Warning: Permanently added '10.128.0.228' (ED25519) to the list of known hosts. executing program [ 47.229395][ T3565] [ 47.231728][ T3565] ====================================================== [ 47.238712][ T3565] WARNING: possible circular locking dependency detected [ 47.245732][ T3565] 5.15.165-syzkaller #0 Not tainted [ 47.250899][ T3565] ------------------------------------------------------ [ 47.257885][ T3565] syz-executor403/3565 is trying to acquire lock: [ 47.264351][ T3565] ffff888077c58b98 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 47.274766][ T3565] [ 47.274766][ T3565] but task is already holding lock: [ 47.282112][ T3565] ffff888077c58ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 47.291382][ T3565] [ 47.291382][ T3565] which lock already depends on the new lock. [ 47.291382][ T3565] [ 47.301749][ T3565] [ 47.301749][ T3565] the existing dependency chain (in reverse order) is: [ 47.310744][ T3565] [ 47.310744][ T3565] -> #3 (&hdev->req_lock){+.+.}-{3:3}: [ 47.318363][ T3565] lock_acquire+0x1db/0x4f0 [ 47.323362][ T3565] __mutex_lock_common+0x1da/0x25a0 [ 47.329060][ T3565] mutex_lock_nested+0x17/0x20 [ 47.334312][ T3565] hci_dev_do_close+0x63/0x1070 [ 47.339664][ T3565] hci_rfkill_set_block+0x114/0x1a0 [ 47.345349][ T3565] rfkill_set_block+0x1e7/0x430 [ 47.350690][ T3565] rfkill_fop_write+0x5b7/0x790 [ 47.356030][ T3565] vfs_write+0x30c/0xe50 [ 47.360760][ T3565] ksys_write+0x1a2/0x2c0 [ 47.365577][ T3565] do_syscall_64+0x3b/0xb0 [ 47.370482][ T3565] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.376865][ T3565] [ 47.376865][ T3565] -> #2 (rfkill_global_mutex){+.+.}-{3:3}: [ 47.384816][ T3565] lock_acquire+0x1db/0x4f0 [ 47.389807][ T3565] __mutex_lock_common+0x1da/0x25a0 [ 47.395592][ T3565] mutex_lock_nested+0x17/0x20 [ 47.400846][ T3565] rfkill_register+0x30/0x880 [ 47.406012][ T3565] hci_register_dev+0x4dd/0xa50 [ 47.411351][ T3565] vhci_create_device+0x310/0x590 [ 47.416868][ T3565] vhci_write+0x382/0x430 [ 47.421686][ T3565] vfs_write+0xacd/0xe50 [ 47.426417][ T3565] ksys_write+0x1a2/0x2c0 [ 47.431233][ T3565] do_syscall_64+0x3b/0xb0 [ 47.436141][ T3565] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.442524][ T3565] [ 47.442524][ T3565] -> #1 (&data->open_mutex){+.+.}-{3:3}: [ 47.450309][ T3565] lock_acquire+0x1db/0x4f0 [ 47.455304][ T3565] __mutex_lock_common+0x1da/0x25a0 [ 47.461014][ T3565] mutex_lock_nested+0x17/0x20 [ 47.466266][ T3565] vhci_send_frame+0x8a/0xf0 [ 47.471346][ T3565] hci_send_frame+0x1af/0x2f0 [ 47.476512][ T3565] hci_tx_work+0xb0b/0x19d0 [ 47.481504][ T3565] process_one_work+0x8a1/0x10c0 [ 47.486931][ T3565] worker_thread+0xaca/0x1280 [ 47.492096][ T3565] kthread+0x3f6/0x4f0 [ 47.496654][ T3565] ret_from_fork+0x1f/0x30 [ 47.501560][ T3565] [ 47.501560][ T3565] -> #0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 47.510729][ T3565] validate_chain+0x1649/0x5930 [ 47.516156][ T3565] __lock_acquire+0x1295/0x1ff0 [ 47.521494][ T3565] lock_acquire+0x1db/0x4f0 [ 47.526485][ T3565] __flush_work+0xeb/0x1a0 [ 47.531389][ T3565] hci_dev_do_close+0x20a/0x1070 [ 47.536830][ T3565] hci_rfkill_set_block+0x114/0x1a0 [ 47.542518][ T3565] rfkill_set_block+0x1e7/0x430 [ 47.547860][ T3565] rfkill_fop_write+0x5b7/0x790 [ 47.553199][ T3565] vfs_write+0x30c/0xe50 [ 47.557936][ T3565] ksys_write+0x1a2/0x2c0 [ 47.562752][ T3565] do_syscall_64+0x3b/0xb0 [ 47.567657][ T3565] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.574038][ T3565] [ 47.574038][ T3565] other info that might help us debug this: [ 47.574038][ T3565] [ 47.584257][ T3565] Chain exists of: [ 47.584257][ T3565] (work_completion)(&hdev->tx_work) --> rfkill_global_mutex --> &hdev->req_lock [ 47.584257][ T3565] [ 47.599157][ T3565] Possible unsafe locking scenario: [ 47.599157][ T3565] [ 47.606575][ T3565] CPU0 CPU1 [ 47.611909][ T3565] ---- ---- [ 47.617253][ T3565] lock(&hdev->req_lock); [ 47.621635][ T3565] lock(rfkill_global_mutex); [ 47.628903][ T3565] lock(&hdev->req_lock); [ 47.635838][ T3565] lock((work_completion)(&hdev->tx_work)); [ 47.641797][ T3565] [ 47.641797][ T3565] *** DEADLOCK *** [ 47.641797][ T3565] [ 47.649913][ T3565] 2 locks held by syz-executor403/3565: [ 47.655426][ T3565] #0: ffffffff8dcbd1a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 47.665502][ T3565] #1: ffff888077c58ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 47.675295][ T3565] [ 47.675295][ T3565] stack backtrace: [ 47.681160][ T3565] CPU: 0 PID: 3565 Comm: syz-executor403 Not tainted 5.15.165-syzkaller #0 [ 47.689711][ T3565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 47.699909][ T3565] Call Trace: [ 47.703166][ T3565] [ 47.706073][ T3565] dump_stack_lvl+0x1e3/0x2d0 [ 47.710722][ T3565] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 47.716325][ T3565] ? print_circular_bug+0x12b/0x1a0 [ 47.721495][ T3565] check_noncircular+0x2f8/0x3b0 [ 47.726431][ T3565] ? add_chain_block+0x850/0x850 [ 47.731335][ T3565] ? lockdep_lock+0x11f/0x2a0 [ 47.735980][ T3565] ? stack_trace_save+0x113/0x1c0 [ 47.740973][ T3565] validate_chain+0x1649/0x5930 [ 47.745811][ T3565] ? reacquire_held_locks+0x660/0x660 [ 47.751166][ T3565] ? validate_chain+0x13bd/0x5930 [ 47.756187][ T3565] ? look_up_lock_class+0x77/0x120 [ 47.761280][ T3565] ? register_lock_class+0x100/0x9a0 [ 47.766536][ T3565] ? reacquire_held_locks+0x660/0x660 [ 47.771878][ T3565] ? is_dynamic_key+0x1f0/0x1f0 [ 47.776721][ T3565] ? mark_lock+0x98/0x340 [ 47.781030][ T3565] __lock_acquire+0x1295/0x1ff0 [ 47.785868][ T3565] lock_acquire+0x1db/0x4f0 [ 47.790342][ T3565] ? __flush_work+0xcf/0x1a0 [ 47.794902][ T3565] ? mark_lock+0x98/0x340 [ 47.799199][ T3565] ? read_lock_is_recursive+0x10/0x10 [ 47.804540][ T3565] ? __lock_acquire+0x1295/0x1ff0 [ 47.809541][ T3565] __flush_work+0xeb/0x1a0 [ 47.813929][ T3565] ? __flush_work+0xcf/0x1a0 [ 47.818488][ T3565] ? flush_work+0x20/0x20 [ 47.822792][ T3565] hci_dev_do_close+0x20a/0x1070 [ 47.827702][ T3565] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 47.833564][ T3565] hci_rfkill_set_block+0x114/0x1a0 [ 47.838732][ T3565] ? rcu_lock_release+0x20/0x20 [ 47.843553][ T3565] rfkill_set_block+0x1e7/0x430 [ 47.848376][ T3565] rfkill_fop_write+0x5b7/0x790 [ 47.853195][ T3565] ? mark_lock+0x98/0x340 [ 47.857494][ T3565] ? rfkill_fop_read+0x470/0x470 [ 47.862400][ T3565] ? fsnotify_perm+0x64/0x590 [ 47.867049][ T3565] ? security_file_permission+0x75/0xa0 [ 47.872562][ T3565] ? rfkill_fop_read+0x470/0x470 [ 47.877468][ T3565] vfs_write+0x30c/0xe50 [ 47.881681][ T3565] ? file_end_write+0x250/0x250 [ 47.886510][ T3565] ? read_lock_is_recursive+0x10/0x10 [ 47.891864][ T3565] ? __context_tracking_exit+0x4c/0x80 [ 47.897343][ T3565] ? __lock_acquire+0x1ff0/0x1ff0 [ 47.902360][ T3565] ? __fdget_pos+0x1e9/0x380 [ 47.906931][ T3565] ksys_write+0x1a2/0x2c0 [ 47.911234][ T3565] ? print_irqtrace_events+0x210/0x210 [ 47.916833][ T3565] ? __ia32_sys_read+0x80/0x80 [ 47.921566][ T3565] ? syscall_enter_from_user_mode+0x2e/0x240 [ 47.927515][ T3565] ? lockdep_hardirqs_on+0x94/0x130 [ 47.932679][ T3565] ? syscall_enter_from_user_mode+0x2e/0x240 [ 47.938627][ T3565] do_syscall_64+0x3b/0xb0 [ 47.943011][ T3565] ? clear_bhb_loop+0x15/0x70 [ 47.947682][ T3565] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.953546][ T3565] RIP: 0033:0x7f22e2061719 [ 47.958029][ T3565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 47.977622][ T3565] RSP: 002b:00007ffc60a555c8 EFLAGS: 0