeping function called from invalid context in lock_sock_nested (log)
Repro: C syz .config
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in __pm_runtime_resume (2) C error 7 63d 72d 21/22 upstream: reported C repro on 2022/03/13 05:35
upstream general protection fault in __pm_runtime_resume C 197 972d 1035d 14/22 fixed on 2019/10/15 23:40
Patch testing requests:
Created Duration User Patch Repo Result
2021/09/02 19:19 17m paskripkin@gmail.com patch upstream OK

Sample crash report:
Bluetooth: : Invalid header checksum
Bluetooth: : Invalid header checksum
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
BUG: KASAN: null-ptr-deref in atomic_inc include/linux/atomic/atomic-instrumented.h:181 [inline]
BUG: KASAN: null-ptr-deref in __pm_runtime_resume+0x154/0x180 drivers/base/power/runtime.c:1105
Write of size 4 at addr 0000000000000388 by task kworker/u4:0/8

CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.15.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound flush_to_ldisc
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 __kasan_report mm/kasan/report.c:446 [inline]
 kasan_report.cold+0x66/0xdf mm/kasan/report.c:459
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189
 instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
 atomic_inc include/linux/atomic/atomic-instrumented.h:181 [inline]
 __pm_runtime_resume+0x154/0x180 drivers/base/power/runtime.c:1105
 pm_runtime_get include/linux/pm_runtime.h:374 [inline]
 h5_recv+0x2c4/0x680 drivers/bluetooth/hci_h5.c:590
 hci_uart_tty_receive+0x24d/0x710 drivers/bluetooth/hci_ldisc.c:613
 tty_ldisc_receive_buf+0x14d/0x190 drivers/tty/tty_buffer.c:475
 tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:39
 receive_buf drivers/tty/tty_buffer.c:491 [inline]
 flush_to_ldisc+0x20d/0x380 drivers/tty/tty_buffer.c:543
 process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2444
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
==================================================================

Crashes (108):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce 2021/09/30 03:19 upstream 02d5e016800d be530f6c .config log report syz C KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-smack-root 2021/09/01 23:38 upstream 835d31d319d9 7eb7e152 .config log report syz C KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-root 2021/09/01 22:56 upstream 835d31d319d9 7eb7e152 .config log report syz C KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-root 2021/11/02 14:34 upstream d2fac0afe89f 098b5d53 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-smack-root 2021/11/01 17:39 upstream 8bb7eca972ad 098b5d53 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-qemu-upstream 2021/11/01 11:47 upstream 8bb7eca972ad 098b5d53 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/11/01 06:19 upstream 8bb7eca972ad 098b5d53 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-root 2021/10/31 19:40 upstream 180eca540ae0 098b5d53 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/31 13:14 upstream 180eca540ae0 098b5d53 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-smack-root 2021/10/31 12:10 upstream 180eca540ae0 098b5d53 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/30 17:22 upstream f25a5481af12 098b5d53 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-smack-root 2021/10/29 16:21 upstream 411a44c24a56 2353a3ec .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-root 2021/10/28 18:36 upstream 1fc596a56b33 be531bb4 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/27 08:46 upstream d25f27432f80 d50eb50a .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/27 02:08 upstream 3906fe9bb7f1 d50eb50a .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/25 15:45 upstream 87066fdd2e30 4f0000ee .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-selinux-root 2021/10/24 18:58 upstream 6c62666d8879 282f03fb .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-qemu-upstream 2021/10/24 13:11 upstream 9c0c4d24ac00 282f03fb .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-smack-root 2021/10/24 10:46 upstream 9c0c4d24ac00 282f03fb .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-smack-root 2021/10/24 06:22 upstream 9c0c4d24ac00 282f03fb .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-root 2021/10/23 23:47 upstream 9c0c4d24ac00 282f03fb .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/21 10:27 upstream 8e37395c3a5d f111d03b .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/21 05:33 upstream 8e37395c3a5d f111d03b .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/20 17:53 upstream 8e37395c3a5d 418a00eb .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/20 05:14 upstream d9abdee5fd5a 466b7db1 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-root 2021/10/19 16:02 upstream 519d81956ee2 24dc29db .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-selinux-root 2021/10/18 10:39 upstream cf52ad5ff16c 0c5d9412 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-root 2021/10/18 07:00 upstream d999ade1cc86 0c5d9412 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-root 2021/10/17 10:39 upstream d999ade1cc86 0c5d9412 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/17 03:44 upstream 304040fb4909 0c5d9412 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-root 2021/10/16 23:07 upstream 304040fb4909 0c5d9412 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-root 2021/10/16 00:21 upstream ec681c53f8d2 0c5d9412 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/15 19:10 upstream ec681c53f8d2 0c5d9412 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-smack-root 2021/10/15 05:22 upstream 26d657410983 7aa5fe41 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/12 02:34 upstream 64570fbc14f8 838e7e2c .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-root 2021/10/11 22:53 upstream 64570fbc14f8 838e7e2c .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-selinux-root 2021/10/10 03:53 upstream 7fd2bf83d59a 838e7e2c .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-root 2021/10/10 01:55 upstream 717478d89fe2 838e7e2c .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/09 08:56 upstream 741668ef7832 efe0f24d .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/08 18:02 upstream 1da38549dd64 efe0f24d .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/07 12:11 upstream 5af4055fa813 62ee0987 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/07 04:02 upstream 5af4055fa813 62ee0987 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/06 14:04 upstream 60a9483534ed 0a63fd36 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-selinux-root 2021/10/05 16:10 upstream f6274b06e326 0a63fd36 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/05 11:01 upstream 84b3e42564ac ce697b49 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/04 04:18 upstream 6761a0ae9895 db0f5787 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-selinux-root 2021/10/03 15:28 upstream 7b66f4393ad4 db0f5787 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/02 18:51 upstream ab2a7a35c4e7 db0f5787 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce 2021/10/02 14:41 upstream 53d5fc89d66a db0f5787 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-386 2021/11/01 21:32 upstream 8bb7eca972ad 098b5d53 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-386 2021/10/18 13:58 upstream cf52ad5ff16c 0c5d9412 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-386 2021/10/09 10:41 upstream 5d6ab0bb408f efe0f24d .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-linux-next-kasan-gce-root 2021/09/06 09:57 linux-next c1b13fe76e95 d236a457 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-linux-next-kasan-gce-root 2021/08/28 04:43 linux-next 5e63226c7228 d5a29e53 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-linux-next-kasan-gce-root 2021/08/10 17:07 linux-next 92d00774360d 6972b106 .config log report info KASAN: null-ptr-deref Write in __pm_runtime_resume
ci-upstream-kasan-gce-smack-root 2022/02/21 16:31 upstream cfb92440ee71 3cd800e4 .config log report info general protection fault in __pm_runtime_resume
ci-upstream-kasan-gce-smack-root 2022/01/17 18:37 upstream 0c947b893d69 731a2d23 .config log report info general protection fault in __pm_runtime_resume
ci-upstream-kasan-gce-root 2022/01/02 15:24 upstream 278218f6778b e1768e9c .config log report info general protection fault in __pm_runtime_resume
ci-upstream-linux-next-kasan-gce-root 2022/02/22 10:40 linux-next ef6b35306dd8 6e821dbf .config log report info general protection fault in __pm_runtime_resume
ci-upstream-linux-next-kasan-gce-root 2021/12/13 23:59 linux-next ea922272cbe5 49ca1f59 .config log report info general protection fault in __pm_runtime_resume