Warning: Permanently added '10.128.1.124' (ED25519) to the list of known hosts. executing program [ 53.078009][ T3565] [ 53.080364][ T3565] ====================================================== [ 53.087462][ T3565] WARNING: possible circular locking dependency detected [ 53.094600][ T3565] 5.15.165-syzkaller #0 Not tainted [ 53.099817][ T3565] ------------------------------------------------------ [ 53.106885][ T3565] syz-executor276/3565 is trying to acquire lock: [ 53.113293][ T3565] ffff88807ad60b98 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 53.123764][ T3565] [ 53.123764][ T3565] but task is already holding lock: [ 53.131128][ T3565] ffff88807ad60ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 53.140448][ T3565] [ 53.140448][ T3565] which lock already depends on the new lock. [ 53.140448][ T3565] [ 53.151028][ T3565] [ 53.151028][ T3565] the existing dependency chain (in reverse order) is: [ 53.160044][ T3565] [ 53.160044][ T3565] -> #3 (&hdev->req_lock){+.+.}-{3:3}: [ 53.167698][ T3565] lock_acquire+0x1db/0x4f0 [ 53.172731][ T3565] __mutex_lock_common+0x1da/0x25a0 [ 53.178662][ T3565] mutex_lock_nested+0x17/0x20 [ 53.183955][ T3565] hci_dev_do_close+0x63/0x1070 [ 53.189422][ T3565] hci_rfkill_set_block+0x114/0x1a0 [ 53.195155][ T3565] rfkill_set_block+0x1e7/0x430 [ 53.200539][ T3565] rfkill_fop_write+0x5b7/0x790 [ 53.205920][ T3565] do_iter_write+0x39c/0x760 [ 53.211037][ T3565] do_writev+0x281/0x470 [ 53.215807][ T3565] do_syscall_64+0x3b/0xb0 [ 53.220748][ T3565] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.227165][ T3565] [ 53.227165][ T3565] -> #2 (rfkill_global_mutex){+.+.}-{3:3}: [ 53.235159][ T3565] lock_acquire+0x1db/0x4f0 [ 53.240406][ T3565] __mutex_lock_common+0x1da/0x25a0 [ 53.246222][ T3565] mutex_lock_nested+0x17/0x20 [ 53.251521][ T3565] rfkill_register+0x30/0x880 [ 53.256732][ T3565] hci_register_dev+0x4dd/0xa50 [ 53.262229][ T3565] vhci_create_device+0x310/0x590 [ 53.267783][ T3565] vhci_write+0x382/0x430 [ 53.272650][ T3565] vfs_write+0xacd/0xe50 [ 53.277420][ T3565] ksys_write+0x1a2/0x2c0 [ 53.282271][ T3565] do_syscall_64+0x3b/0xb0 [ 53.287297][ T3565] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.293802][ T3565] [ 53.293802][ T3565] -> #1 (&data->open_mutex){+.+.}-{3:3}: [ 53.301623][ T3565] lock_acquire+0x1db/0x4f0 [ 53.306823][ T3565] __mutex_lock_common+0x1da/0x25a0 [ 53.312567][ T3565] mutex_lock_nested+0x17/0x20 [ 53.318374][ T3565] vhci_send_frame+0x8a/0xf0 [ 53.323577][ T3565] hci_send_frame+0x1af/0x2f0 [ 53.328781][ T3565] hci_tx_work+0xb0b/0x19d0 [ 53.333822][ T3565] process_one_work+0x8a1/0x10c0 [ 53.339385][ T3565] worker_thread+0xaca/0x1280 [ 53.344677][ T3565] kthread+0x3f6/0x4f0 [ 53.349274][ T3565] ret_from_fork+0x1f/0x30 [ 53.354221][ T3565] [ 53.354221][ T3565] -> #0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 53.363516][ T3565] validate_chain+0x1649/0x5930 [ 53.368914][ T3565] __lock_acquire+0x1295/0x1ff0 [ 53.374300][ T3565] lock_acquire+0x1db/0x4f0 [ 53.379332][ T3565] __flush_work+0xeb/0x1a0 [ 53.384273][ T3565] hci_dev_do_close+0x20a/0x1070 [ 53.389740][ T3565] hci_rfkill_set_block+0x114/0x1a0 [ 53.395489][ T3565] rfkill_set_block+0x1e7/0x430 [ 53.400867][ T3565] rfkill_fop_write+0x5b7/0x790 [ 53.406243][ T3565] do_iter_write+0x39c/0x760 [ 53.411443][ T3565] do_writev+0x281/0x470 [ 53.416211][ T3565] do_syscall_64+0x3b/0xb0 [ 53.421238][ T3565] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.427672][ T3565] [ 53.427672][ T3565] other info that might help us debug this: [ 53.427672][ T3565] [ 53.438067][ T3565] Chain exists of: [ 53.438067][ T3565] (work_completion)(&hdev->tx_work) --> rfkill_global_mutex --> &hdev->req_lock [ 53.438067][ T3565] [ 53.453191][ T3565] Possible unsafe locking scenario: [ 53.453191][ T3565] [ 53.460734][ T3565] CPU0 CPU1 [ 53.466100][ T3565] ---- ---- [ 53.471573][ T3565] lock(&hdev->req_lock); [ 53.476007][ T3565] lock(rfkill_global_mutex); [ 53.483293][ T3565] lock(&hdev->req_lock); [ 53.490235][ T3565] lock((work_completion)(&hdev->tx_work)); [ 53.496221][ T3565] [ 53.496221][ T3565] *** DEADLOCK *** [ 53.496221][ T3565] [ 53.504362][ T3565] 2 locks held by syz-executor276/3565: [ 53.509922][ T3565] #0: ffffffff8dcbd1a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 53.520025][ T3565] #1: ffff88807ad60ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 53.529784][ T3565] [ 53.529784][ T3565] stack backtrace: [ 53.535866][ T3565] CPU: 0 PID: 3565 Comm: syz-executor276 Not tainted 5.15.165-syzkaller #0 [ 53.544542][ T3565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 53.554788][ T3565] Call Trace: [ 53.558080][ T3565] [ 53.561015][ T3565] dump_stack_lvl+0x1e3/0x2d0 [ 53.566014][ T3565] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 53.572091][ T3565] ? print_circular_bug+0x12b/0x1a0 [ 53.577298][ T3565] check_noncircular+0x2f8/0x3b0 [ 53.582251][ T3565] ? add_chain_block+0x850/0x850 [ 53.587195][ T3565] ? lockdep_lock+0x11f/0x2a0 [ 53.591878][ T3565] ? stack_trace_save+0x113/0x1c0 [ 53.596999][ T3565] validate_chain+0x1649/0x5930 [ 53.601865][ T3565] ? reacquire_held_locks+0x660/0x660 [ 53.607327][ T3565] ? validate_chain+0x13bd/0x5930 [ 53.612368][ T3565] ? look_up_lock_class+0x77/0x120 [ 53.617495][ T3565] ? register_lock_class+0x100/0x9a0 [ 53.622785][ T3565] ? reacquire_held_locks+0x660/0x660 [ 53.628610][ T3565] ? is_dynamic_key+0x1f0/0x1f0 [ 53.633507][ T3565] ? mark_lock+0x98/0x340 [ 53.637864][ T3565] __lock_acquire+0x1295/0x1ff0 [ 53.642725][ T3565] lock_acquire+0x1db/0x4f0 [ 53.647234][ T3565] ? __flush_work+0xcf/0x1a0 [ 53.651835][ T3565] ? mark_lock+0x98/0x340 [ 53.656258][ T3565] ? read_lock_is_recursive+0x10/0x10 [ 53.661805][ T3565] ? __lock_acquire+0x1295/0x1ff0 [ 53.666937][ T3565] __flush_work+0xeb/0x1a0 [ 53.671357][ T3565] ? __flush_work+0xcf/0x1a0 [ 53.675954][ T3565] ? flush_work+0x20/0x20 [ 53.680302][ T3565] hci_dev_do_close+0x20a/0x1070 [ 53.685424][ T3565] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 53.691328][ T3565] ? kmem_cache_alloc_trace+0x143/0x290 [ 53.697237][ T3565] hci_rfkill_set_block+0x114/0x1a0 [ 53.702462][ T3565] ? rcu_lock_release+0x20/0x20 [ 53.707325][ T3565] rfkill_set_block+0x1e7/0x430 [ 53.712192][ T3565] rfkill_fop_write+0x5b7/0x790 [ 53.717142][ T3565] ? rfkill_fop_read+0x470/0x470 [ 53.722178][ T3565] do_iter_write+0x39c/0x760 [ 53.726876][ T3565] do_writev+0x281/0x470 [ 53.731128][ T3565] ? do_readv+0x460/0x460 [ 53.735467][ T3565] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 53.741459][ T3565] ? vtime_user_exit+0x2d1/0x400 [ 53.746404][ T3565] ? syscall_enter_from_user_mode+0x2e/0x240 [ 53.752393][ T3565] ? lockdep_hardirqs_on+0x94/0x130 [ 53.757694][ T3565] ? syscall_enter_from_user_mode+0x2e/0x240 [ 53.763687][ T3565] do_syscall_64+0x3b/0xb0 [ 53.768196][ T3565] ? clear_bhb_loop+0x15/0x70 [ 53.772880][ T3565] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.778791][ T3565] RIP: 0033:0x7f403132b759 [ 53.783308][ T3565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 53.802997][ T3565] RSP: 002b:00007ffe1cf2c7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 53.811392][ T3565] RAX: ffffffffffffffda RBX: 00007f403138311b RCX: 00007f403132b759 [ 53.819356][ T3565] RDX: 0000000000000007 RSI: 0000000020000440 RDI: 0000000000000003 [ 53.827302][ T3565] RBP: 00007f40313830f9 R08: