syzbot


BUG: sleeping function called from invalid context in lock_sock_nested

Status: auto-obsoleted due to no activity on 2024/10/28 05:57
Reported-by: syzbot+97ef0e9e9cc294e72434@syzkaller.appspotmail.com
First crash: 158d, last: 137d
Similar bugs (21)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 BUG: sleeping function called from invalid context in lock_sock_nested (2) C done 3909 1179d 1273d 1/1 fixed on 2021/10/12 13:38
upstream BUG: sleeping function called from invalid context in lock_sock_nested (2) bluetooth C done error 19391 1211d 1746d 20/28 fixed on 2021/11/10 13:22
linux-4.14 BUG: sleeping function called from invalid context in lock_sock_nested 1 1982d 1982d 0/1 auto-closed as invalid on 2019/10/30 11:24
linux-4.14 BUG: sleeping function called from invalid context in lock_sock_nested (2) syz done 1 1766d 1826d 1/1 fixed on 2020/03/04 10:17
linux-4.19 BUG: sleeping function called from invalid context in lock_sock_nested syz done 1 1796d 1826d 1/1 fixed on 2020/02/05 13:33
upstream BUG: sleeping function called from invalid context in lock_sock_nested bpf net C 1232 1751d 1826d 15/28 fixed on 2020/02/18 14:31
linux-4.14 BUG: sleeping function called from invalid context in lock_sock_nested (3) syz error 144 767d 1272d 0/1 upstream: reported syz repro on 2021/06/10 20:33
upstream BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth C inconclusive 82 1d19h 205d 0/28 upstream: reported C repro on 2024/05/13 12:58
linux-5.15 BUG: sleeping function called from invalid context in lock_sock_nested origin:upstream missing-backport C error 22 45d 158d 0/3 upstream: reported C repro on 2024/06/29 07:50
upstream BUG: unable to handle kernel paging request in lock_sock_nested bluetooth 43 1141d 1581d 0/28 auto-closed as invalid on 2022/02/16 22:16
linux-4.19 KASAN: wild-memory-access Write in lock_sock_nested 2 1405d 1474d 0/1 auto-closed as invalid on 2021/05/28 14:35
linux-4.14 general protection fault in lock_sock_nested 4 1306d 1524d 0/1 auto-closed as invalid on 2021/09/04 19:35
linux-4.19 KASAN: use-after-free Read in lock_sock_nested C 471 644d 1957d 0/1 upstream: reported C repro on 2019/07/26 21:27
linux-4.14 KASAN: use-after-free Read in lock_sock_nested C inconclusive 331 684d 2051d 0/1 upstream: reported C repro on 2019/04/24 06:28
upstream KASAN: use-after-free Read in lock_sock_nested hams C inconclusive done 1856 554d 2163d 0/28 auto-obsoleted due to no activity on 2023/08/23 09:06
upstream general protection fault in lock_sock_nested bluetooth C done done 502 18m 450d 0/28 upstream: reported C repro on 2023/09/11 07:52
linux-5.15 general protection fault in lock_sock_nested origin:upstream missing-backport syz error 48 15d 244d 0/3 upstream: reported syz repro on 2024/04/04 13:25
linux-4.14 BUG: unable to handle kernel paging request in lock_sock_nested 4 1300d 1419d 0/1 auto-closed as invalid on 2021/09/11 11:51
linux-6.1 general protection fault in lock_sock_nested origin:upstream syz 68 4d06h 234d 0/3 upstream: reported syz repro on 2024/04/14 08:46
upstream KASAN: slab-out-of-bounds Read in lock_sock_nested bluetooth syz unreliable done 23 1136d 1575d 0/28 auto-obsoleted due to no activity on 2022/09/29 10:19
linux-4.19 KASAN: slab-out-of-bounds Read in lock_sock_nested 14 818d 1482d 0/1 auto-obsoleted due to no activity on 2023/01/05 15:59

Sample crash report:
BUG: sleeping function called from invalid context at net/core/sock.c:3487
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 47, name: kworker/u5:0
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
6 locks held by kworker/u5:0/47:
 #0: ffff88807ad90138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
 #1: ffffc90000b87d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
 #2: ffff888073d94078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0xaa/0xac0 net/bluetooth/hci_event.c:5021
 #3: ffffffff8e3f0f48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1790 [inline]
 #3: ffffffff8e3f0f48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x4d5/0xac0 net/bluetooth/hci_event.c:5107
 #4: ffff8880213a1420 (&conn->lock#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #4: ffff8880213a1420 (&conn->lock#2){+.+.}-{2:2}, at: sco_conn_ready net/bluetooth/sco.c:1278 [inline]
 #4: ffff8880213a1420 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x279/0xb10 net/bluetooth/sco.c:1363
 #5: ffff88806005e130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1748 [inline]
 #5: ffff88806005e130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_ready net/bluetooth/sco.c:1291 [inline]
 #5: ffff88806005e130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x450/0xb10 net/bluetooth/sco.c:1363
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 47 Comm: kworker/u5:0 Not tainted 6.1.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 __might_resched+0x5cb/0x780 kernel/sched/core.c:9945
 lock_sock_nested+0x59/0x100 net/core/sock.c:3487
 lock_sock include/net/sock.h:1748 [inline]
 sco_conn_ready net/bluetooth/sco.c:1291 [inline]
 sco_connect_cfm+0x450/0xb10 net/bluetooth/sco.c:1363
 hci_connect_cfm include/net/bluetooth/hci_core.h:1793 [inline]
 hci_sync_conn_complete_evt+0x54b/0xac0 net/bluetooth/hci_event.c:5107
 hci_event_func net/bluetooth/hci_event.c:7539 [inline]
 hci_event_packet+0xa9d/0x1510 net/bluetooth/hci_event.c:7591
 hci_rx_work+0x3cd/0xce0 net/bluetooth/hci_core.c:4129
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/20 05:56 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 05:56 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 05:54 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 05:54 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 05:53 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 03:11 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
2024/06/29 07:54 linux-6.1.y 99e6a620de00 757f06b1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
* Struck through repros no longer work on HEAD.