syzbot


general protection fault in lock_sock_nested

Status: upstream: reported on 2024/04/14 08:46
Reported-by: syzbot+8c1526bae66de4a558da@syzkaller.appspotmail.com
First crash: 184d, last: 6d12h
Similar bugs (17)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 general protection fault in lock_sock_nested 1 2439d 2439d 0/3 auto-closed as invalid on 2019/02/22 12:39
linux-4.14 general protection fault in lock_sock_nested 4 1257d 1475d 0/1 auto-closed as invalid on 2021/09/04 19:35
upstream general protection fault in lock_sock_nested bluetooth C done done 349 4h19m 400d 0/28 upstream: reported C repro on 2023/09/11 07:52
linux-5.15 general protection fault in lock_sock_nested origin:upstream missing-backport syz error 40 4d23h 194d 0/3 upstream: reported syz repro on 2024/04/04 13:25
upstream BUG: unable to handle kernel paging request in lock_sock_nested bluetooth 43 1092d 1532d 0/28 auto-closed as invalid on 2022/02/16 22:16
linux-4.19 KASAN: wild-memory-access Write in lock_sock_nested 2 1356d 1425d 0/1 auto-closed as invalid on 2021/05/28 14:35
linux-4.19 KASAN: use-after-free Read in lock_sock_nested C 471 595d 1908d 0/1 upstream: reported C repro on 2019/07/26 21:27
linux-4.14 KASAN: use-after-free Read in lock_sock_nested C inconclusive 331 635d 2001d 0/1 upstream: reported C repro on 2019/04/24 06:28
upstream KASAN: use-after-free Read in lock_sock_nested hams C inconclusive done 1856 504d 2113d 0/28 auto-obsoleted due to no activity on 2023/08/23 09:06
linux-6.1 BUG: sleeping function called from invalid context in lock_sock_nested 7 87d 108d 0/3 upstream: reported on 2024/06/29 07:54
linux-4.14 BUG: unable to handle kernel paging request in lock_sock_nested 4 1250d 1369d 0/1 auto-closed as invalid on 2021/09/11 11:51
upstream KASAN: slab-out-of-bounds Read in lock_sock_nested bluetooth syz unreliable done 23 1086d 1526d 0/28 auto-obsoleted due to no activity on 2022/09/29 10:19
linux-4.19 KASAN: slab-out-of-bounds Read in lock_sock_nested 14 769d 1433d 0/1 auto-obsoleted due to no activity on 2023/01/05 15:59
upstream BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth C inconclusive 57 21h24m 155d 0/28 upstream: reported C repro on 2024/05/13 12:58
linux-5.15 BUG: sleeping function called from invalid context in lock_sock_nested origin:upstream C error 22 11d 108d 0/3 upstream: reported C repro on 2024/06/29 07:50
android-44 KASAN: use-after-free Read in lock_sock_nested C 40 2244d 2014d 0/2 public: reported C repro on 2019/04/11 08:44
android-49 KASAN: use-after-free Read in lock_sock_nested C 39 2246d 2439d 0/3 closed as invalid on 2019/03/07 05:41

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000026: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000130-0x0000000000000137]
CPU: 0 PID: 152 Comm: kworker/0:2 Not tainted 6.1.110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Workqueue: events l2cap_info_timeout
RIP: 0010:__lock_acquire+0x69/0x1f80 kernel/locking/lockdep.c:4919
Code: df 0f b6 04 10 84 c0 0f 85 fb 15 00 00 83 3d 41 8f 2f 0d 00 0f 84 a8 14 00 00 83 3d 90 06 b5 0b 00 74 2b 4c 89 f0 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 f7 e8 d9 a6 77 00 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90002e1f800 EFLAGS: 00010002
RAX: 0000000000000026 RBX: 0000000000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000130
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
R13: ffff88801c7f5940 R14: 0000000000000130 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c90dff8 CR3: 0000000059d2d000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
 lock_sock_nested+0x44/0x100 net/core/sock.c:3485
 lock_sock include/net/sock.h:1748 [inline]
 l2cap_sock_ready_cb+0x43/0x130 net/bluetooth/l2cap_sock.c:1694
 l2cap_chan_ready net/bluetooth/l2cap_core.c:1409 [inline]
 l2cap_conn_start+0x8c9/0x10a0 net/bluetooth/l2cap_core.c:1667
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0x69/0x1f80 kernel/locking/lockdep.c:4919
Code: df 0f b6 04 10 84 c0 0f 85 fb 15 00 00 83 3d 41 8f 2f 0d 00 0f 84 a8 14 00 00 83 3d 90 06 b5 0b 00 74 2b 4c 89 f0 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 f7 e8 d9 a6 77 00 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90002e1f800 EFLAGS: 00010002
RAX: 0000000000000026 RBX: 0000000000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000130
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
R13: ffff88801c7f5940 R14: 0000000000000130 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c90dff8 CR3: 0000000059d2d000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	df 0f                	fisttps (%rdi)
   2:	b6 04                	mov    $0x4,%dh
   4:	10 84 c0 0f 85 fb 15 	adc    %al,0x15fb850f(%rax,%rax,8)
   b:	00 00                	add    %al,(%rax)
   d:	83 3d 41 8f 2f 0d 00 	cmpl   $0x0,0xd2f8f41(%rip)        # 0xd2f8f55
  14:	0f 84 a8 14 00 00    	je     0x14c2
  1a:	83 3d 90 06 b5 0b 00 	cmpl   $0x0,0xbb50690(%rip)        # 0xbb506b1
  21:	74 2b                	je     0x4e
  23:	4c 89 f0             	mov    %r14,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 10 00          	cmpb   $0x0,(%rax,%rdx,1) <-- trapping instruction
  2e:	74 12                	je     0x42
  30:	4c 89 f7             	mov    %r14,%rdi
  33:	e8 d9 a6 77 00       	call   0x77a711
  38:	48                   	rex.W
  39:	ba 00 00 00 00       	mov    $0x0,%edx
  3e:	00 fc                	add    %bh,%ah

