general protection fault in skb_put
18 views
Skip to first unread message
syzbot
Apr 21, 2019, 9:02:05 PM4/21/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 68d7a45e Linux 4.14.113
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17d2b87f200000
kernel config: https://syzkaller.appspot.com/x/.config?x=dbf1fde4d7489e1c
dashboard link: https://syzkaller.appspot.com/bug?extid=7007264d1b0ca8fa4698
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+700726...@syzkaller.appspotmail.com
RDX: 0000000020000100 RSI: 0000000000005412 RDI: 0000000000000003
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce5d4506d4
kobject: 'loop2' (ffff8880a497f7e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
R13: 00000000004c3082 R14: 00000000004d6428 R15: 0000000000000004
general protection fault: 0000 [#1] PREEMPT SMP KASAN
kobject: 'kvm' (ffff888219fd2590): kobject_uevent_env
Modules linked in:
CPU: 0 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.113 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: events_unbound flush_to_ldisc
task: ffff8880a9e425c0 task.stack: ffff8880a9e48000
RIP: 0010:skb_put+0x31/0x1c0 net/core/skbuff.c:1694
RSP: 0018:ffff8880a9e4fb48 EFLAGS: 00010202
kobject: 'kvm' (ffff888219fd2590): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
RAX: dffffc0000000000 RBX: ffff8880965b0540 RCX: 0000000000000000
RDX: 0000000000000019 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffff8880a9e4fb70 R08: 0000000000000025 R09: ffff8880a9e42f00
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000004 R14: ffff888096e4bb22 R15: 00000000000000c8
FS: 0000000000000000(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000073c000 CR3: 00000000844af000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
skb_put_data include/linux/skbuff.h:2077 [inline]
ll_recv+0x507/0x1010 drivers/bluetooth/hci_ll.c:416
hci_uart_tty_receive+0x1fa/0x4d0 drivers/bluetooth/hci_ldisc.c:603
tty_ldisc_receive_buf+0x151/0x1a0 drivers/tty/tty_buffer.c:459
tty_port_default_receive_buf+0x73/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:475 [inline]
flush_to_ldisc+0x1f2/0x400 drivers/tty/tty_buffer.c:527
process_one_work+0x868/0x1610 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x31c/0x430 kernel/kthread.c:232
kobject: 'loop5' (ffff8880a4a7e1a0): kobject_uevent_env
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Code: 41
kobject: 'loop5' (ffff8880a4a7e1a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
56 41 55 41 89 f5 41 54 49 89 fc 4d
Bluetooth: Can't allocate mem for new packet
8d bc 24 c8 00 00 00 53 e8 60 1a
kobject: 'loop2' (ffff8880a497f7e0): kobject_uevent_env
8e
kobject: 'loop2' (ffff8880a497f7e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
fc 4c 89 fa 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89
f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RIP: skb_put+0x31/0x1c0 net/core/skbuff.c:1694 RSP: ffff8880a9e4fb48
---[ end trace c2600112b4279336 ]---
kobject: 'loop3' (ffff8880a49ed1e0): kobject_uevent_env
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 68d7a45e Linux 4.14.113
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17d2b87f200000
kernel config: https://syzkaller.appspot.com/x/.config?x=dbf1fde4d7489e1c
dashboard link: https://syzkaller.appspot.com/bug?extid=7007264d1b0ca8fa4698
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+700726...@syzkaller.appspotmail.com
RDX: 0000000020000100 RSI: 0000000000005412 RDI: 0000000000000003
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce5d4506d4
kobject: 'loop2' (ffff8880a497f7e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
R13: 00000000004c3082 R14: 00000000004d6428 R15: 0000000000000004
general protection fault: 0000 [#1] PREEMPT SMP KASAN
kobject: 'kvm' (ffff888219fd2590): kobject_uevent_env
Modules linked in:
CPU: 0 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.113 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: events_unbound flush_to_ldisc
task: ffff8880a9e425c0 task.stack: ffff8880a9e48000
RIP: 0010:skb_put+0x31/0x1c0 net/core/skbuff.c:1694
RSP: 0018:ffff8880a9e4fb48 EFLAGS: 00010202
kobject: 'kvm' (ffff888219fd2590): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
RAX: dffffc0000000000 RBX: ffff8880965b0540 RCX: 0000000000000000
