KASAN: wild-memory-access Write in lock_sock

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	BUG: unable to handle kernel paging request in lock_sock_nested bluetooth	17				43	1431d	1871d	0/29	auto-closed as invalid on 2022/02/16 22:16
linux-4.14	general protection fault in lock_sock_nested	2				4	1596d	1814d	0/1	auto-closed as invalid on 2021/09/04 19:35
linux-6.1	BUG: sleeping function called from invalid context in lock_sock_nested (2) origin:upstream missing-backport	24	C		error	7	31d	208d	0/3	upstream: reported C repro on 2025/02/23 00:56
linux-4.19	KASAN: use-after-free Read in lock_sock_nested	23	C			471	933d	2247d	0/1	upstream: reported C repro on 2019/07/26 21:27
linux-4.14	KASAN: use-after-free Read in lock_sock_nested	19	C		inconclusive	331	974d	2340d	0/1	upstream: reported C repro on 2019/04/24 06:28
upstream	KASAN: use-after-free Read in lock_sock_nested hams	19	C	inconclusive	done	1856	843d	2452d	0/29	auto-obsoleted due to no activity on 2023/08/23 09:06
upstream	general protection fault in lock_sock_nested bluetooth	19	C	done	done	3382	1h33m	739d	0/29	upstream: reported C repro on 2023/09/11 07:52
linux-5.15	general protection fault in lock_sock_nested missing-backport origin:upstream	8	C		error	142	15h05m	533d	0/3	upstream: reported C repro on 2024/04/04 13:25
linux-6.1	BUG: sleeping function called from invalid context in lock_sock_nested	5				7	426d	447d	0/3	auto-obsoleted due to no activity on 2024/10/28 05:57
linux-4.14	BUG: unable to handle kernel paging request in lock_sock_nested	8				4	1589d	1708d	0/1	auto-closed as invalid on 2021/09/11 11:51
linux-6.1	general protection fault in lock_sock_nested origin:upstream missing-backport	19	C			161	2d16h	523d	0/3	upstream: reported C repro on 2024/04/14 08:46
upstream	KASAN: slab-out-of-bounds Read in lock_sock_nested bluetooth	17	syz	unreliable	done	23	1425d	1865d	0/29	auto-obsoleted due to no activity on 2022/09/29 10:19
linux-4.19	KASAN: slab-out-of-bounds Read in lock_sock_nested	23				14	1108d	1772d	0/1	auto-obsoleted due to no activity on 2023/01/05 15:59
linux-6.6	general protection fault in lock_sock_nested origin:upstream	2	syz			18	10d	92d	0/2	upstream: reported syz repro on 2025/06/19 04:51
upstream	BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth	19	C	inconclusive	error	153	16d	494d	0/29	upstream: reported C repro on 2024/05/13 12:58
linux-5.15	BUG: sleeping function called from invalid context in lock_sock_nested missing-backport origin:upstream	19	C		error	23	31d	447d	0/3	upstream: reported C repro on 2024/06/29 07:50

orangefs_mount: mount request failed with -4 orangefs_mount: mount request failed with -4 ================================================================== BUG: KASAN: wild-memory-access in atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline] BUG: KASAN: wild-memory-access in __lock_acquire+0x251/0x3ff0 kernel/locking/lockdep.c:3307 Write of size 4 at addr 2d47963e1441980b by task syz-executor.1/15377 CPU: 1 PID: 15377 Comm: syz-executor.1 Not tainted 4.19.171-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 kasan_report_error.cold+0x15b/0x1b9 mm/kasan/report.c:352 kasan_report+0x8f/0xa0 mm/kasan/report.c:412 atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline] __lock_acquire+0x251/0x3ff0 kernel/locking/lockdep.c:3307 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] lock_sock_nested+0x3b/0x110 net/core/sock.c:2864 l2cap_sock_teardown_cb+0xa0/0x6d0 net/bluetooth/l2cap_sock.c:1340 l2cap_chan_del+0xbc/0xa50 net/bluetooth/l2cap_core.c:599 l2cap_conn_del+0x3a6/0x6e0 net/bluetooth/l2cap_core.c:1729 l2cap_disconn_cfm net/bluetooth/l2cap_core.c:7441 [inline] l2cap_disconn_cfm+0x98/0xd0 net/bluetooth/l2cap_core.c:7434 hci_disconn_cfm include/net/bluetooth/hci_core.h:1261 [inline] hci_conn_hash_flush+0x127/0x260 net/bluetooth/hci_conn.c:1512 hci_dev_do_close+0x659/0xf10 net/bluetooth/hci_core.c:1666 hci_unregister_dev+0x18b/0x910 net/bluetooth/hci_core.c:3271 vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xbed/0x2be0 kernel/exit.c:890 do_group_exit+0x125/0x310 kernel/exit.c:993 __do_sys_exit_group kernel/exit.c:1004 [inline] __se_sys_exit_group kernel/exit.c:1002 [inline] __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:1002 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45e219 Code: Bad RIP value. RSP: 002b:00007ffd78135838 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045e219 RDX: 0000000000417ab1 RSI: 00000000016b9df0 RDI: 0000000000000043 RBP: 00000000004c3d3e R08: 000000000000000b R09: 0000000000000000 R10: 00000000032b7940 R11: 0000000000000246 R12: 0000000000000722 R13: 0000000000000008 R14: 0000000000000032 R15: 00000000000bb610 ==================================================================

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2021/01/28 14:34	linux-4.19.y	c4ff839de17f	eefc07f2	.config	console log	report			info		ci2-linux-4-19	KASAN: wild-memory-access Write in lock_sock_nested
2020/11/20 18:06	linux-4.19.y	2c746135a12e	68068804	.config	console log	report			info		ci2-linux-4-19

Crashes (2):

Assets (help?)