* [RFC PATCH 1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups
@ 2025-09-12 21:37 Pauli Virtanen
2025-09-12 21:37 ` [RFC PATCH 2/2] Bluetooth: hci_core: add lockdep check to hci_conn_valid() Pauli Virtanen
2025-09-12 22:33 ` [RFC,1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups bluez.test.bot
0 siblings, 2 replies; 5+ messages in thread
From: Pauli Virtanen @ 2025-09-12 21:37 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Pauli Virtanen
When using conn_hash lookup functions that return hci_conn*,
hdev->lock/rcu_read_lock shall cover dereferencing and other usage of
the returned conn. Cf. BUG!!! in Documentation/RCU/whatisRCU.rst
This makes builds with CONFIG_PROVE_RCU emit lockdep splats if these
functions are called without appropriate locks.
The lookup functions actually should not call rcu_read_lock(), but do
list_for_each_entry_rcu(c, &h->list, list, lockdep_is_held(&hdev->lock))
leaving locking to the caller. However, for now just emit lockdep
warning but don't change locking here to not change behavior in existing
callsites.
Signed-off-by: Pauli Virtanen <pav@iki.fi>
---
Notes:
There's been several syzkaller concurrency bugs vs. hci_conn* locking.
It's probably a good idea to add these lockdep warnings in the
hci_conn_hash functions, and to fix up whatever they reveal.
It used to be that hci_conn* handling was mostly single-threaded and all
this was unnecessary, however now that we are doing hci_conn_del() and
other things in hci_sync from different concurrent workqueue, locking is
needed or it gets dangerous...
RFC since probably callsites should be fixed before this. I have an
unfinished patch series that fixes up the lockdep splats these checks
generate. The locking in hci_sync seems a bit harder to deal with,
maybe needs some redesign there.
General pattern should be
hci_dev_lock(hdev); /* or rcu_read_lock() */
conn = hci_conn_hash_lookup_xxx(hdev, ...);
if (!conn) {
hci_dev_unlock(hdev);
return -ENOENT;
}
do_something(stuff);
hci_dev_unlock(hdev);
or
rcu_read_lock();
conn = hci_conn_hash_lookup_xxx(hdev, ...);
if (conn)
hci_conn_get(conn);
rcu_read_unlock();
if (!conn)
return -ENOENT;
do_something_carefully(conn);
hci_conn_put(conn);
include/net/bluetooth/hci_core.h | 40 ++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 66523b74f828..0a77813fef1f 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -1060,6 +1060,18 @@ static inline void hci_conn_hash_del(struct hci_dev *hdev, struct hci_conn *c)
}
}
+/* TODO: later on, remove all rcu_read_lock() in lookups and use instead
+ * list_for_each_entry_rcu(c, &h->list, list, lockdep_is_held(&hdev->lock))
+ */
+#ifdef CONFIG_PROVE_RCU
+#define HCI_CONN_HASH_LOCKDEP_CHECK(hdev) \
+ RCU_LOCKDEP_WARN(!lockdep_is_held(&(hdev)->lock) && \
+ !rcu_read_lock_held(), \
+ "wrong hci_conn* locking")
+#else
+#define HCI_CONN_HASH_LOCKDEP_CHECK(hdev) do { } while (0 && (hdev))
+#endif
+
static inline unsigned int hci_conn_num(struct hci_dev *hdev, __u8 type)
{
struct hci_conn_hash *h = &hdev->conn_hash;
@@ -1141,6 +1153,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_bis(struct hci_dev *hdev,
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1163,6 +1177,8 @@ hci_conn_hash_lookup_create_pa_sync(struct hci_dev *hdev)
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1189,6 +1205,8 @@ hci_conn_hash_lookup_per_adv_bis(struct hci_dev *hdev,
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1213,6 +1231,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_handle(struct hci_dev *hdev,
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1232,6 +1252,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_ba(struct hci_dev *hdev,
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1253,6 +1275,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_le(struct hci_dev *hdev,
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1279,6 +1303,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_cis(struct hci_dev *hdev,
