Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
inconsistent lock state in sco_sock_timeout
================================
WARNING: inconsistent lock state
5.13.0-rc7-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz-executor.4/10549 [HC0[0]:SC1[1]:HE1:SE0] takes:
ffff888033ab20a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline]
ffff888033ab20a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at: sco_sock_timeout+0x33/0x1b0 net/bluetooth/sco.c:83
{SOFTIRQ-ON-W} state was registered at:
lock_acquire kernel/locking/lockdep.c:5512 [inline]
lock_acquire+0x1ab/0x740 kernel/locking/lockdep.c:5477
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
spin_lock include/linux/spinlock.h:354 [inline]
sco_conn_ready net/bluetooth/sco.c:1087 [inline]
sco_connect_cfm+0x149/0x930 net/bluetooth/sco.c:1177
hci_connect_cfm include/net/bluetooth/hci_core.h:1484 [inline]
hci_sync_conn_complete_evt.isra.0+0x2b7/0x830 net/bluetooth/hci_event.c:4420
hci_event_packet+0xf41/0x7d60 net/bluetooth/hci_event.c:6271
hci_rx_work+0x511/0xd30 net/bluetooth/hci_core.c:5098
process_one_work+0x98d/0x1600 kernel/workqueue.c:2276
worker_thread+0x64c/0x1120 kernel/workqueue.c:2422
kthread+0x3b1/0x4a0 kernel/kthread.c:313
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
irq event stamp: 188
hardirqs last enabled at (188): [<ffffffff89200c02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647
hardirqs last disabled at (187): [<ffffffff8916d14b>] sysvec_apic_timer_interrupt+0xb/0xc0 arch/x86/kernel/apic/apic.c:1100
softirqs last enabled at (0): [<ffffffff8143a667>] copy_process+0x1d77/0x7120 kernel/fork.c:2062
softirqs last disabled at (167): [<ffffffff8145d326>] invoke_softirq kernel/softirq.c:433 [inline]
softirqs last disabled at (167): [<ffffffff8145d326>] __irq_exit_rcu+0x136/0x200 kernel/softirq.c:637
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(slock-AF_BLUETOOTH-BTPROTO_SCO);
<Interrupt>
lock(slock-AF_BLUETOOTH-BTPROTO_SCO);
*** DEADLOCK ***
1 lock held by syz-executor.4/10549:
#0: ffffc90000dc0d70 ((&sk->sk_timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:35 [inline]
#0: ffffc90000dc0d70 ((&sk->sk_timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 kernel/time/timer.c:1421
stack backtrace:
CPU: 1 PID: 10549 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x141/0x1d7 lib/dump_stack.c:120
print_usage_bug kernel/locking/lockdep.c:203 [inline]
valid_state kernel/locking/lockdep.c:3820 [inline]
mark_lock_irq kernel/locking/lockdep.c:4023 [inline]
mark_lock.cold+0x61/0x8e kernel/locking/lockdep.c:4480
mark_usage kernel/locking/lockdep.c:4375 [inline]
__lock_acquire+0x11aa/0x5230 kernel/locking/lockdep.c:4856
lock_acquire kernel/locking/lockdep.c:5512 [inline]
lock_acquire+0x1ab/0x740 kernel/locking/lockdep.c:5477
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
spin_lock include/linux/spinlock.h:354 [inline]
sco_sock_timeout+0x33/0x1b0 net/bluetooth/sco.c:83
call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1431
expire_timers kernel/time/timer.c:1476 [inline]
__run_timers.part.0+0x67c/0xa50 kernel/time/timer.c:1745
__run_timers kernel/time/timer.c:1726 [inline]
run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1758
__do_softirq+0x29b/0x9f6 kernel/softirq.c:559
invoke_softirq kernel/softirq.c:433 [inline]
__irq_exit_rcu+0x136/0x200 kernel/softirq.c:637
irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100
</IRQ>
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70 kernel/locking/spinlock.c:191
Code: 74 24 10 e8 1a e7 40 f8 48 89 ef e8 b2 5f 41 f8 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 <e8> 23 55 35 f8 65 8b 05 1c 57 e8 76 85 c0 74 0a 5b 5d c3 e8 00 50
RSP: 0018:ffffc9000baf7a38 EFLAGS: 00000206
RAX: 0000000000000006 RBX: 0000000000000200 RCX: 1ffffffff1a92811
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
RBP: ffff8880340d0918 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff817ae8e8 R11: 0000000000000001 R12: 0000000000000202
R13: ffff8880340d0918 R14: ffff8880b9c35640 R15: ffff8880340d0048
try_to_wake_up+0x618/0x14b0 kernel/sched/core.c:3485
wake_up_process kernel/sched/core.c:3552 [inline]
wake_up_q+0x96/0x100 kernel/sched/core.c:597
futex_wake+0x3e9/0x490 kernel/futex.c:1634
do_futex+0x2a1/0x1750 kernel/futex.c:3737
__do_sys_futex kernel/futex.c:3805 [inline]
__se_sys_futex kernel/futex.c:3786 [inline]
__x64_sys_futex+0x1c6/0x4f0 kernel/futex.c:3786
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665d9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3c77a18218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: ffffffffffffffda RBX: 000000000056bf88 RCX: 00000000004665d9
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000056bf8c
RBP: 000000000056bf80 R08: 000000000000000e R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 000000000056bf8c
R13: 00007fff00ae88cf R14: 00007f3c77a18300 R15: 0000000000022000
Tested on:
commit: 7426cedc Merge tag 'spi-fix-v5.13-rc7' of git://git.kernel..
git tree: upstream
console output:
https://syzkaller.appspot.com/x/log.txt?x=106158b4300000
kernel config:
https://syzkaller.appspot.com/x/.config?x=3932cedd2c2d4a69
dashboard link:
https://syzkaller.appspot.com/bug?extid=66264bf2fd0476be7e6c
compiler:
patch:
https://syzkaller.appspot.com/x/patch.diff?x=1440e064300000