BUG: sleeping function called from invalid context in hci_cmd_sync

Date	Name	Commit	Repro	Result
2024/04/25	linux-6.1.y (ToT)	6741e066ec76	C	[report] BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/25	upstream (ToT)	e88c4cfcb7b8	C	Didn't crash

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	BUG: sleeping function called from invalid context in hci_cmd_sync_submit bluetooth	C	done	done	3400	60d	304d	0/26	upstream: reported C repro on 2023/07/04 08:10

upstream

BUG: sleeping function called from invalid context in hci_cmd_sync_submit bluetooth

done

3400

60d

304d

0/26

upstream: reported C repro on 2023/07/04 08:10

Bluetooth: hci0: link tx timeout Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3556, name: kworker/u5:2 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 3 locks held by kworker/u5:2/3556: #0: ffff88807a7f1138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc90003abfd20 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline] #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline] #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: hci_link_tx_to net/bluetooth/hci_core.c:3448 [inline] #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: __check_timeout+0x181/0x460 net/bluetooth/hci_core.c:3601 CPU: 0 PID: 3556 Comm: kworker/u5:2 Not tainted 6.1.87-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: hci0 hci_tx_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 __might_resched+0x5cb/0x780 kernel/sched/core.c:9942 __mutex_lock_common kernel/locking/mutex.c:580 [inline] __mutex_lock+0xbd/0xd80 kernel/locking/mutex.c:747 hci_cmd_sync_submit+0x3b/0x2e0 net/bluetooth/hci_sync.c:702 hci_disconnect+0xe6/0x2c0 net/bluetooth/hci_conn.c:255 hci_link_tx_to net/bluetooth/hci_core.c:3455 [inline] __check_timeout+0x333/0x460 net/bluetooth/hci_core.c:3601 hci_sched_acl_pkt net/bluetooth/hci_core.c:3659 [inline] hci_sched_acl net/bluetooth/hci_core.c:3762 [inline] hci_tx_work+0xce2/0x1ec0 net/bluetooth/hci_core.c:3861 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 </TASK> ============================= [ BUG: Invalid wait context ] 6.1.87-syzkaller #0 Tainted: G W ----------------------------- kworker/u5:2/3556 is trying to lock: ffff8880763e09b0 (&hdev->unregister_lock){+.+.}-{3:3}, at: hci_cmd_sync_submit+0x3b/0x2e0 net/bluetooth/hci_sync.c:702 other info that might help us debug this: context-{4:4} 3 locks held by kworker/u5:2/3556: #0: ffff88807a7f1138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc90003abfd20 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline] #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline] #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: hci_link_tx_to net/bluetooth/hci_core.c:3448 [inline] #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: __check_timeout+0x181/0x460 net/bluetooth/hci_core.c:3601 stack backtrace: CPU: 0 PID: 3556 Comm: kworker/u5:2 Tainted: G W 6.1.87-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: hci0 hci_tx_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 print_lock_invalid_wait_context kernel/locking/lockdep.c:4701 [inline] check_wait_context kernel/locking/lockdep.c:4762 [inline] __lock_acquire+0x14b1/0x1f80 kernel/locking/lockdep.c:4999 lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662 __mutex_lock_common kernel/locking/mutex.c:603 [inline] __mutex_lock+0x132/0xd80 kernel/locking/mutex.c:747 hci_cmd_sync_submit+0x3b/0x2e0 net/bluetooth/hci_sync.c:702 hci_disconnect+0xe6/0x2c0 net/bluetooth/hci_conn.c:255 hci_link_tx_to net/bluetooth/hci_core.c:3455 [inline] __check_timeout+0x333/0x460 net/bluetooth/hci_core.c:3601 hci_sched_acl_pkt net/bluetooth/hci_core.c:3659 [inline] hci_sched_acl net/bluetooth/hci_core.c:3762 [inline] hci_tx_work+0xce2/0x1ec0 net/bluetooth/hci_core.c:3861 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 </TASK> Bluetooth: hci0: link tx timeout Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa Bluetooth: hci0: command 0x0406 tx timeout

Crashes (3209):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/04/27 00:31	linux-6.1.y	6741e066ec76	059e9963	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/23 22:39	linux-6.1.y	6741e066ec76	21339d7b	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/23 20:59	linux-6.1.y	6741e066ec76	21339d7b	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/21 20:47	linux-6.1.y	6741e066ec76	af24b050	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/08 20:17	linux-6.1.y	347385861c50	53df08b6	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/06 10:57	linux-6.1.y	347385861c50	ca620dd8	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/05 01:20	linux-6.1.y	347385861c50	0ee3535e	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/03/27 07:04	linux-6.1.y	e5cd595e23c1	454571b6	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/30 21:59	linux-6.1.y	dcbc050cb0d3	3ce4924c	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/23 14:44	linux-6.1.y	6741e066ec76	21339d7b	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/22 16:21	linux-6.1.y	6741e066ec76	36c961ad	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/21 19:04	linux-6.1.y	6741e066ec76	af24b050	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/19 03:08	linux-6.1.y	6741e066ec76	af24b050	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/08 11:31	linux-6.1.y	347385861c50	ca620dd8	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/07 10:50	linux-6.1.y	347385861c50	ca620dd8	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/03/27 05:38	linux-6.1.y	e5cd595e23c1	454571b6	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 11:27	linux-6.1.y	909ba1f1b414	dd26401e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 10:16	linux-6.1.y	909ba1f1b414	dd26401e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 09:32	linux-6.1.y	909ba1f1b414	dd26401e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 08:28	linux-6.1.y	909ba1f1b414	ddfc15a1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 07:28	linux-6.1.y	909ba1f1b414	ddfc15a1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 05:41	linux-6.1.y	909ba1f1b414	ddfc15a1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 04:35	linux-6.1.y	909ba1f1b414	ddfc15a1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 02:31	linux-6.1.y	909ba1f1b414	ddfc15a1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 00:33	linux-6.1.y	909ba1f1b414	ddfc15a1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 23:23	linux-6.1.y	909ba1f1b414	ddfc15a1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 22:18	linux-6.1.y	909ba1f1b414	ddfc15a1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 17:52	linux-6.1.y	909ba1f1b414	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 16:43	linux-6.1.y	909ba1f1b414	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 13:49	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 10:36	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 09:20	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 06:16	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 00:36	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/01 23:17	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/01 21:55	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/01 18:43	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/01 16:54	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/01 10:45	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/01 09:23	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/03/27 00:46	linux-6.1.y	e5cd595e23c1	454571b6	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 14:12	linux-6.1.y	909ba1f1b414	dd26401e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 13:51	linux-6.1.y	909ba1f1b414	dd26401e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 12:32	linux-6.1.y	909ba1f1b414	dd26401e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 04:33	linux-6.1.y	909ba1f1b414	ddfc15a1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 03:31	linux-6.1.y	909ba1f1b414	ddfc15a1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/03 01:15	linux-6.1.y	909ba1f1b414	ddfc15a1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 21:34	linux-6.1.y	909ba1f1b414	ddfc15a1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 20:33	linux-6.1.y	909ba1f1b414	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 19:04	linux-6.1.y	909ba1f1b414	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 12:37	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 12:37	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 04:50	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/02 02:31	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/01 23:29	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/01 20:18	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/01 14:56	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/01 13:31	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/01 12:29	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/01 08:56	linux-6.1.y	dcbc050cb0d3	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in hci_cmd_sync_submit

Crashes (3209):

Assets (help?)

2024/04/27 00:31

linux-6.1.y