Warning: Permanently added '10.128.1.212' (ED25519) to the list of known hosts. executing program [ 52.335075][ T3564] [ 52.337434][ T3564] ====================================================== [ 52.344443][ T3564] WARNING: possible circular locking dependency detected [ 52.351454][ T3564] 5.15.165-syzkaller #0 Not tainted [ 52.356653][ T3564] ------------------------------------------------------ [ 52.363660][ T3564] syz-executor257/3564 is trying to acquire lock: [ 52.370069][ T3564] ffff888016d54b98 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 52.380540][ T3564] [ 52.380540][ T3564] but task is already holding lock: [ 52.388073][ T3564] ffff888016d54ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 52.397390][ T3564] [ 52.397390][ T3564] which lock already depends on the new lock. [ 52.397390][ T3564] [ 52.407783][ T3564] [ 52.407783][ T3564] the existing dependency chain (in reverse order) is: [ 52.416795][ T3564] [ 52.416795][ T3564] -> #3 (&hdev->req_lock){+.+.}-{3:3}: [ 52.424801][ T3564] lock_acquire+0x1db/0x4f0 [ 52.429832][ T3564] __mutex_lock_common+0x1da/0x25a0 [ 52.435577][ T3564] mutex_lock_nested+0x17/0x20 [ 52.440865][ T3564] hci_dev_do_close+0x63/0x1070 [ 52.446240][ T3564] hci_rfkill_set_block+0x114/0x1a0 [ 52.451963][ T3564] rfkill_set_block+0x1e7/0x430 [ 52.457333][ T3564] rfkill_fop_write+0x5b7/0x790 [ 52.462730][ T3564] vfs_write+0x30c/0xe50 [ 52.467497][ T3564] ksys_write+0x1a2/0x2c0 [ 52.472348][ T3564] do_syscall_64+0x3b/0xb0 [ 52.477291][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 52.483713][ T3564] [ 52.483713][ T3564] -> #2 (rfkill_global_mutex){+.+.}-{3:3}: [ 52.491799][ T3564] lock_acquire+0x1db/0x4f0 [ 52.496825][ T3564] __mutex_lock_common+0x1da/0x25a0 [ 52.502545][ T3564] mutex_lock_nested+0x17/0x20 [ 52.507834][ T3564] rfkill_register+0x30/0x880 [ 52.513034][ T3564] hci_register_dev+0x4dd/0xa50 [ 52.518409][ T3564] vhci_create_device+0x310/0x590 [ 52.523958][ T3564] vhci_write+0x382/0x430 [ 52.528810][ T3564] vfs_write+0xacd/0xe50 [ 52.533573][ T3564] ksys_write+0x1a2/0x2c0 [ 52.538424][ T3564] do_syscall_64+0x3b/0xb0 [ 52.543361][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 52.549778][ T3564] [ 52.549778][ T3564] -> #1 (&data->open_mutex){+.+.}-{3:3}: [ 52.557596][ T3564] lock_acquire+0x1db/0x4f0 [ 52.562624][ T3564] __mutex_lock_common+0x1da/0x25a0 [ 52.568343][ T3564] mutex_lock_nested+0x17/0x20 [ 52.573628][ T3564] vhci_send_frame+0x8a/0xf0 [ 52.578827][ T3564] hci_send_frame+0x1af/0x2f0 [ 52.584029][ T3564] hci_tx_work+0xb0b/0x19d0 [ 52.589057][ T3564] process_one_work+0x8a1/0x10c0 [ 52.594521][ T3564] worker_thread+0xaca/0x1280 [ 52.599726][ T3564] kthread+0x3f6/0x4f0 [ 52.604413][ T3564] ret_from_fork+0x1f/0x30 [ 52.609354][ T3564] [ 52.609354][ T3564] -> #0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 52.618573][ T3564] validate_chain+0x1649/0x5930 [ 52.623947][ T3564] __lock_acquire+0x1295/0x1ff0 [ 52.629326][ T3564] lock_acquire+0x1db/0x4f0 [ 52.634362][ T3564] __flush_work+0xeb/0x1a0 [ 52.639302][ T3564] hci_dev_do_close+0x20a/0x1070 [ 52.644762][ T3564] hci_rfkill_set_block+0x114/0x1a0 [ 52.650483][ T3564] rfkill_set_block+0x1e7/0x430 [ 52.655855][ T3564] rfkill_fop_write+0x5b7/0x790 [ 52.661227][ T3564] vfs_write+0x30c/0xe50 [ 52.665992][ T3564] ksys_write+0x1a2/0x2c0 [ 52.670843][ T3564] do_syscall_64+0x3b/0xb0 [ 52.675871][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 52.682287][ T3564] [ 52.682287][ T3564] other info that might help us debug this: [ 52.682287][ T3564] [ 52.692514][ T3564] Chain exists of: [ 52.692514][ T3564] (work_completion)(&hdev->tx_work) --> rfkill_global_mutex --> &hdev->req_lock [ 52.692514][ T3564] [ 52.707457][ T3564] Possible unsafe locking scenario: [ 52.707457][ T3564] [ 52.714913][ T3564] CPU0 CPU1 [ 52.720277][ T3564] ---- ---- [ 52.725646][ T3564] lock(&hdev->req_lock); [ 52.730064][ T3564] lock(rfkill_global_mutex); [ 52.737341][ T3564] lock(&hdev->req_lock); [ 52.744280][ T3564] lock((work_completion)(&hdev->tx_work)); [ 52.750266][ T3564] [ 52.750266][ T3564] *** DEADLOCK *** [ 52.750266][ T3564] [ 52.758489][ T3564] 2 locks held by syz-executor257/3564: [ 52.764024][ T3564] #0: ffffffff8dcbd1a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 52.774135][ T3564] #1: ffff888016d54ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 52.783967][ T3564] [ 52.783967][ T3564] stack backtrace: [ 52.789858][ T3564] CPU: 0 PID: 3564 Comm: syz-executor257 Not tainted 5.15.165-syzkaller #0 [ 52.798441][ T3564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 52.808491][ T3564] Call Trace: [ 52.811776][ T3564] [ 52.814707][ T3564] dump_stack_lvl+0x1e3/0x2d0 [ 52.819472][ T3564] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 52.825110][ T3564] ? print_circular_bug+0x12b/0x1a0 [ 52.830312][ T3564] check_noncircular+0x2f8/0x3b0 [ 52.835253][ T3564] ? add_chain_block+0x850/0x850 [ 52.840190][ T3564] ? lockdep_lock+0x11f/0x2a0 [ 52.844868][ T3564] ? stack_trace_save+0x113/0x1c0 [ 52.849898][ T3564] validate_chain+0x1649/0x5930 [ 52.854760][ T3564] ? reacquire_held_locks+0x660/0x660 [ 52.860131][ T3564] ? validate_chain+0x13bd/0x5930 [ 52.865160][ T3564] ? look_up_lock_class+0x77/0x120 [ 52.870370][ T3564] ? register_lock_class+0x100/0x9a0 [ 52.875660][ T3564] ? reacquire_held_locks+0x660/0x660 [ 52.881039][ T3564] ? is_dynamic_key+0x1f0/0x1f0 [ 52.885900][ T3564] ? mark_lock+0x98/0x340 [ 52.890233][ T3564] __lock_acquire+0x1295/0x1ff0 [ 52.895090][ T3564] lock_acquire+0x1db/0x4f0 [ 52.899595][ T3564] ? __flush_work+0xcf/0x1a0 [ 52.904196][ T3564] ? mark_lock+0x98/0x340 [ 52.908527][ T3564] ? read_lock_is_recursive+0x10/0x10 [ 52.913897][ T3564] ? __lock_acquire+0x1295/0x1ff0 [ 52.918926][ T3564] __flush_work+0xeb/0x1a0 [ 52.923342][ T3564] ? __flush_work+0xcf/0x1a0 [ 52.927930][ T3564] ? flush_work+0x20/0x20 [ 52.932268][ T3564] hci_dev_do_close+0x20a/0x1070 [ 52.937746][ T3564] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 52.943646][ T3564] ? kmem_cache_alloc_trace+0x143/0x290 [ 52.949203][ T3564] hci_rfkill_set_block+0x114/0x1a0 [ 52.954410][ T3564] ? rcu_lock_release+0x20/0x20 [ 52.959268][ T3564] rfkill_set_block+0x1e7/0x430 [ 52.964125][ T3564] rfkill_fop_write+0x5b7/0x790 [ 52.968980][ T3564] ? mark_lock+0x98/0x340 [ 52.973312][ T3564] ? rfkill_fop_read+0x470/0x470 [ 52.978257][ T3564] ? fsnotify_perm+0x64/0x590 [ 52.982952][ T3564] ? security_file_permission+0x75/0xa0 [ 52.988506][ T3564] ? rfkill_fop_read+0x470/0x470 [ 52.993450][ T3564] vfs_write+0x30c/0xe50 [ 52.997702][ T3564] ? file_end_write+0x250/0x250 [ 53.002564][ T3564] ? read_lock_is_recursive+0x10/0x10 [ 53.007937][ T3564] ? __context_tracking_exit+0x4c/0x80 [ 53.013401][ T3564] ? __lock_acquire+0x1ff0/0x1ff0 [ 53.018431][ T3564] ? __fdget_pos+0x1e9/0x380 [ 53.023026][ T3564] ksys_write+0x1a2/0x2c0 [ 53.027365][ T3564] ? print_irqtrace_events+0x210/0x210 [ 53.032828][ T3564] ? __ia32_sys_read+0x80/0x80 [ 53.037704][ T3564] ? syscall_enter_from_user_mode+0x2e/0x240 [ 53.043667][ T3564] ? lockdep_hardirqs_on+0x94/0x130 [ 53.048909][ T3564] ? syscall_enter_from_user_mode+0x2e/0x240 [ 53.054861][ T3564] do_syscall_64+0x3b/0xb0 [ 53.059251][ T3564] ? clear_bhb_loop+0x15/0x70 [ 53.063899][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.069765][ T3564] RIP: 0033:0x7f5ff7434719 [ 53.074161][ T3564] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 53.093764][ T3564] RSP: 002b:00007fffbc03fdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 53.102154][ T3564] RAX: ffffffffffffffda RBX: 00007f5ff748c11b RCX: 00007f5ff7434719 [ 53.110097][ T3564] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003 [ 53.118040][ T3564] RBP: 00007f5ff748c0f9 R08: 000000ff00fff650 R09: 000000ff00fff650 [ 53.126001][ T3564] R10: 000000ff00fff650 R11: 0000000000000246 R12: 00007f5ff74921fc [ 53.133976][ T3564] R13: 00007f5ff748c0b9 R14: 00007f