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1311,6 +1337,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_cig(struct hci_dev *hdev,
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1334,6 +1362,8 @@ static inline struct hci_conn *hci_conn_hash_lookup_big(struct hci_dev *hdev,
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1358,6 +1388,8 @@ hci_conn_hash_lookup_big_sync_pend(struct hci_dev *hdev,
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1382,6 +1414,8 @@ hci_conn_hash_lookup_big_state(struct hci_dev *hdev, __u8 handle, __u16 state,
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1405,6 +1439,8 @@ hci_conn_hash_lookup_pa_sync_big_handle(struct hci_dev *hdev, __u8 big)
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1428,6 +1464,8 @@ hci_conn_hash_lookup_pa_sync_handle(struct hci_dev *hdev, __u16 sync_handle)
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
@@ -1497,6 +1535,8 @@ static inline struct hci_conn *hci_lookup_le_connect(struct hci_dev *hdev)
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
--
2.51.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* [RFC PATCH 2/2] Bluetooth: hci_core: add lockdep check to hci_conn_valid()
2025-09-12 21:37 [RFC PATCH 1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups Pauli Virtanen
@ 2025-09-12 21:37 ` Pauli Virtanen
2025-09-12 22:33 ` [RFC,1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups bluez.test.bot
1 sibling, 0 replies; 5+ messages in thread
From: Pauli Virtanen @ 2025-09-12 21:37 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Pauli Virtanen
Typically hci_conn_valid(conn) is used to check whether conn is still
alive, after which it is dereferenced. This check only makes sense
within rcu_read_lock() or hci_dev_lock() critical section.
With improper locking, it is potential UAF, as conn may be deleted after
hci_conn_valid() check was done. If hci_conn_get() refcount is held,
there is no UAF but the hci_conn_valid() check itself is useless, as it
does not guarantee conn has not been deleted.
Add lockdep splat to hci_conn_valid() to catch callers with wrong
locking.
Signed-off-by: Pauli Virtanen <pav@iki.fi>
---
include/net/bluetooth/hci_core.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 0a77813fef1f..0c6c29bb2818 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -1114,6 +1114,8 @@ static inline bool hci_conn_valid(struct hci_dev *hdev, struct hci_conn *conn)
struct hci_conn_hash *h = &hdev->conn_hash;
struct hci_conn *c;
+ HCI_CONN_HASH_LOCKDEP_CHECK(hdev);
+
rcu_read_lock();
list_for_each_entry_rcu(c, &h->list, list) {
--
2.51.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* RE: [RFC,1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups
2025-09-12 21:37 [RFC PATCH 1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups Pauli Virtanen
2025-09-12 21:37 ` [RFC PATCH 2/2] Bluetooth: hci_core: add lockdep check to hci_conn_valid() Pauli Virtanen
@ 2025-09-12 22:33 ` bluez.test.bot
2025-09-15 13:39 ` Luiz Augusto von Dentz
1 sibling, 1 reply; 5+ messages in thread
From: bluez.test.bot @ 2025-09-12 22:33 UTC (permalink / raw)
To: linux-bluetooth, pav
[-- Attachment #1: Type: text/plain, Size: 4547 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1001955
---Test result---
Test Summary:
CheckPatch PENDING 0.28 seconds
GitLint PENDING 0.25 seconds
SubjectPrefix PASS 0.22 seconds
BuildKernel PASS 24.45 seconds
CheckAllWarning PASS 27.25 seconds
CheckSparse PASS 30.74 seconds
BuildKernel32 PASS 24.44 seconds
TestRunnerSetup PASS 486.11 seconds
TestRunner_l2cap-tester FAIL 25.68 seconds
TestRunner_iso-tester FAIL 38.99 seconds
TestRunner_bnep-tester PASS 6.18 seconds
TestRunner_mgmt-tester FAIL 129.91 seconds
TestRunner_rfcomm-tester FAIL 9.69 seconds
TestRunner_sco-tester FAIL 15.34 seconds
TestRunner_ioctl-tester FAIL 10.41 seconds
TestRunner_mesh-tester FAIL 11.39 seconds
TestRunner_smp-tester FAIL 8.84 seconds
TestRunner_userchan-tester PASS 6.20 seconds
