syzbot


general protection fault in device_move

Status: upstream: reported syz repro on 2024/11/20 18:53
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+1f4e278e8e1a9b01f95f@syzkaller.appspotmail.com
First crash: 230d, last: 42m
Cause bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kernel?] general protection fault in device_move 0 (2) 2024/12/21 19:34
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.6 general protection fault in device_move 1 1d00h 1d00h 0/2 upstream: reported on 2025/07/04 01:12
linux-6.1 general protection fault in device_move 32 1d00h 185d 0/3 upstream: reported on 2024/12/31 11:47
linux-5.15 BUG: unable to handle kernel paging request in device_move 35 19h48m 200d 0/3 upstream: reported on 2024/12/16 11:50

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
CPU: 0 UID: 0 PID: 10396 Comm: syz-executor Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:klist_put lib/klist.c:212 [inline]
RIP: 0010:klist_del lib/klist.c:230 [inline]
RIP: 0010:klist_remove+0x14a/0x340 lib/klist.c:249
Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 99 db cb f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 7a db cb f6 49 8b 44 24 58 48 89 44 24 08
RSP: 0018:ffffc90004f4f600 EFLAGS: 00010202
RAX: 000000000000000b RBX: ffff888035b08000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058
RBP: ffffc90004f4f6e8 R08: ffffffff8f867143 R09: 1ffffffff1f0ce28
R10: dffffc0000000000 R11: fffffbfff1f0ce29 R12: 0000000000000000
R13: 1ffff110285f388c R14: ffff888142f9c460 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888125c83000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ebe60eacc0 CR3: 00000000343b0000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 device_move+0x193/0x700 drivers/base/core.c:4618
 hci_conn_del_sysfs+0xb8/0x170 net/bluetooth/hci_sysfs.c:75
 hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]
 hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173
 hci_conn_hash_flush+0x191/0x230 net/bluetooth/hci_conn.c:2561
 hci_dev_close_sync+0xaef/0x1330 net/bluetooth/hci_sync.c:5250
 hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]
 hci_unregister_dev+0x206/0x500 net/bluetooth/hci_core.c:2691
 vhci_release+0x80/0xd0 drivers/bluetooth/hci_vhci.c:665
 __fput+0x449/0xa70 fs/file_table.c:465
 task_work_run+0x1d1/0x260 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x6b5/0x22e0 kernel/exit.c:964
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1105
 get_signal+0x125e/0x1310 kernel/signal.c:3034
 arch_do_signal_or_restart+0x9a/0x750 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x75/0x110 kernel/entry/common.c:111
 exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
 do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff49718d58a
Code: Unable to access opcode bytes at 0x7ff49718d560.
RSP: 002b:00007ffdb0c713d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007ff49718d58a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007ffdb0c7142c R08: 00007ffdb0c70d2c R09: 00007ffdb0c71137
R10: 00007ffdb0c70db0 R11: 0000000000000293 R12: 0000000000000258
R13: 00000000000927c0 R14: 000000000005b6e1 R15: 00007ffdb0c71480
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:klist_put lib/klist.c:212 [inline]
RIP: 0010:klist_del lib/klist.c:230 [inline]
RIP: 0010:klist_remove+0x14a/0x340 lib/klist.c:249
Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 99 db cb f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 7a db cb f6 49 8b 44 24 58 48 89 44 24 08
RSP: 0018:ffffc90004f4f600 EFLAGS: 00010202
RAX: 000000000000000b RBX: ffff888035b08000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058
RBP: ffffc90004f4f6e8 R08: ffffffff8f867143 R09: 1ffffffff1f0ce28
R10: dffffc0000000000 R11: fffffbfff1f0ce29 R12: 0000000000000000
R13: 1ffff110285f388c R14: ffff888142f9c460 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888125d83000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ae783c2950 CR3: 00000000773ea000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	4d 89 f5             	mov    %r14,%r13
   3:	49 c1 ed 03          	shr    $0x3,%r13
   7:	43 80 7c 3d 00 00    	cmpb   $0x0,0x0(%r13,%r15,1)
   d:	74 08                	je     0x17
   f:	4c 89 f7             	mov    %r14,%rdi
  12:	e8 99 db cb f6       	call   0xf6cbdbb0
  17:	4d 8b 26             	mov    (%r14),%r12
  1a:	49 83 e4 fe          	and    $0xfffffffffffffffe,%r12
  1e:	49 8d 7c 24 58       	lea    0x58(%r12),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2f:	74 05                	je     0x36
  31:	e8 7a db cb f6       	call   0xf6cbdbb0
  36:	49 8b 44 24 58       	mov    0x58(%r12),%rax
  3b:	48 89 44 24 08       	mov    %rax,0x8(%rsp)

Crashes (3907):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/25 20:35 upstream 7595b66ae9de 26d77996 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in device_move
2024/12/21 19:34 upstream 499551201b5f d7f584ee .config console log report syz / log [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in device_move
2025/07/03 07:23 upstream b4911fb0b060 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in device_move
2025/07/01 06:47 upstream 66701750d556 6e83b42d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in device_move
2025/06/30 00:39 upstream d0b3b7b22dfa fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in device_move
2025/06/29 11:53 upstream dfba48a70cb6 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in device_move
2025/06/09 04:26 upstream 19272b37aa4f 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in device_move
2025/06/06 13:59 upstream e271ed52b344 f61267d4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in device_move
2025/07/05 00:45 upstream c435a4f487e8 4f67c4ae .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in device_move
2025/07/04 20:47 upstream c435a4f487e8 d869b261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in device_move
2025/07/03 11:55 upstream b4911fb0b060 115ceea7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in device_move
2025/07/01 08:05 upstream 66701750d556 6e83b42d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in device_move
2025/06/30 23:16 upstream d0b3b7b22dfa 6e83b42d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in device_move
2025/06/30 11:11 upstream d0b3b7b22dfa fc9d8ee5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in device_move
2025/07/02 10:16 upstream 66701750d556 bc80e4f0 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in device_move
2025/07/01 00:25 upstream d0b3b7b22dfa 6e83b42d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in device_move
2025/06/30 03:36 upstream afa9a6f4f574 fc9d8ee5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in device_move
2025/07/04 15:35 net b9fd9888a565 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/04 14:32 net b9fd9888a565 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/04 02:20 net 223e2288f4b8 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/04 01:11 net 223e2288f4b8 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/03 22:54 net 223e2288f4b8 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/03 13:34 net bd475eeaaf3c 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/03 10:46 net bd475eeaaf3c 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/03 09:19 net bd475eeaaf3c 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/02 21:48 net 561aa0e22b70 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/02 17:59 net 561aa0e22b70 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/02 15:19 net 561aa0e22b70 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/02 09:07 net 42fd432fe6d3 ffe4b334 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/02 06:56 net 42fd432fe6d3 ffe4b334 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/02 05:44 net 42fd432fe6d3 ffe4b334 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/02 03:17 net 42fd432fe6d3 ffe4b334 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/02 00:32 net 72fb83735c71 ffe4b334 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/01 23:15 net 72fb83735c71 ffe4b334 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/01 18:21 net 72fb83735c71 ffe4b334 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/01 16:35 net 72fb83735c71 6e83b42d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/01 13:49 net 72fb83735c71 6e83b42d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/01 10:58 net 72fb83735c71 6e83b42d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/01 02:43 net 60f7f4afaf6d 6e83b42d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/06/30 21:31 net 60f7f4afaf6d 6e83b42d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/06/30 20:00 net 60f7f4afaf6d fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/06/30 18:40 net 60f7f4afaf6d fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/06/30 06:48 net 2def09ead4ad fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/06/29 17:56 net 2def09ead4ad fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in device_move
2025/07/04 18:42 net-next 6b9fd8857b9f d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2025/07/04 14:28 net-next 6b9fd8857b9f 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2025/07/04 10:38 net-next 5f712c3877f9 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2025/07/04 08:02 net-next 5f712c3877f9 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2025/07/04 06:31 net-next 5f712c3877f9 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2025/07/02 23:55 net-next e96ee511c906 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2025/07/02 19:13 net-next e96ee511c906 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2025/07/02 13:26 net-next e96ee511c906 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2025/07/02 08:06 net-next e96ee511c906 ffe4b334 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2025/06/30 14:01 net-next 7012d4f3c7a8 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2025/06/30 01:52 net-next 20a0c20f82ac fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2025/06/29 20:42 net-next 20a0c20f82ac fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2024/11/20 18:34 net-next dd7207838d38 4fca1650 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2024/11/16 18:43 net-next 38f83a57aa8e cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in device_move
2025/07/03 19:26 linux-next 50c8770a42fa 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in device_move
2025/06/29 23:39 linux-next 2aeda9592360 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in device_move
2025/05/12 02:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c32f8dc5aaf9 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in device_move
2025/04/10 00:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2fe2b96c3818 988b336c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in device_move
* Struck through repros no longer work on HEAD.