possible deadlock in __get_super
6 views
Skip to first unread message
syzbot
Nov 8, 2020, 9:16:19 AM11/8/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 6b6446ef Linux 4.14.204
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=162dbdc6500000
kernel config: https://syzkaller.appspot.com/x/.config?x=3b2e3745f25cbc4e
dashboard link: https://syzkaller.appspot.com/bug?extid=8902955ecece0cc3a981
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11ef7114500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=166c4e2a500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+890295...@syzkaller.appspotmail.com
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop2): using 3.5.x disk format
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
======================================================
WARNING: possible circular locking dependency detected
4.14.204-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor923/8221 is trying to acquire lock:
(&type->s_umount_key#46){++++}, at: [<ffffffff8189a5d1>] __get_super.part.0+0x271/0x390 fs/super.c:678
but task is already holding lock:
(&bdev->bd_mutex){+.+.}, at: [<ffffffff8313710b>] blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
which lock already depends on the new lock.
REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
the existing dependency chain (in reverse order) is:
-> #1 (&bdev->bd_mutex){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
blkdev_put+0x27/0x4c0 fs/block_dev.c:1826
REISERFS (device loop3): using ordered data mode
release_journal_dev fs/reiserfs/journal.c:2598 [inline]
free_journal_ram+0x41a/0x5c0 fs/reiserfs/journal.c:1903
do_journal_release fs/reiserfs/journal.c:1969 [inline]
journal_release+0x1cf/0x450 fs/reiserfs/journal.c:1980
reiserfs_put_super+0xbb/0x560 fs/reiserfs/super.c:616
generic_shutdown_super+0x144/0x370 fs/super.c:446
reiserfs: using flush barriers
kill_block_super+0x95/0xe0 fs/super.c:1161
deactivate_locked_super+0x6c/0xd0 fs/super.c:319
deactivate_super+0x7f/0xa0 fs/super.c:350
cleanup_mnt+0x186/0x2c0 fs/namespace.c:1183
task_work_run+0x11f/0x190 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164
REISERFS (device loop3): journal params: device loop3, size 8192, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
entry_SYSCALL_64_after_hwframe+0x46/0xbb
-> #0 (&type->s_umount_key#46
REISERFS (device loop3): checking transaction log (loop3)
){++++}:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
down_read+0x36/0x80 kernel/locking/rwsem.c:24
__get_super.part.0+0x271/0x390 fs/super.c:678
__get_super include/linux/spinlock.h:317 [inline]
get_super+0x2b/0x50 fs/super.c:707
fsync_bdev+0x14/0xc0 fs/block_dev.c:495
invalidate_partition+0x74/0xb0 block/genhd.c:1506
drop_partitions.isra.0+0x83/0x150 block/partition-generic.c:442
rescan_partitions+0xa9/0x800 block/partition-generic.c:515
__blkdev_reread_part+0x140/0x1d0 block/ioctl.c:173
blkdev_reread_part+0x23/0x40 block/ioctl.c:193
loop_reread_partitions drivers/block/loop.c:624 [inline]
loop_set_status+0xeeb/0x12b0 drivers/block/loop.c:1193
loop_set_status_old+0x18a/0x200 drivers/block/loop.c:1301
lo_ioctl+0x5ae/0x1cd0 drivers/block/loop.c:1431
__blkdev_driver_ioctl block/ioctl.c:297 [inline]
blkdev_ioctl+0x540/0x1830 block/ioctl.c:594
block_ioctl+0xd9/0x120 fs/block_dev.c:1893
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&bdev->bd_mutex);
lock(&type->s_umount_key#46);
lock(&bdev->bd_mutex);
lock(&type->s_umount_key#46);
*** DEADLOCK ***
2 locks held by syz-executor923/8221:
#0: (&lo->lo_ctl_mutex/1){+.+.}, at: [<ffffffff83981777>] lo_ioctl+0x87/0x1cd0 drivers/block/loop.c:1414
#1: (&bdev->bd_mutex){+.+.}, at: [<ffffffff8313710b>] blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
stack backtrace:
CPU: 0 PID: 8221 Comm: syz-executor923 Not tainted 4.14.204-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
REISERFS warning (device loop4): reiserfs_fill_super: Cannot allocate commit workqueue
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1905 [inline]
check_prevs_add kernel/locking/lockdep.c:2022 [inline]
validate_chain kernel/locking/lockdep.c:2464 [inline]
__lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
down_read+0x36/0x80 kernel/locking/rwsem.c:24
__get_super.part.0+0x271/0x390 fs/super.c:678
__get_super include/linux/spinlock.h:317 [inline]
get_super+0x2b/0x50 fs/super.c:707
fsync_bdev+0x14/0xc0 fs/block_dev.c:495
