From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
This fixes the following deadlock:
--------------------------------------------
syz.4.423/7568 is trying to acquire lock:
ffff888068c48078 (&hdev->lock){+.+.}-{4:4}, at: mgmt_remove_adv_monitor_complete+0x9e/0x2e0 net/bluetooth/mgmt.c:5524
but task is already holding lock:
ffff888068c48078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ab/0x11a0 net/bluetooth/hci_sync.c:5200
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&hdev->lock);
lock(&hdev->lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
3 locks held by syz.4.423/7568:
#0: ffff888068c48d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 net/bluetooth/hci_core.c:480
#1: ffff888068c48078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ab/0x11a0 net/bluetooth/hci_sync.c:5200
#2: ffff888068c48690 (&hdev->cmd_sync_work_lock){+.+.}-{4:4}, at: hci_cmd_sync_dequeue+0x50/0x1f0 net/bluetooth/hci_sync.c:887
Fixes: Fixes: b747a83690c8 ("Bluetooth: hci_sync: Refactor add Adv Monitor")
Closes: https://syzkaller.appspot.com/bug?extid=e8651419c44dbc2b8768
Reported-by: syzbot+e8651419c44dbc2b8768@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
---
net/bluetooth/mgmt.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 989321b1ea27..9c1ee6ae7c66 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -5189,6 +5189,14 @@ static void mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev,
struct mgmt_pending_cmd *cmd = data;
struct adv_monitor *monitor = cmd->user_data;
+ /* This is likely the result of hdev being closed and mgmt_index_removed
+ * is attempting to clean up any pending command so
+ * hci_adv_monitors_clear is about to be called which will take care of
+ * freeing the adv_monitor instances.
+ */
+ if (status == -ECANCELED)
+ return;
+
hci_dev_lock(hdev);
rp.monitor_handle = cpu_to_le16(monitor->handle);
--
2.50.1
