[RFC PATCH 1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups

[RFC PATCH 1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups

[Pauli Virtanen]

When using conn_hash lookup functions that return hci_conn*,
hdev->lock/rcu_read_lock shall cover dereferencing and other usage of
the returned conn. Cf. BUG!!! in Documentation/RCU/whatisRCU.rst

This makes builds with CONFIG_PROVE_RCU emit lockdep splats if these
functions are called without appropriate locks.

The lookup functions actually should not call rcu_read_lock(), but do
list_for_each_entry_rcu(c, &h->list, list, lockdep_is_held(&hdev->lock))
leaving locking to the caller. However, for now just emit lockdep
warning but don't change locking here to not change behavior in existing
callsites.

Signed-off-by: Pauli Virtanen <pav@iki.fi>
---

Notes:
    There's been several syzkaller concurrency bugs vs. hci_conn* locking.
    
    It's probably a good idea to add these lockdep warnings in the
    hci_conn_hash functions, and to fix up whatever they reveal.
    
    It used to be that hci_conn* handling was mostly single-threaded and all
    this was unnecessary, however now that we are doing hci_conn_del() and
    other things in hci_sync from different concurrent workqueue, locking is
    needed or it gets dangerous...
    
    RFC since probably callsites should be fixed before this.  I have an
    unfinished patch series that fixes up the lockdep splats these checks
    generate.  The locking in hci_sync seems a bit harder to deal with,
    maybe needs some redesign there.
    
    General pattern should be
    
        hci_dev_lock(hdev); /* or rcu_read_lock() */
        conn = hci_conn_hash_lookup_xxx(hdev, ...);
        if (!conn) {
            hci_dev_unlock(hdev);
            return -ENOENT;
        }
        do_something(stuff);
        hci_dev_unlock(hdev);
    
    or
    
        rcu_read_lock();
        conn = hci_conn_hash_lookup_xxx(hdev, ...);
        if (conn)
            hci_conn_get(conn);
        rcu_read_unlock();
        if (!conn)
            return -ENOENT;
        do_something_carefully(conn);
        hci_conn_put(conn);

 include/net/bluetooth/hci_core.h | 40 ++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 66523b74f828..0a77813fef1f 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -1060,6 +1060,18 @@ static inline void hci_conn_hash_del(struct hci_dev *hdev, struct hci_conn *c)
 	}
 }
 
+/* TODO: later on, remove all rcu_read_lock() in lookups and use instead
+ * list_for_each_entry_rcu(c, &h->list, list, lockdep_is_held(&hdev->lock))
+ */
+#ifdef CONFIG_PROVE_RCU
+#define HCI_CONN_HASH_LOCKDEP_CHECK(hdev)				\
+	RCU_LOCKDEP_WARN(!lockdep_is_held(&(hdev)->lock) &&		\
+			 !rcu_read_lock_held(),				\
+			 "wrong hci_conn* locking")
+#else
+#define HCI_CONN_HASH_LOCKDEP_CHECK(hdev) do { } while (0 && (hdev))
+#endif
+
 static inline unsigned int hci_conn_num(struct hci_dev *hdev, __u8 type)
 {
 	struct hci_conn_hash *h = &hdev->conn_hash;
@@ -1141,6 +1153,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_bis(struct hci_dev *hdev,
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1163,6 +1177,8 @@ hci_conn_hash_lookup_create_pa_sync(struct hci_dev *hdev)
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1189,6 +1205,8 @@ hci_conn_hash_lookup_per_adv_bis(struct hci_dev *hdev,
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1213,6 +1231,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_handle(struct hci_dev *hdev,
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1232,6 +1252,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_ba(struct hci_dev *hdev,
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1253,6 +1275,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_le(struct hci_dev *hdev,
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1279,6 +1303,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_cis(struct hci_dev *hdev,
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1311,6 +1337,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_cig(struct hci_dev *hdev,
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1334,6 +1362,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_big(struct hci_dev *hdev,
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1358,6 +1388,8 @@ hci_conn_hash_lookup_big_sync_pend(struct hci_dev *hdev,
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1382,6 +1414,8 @@ hci_conn_hash_lookup_big_state(struct hci_dev *hdev, __u8 handle, __u16 state,
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1405,6 +1439,8 @@ hci_conn_hash_lookup_pa_sync_big_handle(struct hci_dev *hdev, __u8 big)
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1428,6 +1464,8 @@ hci_conn_hash_lookup_pa_sync_handle(struct hci_dev *hdev, __u16 sync_handle)
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
@@ -1497,6 +1535,8 @@ static inline struct hci_conn *hci_lookup_le_connect(struct hci_dev *hdev)
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
-- 
2.51.0

[RFC PATCH 2/2] Bluetooth: hci_core: add lockdep check to hci_conn_valid()

[Pauli Virtanen]

Typically hci_conn_valid(conn) is used to check whether conn is still
alive, after which it is dereferenced.  This check only makes sense
within rcu_read_lock() or hci_dev_lock() critical section.

