syzbot

 sign-in | mailing list | source | docs
🐞 Open [437]
🐞 Fixed [20]
🐞 Invalid [111]
Missing Backports [16]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in lock_sock_nested

Status: upstream: reported C repro on 2025/06/19 04:51
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+aeda1232b2d36276f64e@syzkaller.appspotmail.com
First crash: 196d, last: 7d18h
Bug presence (1)
Date Name Commit Repro Result
2025/10/17 upstream (ToT) 98ac9cc4b445 C [report] general protection fault in lock_sock_nested
Similar bugs (17)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 general protection fault in lock_sock_nested 2 1 2882d 2882d 0/3 auto-closed as invalid on 2019/02/22 12:39
linux-4.14 general protection fault in lock_sock_nested 2 4 1700d 1918d 0/1 auto-closed as invalid on 2021/09/04 19:35
upstream general protection fault in lock_sock_nested bluetooth 19 C done done 4022 1h25m 843d 0/29 upstream: reported C repro on 2023/09/11 07:52
linux-5.15 general protection fault in lock_sock_nested missing-backport origin:upstream 8 C error 153 6d11h 637d 0/3 upstream: reported C repro on 2024/04/04 13:25
linux-6.1 general protection fault in lock_sock_nested origin:upstream missing-backport 19 C inconclusive 208 2d21h 627d 0/3 upstream: reported C repro on 2024/04/14 08:46
upstream BUG: unable to handle kernel paging request in lock_sock_nested bluetooth 17 43 1535d 1975d 0/29 auto-closed as invalid on 2022/02/16 22:16
linux-4.19 KASAN: wild-memory-access Write in lock_sock_nested 23 2 1799d 1868d 0/1 auto-closed as invalid on 2021/05/28 14:35
linux-6.1 BUG: sleeping function called from invalid context in lock_sock_nested (2) origin:upstream missing-backport 24 C inconclusive 9 3d21h 313d 0/3 upstream: reported C repro on 2025/02/23 00:56
linux-4.19 KASAN: use-after-free Read in lock_sock_nested 23 C 471 1038d 2351d 0/1 upstream: reported C repro on 2019/07/26 21:27
linux-4.14 KASAN: use-after-free Read in lock_sock_nested 19 C inconclusive 331 1078d 2444d 0/1 upstream: reported C repro on 2019/04/24 06:28
upstream KASAN: use-after-free Read in lock_sock_nested hams 19 C inconclusive done 1856 947d 2556d 0/29 auto-obsoleted due to no activity on 2023/08/23 09:06
linux-6.1 BUG: sleeping function called from invalid context in lock_sock_nested 5 7 530d 551d 0/3 auto-obsoleted due to no activity on 2024/10/28 05:57
linux-4.14 BUG: unable to handle kernel paging request in lock_sock_nested 8 4 1693d 1812d 0/1 auto-closed as invalid on 2021/09/11 11:51
upstream KASAN: slab-out-of-bounds Read in lock_sock_nested bluetooth 17 syz unreliable done 23 1529d 1969d 0/29 auto-obsoleted due to no activity on 2022/09/29 10:19
linux-4.19 KASAN: slab-out-of-bounds Read in lock_sock_nested 23 14 1212d 1876d 0/1 auto-obsoleted due to no activity on 2023/01/05 15:59
upstream BUG: sleeping function called from invalid context in lock_sock_nested (3) net bluetooth 19 C inconclusive error 153 120d 598d 0/29 auto-obsoleted due to no activity on 2025/11/12 14:25
linux-5.15 BUG: sleeping function called from invalid context in lock_sock_nested missing-backport origin:lts-only 19 C done 25 12d 551d 0/3 upstream: reported C repro on 2024/06/29 07:50
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2025/12/02 14:46 1h49m bisect fix linux-6.6.y OK (0) job log log

