| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [bluetooth?] possible deadlock in sco_connect_cfm | 0 (1) | 2024/07/08 18:22 |
syzbot |
sign-in | mailing list | source | docs |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [bluetooth?] possible deadlock in sco_connect_cfm | 0 (1) | 2024/07/08 18:22 |
| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| linux-6.1 | possible deadlock in sco_connect_cfm | 4 | 1 | 496d | 496d | 0/3 | auto-obsoleted due to no activity on 2024/10/28 05:54 | |||
| linux-5.15 | possible deadlock in sco_connect_cfm origin:lts-only | 4 | C | inconclusive | 24 | 8d21h | 564d | 0/3 | upstream: reported C repro on 2024/05/13 19:57 |
======================================================
WARNING: possible circular locking dependency detected
6.14.0-rc6-syzkaller-00003-g4d872d51bc9d #0 Not tainted
------------------------------------------------------
kworker/u9:8/5839 is trying to acquire lock:
ffff88805acd3258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1624 [inline]
ffff88805acd3258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_ready net/bluetooth/sco.c:1341 [inline]
ffff88805acd3258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x439/0xae0 net/bluetooth/sco.c:1415
but task is already holding lock:
ffff8880334b4620 (&conn->lock#3){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff8880334b4620 (&conn->lock#3){+.+.}-{3:3}, at: sco_conn_ready net/bluetooth/sco.c:1328 [inline]
ffff8880334b4620 (&conn->lock#3){+.+.}-{3:3}, at: sco_connect_cfm+0x262/0xae0 net/bluetooth/sco.c:1415
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&conn->lock#3){+.+.}-{3:3}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
sco_chan_add net/bluetooth/sco.c:292 [inline]
sco_connect net/bluetooth/sco.c:348 [inline]
sco_sock_connect+0x34c/0x9b0 net/bluetooth/sco.c:648
__sys_connect_file net/socket.c:2045 [inline]
__sys_connect+0x288/0x2d0 net/socket.c:2064
__do_sys_connect net/socket.c:2070 [inline]
__se_sys_connect net/socket.c:2067 [inline]
__x64_sys_connect+0x7a/0x90 net/socket.c:2067
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
lock_sock_nested+0x48/0x100 net/core/sock.c:3662
lock_sock include/net/sock.h:1624 [inline]
sco_conn_ready net/bluetooth/sco.c:1341 [inline]
sco_connect_cfm+0x439/0xae0 net/bluetooth/sco.c:1415
hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
hci_conn_request_evt+0x8e9/0xf00 net/bluetooth/hci_event.c:3328
hci_event_func net/bluetooth/hci_event.c:7473 [inline]
hci_event_packet+0xac1/0x1540 net/bluetooth/hci_event.c:7525
hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4015
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3319
worker_thread+0x870/0xd30 kernel/workqueue.c:3400
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&conn->lock#3);
lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO);
lock(&conn->lock#3);
lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO);
*** DEADLOCK ***
3 locks held by kworker/u9:8/5839:
#0: ffff88807c01c148 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
#0: ffff88807c01c148 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 kernel/workqueue.c:3319
#1: ffffc90004377c60 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
#1: ffffc90004377c60 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 kernel/workqueue.c:3319
#2: ffff8880334b4620 (&conn->lock#3){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
#2: ffff8880334b4620 (&conn->lock#3){+.+.}-{3:3}, at: sco_conn_ready net/bluetooth/sco.c:1328 [inline]
#2: ffff8880334b4620 (&conn->lock#3){+.+.}-{3:3}, at: sco_connect_cfm+0x262/0xae0 net/bluetooth/sco.c:1415
stack backtrace:
CPU: 1 UID: 0 PID: 5839 Comm: kworker/u9:8 Not tainted 6.14.0-rc6-syzkaller-00003-g4d872d51bc9d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: hci1 hci_rx_work
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2208
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
lock_sock_nested+0x48/0x100 net/core/sock.c:3662
lock_sock include/net/sock.h:1624 [inline]
sco_conn_ready net/bluetooth/sco.c:1341 [inline]
sco_connect_cfm+0x439/0xae0 net/bluetooth/sco.c:1415
hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
hci_conn_request_evt+0x8e9/0xf00 net/bluetooth/hci_event.c:3328
hci_event_func net/bluetooth/hci_event.c:7473 [inline]
hci_event_packet+0xac1/0x1540 net/bluetooth/hci_event.c:7525
hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4015
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3319
worker_thread+0x870/0xd30 kernel/workqueue.c:3400
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
BUG: sleeping function called from invalid context at net/core/sock.c:3664
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5839, name: kworker/u9:8
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
INFO: lockdep is turned off.