With improper locking, it is potential UAF, as conn may be deleted after
hci_conn_valid() check was done. If hci_conn_get() refcount is held,
there is no UAF but the hci_conn_valid() check itself is useless, as it
does not guarantee conn has not been deleted.

Add lockdep splat to hci_conn_valid() to catch callers with wrong
locking.

Signed-off-by: Pauli Virtanen <pav@iki.fi>
---
 include/net/bluetooth/hci_core.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 0a77813fef1f..0c6c29bb2818 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -1114,6 +1114,8 @@ static inline bool hci_conn_valid(struct hci_dev *hdev, struct hci_conn *conn)
 	struct hci_conn_hash *h = &hdev->conn_hash;
 	struct hci_conn  *c;
 
+	HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(c, &h->list, list) {
-- 
2.51.0

RE: [RFC,1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 4547 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1001955

---Test result---

Test Summary:
CheckPatch                    PENDING   0.28 seconds
GitLint                       PENDING   0.25 seconds
SubjectPrefix                 PASS      0.22 seconds
BuildKernel                   PASS      24.45 seconds
CheckAllWarning               PASS      27.25 seconds
CheckSparse                   PASS      30.74 seconds
BuildKernel32                 PASS      24.44 seconds
TestRunnerSetup               PASS      486.11 seconds
TestRunner_l2cap-tester       FAIL      25.68 seconds
TestRunner_iso-tester         FAIL      38.99 seconds
TestRunner_bnep-tester        PASS      6.18 seconds
TestRunner_mgmt-tester        FAIL      129.91 seconds
TestRunner_rfcomm-tester      FAIL      9.69 seconds
TestRunner_sco-tester         FAIL      15.34 seconds
TestRunner_ioctl-tester       FAIL      10.41 seconds
TestRunner_mesh-tester        FAIL      11.39 seconds
TestRunner_smp-tester         FAIL      8.84 seconds
TestRunner_userchan-tester    PASS      6.20 seconds
IncrementalBuild              PENDING   0.57 seconds

Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:

##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:

##############################
Test: TestRunner_l2cap-tester - FAIL
Desc: Run l2cap-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 68, Passed: 68 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner_iso-tester - FAIL
Desc: Run iso-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 135, Passed: 135 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 490, Passed: 483 (98.6%), Failed: 3, Not Run: 4

Failed Test Cases
Read Exp Feature - Success                           Failed       0.104 seconds
LL Privacy - Add Device 3 (AL is full)               Failed       0.224 seconds
LL Privacy - Set Flags 4 (RL is full)                Failed       0.270 seconds
##############################
Test: TestRunner_rfcomm-tester - FAIL
Desc: Run rfcomm-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 11, Passed: 11 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner_sco-tester - FAIL
Desc: Run sco-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 24, Passed: 24 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner_ioctl-tester - FAIL
Desc: Run ioctl-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 28, Passed: 28 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
WARNING: suspicious RCU usage
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0

Failed Test Cases
Mesh - Send cancel - 1                               Timed out    2.012 seconds
Mesh - Send cancel - 2                               Timed out    1.996 seconds
##############################
Test: TestRunner_smp-tester - FAIL
Desc: Run smp-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:



---
Regards,
Linux Bluetooth

Re: [RFC,1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups

[Luiz Augusto von Dentz]

