From: syzbot <syzbot+91dbdfecdd3287734d8e@syzkaller.appspotmail.com>
To: arnd@arndb.de, eli.billauer@gmail.com,
gregkh@linuxfoundation.org, hdanton@sina.com,
johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
luiz.dentz@gmail.com, marcel@holtmann.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [bluetooth?] possible deadlock in touch_wq_lockdep_map
Date: Thu, 25 Jul 2024 20:20:25 -0700 [thread overview]
Message-ID: <0000000000000ab25a061e1dfe9f@google.com> (raw)
In-Reply-To: <0000000000004a975c0613c7f382@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: 933069701c1b Merge tag '6.11-rc-smb3-server-fixes' of git:..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=10fba1f1980000
kernel config: https://syzkaller.appspot.com/x/.config?x=f828342678294017
dashboard link: https://syzkaller.appspot.com/bug?extid=91dbdfecdd3287734d8e
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14f45af1980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14e8b645980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/22dd51445d03/disk-93306970.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f85f111961d5/vmlinux-93306970.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7971b4814e87/bzImage-93306970.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+91dbdfecdd3287734d8e@syzkaller.appspotmail.com
============================================
WARNING: possible recursive locking detected
6.10.0-syzkaller-g933069701c1b #0 Not tainted
--------------------------------------------
kworker/1:1H/1247 is trying to acquire lock:
ffff888121075948 ((wq_completion)xillyusb){+.+.}-{0:0}, at: touch_wq_lockdep_map+0x6e/0x120 kernel/workqueue.c:3876
but task is already holding lock:
ffff888121075948 ((wq_completion)xillyusb){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 kernel/workqueue.c:3206
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock((wq_completion)xillyusb);
lock((wq_completion)xillyusb);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by kworker/1:1H/1247:
#0: ffff888121075948 ((wq_completion)xillyusb){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 kernel/workqueue.c:3206
#1: ffffc900023afd80 ((work_completion)(&xdev->wakeup_workitem)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 kernel/workqueue.c:3207
stack backtrace:
CPU: 1 UID: 0 PID: 1247 Comm: kworker/1:1H Not tainted 6.10.0-syzkaller-g933069701c1b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Workqueue: xillyusb wakeup_all
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:93 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119
check_deadlock kernel/locking/lockdep.c:3061 [inline]
validate_chain kernel/locking/lockdep.c:3855 [inline]
__lock_acquire+0x2167/0x3cb0 kernel/locking/lockdep.c:5142
lock_acquire kernel/locking/lockdep.c:5759 [inline]
lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5724
touch_wq_lockdep_map+0x78/0x120 kernel/workqueue.c:3876
__flush_workqueue+0x129/0x1200 kernel/workqueue.c:3918
drain_workqueue+0x18f/0x3d0 kernel/workqueue.c:4082
destroy_workqueue+0xc2/0xaa0 kernel/workqueue.c:5781
cleanup_dev+0xc5/0x150 drivers/char/xillybus/xillyusb.c:558
kref_put include/linux/kref.h:65 [inline]
wakeup_all+0x28c/0x300 drivers/char/xillybus/xillyusb.c:612
process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
process_scheduled_works kernel/workqueue.c:3312 [inline]
worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
next parent reply other threads:[~2024-07-26 3:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <0000000000004a975c0613c7f382@google.com>
2024-07-26 3:20 ` syzbot [this message]
2024-07-26 9:00 ` [syzbot] [bluetooth?] possible deadlock in touch_wq_lockdep_map Eli Billauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000000ab25a061e1dfe9f@google.com \
--to=syzbot+91dbdfecdd3287734d8e@syzkaller.appspotmail.com \
--cc=arnd@arndb.de \
--cc=eli.billauer@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hdanton@sina.com \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
--cc=marcel@holtmann.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).