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000026: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000130-0x0000000000000137]
CPU: 0 PID: 5954 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:__lock_acquire+0xeb/0x7c80 kernel/locking/lockdep.c:5005
Code: 85 dc 66 00 00 83 3d 2f c0 e3 0c 00 48 89 9c 24 f0 00 00 00 0f 84 11 10 00 00 83 3d fe d5 58 0b 00 74 36 48 89 f8 48 c1 e8 03 <42> 80 3c 00 00 74 1f 48 8b bc 24 88 00 00 00 e8 b1 e9 75 00 48 8b
RSP: 0018:ffffc900045bf4c0 EFLAGS: 00010002
RAX: 0000000000000026 RBX: 1ffff920008b7ebc RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000130
RBP: ffffc900045bf708 R08: dffffc0000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1c950ae R12: 0000000000000001
R13: 0000000000000000 R14: ffff88802b850000 R15: 0000000000000000
FS:  000055555dc4d500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000000002c0 CR3: 0000000076ade000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
 lock_sock_nested+0x48/0x100 net/core/sock.c:3532
 lock_sock include/net/sock.h:1767 [inline]
 rose_kill_by_device net/rose/af_rose.c:210 [inline]
 rose_device_event+0x36a/0x670 net/rose/af_rose.c:244
 notifier_call_chain+0x197/0x390 kernel/notifier.c:93
 call_netdevice_notifiers_extack net/core/dev.c:2064 [inline]
 call_netdevice_notifiers net/core/dev.c:2078 [inline]
 __dev_notify_flags+0x18e/0x2e0 net/core/dev.c:-1
 dev_change_flags+0xe8/0x1a0 net/core/dev.c:8762
 dev_ifsioc+0x6a7/0xe20 net/core/dev_ioctl.c:529
 dev_ioctl+0x7e2/0x1170 net/core/dev_ioctl.c:786
 sock_do_ioctl+0x226/0x2f0 net/socket.c:1236
 sock_ioctl+0x623/0x7a0 net/socket.c:1341
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f5bb458eec9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcab3f9938 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f5bb47e5fa0 RCX: 00007f5bb458eec9
RDX: 0000200000000300 RSI: 0000000000008914 RDI: 0000000000000004
RBP: 00007f5bb4611f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5bb47e5fa0 R14: 00007f5bb47e5fa0 R15: 0000000000000003
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0xeb/0x7c80 kernel/locking/lockdep.c:5005
Code: 85 dc 66 00 00 83 3d 2f c0 e3 0c 00 48 89 9c 24 f0 00 00 00 0f 84 11 10 00 00 83 3d fe d5 58 0b 00 74 36 48 89 f8 48 c1 e8 03 <42> 80 3c 00 00 74 1f 48 8b bc 24 88 00 00 00 e8 b1 e9 75 00 48 8b
RSP: 0018:ffffc900045bf4c0 EFLAGS: 00010002
RAX: 0000000000000026 RBX: 1ffff920008b7ebc RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000130
RBP: ffffc900045bf708 R08: dffffc0000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1c950ae R12: 0000000000000001
R13: 0000000000000000 R14: ffff88802b850000 R15: 0000000000000000
FS:  000055555dc4d500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000000002c0 CR3: 0000000076ade000 CR4: 00000000003506f0
----------------
Code disassembly (best guess):
   0:	85 dc                	test   %ebx,%esp
   2:	66 00 00             	data16 add %al,(%rax)
   5:	83 3d 2f c0 e3 0c 00 	cmpl   $0x0,0xce3c02f(%rip)        # 0xce3c03b
   c:	48 89 9c 24 f0 00 00 	mov    %rbx,0xf0(%rsp)
  13:	00
  14:	0f 84 11 10 00 00    	je     0x102b
  1a:	83 3d fe d5 58 0b 00 	cmpl   $0x0,0xb58d5fe(%rip)        # 0xb58d61f
  21:	74 36                	je     0x59
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 00 00       	cmpb   $0x0,(%rax,%r8,1) <-- trapping instruction
  2f:	74 1f                	je     0x50
  31:	48 8b bc 24 88 00 00 	mov    0x88(%rsp),%rdi
  38:	00
  39:	e8 b1 e9 75 00       	call   0x75e9ef
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b

Crashes (29):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/16 22:27 linux-6.6.y 0bbbd97a442d 19568248 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/12/25 09:11 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/12/08 15:24 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/11/01 06:22 linux-6.6.y e5bbb12db2c7 2c50b6a9 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/09/09 07:15 linux-6.6.y 355bd0b51d2f d291dd2d .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/09/07 01:34 linux-6.6.y 355bd0b51d2f d291dd2d .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/08/28 12:12 linux-6.6.y bb9c90ab9c5a e12e5ba4 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/08/28 08:16 linux-6.6.y bb9c90ab9c5a e12e5ba4 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/08/28 04:34 linux-6.6.y bb9c90ab9c5a e12e5ba4 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/08/28 00:41 linux-6.6.y bb9c90ab9c5a e12e5ba4 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/08/27 20:29 linux-6.6.y bb9c90ab9c5a e12e5ba4 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/08/27 16:40 linux-6.6.y bb9c90ab9c5a e12e5ba4 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/08/27 12:19 linux-6.6.y bb9c90ab9c5a e12e5ba4 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/12/09 14:40 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/12/05 07:30 linux-6.6.y 4791134e4aeb d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/12/03 17:57 linux-6.6.y 4791134e4aeb d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/10/21 14:29 linux-6.6.y f231f248323d 9832ed61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/10/20 21:57 linux-6.6.y f231f248323d d422939c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/10/09 23:15 linux-6.6.y e617101e5626 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/10/07 09:24 linux-6.6.y e617101e5626 8ef35d49 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/09/02 12:16 linux-6.6.y cc1a1c5b404a 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/09/02 06:09 linux-6.6.y cc1a1c5b404a 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/07/24 00:53 linux-6.6.y d96eb99e2f0e 0c1d6ded .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/07/23 15:26 linux-6.6.y d96eb99e2f0e e1dd4f22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/07/09 12:18 linux-6.6.y a5df3a702b2c f4e5e155 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/06/30 15:17 linux-6.6.y 3f5b4c104b7d fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/06/19 11:03 linux-6.6.y c2603c511feb ed3e87f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/06/19 04:51 linux-6.6.y c2603c511feb ed3e87f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
2025/06/19 04:50 linux-6.6.y c2603c511feb ed3e87f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan general protection fault in lock_sock_nested
* Struck through repros no longer work on HEAD.