Hello,
syzbot found the following crash on:
HEAD commit: 66c56cfa64d9 Merge tag 'remove-dma_zalloc_coherent-5.0' of..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=167fd6d8c00000
kernel config: https://syzkaller.appspot.com/x/.config?x=b05cfdb4ee8ab9b2
dashboard link: https://syzkaller.appspot.com/bug?extid=a950165cbb86bdd023a4
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=121cee07400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16fdaed8c00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: [email protected]
WARNING: CPU: 0 PID: 1171 at drivers/tty/tty_ioctl.c:319
tty_set_termios+0x93a/0xac0 drivers/tty/tty_ioctl.c:319
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 1171 Comm: kworker/u5:0 Not tainted 5.0.0-rc1+ #22
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: hci0 hci_power_on
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1db/0x2d0 lib/dump_stack.c:113
panic+0x2cb/0x65c kernel/panic.c:214
__warn.cold+0x20/0x48 kernel/panic.c:571
report_bug+0x263/0x2b0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:290
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973
RIP: 0010:tty_set_termios+0x93a/0xac0 drivers/tty/tty_ioctl.c:319
Code: 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ec 00
00 00 41 89 9f d0 03 00 00 e9 f6 fd ff ff e8 d6 18 a8 fd <0f> 0b e9 a9 f7
ff ff e8 4a 04 ec fd e9 48 f9 ff ff 4c 89 ef e8 9d
RSP: 0018:ffff8880a74f7600 EFLAGS: 00010293
RAX: ffff8880a74d4300 RBX: ffff8880a74f76c0 RCX: ffffffff83d9d62d
RDX: 0000000000000000 RSI: ffffffff83d9de8a RDI: 0000000000000005
RBP: ffff8880a74f76e8 R08: ffff8880a74d4300 R09: fffffbfff181d7b5
R10: fffffbfff181d7b4 R11: 0000000000000003 R12: ffff8880a74f7728
R13: 0000000000010004 R14: 000000000001c200 R15: ffff88808e3e60c0
hci_uart_set_baudrate+0x1cc/0x250 drivers/bluetooth/hci_ldisc.c:378
hci_uart_setup+0xa2/0x490 drivers/bluetooth/hci_ldisc.c:401
hci_dev_do_open+0x6b1/0x1920 net/bluetooth/hci_core.c:1423
hci_power_on+0x10d/0x880 net/bluetooth/hci_core.c:2130
process_one_work+0xd0c/0x1ce0 kernel/workqueue.c:2153
worker_thread+0x143/0x14a0 kernel/workqueue.c:2296
kthread+0x357/0x430 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot has bisected this bug to:
commit 162f812f23bab583f5d514ca0e4df67797ac9cdf
Author: Loic Poulain <[email protected]>
Date: Mon Sep 19 14:29:27 2016 +0000
Bluetooth: hci_uart: Add Marvell support
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12cd5c2b200000
start commit: 162f812f Bluetooth: hci_uart: Add Marvell support
git tree: upstream
final crash: https://syzkaller.appspot.com/x/report.txt?x=11cd5c2b200000
console output: https://syzkaller.appspot.com/x/log.txt?x=16cd5c2b200000
kernel config: https://syzkaller.appspot.com/x/.config?x=b05cfdb4ee8ab9b2
dashboard link: https://syzkaller.appspot.com/bug?extid=a950165cbb86bdd023a4
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=121cee07400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16fdaed8c00000
Reported-by: [email protected]
Fixes: 162f812f ("Bluetooth: hci_uart: Add Marvell support")
#syz fix: Bluetooth: hci_uart: check for missing tty operations
Best regards,
Vladis Dronov
----- Original Message -----
> From: "syzbot" <[email protected]>
> To: [email protected], [email protected], "johan hedberg" <[email protected]>, [email protected],
> [email protected], [email protected], "loic poulain" <[email protected]>,
> [email protected], [email protected], [email protected], [email protected],
> [email protected]
> Sent: Monday, December 9, 2019 7:20:01 AM
> Subject: Re: WARNING in tty_set_termios
>
> syzbot suspects this bug was fixed by commit:
>
> commit b36a1552d7319bbfd5cf7f08726c23c5c66d4f73
> Author: Vladis Dronov <[email protected]>
> Date: Tue Jul 30 09:33:45 2019 +0000
>
> Bluetooth: hci_uart: check for missing tty operations
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10b20aeae00000
> start commit: 66c56cfa Merge tag 'remove-dma_zalloc_coherent-5.0' of git..
> git tree: upstream
> kernel config: https://syzkaller.appspot.com/x/.config?x=b05cfdb4ee8ab9b2
> dashboard link: https://syzkaller.appspot.com/bug?extid=a950165cbb86bdd023a4
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=121cee07400000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16fdaed8c00000
>
> If the result looks correct, please mark the bug fixed by replying with:
>
> #syz fix: Bluetooth: hci_uart: check for missing tty operations
>
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection
>
>