Re: [syzbot] WARNING: locking bug in hfa384x_usbctlx_completion_task

Davidlohr Bueso <dave@xxxxxxxxxxxx> · Mon, 27 Jun 2022 10:08:38 -0700

It's nice to see this sort of stuff actually tested :)

On Sun, 26 Jun 2022, syzbot wrote:

------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(1)
WARNING: CPU: 1 PID: 21 at kernel/locking/lockdep.c:231 hlock_class kernel/locking/lockdep.c:231 [inline]
WARNING: CPU: 1 PID: 21 at kernel/locking/lockdep.c:231 hlock_class kernel/locking/lockdep.c:220 [inline]
WARNING: CPU: 1 PID: 21 at kernel/locking/lockdep.c:231 check_wait_context kernel/locking/lockdep.c:4727 [inline]
WARNING: CPU: 1 PID: 21 at kernel/locking/lockdep.c:231 __lock_acquire+0x1356/0x5660 kernel/locking/lockdep.c:5003
Modules linked in:
CPU: 1 PID: 21 Comm: kworker/1:0 Not tainted 5.19.0-rc3-syzkaller-00071-g105f3fd2f789 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events hfa384x_usbctlx_completion_task

Sorry about that, the below should fix it. Thanks.

---8<-------------------------------
From: Davidlohr Bueso <dave@xxxxxxxxxxxx>
Subject: [PATCH] staging/wlan-ng: get the correct struct hfa384x in work callback

hfa384x_usbctlx_completion_task() is bogusly using the reaper BH when
in fact this is the completion_bh. This was reflected when trying
to acquire the hw->ctlxq.lock and getting a failed lockdep class
initialized to it.

Reported-by: syzbot+ce3408364c4a234dd90c@xxxxxxxxxxxxxxxxxxxxxxxxx
Fixes: 9442e81d7e7 (staging/wlan-ng, prism2usb: replace completion_bh tasklet with work)
Signed-off-by: Davidlohr Bueso <dave@xxxxxxxxxxxx>
---
 drivers/staging/wlan-ng/hfa384x_usb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/wlan-ng/hfa384x_usb.c b/drivers/staging/wlan-ng/hfa384x_usb.c
index 33844526c797..02fdef7a16c8 100644
--- a/drivers/staging/wlan-ng/hfa384x_usb.c
+++ b/drivers/staging/wlan-ng/hfa384x_usb.c
@@ -2632,7 +2632,7 @@ static void hfa384x_usbctlx_reaper_task(struct work_struct *work)
  */
 static void hfa384x_usbctlx_completion_task(struct work_struct *work)
 {
-	struct hfa384x *hw = container_of(work, struct hfa384x, reaper_bh);
+	struct hfa384x *hw = container_of(work, struct hfa384x, completion_bh);
	struct hfa384x_usbctlx *ctlx, *temp;
	unsigned long flags;

--
2.36.1







