WARNING in tty_set_termios

* WARNING in tty_set_termios
@ 2019-01-13  3:43 syzbot
  2019-03-17 15:15 ` syzbot
  2019-12-09  6:20 ` syzbot
  0 siblings, 2 replies; 4+ messages in thread
From: syzbot @ 2019-01-13  3:43 UTC (permalink / raw)
  To: gregkh, jslaby, linux-kernel, syzkaller-bugs

Hello,

syzbot found the following crash on:

HEAD commit:    66c56cfa64d9 Merge tag 'remove-dma_zalloc_coherent-5.0' of..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=167fd6d8c00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=b05cfdb4ee8ab9b2
dashboard link: https://syzkaller.appspot.com/bug?extid=a950165cbb86bdd023a4
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=121cee07400000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16fdaed8c00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a950165cbb86bdd023a4@syzkaller.appspotmail.com

WARNING: CPU: 0 PID: 1171 at drivers/tty/tty_ioctl.c:319  
tty_set_termios+0x93a/0xac0 drivers/tty/tty_ioctl.c:319
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 1171 Comm: kworker/u5:0 Not tainted 5.0.0-rc1+ #22
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Workqueue: hci0 hci_power_on
Call Trace:
  __dump_stack lib/dump_stack.c:77 [inline]
  dump_stack+0x1db/0x2d0 lib/dump_stack.c:113
  panic+0x2cb/0x65c kernel/panic.c:214
  __warn.cold+0x20/0x48 kernel/panic.c:571
  report_bug+0x263/0x2b0 lib/bug.c:186
  fixup_bug arch/x86/kernel/traps.c:178 [inline]
  fixup_bug arch/x86/kernel/traps.c:173 [inline]
  do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
  do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:290
  invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973
RIP: 0010:tty_set_termios+0x93a/0xac0 drivers/tty/tty_ioctl.c:319
Code: 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ec 00  
00 00 41 89 9f d0 03 00 00 e9 f6 fd ff ff e8 d6 18 a8 fd <0f> 0b e9 a9 f7  
ff ff e8 4a 04 ec fd e9 48 f9 ff ff 4c 89 ef e8 9d
RSP: 0018:ffff8880a74f7600 EFLAGS: 00010293
RAX: ffff8880a74d4300 RBX: ffff8880a74f76c0 RCX: ffffffff83d9d62d
RDX: 0000000000000000 RSI: ffffffff83d9de8a RDI: 0000000000000005
RBP: ffff8880a74f76e8 R08: ffff8880a74d4300 R09: fffffbfff181d7b5
R10: fffffbfff181d7b4 R11: 0000000000000003 R12: ffff8880a74f7728
R13: 0000000000010004 R14: 000000000001c200 R15: ffff88808e3e60c0
  hci_uart_set_baudrate+0x1cc/0x250 drivers/bluetooth/hci_ldisc.c:378
  hci_uart_setup+0xa2/0x490 drivers/bluetooth/hci_ldisc.c:401
  hci_dev_do_open+0x6b1/0x1920 net/bluetooth/hci_core.c:1423
  hci_power_on+0x10d/0x880 net/bluetooth/hci_core.c:2130
  process_one_work+0xd0c/0x1ce0 kernel/workqueue.c:2153
  worker_thread+0x143/0x14a0 kernel/workqueue.c:2296
  kthread+0x357/0x430 kernel/kthread.c:246
  ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with  
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 4+ messages in thread