Hello,
syzbot found the following crash on:
HEAD commit: 68d7a45e Linux 4.14.113
git tree: linux-4.14.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=17d2b87f200000
kernel config:
https://syzkaller.appspot.com/x/.config?x=dbf1fde4d7489e1c
dashboard link:
https://syzkaller.appspot.com/bug?extid=7007264d1b0ca8fa4698
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+700726...@syzkaller.appspotmail.com
RDX: 0000000020000100 RSI: 0000000000005412 RDI: 0000000000000003
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce5d4506d4
kobject: 'loop2' (ffff8880a497f7e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
R13: 00000000004c3082 R14: 00000000004d6428 R15: 0000000000000004
general protection fault: 0000 [#1] PREEMPT SMP KASAN
kobject: 'kvm' (ffff888219fd2590): kobject_uevent_env
Modules linked in:
CPU: 0 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.113 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: events_unbound flush_to_ldisc
task: ffff8880a9e425c0 task.stack: ffff8880a9e48000
RIP: 0010:skb_put+0x31/0x1c0 net/core/skbuff.c:1694
RSP: 0018:ffff8880a9e4fb48 EFLAGS: 00010202
kobject: 'kvm' (ffff888219fd2590): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
RAX: dffffc0000000000 RBX: ffff8880965b0540 RCX: 0000000000000000
RDX: 0000000000000019 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffff8880a9e4fb70 R08: 0000000000000025 R09: ffff8880a9e42f00
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000004 R14: ffff888096e4bb22 R15: 00000000000000c8
FS: 0000000000000000(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000073c000 CR3: 00000000844af000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
skb_put_data include/linux/skbuff.h:2077 [inline]
ll_recv+0x507/0x1010 drivers/bluetooth/hci_ll.c:416
hci_uart_tty_receive+0x1fa/0x4d0 drivers/bluetooth/hci_ldisc.c:603
tty_ldisc_receive_buf+0x151/0x1a0 drivers/tty/tty_buffer.c:459
tty_port_default_receive_buf+0x73/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:475 [inline]
flush_to_ldisc+0x1f2/0x400 drivers/tty/tty_buffer.c:527
process_one_work+0x868/0x1610 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x31c/0x430 kernel/kthread.c:232
kobject: 'loop5' (ffff8880a4a7e1a0): kobject_uevent_env
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Code: 41
kobject: 'loop5' (ffff8880a4a7e1a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
56 41 55 41 89 f5 41 54 49 89 fc 4d
Bluetooth: Can't allocate mem for new packet
8d bc 24 c8 00 00 00 53 e8 60 1a
kobject: 'loop2' (ffff8880a497f7e0): kobject_uevent_env
8e
kobject: 'loop2' (ffff8880a497f7e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
fc 4c 89 fa 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89
f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RIP: skb_put+0x31/0x1c0 net/core/skbuff.c:1694 RSP: ffff8880a9e4fb48
---[ end trace c2600112b4279336 ]---
kobject: 'loop3' (ffff8880a49ed1e0): kobject_uevent_env
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.