syzbot


BUG: sleeping function called from invalid context in hci_cmd_sync_submit

Status: upstream: reported C repro on 2024/03/27 00:47
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+1fb5ed3cdea3397c1010@syzkaller.appspotmail.com
First crash: 61d, last: 13m
Bug presence (2)
Date Name Commit Repro Result
2024/04/25 linux-6.1.y (ToT) 6741e066ec76 C [report] BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/25 upstream (ToT) e88c4cfcb7b8 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: sleeping function called from invalid context in hci_cmd_sync_submit bluetooth C done done 3400 84d 328d 0/26 auto-obsoleted due to no activity on 2024/05/13 05:09

Sample crash report:
Bluetooth: hci0: command tx timeout
Bluetooth: hci0: command tx timeout
Bluetooth: hci0: link tx timeout
Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3568, name: kworker/u5:1
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
3 locks held by kworker/u5:1/3568:
 #0: ffff88807b865938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
 #1: ffffc90003bdfd20 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: hci_link_tx_to net/bluetooth/hci_core.c:3448 [inline]
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: __check_timeout+0x181/0x460 net/bluetooth/hci_core.c:3601
CPU: 1 PID: 3568 Comm: kworker/u5:1 Not tainted 6.1.90-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: hci0 hci_tx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 __might_resched+0x5cb/0x780 kernel/sched/core.c:9942
 __mutex_lock_common kernel/locking/mutex.c:580 [inline]
 __mutex_lock+0xbd/0xd80 kernel/locking/mutex.c:747
 hci_cmd_sync_submit+0x3b/0x2e0 net/bluetooth/hci_sync.c:702
 hci_disconnect+0xe6/0x2c0 net/bluetooth/hci_conn.c:255
 hci_link_tx_to net/bluetooth/hci_core.c:3455 [inline]
 __check_timeout+0x333/0x460 net/bluetooth/hci_core.c:3601
 hci_sched_le net/bluetooth/hci_core.c:3784 [inline]
 hci_tx_work+0x138b/0x1ec0 net/bluetooth/hci_core.c:3862
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>

=============================
[ BUG: Invalid wait context ]
6.1.90-syzkaller #0 Tainted: G        W         
-----------------------------
kworker/u5:1/3568 is trying to lock:
ffff888028a349b0 (&hdev->unregister_lock){+.+.}-{3:3}, at: hci_cmd_sync_submit+0x3b/0x2e0 net/bluetooth/hci_sync.c:702
other info that might help us debug this:
context-{4:4}
3 locks held by kworker/u5:1/3568:
 #0: ffff88807b865938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
 #1: ffffc90003bdfd20 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: hci_link_tx_to net/bluetooth/hci_core.c:3448 [inline]
 #2: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: __check_timeout+0x181/0x460 net/bluetooth/hci_core.c:3601
stack backtrace:
CPU: 1 PID: 3568 Comm: kworker/u5:1 Tainted: G        W          6.1.90-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: hci0 hci_tx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4701 [inline]
 check_wait_context kernel/locking/lockdep.c:4762 [inline]
 __lock_acquire+0x14b1/0x1f80 kernel/locking/lockdep.c:4999
 lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
 __mutex_lock_common kernel/locking/mutex.c:603 [inline]
 __mutex_lock+0x132/0xd80 kernel/locking/mutex.c:747
 hci_cmd_sync_submit+0x3b/0x2e0 net/bluetooth/hci_sync.c:702
 hci_disconnect+0xe6/0x2c0 net/bluetooth/hci_conn.c:255
 hci_link_tx_to net/bluetooth/hci_core.c:3455 [inline]
 __check_timeout+0x333/0x460 net/bluetooth/hci_core.c:3601
 hci_sched_le net/bluetooth/hci_core.c:3784 [inline]
 hci_tx_work+0x138b/0x1ec0 net/bluetooth/hci_core.c:3862
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Bluetooth: hci0: command 0x0406 tx timeout
Bluetooth: hci0: command 0x0406 tx timeout

Crashes (4876):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/13 22:13 linux-6.1.y 909ba1f1b414 9026e142 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/27 00:31 linux-6.1.y 6741e066ec76 059e9963 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/23 22:39 linux-6.1.y 6741e066ec76 21339d7b .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/23 20:59 linux-6.1.y 6741e066ec76 21339d7b .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/21 20:47 linux-6.1.y 6741e066ec76 af24b050 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/08 20:17 linux-6.1.y 347385861c50 53df08b6 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/06 10:57 linux-6.1.y 347385861c50 ca620dd8 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/05 01:20 linux-6.1.y 347385861c50 0ee3535e .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/03/27 07:04 linux-6.1.y e5cd595e23c1 454571b6 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/14 07:52 linux-6.1.y 909ba1f1b414 fdb4c10c .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/30 21:59 linux-6.1.y dcbc050cb0d3 3ce4924c .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/23 14:44 linux-6.1.y 6741e066ec76 21339d7b .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/22 16:21 linux-6.1.y 6741e066ec76 36c961ad .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/21 19:04 linux-6.1.y 6741e066ec76 af24b050 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/19 03:08 linux-6.1.y 6741e066ec76 af24b050 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/08 11:31 linux-6.1.y 347385861c50 ca620dd8 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/04/07 10:50 linux-6.1.y 347385861c50 ca620dd8 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/03/27 05:38 linux-6.1.y e5cd595e23c1 454571b6 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/27 16:07 linux-6.1.y 88690811da69 761766e6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/27 06:35 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/27 04:16 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/27 00:41 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/27 00:12 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/26 17:55 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/26 05:28 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/26 03:30 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/26 02:28 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/26 02:28 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 19:01 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 13:07 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 08:21 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 08:16 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 04:56 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 02:41 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 02:20 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 22:12 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 21:02 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 20:21 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 15:40 linux-6.1.y 4078fa637fcd 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 14:22 linux-6.1.y 4078fa637fcd 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 13:22 linux-6.1.y 4078fa637fcd 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 13:22 linux-6.1.y 4078fa637fcd 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 10:23 linux-6.1.y 4078fa637fcd 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 09:09 linux-6.1.y 4078fa637fcd 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 07:24 linux-6.1.y 4078fa637fcd 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/03/27 00:46 linux-6.1.y e5cd595e23c1 454571b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/27 17:19 linux-6.1.y 88690811da69 761766e6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/27 13:54 linux-6.1.y 88690811da69 761766e6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/27 10:55 linux-6.1.y 88690811da69 761766e6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/27 10:38 linux-6.1.y 88690811da69 761766e6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/27 09:32 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/27 05:20 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/26 01:20 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 22:01 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 20:12 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 19:05 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 17:21 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 15:48 linux-6.1.y 88690811da69 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 09:27 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 03:51 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/25 00:58 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 23:39 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 19:16 linux-6.1.y 4078fa637fcd a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 11:54 linux-6.1.y 4078fa637fcd 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
2024/05/24 08:07 linux-6.1.y 4078fa637fcd 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: sleeping function called from invalid context in hci_cmd_sync_submit
* Struck through repros no longer work on HEAD.