Warning: Permanently added '10.128.0.200' (ED25519) to the list of known hosts. executing program [ 40.573544][ T3501] [ 40.575900][ T3501] ====================================================== [ 40.582913][ T3501] WARNING: possible circular locking dependency detected [ 40.589925][ T3501] 5.15.137-syzkaller #0 Not tainted [ 40.595115][ T3501] ------------------------------------------------------ [ 40.602127][ T3501] syz-executor716/3501 is trying to acquire lock: [ 40.608551][ T3501] ffff88807e6fcb98 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 40.619791][ T3501] [ 40.619791][ T3501] but task is already holding lock: [ 40.627152][ T3501] ffff88807e6fcff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 40.636835][ T3501] [ 40.636835][ T3501] which lock already depends on the new lock. [ 40.636835][ T3501] [ 40.647452][ T3501] [ 40.647452][ T3501] the existing dependency chain (in reverse order) is: [ 40.656468][ T3501] [ 40.656468][ T3501] -> #3 (&hdev->req_lock){+.+.}-{3:3}: [ 40.664120][ T3501] lock_acquire+0x1db/0x4f0 [ 40.669156][ T3501] __mutex_lock_common+0x1da/0x25a0 [ 40.674891][ T3501] mutex_lock_nested+0x17/0x20 [ 40.680190][ T3501] hci_dev_do_close+0x63/0x1070 [ 40.685573][ T3501] hci_rfkill_set_block+0x114/0x1a0 [ 40.691333][ T3501] rfkill_set_block+0x1e7/0x430 [ 40.696716][ T3501] rfkill_fop_write+0x5b7/0x790 [ 40.702102][ T3501] vfs_write+0x30c/0xe50 [ 40.706875][ T3501] ksys_write+0x1a2/0x2c0 [ 40.712163][ T3501] do_syscall_64+0x3d/0xb0 [ 40.717106][ T3501] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 40.723529][ T3501] [ 40.723529][ T3501] -> #2 (rfkill_global_mutex){+.+.}-{3:3}: [ 40.731523][ T3501] lock_acquire+0x1db/0x4f0 [ 40.736564][ T3501] __mutex_lock_common+0x1da/0x25a0 [ 40.742298][ T3501] mutex_lock_nested+0x17/0x20 [ 40.747936][ T3501] rfkill_register+0x30/0x880 [ 40.753150][ T3501] hci_register_dev+0x4dd/0xa50 [ 40.758537][ T3501] vhci_create_device+0x310/0x590 [ 40.764098][ T3501] vhci_write+0x382/0x430 [ 40.768957][ T3501] vfs_write+0xacf/0xe50 [ 40.773733][ T3501] ksys_write+0x1a2/0x2c0 [ 40.778589][ T3501] do_syscall_64+0x3d/0xb0 [ 40.783536][ T3501] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 40.789965][ T3501] [ 40.789965][ T3501] -> #1 (&data->open_mutex){+.+.}-{3:3}: [ 40.797793][ T3501] lock_acquire+0x1db/0x4f0 [ 40.802829][ T3501] __mutex_lock_common+0x1da/0x25a0 [ 40.808560][ T3501] mutex_lock_nested+0x17/0x20 [ 40.813860][ T3501] vhci_send_frame+0x8a/0xf0 [ 40.818976][ T3501] hci_send_frame+0x1af/0x2f0 [ 40.824179][ T3501] hci_tx_work+0xb0b/0x19d0 [ 40.829206][ T3501] process_one_work+0x8a1/0x10c0 [ 40.834670][ T3501] worker_thread+0xaca/0x1280 [ 40.839875][ T3501] kthread+0x3f6/0x4f0 [ 40.844901][ T3501] ret_from_fork+0x1f/0x30 [ 40.849848][ T3501] [ 40.849848][ T3501] -> #0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 40.859064][ T3501] validate_chain+0x1646/0x58b0 [ 40.864442][ T3501] __lock_acquire+0x1295/0x1ff0 [ 40.869819][ T3501] lock_acquire+0x1db/0x4f0 [ 40.874851][ T3501] __flush_work+0xeb/0x1a0 [ 40.879796][ T3501] hci_dev_do_close+0x20a/0x1070 [ 40.885258][ T3501] hci_rfkill_set_block+0x114/0x1a0 [ 40.890977][ T3501] rfkill_set_block+0x1e7/0x430 [ 40.896354][ T3501] rfkill_fop_write+0x5b7/0x790 [ 40.901728][ T3501] vfs_write+0x30c/0xe50 [ 40.906496][ T3501] ksys_write+0x1a2/0x2c0 [ 40.911349][ T3501] do_syscall_64+0x3d/0xb0 [ 40.916290][ T3501] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 40.922715][ T3501] [ 40.922715][ T3501] other info that might help us debug this: [ 40.922715][ T3501] [ 40.932942][ T3501] Chain exists of: [ 40.932942][ T3501] (work_completion)(&hdev->tx_work) --> rfkill_global_mutex --> &hdev->req_lock [ 40.932942][ T3501] [ 40.947896][ T3501] Possible unsafe locking scenario: [ 40.947896][ T3501] [ 40.955435][ T3501] CPU0 CPU1 [ 40.960800][ T3501] ---- ---- [ 40.966161][ T3501] lock(&hdev->req_lock); [ 40.970579][ T3501] lock(rfkill_global_mutex); [ 40.977863][ T3501] lock(&hdev->req_lock); [ 40.984803][ T3501] lock((work_completion)(&hdev->tx_work)); [ 40.990785][ T3501] [ 40.990785][ T3501] *** DEADLOCK *** [ 40.990785][ T3501] [ 40.998925][ T3501] 2 locks held by syz-executor716/3501: [ 41.004473][ T3501] #0: ffffffff8dc66a88 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 41.014580][ T3501] #1: ffff88807e6fcff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 41.024344][ T3501] [ 41.024344][ T3501] stack backtrace: [ 41.030233][ T3501] CPU: 0 PID: 3501 Comm: syz-executor716 Not tainted 5.15.137-syzkaller #0 [ 41.038821][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 41.048884][ T3501] Call Trace: [ 41.052168][ T3501] [ 41.055106][ T3501] dump_stack_lvl+0x1e3/0x2cb [ 41.059792][ T3501] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 41.065437][ T3501] ? print_circular_bug+0x12b/0x1a0 [ 41.070640][ T3501] check_noncircular+0x2f8/0x3b0 [ 41.075588][ T3501] ? add_chain_block+0x850/0x850 [ 41.080535][ T3501] ? lockdep_lock+0x11f/0x2a0 [ 41.085223][ T3501] ? stack_trace_save+0x113/0x1c0 [ 41.090260][ T3501] validate_chain+0x1646/0x58b0 [ 41.095122][ T3501] ? add_chain_block+0x850/0x850 [ 41.100072][ T3501] ? reacquire_held_locks+0x660/0x660 [ 41.105453][ T3501] ? look_up_lock_class+0x77/0x120 [ 41.110577][ T3501] ? register_lock_class+0x100/0x9a0 [ 41.115872][ T3501] ? is_dynamic_key+0x1f0/0x1f0 [ 41.120736][ T3501] ? mark_lock+0x98/0x340 [ 41.125073][ T3501] __lock_acquire+0x1295/0x1ff0 [ 41.129931][ T3501] lock_acquire+0x1db/0x4f0 [ 41.134443][ T3501] ? __flush_work+0xcf/0x1a0 [ 41.139041][ T3501] ? read_lock_is_recursive+0x10/0x10 [ 41.144434][ T3501] ? mark_lock+0x98/0x340 [ 41.148768][ T3501] __flush_work+0xeb/0x1a0 [ 41.153192][ T3501] ? __flush_work+0xcf/0x1a0 [ 41.157785][ T3501] ? flush_work+0x20/0x20 [ 41.162129][ T3501] ? _raw_read_unlock_irqrestore+0xd9/0x130 [ 41.168033][ T3501] ? _raw_read_unlock+0x40/0x40 [ 41.172889][ T3501] ? led_trigger_event+0xa6/0xc0 [ 41.177834][ T3501] hci_dev_do_close+0x20a/0x1070 [ 41.182779][ T3501] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 41.188678][ T3501] ? kmem_cache_alloc_trace+0x143/0x290 [ 41.194228][ T3501] hci_rfkill_set_block+0x114/0x1a0 [ 41.199437][ T3501] ? rcu_lock_release+0x20/0x20 [ 41.204295][ T3501] rfkill_set_block+0x1e7/0x430 [ 41.209156][ T3501] rfkill_fop_write+0x5b7/0x790 [ 41.214013][ T3501] ? mark_lock+0x98/0x340 [ 41.218359][ T3501] ? rfkill_fop_read+0x470/0x470 [ 41.223311][ T3501] ? fsnotify_perm+0x67/0x5a0 [ 41.227991][ T3501] ? bpf_lsm_file_permission+0x5/0x10 [ 41.233371][ T3501] ? rfkill_fop_read+0x470/0x470 [ 41.238313][ T3501] vfs_write+0x30c/0xe50 [ 41.242562][ T3501] ? file_end_write+0x250/0x250 [ 41.247416][ T3501] ? read_lock_is_recursive+0x10/0x10 [ 41.252797][ T3501] ? __context_tracking_exit+0x4c/0x80 [ 41.258263][ T3501] ? __lock_acquire+0x1ff0/0x1ff0 [ 41.263294][ T3501] ? __fdget_pos+0x1e9/0x380 [ 41.267891][ T3501] ksys_write+0x1a2/0x2c0 [ 41.272234][ T3501] ? print_irqtrace_events+0x210/0x210 [ 41.277699][ T3501] ? __ia32_sys_read+0x80/0x80 [ 41.282469][ T3501] ? syscall_enter_from_user_mode+0x2e/0x230 [ 41.288457][ T3501] ? lockdep_hardirqs_on+0x94/0x130 [ 41.293668][ T3501] ? syscall_enter_from_user_mode+0x2e/0x230 [ 41.299660][ T3501] do_syscall_64+0x3d/0xb0 [ 41.304088][ T3501] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.309986][ T3501] RIP: 0033:0x7f94c454b4b9 [ 41.314395][ T3501] Code: 48 83 c4 28 c3 e8 e7 18 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 41.333976][ T3501] RSP: 002b:00007fff28d268a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 41.342372][ T3501] RAX: ffffffffffffffda RBX: 00007f94c45a2043 RCX: 00007f94c454b4b9 [ 41.350320][ T3501] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003 [ 41.358279][ T3501] RBP: 00007fff28d268f0 R08: 000000ff00ffb650 R09: 000000ff00ffb650 [ 41.366242][ T3501] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff28d268d8 [ 41.374187][ T3501] R13: 00007f