Hi Pauli,

On Fri, Sep 12, 2025 at 6:33 PM <bluez.test.bot@gmail.com> wrote:
>
> This is automated email and please do not reply to this email!
>
> Dear submitter,
>
> Thank you for submitting the patches to the linux bluetooth mailing list.
> This is a CI test results with your patch series:
> PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1001955
>
> ---Test result---
>
> Test Summary:
> CheckPatch                    PENDING   0.28 seconds
> GitLint                       PENDING   0.25 seconds
> SubjectPrefix                 PASS      0.22 seconds
> BuildKernel                   PASS      24.45 seconds
> CheckAllWarning               PASS      27.25 seconds
> CheckSparse                   PASS      30.74 seconds
> BuildKernel32                 PASS      24.44 seconds
> TestRunnerSetup               PASS      486.11 seconds
> TestRunner_l2cap-tester       FAIL      25.68 seconds
> TestRunner_iso-tester         FAIL      38.99 seconds
> TestRunner_bnep-tester        PASS      6.18 seconds
> TestRunner_mgmt-tester        FAIL      129.91 seconds
> TestRunner_rfcomm-tester      FAIL      9.69 seconds
> TestRunner_sco-tester         FAIL      15.34 seconds
> TestRunner_ioctl-tester       FAIL      10.41 seconds
> TestRunner_mesh-tester        FAIL      11.39 seconds
> TestRunner_smp-tester         FAIL      8.84 seconds
> TestRunner_userchan-tester    PASS      6.20 seconds
> IncrementalBuild              PENDING   0.57 seconds
>
> Details
> ##############################
> Test: CheckPatch - PENDING
> Desc: Run checkpatch.pl script
> Output:
>
> ##############################
> Test: GitLint - PENDING
> Desc: Run gitlint
> Output:
>
> ##############################
> Test: TestRunner_l2cap-tester - FAIL
> Desc: Run l2cap-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> Total: 68, Passed: 68 (100.0%), Failed: 0, Not Run: 0
> ##############################
> Test: TestRunner_iso-tester - FAIL
> Desc: Run iso-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> Total: 135, Passed: 135 (100.0%), Failed: 0, Not Run: 0
> ##############################
> Test: TestRunner_mgmt-tester - FAIL
> Desc: Run mgmt-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> Total: 490, Passed: 483 (98.6%), Failed: 3, Not Run: 4
>
> Failed Test Cases
> Read Exp Feature - Success                           Failed       0.104 seconds
> LL Privacy - Add Device 3 (AL is full)               Failed       0.224 seconds
> LL Privacy - Set Flags 4 (RL is full)                Failed       0.270 seconds
> ##############################
> Test: TestRunner_rfcomm-tester - FAIL
> Desc: Run rfcomm-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> Total: 11, Passed: 11 (100.0%), Failed: 0, Not Run: 0
> ##############################
> Test: TestRunner_sco-tester - FAIL
> Desc: Run sco-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> Total: 24, Passed: 24 (100.0%), Failed: 0, Not Run: 0
> ##############################
> Test: TestRunner_ioctl-tester - FAIL
> Desc: Run ioctl-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> Total: 28, Passed: 28 (100.0%), Failed: 0, Not Run: 0
> ##############################
> Test: TestRunner_mesh-tester - FAIL
> Desc: Run mesh-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
>
> Failed Test Cases
> Mesh - Send cancel - 1                               Timed out    2.012 seconds
> Mesh - Send cancel - 2                               Timed out    1.996 seconds
> ##############################
> Test: TestRunner_smp-tester - FAIL
> Desc: Run smp-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage

Hmm, it would have been better that this prints the function name as
well, but it doesn't seem it prints the message from
HCI_CONN_HASH_LOCKDEP_CHECK for some reason or perhaps we are missing
some config option?

> Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0
> ##############################
> Test: IncrementalBuild - PENDING
> Desc: Incremental build with the patches in the series
> Output:
>
>
>
> ---
> Regards,
> Linux Bluetooth
>


-- 
Luiz Augusto von Dentz

Re: [RFC,1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups

[Pauli Virtanen]

Hi,

ma, 2025-09-15 kello 09:39 -0400, Luiz Augusto von Dentz kirjoitti:
> Hi Pauli,
> 
> On Fri, Sep 12, 2025 at 6:33 PM <bluez.test.bot@gmail.com> wrote:
> > 
> > This is automated email and please do not reply to this email!
> > 
> > Dear submitter,
> > 
> > Thank you for submitting the patches to the linux bluetooth mailing list.
> > This is a CI test results with your patch series:
> > PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1001955
> > 
> > ---Test result---
> > 
> > Test Summary:
> > CheckPatch                    PENDING   0.28 seconds
> > GitLint                       PENDING   0.25 seconds
> > SubjectPrefix                 PASS      0.22 seconds
> > BuildKernel                   PASS      24.45 seconds
> > CheckAllWarning               PASS      27.25 seconds
> > CheckSparse                   PASS      30.74 seconds
> > BuildKernel32                 PASS      24.44 seconds
> > TestRunnerSetup               PASS      486.11 seconds
> > TestRunner_l2cap-tester       FAIL      25.68 seconds
> > TestRunner_iso-tester         FAIL      38.99 seconds
> > TestRunner_bnep-tester        PASS      6.18 seconds
> > TestRunner_mgmt-tester        FAIL      129.91 seconds
> > TestRunner_rfcomm-tester      FAIL      9.69 seconds
> > TestRunner_sco-tester         FAIL      15.34 seconds
> > TestRunner_ioctl-tester       FAIL      10.41 seconds
> > TestRunner_mesh-tester        FAIL      11.39 seconds
> > TestRunner_smp-tester         FAIL      8.84 seconds
> > TestRunner_userchan-tester    PASS      6.20 seconds
> > IncrementalBuild              PENDING   0.57 seconds
> > 
> > Details
> > ##############################
> > Test: CheckPatch - PENDING
> > Desc: Run checkpatch.pl script
> > Output:
> > 
> > ##############################
> > Test: GitLint - PENDING
> > Desc: Run gitlint
> > Output:
> > 
> > ##############################
> > Test: TestRunner_l2cap-tester - FAIL
> > Desc: Run l2cap-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > Total: 68, Passed: 68 (100.0%), Failed: 0, Not Run: 0
> > ##############################
> > Test: TestRunner_iso-tester - FAIL
> > Desc: Run iso-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > Total: 135, Passed: 135 (100.0%), Failed: 0, Not Run: 0
> > ##############################
> > Test: TestRunner_mgmt-tester - FAIL
> > Desc: Run mgmt-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > Total: 490, Passed: 483 (98.6%), Failed: 3, Not Run: 4
> > 
> > Failed Test Cases
> > Read Exp Feature - Success                           Failed       0.104 seconds
> > LL Privacy - Add Device 3 (AL is full)               Failed       0.224 seconds
> > LL Privacy - Set Flags 4 (RL is full)                Failed       0.270 seconds
> > ##############################
> > Test: TestRunner_rfcomm-tester - FAIL
> > Desc: Run rfcomm-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > Total: 11, Passed: 11 (100.0%), Failed: 0, Not Run: 0
> > ##############################
> > Test: TestRunner_sco-tester - FAIL
> > Desc: Run sco-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > Total: 24, Passed: 24 (100.0%), Failed: 0, Not Run: 0
> > ##############################
> > Test: TestRunner_ioctl-tester - FAIL
> > Desc: Run ioctl-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > Total: 28, Passed: 28 (100.0%), Failed: 0, Not Run: 0
> > ##############################
> > Test: TestRunner_mesh-tester - FAIL
> > Desc: Run mesh-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
> > 
> > Failed Test Cases
> > Mesh - Send cancel - 1                               Timed out    2.012 seconds
> > Mesh - Send cancel - 2                               Timed out    1.996 seconds
> > ##############################
> > Test: TestRunner_smp-tester - FAIL
> > Desc: Run smp-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> 
> Hmm, it would have been better that this prints the function name as
> well, but it doesn't seem it prints the message from
> HCI_CONN_HASH_LOCKDEP_CHECK for some reason or perhaps we are missing
> some config option?

The splat itself does contain the location and the backtrace, see
example below.

The test bot only includes the line with "WARNING:" in the summary,
you'd have to go to github to see the full log. Maybe we could change
it to include more lines for context for BUG/WARNING/GFP.

RCU_LOCKDEP_WARN() has some additional rcu-specific checks, but
probably they're not so important here as we're not in early boot and
WARN_ON_ONCE() might also be OK.


=============================
WARNING: suspicious RCU usage
6.16.0-rc6-01737-gb9b65e1e560f #653 Not tainted
-----------------------------
./include/net/bluetooth/hci_core.h:1236 wrong hci_conn* locking!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
2 locks held by kworker/u5:0/86:
 #0: ffff888002365940 ((wq_completion)hci0#3){+.+.}-{0:0}, at:
process_one_work+0xc3b/0x13c0
 #1: ffff888002297d98 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0},
at: process_one_work+0x78b/0x13c0

stack backtrace:
CPU: 0 UID: 0 PID: 86 Comm: kworker/u5:0 Not tainted 6.16.0-rc6-01737-
gb9b65e1e560f #653 PREEMPT(none) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc42
04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x3a/0x60
 lockdep_rcu_suspicious.cold+0x55/0x93
 hci_num_comp_pkts_evt+0x484/0xaf0
 hci_event_packet+0x7ba/0xee0
 ...



> 
> > Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0
> > ##############################
> > Test: IncrementalBuild - PENDING
> > Desc: Incremental build with the patches in the series
> > Output:
> > 
> > 
> > 
> > ---
> > Regards,
> > Linux Bluetooth
> > 
> 

-- 
Pauli Virtanen