Crashes (52):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/09/17 00:40 linux-6.1.y 5f55cad62cc9 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/09/13 21:01 linux-6.1.y 5f55cad62cc9 b58f933c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/08/14 06:42 linux-6.1.y 36790ef5e00b bde81f6f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/08/12 13:50 linux-6.1.y 36790ef5e00b 842184b3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/08/11 14:26 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/08/03 11:31 linux-6.1.y 48d525b0e463 1786a2a8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/08/01 03:02 linux-6.1.y c1cec4dad96b 1e9c4cf3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/07/27 17:06 linux-6.1.y c1cec4dad96b 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/07/22 13:10 linux-6.1.y 9b3f9a5b12dc df655b64 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/07/19 21:40 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/07/16 14:42 linux-6.1.y cac15753b8ce b66b37bd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/07/11 18:04 linux-6.1.y 266ee8e06d5b eaeb5c15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/07/05 15:56 linux-6.1.y 7753af06eebf 2a40360c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/06/17 05:55 linux-6.1.y eb44d83053d6 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/06/14 21:29 linux-6.1.y ae9f2a70d69e f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/06/14 19:54 linux-6.1.y ae9f2a70d69e f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/06/03 09:48 linux-6.1.y 88690811da69 0aba2352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/06/03 09:48 linux-6.1.y 88690811da69 0aba2352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/05/28 06:23 linux-6.1.y 88690811da69 f550015e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/05/28 04:31 linux-6.1.y 88690811da69 f550015e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/05/28 04:31 linux-6.1.y 88690811da69 f550015e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/05/25 00:51 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/05/22 15:28 linux-6.1.y 4078fa637fcd 4d098039 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/05/21 15:17 linux-6.1.y 4078fa637fcd 4c0d3ee3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/05/10 15:25 linux-6.1.y 909ba1f1b414 f7c35481 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/04/14 08:45 linux-6.1.y cd5d98c0556c c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in lock_sock_nested
2024/07/23 14:36 linux-6.1.y 9b3f9a5b12dc e50e8da5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan KASAN: use-after-free Read in lock_sock_nested
2024/07/03 07:47 linux-6.1.y 99e6a620de00 1ecfa2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan KASAN: use-after-free Read in lock_sock_nested
2024/06/21 22:33 linux-6.1.y eb44d83053d6 edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan KASAN: use-after-free Read in lock_sock_nested
2024/06/18 01:15 linux-6.1.y eb44d83053d6 ce6011bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan KASAN: use-after-free Read in lock_sock_nested
2024/06/17 14:39 linux-6.1.y eb44d83053d6 1f11cfd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan KASAN: use-after-free Read in lock_sock_nested
2024/06/17 13:18 linux-6.1.y eb44d83053d6 1f11cfd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan KASAN: use-after-free Read in lock_sock_nested
2024/06/13 03:36 linux-6.1.y ae9f2a70d69e 2aa5052f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan KASAN: use-after-free Read in lock_sock_nested
2024/06/12 13:29 linux-6.1.y ae9f2a70d69e f815599d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan KASAN: use-after-free Read in lock_sock_nested
2024/10/09 16:26 linux-6.1.y aa4cd140bba5 56fb2cb7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/10/02 00:45 linux-6.1.y aa4cd140bba5 ea2b66a6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/09/03 07:30 linux-6.1.y 311d8503ef9f 8045124c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/08/14 12:13 linux-6.1.y 36790ef5e00b 07a4d4ad .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/18 05:46 linux-6.1.y eb44d83053d6 ce6011bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in lock_sock_nested
2024/06/18 02:05 linux-6.1.y eb44d83053d6 ce6011bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/16 20:02 linux-6.1.y eb44d83053d6 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in lock_sock_nested
2024/06/10 16:18 linux-6.1.y 88690811da69 048c640a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in lock_sock_nested
2024/06/04 14:54 linux-6.1.y 88690811da69 11f2afa5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/03 15:15 linux-6.1.y 88690811da69 0aba2352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/01 02:05 linux-6.1.y 88690811da69 3113787f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/01 02:05 linux-6.1.y 88690811da69 3113787f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/23 12:09 linux-6.1.y 4078fa637fcd 4c2072ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/17 11:28 linux-6.1.y 4078fa637fcd c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/12 03:18 linux-6.1.y 909ba1f1b414 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/10 23:45 linux-6.1.y 909ba1f1b414 f7c35481 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/09 07:56 linux-6.1.y 909ba1f1b414 20bf80e1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
* Struck through repros no longer work on HEAD.