Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts. [ 65.470059][ T3549] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.478013][ T3549] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.485803][ T3549] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.494211][ T3549] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.501868][ T3549] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.509394][ T3549] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 65.571050][ T3545] [ 65.573437][ T3545] ====================================================== [ 65.580640][ T3545] WARNING: possible circular locking dependency detected [ 65.587653][ T3545] 6.1.60-syzkaller #0 Not tainted [ 65.592670][ T3545] ------------------------------------------------------ [ 65.599679][ T3545] syz-executor332/3545 is trying to acquire lock: [ 65.606082][ T3545] ffff88801e3e0dc0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: __flush_work+0xe5/0xad0 [ 65.616644][ T3545] [ 65.616644][ T3545] but task is already holding lock: [ 65.624243][ T3545] ffff88801e3e10b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_rfkill_set_block+0x129/0x200 [ 65.633930][ T3545] [ 65.633930][ T3545] which lock already depends on the new lock. [ 65.633930][ T3545] [ 65.644330][ T3545] [ 65.644330][ T3545] the existing dependency chain (in reverse order) is: [ 65.653343][ T3545] [ 65.653343][ T3545] -> #3 (&hdev->req_lock){+.+.}-{3:3}: [ 65.661009][ T3545] lock_acquire+0x1f8/0x5a0 [ 65.666038][ T3545] __mutex_lock+0x132/0xd80 [ 65.671067][ T3545] hci_rfkill_set_block+0x129/0x200 [ 65.676790][ T3545] rfkill_set_block+0x1e7/0x430 [ 65.682157][ T3545] rfkill_fop_write+0x5b7/0x790 [ 65.687579][ T3545] do_iter_write+0x503/0xc50 [ 65.692714][ T3545] do_writev+0x27b/0x460 [ 65.697478][ T3545] do_syscall_64+0x3d/0xb0 [ 65.702594][ T3545] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.709012][ T3545] [ 65.709012][ T3545] -> #2 (rfkill_global_mutex){+.+.}-{3:3}: [ 65.717005][ T3545] lock_acquire+0x1f8/0x5a0 [ 65.722280][ T3545] __mutex_lock+0x132/0xd80 [ 65.727328][ T3545] rfkill_register+0x30/0x880 [ 65.732625][ T3545] hci_register_dev+0x4df/0xa40 [ 65.738019][ T3545] vhci_create_device+0x3ba/0x6f0 [ 65.743581][ T3545] vhci_write+0x38b/0x440 [ 65.748439][ T3545] vfs_write+0x7ae/0xba0 [ 65.753212][ T3545] ksys_write+0x19c/0x2c0 [ 65.758119][ T3545] do_syscall_64+0x3d/0xb0 [ 65.763061][ T3545] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.769476][ T3545] [ 65.769476][ T3545] -> #1 (&data->open_mutex){+.+.}-{3:3}: [ 65.777471][ T3545] lock_acquire+0x1f8/0x5a0 [ 65.782499][ T3545] __mutex_lock+0x132/0xd80 [ 65.787524][ T3545] vhci_send_frame+0x8a/0xf0 [ 65.792631][ T3545] hci_send_frame+0x1ef/0x370 [ 65.797920][ T3545] hci_tx_work+0xec8/0x1ec0 [ 65.802948][ T3545] process_one_work+0x8a9/0x11d0 [ 65.808414][ T3545] worker_thread+0xa47/0x1200 [ 65.813628][ T3545] kthread+0x28d/0x320 [ 65.818278][ T3545] ret_from_fork+0x1f/0x30 [ 65.823224][ T3545] [ 65.823224][ T3545] -> #0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 65.832616][ T3545] validate_chain+0x1667/0x58e0 [ 65.838433][ T3545] __lock_acquire+0x125b/0x1f80 [ 65.843895][ T3545] lock_acquire+0x1f8/0x5a0 [ 65.848947][ T3545] __flush_work+0xfe/0xad0 [ 65.854015][ T3545] hci_dev_close_sync+0x233/0xfc0 [ 65.859564][ T3545] hci_rfkill_set_block+0x131/0x200 [ 65.865330][ T3545] rfkill_set_block+0x1e7/0x430 [ 65.871017][ T3545] rfkill_fop_write+0x5b7/0x790 [ 65.876453][ T3545] do_iter_write+0x503/0xc50 [ 65.881573][ T3545] do_writev+0x27b/0x460 [ 65.886429][ T3545] do_syscall_64+0x3d/0xb0 [ 65.891480][ T3545] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.897897][ T3545] [ 65.897897][ T3545] other info that might help us debug this: [ 65.897897][ T3545] [ 65.908122][ T3545] Chain exists of: [ 65.908122][ T3545] (work_completion)(&hdev->tx_work) --> rfkill_global_mutex --> &hdev->req_lock [ 65.908122][ T3545] [ 65.923095][ T3545] Possible unsafe locking scenario: [ 65.923095][ T3545] [ 65.930581][ T3545] CPU0 CPU1 [ 65.935950][ T3545] ---- ---- [ 65.941402][ T3545] lock(&hdev->req_lock); [ 65.945823][ T3545] lock(rfkill_global_mutex); [ 65.953237][ T3545] lock(&hdev->req_lock); [ 65.960171][ T3545] lock((work_completion)(&hdev->tx_work)); [ 65.966149][ T3545] [ 65.966149][ T3545] *** DEADLOCK *** [ 65.966149][ T3545] [ 65.974290][ T3545] 2 locks held by syz-executor332/3545: [ 65.980002][ T3545] #0: ffffffff8e543da8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 65.990101][ T3545] #1: ffff88801e3e10b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_rfkill_set_block+0x129/0x200 [ 66.000206][ T3545] [ 66.000206][ T3545] stack backtrace: [ 66.006089][ T3545] CPU: 1 PID: 3545 Comm: syz-executor332 Not tainted 6.1.60-syzkaller #0 [ 66.014499][ T3545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 66.024554][ T3545] Call Trace: [ 66.027835][ T3545] [ 66.030770][ T3545] dump_stack_lvl+0x1e3/0x2cb [ 66.035545][ T3545] ? nf_tcp_handle_invalid+0x642/0x642 [ 66.041012][ T3545] ? print_circular_bug+0x12b/0x1a0 [ 66.046245][ T3545] check_noncircular+0x2fa/0x3b0 [ 66.051224][ T3545] ? add_chain_block+0x850/0x850 [ 66.056259][ T3545] ? lockdep_lock+0x11f/0x2a0 [ 66.060949][ T3545] ? arch_stack_walk+0xf3/0x140 [ 66.065802][ T3545] ? _find_first_zero_bit+0xd0/0x100 [ 66.071191][ T3545] validate_chain+0x1667/0x58e0 [ 66.076060][ T3545] ? lockdep_unlock+0x165/0x300 [ 66.081024][ T3545] ? reacquire_held_locks+0x660/0x660 [ 66.086462][ T3545] ? add_lock_to_list+0x1de/0x2e0 [ 66.091524][ T3545] ? validate_chain+0x13d1/0x58e0 [ 66.096594][ T3545] ? look_up_lock_class+0x77/0x140 [ 66.101736][ T3545] ? register_lock_class+0x100/0x990 [ 66.107155][ T3545] ? is_dynamic_key+0x260/0x260 [ 66.112119][ T3545] ? mark_lock+0x9a/0x340 [ 66.116555][ T3545] __lock_acquire+0x125b/0x1f80 [ 66.121419][ T3545] lock_acquire+0x1f8/0x5a0 [ 66.125952][ T3545] ? __flush_work+0xe5/0xad0 [ 66.130633][ T3545] ? read_lock_is_recursive+0x10/0x10 [ 66.136017][ T3545] ? mark_lock+0x9a/0x340 [ 66.140359][ T3545] ? __lock_acquire+0x125b/0x1f80 [ 66.145423][ T3545] ? __flush_work+0xe5/0xad0 [ 66.150012][ T3545] __flush_work+0xfe/0xad0 [ 66.154434][ T3545] ? __flush_work+0xe5/0xad0 [ 66.159028][ T3545] ? flush_work+0x20/0x20 [ 66.163404][ T3545] ? led_trigger_event+0x24/0x1d0 [ 66.168505][ T3545] hci_dev_close_sync+0x233/0xfc0 [ 66.173625][ T3545] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 66.179629][ T3545] hci_rfkill_set_block+0x131/0x200 [ 66.185009][ T3545] ? hci_req_cmd_complete+0x910/0x910 [ 66.190408][ T3545] rfkill_set_block+0x1e7/0x430 [ 66.195266][ T3545] rfkill_fop_write+0x5b7/0x790 [ 66.200209][ T3545] ? __might_fault+0xa1/0x110 [ 66.204998][ T3545] ? rfkill_fop_read+0x470/0x470 [ 66.209960][ T3545] ? fsnotify_perm+0x67/0x590 [ 66.214648][ T3545] ? bpf_lsm_file_permission+0x5/0x10 [ 66.220026][ T3545] do_iter_write+0x503/0xc50 [ 66.224713][ T3545] ? vfs_iter_write+0xa0/0xa0 [ 66.229397][ T3545] do_writev+0x27b/0x460 [ 66.233643][ T3545] ? do_readv+0x460/0x460 [ 66.237977][ T3545] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 66.243963][ T3545] ? print_irqtrace_events+0x210/0x210 [ 66.249442][ T3545] ? syscall_enter_from_user_mode+0x2e/0x220 [ 66.255460][ T3545] ? lockdep_hardirqs_on+0x94/0x130 [ 66.260750][ T3545] ? syscall_enter_from_user_mode+0x2e/0x220 [ 66.266741][ T3545] do_syscall_64+0x3d/0xb0 [ 66.271163][ T3545] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.277060][ T3545] RIP: 0033:0x7f89a745d4b9 [ 66.281484][ T3545] Code: 48 83 c4 28 c3 e8 e7 18 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 66.301271][ T3545] RSP: 002b:00007fff43975748 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 66.309738][ T3545] RAX: ffffffffffffffda RBX: 00007f89a74b4043 RCX: 00007f89a745d4b9 [ 66.317717][ T3545] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 00000