syzbot


BUG: sleeping function called from invalid context in lock_sock_nested (2)

Status: fixed on 2021/10/12 13:38
Reported-by: syzbot+13c78f74836a0d4a8887@syzkaller.appspotmail.com
Fix commit: 3719acc161d5 Bluetooth: defer cleanup of resources in hci_unregister_dev()
First crash: 387d, last: 294d

Fix bisection: fixed by (bisect log) :
commit 3719acc161d5c1ce09912cc1c9eddc2c5faa3c66
Author: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Date: Wed Aug 4 10:26:56 2021 +0000

  Bluetooth: defer cleanup of resources in hci_unregister_dev()

similar bugs (6):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: sleeping function called from invalid context in lock_sock_nested (2) C done error 19391 325d 861d 22/22 fixed on 2021/11/10 13:22
linux-4.14 BUG: sleeping function called from invalid context in lock_sock_nested 1 1096d 1096d 0/1 auto-closed as invalid on 2019/10/30 11:24
linux-4.14 BUG: sleeping function called from invalid context in lock_sock_nested (2) syz done 1 881d 941d 1/1 fixed on 2020/03/04 10:17
linux-4.19 BUG: sleeping function called from invalid context in lock_sock_nested syz done 1 911d 941d 1/1 fixed on 2020/02/05 13:33
upstream BUG: sleeping function called from invalid context in lock_sock_nested C 1232 865d 941d 16/22 fixed on 2020/02/18 14:31
linux-4.14 BUG: sleeping function called from invalid context in lock_sock_nested (3) syz 144 13d 387d 0/1 upstream: reported syz repro on 2021/06/10 20:33

Sample crash report:
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
BUG: sleeping function called from invalid context at net/core/sock.c:2863
in_atomic(): 1, irqs_disabled(): 0, pid: 8130, name: syz-executor667
1 lock held by syz-executor667/8130:
 #0: 000000004cd29212 (hci_sk_list.lock){++++}, at: hci_sock_dev_event+0x3db/0x660 net/bluetooth/hci_sock.c:756
Preemption disabled at:
[<0000000000000000>]           (null)
CPU: 1 PID: 8130 Comm: syz-executor667 Not tainted 4.19.194-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
 lock_sock_nested+0x33/0x110 net/core/sock.c:2863
 lock_sock include/net/sock.h:1510 [inline]
 hci_sock_dev_event+0x465/0x660 net/bluetooth/hci_sock.c:758
 hci_unregister_dev+0x25b/0x910 net/bluetooth/hci_core.c:3292
 vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354
 __fput+0x2ce/0x890 fs/file_table.c:278
 task_work_run+0x148/0x1c0 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0xbf3/0x2be0 kernel/exit.c:870
 do_group_exit+0x125/0x310 kernel/exit.c:967
 __do_sys_exit_group kernel/exit.c:978 [inline]
 __se_sys_exit_group kernel/exit.c:976 [inline]
 __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:976
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x449b59
Code: 00 49 c7 c0 bc ff ff ff be e7 00 00 00 ba 3c 00 00 00 eb 12 0f 1f 44 00 00 89 d0 0f 05 48 3d 00 f0 ff ff 77 1c f4 89 f0 0f 05 <48> 3d 00 f0 ff ff 76 e7 f7 d8 64 41 89 00 eb df 0f 1f 80 00 00 00
RSP: 002b:00007ffd9d302148 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00000000004d71f0 RCX: 0000000000449b59
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffffffffffbc R09: 00000000004d5620
R10: 0000000000000231 R11: 0000000000000246 R12: 00000000004d71f0
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
BUG: scheduling while atomic: syz-executor667/8130/0x00000002
1 lock held by syz-executor667/8130:
 #0: 000000004cd29212 (hci_sk_list.lock){++++}, at: hci_sock_dev_event+0x3db/0x660 net/bluetooth/hci_sock.c:756
Modules linked in:
Preemption disabled at:
[<0000000000000000>]           (null)

Crashes (3909):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-19 2021/06/10 17:37 linux-4.19.y 9a2dc0e6c531 1ba81399 .config log report syz C BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/12 06:33 linux-4.19.y 5c66974a6304 6972b106 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 22:48 linux-4.19.y 5c66974a6304 6972b106 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 10:46 linux-4.19.y 5c66974a6304 6972b106 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 09:50 linux-4.19.y 5c66974a6304 6972b106 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 00:52 linux-4.19.y 5c66974a6304 6972b106 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/09 20:23 linux-4.19.y 5c66974a6304 6972b106 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/09 19:55 linux-4.19.y 5c66974a6304 6972b106 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/08 19:45 linux-4.19.y 5c66974a6304 6972b106 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/08 14:04 linux-4.19.y 5c66974a6304 6972b106 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/08 00:46 linux-4.19.y 6ca2f514c578 6972b106 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/08 00:26 linux-4.19.y 6ca2f514c578 6972b106 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/07 21:03 linux-4.19.y 6ca2f514c578 6972b106 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/06 10:58 linux-4.19.y 6ca2f514c578 2f537099 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/05 19:34 linux-4.19.y 6ca2f514c578 d2d6e680 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/04 15:00 linux-4.19.y 6ca2f514c578 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/04 10:03 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/04 07:12 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/04 06:21 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/04 04:57 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/04 03:36 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/04 02:53 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/03 23:10 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/03 08:12 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/01 16:32 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/01 12:08 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/01 04:08 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/01 00:58 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/01 00:38 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/07/31 15:43 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/07/31 09:35 linux-4.19.y 53bd76690e27 6c236867 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/07/30 12:07 linux-4.19.y a89b48fe9308 c585c7b0 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/07/30 11:26 linux-4.19.y a89b48fe9308 c585c7b0 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/07/30 08:13 linux-4.19.y a89b48fe9308 c585c7b0 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/07/30 03:46 linux-4.19.y a89b48fe9308 8a799410 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/07/29 23:48 linux-4.19.y a89b48fe9308 8a799410 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/07/29 10:34 linux-4.19.y a89b48fe9308 b44001ce .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/07/28 20:33 linux-4.19.y a89b48fe9308 9a4781d4 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/07/28 13:52 linux-4.19.y a89b48fe9308 17d6ab15 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/07/28 00:29 linux-4.19.y 4938296e03bd 17d6ab15 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/07/27 22:56 linux-4.19.y 4938296e03bd 17d6ab15 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/06/10 15:01 linux-4.19.y 9a2dc0e6c531 1ba81399 .config log report syz BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/12 11:28 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/12 10:14 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/12 08:29 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/12 07:33 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/12 04:58 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/12 03:22 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/12 01:54 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/12 00:49 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 23:19 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 21:58 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 20:56 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 19:55 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 18:23 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 16:38 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 14:30 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 13:29 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 12:23 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 11:20 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 08:28 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 07:42 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 06:39 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 05:37 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 04:25 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 03:47 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/11 01:04 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 21:40 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 20:39 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 18:25 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 17:06 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 16:06 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 15:00 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 12:18 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 09:12 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 08:43 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 07:32 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 06:02 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 03:27 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 01:58 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 00:57 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/10 00:15 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/09 22:56 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/09 21:53 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/09 19:01 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/08/09 17:31 linux-4.19.y 5c66974a6304 6972b106 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested
ci2-linux-4-19 2021/06/10 12:12 linux-4.19.y 9a2dc0e6c531 1ba81399 .config log report info BUG: sleeping function called from invalid context in lock_sock_nested