[syzbot] [bluetooth?] WARNING in __hci_cmd_sync_sk

[syzbot] [bluetooth?] WARNING in __hci_cmd_sync_sk

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    256abd8e550c Linux 6.10-rc7
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14e81031980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=42a432cfd0e579e0
dashboard link: https://syzkaller.appspot.com/bug?extid=f52b6db1fe57bfb08d49
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4b52809e32ca/disk-256abd8e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6c71e8f0eab4/vmlinux-256abd8e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fdcc77cd0018/bzImage-256abd8e.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f52b6db1fe57bfb08d49@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 0 PID: 16659 at kernel/workqueue.c:2282 __queue_work+0xc5e/0xee0 kernel/workqueue.c:2281
Modules linked in:
CPU: 0 PID: 16659 Comm: syz-executor Not tainted 6.10.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:__queue_work+0xc5e/0xee0 kernel/workqueue.c:2281
Code: ff e8 76 83 36 00 90 0f 0b 90 e9 20 fd ff ff e8 68 83 36 00 eb 13 e8 61 83 36 00 eb 0c e8 5a 83 36 00 eb 05 e8 53 83 36 00 90 <0f> 0b 90 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc
RSP: 0018:ffffc9000ecef810 EFLAGS: 00010093
RAX: ffffffff815fa35f RBX: ffff888061d45a00 RCX: ffff888061d45a00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff815f9833 R09: 0000000000000000
R10: ffffc9000ecef8e0 R11: fffff52001d9df1d R12: ffff8880648631c0
R13: dffffc0000000000 R14: ffff888064863000 R15: 0000000000000008
FS:  000055555f45a500(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f755bb04030 CR3: 0000000052a18000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 queue_work_on+0x1c2/0x380 kernel/workqueue.c:2411
 queue_work include/linux/workqueue.h:621 [inline]
 hci_cmd_sync_run net/bluetooth/hci_sync.c:145 [inline]
 __hci_cmd_sync_sk+0x7b1/0x1130 net/bluetooth/hci_sync.c:167
 __hci_cmd_sync_status_sk net/bluetooth/hci_sync.c:252 [inline]
 __hci_cmd_sync_status+0x37/0x130 net/bluetooth/hci_sync.c:278
 hci_dev_cmd+0x51c/0xa50 net/bluetooth/hci_core.c:747
 sock_do_ioctl+0x158/0x460 net/socket.c:1222
 sock_ioctl+0x629/0x8e0 net/socket.c:1341
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3a54b757db
Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
RSP: 002b:00007ffee9a9ba60 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3a54b757db
RDX: 00007ffee9a9bad8 RSI: 00000000400448dd RDI: 0000000000000003
RBP: 000055555f45a4a8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000001 R14: 0000000000000005 R15: 0000000000000009
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [bluetooth?] WARNING in __hci_cmd_sync_sk

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit:    34afb82a3c67 Merge tag '6.10-rc6-smb3-server-fixes' of git..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13f33371980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3456bae478301dc8
dashboard link: https://syzkaller.appspot.com/bug?extid=f52b6db1fe57bfb08d49
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=12514831980000

Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-34afb82a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0b9edcefcae7/vmlinux-34afb82a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b24e5f6f0192/bzImage-34afb82a.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f52b6db1fe57bfb08d49@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 2 PID: 5955 at kernel/workqueue.c:2282 __queue_work+0xc13/0x1020 kernel/workqueue.c:2281
Modules linked in:
CPU: 2 PID: 5955 Comm: syz-executor Not tainted 6.10.0-rc7-syzkaller-00012-g34afb82a3c67 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__queue_work+0xc13/0x1020 kernel/workqueue.c:2281
Code: 07 83 c0 03 38 d0 7c 09 84 d2 74 05 e8 76 07 91 00 8b 5b 2c 31 ff 83 e3 20 89 de e8 d7 3f 35 00 85 db 75 2a e8 ce 44 35 00 90 <0f> 0b 90 e9 4d f9 ff ff e8 c0 44 35 00 90 0f 0b 90 e9 fc f8 ff ff
RSP: 0018:ffffc9000b9978f0 EFLAGS: 00010093
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81589fb9
RDX: ffff888021b64880 RSI: ffffffff81589fc2 RDI: 0000000000000005
RBP: 0000000000000200 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880269bcad0
R13: 0000000000000008 R14: ffff888043e61000 R15: ffff888043e61000
FS:  00005555879ee500(0000) GS:ffff88806b200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5840efeda0 CR3: 0000000027ff8000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 queue_work_on+0x11a/0x140 kernel/workqueue.c:2411
 queue_work include/linux/workqueue.h:621 [inline]
 hci_cmd_sync_run net/bluetooth/hci_sync.c:145 [inline]
 __hci_cmd_sync_sk+0x359/0xf80 net/bluetooth/hci_sync.c:167
 __hci_cmd_sync_status_sk net/bluetooth/hci_sync.c:252 [inline]
 __hci_cmd_sync_status+0x3f/0x160 net/bluetooth/hci_sync.c:278
 hci_dev_cmd+0x625/0x9c0 net/bluetooth/hci_core.c:747
 hci_sock_ioctl+0x4f3/0x880 net/bluetooth/hci_sock.c:1150
 sock_do_ioctl+0x116/0x280 net/socket.c:1222
 sock_ioctl+0x22e/0x6c0 net/socket.c:1341
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5840f757db
Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
RSP: 002b:00007ffea3fbfcb0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5840f757db
RDX: 00007ffea3fbfd28 RSI: 00000000400448dd RDI: 0000000000000003
RBP: 00005555879ee4a8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000005 R15: 0000000000000009
 </TASK>


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

Re: [syzbot] WARNING in __hci_cmd_sync_sk

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: WARNING in __hci_cmd_sync_sk
Author: djahchankoike@gmail.com

#syz test
hci_dev_cmd calls sync functions without holding the
appropriate lock.

Re: [syzbot] Re: [syzbot] [bluetooth?] WARNING in __hci_cmd_sync_sk

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Re: [syzbot] [bluetooth?] WARNING in __hci_cmd_sync_sk
Author: djahchankoike@gmail.com

#syz test
hci_dev_cmd calls sync functions without holding the
appropriate lock.

Signed-off-by: Diogo Jahchan Koike <djahchankoike@gmail.com>
---
 net/bluetooth/hci_core.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index c644b30977bd..34096791364d 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -716,6 +716,8 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
  goto done;
  }

+ hci_req_sync_lock(hdev);
+
  switch (cmd) {
  case HCISETAUTH:
  err = __hci_cmd_sync_status(hdev, HCI_OP_WRITE_AUTH_ENABLE,
@@ -791,6 +793,8 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
  break;
  }

+ hci_req_sync_unlock(hdev);
+
 done:
  hci_dev_put(hdev);
  return err;
-- 
2.39.2

On Tue, Aug 6, 2024 at 12:45 AM syzbot <
syzbot+f52b6db1fe57bfb08d49@syzkaller.appspotmail.com> wrote:

