syzbot


general protection fault in lock_sock_nested

Status: upstream: reported syz repro on 2024/04/04 13:25
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+919d4e1e5bdfd4fa9abb@syzkaller.appspotmail.com
First crash: 193d, last: 3d16h
Bug presence (3)
Date Name Commit Repro Result
2024/06/01 linux-5.15.y (ToT) c61bd26ae81a C [report] BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/17 upstream (ToT) 96fca68c4fbf C [report] BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/01 upstream (ToT) cc8ed4d0a848 C Didn't crash
Similar bugs (15)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 general protection fault in lock_sock_nested 1 2438d 2438d 0/3 auto-closed as invalid on 2019/02/22 12:39
linux-4.14 general protection fault in lock_sock_nested 4 1256d 1474d 0/1 auto-closed as invalid on 2021/09/04 19:35
upstream general protection fault in lock_sock_nested bluetooth C done done 345 1d02h 399d 0/28 upstream: reported C repro on 2023/09/11 07:52
linux-6.1 general protection fault in lock_sock_nested 52 5d05h 183d 0/3 upstream: reported on 2024/04/14 08:46
upstream BUG: unable to handle kernel paging request in lock_sock_nested bluetooth 43 1090d 1531d 0/28 auto-closed as invalid on 2022/02/16 22:16
linux-4.19 KASAN: wild-memory-access Write in lock_sock_nested 2 1355d 1424d 0/1 auto-closed as invalid on 2021/05/28 14:35
linux-4.19 KASAN: use-after-free Read in lock_sock_nested C 471 593d 1907d 0/1 upstream: reported C repro on 2019/07/26 21:27
linux-4.14 KASAN: use-after-free Read in lock_sock_nested C inconclusive 331 633d 2000d 0/1 upstream: reported C repro on 2019/04/24 06:28
upstream KASAN: use-after-free Read in lock_sock_nested hams C inconclusive done 1856 503d 2112d 0/28 auto-obsoleted due to no activity on 2023/08/23 09:06
linux-6.1 BUG: sleeping function called from invalid context in lock_sock_nested 7 86d 107d 0/3 upstream: reported on 2024/06/29 07:54
linux-4.14 BUG: unable to handle kernel paging request in lock_sock_nested 4 1249d 1368d 0/1 auto-closed as invalid on 2021/09/11 11:51
upstream KASAN: slab-out-of-bounds Read in lock_sock_nested bluetooth syz unreliable done 23 1085d 1525d 0/28 auto-obsoleted due to no activity on 2022/09/29 10:19
linux-4.19 KASAN: slab-out-of-bounds Read in lock_sock_nested 14 768d 1432d 0/1 auto-obsoleted due to no activity on 2023/01/05 15:59
upstream BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth C inconclusive 55 3d16h 154d 0/28 upstream: reported C repro on 2024/05/13 12:58
linux-5.15 BUG: sleeping function called from invalid context in lock_sock_nested origin:upstream C error 22 10d 107d 0/3 upstream: reported C repro on 2024/06/29 07:50
Last patch testing requests (5)
Created Duration User Patch Repo Result
2024/10/03 06:15 16m retest repro linux-5.15.y report log
2024/10/03 06:15 11m retest repro linux-5.15.y report log
2024/10/03 06:15 17m retest repro linux-5.15.y report log
2024/10/03 06:15 14m retest repro linux-5.15.y report log
2024/10/03 06:15 12m retest repro linux-5.15.y report log
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2024/08/19 20:04 1m fix candidate upstream error job log
2024/07/03 04:13 57m fix candidate upstream error job log

Sample crash report:
Unable to handle kernel paging request at virtual address dfff800000000024
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000024] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4060 Comm: kworker/1:5 Not tainted 5.15.161-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: events l2cap_info_timeout
pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __lock_acquire+0x104/0x7638 kernel/locking/lockdep.c:4882
lr : lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5623
sp : ffff80001c9e7480
x29: ffff80001c9e7720 x28: 1ffff0000292a069 x27: 0000000000000001
x26: ffff800010d45860 x25: ffff70000393ceb4 x24: 0000000000000000
x23: 0000000000000000 x22: ffff0000cacd0000 x21: 0000000000000000
x20: 0000000000000000 x19: 0000000000000120 x18: ffff80001c9e7300
x17: 0000000000000000 x16: ffff80001199d294 x15: 000000000001e0e2
x14: ffff800016f8e500 x13: ffff80001c9e75a0 x12: dfff800000000000
x11: ffff8000082f01e0 x10: ffff80001495034c x9 : 00000000000000f3
x8 : 0000000000000024 x7 : ffff800010d45860 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000120
Call trace:
 __lock_acquire+0x104/0x7638 kernel/locking/lockdep.c:4882
 lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5623
 lock_sock_nested+0xec/0x1ec net/core/sock.c:3250
 lock_sock include/net/sock.h:1668 [inline]
 l2cap_sock_ready_cb+0x4c/0x130 net/bluetooth/l2cap_sock.c:1649
 l2cap_chan_ready net/bluetooth/l2cap_core.c:1385 [inline]
 l2cap_conn_start+0x668/0xd28 net/bluetooth/l2cap_core.c:1643
 l2cap_info_timeout+0x68/0xb8 net/bluetooth/l2cap_core.c:1810
 process_one_work+0x790/0x11b8 kernel/workqueue.c:2310
 worker_thread+0x910/0x1034 kernel/workqueue.c:2457
 kthread+0x37c/0x45c kernel/kthread.c:334
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
Code: 90063808 b94ec108 34000208 d343fe68 (386c6908) 
---[ end trace c980877619584b92 ]---
----------------
Code disassembly (best guess):
   0:	90063808 	adrp	x8, 0xc700000
   4:	b94ec108 	ldr	w8, [x8, #3776]
   8:	34000208 	cbz	w8, 0x48
   c:	d343fe68 	lsr	x8, x19, #3
* 10:	386c6908 	ldrb	w8, [x8, x12] <-- trapping instruction

Crashes (40):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/06/23 19:14 linux-5.15.y 4878aadf2d15 edc5149a .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/22 04:02 linux-5.15.y 4878aadf2d15 edc5149a .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/19 13:03 linux-5.15.y 4878aadf2d15 41b7e219 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/07 19:19 linux-5.15.y 284087d4f7d5 cb2dcc0e .config console log report syz [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/07 06:13 linux-5.15.y 284087d4f7d5 fa7a5cf0 .config console log report syz [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/25 00:20 linux-5.15.y c52b9710c83d 8bdc0f22 .config console log report syz [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/16 22:56 linux-5.15.y fa3df276cd36 18f6e127 .config console log report syz [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/07/28 04:29 linux-5.15.y 7e89efd3ae1c 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in lock_sock_nested
2024/05/11 06:43 linux-5.15.y 284087d4f7d5 f7c35481 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in lock_sock_nested
2024/04/21 14:35 linux-5.15.y c52b9710c83d af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in lock_sock_nested
2024/04/04 13:24 linux-5.15.y 9465fef4ae35 0ee3535e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in lock_sock_nested
2024/10/11 05:07 linux-5.15.y 3a5928702e71 8fbfc0c8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/10/09 00:18 linux-5.15.y 3a5928702e71 402f1df0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/09/12 20:23 linux-5.15.y 3a5928702e71 60e1a995 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/23 16:56 linux-5.15.y 4878aadf2d15 edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/22 07:19 linux-5.15.y 4878aadf2d15 edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/21 19:31 linux-5.15.y 4878aadf2d15 edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/19 05:08 linux-5.15.y 4878aadf2d15 41b7e219 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/18 03:49 linux-5.15.y 4878aadf2d15 ce6011bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/17 23:07 linux-5.15.y 4878aadf2d15 1f11cfd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/17 08:37 linux-5.15.y 4878aadf2d15 88722c0f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/15 14:54 linux-5.15.y c61bd26ae81a f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/21 23:09 linux-5.15.y 83655231580b 1014eca7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/15 09:12 linux-5.15.y 284087d4f7d5 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/11 06:59 linux-5.15.y 284087d4f7d5 f7c35481 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/10 01:40 linux-5.15.y 284087d4f7d5 de979bc2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/08 23:29 linux-5.15.y 284087d4f7d5 20bf80e1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/08 23:19 linux-5.15.y 284087d4f7d5 20bf80e1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/08 23:12 linux-5.15.y 284087d4f7d5 20bf80e1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/08 23:09 linux-5.15.y 284087d4f7d5 20bf80e1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/08 16:21 linux-5.15.y 284087d4f7d5 20bf80e1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/07 13:07 linux-5.15.y 284087d4f7d5 cb2dcc0e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/07 01:08 linux-5.15.y 284087d4f7d5 fa7a5cf0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/04 04:37 linux-5.15.y 284087d4f7d5 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/02 16:51 linux-5.15.y 284087d4f7d5 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/24 16:47 linux-5.15.y c52b9710c83d 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/23 12:11 linux-5.15.y c52b9710c83d 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/18 09:04 linux-5.15.y c52b9710c83d af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/17 12:03 linux-5.15.y c52b9710c83d 18f6e127 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/16 16:40 linux-5.15.y fa3df276cd36 18f6e127 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
* Struck through repros no longer work on HEAD.