DragonFlyBSD Kernel Audit
← dashboard
DF-0325

Deadlock: callout_stop under pcb_lock while timeout callback requires pcb_lock

Summary

ng_btsocket_l2cap_untimeout(:2765-2775) asserts pcb_lock held, calls callout_stop under it. Timeout callback process_timeout(:2782-2786) acquires pcb_lock as first action. callout_init_mp(:1982) NOT callout_init_lk -> DragonFly callout_stop sync=1 blocks until callback done. Cycle: thread A holds pcb_lock sleeps in callout_stop waiting callback; softclock callback blocked on pcb_lock waiting A. Uninterruptible deadlock. Every untimeout caller under pcb_lock affected: detach(:2355) disconnect(:2411) all process_l2ca_* paths. Local user: AF_BLUETOOTH socket + close racing 300s ERTX timer.