syzbot

 sign-in | mailing list | source | docs
🐞 Open [966] Subsystems 🐞 Fixed [4556] 🐞 Invalid [10489] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

possible deadlock in discov_off

Status: upstream: reported on 2022/10/03 07:18
Labels: bluetooth (incorrect?)
Reported-by: syzbot+f047480b1e906b46a3f4@syzkaller.appspotmail.com
First crash: 243d, last: 31d
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] Monthly bluetooth report (Apr 2023) 0 (1) 2023/04/30 08:00
[syzbot] possible deadlock in discov_off 0 (1) 2022/10/03 07:18

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.2.0-rc2-syzkaller-00282-g0a71553536d2 #0 Not tainted
------------------------------------------------------
kworker/u5:0/21970 is trying to acquire lock:
ffff88803c228078 (&hdev->lock){+.+.}-{3:3}, at: discov_off+0x8c/0x1a0 net/bluetooth/mgmt.c:1037

but task is already holding lock:
ffffc9000316fda8 ((work_completion)(&(&hdev->discov_off)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 kernel/workqueue.c:2264

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 ((work_completion)(&(&hdev->discov_off)->work)){+.+.}-{0:0}:
       __flush_work+0x109/0xaf0 kernel/workqueue.c:3069
       __cancel_work_timer+0x3f9/0x570 kernel/workqueue.c:3160
       mgmt_index_removed+0x21c/0x340 net/bluetooth/mgmt.c:9432
       hci_unregister_dev+0x39e/0x580 net/bluetooth/hci_core.c:2708
       vhci_release+0x80/0xf0 drivers/bluetooth/hci_vhci.c:568
       __fput+0x27c/0xa90 fs/file_table.c:320
       task_work_run+0x16f/0x270 kernel/task_work.c:179
       exit_task_work include/linux/task_work.h:38 [inline]
       do_exit+0xaa8/0x2950 kernel/exit.c:867
       do_group_exit+0xd4/0x2a0 kernel/exit.c:1012
       get_signal+0x21c3/0x2450 kernel/signal.c:2859
       arch_do_signal_or_restart+0x79/0x5c0 arch/x86/kernel/signal.c:306
       exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
       exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203
       __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
       syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
       do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #0 (&hdev->lock){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3097 [inline]
       check_prevs_add kernel/locking/lockdep.c:3216 [inline]
       validate_chain kernel/locking/lockdep.c:3831 [inline]
       __lock_acquire+0x2a43/0x56d0 kernel/locking/lockdep.c:5055
       lock_acquire kernel/locking/lockdep.c:5668 [inline]
       lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
       __mutex_lock_common kernel/locking/mutex.c:603 [inline]
       __mutex_lock+0x12f/0x1360 kernel/locking/mutex.c:747
       discov_off+0x8c/0x1a0 net/bluetooth/mgmt.c:1037
       process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
       worker_thread+0x669/0x1090 kernel/workqueue.c:2436
       kthread+0x2e8/0x3a0 kernel/kthread.c:376
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((work_completion)(&(&hdev->discov_off)->work));
                               lock(&hdev->lock);
                               lock((work_completion)(&(&hdev->discov_off)->work));
  lock(&hdev->lock);

 *** DEADLOCK ***

2 locks held by kworker/u5:0/21970:
 #0: ffff888075622938 ((wq_completion)hci0){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888075622938 ((wq_completion)hci0){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888075622938 ((wq_completion)hci0){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888075622938 ((wq_completion)hci0){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff888075622938 ((wq_completion)hci0){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff888075622938 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710 kernel/workqueue.c:2260
 #1: ffffc9000316fda8 ((work_completion)(&(&hdev->discov_off)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 kernel/workqueue.c:2264

stack backtrace:
CPU: 0 PID: 21970 Comm: kworker/u5:0 Not tainted 6.2.0-rc2-syzkaller-00282-g0a71553536d2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: hci0 discov_off
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106
 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2177
 check_prev_add kernel/locking/lockdep.c:3097 [inline]
 check_prevs_add kernel/locking/lockdep.c:3216 [inline]
 validate_chain kernel/locking/lockdep.c:3831 [inline]
 __lock_acquire+0x2a43/0x56d0 kernel/locking/lockdep.c:5055
 lock_acquire kernel/locking/lockdep.c:5668 [inline]
 lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
 __mutex_lock_common kernel/locking/mutex.c:603 [inline]
 __mutex_lock+0x12f/0x1360 kernel/locking/mutex.c:747
 discov_off+0x8c/0x1a0 net/bluetooth/mgmt.c:1037
 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
 worker_thread+0x669/0x1090 kernel/workqueue.c:2436
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>

Crashes (47):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/01/07 09:03 upstream 0a71553536d2 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in discov_off
2023/01/03 19:10 upstream 69b41ac87e4a 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in discov_off
2022/12/06 22:04 upstream 8ed710da2873 d88f3abb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in discov_off
2022/11/26 18:39 upstream 644e9524388a 74a66371 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in discov_off
2022/11/05 22:02 upstream b208b9fbbcba 6d752409 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in discov_off
2022/10/03 15:23 upstream 4fe89d07dcc2 feb56351 .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-selinux-root possible deadlock in discov_off
2022/09/29 07:10 upstream c3e0e1e23c70 e2556bc3 .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-root possible deadlock in discov_off
2023/04/28 10:55 net 6686317855c6 457a6e0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2023/04/28 01:29 net 075cafffce24 70a605de .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2023/04/26 02:13 net 50749f2dd685 7560799c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2023/02/01 21:20 net-old 64466c407a73 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2023/01/19 12:23 net-old 4fb58ac3368c 1b826a2f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2023/01/01 15:37 net-old d9d71a89f28d ab32d508 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/12/23 00:24 net-old fa349e396e48 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/12/20 07:12 net-old 4be84df38a6f c52b2efb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/12/19 14:12 net-old 98dbec0a0adc 05494336 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/12/02 12:58 net-old 4eb0c28551fd e080de16 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/11/27 14:11 net-old 31d929de5a11 74a66371 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/11/27 07:35 net-old 31d929de5a11 74a66371 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/11/11 07:00 net-old 4bbf3422df78 3ead01ad .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/10/18 02:38 net-old fa182ea26ff0 754863b4 .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/10/16 00:20 net-old fa182ea26ff0 67cb024c .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/10/13 07:01 net-old fa182ea26ff0 3f6b40a1 .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/10/12 20:31 net-old 3a732b46736c 89b5a509 .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/10/10 14:01 net-old af7d23f9d96a aea5da89 .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/10/09 20:12 net-old 557f050166e5 aea5da89 .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/10/06 10:41 net-old 1d22f78d0573 131b38ac .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/10/05 04:44 net-old 93e2be344a7d eab8f949 .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/10/04 11:54 net-old 93e2be344a7d 77d3f689 .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/10/04 09:50 net-old 93e2be344a7d feb56351 .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2022/10/02 10:59 net-old ae3ed15da588 feb56351 .config console log report info [disk image] [vmlinux] ci-upstream-net-this-kasan-gce possible deadlock in discov_off
2023/01/23 04:32 net-next-old a7b87d2a31dc 559a440a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in discov_off
2023/01/20 04:00 net-next-old 3ef4a8c8963b 559a440a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in discov_off
2023/01/19 01:21 net-next-old 68e5b6aa2795 42660d9e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in discov_off
2023/01/15 19:38 net-next-old 298bfe27d112 a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in discov_off
2023/01/15 11:08 net-next-old 298bfe27d112 a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in discov_off
2022/12/20 22:03 net-next-old 9054b41c4e1b d3e76707 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in discov_off
2022/12/19 13:18 net-next-old aba5b397cad7 05494336 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in discov_off
2022/12/19 12:20 net-next-old aba5b397cad7 05494336 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in discov_off
2022/12/10 21:32 net-next-old dd8b3a802b64 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in discov_off
2022/12/01 16:16 net-next-old 9e855b1fe37f e080de16 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in discov_off
2022/11/10 14:41 net-next-old 0c9ef08a4d0f b2488a87 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in discov_off
2022/10/16 12:35 net-next-old 0326074ff465 67cb024c .config console log report info [disk image] [vmlinux] ci-upstream-net-kasan-gce possible deadlock in discov_off
2022/10/11 16:32 net-next-old 0326074ff465 1353c374 .config console log report info [disk image] [vmlinux] ci-upstream-net-kasan-gce possible deadlock in discov_off
2022/10/11 02:18 net-next-old 0326074ff465 2b253ced .config console log report info [disk image] [vmlinux] ci-upstream-net-kasan-gce possible deadlock in discov_off
2022/10/07 18:28 net-next-old 0326074ff465 0de35f24 .config console log report info [disk image] [vmlinux] ci-upstream-net-kasan-gce possible deadlock in discov_off
2023/01/21 10:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci edb2f0dc90f2 559a440a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in discov_off
* Struck through repros no longer work on HEAD.