syzbot


possible deadlock in hci_unregister_dev

Status: upstream: reported on 2022/08/22 09:30
Labels: bluetooth (incorrect?)
Reported-by: syzbot+c933391d8e4089f1f53e@syzkaller.appspotmail.com
First crash: 284d, last: 31d
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] Monthly bluetooth report (Apr 2023) 0 (1) 2023/04/30 08:00
[syzbot] possible deadlock in hci_unregister_dev 0 (1) 2022/08/22 09:30
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in hci_unregister_dev 1 14d 14d 0/3 upstream: reported on 2023/05/15 18:31

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.2.0-rc5-syzkaller-00013-g2475bf0250de #0 Not tainted
------------------------------------------------------
syz-executor.3/5095 is trying to acquire lock:
ffff888027194a00 ((work_completion)(&(&hdev->discov_off)->work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xaf0 kernel/workqueue.c:3066

but task is already holding lock:
ffff888027194078 (&hdev->lock){+.+.}-{3:3}, at: hci_unregister_dev+0x396/0x580 net/bluetooth/hci_core.c:2707

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&hdev->lock){+.+.}-{3:3}:
       __mutex_lock_common kernel/locking/mutex.c:603 [inline]
       __mutex_lock+0x12f/0x1360 kernel/locking/mutex.c:747
       discov_off+0x8c/0x1a0 net/bluetooth/mgmt.c:1037
       process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
       worker_thread+0x669/0x1090 kernel/workqueue.c:2436
       kthread+0x2e8/0x3a0 kernel/kthread.c:376
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

-> #0 ((work_completion)(&(&hdev->discov_off)->work)){+.+.}-{0:0}:
       check_prev_add kernel/locking/lockdep.c:3097 [inline]
       check_prevs_add kernel/locking/lockdep.c:3216 [inline]
       validate_chain kernel/locking/lockdep.c:3831 [inline]
       __lock_acquire+0x2a43/0x56d0 kernel/locking/lockdep.c:5055
       lock_acquire kernel/locking/lockdep.c:5668 [inline]
       lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
       __flush_work+0x109/0xaf0 kernel/workqueue.c:3069
       __cancel_work_timer+0x3f9/0x570 kernel/workqueue.c:3160
       mgmt_index_removed+0x21c/0x340 net/bluetooth/mgmt.c:9432
       hci_unregister_dev+0x39e/0x580 net/bluetooth/hci_core.c:2708
       vhci_release+0x80/0xf0 drivers/bluetooth/hci_vhci.c:568
       __fput+0x27c/0xa90 fs/file_table.c:320
       task_work_run+0x16f/0x270 kernel/task_work.c:179
       exit_task_work include/linux/task_work.h:38 [inline]
       do_exit+0xaa8/0x2950 kernel/exit.c:867
       do_group_exit+0xd4/0x2a0 kernel/exit.c:1012
       __do_sys_exit_group kernel/exit.c:1023 [inline]
       __se_sys_exit_group kernel/exit.c:1021 [inline]
       __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1021
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&hdev->lock);
                               lock((work_completion)(&(&hdev->discov_off)->work));
                               lock(&hdev->lock);
  lock((work_completion)(&(&hdev->discov_off)->work));

 *** DEADLOCK ***

1 lock held by syz-executor.3/5095:
 #0: ffff888027194078 (&hdev->lock){+.+.}-{3:3}, at: hci_unregister_dev+0x396/0x580 net/bluetooth/hci_core.c:2707

stack backtrace:
CPU: 0 PID: 5095 Comm: syz-executor.3 Not tainted 6.2.0-rc5-syzkaller-00013-g2475bf0250de #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106
 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2177
 check_prev_add kernel/locking/lockdep.c:3097 [inline]
 check_prevs_add kernel/locking/lockdep.c:3216 [inline]
 validate_chain kernel/locking/lockdep.c:3831 [inline]
 __lock_acquire+0x2a43/0x56d0 kernel/locking/lockdep.c:5055
 lock_acquire kernel/locking/lockdep.c:5668 [inline]
 lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
 __flush_work+0x109/0xaf0 kernel/workqueue.c:3069
 __cancel_work_timer+0x3f9/0x570 kernel/workqueue.c:3160
 mgmt_index_removed+0x21c/0x340 net/bluetooth/mgmt.c:9432
 hci_unregister_dev+0x39e/0x580 net/bluetooth/hci_core.c:2708
 vhci_release+0x80/0xf0 drivers/bluetooth/hci_vhci.c:568
 __fput+0x27c/0xa90 fs/file_table.c:320
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xaa8/0x2950 kernel/exit.c:867
 do_group_exit+0xd4/0x2a0 kernel/exit.c:1012
 __do_sys_exit_group kernel/exit.c:1023 [inline]
 __se_sys_exit_group kernel/exit.c:1021 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1021
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f93fb68c0c9
Code: Unable to access opcode bytes at 0x7f93fb68c09f.
RSP: 002b:00007fff6e1e3298 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fff6e1e3440 RCX: 00007f93fb68c0c9
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000043
RBP: 0000000000000000 R08: 0000000000000025 R09: 00007fff6e1e3440
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f93fb6e7aba
R13: 000000000000001c R14: 000000000000001c R15: 00007fff6e1e3480
 </TASK>

