Warning: Permanently added '10.128.0.196' (ED25519) to the list of known hosts. executing program [ 43.814643][ T3564] [ 43.816990][ T3564] ====================================================== [ 43.824014][ T3564] WARNING: possible circular locking dependency detected [ 43.831057][ T3564] 5.15.165-syzkaller #0 Not tainted [ 43.836321][ T3564] ------------------------------------------------------ [ 43.843325][ T3564] syz-executor351/3564 is trying to acquire lock: [ 43.849981][ T3564] ffff888075454b98 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 43.860605][ T3564] [ 43.860605][ T3564] but task is already holding lock: [ 43.867947][ T3564] ffff888075454ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 43.877223][ T3564] [ 43.877223][ T3564] which lock already depends on the new lock. [ 43.877223][ T3564] [ 43.887774][ T3564] [ 43.887774][ T3564] the existing dependency chain (in reverse order) is: [ 43.897196][ T3564] [ 43.897196][ T3564] -> #3 (&hdev->req_lock){+.+.}-{3:3}: [ 43.905069][ T3564] lock_acquire+0x1db/0x4f0 [ 43.910071][ T3564] __mutex_lock_common+0x1da/0x25a0 [ 43.915768][ T3564] mutex_lock_nested+0x17/0x20 [ 43.921029][ T3564] hci_dev_do_close+0x63/0x1070 [ 43.926463][ T3564] hci_rfkill_set_block+0x114/0x1a0 [ 43.932189][ T3564] rfkill_set_block+0x1e7/0x430 [ 43.937533][ T3564] rfkill_fop_write+0x5b7/0x790 [ 43.942879][ T3564] vfs_write+0x30c/0xe50 [ 43.947704][ T3564] ksys_write+0x1a2/0x2c0 [ 43.952545][ T3564] do_syscall_64+0x3b/0xb0 [ 43.957465][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 43.963850][ T3564] [ 43.963850][ T3564] -> #2 (rfkill_global_mutex){+.+.}-{3:3}: [ 43.971826][ T3564] lock_acquire+0x1db/0x4f0 [ 43.976825][ T3564] __mutex_lock_common+0x1da/0x25a0 [ 43.982517][ T3564] mutex_lock_nested+0x17/0x20 [ 43.987772][ T3564] rfkill_register+0x30/0x880 [ 43.993028][ T3564] hci_register_dev+0x4dd/0xa50 [ 43.998379][ T3564] vhci_create_device+0x310/0x590 [ 44.003896][ T3564] vhci_write+0x382/0x430 [ 44.008718][ T3564] vfs_write+0xacd/0xe50 [ 44.013451][ T3564] ksys_write+0x1a2/0x2c0 [ 44.018274][ T3564] do_syscall_64+0x3b/0xb0 [ 44.023180][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 44.029566][ T3564] [ 44.029566][ T3564] -> #1 (&data->open_mutex){+.+.}-{3:3}: [ 44.037364][ T3564] lock_acquire+0x1db/0x4f0 [ 44.042448][ T3564] __mutex_lock_common+0x1da/0x25a0 [ 44.048139][ T3564] mutex_lock_nested+0x17/0x20 [ 44.053395][ T3564] vhci_send_frame+0x8a/0xf0 [ 44.058479][ T3564] hci_send_frame+0x1af/0x2f0 [ 44.063647][ T3564] hci_tx_work+0xb0b/0x19d0 [ 44.068645][ T3564] process_one_work+0x8a1/0x10c0 [ 44.074074][ T3564] worker_thread+0xaca/0x1280 [ 44.079241][ T3564] kthread+0x3f6/0x4f0 [ 44.083975][ T3564] ret_from_fork+0x1f/0x30 [ 44.088885][ T3564] [ 44.088885][ T3564] -> #0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 44.098055][ T3564] validate_chain+0x1649/0x5930 [ 44.103397][ T3564] __lock_acquire+0x1295/0x1ff0 [ 44.108739][ T3564] lock_acquire+0x1db/0x4f0 [ 44.113738][ T3564] __flush_work+0xeb/0x1a0 [ 44.118652][ T3564] hci_dev_do_close+0x20a/0x1070 [ 44.124089][ T3564] hci_rfkill_set_block+0x114/0x1a0 [ 44.129781][ T3564] rfkill_set_block+0x1e7/0x430 [ 44.135207][ T3564] rfkill_fop_write+0x5b7/0x790 [ 44.140546][ T3564] vfs_write+0x30c/0xe50 [ 44.145283][ T3564] ksys_write+0x1a2/0x2c0 [ 44.150105][ T3564] do_syscall_64+0x3b/0xb0 [ 44.155101][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 44.161488][ T3564] [ 44.161488][ T3564] other info that might help us debug this: [ 44.161488][ T3564] [ 44.171704][ T3564] Chain exists of: [ 44.171704][ T3564] (work_completion)(&hdev->tx_work) --> rfkill_global_mutex --> &hdev->req_lock [ 44.171704][ T3564] [ 44.186622][ T3564] Possible unsafe locking scenario: [ 44.186622][ T3564] [ 44.194043][ T3564] CPU0 CPU1 [ 44.199378][ T3564] ---- ---- [ 44.204711][ T3564] lock(&hdev->req_lock); [ 44.209100][ T3564] lock(rfkill_global_mutex); [ 44.216356][ T3564] lock(&hdev->req_lock); [ 44.223270][ T3564] lock((work_completion)(&hdev->tx_work)); [ 44.229227][ T3564] [ 44.229227][ T3564] *** DEADLOCK *** [ 44.229227][ T3564] [ 44.237349][ T3564] 2 locks held by syz-executor351/3564: [ 44.242869][ T3564] #0: ffffffff8dcbd1a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 44.252928][ T3564] #1: ffff888075454ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 44.262636][ T3564] [ 44.262636][ T3564] stack backtrace: [ 44.268505][ T3564] CPU: 0 PID: 3564 Comm: syz-executor351 Not tainted 5.15.165-syzkaller #0 [ 44.277060][ T3564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 44.287104][ T3564] Call Trace: [ 44.290375][ T3564] [ 44.293290][ T3564] dump_stack_lvl+0x1e3/0x2d0 [ 44.297952][ T3564] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 44.303567][ T3564] ? print_circular_bug+0x12b/0x1a0 [ 44.308741][ T3564] check_noncircular+0x2f8/0x3b0 [ 44.313696][ T3564] ? add_chain_block+0x850/0x850 [ 44.318607][ T3564] ? lockdep_lock+0x11f/0x2a0 [ 44.323254][ T3564] ? stack_trace_save+0x113/0x1c0 [ 44.328255][ T3564] validate_chain+0x1649/0x5930 [ 44.333083][ T3564] ? reacquire_held_locks+0x660/0x660 [ 44.338420][ T3564] ? validate_chain+0x13bd/0x5930 [ 44.343413][ T3564] ? look_up_lock_class+0x77/0x120 [ 44.348512][ T3564] ? register_lock_class+0x100/0x9a0 [ 44.353766][ T3564] ? reacquire_held_locks+0x660/0x660 [ 44.359103][ T3564] ? is_dynamic_key+0x1f0/0x1f0 [ 44.364025][ T3564] ? mark_lock+0x98/0x340 [ 44.368324][ T3564] __lock_acquire+0x1295/0x1ff0 [ 44.373156][ T3564] lock_acquire+0x1db/0x4f0 [ 44.377647][ T3564] ? __flush_work+0xcf/0x1a0 [ 44.382246][ T3564] ? mark_lock+0x98/0x340 [ 44.386563][ T3564] ? read_lock_is_recursive+0x10/0x10 [ 44.391915][ T3564] ? __lock_acquire+0x1295/0x1ff0 [ 44.396936][ T3564] __flush_work+0xeb/0x1a0 [ 44.401331][ T3564] ? __flush_work+0xcf/0x1a0 [ 44.405895][ T3564] ? flush_work+0x20/0x20 [ 44.410225][ T3564] hci_dev_do_close+0x20a/0x1070 [ 44.415140][ T3564] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 44.421047][ T3564] hci_rfkill_set_block+0x114/0x1a0 [ 44.426235][ T3564] ? rcu_lock_release+0x20/0x20 [ 44.431090][ T3564] rfkill_set_block+0x1e7/0x430 [ 44.435926][ T3564] rfkill_fop_write+0x5b7/0x790 [ 44.440915][ T3564] ? mark_lock+0x98/0x340 [ 44.445248][ T3564] ? rfkill_fop_read+0x470/0x470 [ 44.450163][ T3564] ? fsnotify_perm+0x64/0x590 [ 44.454838][ T3564] ? security_file_permission+0x75/0xa0 [ 44.460381][ T3564] ? rfkill_fop_read+0x470/0x470 [ 44.465318][ T3564] vfs_write+0x30c/0xe50 [ 44.469565][ T3564] ? file_end_write+0x250/0x250 [ 44.474388][ T3564] ? read_lock_is_recursive+0x10/0x10 [ 44.479779][ T3564] ? __context_tracking_exit+0x4c/0x80 [ 44.485233][ T3564] ? __lock_acquire+0x1ff0/0x1ff0 [ 44.490249][ T3564] ? __fdget_pos+0x1e9/0x380 [ 44.494819][ T3564] ksys_write+0x1a2/0x2c0 [ 44.499137][ T3564] ? print_irqtrace_events+0x210/0x210 [ 44.504603][ T3564] ? __ia32_sys_read+0x80/0x80 [ 44.509359][ T3564] ? syscall_enter_from_user_mode+0x2e/0x240 [ 44.515320][ T3564] ? lockdep_hardirqs_on+0x94/0x130 [ 44.520508][ T3564] ? syscall_enter_from_user_mode+0x2e/0x240 [ 44.526466][ T3564] do_syscall_64+0x3b/0xb0 [ 44.530862][ T3564] ? clear_bhb_loop+0x15/0x70 [ 44.535522][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 44.541401][ T3564] RIP: 0033:0x7f9a915ff719 [ 44.545841][ T3564] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 44.565428][ T3564] RSP: 00