invalidate_partition+0x74/0xb0 block/genhd.c:1506
drop_partitions.isra.0+0x83/0x150 block/partition-generic.c:442
rescan_partitions+0xa9/0x800 block/partition-generic.c:515
__blkdev_reread_part+0x140/0x1d0 block/ioctl.c:173
blkdev_reread_part+0x23/0x40 block/ioctl.c:193
loop_reread_partitions drivers/block/loop.c:624 [inline]
loop_set_status+0xeeb/0x12b0 drivers/block/loop.c:1193
loop_set_status_old+0x18a/0x200 drivers/block/loop.c:1301
lo_ioctl+0x5ae/0x1cd0 drivers/block/loop.c:1431
__blkdev_driver_ioctl block/ioctl.c:297 [inline]
blkdev_ioctl+0x540/0x1830 block/ioctl.c:594
block_ioctl+0xd9/0x120 fs/block_dev.c:1893
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x44c5b9
RSP: 002b:00007f44b5cefce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000006dec28 RCX: 000000000044c5b9
RDX: 0000000020000280 RSI: 0000000000004c02 RDI: 0000000000000003
RBP: 00000000006dec20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dec2c
R13: 00007ffca83cd6df R14: 00007f44b5cf09c0 R15: 0000000000000000
REISERFS warning: reiserfs-5090 is_tree_node: node level 17491 does not match to the expected one 1
REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 8211. Fsck?
REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop5): using ordered data mode
REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
reiserfs: using flush barriers
REISERFS (device loop0): Remounting filesystem read-only
REISERFS (device loop5): journal params: device loop5, size 8192, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop1): using ordered data mode
REISERFS error (device loop0): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD]
reiserfs: using flush barriers
REISERFS (device loop1): journal params: device loop1, size 8192, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop0): Using r5 hash to sort names
REISERFS (device loop5): checking transaction log (loop5)
REISERFS (device loop0): using 3.5.x disk format
REISERFS (device loop1): checking transaction log (loop1)
REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop2): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop2): journal params: device loop2, size 8192, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): checking transaction log (loop2)
REISERFS (device loop3): Using r5 hash to sort names
REISERFS (device loop3): using 3.5.x disk format
REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
Bluetooth: hci5 command 0x040f tx timeout
Bluetooth: hci3 command 0x040f tx timeout
Bluetooth: hci2 command 0x040f tx timeout
Bluetooth: hci4 command 0x040f tx timeout
Bluetooth: hci1 command 0x040f tx timeout
Bluetooth: hci0 command 0x040f tx timeout
REISERFS (device loop5): Using r5 hash to sort names
REISERFS (device loop5): using 3.5.x disk format
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop1): Using r5 hash to sort names
REISERFS (device loop1): using 3.5.x disk format
REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop2): using 3.5.x disk format
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
Bluetooth: hci3 command 0x0419 tx timeout
Bluetooth: hci5 command 0x0419 tx timeout
Bluetooth: hci2 command 0x0419 tx timeout
Bluetooth: hci1 command 0x0419 tx timeout
Bluetooth: hci4 command 0x0419 tx timeout
Bluetooth: hci0 command 0x0419 tx timeout
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 6b6446ef Linux 4.14.204
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=162dbdc6500000
kernel config: https://syzkaller.appspot.com/x/.config?x=3b2e3745f25cbc4e
dashboard link: https://syzkaller.appspot.com/bug?extid=8902955ecece0cc3a981
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11ef7114500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=166c4e2a500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+890295...@syzkaller.appspotmail.com
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop2): using 3.5.x disk format
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
======================================================
WARNING: possible circular locking dependency detected
4.14.204-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor923/8221 is trying to acquire lock:
(&type->s_umount_key#46){++++}, at: [<ffffffff8189a5d1>] __get_super.part.0+0x271/0x390 fs/super.c:678
but task is already holding lock:
(&bdev->bd_mutex){+.+.}, at: [<ffffffff8313710b>] blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
which lock already depends on the new lock.
REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
the existing dependency chain (in reverse order) is:
-> #1 (&bdev->bd_mutex){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
blkdev_put+0x27/0x4c0 fs/block_dev.c:1826
REISERFS (device loop3): using ordered data mode
release_journal_dev fs/reiserfs/journal.c:2598 [inline]
free_journal_ram+0x41a/0x5c0 fs/reiserfs/journal.c:1903
do_journal_release fs/reiserfs/journal.c:1969 [inline]
journal_release+0x1cf/0x450 fs/reiserfs/journal.c:1980
reiserfs_put_super+0xbb/0x560 fs/reiserfs/super.c:616
generic_shutdown_super+0x144/0x370 fs/super.c:446
reiserfs: using flush barriers
kill_block_super+0x95/0xe0 fs/super.c:1161
deactivate_locked_super+0x6c/0xd0 fs/super.c:319
deactivate_super+0x7f/0xa0 fs/super.c:350
cleanup_mnt+0x186/0x2c0 fs/namespace.c:1183
task_work_run+0x11f/0x190 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164
REISERFS (device loop3): journal params: device loop3, size 8192, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
entry_SYSCALL_64_after_hwframe+0x46/0xbb
-> #0 (&type->s_umount_key#46
REISERFS (device loop3): checking transaction log (loop3)
){++++}:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
down_read+0x36/0x80 kernel/locking/rwsem.c:24
__get_super.part.0+0x271/0x390 fs/super.c:678
__get_super include/linux/spinlock.h:317 [inline]
get_super+0x2b/0x50 fs/super.c:707
fsync_bdev+0x14/0xc0 fs/block_dev.c:495
invalidate_partition+0x74/0xb0 block/genhd.c:1506
drop_partitions.isra.0+0x83/0x150 block/partition-generic.c:442
rescan_partitions+0xa9/0x800 block/partition-generic.c:515
__blkdev_reread_part+0x140/0x1d0 block/ioctl.c:173
blkdev_reread_part+0x23/0x40 block/ioctl.c:193
loop_reread_partitions drivers/block/loop.c:624 [inline]
loop_set_status+0xeeb/0x12b0 drivers/block/loop.c:1193
loop_set_status_old+0x18a/0x200 drivers/block/loop.c:1301
lo_ioctl+0x5ae/0x1cd0 drivers/block/loop.c:1431
__blkdev_driver_ioctl block/ioctl.c:297 [inline]
blkdev_ioctl+0x540/0x1830 block/ioctl.c:594
block_ioctl+0xd9/0x120 fs/block_dev.c:1893
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&bdev->bd_mutex);
lock(&type->s_umount_key#46);
lock(&bdev->bd_mutex);
lock(&type->s_umount_key#46);
*** DEADLOCK ***
2 locks held by syz-executor923/8221:
#0: (&lo->lo_ctl_mutex/1){+.+.}, at: [<ffffffff83981777>] lo_ioctl+0x87/0x1cd0 drivers/block/loop.c:1414
#1: (&bdev->bd_mutex){+.+.}, at: [<ffffffff8313710b>] blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
stack backtrace:
CPU: 0 PID: 8221 Comm: syz-executor923 Not tainted 4.14.204-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
REISERFS warning (device loop4): reiserfs_fill_super: Cannot allocate commit workqueue
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1905 [inline]
check_prevs_add kernel/locking/lockdep.c:2022 [inline]
validate_chain kernel/locking/lockdep.c:2464 [inline]
__lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
down_read+0x36/0x80 kernel/locking/rwsem.c:24
__get_super.part.0+0x271/0x390 fs/super.c:678
__get_super include/linux/spinlock.h:317 [inline]
get_super+0x2b/0x50 fs/super.c:707
fsync_bdev+0x14/0xc0 fs/block_dev.c:495
invalidate_partition+0x74/0xb0 block/genhd.c:1506
drop_partitions.isra.0+0x83/0x150 block/partition-generic.c:442
rescan_partitions+0xa9/0x800 block/partition-generic.c:515
__blkdev_reread_part+0x140/0x1d0 block/ioctl.c:173
blkdev_reread_part+0x23/0x40 block/ioctl.c:193
loop_reread_partitions drivers/block/loop.c:624 [inline]
loop_set_status+0xeeb/0x12b0 drivers/block/loop.c:1193
loop_set_status_old+0x18a/0x200 drivers/block/loop.c:1301
lo_ioctl+0x5ae/0x1cd0 drivers/block/loop.c:1431
__blkdev_driver_ioctl block/ioctl.c:297 [inline]
blkdev_ioctl+0x540/0x1830 block/ioctl.c:594
block_ioctl+0xd9/0x120 fs/block_dev.c:1893
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x44c5b9
RSP: 002b:00007f44b5cefce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000006dec28 RCX: 000000000044c5b9
RDX: 0000000020000280 RSI: 0000000000004c02 RDI: 0000000000000003
RBP: 00000000006dec20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dec2c
R13: 00007ffca83cd6df R14: 00007f44b5cf09c0 R15: 0000000000000000
REISERFS warning: reiserfs-5090 is_tree_node: node level 17491 does not match to the expected one 1
REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 8211. Fsck?
REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop5): using ordered data mode
REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
reiserfs: using flush barriers
REISERFS (device loop0): Remounting filesystem read-only
REISERFS (device loop5): journal params: device loop5, size 8192, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop1): using ordered data mode
REISERFS error (device loop0): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD]
reiserfs: using flush barriers
REISERFS (device loop1): journal params: device loop1, size 8192, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop0): Using r5 hash to sort names
REISERFS (device loop5): checking transaction log (loop5)
REISERFS (device loop0): using 3.5.x disk format
REISERFS (device loop1): checking transaction log (loop1)
REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop2): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop2): journal params: device loop2, size 8192, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): checking transaction log (loop2)
REISERFS (device loop3): Using r5 hash to sort names
REISERFS (device loop3): using 3.5.x disk format
REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
Bluetooth: hci5 command 0x040f tx timeout
Bluetooth: hci3 command 0x040f tx timeout
Bluetooth: hci2 command 0x040f tx timeout
Bluetooth: hci4 command 0x040f tx timeout
Bluetooth: hci1 command 0x040f tx timeout
Bluetooth: hci0 command 0x040f tx timeout
REISERFS (device loop5): Using r5 hash to sort names
REISERFS (device loop5): using 3.5.x disk format
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop1): Using r5 hash to sort names
REISERFS (device loop1): using 3.5.x disk format
REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop2): using 3.5.x disk format
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
Bluetooth: hci3 command 0x0419 tx timeout
Bluetooth: hci5 command 0x0419 tx timeout
Bluetooth: hci2 command 0x0419 tx timeout
Bluetooth: hci1 command 0x0419 tx timeout
Bluetooth: hci4 command 0x0419 tx timeout
Bluetooth: hci0 command 0x0419 tx timeout
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages