================================ WARNING: inconsistent lock state 4.14.225-syzkaller #0 Not tainted -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. syz-executor.4/16898 [HC0[0]:SC0[0]:HE1:SE1] takes: (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}, at: [] spin_lock include/linux/spinlock.h:317 [inline] (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}, at: [] sco_conn_del+0xbf/0x290 net/bluetooth/sco.c:175 {IN-SOFTIRQ-W} state was registered at: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:152 spin_lock include/linux/spinlock.h:317 [inline] sco_sock_timeout+0x29/0x1c0 net/bluetooth/sco.c:82 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 lock_acquire+0xc/0x3f0 kernel/locking/lockdep.c:3987 rcu_lock_acquire include/linux/rcupdate.h:242 [inline] rcu_read_lock include/linux/rcupdate.h:629 [inline] is_bpf_text_address+0x35/0x150 kernel/bpf/core.c:456 kernel_text_address kernel/extable.c:150 [inline] kernel_text_address+0xbd/0xf0 kernel/extable.c:120 __kernel_text_address+0x9/0x30 kernel/extable.c:105 unwind_get_return_address arch/x86/kernel/unwind_orc.c:252 [inline] unwind_get_return_address+0x51/0x90 arch/x86/kernel/unwind_orc.c:247 __save_stack_trace+0xa0/0x160 arch/x86/kernel/stacktrace.c:45 save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc mm/slab.c:3390 [inline] kmem_cache_alloc+0x111/0x3c0 mm/slab.c:3550 proc_alloc_inode+0x18/0x1a0 fs/proc/inode.c:62 alloc_inode+0x5d/0x170 fs/inode.c:210 new_inode_pseudo fs/inode.c:899 [inline] new_inode+0x1d/0xf0 fs/inode.c:928 proc_pid_make_inode+0x22/0x230 fs/proc/base.c:1762 proc_pident_instantiate+0x78/0x280 fs/proc/base.c:2448 proc_pident_lookup+0x181/0x200 fs/proc/base.c:2497 lookup_open+0x5c4/0x1750 fs/namei.c:3220 do_last fs/namei.c:3334 [inline] path_openat+0x14bb/0x2970 fs/namei.c:3569 do_filp_open+0x179/0x3c0 fs/namei.c:3603 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb irq event stamp: 23141 hardirqs last enabled at (23141): [] kfree+0x14a/0x250 mm/slab.c:3816 hardirqs last disabled at (23140): [] kfree+0x6f/0x250 mm/slab.c:3809 softirqs last enabled at (22736): [] spin_unlock_bh include/linux/spinlock.h:362 [inline] softirqs last enabled at (22736): [] peernet2id+0x60/0x70 net/core/net_namespace.c:245 softirqs last disabled at (22734): [] spin_lock_bh include/linux/spinlock.h:322 [inline] softirqs last disabled at (22734): [] peernet2id+0x20/0x70 net/core/net_namespace.c:243 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(slock-AF_BLUETOOTH-BTPROTO_SCO); lock(slock-AF_BLUETOOTH-BTPROTO_SCO); *** DEADLOCK *** 4 locks held by syz-executor.4/16898: #0: (rfkill_global_mutex){+.+.}, at: [] rfkill_fop_write+0xbf/0x3c0 net/rfkill/core.c:1225 #1: (&hdev->req_lock){+.+.}, at: [] hci_dev_do_close+0x109/0xca0 net/bluetooth/hci_core.c:1578 #2: (&hdev->lock){+.+.}, at: [] hci_dev_do_close+0x21c/0xca0 net/bluetooth/hci_core.c:1609 #3: (hci_cb_list_lock){+.+.}, at: [] hci_disconn_cfm include/net/bluetooth/hci_core.h:1223 [inline] #3: (hci_cb_list_lock){+.+.}, at: [] hci_conn_hash_flush+0xda/0x260 net/bluetooth/hci_conn.c:1393 stack backtrace: CPU: 0 PID: 16898 Comm: syz-executor.4 Not tainted 4.14.225-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_usage_bug.cold+0x42e/0x570 kernel/locking/lockdep.c:2589 valid_state kernel/locking/lockdep.c:2602 [inline] mark_lock_irq kernel/locking/lockdep.c:2796 [inline] mark_lock+0xb4d/0x1050 kernel/locking/lockdep.c:3194 mark_irqflags kernel/locking/lockdep.c:3090 [inline] __lock_acquire+0xd5c/0x3f20 kernel/locking/lockdep.c:3448 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:152 spin_lock include/linux/spinlock.h:317 [inline] sco_conn_del+0xbf/0x290 net/bluetooth/sco.c:175 sco_disconn_cfm+0x65/0xa0 net/bluetooth/sco.c:1134 hci_disconn_cfm include/net/bluetooth/hci_core.h:1226 [inline] hci_conn_hash_flush+0x127/0x260 net/bluetooth/hci_conn.c:1393 hci_dev_do_close+0x535/0xca0 net/bluetooth/hci_core.c:1622 hci_rfkill_set_block+0xaf/0x120 net/bluetooth/hci_core.c:2052 rfkill_set_block+0x1b2/0x4a0 net/rfkill/core.c:337 rfkill_fop_write+0x1b6/0x3c0 net/rfkill/core.c:1233 __vfs_write+0xe4/0x630 fs/read_write.c:480 vfs_write+0x17f/0x4d0 fs/read_write.c:544 SYSC_write fs/read_write.c:590 [inline] SyS_write+0xf2/0x210 fs/read_write.c:582 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x465f69 RSP: 002b:00007fa793e6b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 RDX: 00000000fffffeed RSI: 0000000020000080 RDI: 0000000000000004 RBP: 00000000004bfa8f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffc2dd1f88f R14: 00007fa793e6b300 R15: 0000000000022000 bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state device bridge0 entered promiscuous mode netlink: 14 bytes leftover after parsing attributes in process `syz-executor.3'. bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state device bridge0 left promiscuous mode netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. IPv6: NLM_F_REPLACE set, but no existing node found! bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state device bridge0 entered promiscuous mode netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. IPv6: NLM_F_REPLACE set, but no existing node found! EXT4-fs error (device sda1): swap_inode_boot_loader:114: inode #5: comm syz-executor.2: iget: checksum invalid netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! VFS: unable to find oldfs superblock on device loop4 IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! 9pnet: p9_fd_create_tcp (17151): problem connecting socket to 127.0.0.1 IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! 9pnet: p9_fd_create_tcp (17259): problem connecting socket to 127.0.0.1 new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! 9pnet: p9_fd_create_tcp (17292): problem connecting socket to 127.0.0.1 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! 9pnet: p9_fd_create_tcp (17338): problem connecting socket to 127.0.0.1 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored nla_parse: 35 callbacks suppressed netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored EXT4-fs (loop5): VFS: Can't find ext4 filesystem new mount options do not match the existing superblock, will be ignored netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored tmpfs: Bad value '3kt-7' for mount option 'size' new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored nla_parse: 54 callbacks suppressed netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. new mount options do not match the existing superblock, will be ignored IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored audit: type=1804 audit(1615581899.673:177): pid=18099 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir627708576/syzkaller.tbvxYB/225/bus" dev="sda1" ino=16503 res=1 new mount options do not match the existing superblock, will be ignored netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. new mount options do not match the existing superblock, will be ignored audit: type=1800 audit(1615581899.713:178): pid=18099 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="sda1" ino=16503 res=0 IPv6: NLM_F_REPLACE set, but no existing node found! new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored