Warning: Permanently added '10.128.1.82' (ED25519) to the list of known hosts. executing program [ 44.433091][ T3564] [ 44.435560][ T3564] ====================================================== [ 44.442588][ T3564] WARNING: possible circular locking dependency detected [ 44.449600][ T3564] 5.15.164-syzkaller #0 Not tainted [ 44.454793][ T3564] ------------------------------------------------------ [ 44.461812][ T3564] syz-executor926/3564 is trying to acquire lock: [ 44.468222][ T3564] ffff888078fccb98 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 44.478704][ T3564] [ 44.478704][ T3564] but task is already holding lock: [ 44.486068][ T3564] ffff888078fccff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 44.495388][ T3564] [ 44.495388][ T3564] which lock already depends on the new lock. [ 44.495388][ T3564] [ 44.505788][ T3564] [ 44.505788][ T3564] the existing dependency chain (in reverse order) is: [ 44.514802][ T3564] [ 44.514802][ T3564] -> #3 (&hdev->req_lock){+.+.}-{3:3}: [ 44.522452][ T3564] lock_acquire+0x1db/0x4f0 [ 44.527485][ T3564] __mutex_lock_common+0x1da/0x25a0 [ 44.533224][ T3564] mutex_lock_nested+0x17/0x20 [ 44.538523][ T3564] hci_dev_do_close+0x63/0x1070 [ 44.543907][ T3564] hci_rfkill_set_block+0x114/0x1a0 [ 44.549634][ T3564] rfkill_set_block+0x1e7/0x430 [ 44.555024][ T3564] rfkill_fop_write+0x5b7/0x790 [ 44.560407][ T3564] vfs_write+0x30c/0xe50 [ 44.565190][ T3564] ksys_write+0x1a2/0x2c0 [ 44.570056][ T3564] do_syscall_64+0x3b/0xb0 [ 44.575015][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 44.581442][ T3564] [ 44.581442][ T3564] -> #2 (rfkill_global_mutex){+.+.}-{3:3}: [ 44.589526][ T3564] lock_acquire+0x1db/0x4f0 [ 44.594561][ T3564] __mutex_lock_common+0x1da/0x25a0 [ 44.600287][ T3564] mutex_lock_nested+0x17/0x20 [ 44.605579][ T3564] rfkill_register+0x30/0x880 [ 44.610789][ T3564] hci_register_dev+0x4dd/0xa50 [ 44.616189][ T3564] vhci_create_device+0x310/0x590 [ 44.621834][ T3564] vhci_write+0x382/0x430 [ 44.626703][ T3564] vfs_write+0xacd/0xe50 [ 44.631471][ T3564] ksys_write+0x1a2/0x2c0 [ 44.636329][ T3564] do_syscall_64+0x3b/0xb0 [ 44.641276][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 44.647703][ T3564] [ 44.647703][ T3564] -> #1 (&data->open_mutex){+.+.}-{3:3}: [ 44.655609][ T3564] lock_acquire+0x1db/0x4f0 [ 44.660639][ T3564] __mutex_lock_common+0x1da/0x25a0 [ 44.666365][ T3564] mutex_lock_nested+0x17/0x20 [ 44.671657][ T3564] vhci_send_frame+0x8a/0xf0 [ 44.676776][ T3564] hci_send_frame+0x1af/0x2f0 [ 44.681979][ T3564] hci_tx_work+0xb0b/0x19d0 [ 44.687014][ T3564] process_one_work+0x8a1/0x10c0 [ 44.692490][ T3564] worker_thread+0xaca/0x1280 [ 44.697695][ T3564] kthread+0x3f6/0x4f0 [ 44.702290][ T3564] ret_from_fork+0x1f/0x30 [ 44.707236][ T3564] [ 44.707236][ T3564] -> #0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 44.716449][ T3564] validate_chain+0x1649/0x5930 [ 44.721830][ T3564] __lock_acquire+0x1295/0x1ff0 [ 44.727210][ T3564] lock_acquire+0x1db/0x4f0 [ 44.732241][ T3564] __flush_work+0xeb/0x1a0 [ 44.737198][ T3564] hci_dev_do_close+0x20a/0x1070 [ 44.742836][ T3564] hci_rfkill_set_block+0x114/0x1a0 [ 44.748561][ T3564] rfkill_set_block+0x1e7/0x430 [ 44.753942][ T3564] rfkill_fop_write+0x5b7/0x790 [ 44.759320][ T3564] vfs_write+0x30c/0xe50 [ 44.764270][ T3564] ksys_write+0x1a2/0x2c0 [ 44.769138][ T3564] do_syscall_64+0x3b/0xb0 [ 44.774133][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 44.780557][ T3564] [ 44.780557][ T3564] other info that might help us debug this: [ 44.780557][ T3564] [ 44.790800][ T3564] Chain exists of: [ 44.790800][ T3564] (work_completion)(&hdev->tx_work) --> rfkill_global_mutex --> &hdev->req_lock [ 44.790800][ T3564] [ 44.805861][ T3564] Possible unsafe locking scenario: [ 44.805861][ T3564] [ 44.813308][ T3564] CPU0 CPU1 [ 44.818678][ T3564] ---- ---- [ 44.824043][ T3564] lock(&hdev->req_lock); [ 44.828464][ T3564] lock(rfkill_global_mutex); [ 44.835747][ T3564] lock(&hdev->req_lock); [ 44.842690][ T3564] lock((work_completion)(&hdev->tx_work)); [ 44.848684][ T3564] [ 44.848684][ T3564] *** DEADLOCK *** [ 44.848684][ T3564] [ 44.856836][ T3564] 2 locks held by syz-executor926/3564: [ 44.862382][ T3564] #0: ffffffff8dcbcc48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 44.872572][ T3564] #1: ffff888078fccff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 44.882335][ T3564] [ 44.882335][ T3564] stack backtrace: [ 44.888234][ T3564] CPU: 0 PID: 3564 Comm: syz-executor926 Not tainted 5.15.164-syzkaller #0 [ 44.896821][ T3564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 44.906972][ T3564] Call Trace: [ 44.910251][ T3564] [ 44.913188][ T3564] dump_stack_lvl+0x1e3/0x2d0 [ 44.917872][ T3564] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 44.923514][ T3564] ? print_circular_bug+0x12b/0x1a0 [ 44.928720][ T3564] check_noncircular+0x2f8/0x3b0 [ 44.933670][ T3564] ? add_chain_block+0x850/0x850 [ 44.938617][ T3564] ? lockdep_lock+0x11f/0x2a0 [ 44.943304][ T3564] ? stack_trace_save+0x113/0x1c0 [ 44.948387][ T3564] validate_chain+0x1649/0x5930 [ 44.953271][ T3564] ? reacquire_held_locks+0x660/0x660 [ 44.958656][ T3564] ? validate_chain+0x13bd/0x5930 [ 44.963690][ T3564] ? look_up_lock_class+0x77/0x120 [ 44.968903][ T3564] ? register_lock_class+0x100/0x9a0 [ 44.974206][ T3564] ? is_dynamic_key+0x1f0/0x1f0 [ 44.979066][ T3564] ? mark_lock+0x98/0x340 [ 44.983404][ T3564] __lock_acquire+0x1295/0x1ff0 [ 44.988268][ T3564] lock_acquire+0x1db/0x4f0 [ 44.992784][ T3564] ? __flush_work+0xcf/0x1a0 [ 44.997387][ T3564] ? read_lock_is_recursive+0x10/0x10 [ 45.002868][ T3564] ? mark_lock+0x98/0x340 [ 45.007257][ T3564] __flush_work+0xeb/0x1a0 [ 45.011688][ T3564] ? __flush_work+0xcf/0x1a0 [ 45.016296][ T3564] ? flush_work+0x20/0x20 [ 45.020647][ T3564] ? _raw_read_unlock_irqrestore+0xd9/0x130 [ 45.026550][ T3564] ? _raw_read_unlock+0x40/0x40 [ 45.031415][ T3564] ? led_trigger_event+0xa6/0xc0 [ 45.036373][ T3564] hci_dev_do_close+0x20a/0x1070 [ 45.041325][ T3564] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 45.047228][ T3564] ? kmem_cache_alloc_trace+0x143/0x290 [ 45.052788][ T3564] hci_rfkill_set_block+0x114/0x1a0 [ 45.057995][ T3564] ? rcu_lock_release+0x20/0x20 [ 45.062867][ T3564] rfkill_set_block+0x1e7/0x430 [ 45.067737][ T3564] rfkill_fop_write+0x5b7/0x790 [ 45.072603][ T3564] ? mark_lock+0x98/0x340 [ 45.076950][ T3564] ? rfkill_fop_read+0x470/0x470 [ 45.082021][ T3564] ? fsnotify_perm+0x64/0x590 [ 45.086710][ T3564] ? security_file_permission+0x75/0xa0 [ 45.092272][ T3564] ? rfkill_fop_read+0x470/0x470 [ 45.097221][ T3564] vfs_write+0x30c/0xe50 [ 45.101486][ T3564] ? file_end_write+0x250/0x250 [ 45.106370][ T3564] ? read_lock_is_recursive+0x10/0x10 [ 45.111756][ T3564] ? __context_tracking_exit+0x4c/0x80 [ 45.117222][ T3564] ? __lock_acquire+0x1ff0/0x1ff0 [ 45.122263][ T3564] ? __fdget_pos+0x1e9/0x380 [ 45.126863][ T3564] ksys_write+0x1a2/0x2c0 [ 45.131203][ T3564] ? print_irqtrace_events+0x210/0x210 [ 45.136676][ T3564] ? __ia32_sys_read+0x80/0x80 [ 45.141451][ T3564] ? syscall_enter_from_user_mode+0x2e/0x240 [ 45.147447][ T3564] ? lockdep_hardirqs_on+0x94/0x130 [ 45.152655][ T3564] ? syscall_enter_from_user_mode+0x2e/0x240 [ 45.158612][ T3564] do_syscall_64+0x3b/0xb0 [ 45.163003][ T3564] ? clear_bhb_loop+0x15/0x70 [ 45.167651][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 45.173520][ T3564] RIP: 0033:0x7efe7e2a0719 [ 45.177938][ T3564] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 45.197521][ T3564] RSP: 002b:00007fff02be6928 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 45.205931][ T3564] RAX: ffffffffffffffda RBX: 00007efe7e2f811b RCX: 00007efe7e2a0719 [ 45.213898][ T3564] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003 [ 45.221850][ T3564] RBP: 00007efe7e2f80f9 R08: 000000ff00ffc650 R09: 000000ff00ffc650 [ 45.229811][ T3564] R10: 000000ff00ffc650 R11: 0000000000000246 R12: 00007e