BUG: unable to handle kernel paging request in lock_sock

BUG: unable to handle kernel paging request in lock_sock_nested
Status: upstream: reported on 2020/08/05 16:09
Reported-by: syzbot+3ea58ce4ad976e46ca65@syzkaller.appspotmail.com
First crash: 166d, last: 21d

similar bugs (1):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.14	BUG: unable to handle kernel paging request in lock_sock_nested				1	4d06h	4d06h	0/1	upstream: reported on 2021/01/15 05:46

Sample crash report:

BUG: unable to handle page fault for address: fffffbfff348f0d2
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 21ffe5067 P4D 21ffe5067 PUD 21ffe4067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 22122 Comm: kworker/1:5 Not tainted 5.8.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events l2cap_chan_timeout
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:91 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:108 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:134 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:165 [inline]
RIP: 0010:check_memory_region_inline mm/kasan/generic.c:183 [inline]
RIP: 0010:check_memory_region+0xdb/0x180 mm/kasan/generic.c:192
Code: 80 38 00 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 48 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 <80> 38 00 74 f2 eb d4 41 bc 08 00 00 00 48 89 ea 45 29 dc 4d 8d 1c
RSP: 0018:ffffc9000924f8c0 EFLAGS: 00010082
RAX: fffffbfff348f0d2 RBX: fffffbfff348f0d3 RCX: ffffffff815a1a7e
RDX: fffffbfff348f0d3 RSI: 0000000000000008 RDI: ffffffff9a478690
RBP: fffffbfff348f0d2 R08: 0000000000000000 R09: ffffffff9a478697
R10: fffffbfff348f0d2 R11: 00000000000a6438 R12: 0000000000000000
R13: ffff888054c7aa6a R14: ffff888054c7a0c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffbfff348f0d2 CR3: 000000009bb06000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 instrument_atomic_read include/linux/instrumented.h:56 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
 __lock_acquire+0xfbe/0x5640 kernel/locking/lockdep.c:4396
 lock_acquire+0x1f1/0xad0 kernel/locking/lockdep.c:5005
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
 _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:175
 spin_lock_bh include/linux/spinlock.h:359 [inline]
 lock_sock_nested+0x3b/0x110 net/core/sock.c:3048
 l2cap_sock_teardown_cb+0x88/0x400 net/bluetooth/l2cap_sock.c:1520
 l2cap_chan_del+0xad/0x1300 net/bluetooth/l2cap_core.c:618
 l2cap_chan_close+0x118/0xb10 net/bluetooth/l2cap_core.c:823
 l2cap_chan_timeout+0x173/0x450 net/bluetooth/l2cap_core.c:436
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Modules linked in:
CR2: fffffbfff348f0d2
---[ end trace 8ddba688fba5c678 ]---
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:91 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:108 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:134 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:165 [inline]
RIP: 0010:check_memory_region_inline mm/kasan/generic.c:183 [inline]
RIP: 0010:check_memory_region+0xdb/0x180 mm/kasan/generic.c:192
Code: 80 38 00 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 48 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 <80> 38 00 74 f2 eb d4 41 bc 08 00 00 00 48 89 ea 45 29 dc 4d 8d 1c
RSP: 0018:ffffc9000924f8c0 EFLAGS: 00010082
RAX: fffffbfff348f0d2 RBX: fffffbfff348f0d3 RCX: ffffffff815a1a7e
RDX: fffffbfff348f0d3 RSI: 0000000000000008 RDI: ffffffff9a478690
RBP: fffffbfff348f0d2 R08: 0000000000000000 R09: ffffffff9a478697
R10: fffffbfff348f0d2 R11: 00000000000a6438 R12: 0000000000000000
R13: ffff888054c7aa6a R14: ffff888054c7a0c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffbfff348f0d2 CR3: 000000009bb06000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (18):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Maintainers
ci-upstream-kasan-gce-root	2020/08/15 06:34	upstream	b923f124	424dd8e7	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-root	2020/08/13 00:08	upstream	fb893de3	bc15f7db	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-this-kasan-gce	2020/09/21 12:18	net	e1b81391	9e1fa68e	.config	log	report	info	davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-this-kasan-gce	2020/09/07 12:00	net	4ddcaf1e	abf9ba4f	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-this-kasan-gce	2020/08/16 11:22	net	4ca0d9ac	424dd8e7	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-this-kasan-gce	2020/08/16 04:04	net	4ca0d9ac	424dd8e7	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-this-kasan-gce	2020/08/05 15:20	net	ac3a0c84	b7129355	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-kasan-gce	2020/12/29 12:18	net-next	3db1a3fa	8259d56c	.config	log	report	info	davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, luiz.dentz@gmail.com, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-kasan-gce	2020/11/12 21:06	net-next	e545f865	77a55c8e	.config	log	report	info	davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-kasan-gce	2020/09/29 22:29	net-next	28009571	5abc3f1a	.config	log	report	info	davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-kasan-gce	2020/09/22 19:41	net-next	92ec804f	3e8f6c27	.config	log	report	info	davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-kasan-gce	2020/09/11 07:39	net-next	9984c0bb	adfb8b4e	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-kasan-gce	2020/09/02 07:41	net-next	dc1a9bf2	abf9ba4f	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-kasan-gce	2020/09/01 20:10	net-next	10eb4667	d5a3ae1f	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-kasan-gce	2020/08/16 22:40	net-next	7fca4dee	424dd8e7	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-kasan-gce	2020/08/16 10:50	net-next	7fca4dee	424dd8e7	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-kasan-gce	2020/08/09 21:21	net-next	bfdd5aaa	70301872	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-net-kasan-gce	2020/08/08 12:56	net-next	bfdd5aaa	ff51e522	.config	log	report		davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org