syzbot


BUG: sleeping function called from invalid context in lock_sock_nested

Status: auto-obsoleted due to no activity on 2024/10/28 05:57
Reported-by: syzbot+97ef0e9e9cc294e72434@syzkaller.appspotmail.com
First crash: 367d, last: 346d
Similar bugs (23)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 BUG: sleeping function called from invalid context in lock_sock_nested (2) C done 3909 1388d 1481d 1/1 fixed on 2021/10/12 13:38
upstream BUG: sleeping function called from invalid context in lock_sock_nested (2) bluetooth C done error 19391 1420d 1955d 20/29 fixed on 2021/11/10 13:22
linux-4.14 BUG: sleeping function called from invalid context in lock_sock_nested 1 2190d 2190d 0/1 auto-closed as invalid on 2019/10/30 11:24
linux-6.1 BUG: sleeping function called from invalid context in lock_sock_nested (2) origin:upstream missing-backport C error 5 66d 128d 0/3 upstream: reported C repro on 2025/02/23 00:56
linux-4.14 BUG: sleeping function called from invalid context in lock_sock_nested (2) syz done 1 1975d 2035d 1/1 fixed on 2020/03/04 10:17
linux-4.19 BUG: sleeping function called from invalid context in lock_sock_nested syz done 1 2005d 2035d 1/1 fixed on 2020/02/05 13:33
upstream BUG: sleeping function called from invalid context in lock_sock_nested bpf net C 1232 1959d 2035d 15/29 fixed on 2020/02/18 14:31
linux-4.14 BUG: sleeping function called from invalid context in lock_sock_nested (3) syz error 144 975d 1481d 0/1 upstream: reported syz repro on 2021/06/10 20:33
upstream BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth C inconclusive error 142 15h30m 413d 0/29 upstream: reported C repro on 2024/05/13 12:58
linux-5.15 BUG: sleeping function called from invalid context in lock_sock_nested missing-backport origin:upstream C error 22 39d 367d 0/3 upstream: reported C repro on 2024/06/29 07:50
upstream BUG: unable to handle kernel paging request in lock_sock_nested bluetooth 43 1350d 1790d 0/29 auto-closed as invalid on 2022/02/16 22:16
linux-4.19 KASAN: wild-memory-access Write in lock_sock_nested 2 1614d 1683d 0/1 auto-closed as invalid on 2021/05/28 14:35
linux-4.14 general protection fault in lock_sock_nested 4 1515d 1733d 0/1 auto-closed as invalid on 2021/09/04 19:35
linux-4.19 KASAN: use-after-free Read in lock_sock_nested C 471 853d 2166d 0/1 upstream: reported C repro on 2019/07/26 21:27
linux-4.14 KASAN: use-after-free Read in lock_sock_nested C inconclusive 331 893d 2260d 0/1 upstream: reported C repro on 2019/04/24 06:28
upstream KASAN: use-after-free Read in lock_sock_nested hams C inconclusive done 1856 762d 2371d 0/29 auto-obsoleted due to no activity on 2023/08/23 09:06
upstream general protection fault in lock_sock_nested bluetooth C done done 2793 2h19m 659d 0/29 upstream: reported C repro on 2023/09/11 07:52
linux-5.15 general protection fault in lock_sock_nested missing-backport origin:upstream C error 126 8d05h 452d 0/3 upstream: reported C repro on 2024/04/04 13:25
linux-4.14 BUG: unable to handle kernel paging request in lock_sock_nested 4 1508d 1628d 0/1 auto-closed as invalid on 2021/09/11 11:51
linux-6.1 general protection fault in lock_sock_nested origin:upstream syz 141 12d 442d 0/3 upstream: reported syz repro on 2024/04/14 08:46
upstream KASAN: slab-out-of-bounds Read in lock_sock_nested bluetooth syz unreliable done 23 1344d 1784d 0/29 auto-obsoleted due to no activity on 2022/09/29 10:19
linux-4.19 KASAN: slab-out-of-bounds Read in lock_sock_nested 14 1027d 1691d 0/1 auto-obsoleted due to no activity on 2023/01/05 15:59
linux-6.6 general protection fault in lock_sock_nested 4 17h09m 12d 0/2 upstream: reported on 2025/06/19 04:51

Sample crash report:
BUG: sleeping function called from invalid context at net/core/sock.c:3487
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 47, name: kworker/u5:0
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
6 locks held by kworker/u5:0/47:
 #0: ffff88807ad90138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
 #1: ffffc90000b87d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
 #2: ffff888073d94078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0xaa/0xac0 net/bluetooth/hci_event.c:5021
 #3: ffffffff8e3f0f48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1790 [inline]
 #3: ffffffff8e3f0f48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x4d5/0xac0 net/bluetooth/hci_event.c:5107
 #4: ffff8880213a1420 (&conn->lock#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #4: ffff8880213a1420 (&conn->lock#2){+.+.}-{2:2}, at: sco_conn_ready net/bluetooth/sco.c:1278 [inline]
 #4: ffff8880213a1420 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x279/0xb10 net/bluetooth/sco.c:1363
 #5: ffff88806005e130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1748 [inline]
 #5: ffff88806005e130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_ready net/bluetooth/sco.c:1291 [inline]
 #5: ffff88806005e130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x450/0xb10 net/bluetooth/sco.c:1363
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 47 Comm: kworker/u5:0 Not tainted 6.1.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 __might_resched+0x5cb/0x780 kernel/sched/core.c:9945
 lock_sock_nested+0x59/0x100 net/core/sock.c:3487
 lock_sock include/net/sock.h:1748 [inline]
 sco_conn_ready net/bluetooth/sco.c:1291 [inline]
 sco_connect_cfm+0x450/0xb10 net/bluetooth/sco.c:1363
 hci_connect_cfm include/net/bluetooth/hci_core.h:1793 [inline]
 hci_sync_conn_complete_evt+0x54b/0xac0 net/bluetooth/hci_event.c:5107
 hci_event_func net/bluetooth/hci_event.c:7539 [inline]
 hci_event_packet+0xa9d/0x1510 net/bluetooth/hci_event.c:7591
 hci_rx_work+0x3cd/0xce0 net/bluetooth/hci_core.c:4129
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/20 05:56 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 05:56 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 05:54 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 05:54 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 05:53 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
2024/07/20 03:11 linux-6.1.y 9b3f9a5b12dc 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
2024/06/29 07:54 linux-6.1.y 99e6a620de00 757f06b1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in lock_sock_nested
* Struck through repros no longer work on HEAD.