syzbot


inconsistent lock state in sco_conn_del

Status: closed as dup on 2021/06/28 04:28
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+65684128cd7c35bc66a1@syzkaller.appspotmail.com
First crash: 1576d, last: 1191d
Cause bisection: introduced by (bisect log) :
commit 135b8b37bd91cc82f83e98fca109b80375f5317e
Author: Kenny Yu <kennyyu@fb.com>
Date: Tue Jun 21 18:04:36 2016 +0000

  cgroup: Add pids controller event when fork fails because of pid limit

Crash: INFO: suspicious RCU usage in pids_can_fork (log)
Repro: C syz .config
  
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
inconsistent lock state in sco_sock_timeout bluetooth C done 16 1225d 1569d
Discussions (5)
Title Replies (including bot) Last reply
Re: [PATCH] Bluetooth: Use lock_sock() when acquiring lock in sco_conn_del 1 (1) 2020/10/19 01:54
Re: [PATCH] Bluetooth: Use lock_sock() when acquiring lock in sco_conn_del 1 (1) 2020/10/16 03:15
[PATCH] Bluetooth: Use lock_sock() when acquiring lock in sco_conn_del 1 (1) 2020/10/14 07:17
Re: inconsistent lock state in sco_conn_del 1 (1) 2020/10/10 09:14
inconsistent lock state in sco_conn_del 0 (3) 2020/09/12 12:59
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 inconsistent lock state in sco_conn_del syz error 47 767d 1586d 0/1 upstream: reported syz repro on 2020/07/31 12:31
linux-4.19 inconsistent lock state in sco_conn_del C error 68 1169d 1548d 0/1 upstream: reported C repro on 2020/09/07 19:17
Fix bisection attempts (3)
Created Duration User Patch Repo Result
2020/12/23 13:20 25m bisect fix upstream OK (0) job log log
2020/11/23 13:01 18m bisect fix upstream OK (0) job log log
2020/10/24 12:38 22m bisect fix upstream OK (0) job log log

Sample crash report:
================================
WARNING: inconsistent lock state
5.13.0-syzkaller #0 Not tainted
--------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
syz-executor799/491 [HC0[0]:SC0[0]:HE1:SE1] takes:
ffff88802a3560a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline]
ffff88802a3560a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at: sco_conn_del+0x134/0x2b0 net/bluetooth/sco.c:176
{IN-SOFTIRQ-W} state was registered at:
  lock_acquire kernel/locking/lockdep.c:5625 [inline]
  lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
  spin_lock include/linux/spinlock.h:354 [inline]
  sco_sock_timeout+0x33/0x1b0 net/bluetooth/sco.c:83
  call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1431
  expire_timers kernel/time/timer.c:1476 [inline]
  __run_timers.part.0+0x675/0xa50 kernel/time/timer.c:1745
  __run_timers kernel/time/timer.c:1726 [inline]
  run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1758
  __do_softirq+0x29b/0x9bd kernel/softirq.c:558
  invoke_softirq kernel/softirq.c:432 [inline]
  __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636
  irq_exit_rcu+0x5/0x20 kernel/softirq.c:648
  sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100
  asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
  mm_update_next_owner+0x4a5/0x7a0 kernel/exit.c:390
  exit_mm kernel/exit.c:500 [inline]
  do_exit+0xada/0x2a50 kernel/exit.c:812
  do_group_exit+0x125/0x310 kernel/exit.c:922
  __do_sys_exit_group kernel/exit.c:933 [inline]
  __se_sys_exit_group kernel/exit.c:931 [inline]
  __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:931
  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
  do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
  entry_SYSCALL_64_after_hwframe+0x44/0xae
irq event stamp: 5260835
hardirqs last  enabled at (5260835): [<ffffffff814fd332>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1319 [inline]
hardirqs last  enabled at (5260835): [<ffffffff814fd332>] finish_lock_switch kernel/sched/core.c:4437 [inline]
hardirqs last  enabled at (5260835): [<ffffffff814fd332>] finish_task_switch.isra.0+0x232/0xa50 kernel/sched/core.c:4555
hardirqs last disabled at (5260834): [<ffffffff8922dce3>] __schedule+0x1343/0x2710 kernel/sched/core.c:5836
softirqs last  enabled at (5258310): [<ffffffff812b1123>] fpu__clear+0xd3/0x220 arch/x86/kernel/fpu/core.c:379
softirqs last disabled at (5258308): [<ffffffff812b107a>] fpu__clear+0x2a/0x220 arch/x86/kernel/fpu/core.c:364

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(slock-AF_BLUETOOTH-BTPROTO_SCO);
  <Interrupt>
    lock(slock-AF_BLUETOOTH-BTPROTO_SCO);

 *** DEADLOCK ***

3 locks held by syz-executor799/491:
 #0: ffff8880351f8ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0xb7/0x1130 net/bluetooth/hci_core.c:1728
 #1: ffff8880351f8078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x22e/0x1130 net/bluetooth/hci_core.c:1765
 #2: ffffffff8dacbd08 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1497 [inline]
 #2: ffffffff8dacbd08 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xda/0x260 net/bluetooth/hci_conn.c:1608

stack backtrace:
CPU: 0 PID: 491 Comm: syz-executor799 Not tainted 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:96
 print_usage_bug kernel/locking/lockdep.c:203 [inline]
 valid_state kernel/locking/lockdep.c:3933 [inline]
 mark_lock_irq kernel/locking/lockdep.c:4136 [inline]
 mark_lock.cold+0x61/0x8e kernel/locking/lockdep.c:4593
 mark_usage kernel/locking/lockdep.c:4506 [inline]
 __lock_acquire+0x88f/0x54a0 kernel/locking/lockdep.c:4969
 lock_acquire kernel/locking/lockdep.c:5625 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
 spin_lock include/linux/spinlock.h:354 [inline]
 sco_conn_del+0x134/0x2b0 net/bluetooth/sco.c:176
 sco_disconn_cfm+0x71/0xb0 net/bluetooth/sco.c:1189
 hci_disconn_cfm include/net/bluetooth/hci_core.h:1500 [inline]
 hci_conn_hash_flush+0x127/0x260 net/bluetooth/hci_conn.c:1608
 hci_dev_do_close+0x528/0x1130 net/bluetooth/hci_core.c:1778
 hci_unregister_dev+0x263/0x1130 net/bluetooth/hci_core.c:4019
 vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:340
 __fput+0x288/0x920 fs/file_table.c:280
 task_work_run+0xdd/0x1a0 kernel/task_work.c:164
 exit_task_work include/linux/task_work.h:32 [inline]
 do_exit+0xbd4/0x2a50 kernel/exit.c:825
 do_group_exit+0x125/0x310 kernel/exit.c:922
 get_signal+0x47f/0x2150 kernel/signal.c:2796
 arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209
 irqentry_exit_to_user_mode+0x5/0x40 kernel/entry/common.c:315
 exc_page_fault+0xc6/0x180 arch/x86/mm/fault.c:1534
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
RIP: 0033:0x403040
Code: Unable to access opcode bytes at RIP 0x403016.
RSP: 002b:00007f9a3cd65c78 EFLAGS: 00000202
RAX: 0000000000000000 RBX: 0000000000022000 RCX: ffffffffffffffbc
RDX: 00007f9a3cd65c80 RSI: 00007f9a3cd65db0 RDI: 000000000000000b
RBP: 0000000000412c2a R08: 00000000004d04c0 R09: 00000000004d04c0
R10: 00007f9a3cd661e0 R11: 0000000000000246 R12: 00007ffce44ee2cf
R13: 00007f9a3cd66300 R14: 00007f9a3cd66300 R15: 0000000000022000

