syzbot


general protection fault in lock_sock_nested

Status: upstream: reported syz repro on 2024/04/04 13:25
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+919d4e1e5bdfd4fa9abb@syzkaller.appspotmail.com
First crash: 80d, last: 2h03m
Bug presence (3)
Date Name Commit Repro Result
2024/06/01 linux-5.15.y (ToT) c61bd26ae81a C [report] BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/17 upstream (ToT) 96fca68c4fbf C [report] BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/01 upstream (ToT) cc8ed4d0a848 C Didn't crash
Similar bugs (12)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 general protection fault in lock_sock_nested 1 2324d 2324d 0/3 auto-closed as invalid on 2019/02/22 12:39
linux-4.14 general protection fault in lock_sock_nested 4 1142d 1360d 0/1 auto-closed as invalid on 2021/09/04 19:35
upstream general protection fault in lock_sock_nested bluetooth C done done 203 1d19h 286d 0/27 upstream: reported C repro on 2023/09/11 07:52
linux-6.1 general protection fault in lock_sock_nested 32 1d20h 70d 0/3 upstream: reported on 2024/04/14 08:46
upstream BUG: unable to handle kernel paging request in lock_sock_nested bluetooth 43 977d 1418d 0/27 auto-closed as invalid on 2022/02/16 22:16
linux-4.19 KASAN: wild-memory-access Write in lock_sock_nested 2 1242d 1311d 0/1 auto-closed as invalid on 2021/05/28 14:35
linux-4.19 KASAN: use-after-free Read in lock_sock_nested C 471 480d 1793d 0/1 upstream: reported C repro on 2019/07/26 21:27
linux-4.14 KASAN: use-after-free Read in lock_sock_nested C inconclusive 331 520d 1887d 0/1 upstream: reported C repro on 2019/04/24 06:28
upstream KASAN: use-after-free Read in lock_sock_nested hams C inconclusive done 1856 390d 1999d 0/27 auto-obsoleted due to no activity on 2023/08/23 09:06
linux-4.14 BUG: unable to handle kernel paging request in lock_sock_nested 4 1136d 1255d 0/1 auto-closed as invalid on 2021/09/11 11:51
upstream KASAN: slab-out-of-bounds Read in lock_sock_nested bluetooth syz unreliable done 23 972d 1412d 0/27 auto-obsoleted due to no activity on 2022/09/29 10:19
linux-4.19 KASAN: slab-out-of-bounds Read in lock_sock_nested 14 655d 1319d 0/1 auto-obsoleted due to no activity on 2023/01/05 15:59

Sample crash report:
Bluetooth: hci4: command 0x041b tx timeout
Unable to handle kernel paging request at virtual address dfff800000000024
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000024] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4092 Comm: kworker/0:7 Not tainted 5.15.161-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: events l2cap_info_timeout
pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __lock_acquire+0x104/0x7638 kernel/locking/lockdep.c:4882
lr : lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5623
sp : ffff80001d167480
x29: ffff80001d167720 x28: 1ffff0000292a069 x27: 0000000000000001
x26: ffff800010d45860 x25: ffff700003a2ceb4 x24: 0000000000000000
x23: 0000000000000000 x22: ffff0000c71e3680 x21: 0000000000000000
x20: 0000000000000000 x19: 0000000000000120 x18: ffff80001d167300
x17: 0000000000000000 x16: ffff80001199d294 x15: 0000000000000005
x14: ffff800016f8e500 x13: ffff80001d1675a0 x12: dfff800000000000
x11: ffff8000082f01e0 x10: ffff80001495034c x9 : 00000000000000f3
x8 : 0000000000000024 x7 : ffff800010d45860 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000120
Call trace:
 __lock_acquire+0x104/0x7638 kernel/locking/lockdep.c:4882
 lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5623
 lock_sock_nested+0xec/0x1ec net/core/sock.c:3250
 lock_sock include/net/sock.h:1668 [inline]
 l2cap_sock_ready_cb+0x4c/0x130 net/bluetooth/l2cap_sock.c:1649
 l2cap_chan_ready net/bluetooth/l2cap_core.c:1385 [inline]
 l2cap_conn_start+0x668/0xd28 net/bluetooth/l2cap_core.c:1643
 l2cap_info_timeout+0x68/0xb8 net/bluetooth/l2cap_core.c:1810
 process_one_work+0x790/0x11b8 kernel/workqueue.c:2310
 worker_thread+0x910/0x1034 kernel/workqueue.c:2457
 kthread+0x37c/0x45c kernel/kthread.c:334
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
Code: 90063808 b94ec108 34000208 d343fe68 (386c6908) 
---[ end trace f210e4d4b3466ec1 ]---
----------------
Code disassembly (best guess):
   0:	90063808 	adrp	x8, 0xc700000
   4:	b94ec108 	ldr	w8, [x8, #3776]
   8:	34000208 	cbz	w8, 0x48
   c:	d343fe68 	lsr	x8, x19, #3
* 10:	386c6908 	ldrb	w8, [x8, x12] <-- trapping instruction

Crashes (35):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/06/22 04:02 linux-5.15.y 4878aadf2d15 edc5149a .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/19 13:03 linux-5.15.y 4878aadf2d15 41b7e219 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/07 19:19 linux-5.15.y 284087d4f7d5 cb2dcc0e .config console log report syz [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/07 06:13 linux-5.15.y 284087d4f7d5 fa7a5cf0 .config console log report syz [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/25 00:20 linux-5.15.y c52b9710c83d 8bdc0f22 .config console log report syz [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/16 22:56 linux-5.15.y fa3df276cd36 18f6e127 .config console log report syz [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/11 06:43 linux-5.15.y 284087d4f7d5 f7c35481 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in lock_sock_nested
2024/04/21 14:35 linux-5.15.y c52b9710c83d af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in lock_sock_nested
2024/04/04 13:24 linux-5.15.y 9465fef4ae35 0ee3535e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in lock_sock_nested
2024/06/23 16:56 linux-5.15.y 4878aadf2d15 edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/22 07:19 linux-5.15.y 4878aadf2d15 edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/21 19:31 linux-5.15.y 4878aadf2d15 edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/19 05:08 linux-5.15.y 4878aadf2d15 41b7e219 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/18 03:49 linux-5.15.y 4878aadf2d15 ce6011bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/17 23:07 linux-5.15.y 4878aadf2d15 1f11cfd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/17 08:37 linux-5.15.y 4878aadf2d15 88722c0f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/06/15 14:54 linux-5.15.y c61bd26ae81a f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/21 23:09 linux-5.15.y 83655231580b 1014eca7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/15 09:12 linux-5.15.y 284087d4f7d5 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/11 06:59 linux-5.15.y 284087d4f7d5 f7c35481 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/10 01:40 linux-5.15.y 284087d4f7d5 de979bc2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/08 23:29 linux-5.15.y 284087d4f7d5 20bf80e1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/08 23:19 linux-5.15.y 284087d4f7d5 20bf80e1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/08 23:12 linux-5.15.y 284087d4f7d5 20bf80e1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/08 23:09 linux-5.15.y 284087d4f7d5 20bf80e1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/08 16:21 linux-5.15.y 284087d4f7d5 20bf80e1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/07 13:07 linux-5.15.y 284087d4f7d5 cb2dcc0e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/07 01:08 linux-5.15.y 284087d4f7d5 fa7a5cf0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/04 04:37 linux-5.15.y 284087d4f7d5 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/05/02 16:51 linux-5.15.y 284087d4f7d5 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/24 16:47 linux-5.15.y c52b9710c83d 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/23 12:11 linux-5.15.y c52b9710c83d 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/18 09:04 linux-5.15.y c52b9710c83d af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/17 12:03 linux-5.15.y c52b9710c83d 18f6e127 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
2024/04/16 16:40 linux-5.15.y fa3df276cd36 18f6e127 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in lock_sock_nested
* Struck through repros no longer work on HEAD.