IncrementalBuild PENDING 0.57 seconds
Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:
##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:
##############################
Test: TestRunner_l2cap-tester - FAIL
Desc: Run l2cap-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 68, Passed: 68 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner_iso-tester - FAIL
Desc: Run iso-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 135, Passed: 135 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 490, Passed: 483 (98.6%), Failed: 3, Not Run: 4
Failed Test Cases
Read Exp Feature - Success Failed 0.104 seconds
LL Privacy - Add Device 3 (AL is full) Failed 0.224 seconds
LL Privacy - Set Flags 4 (RL is full) Failed 0.270 seconds
##############################
Test: TestRunner_rfcomm-tester - FAIL
Desc: Run rfcomm-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 11, Passed: 11 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner_sco-tester - FAIL
Desc: Run sco-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 24, Passed: 24 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner_ioctl-tester - FAIL
Desc: Run ioctl-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 28, Passed: 28 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
WARNING: suspicious RCU usage
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
Failed Test Cases
Mesh - Send cancel - 1 Timed out 2.012 seconds
Mesh - Send cancel - 2 Timed out 1.996 seconds
##############################
Test: TestRunner_smp-tester - FAIL
Desc: Run smp-tester with test-runner
Output:
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
WARNING: suspicious RCU usage
Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC,1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups
2025-09-12 22:33 ` [RFC,1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups bluez.test.bot
@ 2025-09-15 13:39 ` Luiz Augusto von Dentz
2025-09-15 18:09 ` Pauli Virtanen
0 siblings, 1 reply; 5+ messages in thread
From: Luiz Augusto von Dentz @ 2025-09-15 13:39 UTC (permalink / raw)
To: linux-bluetooth; +Cc: pav
Hi Pauli,
On Fri, Sep 12, 2025 at 6:33 PM <bluez.test.bot@gmail.com> wrote:
>
> This is automated email and please do not reply to this email!
>
> Dear submitter,
>
> Thank you for submitting the patches to the linux bluetooth mailing list.
> This is a CI test results with your patch series:
> PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1001955
>
> ---Test result---
>
> Test Summary:
> CheckPatch PENDING 0.28 seconds
> GitLint PENDING 0.25 seconds
> SubjectPrefix PASS 0.22 seconds
> BuildKernel PASS 24.45 seconds
> CheckAllWarning PASS 27.25 seconds
> CheckSparse PASS 30.74 seconds
> BuildKernel32 PASS 24.44 seconds
> TestRunnerSetup PASS 486.11 seconds
> TestRunner_l2cap-tester FAIL 25.68 seconds
> TestRunner_iso-tester FAIL 38.99 seconds
> TestRunner_bnep-tester PASS 6.18 seconds
> TestRunner_mgmt-tester FAIL 129.91 seconds
> TestRunner_rfcomm-tester FAIL 9.69 seconds
> TestRunner_sco-tester FAIL 15.34 seconds
> TestRunner_ioctl-tester FAIL 10.41 seconds
> TestRunner_mesh-tester FAIL 11.39 seconds
> TestRunner_smp-tester FAIL 8.84 seconds
> TestRunner_userchan-tester PASS 6.20 seconds
> IncrementalBuild PENDING 0.57 seconds
>
> Details
> ##############################
> Test: CheckPatch - PENDING
> Desc: Run checkpatch.pl script
> Output:
>
> ##############################
> Test: GitLint - PENDING
> Desc: Run gitlint
> Output:
>
> ##############################
> Test: TestRunner_l2cap-tester - FAIL
> Desc: Run l2cap-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> Total: 68, Passed: 68 (100.0%), Failed: 0, Not Run: 0
> ##############################
> Test: TestRunner_iso-tester - FAIL
> Desc: Run iso-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> Total: 135, Passed: 135 (100.0%), Failed: 0, Not Run: 0
> ##############################
> Test: TestRunner_mgmt-tester - FAIL
