general protection fault in lock_sock

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-49	general protection fault in lock_sock_nested				1	2273d	2273d	0/3	auto-closed as invalid on 2019/02/22 12:39
linux-4.14	general protection fault in lock_sock_nested				4	1091d	1309d	0/1	auto-closed as invalid on 2021/09/04 19:35
upstream	general protection fault in lock_sock_nested bluetooth	C	done	done	105	15h15m	235d	0/26	upstream: reported C repro on 2023/09/11 07:52
linux-5.15	general protection fault in lock_sock_nested origin:upstream	syz			10	19h08m	28d	0/3	upstream: reported syz repro on 2024/04/04 13:25
upstream	BUG: unable to handle kernel paging request in lock_sock_nested bluetooth				43	926d	1366d	0/26	auto-closed as invalid on 2022/02/16 22:16
linux-4.19	KASAN: wild-memory-access Write in lock_sock_nested				2	1190d	1259d	0/1	auto-closed as invalid on 2021/05/28 14:35
linux-4.19	KASAN: use-after-free Read in lock_sock_nested	C			471	429d	1742d	0/1	upstream: reported C repro on 2019/07/26 21:27
linux-4.14	KASAN: use-after-free Read in lock_sock_nested	C		inconclusive	331	469d	1836d	0/1	upstream: reported C repro on 2019/04/24 06:28
upstream	KASAN: use-after-free Read in lock_sock_nested hams	C	inconclusive	done	1856	338d	1948d	0/26	auto-obsoleted due to no activity on 2023/08/23 09:06
linux-4.14	BUG: unable to handle kernel paging request in lock_sock_nested				4	1085d	1204d	0/1	auto-closed as invalid on 2021/09/11 11:51
upstream	KASAN: slab-out-of-bounds Read in lock_sock_nested bluetooth	syz	unreliable	done	23	921d	1360d	0/26	auto-obsoleted due to no activity on 2022/09/29 10:19
linux-4.19	KASAN: slab-out-of-bounds Read in lock_sock_nested				14	603d	1267d	0/1	auto-obsoleted due to no activity on 2023/01/05 15:59

general protection fault, probably for non-canonical address 0xdffffc0000000026: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000130-0x0000000000000137] CPU: 0 PID: 3607 Comm: kworker/0:5 Not tainted 6.1.86-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: events l2cap_info_timeout RIP: 0010:__lock_acquire+0x69/0x1f80 kernel/locking/lockdep.c:4919 Code: df 0f b6 04 10 84 c0 0f 85 fb 15 00 00 83 3d 61 41 09 0d 00 0f 84 a8 14 00 00 83 3d b0 22 95 0b 00 74 2b 4c 89 f0 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 f7 e8 69 9a 77 00 48 ba 00 00 00 00 00 fc RSP: 0018:ffffc90004c4f800 EFLAGS: 00010002 RAX: 0000000000000026 RBX: 0000000000000000 RCX: 0000000000000000 RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000130 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 R13: ffff88807b878000 R14: 0000000000000130 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31e21000 CR3: 00000000575db000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662 lock_sock_nested+0x44/0x100 net/core/sock.c:3484 lock_sock include/net/sock.h:1745 [inline] l2cap_sock_ready_cb+0x43/0x130 net/bluetooth/l2cap_sock.c:1649 l2cap_chan_ready net/bluetooth/l2cap_core.c:1382 [inline] l2cap_conn_start+0x8c9/0x10a0 net/bluetooth/l2cap_core.c:1640 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__lock_acquire+0x69/0x1f80 kernel/locking/lockdep.c:4919 Code: df 0f b6 04 10 84 c0 0f 85 fb 15 00 00 83 3d 61 41 09 0d 00 0f 84 a8 14 00 00 83 3d b0 22 95 0b 00 74 2b 4c 89 f0 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 f7 e8 69 9a 77 00 48 ba 00 00 00 00 00 fc RSP: 0018:ffffc90004c4f800 EFLAGS: 00010002 RAX: 0000000000000026 RBX: 0000000000000000 RCX: 0000000000000000 RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000130 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 R13: ffff88807b878000 R14: 0000000000000130 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31e21000 CR3: 00000000575db000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: df 0f fisttps (%rdi) 2: b6 04 mov $0x4,%dh 4: 10 84 c0 0f 85 fb 15 adc %al,0x15fb850f(%rax,%rax,8) b: 00 00 add %al,(%rax) d: 83 3d 61 41 09 0d 00 cmpl $0x0,0xd094161(%rip) # 0xd094175 14: 0f 84 a8 14 00 00 je 0x14c2 1a: 83 3d b0 22 95 0b 00 cmpl $0x0,0xb9522b0(%rip) # 0xb9522d1 21: 74 2b je 0x4e 23: 4c 89 f0 mov %r14,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) <-- trapping instruction 2e: 74 12 je 0x42 30: 4c 89 f7 mov %r14,%rdi 33: e8 69 9a 77 00 call 0x779aa1 38: 48 rex.W 39: ba 00 00 00 00 mov $0x0,%edx 3e: 00 fc add %bh,%ah

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/04/14 08:45	linux-6.1.y	cd5d98c0556c	c8349e48	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	general protection fault in lock_sock_nested

Crashes (1):

Assets (help?)