BUG: sleeping function called from invalid context in lock_sock

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	BUG: sleeping function called from invalid context in lock_sock_nested (2)	C		done	3909	1196d	1289d	1/1	fixed on 2021/10/12 13:38
upstream	BUG: sleeping function called from invalid context in lock_sock_nested (2) bluetooth	C	done	error	19391	1228d	1763d	20/28	fixed on 2021/11/10 13:22
linux-4.14	BUG: sleeping function called from invalid context in lock_sock_nested				1	1999d	1998d	0/1	auto-closed as invalid on 2019/10/30 11:24
linux-4.14	BUG: sleeping function called from invalid context in lock_sock_nested (2)	syz		done	1	1783d	1843d	1/1	fixed on 2020/03/04 10:17
linux-4.19	BUG: sleeping function called from invalid context in lock_sock_nested	syz		done	1	1813d	1843d	1/1	fixed on 2020/02/05 13:33
upstream	BUG: sleeping function called from invalid context in lock_sock_nested bpf net	C			1232	1767d	1843d	15/28	fixed on 2020/02/18 14:31
linux-4.14	BUG: sleeping function called from invalid context in lock_sock_nested (3)	syz		error	144	783d	1289d	0/1	upstream: reported syz repro on 2021/06/10 20:33
upstream	BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth	C	inconclusive		90	4h46m	221d	0/28	upstream: reported C repro on 2024/05/13 12:58
linux-5.15	BUG: sleeping function called from invalid context in lock_sock_nested origin:upstream missing-backport	C		error	22	62d	175d	0/3	upstream: reported C repro on 2024/06/29 07:50
upstream	BUG: unable to handle kernel paging request in lock_sock_nested bluetooth				43	1158d	1598d	0/28	auto-closed as invalid on 2022/02/16 22:16
linux-4.19	KASAN: wild-memory-access Write in lock_sock_nested				2	1422d	1491d	0/1	auto-closed as invalid on 2021/05/28 14:35
linux-4.14	general protection fault in lock_sock_nested				4	1323d	1541d	0/1	auto-closed as invalid on 2021/09/04 19:35
linux-4.19	KASAN: use-after-free Read in lock_sock_nested	C			471	661d	1974d	0/1	upstream: reported C repro on 2019/07/26 21:27
linux-4.14	KASAN: use-after-free Read in lock_sock_nested	C		inconclusive	331	701d	2068d	0/1	upstream: reported C repro on 2019/04/24 06:28
upstream	KASAN: use-after-free Read in lock_sock_nested hams	C	inconclusive	done	1856	570d	2180d	0/28	auto-obsoleted due to no activity on 2023/08/23 09:06
upstream	general protection fault in lock_sock_nested bluetooth	C	done	done	601	1h12m	467d	0/28	upstream: reported C repro on 2023/09/11 07:52
linux-5.15	general protection fault in lock_sock_nested origin:upstream missing-backport	syz		error	48	8d17h	260d	0/3	upstream: reported syz repro on 2024/04/04 13:25
linux-4.14	BUG: unable to handle kernel paging request in lock_sock_nested				4	1317d	1436d	0/1	auto-closed as invalid on 2021/09/11 11:51
linux-6.1	general protection fault in lock_sock_nested origin:upstream	syz			75	3d12h	251d	0/3	upstream: reported syz repro on 2024/04/14 08:46
upstream	KASAN: slab-out-of-bounds Read in lock_sock_nested bluetooth	syz	unreliable	done	23	1153d	1592d	0/28	auto-obsoleted due to no activity on 2022/09/29 10:19
linux-4.19	KASAN: slab-out-of-bounds Read in lock_sock_nested				14	835d	1499d	0/1	auto-obsoleted due to no activity on 2023/01/05 15:59

BUG: sleeping function called from invalid context at net/core/sock.c:3487 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 47, name: kworker/u5:0 preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 6 locks held by kworker/u5:0/47: #0: ffff88807ad90138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc90000b87d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffff888073d94078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0xaa/0xac0 net/bluetooth/hci_event.c:5021 #3: ffffffff8e3f0f48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1790 [inline] #3: ffffffff8e3f0f48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x4d5/0xac0 net/bluetooth/hci_event.c:5107 #4: ffff8880213a1420 (&conn->lock#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #4: ffff8880213a1420 (&conn->lock#2){+.+.}-{2:2}, at: sco_conn_ready net/bluetooth/sco.c:1278 [inline] #4: ffff8880213a1420 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x279/0xb10 net/bluetooth/sco.c:1363 #5: ffff88806005e130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1748 [inline] #5: ffff88806005e130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_ready net/bluetooth/sco.c:1291 [inline] #5: ffff88806005e130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x450/0xb10 net/bluetooth/sco.c:1363 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 PID: 47 Comm: kworker/u5:0 Not tainted 6.1.100-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 Workqueue: hci0 hci_rx_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 __might_resched+0x5cb/0x780 kernel/sched/core.c:9945 lock_sock_nested+0x59/0x100 net/core/sock.c:3487 lock_sock include/net/sock.h:1748 [inline] sco_conn_ready net/bluetooth/sco.c:1291 [inline] sco_connect_cfm+0x450/0xb10 net/bluetooth/sco.c:1363 hci_connect_cfm include/net/bluetooth/hci_core.h:1793 [inline] hci_sync_conn_complete_evt+0x54b/0xac0 net/bluetooth/hci_event.c:5107 hci_event_func net/bluetooth/hci_event.c:7539 [inline] hci_event_packet+0xa9d/0x1510 net/bluetooth/hci_event.c:7591 hci_rx_work+0x3cd/0xce0 net/bluetooth/hci_core.c:4129 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK>

Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2024/07/20 05:56	linux-6.1.y	9b3f9a5b12dc	890ce4f3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 05:56	linux-6.1.y	9b3f9a5b12dc	890ce4f3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 05:54	linux-6.1.y	9b3f9a5b12dc	890ce4f3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 05:54	linux-6.1.y	9b3f9a5b12dc	890ce4f3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 05:53	linux-6.1.y	9b3f9a5b12dc	890ce4f3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 03:11	linux-6.1.y	9b3f9a5b12dc	890ce4f3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in lock_sock_nested
2024/06/29 07:54	linux-6.1.y	99e6a620de00	757f06b1	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in lock_sock_nested