[v6.1] WARNING in hci_conn_timeout
7 views
Skip to first unread message
syzbot
Mar 8, 2023, 12:34:53 PM3/8/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 42616e0f09fb Linux 6.1.15
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=177e9e24c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=650737f7e9682672
dashboard link: https://syzkaller.appspot.com/bug?extid=bfbb27ac82ea130a7a95
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f10713d1fd0f/disk-42616e0f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/5a1307bb774e/vmlinux-42616e0f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/388238a30fe4/Image-42616e0f.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bfbb27...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 47 at net/bluetooth/hci_conn.c:646 hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:646
Modules linked in:
CPU: 0 PID: 47 Comm: kworker/u5:0 Not tainted 6.1.15-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Workqueue: hci4 hci_conn_timeout
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:646
lr : hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:646
sp : ffff80001b217b20
x29: ffff80001b217b30 x28: ffff0000d41ba400 x27: ffff0000de052250
x26: ffff0000c2ba8618 x25: 1fffe000185750c3 x24: dfff800000000000
x23: ffff0000d41ba408 x22: dfff800000000000 x21: 00000000ffffffff
x20: ffff0000de052000 x19: ffff0000de052250 x18: ffff80001b217880
x17: ffff80001141bde0 x16: ffff8000084fc844 x15: 0000000000000000
x14: 000000006cc70e04 x13: dfff800000000000 x12: 0000000000000001
x11: ff808000114205a8 x10: 0000000000000000 x9 : ffff8000114205a8
x8 : ffff0000c2a751c0 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff8000187d6000 x4 : 0000000000000008 x3 : ffff8000114203d4
x2 : 0000000000000000 x1 : 00000000ffffffff x0 : 0000000000000000
Call trace:
hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:646
process_one_work+0x848/0x16b4 kernel/workqueue.c:2289
worker_thread+0x8e4/0xfec kernel/workqueue.c:2436
kthread+0x24c/0x2d4 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
irq event stamp: 1970
hardirqs last enabled at (1969): [<ffff8000123302d4>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (1969): [<ffff8000123302d4>] _raw_spin_unlock_irq+0x3c/0x90 kernel/locking/spinlock.c:202
hardirqs last disabled at (1970): [<ffff80001224c56c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (0): [<ffff8000081a618c>] copy_process+0x1380/0x384c kernel/fork.c:2201
softirqs last disabled at (0): [<0000000000000000>] 0x0
---[ end trace 0000000000000000 ]---
Bluetooth: hci5: command 0x0406 tx timeout
Bluetooth: hci0: command 0x0406 tx timeout
Bluetooth: hci3: command 0x0406 tx timeout
Bluetooth: hci1: command 0x0406 tx timeout
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 42616e0f09fb Linux 6.1.15
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=177e9e24c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=650737f7e9682672
dashboard link: https://syzkaller.appspot.com/bug?extid=bfbb27ac82ea130a7a95
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f10713d1fd0f/disk-42616e0f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/5a1307bb774e/vmlinux-42616e0f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/388238a30fe4/Image-42616e0f.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bfbb27...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 47 at net/bluetooth/hci_conn.c:646 hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:646
Modules linked in:
CPU: 0 PID: 47 Comm: kworker/u5:0 Not tainted 6.1.15-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Workqueue: hci4 hci_conn_timeout
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:646
lr : hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:646
sp : ffff80001b217b20
x29: ffff80001b217b30 x28: ffff0000d41ba400 x27: ffff0000de052250
x26: ffff0000c2ba8618 x25: 1fffe000185750c3 x24: dfff800000000000
x23: ffff0000d41ba408 x22: dfff800000000000 x21: 00000000ffffffff
x20: ffff0000de052000 x19: ffff0000de052250 x18: ffff80001b217880
x17: ffff80001141bde0 x16: ffff8000084fc844 x15: 0000000000000000
x14: 000000006cc70e04 x13: dfff800000000000 x12: 0000000000000001
x11: ff808000114205a8 x10: 0000000000000000 x9 : ffff8000114205a8
x8 : ffff0000c2a751c0 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff8000187d6000 x4 : 0000000000000008 x3 : ffff8000114203d4
x2 : 0000000000000000 x1 : 00000000ffffffff x0 : 0000000000000000
Call trace:
hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:646
process_one_work+0x848/0x16b4 kernel/workqueue.c:2289
worker_thread+0x8e4/0xfec kernel/workqueue.c:2436
kthread+0x24c/0x2d4 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
irq event stamp: 1970