Crashes (110):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/07/11 06:53 upstream 3dbdb38e2869 8f5a7b8c .config console log report syz C ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/07/31 15:54 linux-next 8d4b477da1a8 6c236867 .config console log report syz C ci-upstream-linux-next-kasan-gce-root inconsistent lock state in sco_conn_del
2020/09/12 01:34 upstream e8878ab82545 79fb24e2 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/09/24 12:38 linux-next dcf2427baa64 54289b08 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2021/04/04 07:41 upstream 57fbdb15ec42 6a81331a .config console log report syz ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/30 16:50 upstream 7d2a07b76933 8f58a0ef .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/30 04:26 upstream 90ac80dcd313 be2c130d .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/30 03:10 upstream 90ac80dcd313 be2c130d .config console log report info ci-upstream-kasan-gce-selinux-root inconsistent lock state in sco_conn_del
2021/08/29 18:02 upstream 3f5ad13cb012 be2c130d .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/29 03:28 upstream 3f5ad13cb012 be2c130d .config console log report info ci-upstream-kasan-gce-selinux-root inconsistent lock state in sco_conn_del
2021/08/29 01:47 upstream 3f5ad13cb012 be2c130d .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/28 21:21 upstream 3f5ad13cb012 be2c130d .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/28 14:18 upstream 64b4fc45bea6 be2c130d .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/27 22:59 upstream 77dd11439b86 d5a29e53 .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/26 21:08 upstream 1a6d80ff2419 b318694d .config console log report info ci-upstream-kasan-gce-selinux-root inconsistent lock state in sco_conn_del
2021/08/26 12:13 upstream 73f3af7b4611 b599f2fc .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/25 23:19 upstream fe67f4dd8daa b599f2fc .config console log report info ci-upstream-kasan-gce-selinux-root inconsistent lock state in sco_conn_del
2021/08/25 21:05 upstream fe67f4dd8daa b599f2fc .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/24 20:21 upstream 6e764bcd1cf7 b599f2fc .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/24 19:05 upstream 6e764bcd1cf7 b599f2fc .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/22 20:53 upstream 1bdc3d5be7e1 b599f2fc .config console log report info ci-upstream-kasan-gce-selinux-root inconsistent lock state in sco_conn_del
2021/08/22 19:37 upstream 1bdc3d5be7e1 b599f2fc .config console log report info ci-upstream-kasan-gce-selinux-root inconsistent lock state in sco_conn_del
2021/08/21 16:48 upstream fa54d366a6e4 b599f2fc .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/21 08:11 upstream fa54d366a6e4 b599f2fc .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/20 23:21 upstream 8ba9fbe1e4b8 b599f2fc .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/20 10:16 upstream d992fe5318d8 b599f2fc .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/20 02:36 upstream d992fe5318d8 b599f2fc .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/20 00:31 upstream d992fe5318d8 b599f2fc .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/19 18:15 upstream d6d09a694205 b599f2fc .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/19 06:14 upstream d6d09a694205 a2fe1cb5 .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/19 04:40 upstream d6d09a694205 a2fe1cb5 .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/17 14:36 upstream 794c7931a242 33c26cb7 .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/15 01:21 upstream ba31f97d43be 2489ab88 .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/05 10:51 upstream 251a1524293d 7f7bb950 .config console log report info ci-upstream-kasan-gce-selinux-root inconsistent lock state in sco_conn_del
2021/08/04 22:29 upstream 251a1524293d b97d64c9 .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/04 17:45 upstream d5ad8ec3cfb5 b97d64c9 .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/02 10:33 upstream c500bee1c5b2 6c236867 .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/01 20:26 upstream d4affd6b6e81 6c236867 .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/07/31 23:57 upstream f3438b4c4e69 6c236867 .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/07/31 08:39 upstream c7d102232649 6c236867 .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/07/23 04:56 upstream 9bead1b58c4c bc5f1d88 .config console log report info ci-upstream-kasan-gce-selinux-root inconsistent lock state in sco_conn_del
2021/07/20 16:38 upstream 8cae8cd89f05 1b201b48 .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/07/15 19:42 upstream 8096acd7442e a44e4957 .config console log report info ci-qemu-upstream inconsistent lock state in sco_conn_del
2021/06/29 03:35 upstream 233a806b00e3 9d2ab5df .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/06/25 15:48 upstream 44db63d1ad8d ae6bf8dd .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/06/24 00:10 upstream 7266f2030eb0 fe4ab389 .config console log report info ci-upstream-kasan-gce-root inconsistent lock state in sco_conn_del
2021/06/22 20:15 upstream 0c18f29aae7c aba2b2fb .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/06/22 07:53 upstream a96bfed64c89 aba2b2fb .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/06/04 04:56 upstream f88cd3fb9df2 0740de69 .config console log report info ci-upstream-kasan-gce-smack-root inconsistent lock state in sco_conn_del
2021/08/06 07:37 upstream 902e7f373fff 2f537099 .config console log report info ci-qemu-upstream-386 inconsistent lock state in sco_conn_del
2021/08/06 05:39 upstream 902e7f373fff 2f537099 .config console log report info ci-qemu-upstream-386 inconsistent lock state in sco_conn_del
2021/08/05 22:48 upstream 902e7f373fff d2d6e680 .config console log report info ci-qemu-upstream-386 inconsistent lock state in sco_conn_del
2021/08/05 08:15 upstream 251a1524293d 7f7bb950 .config console log report info ci-qemu-upstream-386 inconsistent lock state in sco_conn_del
2021/08/05 03:54 upstream 251a1524293d b97d64c9 .config console log report info ci-qemu-upstream-386 inconsistent lock state in sco_conn_del
2021/08/05 00:30 upstream 251a1524293d b97d64c9 .config console log report info ci-qemu-upstream-386 inconsistent lock state in sco_conn_del
2021/08/08 22:43 linux-next 7999516e20bd 6972b106 .config console log report info ci-upstream-linux-next-kasan-gce-root inconsistent lock state in sco_conn_del
2021/08/04 07:00 linux-next 8d4b477da1a8 6c236867 .config console log report info ci-upstream-linux-next-kasan-gce-root inconsistent lock state in sco_conn_del
2021/06/16 11:29 linux-next a1f92694393a c06f97ad .config console log report info ci-upstream-linux-next-kasan-gce-root inconsistent lock state in sco_conn_del
2021/06/09 16:17 linux-next a1f92694393a 84fe5d96 .config console log report info ci-upstream-linux-next-kasan-gce-root inconsistent lock state in sco_conn_del
2020/12/30 02:51 upstream 139711f033f6 0fa352f2 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/08/11 02:41 linux-next f80535b9aa10 7adc7b65 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.