syzbot

 sign-in | mailing list | source | docs
🐞 Open [961] 🐞 Fixed [3806] 🐞 Invalid [8177] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

possible deadlock in rfcomm_sk_state_change
Status: upstream: reported C repro on 2021/09/13 05:15
Reported-by: syzbot+d7ce59b06b3eb14fd218@syzkaller.appspotmail.com
First crash: 259d, last: 18h42m

Cause bisection: introduced by (bisect log) :
commit 1804fdf6e494e5e2938c65d8391690b59bcff897
Author: Tedd Ho-Jeong An <tedd.an@intel.com>
Date: Thu Aug 5 00:32:19 2021 +0000

  Bluetooth: btintel: Combine setting up MSFT extension

Crash: BUG: sleeping function called from invalid context in stack_depot_save (log)
Repro: C syz .config
Patch testing requests:
Created Duration User Patch Repo Result
2021/10/10 13:34 11m phind.uet@gmail.com linux-next report log
2021/10/10 13:32 11m phind.uet@gmail.com linux-next report log

Sample crash report:
============================================
WARNING: possible recursive locking detected
5.18.0-syzkaller-02752-gfdaf9a5840ac #0 Not tainted
--------------------------------------------
syz-executor372/3606 is trying to acquire lock:
ffff888016db5130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1682 [inline]
ffff888016db5130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x52/0x2f0 net/bluetooth/rfcomm/sock.c:73

but task is already holding lock:
ffff888016db5130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1682 [inline]
ffff888016db5130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x51/0x220 net/bluetooth/rfcomm/sock.c:902

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM);
  lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

4 locks held by syz-executor372/3606:
 #0: ffff88807249ca10 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:732 [inline]
 #0: ffff88807249ca10 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: __sock_release net/socket.c:649 [inline]
 #0: ffff88807249ca10 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: sock_close+0x93/0x260 net/socket.c:1318
 #1: ffff888016db5130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1682 [inline]
 #1: ffff888016db5130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x51/0x220 net/bluetooth/rfcomm/sock.c:902
 #2: ffffffff8dd24508 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x32/0x1c0 net/bluetooth/rfcomm/core.c:507
 #3: ffff888020d3c128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x276/0x470 net/bluetooth/rfcomm/core.c:487

stack backtrace:
CPU: 1 PID: 3606 Comm: syz-executor372 Not tainted 5.18.0-syzkaller-02752-gfdaf9a5840ac #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:2957 [inline]
 check_deadlock kernel/locking/lockdep.c:3000 [inline]
 validate_chain+0x485d/0x65c0 kernel/locking/lockdep.c:3785
 __lock_acquire+0x129a/0x1f80 kernel/locking/lockdep.c:5022
 lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5634
 lock_sock_nested+0x44/0xf0 net/core/sock.c:3312
 lock_sock include/net/sock.h:1682 [inline]
 rfcomm_sk_state_change+0x52/0x2f0 net/bluetooth/rfcomm/sock.c:73
 __rfcomm_dlc_close+0x2bb/0x470 net/bluetooth/rfcomm/core.c:489
 rfcomm_dlc_close+0x10d/0x1c0 net/bluetooth/rfcomm/core.c:520
 __rfcomm_sock_close+0x101/0x220 net/bluetooth/rfcomm/sock.c:220
 rfcomm_sock_shutdown+0xa5/0x220 net/bluetooth/rfcomm/sock.c:905
 rfcomm_sock_release+0x55/0x120 net/bluetooth/rfcomm/sock.c:925
 __sock_release net/socket.c:650 [inline]
 sock_close+0xd7/0x260 net/socket.c:1318
 __fput+0x3b9/0x820 fs/file_table.c:317
 task_work_run+0x146/0x1c0 kernel/task_work.c:177
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x547/0x1eb0 kernel/exit.c:795
 do_group_exit+0x23b/0x2f0 kernel/exit.c:925
 get_signal+0x172f/0x1780 kernel/signal.c:2875
 arch_do_signal_or_restart+0x8d/0x750 arch/x86/kernel/signal.c:869
 exit_to_user_mode_loop+0x74/0x160 kernel/entry/common.c:166
 exit_to_user_mode_prepare+0xad/0x110 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0x2e/0x60 kernel/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f81bfac71a9
Code: Unable to access opcode bytes at RIP 0x7f81bfac717f.
RSP: 002b:00007ffe73b98968 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 00007f81bfac71a9
RDX: 0000000000000080 RSI: 00000000200001c0 RDI: 0000000000000004
RBP: 0000000000000003 R08: 000000ff00000001 R09: 000000ff00000001
R10: 0000000000000000 R11: 0000000000000246 R12: 000055555675d2b8
R13: 0000000000000072 R14: 00007ffe73b989c0 R15: 0000000000000003
 </TASK>

Crashes (4061):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2022/05/25 18:16 upstream fdaf9a5840ac 647c0e27 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/20 12:26 upstream b015dcd62b86 cb1ac2e7 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/20 05:32 upstream b015dcd62b86 cb1ac2e7 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/18 10:51 upstream 210e04ff7681 744a39e2 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/17 21:05 upstream 42226c989789 744a39e2 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/17 18:58 upstream 42226c989789 744a39e2 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/17 17:45 upstream 42226c989789 744a39e2 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/17 12:32 upstream 42226c989789 744a39e2 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2022/05/17 09:56 upstream 42226c989789 744a39e2 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/15 08:16 upstream 2fe1020d73ca 744a39e2 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/13 19:52 upstream f3f19f939c11 107f6434 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/13 18:50 upstream f3f19f939c11 107f6434 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/13 00:04 upstream 0ac824f379fb 9ad6612a .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-root 2022/05/12 07:42 upstream feb9c5e19e91 beb0b407 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/11 13:22 upstream feb9c5e19e91 8d7b3b67 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/11 11:35 upstream feb9c5e19e91 8d7b3b67 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/11 09:00 upstream feb9c5e19e91 8d7b3b67 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/11 07:54 upstream feb9c5e19e91 8d7b3b67 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/11 05:52 upstream feb9c5e19e91 8d7b3b67 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/11 03:11 upstream feb9c5e19e91 8d7b3b67 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/10 10:57 upstream 9be9ed2612b5 8b277b8e .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/10 08:07 upstream 9be9ed2612b5 8b277b8e .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2022/04/28 07:14 upstream 8f4dd16603ce 8a1f1f07 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2022/04/27 06:52 upstream cf424ef014ac 1fa34c1b .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-root 2022/04/18 14:22 upstream b2d229d4ddb1 8bcc32a6 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-root 2022/04/13 23:02 upstream a19944809fe9 b17b2923 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-root 2022/04/09 21:01 upstream f1b45d8ccb98 e22c3da3 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2022/04/07 12:51 upstream 3e732ebf7316 c6ff3e05 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2022/04/07 06:36 upstream 3e732ebf7316 97582466 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2022/04/07 03:17 upstream 3e732ebf7316 97582466 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2022/04/07 01:50 upstream 3e732ebf7316 97582466 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2022/04/06 05:26 upstream ce4c854ee868 0127c10f .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2021/09/09 20:55 upstream a3fa7a101dcf e2776ee4 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-linux-next-kasan-gce-root 2022/05/20 12:29 linux-next 3f7bdc402fb0 cb1ac2e7 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-linux-next-kasan-gce-root 2022/05/15 22:34 linux-next 1e1b28b936ae 744a39e2 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-linux-next-kasan-gce-root 2022/04/25 03:02 linux-next f1244c81da13 131df97d .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-linux-next-kasan-gce-root 2022/04/24 13:12 linux-next f1244c81da13 131df97d .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-linux-next-kasan-gce-root 2022/04/07 18:34 linux-next 2e9a9857569e c6ff3e05 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-linux-next-kasan-gce-root 2022/04/07 17:11 linux-next 2e9a9857569e c6ff3e05 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-linux-next-kasan-gce-root 2022/04/07 15:57 linux-next 2e9a9857569e c6ff3e05 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-linux-next-kasan-gce-root 2022/04/07 14:11 linux-next 2e9a9857569e c6ff3e05 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-linux-next-kasan-gce-root 2022/04/07 02:11 linux-next 109f6d10ec17 97582466 .config log report syz C possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-selinux-root 2022/05/26 05:57 upstream 7e062cda7d90 3037caa9 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-root 2022/05/26 02:19 upstream 7e062cda7d90 3037caa9 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2022/05/22 09:29 upstream eaea45fc0e7b 7268fa62 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2022/05/20 14:56 upstream 3d7285a335ed cb1ac2e7 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2022/05/19 08:51 upstream f993aed406ea 50c53f39 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-smack-root 2022/05/18 20:34 upstream ef1302160bfb 50c53f39 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-root 2022/05/17 05:09 upstream 42226c989789 744a39e2 .config log report info possible deadlock in rfcomm_sk_state_change
ci-qemu-upstream 2022/05/16 01:42 upstream bc403203d65a 744a39e2 .config log report info possible deadlock in rfcomm_sk_state_change
ci-qemu-upstream 2022/05/06 12:54 upstream fe27d189e3f4 e60b1103 .config log report info possible deadlock in rfcomm_sk_state_change
ci-qemu-upstream 2022/05/04 02:43 upstream ef8e4d3c2ab1 dc9e5259 .config log report info possible deadlock in rfcomm_sk_state_change
ci-qemu-upstream 2022/04/29 14:07 upstream 38d741cb70b3 e9076525 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-root 2022/04/25 20:44 upstream d615b5416f8a 152baedd .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-kasan-gce-root 2021/09/09 05:05 upstream 730bf31b8fc8 e2776ee4 .config log report info possible deadlock in rfcomm_sk_state_change
ci-qemu-upstream-386 2022/05/26 00:45 upstream fdaf9a5840ac 3037caa9 .config log report info possible deadlock in rfcomm_sk_state_change
ci-qemu-upstream-386 2022/05/18 22:21 upstream ef1302160bfb 50c53f39 .config log report info possible deadlock in rfcomm_sk_state_change
ci-qemu-upstream-386 2022/05/14 06:02 upstream f2dd007445b1 107f6434 .config log report info possible deadlock in rfcomm_sk_state_change
ci-qemu-upstream-386 2022/05/11 04:47 upstream feb9c5e19e91 8d7b3b67 .config log report info possible deadlock in rfcomm_sk_state_change
ci-qemu-upstream-386 2022/05/02 02:59 upstream b2da7df52e16 2df221f6 .config log report info possible deadlock in rfcomm_sk_state_change
ci-qemu-upstream-386 2022/04/23 11:07 upstream c00c5e1d157b 131df97d .config log report info possible deadlock in rfcomm_sk_state_change
ci-qemu-upstream-386 2022/04/19 17:35 upstream b2d229d4ddb1 c334415e .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/24 07:03 net 7fb0269720d7 e7f9308d .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/23 17:00 net 8c3b8dc5cc9b 4c7657cb .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/21 02:02 net 9b80ccda233f bd37ad7e .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/17 16:38 net edf410cb74dc 744a39e2 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/15 14:26 net 9500acc631db 744a39e2 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/13 22:17 net f3f19f939c11 107f6434 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/11 20:40 net 3cc5c6a7829a beb0b407 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/09 07:35 net 1c7ab9cd98b7 e60b1103 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/09 05:23 net 1c7ab9cd98b7 e60b1103 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/08 20:16 net 1c7ab9cd98b7 e60b1103 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/08 03:35 net 1c7ab9cd98b7 e60b1103 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/05 06:13 net 205557ba9904 dc9e5259 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/05 03:07 net 205557ba9904 dc9e5259 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/04 18:06 net ad0724b90a2d dc9e5259 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/04 01:02 net 5ef9b803a4af dc9e5259 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/02 16:07 net 79396934e289 2df221f6 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/02 09:33 net 79396934e289 2df221f6 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/05/01 17:37 net 47f753c1108e 2df221f6 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/04/30 22:56 net a9384a4c1d25 2df221f6 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/04/30 21:39 net a9384a4c1d25 2df221f6 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/04/30 15:39 net 95098d5ac255 2df221f6 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/04/30 13:08 net 95098d5ac255 2df221f6 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/04/30 00:48 net 4f159a7c4d1b 44a5ca63 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/04/28 18:14 net febb2d2fa561 e9076525 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/04/25 17:27 net c4c89a6ad8e1 c889aef9 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/04/25 07:34 net 165e3e17fe8f c889aef9 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-this-kasan-gce 2022/04/19 17:30 net 4cf35a2b627a c334415e .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-net-kasan-gce 2022/04/25 17:48 net-next c5794097b269 c889aef9 .config log report info possible deadlock in rfcomm_sk_state_change
ci-upstream-linux-next-kasan-gce-root 2022/05/24 18:14 linux-next 09ce5091ff97 fcfad4ff .config log report info possible deadlock in rfcomm_sk_state_change