bisecting fixing commit since 030194a5b292bb7613407668d85af0b987bb9839 building syzkaller on cc1cff8f1e1a585894796d6eae8c51eef98037e6 testing commit 030194a5b292bb7613407668d85af0b987bb9839 with gcc (GCC) 8.4.1 20210217 kernel signature: 416ffa1fa60df52452430705d6dc95e80bb3634513ac2a964f86de705b8b9093 all runs: crashed: possible deadlock in blocking_notifier_call_chain testing current HEAD 1722257b8ececec9b3b83a8b14058f8209d78071 testing commit 1722257b8ececec9b3b83a8b14058f8209d78071 with gcc (GCC) 8.4.1 20210217 kernel signature: 3a5175562763ff758770e532cdde2d08f5f9627c70493093db2fa90562d7ff20 all runs: crashed: possible deadlock in blocking_notifier_call_chain revisions tested: 2, total time: 32m35.271046846s (build: 24m49.970763878s, test: 7m4.690423446s) the crash still happens on HEAD commit msg: Linux 4.19.193 crash: possible deadlock in blocking_notifier_call_chain Bluetooth: hci4: command 0x0419 tx timeout Bluetooth: hci3: command 0x0419 tx timeout Bluetooth: hci2: command 0x0419 tx timeout Bluetooth: hci5: command 0x0419 tx timeout ============================================ WARNING: possible recursive locking detected 4.19.193-syzkaller #0 Not tainted -------------------------------------------- syz-executor.2/10034 is trying to acquire lock: 0000000090aad350 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline] 0000000090aad350 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:304 [inline] 0000000090aad350 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain kernel/notifier.c:328 [inline] 0000000090aad350 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain+0x53/0xa0 kernel/notifier.c:325 but task is already holding lock: 0000000090aad350 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline] 0000000090aad350 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:304 [inline] 0000000090aad350 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain kernel/notifier.c:328 [inline] 0000000090aad350 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain+0x53/0xa0 kernel/notifier.c:325 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock((fb_notifier_list).rwsem); lock((fb_notifier_list).rwsem); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by syz-executor.2/10034: #0: 0000000020e9270a (console_lock){+.+.}, at: do_fb_ioctl+0x512/0x860 drivers/video/fbdev/core/fbmem.c:1200 #1: 00000000abf555db (&fb_info->lock){+.+.}, at: lock_fb_info+0x18/0x60 drivers/video/fbdev/core/fbmem.c:81 #2: 0000000090aad350 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline] #2: 0000000090aad350 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:304 [inline] #2: 0000000090aad350 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain kernel/notifier.c:328 [inline] #2: 0000000090aad350 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain+0x53/0xa0 kernel/notifier.c:325 stack backtrace: CPU: 0 PID: 10034 Comm: syz-executor.2 Not tainted 4.19.193-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x17c/0x226 lib/dump_stack.c:118 print_deadlock_bug kernel/locking/lockdep.c:1764 [inline] check_deadlock kernel/locking/lockdep.c:1808 [inline] validate_chain kernel/locking/lockdep.c:2404 [inline] __lock_acquire.cold.40+0x344/0x744 kernel/locking/lockdep.c:3416 lock_acquire+0x180/0x3a0 kernel/locking/lockdep.c:3908 down_read+0x3b/0xb0 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x53/0xa0 kernel/notifier.c:325 fb_notifier_call_chain+0x16/0x20 drivers/video/fbdev/core/fb_notify.c:45 fb_set_var+0xb0c/0xfb0 drivers/video/fbdev/core/fbmem.c:1042 fbcon_switch+0x3c4/0x16a0 drivers/video/fbdev/core/fbcon.c:2088 redraw_screen+0x319/0x830 drivers/tty/vt/vt.c:1015 fbcon_blank+0xa30/0xfe0 drivers/video/fbdev/core/fbcon.c:2226 do_unblank_screen+0x1ea/0x520 drivers/tty/vt/vt.c:4277 fbcon_fb_blanked drivers/video/fbdev/core/fbcon.c:2973 [inline] fbcon_event_notify+0x15b1/0x1c70 drivers/video/fbdev/core/fbcon.c:3091 notifier_call_chain+0x8a/0x160 kernel/notifier.c:93 __blocking_notifier_call_chain kernel/notifier.c:317 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6b/0xa0 kernel/notifier.c:325 fb_notifier_call_chain+0x16/0x20 drivers/video/fbdev/core/fb_notify.c:45 fb_blank+0x171/0x1c0 drivers/video/fbdev/core/fbmem.c:1070 do_fb_ioctl+0x557/0x860 drivers/video/fbdev/core/fbmem.c:1206 fb_ioctl+0xc8/0x140 drivers/video/fbdev/core/fbmem.c:1230 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0x196/0x10c0 fs/ioctl.c:688 ksys_ioctl+0x62/0x90 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:710 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465f69 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb655e53188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 RDX: 0000000000000000 RSI: 0000000000004611 RDI: 0000000000000006 RBP: 00000000004bfa8f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007fff9fc35acf R14: 00007fb655e53300 R15: 0000000000022000