syzbot


WARNING: locking bug in l2cap_chan_del

Status: auto-obsoleted due to no activity on 2022/09/14 08:47
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+01d7fc00b2a0419d01cc@syzkaller.appspotmail.com
First crash: 1320d, last: 1041d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: KASAN: use-after-free Read in lock_sock_nested (log)
Repro: syz .config
  
Fix bisection the fix commit could be any of (bisect log):
  06a7a37be55e ipv4: tunnel: fix compilation on ARCH=um
  232e3683b4ee Merge branch 'mptcp-fixes'
  
Discussions (1)
Title Replies (including bot) Last reply
WARNING: locking bug in l2cap_chan_del 0 (2) 2020/08/13 05:24
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING: locking bug in l2cap_chan_del 1 1284d 1284d 0/1 auto-closed as invalid on 2021/01/09 22:04
Last patch testing requests (1)
Created Duration User Patch Repo Result
2022/09/14 05:27 16m retest repro net-old OK log
Fix bisection attempts (6)
Created Duration User Patch Repo Result
2021/06/11 15:03 27m bisect fix net-old job log (2)
2021/05/12 14:37 21m bisect fix net-old job log (0) log
2021/04/12 14:16 21m bisect fix net-old job log (0) log
2021/03/12 03:53 21m bisect fix net-old job log (0) log
2021/02/16 02:18 0m bisect fix net-old error job log (0)
2021/01/17 02:00 17m bisect fix net-old job log (0) log
Cause bisection attempts (2)
Created Duration User Patch Repo Result
2021/03/10 17:20 3h02m bisect net-old job log (0) log
2020/08/13 09:36 8h14m bisect net-old error job log (0)

Sample crash report:
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(1)
WARNING: CPU: 0 PID: 5 at kernel/locking/lockdep.c:183 hlock_class kernel/locking/lockdep.c:183 [inline]
WARNING: CPU: 0 PID: 5 at kernel/locking/lockdep.c:183 hlock_class kernel/locking/lockdep.c:172 [inline]
WARNING: CPU: 0 PID: 5 at kernel/locking/lockdep.c:183 check_wait_context kernel/locking/lockdep.c:4100 [inline]
WARNING: CPU: 0 PID: 5 at kernel/locking/lockdep.c:183 __lock_acquire+0x1674/0x5640 kernel/locking/lockdep.c:4376
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.8.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events l2cap_chan_timeout
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:231
 __warn.cold+0x20/0x45 kernel/panic.c:600
 report_bug+0x1bd/0x210 lib/bug.c:198
 handle_bug+0x38/0x90 arch/x86/kernel/traps.c:235
 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:255
 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:hlock_class kernel/locking/lockdep.c:183 [inline]
RIP: 0010:hlock_class kernel/locking/lockdep.c:172 [inline]
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4100 [inline]
RIP: 0010:__lock_acquire+0x1674/0x5640 kernel/locking/lockdep.c:4376
Code: d2 0f 85 f1 36 00 00 44 8b 15 f0 8e 57 09 45 85 d2 0f 85 1c fa ff ff 48 c7 c6 80 af 4b 88 48 c7 c7 80 aa 4b 88 e8 ce 36 eb ff <0f> 0b e9 02 fa ff ff c7 44 24 38 fe ff ff ff 41 bf 01 00 00 00 c7
RSP: 0018:ffffc90000cbf8e0 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000
RDX: ffff8880a95a2140 RSI: ffffffff815d8eb7 RDI: fffff52000197f0e
RBP: ffff8880a95a2ab0 R08: 0000000000000000 R09: ffffffff89bcb3c3
R10: 00000000000007d2 R11: 0000000000000001 R12: 0000000000000000
R13: 00000000000019a1 R14: ffff8880a95a2140 R15: 0000000000040000
 lock_acquire+0x1f1/0xad0 kernel/locking/lockdep.c:5005
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
 _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:175
 spin_lock_bh include/linux/spinlock.h:359 [inline]
 lock_sock_nested+0x3b/0x110 net/core/sock.c:3040
 l2cap_sock_teardown_cb+0x88/0x400 net/bluetooth/l2cap_sock.c:1520
 l2cap_chan_del+0xad/0x1300 net/bluetooth/l2cap_core.c:618
 l2cap_chan_close+0x118/0xb10 net/bluetooth/l2cap_core.c:823
 l2cap_chan_timeout+0x173/0x450 net/bluetooth/l2cap_core.c:436
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (83):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/08/13 05:23 net-old 06a7a37be55e bc15f7db .config console log report syz ci-upstream-net-this-kasan-gce
2020/12/12 21:40 upstream 7b1b868e1d91 bca53db9 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/08 17:54 upstream cd796ed33450 a7f7f4a4 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/11/29 11:49 upstream 45e885c439e8 a0092f9d .config console log report info ci-upstream-kasan-gce-selinux-root
2020/10/07 07:01 upstream c85fb28b6f99 1880b4a9 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/14 00:07 upstream e4c26faa426c 2d3cdd63 .config console log report ci-qemu-upstream
2020/09/12 11:45 upstream 729e3d091984 21d289c2 .config console log report ci-qemu-upstream
2020/09/10 17:28 upstream 7fe10096c150 409809d8 .config console log report ci-upstream-kasan-gce-smack-root
2020/09/09 10:57 upstream 34d4ddd359db 0ea7a887 .config console log report ci-upstream-kasan-gce-smack-root
2020/09/07 00:13 upstream fffe3ae0ee84 abf9ba4f .config console log report ci-qemu-upstream
2020/08/11 09:23 upstream 00e4db51259a bacaf5fa .config console log report ci-upstream-kasan-gce-root
2020/08/10 18:18 upstream fc80c51fd4b2 7adc7b65 .config console log report ci-upstream-kasan-gce-root
2020/08/07 01:02 upstream 47ec5303d73e 1f122f88 .config console log report ci-upstream-kasan-gce-root
2020/12/13 21:08 upstream ec6f5e0e5ca0 8f160dd5 .config console log report info ci-qemu-upstream-386
2020/11/04 21:51 upstream 4ef8451b3326 64069d48 .config console log report info ci-qemu-upstream-386
2020/12/09 18:26 net-old 72d05c00d7ec c090b4da .config console log report info ci-upstream-net-this-kasan-gce
2020/11/23 05:24 net-old f9b036532108 0d27f508 .config console log report info ci-upstream-net-this-kasan-gce
2020/11/17 02:10 net-old e2142ef266c8 1bf9a662 .config console log report info ci-upstream-net-this-kasan-gce
2020/10/03 21:57 net-old ab0faf5f04e8 1a3f9408 .config console log report info ci-upstream-net-this-kasan-gce
2020/10/01 21:25 net-old bb13a800620c 9602ddf4 .config console log report info ci-upstream-net-this-kasan-gce
2020/09/26 09:15 net-old 5e46e43c2ad9 4a006f63 .config console log report info ci-upstream-net-this-kasan-gce
2020/09/21 14:49 net-old e1b81391421b 9e1fa68e .config console log report info ci-upstream-net-this-kasan-gce
2020/09/11 19:12 net-old ee460417d254 adfb8b4e .config console log report ci-upstream-net-this-kasan-gce
2020/09/09 01:27 net-old 19162fd4063a abf9ba4f .config console log report ci-upstream-net-this-kasan-gce
2020/09/02 05:33 net-old a609d0259183 abf9ba4f .config console log report ci-upstream-net-this-kasan-gce
2020/08/31 06:31 net-old c8146fe292a7 d5a3ae1f .config console log report ci-upstream-net-this-kasan-gce
2020/08/28 00:47 net-old af8ea1111346 816e0689 .config console log report ci-upstream-net-this-kasan-gce
2020/08/12 00:16 net-old c79f428d6f14 bacaf5fa .config console log report ci-upstream-net-this-kasan-gce
2020/08/10 00:12 net-old 7c7ab580db49 70301872 .config console log report ci-upstream-net-this-kasan-gce
2020/08/08 19:53 net-old 1c3b63f155f6 f721e4a0 .config console log report ci-upstream-net-this-kasan-gce
2020/12/15 03:00 net-next-old 13458ffe0a95 97183ed7 .config console log report info ci-upstream-net-kasan-gce
2020/12/13 02:57 net-next-old 00f7763a26cb bca53db9 .config console log report info ci-upstream-net-kasan-gce
2020/12/03 03:25 net-next-old 6b4f503186b7 8c9190ef .config console log report info ci-upstream-net-kasan-gce
2020/11/25 02:40 net-next-old d5a05e69ac6e e34b696c .config console log report info ci-upstream-net-kasan-gce
2020/11/19 03:05 net-next-old 2b8473d2fb22 0767f13f .config console log report info ci-upstream-net-kasan-gce
2020/11/14 10:22 net-next-old 774626fa440e 1bf9a662 .config console log report info ci-upstream-net-kasan-gce
2020/11/09 23:17 net-next-old bff6f1db91e3 64069d48 .config console log report info ci-upstream-net-kasan-gce
2020/11/06 12:42 net-next-old c9448e828d11 64069d48 .config console log report info ci-upstream-net-kasan-gce
2020/10/12 10:26 net-next-old bc081a693a56 4a77ae0b .config console log report info ci-upstream-net-kasan-gce
2020/09/22 05:36 net-next-old b696db590f5d 9e1fa68e .config console log report info ci-upstream-net-kasan-gce
2020/09/21 06:51 net-next-old 3cec0369905d 9564d2e9 .config console log report info ci-upstream-net-kasan-gce
2020/09/18 12:02 net-next-old 529d1fdf9719 38962c8b .config console log report info ci-upstream-net-kasan-gce
2020/09/17 23:39 net-next-old b948577b984a 8247808b .config console log report info ci-upstream-net-kasan-gce
2020/09/12 05:43 net-next-old 12913f745934 79fb24e2 .config console log report ci-upstream-net-kasan-gce
2020/09/10 00:14 net-next-old b599a5b9e166 409809d8 .config console log report ci-upstream-net-kasan-gce
2020/09/09 05:59 net-next-old c1f1f16c4de4 abf9ba4f .config console log report ci-upstream-net-kasan-gce
2020/09/09 02:41 net-next-old 4349abdb409b abf9ba4f .config console log report ci-upstream-net-kasan-gce
2020/09/07 14:55 net-next-old 02a20d4fef3d abf9ba4f .config console log report ci-upstream-net-kasan-gce
2020/09/07 12:42 net-next-old 02a20d4fef3d abf9ba4f .config console log report ci-upstream-net-kasan-gce
2020/09/07 08:06 net-next-old 02a20d4fef3d abf9ba4f .config console log report ci-upstream-net-kasan-gce
2020/09/06 23:18 net-next-old be239c4d5e3e abf9ba4f .config console log report ci-upstream-net-kasan-gce
2020/09/02 12:18 net-next-old dc1a9bf2c816 abf9ba4f .config console log report ci-upstream-net-kasan-gce
2020/08/31 00:54 net-next-old 0f091e43310f d5a3ae1f .config console log report ci-upstream-net-kasan-gce
2020/08/12 19:33 net-next-old bfdd5aaa54b0 bc15f7db .config console log report ci-upstream-net-kasan-gce
2020/08/10 00:17 net-next-old bfdd5aaa54b0 70301872 .config console log report ci-upstream-net-kasan-gce
2020/08/08 12:33 net-next-old bfdd5aaa54b0 ff51e522 .config console log report ci-upstream-net-kasan-gce
2020/08/08 09:43 net-next-old bfdd5aaa54b0 ff51e522 .config console log report ci-upstream-net-kasan-gce
2020/08/07 22:29 net-next-old bfdd5aaa54b0 cb436c69 .config console log report ci-upstream-net-kasan-gce
2020/08/06 22:34 net-next-old c1055b76ad00 1f122f88 .config console log report ci-upstream-net-kasan-gce
2020/09/14 06:10 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/11 08:46 linux-next d5b2251d63b5 adfb8b4e .config console log report ci-upstream-linux-next-kasan-gce-root
2020/08/30 08:47 linux-next b36c969764ab d5a3ae1f .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.