Crashes (82):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/01/23 17:25 upstream 2475bf0250de 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hci_unregister_dev
2023/01/19 02:32 upstream 7287904c8771 42660d9e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hci_unregister_dev
2023/01/15 20:19 upstream 5dc4c995db9e a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hci_unregister_dev
2023/01/12 09:37 upstream e8f60cd7db24 96166539 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hci_unregister_dev
2023/01/12 08:05 upstream e8f60cd7db24 96166539 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hci_unregister_dev
2023/01/09 07:38 upstream 1fe4fd6f5cad 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hci_unregister_dev
2022/12/16 14:58 upstream 84e57d292203 79e1d513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hci_unregister_dev
2022/12/04 21:10 upstream c2bf05db6c78 e080de16 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hci_unregister_dev
2022/12/02 20:24 upstream a4412fdd49dc e080de16 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hci_unregister_dev
2022/11/29 12:45 upstream ca57f02295f1 05dc7993 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hci_unregister_dev
2022/11/15 10:56 upstream e01d50cbd6ee 97de9cfc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hci_unregister_dev
2022/11/05 18:23 upstream b208b9fbbcba 6d752409 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in hci_unregister_dev
2022/11/04 14:43 upstream ee6050c8af96 6d752409 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hci_unregister_dev
2022/09/30 08:52 upstream 987a926c1d8a 1d385642 .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-selinux-root possible deadlock in hci_unregister_dev
2022/09/28 16:07 upstream 49c13ed0316d e2556bc3 .config console log report info ci-upstream-kasan-gce-smack-root possible deadlock in hci_unregister_dev
2022/09/26 22:31 upstream 3800a713b607 10323ddf .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-smack-root possible deadlock in hci_unregister_dev
2022/09/26 11:15 upstream f76349cf4145 d59ba983 .config console log report info ci-upstream-kasan-gce-root possible deadlock in hci_unregister_dev
2022/09/26 03:00 upstream f76349cf4145 0042f2b4 .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-selinux-root possible deadlock in hci_unregister_dev
2022/09/25 14:17 upstream 105a36f3694e 0042f2b4 .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-root possible deadlock in hci_unregister_dev
2022/09/25 12:54 upstream 105a36f3694e 0042f2b4 .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-root possible deadlock in hci_unregister_dev
2023/04/28 10:44 net 6686317855c6 457a6e0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/04/27 22:46 net 075cafffce24 70a605de .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/04/26 16:01 net 50749f2dd685 19a3dabe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/02/04 15:51 net-old a05e7a67986c be607b78 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/01/27 23:45 net-old 7083df59abbc 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/12/16 23:35 net-old 13e3c7793e2f 05494336 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/12/13 16:57 net-old e095493091e8 e660de91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/11/30 10:01 net-old 01f856ae6d0c 4c2a66e8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/11/28 02:16 net-old 369eb2c9f1f7 74a66371 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/11/25 20:52 net-old 31d929de5a11 74a66371 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/11/12 17:29 net-old 9cbd48d5fa14 3ead01ad .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/11/08 21:21 net-old ce9e57feeed8 060f945e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/10/20 21:27 net-old fa182ea26ff0 a0fd4dab .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/10/20 21:15 net-old fa182ea26ff0 a0fd4dab .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/10/19 05:20 net-old fa182ea26ff0 b31320fc .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/10/15 02:32 net-old fa182ea26ff0 67cb024c .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/10/14 08:48 net-old fa182ea26ff0 4954e4b2 .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/10/04 09:00 net-old 93e2be344a7d feb56351 .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/09/30 23:06 net-old 0bafedc53649 feb56351 .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2022/09/30 00:44 net-old 511cce163b75 1d385642 .config console log report info ci-upstream-net-this-kasan-gce possible deadlock in hci_unregister_dev
2023/01/24 20:04 net-next-old c554520f2cbe 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/01/19 20:25 net-next-old 9ffb07a3e6b8 1b826a2f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/01/18 23:48 net-next-old 68e5b6aa2795 42660d9e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/01/18 12:47 net-next-old c4791b3196bf 42660d9e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/01/18 01:22 net-next-old 0c68c8e5ec68 aedf5331 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/01/17 18:23 net-next-old 0c68c8e5ec68 aedf5331 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/01/17 05:12 net-next-old 86ce04f39b30 a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/01/17 03:49 net-next-old 86ce04f39b30 a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/01/15 07:22 net-next-old 298bfe27d112 a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2023/01/10 07:27 net-next-old 12c1604ae1a3 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2022/12/12 17:39 net-next-old 6d534ee057b6 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2022/12/02 11:14 net-next-old 9e855b1fe37f e080de16 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2022/12/01 15:54 net-next-old 9e855b1fe37f e080de16 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2022/11/29 03:02 net-next-old c672e3727989 ca9683b8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2022/10/15 01:36 net-next-old 0326074ff465 67cb024c .config console log report info [disk image] [vmlinux] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2022/10/14 20:53 net-next-old 0326074ff465 4954e4b2 .config console log report info [disk image] [vmlinux] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2022/10/01 22:27 net-next-old bc37b24ee05e feb56351 .config console log report info [disk image] [vmlinux] ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2022/10/01 04:11 net-next-old 5fcc2cfc14ae feb56351 .config console log report info ci-upstream-net-kasan-gce possible deadlock in hci_unregister_dev
2022/11/30 11:45 linux-next 9e46a7996732 4c2a66e8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hci_unregister_dev
2022/11/08 22:38 linux-next 0cdb3579f1ee 060f945e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hci_unregister_dev
2022/08/18 09:21 linux-next 5b6a4bf680d6 d58e263f .config console log report info ci-upstream-linux-next-kasan-gce-root possible deadlock in hci_unregister_dev
* Struck through repros no longer work on HEAD.