hardirqs last enabled at (1969): [<ffff8000123302d4>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (1969): [<ffff8000123302d4>] _raw_spin_unlock_irq+0x3c/0x90 kernel/locking/spinlock.c:202
hardirqs last disabled at (1970): [<ffff80001224c56c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (0): [<ffff8000081a618c>] copy_process+0x1380/0x384c kernel/fork.c:2201
softirqs last disabled at (0): [<0000000000000000>] 0x0
---[ end trace 0000000000000000 ]---
Bluetooth: hci5: command 0x0406 tx timeout
Bluetooth: hci0: command 0x0406 tx timeout
Bluetooth: hci3: command 0x0406 tx timeout
Bluetooth: hci1: command 0x0406 tx timeout
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 10, 2023, 9:50:55 AM3/10/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: abddfcf701a5 Linux 5.15.99
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10b7ec34c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=53e47369740caba3
dashboard link: https://syzkaller.appspot.com/bug?extid=b3668760e544f4a0b191
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/78c522505d54/disk-abddfcf7.raw.xz
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/caca388168a7/vmlinux-abddfcf7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e6db198604be/Image-abddfcf7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4101 at net/bluetooth/hci_conn.c:445 hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:445
Modules linked in:
CPU: 0 PID: 4101 Comm: kworker/u5:4 Not tainted 5.15.99-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Workqueue: hci0 hci_conn_timeout
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:445
lr : hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:445
sp : ffff80001cf37b20
x29: ffff80001cf37b30 x28: ffff0000c5512000 x27: ffff0000da90a138
x26: ffff0000c0fca618 x25: ffff0000d09fa000 x24: dfff800000000000
x23: ffff0000d09fa008 x22: dfff800000000000 x21: 00000000ffffffff
x20: ffff0000da90a000 x19: ffff0000da90a138 x18: ffff80001cf37880
x17: ff80800010dc7c40 x16: ffff8000084c6b5c x15: ffff800010dc7c40
x14: 000000000748c752 x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800010cf720c x10: 0000000000000000 x9 : ffff800010cf720c
x8 : ffff0000c2c35040 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800017524c50 x4 : 0000000000000008 x3 : ffff800010cf7038
x2 : 0000000000000000 x1 : 00000000ffffffff x0 : 0000000000000000
Call trace:
hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:445
Call trace:
process_one_work+0x84c/0x14b8 kernel/workqueue.c:2306
worker_thread+0x910/0x1034 kernel/workqueue.c:2453
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 <unknown>:870
irq event stamp: 1258
hardirqs last enabled at (1257): [<ffff800011adcd58>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last enabled at (1257): [<ffff800011adcd58>] _raw_spin_unlock_irq+0x9c/0x134 kernel/locking/spinlock.c:202
hardirqs last disabled at (1258): [<ffff800011a04b38>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (0): [<ffff800008193140>] copy_process+0x12c4/0x3750 kernel/fork.c:2143
softirqs last disabled at (0): [<0000000000000000>] 0x0
---[ end trace e639670d9feea142 ]---
syzbot
Mar 10, 2023, 11:13:46 PM3/10/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 8a923980a190 Linux 6.1.16
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17645a5cc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=890c08c5270b796
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=101d0bcac80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b5419f7c9b17/disk-8a923980.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/eda486f8541a/vmlinux-8a923980.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e1451605e837/bzImage-8a923980.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bfbb27...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 48 at net/bluetooth/hci_conn.c:646 hci_conn_timeout+0x250/0x420
Modules linked in:
CPU: 1 PID: 48 Comm: kworker/u5:0 Not tainted 6.1.16-syzkaller #0
RIP: 0010:hci_conn_timeout+0x250/0x420 net/bluetooth/hci_conn.c:646
Code: 52 8e e8 f3 e7 51 f8 48 8b 35 44 bf c3 04 bf 08 00 00 00 48 89 da 5b 41 5c 41 5d 41 5e 41 5f 5d e9 55 8d ca f7 e8 f0 83 fb f7 <0f> 0b e9 34 fe ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c dd fd ff
RSP: 0018:ffffc90000b97c28 EFLAGS: 00010293
RAX: ffffffff898edd30 RBX: ffff88802388c250 RCX: ffff888018950000
RDX: 0000000000000000 RSI: 00000000ffff6e06 RDI: 0000000000000000
RBP: 00000000ffff6e06 R08: ffffffff898edb41 R09: ffffed1004711803
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff110030fdf23 R14: ffff88802388c000 R15: ffff888018908000
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555561be608 CR3: 000000000cc8e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
process_one_work+0x909/0x1380 kernel/workqueue.c:2289
worker_thread+0xa5f/0x1210 kernel/workqueue.c:2436