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 UID: 0 PID: 5839 Comm: kworker/u9:8 Not tainted 6.14.0-rc6-syzkaller-00003-g4d872d51bc9d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: hci1 hci_rx_work
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
__might_resched+0x5d4/0x780 kernel/sched/core.c:8767
lock_sock_nested+0x5d/0x100 net/core/sock.c:3664
lock_sock include/net/sock.h:1624 [inline]
sco_conn_ready net/bluetooth/sco.c:1341 [inline]
sco_connect_cfm+0x439/0xae0 net/bluetooth/sco.c:1415
hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
hci_conn_request_evt+0x8e9/0xf00 net/bluetooth/hci_event.c:3328
hci_event_func net/bluetooth/hci_event.c:7473 [inline]
hci_event_packet+0xac1/0x1540 net/bluetooth/hci_event.c:7525
hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4015
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3319
worker_thread+0x870/0xd30 kernel/workqueue.c:3400
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/03/11 11:50 | upstream | 4d872d51bc9d | 16256247 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in sco_connect_cfm | ||
| 2025/03/05 10:29 | upstream | 48a5eed9ad58 | 60f5d8d9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in sco_connect_cfm | ||
| 2024/10/29 01:34 | upstream | 819837584309 | 9efb3cc7 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in sco_connect_cfm | ||
| 2024/08/25 16:31 | upstream | 5be63fc19fca | d7d32352 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in sco_connect_cfm | ||
| 2024/07/20 04:43 | upstream | d7e78951a8b8 | b88348e9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in sco_connect_cfm | ||
| 2024/07/20 04:42 | upstream | d7e78951a8b8 | b88348e9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in sco_connect_cfm | ||
| 2024/07/20 04:26 | upstream | d7e78951a8b8 | b88348e9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in sco_connect_cfm | ||
| 2024/07/06 02:15 | upstream | d270dd21bee0 | 2a40360c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in sco_connect_cfm | ||
| 2025/03/09 04:31 | upstream | b7c90e3e717a | 163f510d | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in sco_connect_cfm | ||
| 2025/02/05 08:47 | upstream | 5c8c229261f1 | 5896748e | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in sco_connect_cfm | ||
| 2025/02/02 10:56 | upstream | 69e858e0b8b2 | 568559e4 | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in sco_connect_cfm | ||
| 2025/01/15 16:08 | upstream | 619f0b6fad52 | 968edaf4 | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in sco_connect_cfm | ||
| 2024/12/19 13:31 | upstream | eabcdba3ad40 | 1d58202c | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in sco_connect_cfm | ||
| 2024/11/11 08:27 | upstream | 2d5404caa8c7 | 0c4b1325 | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in sco_connect_cfm | ||
| 2025/03/09 04:25 | upstream | b7c90e3e717a | 163f510d | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | possible deadlock in sco_connect_cfm | ||
| 2025/01/24 21:39 | upstream | bc8198dc7ebc | 1293872d | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | possible deadlock in sco_connect_cfm | ||
| 2024/07/19 12:38 | upstream | 720261cfc732 | ee4e11c8 | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | possible deadlock in sco_connect_cfm | ||
| 2024/07/21 00:42 | linux-next | 41c196e567fb | b88348e9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in sco_connect_cfm | ||
| 2024/07/19 20:54 | linux-next | 41c196e567fb | ee4e11c8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in sco_connect_cfm | ||
| 2025/02/02 04:54 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 1950a0af2d55 | 0dff8567 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | possible deadlock in sco_connect_cfm | ||
| 2024/11/17 18:36 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 887407160d72 | cfe3a04a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | possible deadlock in sco_connect_cfm |