syzbot


possible deadlock in hci_unregister_dev

Status: auto-obsoleted due to no activity on 2024/03/11 12:23
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+c933391d8e4089f1f53e@syzkaller.appspotmail.com
First crash: 607d, last: 106d
Discussions (8)
Title Replies (including bot) Last reply
[syzbot] Monthly bluetooth report (Jan 2024) 0 (1) 2024/01/04 11:26
[syzbot] Monthly bluetooth report (Dec 2023) 0 (1) 2023/12/04 12:38
[syzbot] Monthly bluetooth report (Nov 2023) 0 (1) 2023/11/03 10:22
[syzbot] Monthly bluetooth report (Oct 2023) 0 (1) 2023/10/02 12:39
[syzbot] Monthly bluetooth report (Sep 2023) 0 (1) 2023/09/01 08:50
[syzbot] Monthly bluetooth report (Aug 2023) 0 (1) 2023/08/01 12:53
[syzbot] Monthly bluetooth report (Apr 2023) 0 (1) 2023/04/30 08:00
[syzbot] possible deadlock in hci_unregister_dev 0 (1) 2022/08/22 09:30
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in hci_unregister_dev 1 337d 337d 0/3 auto-obsoleted due to no activity on 2023/08/23 18:31
linux-6.1 possible deadlock in hci_unregister_dev (2) 4 189d 194d 0/3 auto-obsoleted due to no activity on 2024/01/18 06:44

Sample crash report:
EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
======================================================
WARNING: possible circular locking dependency detected
6.6.0-syzkaller-16039-gac347a0655db #0 Not tainted
------------------------------------------------------
syz-executor.0/23332 is trying to acquire lock:
ffff888060f8cae0 ((work_completion)(&(&hdev->discov_off)->work)){+.+.}-{0:0}, at: __flush_work+0xfa/0xa10 kernel/workqueue.c:3403

but task is already holding lock:
ffff888060f8c078 (&hdev->lock){+.+.}-{3:3}, at: hci_unregister_dev+0x46a/0x600 net/bluetooth/hci_core.c:2744

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&hdev->lock){+.+.}-{3:3}:
       __mutex_lock_common kernel/locking/mutex.c:603 [inline]
       __mutex_lock+0x181/0x1340 kernel/locking/mutex.c:747
       discov_off+0x8c/0x1d0 net/bluetooth/mgmt.c:1055
       process_one_work+0x884/0x15c0 kernel/workqueue.c:2630
       process_scheduled_works kernel/workqueue.c:2703 [inline]
       worker_thread+0x8b9/0x1290 kernel/workqueue.c:2784
       kthread+0x33c/0x440 kernel/kthread.c:388
       ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
       ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242

-> #0 ((work_completion)(&(&hdev->discov_off)->work)){+.+.}-{0:0}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain kernel/locking/lockdep.c:3868 [inline]
       __lock_acquire+0x2e3d/0x5de0 kernel/locking/lockdep.c:5136
       lock_acquire kernel/locking/lockdep.c:5753 [inline]
       lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5718
       __flush_work+0x103/0xa10 kernel/workqueue.c:3403
       __cancel_work_timer+0x3ef/0x580 kernel/workqueue.c:3494
       mgmt_index_removed+0x1ed/0x350 net/bluetooth/mgmt.c:9436
       hci_unregister_dev+0x472/0x600 net/bluetooth/hci_core.c:2745
       vhci_release+0x7f/0x100 drivers/bluetooth/hci_vhci.c:672
       __fput+0x270/0xbb0 fs/file_table.c:394
       task_work_run+0x14d/0x240 kernel/task_work.c:180
       exit_task_work include/linux/task_work.h:38 [inline]
       do_exit+0xa92/0x2ae0 kernel/exit.c:871
       do_group_exit+0xd4/0x2a0 kernel/exit.c:1021
       get_signal+0x23ba/0x2790 kernel/signal.c:2904
       arch_do_signal_or_restart+0x90/0x7f0 arch/x86/kernel/signal.c:309
       exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
       exit_to_user_mode_prepare+0x11f/0x240 kernel/entry/common.c:204
       __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
       syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:296
       do_syscall_64+0x4b/0x110 arch/x86/entry/common.c:88
       entry_SYSCALL_64_after_hwframe+0x63/0x6b

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&hdev->lock);
                               lock((work_completion)(&(&hdev->discov_off)->work));
                               lock(&hdev->lock);
  lock((work_completion)(&(&hdev->discov_off)->work));

 *** DEADLOCK ***

1 lock held by syz-executor.0/23332:
 #0: ffff888060f8c078 (&hdev->lock){+.+.}-{3:3}, at: hci_unregister_dev+0x46a/0x600 net/bluetooth/hci_core.c:2744

stack backtrace:
CPU: 1 PID: 23332 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller-16039-gac347a0655db #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
 check_noncircular+0x311/0x3f0 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain kernel/locking/lockdep.c:3868 [inline]
 __lock_acquire+0x2e3d/0x5de0 kernel/locking/lockdep.c:5136
 lock_acquire kernel/locking/lockdep.c:5753 [inline]
 lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5718
 __flush_work+0x103/0xa10 kernel/workqueue.c:3403
 __cancel_work_timer+0x3ef/0x580 kernel/workqueue.c:3494
 mgmt_index_removed+0x1ed/0x350 net/bluetooth/mgmt.c:9436
 hci_unregister_dev+0x472/0x600 net/bluetooth/hci_core.c:2745
 vhci_release+0x7f/0x100 drivers/bluetooth/hci_vhci.c:672
 __fput+0x270/0xbb0 fs/file_table.c:394
 task_work_run+0x14d/0x240 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa92/0x2ae0 kernel/exit.c:871
 do_group_exit+0xd4/0x2a0 kernel/exit.c:1021
 get_signal+0x23ba/0x2790 kernel/signal.c:2904
 arch_do_signal_or_restart+0x90/0x7f0 arch/x86/kernel/signal.c:309
 exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
 exit_to_user_mode_prepare+0x11f/0x240 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:296
 do_syscall_64+0x4b/0x110 arch/x86/entry/common.c:88
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fc9164a7ef5
Code: Unable to access opcode bytes at 0x7fc9164a7ecb.
RSP: 002b:00007fc91717e010 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: fffffffffffffdfc RBX: 00007fc91659bf80 RCX: 00007fc9164a7ef5
RDX: 00007fc91717e050 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fc9164c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 000000000000000b R14: 00007fc91659bf80 R15: 00007ffe4cc825b8
 </TASK>

Crashes (175):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/10 23:45 upstream ac347a0655db 45e9b83e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in hci_unregister_dev
2023/10/10 19:18 upstream 94f6f0550c62 83165b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hci_unregister_dev
2023/10/10 04:16 upstream 94f6f0550c62 c9be5398 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hci_unregister_dev
2023/09/26 21:37 upstream 50768a425b46 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hci_unregister_dev
2022/11/05 18:23 upstream b208b9fbbcba 6d752409 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in hci_unregister_dev
2024/01/01 12:22 net dcea1bd45e6d fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/12/20 11:29 net 8353c2abc02c 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/12/18 19:13 net 979e90173af8 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/12/17 22:31 net 979e90173af8 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/12/10 05:16 net 69db702c8387 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/28 16:34 net 91d3d149978b 1adfb6f6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/28 04:38 net ec2610b129b4 9fe51b7c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/27 19:03 net ccf49cebe595 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/26 02:14 net e2b706c69190 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/22 15:32 net 6a26310273c3 03e12510 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/19 06:50 net 76df934c6d5f cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/14 23:25 net 4b7b492615cf cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/13 11:08 net 5d64075cd800 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/11 21:35 net 2bd5b559a1f3 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/11 01:59 net 719639853d88 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/10 21:03 net 719639853d88 45e9b83e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/10 08:12 net 89cdf9d55601 45e9b83e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/10/06 19:26 net c4d49196ceec ea12a918 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/10/05 19:22 net fcdfc462881d db17ad9f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/10/05 13:03 net d0f95894fda7 b7d7ff54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/10/05 03:00 net d0f95894fda7 b7d7ff54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/11/27 09:56 net-next dba1b8a7ab68 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/26 03:51 net-next 9f1f6111fd5d 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/25 11:30 net-next 53775da0b476 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/25 08:17 net-next 53775da0b476 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/23 06:50 net-next 750011e239a5 03e12510 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/22 01:39 net-next 335662889f5a cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/21 00:02 net-next 94c81c626689 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/19 18:39 net-next ac40916a3f72 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/16 13:17 net-next 3185d57cfcd3 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/16 10:32 net-next e316dd1cf135 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/15 05:17 net-next 8fedaaca4071 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/14 01:30 net-next 89cdf9d55601 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/13 12:16 net-next 89cdf9d55601 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/12 10:17 net-next 89cdf9d55601 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/12 03:52 net-next 89cdf9d55601 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/10/22 03:47 net-next e10f4019b18d 361b23dc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/10/20 04:30 net-next 7ce6936045ba 42e1d524 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/10/19 14:49 net-next b91f2e13c972 42e1d524 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/10/19 11:21 net-next b91f2e13c972 342b9c55 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/10/16 20:58 net-next dccce1d7c040 6388bc36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/10/16 03:29 net-next c49bba011b51 6388bc36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/10/16 01:12 net-next 4b714fd1a05b 6388bc36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/10/14 08:13 net-next cf8b49fbd041 6388bc36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/10/12 22:37 net-next 21b2e2624d2e fc170927 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/10/04 13:29 net-next 20f7cce7cf18 b7d7ff54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/11/11 03:07 linux-next e27090b1413f 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hci_unregister_dev
2022/08/18 09:21 linux-next 5b6a4bf680d6 d58e263f .config console log report info ci-upstream-linux-next-kasan-gce-root possible deadlock in hci_unregister_dev
* Struck through repros no longer work on HEAD.