All of lore.kernel.org
 help / color / mirror / Atom feed
From: kvartet <xyru1999@gmail.com>
To: marcel@holtmann.org, johan.hedberg@gmail.com,
	luiz.dentz@gmail.com, linux-bluetooth@vger.kernel.org,
	linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Cc: sunhao.th@gmail.com
Subject: INFO: trying to register non-static key in hci_uart_tx_wakeup
Date: Tue, 4 Jan 2022 16:49:55 +0800	[thread overview]
Message-ID: <CAFkrUsjA1qai+1ysWS_LEUYcMGo+ZRF3v743q6k9e4roF6PWZw@mail.gmail.com> (raw)

Hello,

When using Syzkaller to fuzz the latest Linux kernel, the following
crash was triggered.

HEAD commit: a7904a538933 Linux 5.16-rc6
git tree: upstream
console output: https://paste.ubuntu.com/p/Bfpr8Gxtd4/plain/
kernel config: https://paste.ubuntu.com/p/FDDNHDxtwz/plain/

Sorry, I don't have a reproducer for this crash, hope the symbolized
report can help.
If you fix this issue, please add the following tag to the commit:
Reported-by: Yiru Xu <xyru1999@gmail.com>


INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 2 PID: 18524 Comm: syz-executor.5 Not tainted 5.16.0-rc6 #9
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 assign_lock_key kernel/locking/lockdep.c:951 [inline]
 register_lock_class+0x148d/0x1950 kernel/locking/lockdep.c:1263
 __lock_acquire+0x106/0x57e0 kernel/locking/lockdep.c:4906
 lock_acquire kernel/locking/lockdep.c:5637 [inline]
 lock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5602
 percpu_down_read_trylock include/linux/percpu-rwsem.h:92 [inline]
 hci_uart_tx_wakeup+0x12e/0x490 drivers/bluetooth/hci_ldisc.c:124
 h5_timed_event+0x32f/0x6a0 drivers/bluetooth/hci_h5.c:188
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
 expire_timers kernel/time/timer.c:1466 [inline]
 __run_timers.part.0+0x6b0/0xa90 kernel/time/timer.c:1734
 __run_timers kernel/time/timer.c:1715 [inline]
 run_timer_softirq+0xb6/0x1d0 kernel/time/timer.c:1747
 __do_softirq+0x1d7/0x93b kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xf2/0x130 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x40 kernel/kcov.c:199
Code: 02 8b 7e 81 e2 00 01 ff 00 75 10 65 48 8b 04 25 40 70 02 00 48
8b 80 58 15 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <65> 48
8b 0c 25 40 70 02 00 bf 02 00 00 00 48 89 ce 4c 8b 04 24 e8
RSP: 0018:ffffc90006f5f300 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000200 RCX: ffff888051915640
RDX: 0000000000000000 RSI: ffff888051915640 RDI: 0000000000000002
RBP: 0000000000000008 R08: ffffffff814c726d R09: 0000000000000000
R10: 0000000000000007 R11: fffffbfff1b20a2a R12: 0000000000000000
R13: 0000000000000001 R14: ffff888010c64c00 R15: ffffea0001826f00
 queue_work_on+0xb3/0x110 kernel/workqueue.c:1552
 queue_work include/linux/workqueue.h:502 [inline]
 schedule_work include/linux/workqueue.h:563 [inline]
 __vfree_deferred mm/vmalloc.c:2654 [inline]
 vfree_atomic+0xac/0xe0 mm/vmalloc.c:2672
 free_thread_stack kernel/fork.c:291 [inline]
 release_task_stack kernel/fork.c:431 [inline]
 put_task_stack+0x2a7/0x480 kernel/fork.c:442
 finish_task_switch+0x591/0x820 kernel/sched/core.c:4884
 context_switch kernel/sched/core.c:4975 [inline]
 __schedule+0xce1/0x2530 kernel/sched/core.c:6253
 preempt_schedule_common+0x4a/0xc0 kernel/sched/core.c:6419
 preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:35
 vprintk_emit+0x315/0x4a0 kernel/printk/printk.c:2246
 vprintk+0x80/0x90 kernel/printk/printk_safe.c:50
 _printk+0xba/0xed kernel/printk/printk.c:2266
 show_free_areas+0x762/0xff0 mm/page_alloc.c:5892
 show_mem+0x3e/0x1ab lib/show_mem.c:17
 warn_alloc_show_mem mm/page_alloc.c:4198 [inline]
 warn_alloc.cold+0x10e/0x17a mm/page_alloc.c:4221
 __vmalloc_area_node mm/vmalloc.c:2964 [inline]
 __vmalloc_node_range+0x84e/0xa30 mm/vmalloc.c:3065
 alloc_thread_stack_node kernel/fork.c:244 [inline]
 dup_task_struct kernel/fork.c:886 [inline]
 copy_process+0x911/0x73e0 kernel/fork.c:2023
 kernel_clone+0xe7/0x10c0 kernel/fork.c:2582
 __do_sys_clone+0xc8/0x110 kernel/fork.c:2699
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fd4e55d41c5
Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e
48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85
c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
RSP: 002b:00007fff2aaa5b78 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007fd4e3e3b700 RCX: 00007fd4e55d41c5
RDX: 00007fd4e3e3b9d0 RSI: 00007fd4e3e3adb0 RDI: 00000000003d0f00
RBP: 00007fff2aaa5dd0 R08: 00007fd4e3e3b700 R09: 00007fd4e3e3b700
R10: 00007fd4e3e3b9d0 R11: 0000000000000202 R12: 00007fff2aaa5c2e
R13: 00007fff2aaa5c2f R14: 00007fff2aaa5dd0 R15: 00007fd4e3e3adc0
 </TASK>
----------------
Code disassembly (best guess):
   0: 02 8b 7e 81 e2 00     add    0xe2817e(%rbx),%cl
   6: 01 ff                 add    %edi,%edi
   8: 00 75 10             add    %dh,0x10(%rbp)
   b: 65 48 8b 04 25 40 70 mov    %gs:0x27040,%rax
  12: 02 00
  14: 48 8b 80 58 15 00 00 mov    0x1558(%rax),%rax
  1b: c3                   retq
  1c: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1)
  23: 00 00 00 00
  27: 0f 1f 00             nopl   (%rax)
* 2a: 65 48 8b 0c 25 40 70 mov    %gs:0x27040,%rcx <-- trapping instruction
  31: 02 00
  33: bf 02 00 00 00       mov    $0x2,%edi
  38: 48 89 ce             mov    %rcx,%rsi
  3b: 4c 8b 04 24           mov    (%rsp),%r8
  3f: e8                   .byte 0xe8


Best Regards,
Yiru

             reply	other threads:[~2022-01-04  8:50 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-04  8:49 kvartet [this message]
2022-01-04 14:06 ` INFO: trying to register non-static key in hci_uart_tx_wakeup Pavel Skripkin
2022-01-04 14:14 ` Pavel Skripkin
2022-01-04 14:34   ` kvartet
2022-01-04 14:38     ` Pavel Skripkin
2022-01-05 21:45     ` Slade Watkins

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAFkrUsjA1qai+1ysWS_LEUYcMGo+ZRF3v743q6k9e4roF6PWZw@mail.gmail.com \
    --to=xyru1999@gmail.com \
    --cc=johan.hedberg@gmail.com \
    --cc=linux-bluetooth@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luiz.dentz@gmail.com \
    --cc=marcel@holtmann.org \
    --cc=sunhao.th@gmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.