> Hello,
>
> syzbot tried to test the proposed patch but the build/boot failed:
>
> b 5f5f206220306136
> ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 5f5f206220303237 6433663439666666 66666666660a3032 2e79656b5f5f2062
> ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 382e79656b5f5f20 6220303637643366 3439666666666666 66660a372e79656b
> ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 3063613234663439 6666666666666666 0a302e79656b5f5f 2062203038613234
> ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 5f5f206220303062 3234663439666666 66666666660a312e 79656b5f5f206220
> ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 332e79656b5f5f20 6220303462323466 3439666666666666 66660a322e79656b
> ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 666666660a302e79 656b5f5f20622030 3862323466343966 666666666666660a
> info registers vcpu 2
>
> CPU#2
> RAX=0000000000000000 RBX=ffffc90003347740 RCX=ffffffff813cdd16
> RDX=ffff88802352a440
> RSI=ffffffff813cde49 RDI=0000000000000005 RBP=ffffc90003347ca0
> RSP=ffffc90003347670
> R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001
> R11=0000000000000000
> R12=ffffc90003347748 R13=ffffc90003347750 R14=ffffc90003340000
> R15=ffffc90003348000
> RIP=ffffffff818a7d60 RFL=00000287 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0000 0000000000000000 ffffffff 00c00000
> CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
> SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
> DS =0000 0000000000000000 ffffffff 00c00000
> FS =0000 0000000000000000 ffffffff 00c00000
> GS =0000 ffff88806b200000 ffffffff 00c00000
> LDT=0000 0000000000000000 ffffffff 00c00000
> TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
> GDT=     fffffe000008f000 0000007f
> IDT=     fffffe0000000000 00000fff
> CR0=80050033 CR2=00007f7b448feda0 CR3=000000002560c000 CR4=00350ef0
> DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000
> DR3=0000000000000000
> DR6=00000000fffe0ff0 DR7=0000000000000400
> EFER=0000000000000d01
> FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
> FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
> FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
> FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
> FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
> Opmask00=0000000000000000 Opmask01=0000000000000000
> Opmask02=0000000000000000 Opmask03=0000000000000000
> Opmask04=0000000000000000 Opmask05=0000000000000000
> Opmask06=0000000000000000 Opmask07=0000000000000000
> ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000100040801000 3fff040c01289606
> ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 100000040c012896 0010000108006410
> ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0010000108006410 000e100010808080
> ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0010004080100010 808080040c012896
> ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 2896001000010800 6410000010004080
> ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 6410000e10001080 8080100000040c01
> ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0010808080040c01 2896001000010800
> ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0100100001080064 1000001000408010
> ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000001 000000c001b047a0
> ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000001 0000000000000001
> ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000002 000000c00020eba0
> ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000001 000000c001b047b8
> ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000001 0000000000000001
> ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000003 000000c00020ebc0
> ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000001 000000c001b047e0
> ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> info registers vcpu 3
>
> CPU#3
> RAX=0000000000000003 RBX=0000000000000000 RCX=1ffffffff1fced3f
> RDX=0000000000000000
> RSI=0000000000000000 RDI=ffff88807ffd77b0 RBP=0000000000000002
> RSP=ffffc90003e27a68
> R8 =0000000000001000 R9 =000000000007efdd R10=ffffffff8fe7391f
> R11=dffffc0000000000
> R12=0000000000000000 R13=0000000000000004 R14=ffff88807ffd7740
> R15=0000000000044d40
> RIP=ffffffff81c84fd0 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0000 0000000000000000 ffffffff 00c00000
> CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
> SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
> DS =0000 0000000000000000 ffffffff 00c00000
> FS =0000 00007fc2ddb8e280 ffffffff 00c00000
> GS =0000 ffff88806b300000 ffffffff 00c00000
> LDT=0000 0000000000000000 ffffffff 00c00000
> TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
> GDT=     fffffe00000d6000 0000007f
> IDT=     fffffe0000000000 00000fff
> CR0=80050033 CR2=000056367fa7aa10 CR3=0000000022206000 CR4=00350ef0
> DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000
> DR3=0000000000000000
> DR6=00000000fffe0ff0 DR7=0000000000000400
> EFER=0000000000000d01
> FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
> FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
> FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
> FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
> FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
> Opmask00=00000000fe810000 Opmask01=0000000000410101
> Opmask02=00000000ffffffef Opmask03=0000000000000000
> Opmask04=00000000ffffffff Opmask05=00000000004007ff
> Opmask06=0000000007ffe7ff Opmask07=0000000000000000
> ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 ffffffffffffffff ffffff0000000000
> ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
> ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 7373737373737373 7373737373737373
> ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffffff
> ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 ffffffffffffffff ffffff0000000000
> ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffffff
> ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
> ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 2f646e756f732f00 682e6c6974752f64 65726168732f6372 732f2e2e2f2e2e00
> ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 616c730033706f6f 6c2f6b636f6c622f 6c6175747269762f 736563697665642f
> ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000061 00736576616c732f 33706f6f6c2f6b63 6f6c622f6c617574
> ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 00007fc2dd7f1b00 000056331cd7f560 0000000000000021 0000000000007374
> ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 69305f474f5b647c 6930382432273f39 7b27697a787c7a30 23333a3a38263342
> ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 3a3a263e383a3a26 39383a3a2638383a 3a263b383a3a263a 383a3a26493b3a3a
> ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452
> ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452
> ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412
> ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412
> ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 4141414141414141 4141414141414141 4141414141414141 4141414141414141
> ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
> ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 2020202020202020 2020202020202020 2020202020202020 2020202020202020
>
>
> syzkaller build log:
> go env (err=<nil>)
> GO111MODULE='auto'
> GOARCH='amd64'
> GOBIN=''
> GOCACHE='/syzkaller/.cache/go-build'
> GOENV='/syzkaller/.config/go/env'
> GOEXE=''
> GOEXPERIMENT=''
> GOFLAGS=''
> GOHOSTARCH='amd64'
> GOHOSTOS='linux'
> GOINSECURE=''
> GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
> GONOPROXY=''
> GONOSUMDB=''
> GOOS='linux'
> GOPATH='/syzkaller/jobs/linux/gopath'
> GOPRIVATE=''
> GOPROXY='https://proxy.golang.org,direct'
> GOROOT='/usr/local/go'
> GOSUMDB='sum.golang.org'
> GOTMPDIR=''
> GOTOOLCHAIN='auto'
> GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
> GOVCS=''
> GOVERSION='go1.21.4'
> GCCGO='gccgo'
> GOAMD64='v1'
> AR='ar'
> CC='gcc'
> CXX='g++'
> CGO_ENABLED='1'
> GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod
> '
> GOWORK=''
> CGO_CFLAGS='-O2 -g'
> CGO_CPPFLAGS=''
> CGO_CXXFLAGS='-O2 -g'
> CGO_FFLAGS='-O2 -g'
> CGO_LDFLAGS='-O2 -g'
> PKG_CONFIG='pkg-config'
> GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0
> -ffile-prefix-map=/tmp/go-build414629084=/tmp/go-build
> -gno-record-gcc-switches'
>
> git status (err=<nil>)
> HEAD detached at 9e136b955
> nothing to commit, working tree clean
>
>
> tput: No value for $TERM and no -T specified
> tput: No value for $TERM and no -T specified
> Makefile:31: run command via tools/syz-env for best compatibility, see:
> Makefile:32:
> https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
> go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install
> ./sys/syz-sysgen
> make .descriptions
> tput: No value for $TERM and no -T specified
> tput: No value for $TERM and no -T specified
> Makefile:31: run command via tools/syz-env for best compatibility, see:
> Makefile:32:
> https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
> bin/syz-sysgen
> <https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-envbin/syz-sysgen>
> go fmt ./sys/... >/dev/null
> touch .descriptions
> GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X
> github.com/google/syzkaller/prog.GitRevision=9e136b95503a540d35e7bace3e89b77f13a672b1
> -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240710-085916'"
> "-tags=syz_target syz_os_linux syz_arch_amd64 " -o
> ./bin/linux_amd64/syz-execprog
> github.com/google/syzkaller/tools/syz-execprog
> mkdir -p ./bin/linux_amd64
> g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
>         -m64 -O2 -pthread -Wall -Werror -Wparentheses
> -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow
> -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable
> -Wno-unused-command-line-argument -static-pie -std=c++17 -I.
> -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
>         -DHOSTGOOS_linux=1
> -DGIT_REVISION=\"9e136b95503a540d35e7bace3e89b77f13a672b1\"
> /usr/bin/ld: /tmp/ccGUtGqZ.o: in function `test_cover_filter()':
> executor.cc:(.text+0x133bb): warning: the use of `tempnam' is dangerous,
> better use `mkstemp'
> /usr/bin/ld: /tmp/ccGUtGqZ.o: in function `Connection::Connect(char
> const*, char const*)':
> executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x1a0):
> warning: Using 'gethostbyname' in statically linked applications requires
> at runtime the shared libraries from the glibc version used for linking
>
>
> Error text is too large and was truncated, full error text is at:
> https://syzkaller.appspot.com/x/error.txt?x=128b0bbd980000
>
>
> Tested on:
>
> commit:         b446a2da Merge tag 'linux_kselftest-fixes-6.11-rc3' of..
> git tree:       upstream
> kernel config:  https://syzkaller.appspot.com/x/.config?x=53ca389b28cf423
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=f52b6db1fe57bfb08d49
> compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for
> Debian) 2.40
> patch:
> https://syzkaller.appspot.com/x/patch.diff?x=116cbd73980000
>
>

Re: [syzbot] Re: [syzbot] [bluetooth?] WARNING in __hci_cmd_sync_sk

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Re: [syzbot] [bluetooth?] WARNING in __hci_cmd_sync_sk
Author: djahchankoike@gmail.com

#syz fix: Bluetooth: L2CAP: Fix deadlock

Fixed upstream.

On Tue, Aug 6, 2024 at 10:45 AM syzbot <
syzbot+f52b6db1fe57bfb08d49@syzkaller.appspotmail.com> wrote:

> Hello,
>
> syzbot tried to test the proposed patch but the build/boot failed:
>
> failed to apply patch:
> checking file net/bluetooth/hci_core.c
> patch: **** unexpected end of file in patch
>
>
>
> Tested on:
>
> commit:         b446a2da Merge tag 'linux_kselftest-fixes-6.11-rc3' of..
> git tree:       upstream
> kernel config:  https://syzkaller.appspot.com/x/.config?x=3456bae478301dc8
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=f52b6db1fe57bfb08d49
> compiler:
> patch:
> https://syzkaller.appspot.com/x/patch.diff?x=17b4c0f5980000
>
>