kthread+0x268/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
HEAD commit: 8a923980a190 Linux 6.1.16
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17645a5cc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=890c08c5270b796
dashboard link: https://syzkaller.appspot.com/bug?extid=bfbb27ac82ea130a7a95
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16271188c80000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=101d0bcac80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b5419f7c9b17/disk-8a923980.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/eda486f8541a/vmlinux-8a923980.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e1451605e837/bzImage-8a923980.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bfbb27...@syzkaller.appspotmail.com
------------[ cut here ]------------
Modules linked in:
CPU: 1 PID: 48 Comm: kworker/u5:0 Not tainted 6.1.16-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Workqueue: hci0 hci_conn_timeout
RIP: 0010:hci_conn_timeout+0x250/0x420 net/bluetooth/hci_conn.c:646
Code: 52 8e e8 f3 e7 51 f8 48 8b 35 44 bf c3 04 bf 08 00 00 00 48 89 da 5b 41 5c 41 5d 41 5e 41 5f 5d e9 55 8d ca f7 e8 f0 83 fb f7 <0f> 0b e9 34 fe ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c dd fd ff
RSP: 0018:ffffc90000b97c28 EFLAGS: 00010293
RAX: ffffffff898edd30 RBX: ffff88802388c250 RCX: ffff888018950000
RDX: 0000000000000000 RSI: 00000000ffff6e06 RDI: 0000000000000000
RBP: 00000000ffff6e06 R08: ffffffff898edb41 R09: ffffed1004711803
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff110030fdf23 R14: ffff88802388c000 R15: ffff888018908000
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555561be608 CR3: 000000000cc8e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
process_one_work+0x909/0x1380 kernel/workqueue.c:2289
worker_thread+0xa5f/0x1210 kernel/workqueue.c:2436
kthread+0x268/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
syzbot
Mar 11, 2023, 4:59:47 AM3/11/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: abddfcf701a5 Linux 5.15.99
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14dff592c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=132c3442c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/78c522505d54/disk-abddfcf7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/caca388168a7/vmlinux-abddfcf7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e6db198604be/Image-abddfcf7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b36687...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4086 at net/bluetooth/hci_conn.c:445 hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:445
Modules linked in:
CPU: 0 PID: 4086 Comm: kworker/u5:2 Not tainted 5.15.99-syzkaller #0
x29: ffff80001caf7b30 x28: ffff0000c2fe1000 x27: ffff0000cd6c8138
x26: ffff0000d1d6c418 x25: ffff0000d27fac00 x24: dfff800000000000
x23: ffff0000d27fac08 x22: dfff800000000000 x21: 00000000ffff8ad6
x20: ffff0000cd6c8000 x19: ffff0000cd6c8138 x18: ffff80001caf7880
x17: 1fffe000368fc58e x16: ffff8000084c6b5c x15: 000000000000c857
x5 : ffff800017524b90 x4 : 0000000000000008 x3 : ffff800010cf7038
x2 : 0000000000000000 x1 : 00000000ffff8ad6 x0 : 0000000000000000
hardirqs last enabled at (1113923): [<ffff800011adcd58>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last enabled at (1113923): [<ffff800011adcd58>] _raw_spin_unlock_irq+0x9c/0x134 kernel/locking/spinlock.c:202
hardirqs last disabled at (1113924): [<ffff800011a04b38>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (1109000): [<ffff800008020e34>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (1109000): [<ffff800008020e34>] __do_softirq+0xcc4/0xf60 kernel/softirq.c:587
softirqs last disabled at (1108989): [<ffff8000081b7b48>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (1108989): [<ffff8000081b7b48>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (1108989): [<ffff8000081b7b48>] __irq_exit_rcu+0x28c/0x534 kernel/softirq.c:636
---[ end trace 03f4dda79881394d ]---
HEAD commit: abddfcf701a5 Linux 5.15.99
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=53e47369740caba3
dashboard link: https://syzkaller.appspot.com/bug?extid=b3668760e544f4a0b191
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=174aae42c80000
dashboard link: https://syzkaller.appspot.com/bug?extid=b3668760e544f4a0b191
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=132c3442c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/78c522505d54/disk-abddfcf7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/caca388168a7/vmlinux-abddfcf7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e6db198604be/Image-abddfcf7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b36687...@syzkaller.appspotmail.com
------------[ cut here ]------------
Modules linked in:
