syzbot

 sign-in | mailing list | source | docs
🐞 Open [698]
🐞 Fixed [97]
🐞 Invalid [561]
Missing Backports [40]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: sleeping function called from invalid context in hci_cmd_sync_submit

Status: upstream: reported C repro on 2024/03/27 00:47
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+1fb5ed3cdea3397c1010@syzkaller.appspotmail.com
First crash: 269d, last: 113d
Fix bisection: failed (error log, bisect log)
  
Bug presence (2)
Date Name Commit Repro Result
2024/04/25 linux-6.1.y (ToT) 6741e066ec76 C [report] BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/25 upstream (ToT) e88c4cfcb7b8 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: sleeping function called from invalid context in hci_cmd_sync_submit bluetooth C done done 3400 292d 536d 0/28 auto-obsoleted due to no activity on 2024/05/13 05:09
Fix bisection attempts (3)
Created Duration User Patch Repo Result
2024/11/22 23:38 2h36m fix candidate upstream OK (0) job log
2024/10/15 05:24 0m fix candidate upstream error job log
2024/10/14 23:18 0m bisect fix linux-6.1.y error job log

Sample crash report:
Bluetooth: hci0: command tx timeout
Bluetooth: hci0: command tx timeout
Bluetooth: hci0: link tx timeout
Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3568, name: kworker/u5:1
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
3 locks held by kworker/u5:1/3568:
 #0: ffff88807b865938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
 #1: ffffc90003bdfd20 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: hci_link_tx_to net/bluetooth/hci_core.c:3448 [inline]
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: __check_timeout+0x181/0x460 net/bluetooth/hci_core.c:3601
CPU: 1 PID: 3568 Comm: kworker/u5:1 Not tainted 6.1.90-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: hci0 hci_tx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 __might_resched+0x5cb/0x780 kernel/sched/core.c:9942
 __mutex_lock_common kernel/locking/mutex.c:580 [inline]
 __mutex_lock+0xbd/0xd80 kernel/locking/mutex.c:747
 hci_cmd_sync_submit+0x3b/0x2e0 net/bluetooth/hci_sync.c:702
 hci_disconnect+0xe6/0x2c0 net/bluetooth/hci_conn.c:255
 hci_link_tx_to net/bluetooth/hci_core.c:3455 [inline]
 __check_timeout+0x333/0x460 net/bluetooth/hci_core.c:3601
 hci_sched_le net/bluetooth/hci_core.c:3784 [inline]
 hci_tx_work+0x138b/0x1ec0 net/bluetooth/hci_core.c:3862
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>

=============================
[ BUG: Invalid wait context ]
6.1.90-syzkaller #0 Tainted: G        W         
-----------------------------
kworker/u5:1/3568 is trying to lock:
ffff888028a349b0 (&hdev->unregister_lock){+.+.}-{3:3}, at: hci_cmd_sync_submit+0x3b/0x2e0 net/bluetooth/hci_sync.c:702
other info that might help us debug this:
context-{4:4}
3 locks held by kworker/u5:1/3568:
 #0: ffff88807b865938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
 #1: ffffc90003bdfd20 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: hci_link_tx_to net/bluetooth/hci_core.c:3448 [inline]
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: __check_timeout+0x181/0x460 net/bluetooth/hci_core.c:3601
stack backtrace:
CPU: 1 PID: 3568 Comm: kworker/u5:1 Tainted: G        W          6.1.90-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: hci0 hci_tx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4701 [inline]
 check_wait_context kernel/locking/lockdep.c:4762 [inline]
 __lock_acquire+0x14b1/0x1f80 kernel/locking/lockdep.c:4999
 lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
 __mutex_lock_common kernel/locking/mutex.c:603 [inline]
 __mutex_lock+0x132/0xd80 kernel/locking/mutex.c:747
 hci_cmd_sync_submit+0x3b/0x2e0 net/bluetooth/hci_sync.c:702
 hci_disconnect+0xe6/0x2c0 net/bluetooth/hci_conn.c:255
 hci_link_tx_to net/bluetooth/hci_core.c:3455 [inline]
 __check_timeout+0x333/0x460 net/bluetooth/hci_core.c:3601
 hci_sched_le net/bluetooth/hci_core.c:3784 [inline]
 hci_tx_work+0x138b/0x1ec0 net/bluetooth/hci_core.c:3862
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Bluetooth: hci0: command 0x0406 tx timeout
Bluetooth: hci0: command 0x0406 tx timeout

Crashes (14394):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/13 22:13 linux-6.1.y 909ba1f1b414 9026e142 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/27 00:31 linux-6.1.y 6741e066ec76 059e9963 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/23 22:39 linux-6.1.y 6741e066ec76 21339d7b .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/23 20:59 linux-6.1.y 6741e066ec76 21339d7b .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/21 20:47 linux-6.1.y 6741e066ec76 af24b050 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/08 20:17 linux-6.1.y 347385861c50 53df08b6 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/06 10:57 linux-6.1.y 347385861c50 ca620dd8 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/05 01:20 linux-6.1.y 347385861c50 0ee3535e .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/03/27 07:04 linux-6.1.y e5cd595e23c1 454571b6 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/14 07:52 linux-6.1.y 909ba1f1b414 fdb4c10c .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/30 21:59 linux-6.1.y dcbc050cb0d3 3ce4924c .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/23 14:44 linux-6.1.y 6741e066ec76 21339d7b .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/22 16:21 linux-6.1.y 6741e066ec76 36c961ad .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/21 19:04 linux-6.1.y 6741e066ec76 af24b050 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/19 03:08 linux-6.1.y 6741e066ec76 af24b050 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/08 11:31 linux-6.1.y 347385861c50 ca620dd8 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/07 10:50 linux-6.1.y 347385861c50 ca620dd8 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/03/27 05:38 linux-6.1.y e5cd595e23c1 454571b6 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/29 20:38 linux-6.1.y ee5e09825b81 9bd464fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/29 18:24 linux-6.1.y ee5e09825b81 9bd464fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/29 09:21 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/29 08:11 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/29 06:47 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/29 06:10 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/29 04:03 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/29 00:12 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 23:12 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 20:09 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 18:58 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 18:56 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 14:16 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 11:42 linux-6.1.y ee5e09825b81 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 07:56 linux-6.1.y ee5e09825b81 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 06:43 linux-6.1.y ee5e09825b81 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 04:25 linux-6.1.y ee5e09825b81 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 23:46 linux-6.1.y ee5e09825b81 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 22:18 linux-6.1.y ee5e09825b81 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 18:04 linux-6.1.y ee5e09825b81 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 16:54 linux-6.1.y ee5e09825b81 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 07:30 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 04:44 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 01:49 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 00:48 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/26 22:00 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/26 19:58 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/26 15:26 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/03/27 00:46 linux-6.1.y e5cd595e23c1 454571b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/30 01:36 linux-6.1.y ee5e09825b81 9bd464fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/29 22:20 linux-6.1.y ee5e09825b81 9bd464fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/29 14:31 linux-6.1.y ee5e09825b81 9bd464fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/29 13:21 linux-6.1.y ee5e09825b81 9bd464fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/29 10:40 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 13:08 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 09:23 linux-6.1.y ee5e09825b81 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 06:53 linux-6.1.y ee5e09825b81 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/28 03:19 linux-6.1.y ee5e09825b81 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 14:53 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 08:34 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 06:25 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 06:24 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/27 03:51 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/08/26 23:11 linux-6.1.y ee5e09825b81 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
* Struck through repros no longer work on HEAD.