RDX: 0000000000000019 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffff8880a9e4fb70 R08: 0000000000000025 R09: ffff8880a9e42f00
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000004 R14: ffff888096e4bb22 R15: 00000000000000c8
FS: 0000000000000000(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000073c000 CR3: 00000000844af000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
skb_put_data include/linux/skbuff.h:2077 [inline]
ll_recv+0x507/0x1010 drivers/bluetooth/hci_ll.c:416
hci_uart_tty_receive+0x1fa/0x4d0 drivers/bluetooth/hci_ldisc.c:603
tty_ldisc_receive_buf+0x151/0x1a0 drivers/tty/tty_buffer.c:459
tty_port_default_receive_buf+0x73/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:475 [inline]
flush_to_ldisc+0x1f2/0x400 drivers/tty/tty_buffer.c:527
process_one_work+0x868/0x1610 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x31c/0x430 kernel/kthread.c:232
kobject: 'loop5' (ffff8880a4a7e1a0): kobject_uevent_env
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Code: 41
kobject: 'loop5' (ffff8880a4a7e1a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
56 41 55 41 89 f5 41 54 49 89 fc 4d
Bluetooth: Can't allocate mem for new packet
8d bc 24 c8 00 00 00 53 e8 60 1a
kobject: 'loop2' (ffff8880a497f7e0): kobject_uevent_env
8e
kobject: 'loop2' (ffff8880a497f7e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
fc 4c 89 fa 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89
f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RIP: skb_put+0x31/0x1c0 net/core/skbuff.c:1694 RSP: ffff8880a9e4fb48
---[ end trace c2600112b4279336 ]---
kobject: 'loop3' (ffff8880a49ed1e0): kobject_uevent_env
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 21, 2019, 9:46:06 PM4/21/19
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 68d7a45e Linux 4.14.113
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1547f51d200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f2cd7b200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+700726...@syzkaller.appspotmail.com
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc_node mm/slab.c:3297 [inline]
kmem_cache_alloc_node+0x56/0x780 mm/slab.c:3640
__alloc_skb+0x9c/0x500 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:980 [inline]
bt_skb_alloc include/net/bluetooth/bluetooth.h:336 [inline]
ll_recv+0x3d5/0x1010 drivers/bluetooth/hci_ll.c:516
kasan: GPF could be caused by NULL-ptr deref or user memory access
hci_uart_tty_receive+0x1fa/0x4d0 drivers/bluetooth/hci_ldisc.c:603
tiocsti drivers/tty/tty_io.c:2186 [inline]
tty_ioctl+0xe0e/0x1340 drivers/tty/tty_io.c:2572
CPU: 1 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.113 #3
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x7b9/0x1070 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
R10: 0000000000000006 R11: ffff8880a9e425c0 R12: 0000000000000000
R13: 0000000000000004 R14: ffff8880867c4960 R15: 00000000000000c8
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
FS: 0000000000000000(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CR2: 00007f31b5984000 CR3: 0000000093e7a000 CR4: 00000000001406e0
RIP: 0033:0x440509
hci_uart_tty_receive+0x1fa/0x4d0 drivers/bluetooth/hci_ldisc.c:603
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401df0
tty_ldisc_receive_buf+0x151/0x1a0 drivers/tty/tty_buffer.c:459
R13: 0000000000401e80 R14: 0000000000000000 R15: 0000000000000000
tty_port_default_receive_buf+0x73/0xa0 drivers/tty/tty_port.c:37
Code: 41 56 41 55 41 89 f5 41 54 49 89 fc 4d 8d bc 24 c8 00 00 00 53 e8 60
1a 8e fc 4c 89 fa 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02
HEAD commit: 68d7a45e Linux 4.14.113
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=dbf1fde4d7489e1c
dashboard link: https://syzkaller.appspot.com/bug?extid=7007264d1b0ca8fa4698
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12d6757b200000
dashboard link: https://syzkaller.appspot.com/bug?extid=7007264d1b0ca8fa4698
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f2cd7b200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+700726...@syzkaller.appspotmail.com
slab_alloc_node mm/slab.c:3297 [inline]
kmem_cache_alloc_node+0x56/0x780 mm/slab.c:3640
__alloc_skb+0x9c/0x500 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:980 [inline]
bt_skb_alloc include/net/bluetooth/bluetooth.h:336 [inline]
ll_recv+0x3d5/0x1010 drivers/bluetooth/hci_ll.c:516
kasan: GPF could be caused by NULL-ptr deref or user memory access
hci_uart_tty_receive+0x1fa/0x4d0 drivers/bluetooth/hci_ldisc.c:603
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
tiocsti drivers/tty/tty_io.c:2186 [inline]
tty_ioctl+0xe0e/0x1340 drivers/tty/tty_io.c:2572
CPU: 1 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.113 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: events_unbound flush_to_ldisc
task: ffff8880a9e425c0 task.stack: ffff8880a9e48000
vfs_ioctl fs/ioctl.c:46 [inline]
Google 01/01/2011
Workqueue: events_unbound flush_to_ldisc
task: ffff8880a9e425c0 task.stack: ffff8880a9e48000
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x7b9/0x1070 fs/ioctl.c:684
RIP: 0010:skb_put+0x31/0x1c0 net/core/skbuff.c:1694
RSP: 0018:ffff8880a9e4fb48 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880a63571c0 RCX: ffff888096b4c540
RSP: 0018:ffff8880a9e4fb48 EFLAGS: 00010202
RDX: 0000000000000019 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffff8880a9e4fb70 R08: 0000000000000001 R09: ffff8880a9e4f948
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
R10: 0000000000000006 R11: ffff8880a9e425c0 R12: 0000000000000000
R13: 0000000000000004 R14: ffff8880867c4960 R15: 00000000000000c8
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
FS: 0000000000000000(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
entry_SYSCALL_64_after_hwframe+0x42/0xb7
CR2: 00007f31b5984000 CR3: 0000000093e7a000 CR4: 00000000001406e0
RIP: 0033:0x440509
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
RSP: 002b:00007ffd3a920788 EFLAGS: 00000246
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ORIG_RAX: 0000000000000010
Call Trace:
skb_put_data include/linux/skbuff.h:2077 [inline]
ll_recv+0x507/0x1010 drivers/bluetooth/hci_ll.c:416
RAX: ffffffffffffffda RBX: 00007ffd3a920790 RCX: 0000000000440509
ll_recv+0x507/0x1010 drivers/bluetooth/hci_ll.c:416
hci_uart_tty_receive+0x1fa/0x4d0 drivers/bluetooth/hci_ldisc.c:603
RDX: 0000000020000100 RSI: 0000000000005412 RDI: 0000000000000003
RBP: 0000000000000004 R08: 0000000000000001 R09: 00007ffd3a920031
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401df0
tty_ldisc_receive_buf+0x151/0x1a0 drivers/tty/tty_buffer.c:459
R13: 0000000000401e80 R14: 0000000000000000 R15: 0000000000000000
tty_port_default_receive_buf+0x73/0xa0 drivers/tty/tty_port.c:37
Bluetooth: Can't allocate mem for new packet
receive_buf drivers/tty/tty_buffer.c:475 [inline]
flush_to_ldisc+0x1f2/0x400 drivers/tty/tty_buffer.c:527
process_one_work+0x868/0x1610 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x31c/0x430 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
flush_to_ldisc+0x1f2/0x400 drivers/tty/tty_buffer.c:527
process_one_work+0x868/0x1610 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x31c/0x430 kernel/kthread.c:232
Code: 41 56 41 55 41 89 f5 41 54 49 89 fc 4d 8d bc 24 c8 00 00 00 53 e8 60
1a 8e fc 4c 89 fa 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02
4c 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RIP: skb_put+0x31/0x1c0 net/core/skbuff.c:1694 RSP: ffff8880a9e4fb48
---[ end trace bd17fa81b08f095b ]---
RIP: skb_put+0x31/0x1c0 net/core/skbuff.c:1694 RSP: ffff8880a9e4fb48
syzbot
Apr 23, 2019, 1:25:06 AM4/23/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: c98875d9 Linux 4.19.36
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1449ef4ca00000
kernel config: https://syzkaller.appspot.com/x/.config?x=5e40ac5fbcc6366d
dashboard link: https://syzkaller.appspot.com/bug?extid=cfdea684d4caf61d635a
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15a56918a00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cfdea6...@syzkaller.appspotmail.com
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
Code: 89 f5 41 54 49 89 fc 53 4d 8d b4 24 c8 00 00 00 48 83 ec 08 e8 5c 7e
0a fc 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c
89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 58
RSP: 0018:ffff8880a9877b28 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880a189d340 RCX: ffffffff84e27a89
RDX: 0000000000000019 RSI: ffffffff8560c6b4 RDI: 0000000000000000
RBP: ffff8880a9877b58 R08: ffff8880a98b84c0 R09: ffffed1015d24733
R10: ffffed1015d24732 R11: ffff8880ae923993 R12: 0000000000000000