CPU: 0 PID: 4086 Comm: kworker/u5:2 Not tainted 5.15.99-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Workqueue: hci0 hci_conn_timeout
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:445
lr : hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:445
sp : ffff80001caf7b20
Workqueue: hci0 hci_conn_timeout
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:445
lr : hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:445
x29: ffff80001caf7b30 x28: ffff0000c2fe1000 x27: ffff0000cd6c8138
x26: ffff0000d1d6c418 x25: ffff0000d27fac00 x24: dfff800000000000
x23: ffff0000d27fac08 x22: dfff800000000000 x21: 00000000ffff8ad6
x20: ffff0000cd6c8000 x19: ffff0000cd6c8138 x18: ffff80001caf7880
x17: 1fffe000368fc58e x16: ffff8000084c6b5c x15: 000000000000c857
x14: 000000000748c752 x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800010cf720c x10: 0000000000000000 x9 : ffff800010cf720c
x8 : ffff0000c21e5040 x7 : 0000000000000000 x6 : 0000000000000000
x11: ff80800010cf720c x10: 0000000000000000 x9 : ffff800010cf720c
x5 : ffff800017524b90 x4 : 0000000000000008 x3 : ffff800010cf7038
x2 : 0000000000000000 x1 : 00000000ffff8ad6 x0 : 0000000000000000
Call trace:
hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:445
process_one_work+0x84c/0x14b8 kernel/workqueue.c:2306
worker_thread+0x910/0x1034 kernel/workqueue.c:2453
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 <unknown>:870
irq event stamp: 1113924
hci_conn_timeout+0x210/0x3f4 net/bluetooth/hci_conn.c:445
process_one_work+0x84c/0x14b8 kernel/workqueue.c:2306
worker_thread+0x910/0x1034 kernel/workqueue.c:2453
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 <unknown>:870
hardirqs last enabled at (1113923): [<ffff800011adcd58>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last enabled at (1113923): [<ffff800011adcd58>] _raw_spin_unlock_irq+0x9c/0x134 kernel/locking/spinlock.c:202
hardirqs last disabled at (1113924): [<ffff800011a04b38>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (1109000): [<ffff800008020e34>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (1109000): [<ffff800008020e34>] __do_softirq+0xcc4/0xf60 kernel/softirq.c:587
softirqs last disabled at (1108989): [<ffff8000081b7b48>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (1108989): [<ffff8000081b7b48>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (1108989): [<ffff8000081b7b48>] __irq_exit_rcu+0x28c/0x534 kernel/softirq.c:636
---[ end trace 03f4dda79881394d ]---
syzbot
Nov 20, 2023, 10:27:05 AM11/20/23
to syzkaller...@googlegroups.com
syzbot suspects this issue could be fixed by backporting the following commit:
commit 5af1f84ed13a416297ab9ced7537f4d5ae7f329a
git tree: upstream
Author: Luiz Augusto von Dentz <luiz.vo...@intel.com>
Date: Thu Aug 3 18:04:51 2023 +0000
Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1187ba00e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=5afeea223ff7d6fa
dashboard link: https://syzkaller.appspot.com/bug?extid=bfbb27ac82ea130a7a95
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16551aada80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15329af7a80000
Please keep in mind that other backports might be required as well.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 5af1f84ed13a416297ab9ced7537f4d5ae7f329a
git tree: upstream
Author: Luiz Augusto von Dentz <luiz.vo...@intel.com>
Date: Thu Aug 3 18:04:51 2023 +0000
Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1187ba00e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=5afeea223ff7d6fa
dashboard link: https://syzkaller.appspot.com/bug?extid=bfbb27ac82ea130a7a95
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16551aada80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15329af7a80000
Please keep in mind that other backports might be required as well.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
Nov 21, 2023, 1:09:07 PM11/21/23
to syzkaller...@googlegroups.com
syzbot suspects this issue could be fixed by backporting the following commit:
commit 5af1f84ed13a416297ab9ced7537f4d5ae7f329a
git tree: upstream
Author: Luiz Augusto von Dentz <luiz.vo...@intel.com>
Date: Thu Aug 3 18:04:51 2023 +0000
Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12b56090e80000
commit 5af1f84ed13a416297ab9ced7537f4d5ae7f329a
git tree: upstream
Author: Luiz Augusto von Dentz <luiz.vo...@intel.com>
Date: Thu Aug 3 18:04:51 2023 +0000
Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
kernel config: https://syzkaller.appspot.com/x/.config?x=717fa62bb7f0fe9
dashboard link: https://syzkaller.appspot.com/bug?extid=b3668760e544f4a0b191
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=126c1abf280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16065ebf280000
Reply all
Reply to author
Forward
0 new messages