syzbot


possible deadlock in discov_off

Status: upstream: reported on 2022/10/03 07:18
Reported-by: syzbot+f047480b1e906b46a3f4@syzkaller.appspotmail.com
First crash: 58d, last: 6h43m

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.1.0-rc6-syzkaller-00308-g644e9524388a #0 Not tainted
------------------------------------------------------
kworker/u5:3/21476 is trying to acquire lock:
ffff8880280f4078 (&hdev->lock){+.+.}-{3:3}, at: discov_off+0x8c/0x1a0 net/bluetooth/mgmt.c:1037

but task is already holding lock:
ffffc90004a7fda8 ((work_completion)(&(&hdev->discov_off)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 kernel/workqueue.c:2264

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 ((work_completion)(&(&hdev->discov_off)->work)){+.+.}-{0:0}:
       __flush_work+0x109/0xaf0 kernel/workqueue.c:3069
       __cancel_work_timer+0x3f9/0x570 kernel/workqueue.c:3160
       mgmt_index_removed+0x21c/0x340 net/bluetooth/mgmt.c:9433
       hci_unregister_dev+0x353/0x4e0 net/bluetooth/hci_core.c:2708
       vhci_release+0x80/0xf0 drivers/bluetooth/hci_vhci.c:568
       __fput+0x27c/0xa90 fs/file_table.c:320
       task_work_run+0x16f/0x270 kernel/task_work.c:179
       exit_task_work include/linux/task_work.h:38 [inline]
       do_exit+0xb3d/0x2a30 kernel/exit.c:820
       do_group_exit+0xd4/0x2a0 kernel/exit.c:950
       get_signal+0x21b1/0x2440 kernel/signal.c:2858
       arch_do_signal_or_restart+0x86/0x2300 arch/x86/kernel/signal.c:869
       exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
       exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203
       __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
       syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
       do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #0 (&hdev->lock){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3097 [inline]
       check_prevs_add kernel/locking/lockdep.c:3216 [inline]
       validate_chain kernel/locking/lockdep.c:3831 [inline]
       __lock_acquire+0x2a43/0x56d0 kernel/locking/lockdep.c:5055
       lock_acquire kernel/locking/lockdep.c:5668 [inline]
       lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
       __mutex_lock_common kernel/locking/mutex.c:603 [inline]
       __mutex_lock+0x12f/0x1360 kernel/locking/mutex.c:747
       discov_off+0x8c/0x1a0 net/bluetooth/mgmt.c:1037
       process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
       worker_thread+0x669/0x1090 kernel/workqueue.c:2436
       kthread+0x2e8/0x3a0 kernel/kthread.c:376
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((work_completion)(&(&hdev->discov_off)->work));
                               lock(&hdev->lock);
                               lock((work_completion)(&(&hdev->discov_off)->work));
  lock(&hdev->lock);

 *** DEADLOCK ***

2 locks held by kworker/u5:3/21476:
 #0: ffff888071654138 ((wq_completion)hci0){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888071654138 ((wq_completion)hci0){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888071654138 ((wq_completion)hci0){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888071654138 ((wq_completion)hci0){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff888071654138 ((wq_completion)hci0){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff888071654138 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710 kernel/workqueue.c:2260
 #1: ffffc90004a7fda8 ((work_completion)(&(&hdev->discov_off)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 kernel/workqueue.c:2264

stack backtrace:
CPU: 1 PID: 21476 Comm: kworker/u5:3 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: hci0 discov_off
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106
 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2177
 check_prev_add kernel/locking/lockdep.c:3097 [inline]
 check_prevs_add kernel/locking/lockdep.c:3216 [inline]
 validate_chain kernel/locking/lockdep.c:3831 [inline]
 __lock_acquire+0x2a43/0x56d0 kernel/locking/lockdep.c:5055
 lock_acquire kernel/locking/lockdep.c:5668 [inline]
 lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
 __mutex_lock_common kernel/locking/mutex.c:603 [inline]
 __mutex_lock+0x12f/0x1360 kernel/locking/mutex.c:747
 discov_off+0x8c/0x1a0 net/bluetooth/mgmt.c:1037
 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
 worker_thread+0x669/0x1090 kernel/workqueue.c:2436
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>

Crashes (21):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2022/11/26 18:39 upstream 644e9524388a 74a66371 .config log report info possible deadlock in discov_off
ci-upstream-kasan-gce-smack-root 2022/11/05 22:02 upstream b208b9fbbcba 6d752409 .config log report info possible deadlock in discov_off
ci-upstream-kasan-gce-selinux-root 2022/10/03 15:23 upstream 4fe89d07dcc2 feb56351 .config log report info possible deadlock in discov_off
ci-upstream-kasan-gce-root 2022/09/29 07:10 upstream c3e0e1e23c70 e2556bc3 .config log report info possible deadlock in discov_off
ci-upstream-net-this-kasan-gce 2022/11/11 07:00 net 4bbf3422df78 3ead01ad .config log report info possible deadlock in discov_off
ci-upstream-net-this-kasan-gce 2022/10/18 02:38 net fa182ea26ff0 754863b4 .config log report info possible deadlock in discov_off
ci-upstream-net-this-kasan-gce 2022/10/16 00:20 net fa182ea26ff0 67cb024c .config log report info possible deadlock in discov_off
ci-upstream-net-this-kasan-gce 2022/10/13 07:01 net fa182ea26ff0 3f6b40a1 .config log report info possible deadlock in discov_off
ci-upstream-net-this-kasan-gce 2022/10/12 20:31 net 3a732b46736c 89b5a509 .config log report info possible deadlock in discov_off
ci-upstream-net-this-kasan-gce 2022/10/10 14:01 net af7d23f9d96a aea5da89 .config log report info possible deadlock in discov_off
ci-upstream-net-this-kasan-gce 2022/10/09 20:12 net 557f050166e5 aea5da89 .config log report info possible deadlock in discov_off
ci-upstream-net-this-kasan-gce 2022/10/06 10:41 net 1d22f78d0573 131b38ac .config log report info possible deadlock in discov_off
ci-upstream-net-this-kasan-gce 2022/10/05 04:44 net 93e2be344a7d eab8f949 .config log report info possible deadlock in discov_off
ci-upstream-net-this-kasan-gce 2022/10/04 11:54 net 93e2be344a7d 77d3f689 .config log report info possible deadlock in discov_off
ci-upstream-net-this-kasan-gce 2022/10/04 09:50 net 93e2be344a7d feb56351 .config log report info possible deadlock in discov_off
ci-upstream-net-this-kasan-gce 2022/10/02 10:59 net ae3ed15da588 feb56351 .config log report info possible deadlock in discov_off
ci-upstream-net-kasan-gce 2022/11/10 14:41 net-next 0c9ef08a4d0f b2488a87 .config log report info possible deadlock in discov_off
ci-upstream-net-kasan-gce 2022/10/16 12:35 net-next 0326074ff465 67cb024c .config log report info possible deadlock in discov_off
ci-upstream-net-kasan-gce 2022/10/11 16:32 net-next 0326074ff465 1353c374 .config log report info possible deadlock in discov_off
ci-upstream-net-kasan-gce 2022/10/11 02:18 net-next 0326074ff465 2b253ced .config log report info possible deadlock in discov_off
ci-upstream-net-kasan-gce 2022/10/07 18:28 net-next 0326074ff465 0de35f24 .config log report info possible deadlock in discov_off
* Struck through repros no longer work on HEAD.