R13: 0000000000000001 R14: 00000000000000c8 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
bcsp_unslip_one_byte drivers/bluetooth/hci_bcsp.c:451 [inline]
bcsp_recv+0x9b3/0x13b0 drivers/bluetooth/hci_bcsp.c:612
hci_uart_tty_receive+0x22b/0x530 drivers/bluetooth/hci_ldisc.c:607
tty_ldisc_receive_buf+0x164/0x1c0 drivers/tty/tty_buffer.c:460
tty_port_default_receive_buf+0x7d/0xb0 drivers/tty/tty_port.c:38
receive_buf drivers/tty/tty_buffer.c:476 [inline]
flush_to_ldisc+0x228/0x390 drivers/tty/tty_buffer.c:528
process_one_work+0x98e/0x1760 kernel/workqueue.c:2153
worker_thread+0x98/0xe40 kernel/workqueue.c:2296
kthread+0x357/0x430 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
Modules linked in:
---[ end trace a41480f45287912a ]---
RIP: 0010:skb_put+0x35/0x1e0 net/core/skbuff.c:1697
Code: 89 f5 41 54 49 89 fc 53 4d 8d b4 24 c8 00 00 00 48 83 ec 08 e8 5c 7e
0a fc 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c
89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 58
RSP: 0018:ffff8880a9877b28 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880a189d340 RCX: ffffffff84e27a89
RDX: 0000000000000019 RSI: ffffffff8560c6b4 RDI: 0000000000000000
RBP: ffff8880a9877b58 R08: ffff8880a98b84c0 R09: ffffed1015d24733
R10: ffffed1015d24732 R11: ffff8880ae923993 R12: 0000000000000000
R13: 0000000000000001 R14: 00000000000000c8 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: c98875d9 Linux 4.19.36
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1449ef4ca00000
kernel config: https://syzkaller.appspot.com/x/.config?x=5e40ac5fbcc6366d
dashboard link: https://syzkaller.appspot.com/bug?extid=cfdea684d4caf61d635a
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1566e947200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15a56918a00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
Bluetooth: Can't allocate mem for new packet
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 47 Comm: kworker/u4:2 Not tainted 4.19.36 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: events_unbound flush_to_ldisc
RIP: 0010:skb_put+0x35/0x1e0 net/core/skbuff.c:1697
Google 01/01/2011
Workqueue: events_unbound flush_to_ldisc
Code: 89 f5 41 54 49 89 fc 53 4d 8d b4 24 c8 00 00 00 48 83 ec 08 e8 5c 7e
0a fc 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c
89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 58
RSP: 0018:ffff8880a9877b28 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880a189d340 RCX: ffffffff84e27a89
RDX: 0000000000000019 RSI: ffffffff8560c6b4 RDI: 0000000000000000
RBP: ffff8880a9877b58 R08: ffff8880a98b84c0 R09: ffffed1015d24733
R10: ffffed1015d24732 R11: ffff8880ae923993 R12: 0000000000000000
R13: 0000000000000001 R14: 00000000000000c8 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe66fd8d000 CR3: 00000000a0492000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
skb_put_data include/linux/skbuff.h:2091 [inline]
Call Trace:
bcsp_unslip_one_byte drivers/bluetooth/hci_bcsp.c:451 [inline]
bcsp_recv+0x9b3/0x13b0 drivers/bluetooth/hci_bcsp.c:612
hci_uart_tty_receive+0x22b/0x530 drivers/bluetooth/hci_ldisc.c:607
tty_ldisc_receive_buf+0x164/0x1c0 drivers/tty/tty_buffer.c:460
tty_port_default_receive_buf+0x7d/0xb0 drivers/tty/tty_port.c:38
receive_buf drivers/tty/tty_buffer.c:476 [inline]
flush_to_ldisc+0x228/0x390 drivers/tty/tty_buffer.c:528
process_one_work+0x98e/0x1760 kernel/workqueue.c:2153
worker_thread+0x98/0xe40 kernel/workqueue.c:2296
kthread+0x357/0x430 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
Modules linked in:
---[ end trace a41480f45287912a ]---
RIP: 0010:skb_put+0x35/0x1e0 net/core/skbuff.c:1697
Code: 89 f5 41 54 49 89 fc 53 4d 8d b4 24 c8 00 00 00 48 83 ec 08 e8 5c 7e
0a fc 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c
89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 58
RSP: 0018:ffff8880a9877b28 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880a189d340 RCX: ffffffff84e27a89
RDX: 0000000000000019 RSI: ffffffff8560c6b4 RDI: 0000000000000000
RBP: ffff8880a9877b58 R08: ffff8880a98b84c0 R09: ffffed1015d24733
R10: ffffed1015d24732 R11: ffff8880ae923993 R12: 0000000000000000
R13: 0000000000000001 R14: 00000000000000c8 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe66fd8d000 CR3: 00000000a0492000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages