Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp2921229ioo; Sun, 29 May 2022 07:24:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwVshjbWDAYyT5kWJ42P3WDQrZmFAoGgoZbDjp7WLVybSlzSALejpeadOvZQooEPriXape9 X-Received: by 2002:a17:902:b941:b0:14d:af72:3f23 with SMTP id h1-20020a170902b94100b0014daf723f23mr53331903pls.6.1653834240848; Sun, 29 May 2022 07:24:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653834240; cv=none; d=google.com; s=arc-20160816; b=B9a0jIqPvM6ayFpH58QV6/VHaucYjCedtFqS+w118y8xt9nsCl72VxsFsqMM/nRJD2 QtaKxk6qOkHLzx7xzUdBUYYzQiDabEdh7CrTm3DTkay4Is7nwzotdHmxqw51h1JyAm8c WEkSGVu2IUPe7XU5r2Z98bz2vFDXXwzhcKkcyIy0Gqcl6WeNWqElfeZPghFu87GJpwGu oh3qk6qKvCRRrmLh+BtoheOYYXn8ScfXj8r3qeRj1qPs8jY3PkLFG/ee18OKFVGvhCPQ u4a1mIl4JSjUVueatRdsm1ejsQA7SuX3/KTlBGvCXSdaoY4PR8XhnT/HrnKpsV0XF9Ep obyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:mime-version :dkim-signature; bh=qPnJWXlchheONIM69Dn09IN35UzsBae6ZWx+bklufmA=; b=vVb2XYyxmg7bR36TNscVQfXHAngOjmnI8UXV0vrw+6Us3D6WpsgBpqmNsXXI+oQXq3 +gfgJINLr4zvKoI/elxdibUq17FNQQOn+xt0FxNUBuareTnN1zSgieMiRzB07t24zdMD T2fRawhONwgod4uw/mdwx6CzewLwfEjykHtJBykQya92tO0qZRoeWp5DoN5vGv9A3Cph pOzvPZ9EVdsLFh3raZd1CdFBByy3se17Gf7PLnj3/pNMG3q88L52zCX41Vmedq+0RBib zK7/DSoQV1RfhfSTRH1AGa87sbxYxOBRnwpU727KhQduGKcz3J536/67AkuiZSKDp8El +FWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@foxdogstudios-com.20210112.gappssmtp.com header.s=20210112 header.b=BIYe1s4M; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h3-20020a056a00230300b005189558de07si7600586pfh.291.2022.05.29.07.23.19; Sun, 29 May 2022 07:24:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@foxdogstudios-com.20210112.gappssmtp.com header.s=20210112 header.b=BIYe1s4M; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230103AbiE2Lmu (ORCPT + 99 others); Sun, 29 May 2022 07:42:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38860 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229952AbiE2Lmt (ORCPT ); Sun, 29 May 2022 07:42:49 -0400 Received: from mail-vs1-xe34.google.com (mail-vs1-xe34.google.com [IPv6:2607:f8b0:4864:20::e34]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CAB6B33368 for ; Sun, 29 May 2022 04:42:44 -0700 (PDT) Received: by mail-vs1-xe34.google.com with SMTP id 67so8337238vsh.2 for ; Sun, 29 May 2022 04:42:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxdogstudios-com.20210112.gappssmtp.com; s=20210112; h=mime-version:from:date:message-id:subject:to:cc; bh=qPnJWXlchheONIM69Dn09IN35UzsBae6ZWx+bklufmA=; b=BIYe1s4M4w0VlCW1mFz9MOZ2cFK0dbIEsZUF7BJkv0QL87hJ4eqeOs2iqzbnGy55tT JMTfghQiPoj/JGeAW3MUIpWdyWApNWMBy63yylqn2S8cEWosr4y3mZE4vUtzjcgRB81x TCtnP+lu66VUBTsXfXeIH9Yta9va3E9qkbU/8DxroPdkyxuHTLoCryp2GLATkAxGcN5i 3qs/liyP45NHyb6YTqoiR/umkMsEs3PJgGBjI3MWLP8qj0NZi2fi+tejTvi2jFRaCwzg z1bKG0+xbEV2cA13PhZ43mrIGMdfzJC5TMpTYsV5jc6X3IReq6rXN/QKIZy7WeOTS75A tcaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=qPnJWXlchheONIM69Dn09IN35UzsBae6ZWx+bklufmA=; b=izfZ8mIMEgXYMpTFjWzdvYyCCBuaWFUW0OCJ02M/A6QkO9iIwulJcNVWC2tyN5PIs5 bLuK9omeX5lmNSI1PvF8Qa2UgEu16wstKBkLf7zEprG5joqOMURuCgDVCIpMoEqJzZ/D PsqsDLUEKbh9WuMlLKBKrmmEXIP91wZqHSWZXRSf8k9UO31zVfEVWEWuimcmsBnpA+S5 GrkJumwOKhnz6krS7kbpnUsllDYYpb0RHauTeQcqqdBLT6+4gSGuQ+6EIEjA3Ub9pdvA XF1x7F7yvdU4vw+xqsEdHuFdpKnYABKZxiFVUdsYGUOWdX3MOX6gflDt3t/UAJz9qybg QVvA== X-Gm-Message-State: AOAM530YFRn6QOWD4hBFrf442OQyxmYx3BT0rpXcd4FGKl7uEbQEfCZD 355s5kR/Lzr+M/T0XRwP+hGxo5NZilyJVFNYpe4/WABZvdJlEQ== X-Received: by 2002:a67:d91e:0:b0:337:935e:517a with SMTP id t30-20020a67d91e000000b00337935e517amr16894341vsj.19.1653824563958; Sun, 29 May 2022 04:42:43 -0700 (PDT) MIME-Version: 1.0 From: Peter Sutton Date: Sun, 29 May 2022 12:42:33 +0100 Message-ID: Subject: [Bug] [Deadlock] Kernel thread deadlock in rfcomm socket release when connect interrupted To: linux-bluetooth@vger.kernel.org Cc: Marcel Holtmann , Johan Hedberg , Luiz Augusto von Dentz , Matthew Leach , Lloyd Henning Content-Type: multipart/mixed; boundary="000000000000a8034b05e02509e7" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org --000000000000a8034b05e02509e7 Content-Type: text/plain; charset="UTF-8" Hi, Compile the attached C program (gcc -lbluetooth bug.c) and execute: $ ./a.out Interrupt (^C/SIGINT) during the connect. The process should hang and the Bluetooth socket will now be in deadlock. Kernel thread stack: [May29 12:23] INFO: task krfcommd:902 blocked for more than 122 seconds. [ +0.000009] Tainted: P OE 5.18.0-arch1-1 #1 [ +0.000004] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ +0.000002] task:krfcommd state:D stack: 0 pid: 902 ppid: 2 flags:0x00004000 [ +0.000010] Call Trace: [ +0.000003] [ +0.000007] __schedule+0x37c/0x11f0 [ +0.000013] ? __schedule+0x384/0x11f0 [ +0.000012] ? l2cap_chan_create+0x138/0x180 [bluetooth da0a812fd33c72f9c94149bd973bd9835fc8aa63] [ +0.000104] schedule+0x4f/0xb0 [ +0.000008] schedule_preempt_disabled+0x15/0x20 [ +0.000009] __mutex_lock.constprop.0+0x2d0/0x480 [ +0.000012] rfcomm_run+0x152/0x1900 [rfcomm 70c711e71e4c70ddabda45ec756f02d9606ec257] [ +0.000018] ? ttwu_do_wakeup+0x17/0x160 [ +0.000011] ? _raw_spin_rq_lock_irqsave+0x20/0x20 [ +0.000010] ? rfcomm_check_accept+0xa0/0xa0 [rfcomm 70c711e71e4c70ddabda45ec756f02d9606ec257] [ +0.000015] kthread+0xde/0x110 [ +0.000011] ? kthread_complete_and_exit+0x20/0x20 [ +0.000010] ret_from_fork+0x22/0x30 [ +0.000012] Task stack: [ +0.000003] INFO: task a.out:1035 blocked for more than 122 seconds. [ +0.000004] Tainted: P OE 5.18.0-arch1-1 #1 [ +0.000003] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ +0.000001] task:a.out state:D stack: 0 pid: 1035 ppid: 817 flags:0x00004006 [ +0.000008] Call Trace: [ +0.000002] [ +0.000003] __schedule+0x37c/0x11f0 [ +0.000009] ? __mod_memcg_state+0x2f/0x70 [ +0.000008] schedule+0x4f/0xb0 [ +0.000007] __lock_sock+0x7d/0xc0 [ +0.000010] ? cpuacct_percpu_seq_show+0x20/0x20 [ +0.000009] lock_sock_nested+0x48/0x50 [ +0.000009] rfcomm_sk_state_change+0x2b/0x120 [rfcomm 70c711e71e4c70ddabda45ec756f02d9606ec257] [ +0.000018] __rfcomm_dlc_close+0x99/0x210 [rfcomm 70c711e71e4c70ddabda45ec756f02d9606ec257] [ +0.000015] rfcomm_dlc_close+0x6e/0xb0 [rfcomm 70c711e71e4c70ddabda45ec756f02d9606ec257] [ +0.000015] __rfcomm_sock_close+0x2e/0xe0 [rfcomm 70c711e71e4c70ddabda45ec756f02d9606ec257] [ +0.000017] rfcomm_sock_shutdown+0x65/0xa0 [rfcomm 70c711e71e4c70ddabda45ec756f02d9606ec257] [ +0.000016] rfcomm_sock_release+0x32/0xb0 [rfcomm 70c711e71e4c70ddabda45ec756f02d9606ec257] [ +0.000016] __sock_release+0x3d/0xa0 [ +0.000010] sock_close+0x15/0x20 [ +0.000009] __fput+0x89/0x240 [ +0.000011] task_work_run+0x60/0x90 [ +0.000007] do_exit+0x337/0xac0 [ +0.000010] ? del_timer_sync+0x73/0xb0 [ +0.000006] do_group_exit+0x31/0xa0 [ +0.000009] get_signal+0x986/0x990 [ +0.000007] ? bt_sock_wait_state+0x124/0x1a0 [bluetooth da0a812fd33c72f9c94149bd973bd9835fc8aa63] [ +0.000060] ? wake_up_q+0x90/0x90 [ +0.000010] arch_do_signal_or_restart+0x48/0x760 [ +0.000012] exit_to_user_mode_prepare+0xd3/0x140 [ +0.000008] syscall_exit_to_user_mode+0x26/0x50 [ +0.000006] do_syscall_64+0x6b/0x90 [ +0.000009] ? exc_page_fault+0x74/0x170 [ +0.000009] entry_SYSCALL_64_after_hwframe+0x44/0xae [ +0.000007] RIP: 0033:0x7f4ab4f13557 [ +0.000006] RSP: 002b:00007fff5b37cc38 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ +0.000007] RAX: fffffffffffffffc RBX: 00007fff5b37cd78 RCX: 00007f4ab4f13557 [ +0.000004] RDX: 000000000000000a RSI: 00007fff5b37cc4e RDI: 0000000000000003 [ +0.000004] RBP: 00007fff5b37cc60 R08: 0fffffffffffffff R09: 0000000000000000 [ +0.000003] R10: 00007f4ab4e075e0 R11: 0000000000000246 R12: 0000000000000000 [ +0.000003] R13: 00007fff5b37cd88 R14: 0000562da1cefde0 R15: 00007f4ab5214000 [ +0.000007] Process stack: [<0>] __lock_sock+0x7d/0xc0 [<0>] lock_sock_nested+0x48/0x50 [<0>] rfcomm_sk_state_change+0x2b/0x120 [rfcomm] [<0>] __rfcomm_dlc_close+0x99/0x210 [rfcomm] [<0>] rfcomm_dlc_close+0x6e/0xb0 [rfcomm] [<0>] __rfcomm_sock_close+0x2e/0xe0 [rfcomm] [<0>] rfcomm_sock_shutdown+0x65/0xa0 [rfcomm] [<0>] rfcomm_sock_release+0x32/0xb0 [rfcomm] [<0>] __sock_release+0x3d/0xa0 [<0>] sock_close+0x15/0x20 [<0>] __fput+0x89/0x240 [<0>] task_work_run+0x60/0x90 [<0>] do_exit+0x337/0xac0 [<0>] do_group_exit+0x31/0xa0 [<0>] get_signal+0x986/0x990 [<0>] arch_do_signal_or_restart+0x48/0x760 [<0>] exit_to_user_mode_prepare+0xd3/0x140 [<0>] syscall_exit_to_user_mode+0x26/0x50 [<0>] do_syscall_64+0x6b/0x90 [<0>] entry_SYSCALL_64_after_hwframe+0x44/0xae Replicated by Matt (CC'ed running 5.15.39) on different hardware and Lloyd (CC'ed) on same hardware with same stack trace. Tested on up-to-date Arch Linux (5.18.0). Let me know if you need anything else. Cheers -- Pete. --000000000000a8034b05e02509e7 Content-Type: text/x-csrc; charset="US-ASCII"; name="bug.c" Content-Disposition: attachment; filename="bug.c" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_l3r857pq0 I2luY2x1ZGUgPHVuaXN0ZC5oPgojaW5jbHVkZSA8c3lzL3NvY2tldC5oPgojaW5jbHVkZSA8Ymx1 ZXRvb3RoL2JsdWV0b290aC5oPgojaW5jbHVkZSA8Ymx1ZXRvb3RoL3JmY29tbS5oPgoKaW50IG1h aW4oKSB7CiAgaW50IHNvY2sgPSBzb2NrZXQoQUZfQkxVRVRPT1RILCBTT0NLX1NUUkVBTSwgQlRQ Uk9UT19SRkNPTU0pOwogIGlmIChzb2NrID09IC0xKSByZXR1cm4gMTsKICBzdHJ1Y3Qgc29ja2Fk ZHJfcmMgYWRkcjsKICBhZGRyLnJjX2ZhbWlseSA9IEFGX0JMVUVUT09USDsKICBhZGRyLnJjX2No YW5uZWwgPSAxOwogIHN0cjJiYSgiMDE6MjM6NDU6Njc6ODk6QUIiLCAmYWRkci5yY19iZGFkZHIp OwogIGNvbm5lY3Qoc29jaywgKHN0cnVjdCBzb2NrYWRkciAqKSAmYWRkciwgc2l6ZW9mKGFkZHIp KTsKICBjbG9zZShzb2NrKTsKfQo= --000000000000a8034b05e02509e7--