> Desc: Run mgmt-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> Total: 490, Passed: 483 (98.6%), Failed: 3, Not Run: 4
>
> Failed Test Cases
> Read Exp Feature - Success Failed 0.104 seconds
> LL Privacy - Add Device 3 (AL is full) Failed 0.224 seconds
> LL Privacy - Set Flags 4 (RL is full) Failed 0.270 seconds
> ##############################
> Test: TestRunner_rfcomm-tester - FAIL
> Desc: Run rfcomm-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> Total: 11, Passed: 11 (100.0%), Failed: 0, Not Run: 0
> ##############################
> Test: TestRunner_sco-tester - FAIL
> Desc: Run sco-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> Total: 24, Passed: 24 (100.0%), Failed: 0, Not Run: 0
> ##############################
> Test: TestRunner_ioctl-tester - FAIL
> Desc: Run ioctl-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> Total: 28, Passed: 28 (100.0%), Failed: 0, Not Run: 0
> ##############################
> Test: TestRunner_mesh-tester - FAIL
> Desc: Run mesh-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
>
> Failed Test Cases
> Mesh - Send cancel - 1 Timed out 2.012 seconds
> Mesh - Send cancel - 2 Timed out 1.996 seconds
> ##############################
> Test: TestRunner_smp-tester - FAIL
> Desc: Run smp-tester with test-runner
> Output:
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
> WARNING: suspicious RCU usage
Hmm, it would have been better that this prints the function name as
well, but it doesn't seem it prints the message from
HCI_CONN_HASH_LOCKDEP_CHECK for some reason or perhaps we are missing
some config option?
> Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0
> ##############################
> Test: IncrementalBuild - PENDING
> Desc: Incremental build with the patches in the series
> Output:
>
>
>
> ---
> Regards,
> Linux Bluetooth
>
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC,1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups
2025-09-15 13:39 ` Luiz Augusto von Dentz
@ 2025-09-15 18:09 ` Pauli Virtanen
0 siblings, 0 replies; 5+ messages in thread
From: Pauli Virtanen @ 2025-09-15 18:09 UTC (permalink / raw)
To: Luiz Augusto von Dentz, linux-bluetooth
Hi,
ma, 2025-09-15 kello 09:39 -0400, Luiz Augusto von Dentz kirjoitti:
> Hi Pauli,
>
> On Fri, Sep 12, 2025 at 6:33 PM <bluez.test.bot@gmail.com> wrote:
> >
> > This is automated email and please do not reply to this email!
> >
> > Dear submitter,
> >
> > Thank you for submitting the patches to the linux bluetooth mailing list.
> > This is a CI test results with your patch series:
> > PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1001955
> >
> > ---Test result---
> >
> > Test Summary:
> > CheckPatch PENDING 0.28 seconds
> > GitLint PENDING 0.25 seconds
> > SubjectPrefix PASS 0.22 seconds
> > BuildKernel PASS 24.45 seconds
> > CheckAllWarning PASS 27.25 seconds
> > CheckSparse PASS 30.74 seconds
> > BuildKernel32 PASS 24.44 seconds
> > TestRunnerSetup PASS 486.11 seconds
> > TestRunner_l2cap-tester FAIL 25.68 seconds
> > TestRunner_iso-tester FAIL 38.99 seconds
> > TestRunner_bnep-tester PASS 6.18 seconds
> > TestRunner_mgmt-tester FAIL 129.91 seconds
> > TestRunner_rfcomm-tester FAIL 9.69 seconds
> > TestRunner_sco-tester FAIL 15.34 seconds
> > TestRunner_ioctl-tester FAIL 10.41 seconds
> > TestRunner_mesh-tester FAIL 11.39 seconds
> > TestRunner_smp-tester FAIL 8.84 seconds
> > TestRunner_userchan-tester PASS 6.20 seconds
> > IncrementalBuild PENDING 0.57 seconds
> >
> > Details
> > ##############################
> > Test: CheckPatch - PENDING
> > Desc: Run checkpatch.pl script
> > Output:
> >
> > ##############################
> > Test: GitLint - PENDING
> > Desc: Run gitlint
> > Output:
> >
> > ##############################
> > Test: TestRunner_l2cap-tester - FAIL
> > Desc: Run l2cap-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > Total: 68, Passed: 68 (100.0%), Failed: 0, Not Run: 0
> > ##############################
> > Test: TestRunner_iso-tester - FAIL
> > Desc: Run iso-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > Total: 135, Passed: 135 (100.0%), Failed: 0, Not Run: 0
> > ##############################
> > Test: TestRunner_mgmt-tester - FAIL
> > Desc: Run mgmt-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > Total: 490, Passed: 483 (98.6%), Failed: 3, Not Run: 4
> >
> > Failed Test Cases
> > Read Exp Feature - Success Failed 0.104 seconds
> > LL Privacy - Add Device 3 (AL is full) Failed 0.224 seconds
> > LL Privacy - Set Flags 4 (RL is full) Failed 0.270 seconds
> > ##############################
> > Test: TestRunner_rfcomm-tester - FAIL
> > Desc: Run rfcomm-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > Total: 11, Passed: 11 (100.0%), Failed: 0, Not Run: 0
> > ##############################
> > Test: TestRunner_sco-tester - FAIL
> > Desc: Run sco-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > Total: 24, Passed: 24 (100.0%), Failed: 0, Not Run: 0
> > ##############################
> > Test: TestRunner_ioctl-tester - FAIL
> > Desc: Run ioctl-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > Total: 28, Passed: 28 (100.0%), Failed: 0, Not Run: 0
> > ##############################
> > Test: TestRunner_mesh-tester - FAIL
> > Desc: Run mesh-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
> >
> > Failed Test Cases
> > Mesh - Send cancel - 1 Timed out 2.012 seconds
> > Mesh - Send cancel - 2 Timed out 1.996 seconds
> > ##############################
> > Test: TestRunner_smp-tester - FAIL
> > Desc: Run smp-tester with test-runner
> > Output:
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
> > WARNING: suspicious RCU usage
>
> Hmm, it would have been better that this prints the function name as
> well, but it doesn't seem it prints the message from
> HCI_CONN_HASH_LOCKDEP_CHECK for some reason or perhaps we are missing
> some config option?
The splat itself does contain the location and the backtrace, see
example below.
The test bot only includes the line with "WARNING:" in the summary,
you'd have to go to github to see the full log. Maybe we could change
it to include more lines for context for BUG/WARNING/GFP.
RCU_LOCKDEP_WARN() has some additional rcu-specific checks, but
probably they're not so important here as we're not in early boot and
WARN_ON_ONCE() might also be OK.
=============================
WARNING: suspicious RCU usage
6.16.0-rc6-01737-gb9b65e1e560f #653 Not tainted
-----------------------------
./include/net/bluetooth/hci_core.h:1236 wrong hci_conn* locking!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
2 locks held by kworker/u5:0/86:
#0: ffff888002365940 ((wq_completion)hci0#3){+.+.}-{0:0}, at:
process_one_work+0xc3b/0x13c0
#1: ffff888002297d98 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0},
at: process_one_work+0x78b/0x13c0
stack backtrace:
CPU: 0 UID: 0 PID: 86 Comm: kworker/u5:0 Not tainted 6.16.0-rc6-01737-
gb9b65e1e560f #653 PREEMPT(none)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc42
04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
<TASK>
dump_stack_lvl+0x3a/0x60
lockdep_rcu_suspicious.cold+0x55/0x93
hci_num_comp_pkts_evt+0x484/0xaf0
hci_event_packet+0x7ba/0xee0
...
>
> > Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0
> > ##############################
> > Test: IncrementalBuild - PENDING
> > Desc: Incremental build with the patches in the series
> > Output:
> >
> >
> >
> > ---
> > Regards,
> > Linux Bluetooth
> >
>
--
Pauli Virtanen
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-09-15 18:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-12 21:37 [RFC PATCH 1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups Pauli Virtanen
2025-09-12 21:37 ` [RFC PATCH 2/2] Bluetooth: hci_core: add lockdep check to hci_conn_valid() Pauli Virtanen
2025-09-12 22:33 ` [RFC,1/2] Bluetooth: hci_core: add lockdep check to hci_conn_hash lookups bluez.test.bot
2025-09-15 13:39 ` Luiz Augusto von Dentz
2025-09-15 18:09 ` Pauli Virtanen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox