BUG: unable to handle kernel paging request in lock_sock

Title	Replies (including bot)	Last reply
BUG: unable to handle kernel paging request in lock_sock_nested	0 (1)	2020/08/05 16:09

Title

Replies (including bot)

Last reply

BUG: unable to handle kernel paging request in lock_sock_nested

0 (1)

2020/08/05 16:09

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	general protection fault in lock_sock_nested bluetooth	C	done	done	115	8h10m	239d	0/26	upstream: reported C repro on 2023/09/11 07:52
linux-5.15	general protection fault in lock_sock_nested origin:upstream	syz			14	2h28m	33d	0/3	upstream: reported syz repro on 2024/04/04 13:25
linux-4.14	BUG: unable to handle kernel paging request in lock_sock_nested				4	1089d	1208d	0/1	auto-closed as invalid on 2021/09/11 11:51
linux-4.19	KASAN: slab-out-of-bounds Read in lock_sock_nested				14	607d	1271d	0/1	auto-obsoleted due to no activity on 2023/01/05 15:59
linux-4.19	KASAN: wild-memory-access Write in lock_sock_nested				2	1195d	1263d	0/1	auto-closed as invalid on 2021/05/28 14:35
linux-4.14	general protection fault in lock_sock_nested				4	1095d	1313d	0/1	auto-closed as invalid on 2021/09/04 19:35
linux-4.19	KASAN: use-after-free Read in lock_sock_nested	C			471	433d	1746d	0/1	upstream: reported C repro on 2019/07/26 21:27
linux-4.14	KASAN: use-after-free Read in lock_sock_nested	C		inconclusive	331	473d	1840d	0/1	upstream: reported C repro on 2019/04/24 06:28
upstream	KASAN: use-after-free Read in lock_sock_nested hams	C	inconclusive	done	1856	343d	1952d	0/26	auto-obsoleted due to no activity on 2023/08/23 09:06
linux-6.1	general protection fault in lock_sock_nested				1	23d	23d	0/3	upstream: reported on 2024/04/14 08:46
upstream	KASAN: slab-out-of-bounds Read in lock_sock_nested bluetooth	syz	unreliable	done	23	925d	1364d	0/26	auto-obsoleted due to no activity on 2022/09/29 10:19
upstream	KASAN: global-out-of-bounds Read in lock_sock_nested bluetooth				2	1312d	1253d	0/26	auto-closed as invalid on 2021/01/31 05:04

BUG: unable to handle page fault for address: fffffbfff34f1c2f #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 23ffe5067 P4D 23ffe5067 PUD 23ffe4067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 26284 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:85 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP: 0010:kasan_check_range+0xdb/0x180 mm/kasan/generic.c:189 Code: 80 38 00 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 48 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 <80> 38 00 74 f2 eb d4 41 bc 08 00 00 00 48 89 ea 45 29 dc 4d 8d 1c RSP: 0018:ffffc9000f22f5f8 EFLAGS: 00010096 RAX: fffffbfff34f1c2f RBX: fffffbfff34f1c30 RCX: ffffffff815b0e9a RDX: fffffbfff34f1c30 RSI: 0000000000000008 RDI: ffffffff9a78e178 RBP: fffffbfff34f1c2f R08: 0000000000000000 R09: ffffffff9a78e17f R10: fffffbfff34f1c2f R11: 0000000000000016 R12: ffff88803ed80ac0 R13: ffff88803ed80000 R14: ffff88803ed809f8 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffbfff34f1c2f CR3: 000000002487b000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: instrument_atomic_read include/linux/instrumented.h:71 [inline] test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline] __lock_acquire+0x101a/0x54a0 kernel/locking/lockdep.c:4985 lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:368 [inline] lock_sock_nested+0x40/0x120 net/core/sock.c:3183 l2cap_sock_teardown_cb+0xa1/0x660 net/bluetooth/l2cap_sock.c:1528 l2cap_chan_del+0xbc/0xa80 net/bluetooth/l2cap_core.c:622 l2cap_conn_del+0x3c0/0x7b0 net/bluetooth/l2cap_core.c:1898 l2cap_disconn_cfm net/bluetooth/l2cap_core.c:8177 [inline] l2cap_disconn_cfm+0x95/0xd0 net/bluetooth/l2cap_core.c:8170 hci_disconn_cfm include/net/bluetooth/hci_core.h:1518 [inline] hci_conn_hash_flush+0x127/0x260 net/bluetooth/hci_conn.c:1608 hci_dev_do_close+0x57d/0x1130 net/bluetooth/hci_core.c:1793 hci_unregister_dev+0x1c0/0x5a0 net/bluetooth/hci_core.c:4029 vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:340 __fput+0x288/0x9f0 fs/file_table.c:280 task_work_run+0xdd/0x1a0 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:32 [inline] do_exit+0xbae/0x2a30 kernel/exit.c:825 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x47f/0x2160 kernel/signal.c:2868 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f01057e9739 Code: Unable to access opcode bytes at RIP 0x7f01057e970f. RSP: 002b:00007f0102d60218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f01058edf88 RCX: 00007f01057e9739 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f01058edf88 RBP: 00007f01058edf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01058edf8c R13: 00007ffc53a835ef R14: 00007f0102d60300 R15: 0000000000022000 Modules linked in: CR2: fffffbfff34f1c2f ---[ end trace 23f79cf7a13a9fe2 ]--- RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:85 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP: 0010:kasan_check_range+0xdb/0x180 mm/kasan/generic.c:189 Code: 80 38 00 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 48 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 <80> 38 00 74 f2 eb d4 41 bc 08 00 00 00 48 89 ea 45 29 dc 4d 8d 1c RSP: 0018:ffffc9000f22f5f8 EFLAGS: 00010096 RAX: fffffbfff34f1c2f RBX: fffffbfff34f1c30 RCX: ffffffff815b0e9a RDX: fffffbfff34f1c30 RSI: 0000000000000008 RDI: ffffffff9a78e178 RBP: fffffbfff34f1c2f R08: 0000000000000000 R09: ffffffff9a78e17f R10: fffffbfff34f1c2f R11: 0000000000000016 R12: ffff88803ed80ac0 R13: ffff88803ed80000 R14: ffff88803ed809f8 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffbfff34f1c2f CR3: 000000002487b000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 ---------------- Code disassembly (best guess): 0: 80 38 00 cmpb $0x0,(%rax) 3: 74 f2 je 0xfffffff7 5: 48 89 c2 mov %rax,%rdx 8: b8 01 00 00 00 mov $0x1,%eax d: 48 85 d2 test %rdx,%rdx 10: 75 56 jne 0x68 12: 5b pop %rbx 13: 5d pop %rbp 14: 41 5c pop %r12 16: c3 retq 17: 48 85 d2 test %rdx,%rdx 1a: 74 5e je 0x7a 1c: 48 01 ea add %rbp,%rdx 1f: eb 09 jmp 0x2a 21: 48 83 c0 01 add $0x1,%rax 25: 48 39 d0 cmp %rdx,%rax 28: 74 50 je 0x7a * 2a: 80 38 00 cmpb $0x0,(%rax) <-- trapping instruction 2d: 74 f2 je 0x21 2f: eb d4 jmp 0x5 31: 41 bc 08 00 00 00 mov $0x8,%r12d 37: 48 89 ea mov %rbp,%rdx 3a: 45 29 dc sub %r11d,%r12d 3d: 4d rex.WRB 3e: 8d .byte 0x8d 3f: 1c .byte 0x1c

Crashes (43):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Manager	Title
2021/09/18 11:20	upstream	4357f03d6611	70b76c1d	.config	console log	report	info	ci-upstream-kasan-gce-root	BUG: unable to handle kernel paging request in lock_sock_nested
2021/05/02 01:17	upstream	d2b6f8a17919	77e2b668	.config	console log	report	info	ci-upstream-kasan-gce-root	BUG: unable to handle kernel paging request in lock_sock_nested
2021/04/20 22:24	upstream	7af08140979a	c0ced557	.config	console log	report	info	ci-upstream-kasan-gce-smack-root	BUG: unable to handle kernel paging request in lock_sock_nested
2021/01/31 14:19	upstream	6642d600b541	fc9fd31e	.config	console log	report	info	ci-upstream-kasan-gce-selinux-root	BUG: unable to handle kernel paging request in lock_sock_nested
2021/03/02 23:08	upstream	7a7fd0de4a98	e5b64d68	.config	console log	report	info	ci-qemu-upstream-386	BUG: unable to handle kernel paging request in lock_sock_nested
2021/01/30 09:10	upstream	0e9bcda5d286	fc9fd31e	.config	console log	report	info	ci-qemu-upstream-386	BUG: unable to handle kernel paging request in lock_sock_nested
2021/10/19 22:15	net-old	04ee2752a5a9	466b7db1	.config	console log	report	info	ci-upstream-net-this-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/10/12 02:11	net-old	732b74d64704	838e7e2c	.config	console log	report	info	ci-upstream-net-this-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/04/30 17:56	net-old	bbd6f0a94813	77e2b668	.config	console log	report	info	ci-upstream-net-this-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/03/07 13:28	net-old	9270bbe258c8	75506d9c	.config	console log	report	info	ci-upstream-net-this-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/03/01 20:30	net-old	447621e373bd	183afb6c	.config	console log	report	info	ci-upstream-net-this-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/09/17 00:17	net-next-old	52583c8d8b12	aae492f2	.config	console log	report	info	ci-upstream-net-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/06/07 00:47	net-next-old	1a42624aecba	500c2339	.config	console log	report	info	ci-upstream-net-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/05/15 20:41	net-next-old	77091933e453	93f844de	.config	console log	report	info	ci-upstream-net-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/04/04 16:39	net-next-old	428e68e1a85a	6a81331a	.config	console log	report	info	ci-upstream-net-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/04/03 01:11	net-next-old	bd78980be1a6	6a81331a	.config	console log	report	info	ci-upstream-net-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/04/02 13:58	net-next-old	bd78980be1a6	6a81331a	.config	console log	report	info	ci-upstream-net-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/03/22 17:04	net-next-old	a1e6f641e307	bea32f74	.config	console log	report	info	ci-upstream-net-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/02/19 21:29	net-next-old	38b5133ad607	f689d40a	.config	console log	report	info	ci-upstream-net-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/02/04 04:47	net-next-old	32d1bbb1d609	624dad51	.config	console log	report	info	ci-upstream-net-kasan-gce	BUG: unable to handle kernel paging request in lock_sock_nested
2021/01/27 23:32	linux-next	bc085f8fc88f	eefc07f2	.config	console log	report	info	ci-upstream-linux-next-kasan-gce-root	BUG: unable to handle kernel paging request in lock_sock_nested
2021/08/02 13:35	upstream	c500bee1c5b2	6c236867	.config	console log	report	info	ci-upstream-kasan-gce-smack-root	KASAN: global-out-of-bounds Read in lock_sock_nested
2021/07/13 23:42	upstream	40226a3d96ef	fa0594c3	.config	console log	report	info	ci-upstream-kasan-gce-smack-root	UBSAN: array-index-out-of-bounds in lock_sock_nested
2021/07/06 13:25	upstream	3dbdb38e2869	6c4484eb	.config	console log	report	info	ci-upstream-kasan-gce-selinux-root	UBSAN: array-index-out-of-bounds in lock_sock_nested
2020/08/15 06:34	upstream	b923f1247b72	424dd8e7	.config	console log	report		ci-upstream-kasan-gce-root
2020/08/13 00:08	upstream	fb893de323e2	bc15f7db	.config	console log	report		ci-upstream-kasan-gce-root
2020/09/21 12:18	net-old	e1b81391421b	9e1fa68e	.config	console log	report	info	ci-upstream-net-this-kasan-gce
2020/09/07 12:00	net-old	4ddcaf1ebb5e	abf9ba4f	.config	console log	report		ci-upstream-net-this-kasan-gce
2020/08/16 11:22	net-old	4ca0d9ac3fd8	424dd8e7	.config	console log	report		ci-upstream-net-this-kasan-gce
2020/08/16 04:04	net-old	4ca0d9ac3fd8	424dd8e7	.config	console log	report		ci-upstream-net-this-kasan-gce
2020/08/05 15:20	net-old	ac3a0c847296	b7129355	.config	console log	report		ci-upstream-net-this-kasan-gce
2020/12/29 12:18	net-next-old	3db1a3fa9880	8259d56c	.config	console log	report	info	ci-upstream-net-kasan-gce
2020/11/12 21:06	net-next-old	e545f8657393	77a55c8e	.config	console log	report	info	ci-upstream-net-kasan-gce
2020/09/29 22:29	net-next-old	280095713ce2	5abc3f1a	.config	console log	report	info	ci-upstream-net-kasan-gce
2020/09/22 19:41	net-next-old	92ec804f3dbf	3e8f6c27	.config	console log	report	info	ci-upstream-net-kasan-gce
2020/09/11 07:39	net-next-old	9984c0bb22dc	adfb8b4e	.config	console log	report		ci-upstream-net-kasan-gce
2020/09/02 07:41	net-next-old	dc1a9bf2c816	abf9ba4f	.config	console log	report		ci-upstream-net-kasan-gce
2020/09/01 20:10	net-next-old	10eb46679460	d5a3ae1f	.config	console log	report		ci-upstream-net-kasan-gce
2020/08/16 22:40	net-next-old	7fca4dee610d	424dd8e7	.config	console log	report		ci-upstream-net-kasan-gce
2020/08/16 10:50	net-next-old	7fca4dee610d	424dd8e7	.config	console log	report		ci-upstream-net-kasan-gce
2020/08/09 21:21	net-next-old	bfdd5aaa54b0	70301872	.config	console log	report		ci-upstream-net-kasan-gce
2020/08/08 12:56	net-next-old	bfdd5aaa54b0	ff51e522	.config	console log	report		ci-upstream-net-kasan-gce
2021/03/21 03:51	https://github.com/google/kmsan.git master	29ad81a1074a	17810eae	.config	console log	report	info	ci-upstream-kmsan-gce-386	KMSAN: uninit-value in lock_sock_nested

Crashes (43):

Assets (help?)

2021/09/18 11:20

upstream