Warning: Permanently added '10.128.0.159' (ED25519) to the list of known hosts. executing program [ 64.521108][ T3563] [ 64.523671][ T3563] ====================================================== [ 64.530811][ T3563] WARNING: possible circular locking dependency detected [ 64.537866][ T3563] 5.15.165-syzkaller #0 Not tainted [ 64.543081][ T3563] ------------------------------------------------------ [ 64.550112][ T3563] syz-executor422/3563 is trying to acquire lock: [ 64.556536][ T3563] ffff888074008b98 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 64.567026][ T3563] [ 64.567026][ T3563] but task is already holding lock: [ 64.574397][ T3563] ffff888074008ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 64.583767][ T3563] [ 64.583767][ T3563] which lock already depends on the new lock. [ 64.583767][ T3563] [ 64.594176][ T3563] [ 64.594176][ T3563] the existing dependency chain (in reverse order) is: [ 64.603201][ T3563] [ 64.603201][ T3563] -> #3 (&hdev->req_lock){+.+.}-{3:3}: [ 64.610872][ T3563] lock_acquire+0x1db/0x4f0 [ 64.615914][ T3563] __mutex_lock_common+0x1da/0x25a0 [ 64.621668][ T3563] mutex_lock_nested+0x17/0x20 [ 64.627095][ T3563] hci_dev_do_close+0x63/0x1070 [ 64.632657][ T3563] hci_rfkill_set_block+0x114/0x1a0 [ 64.638398][ T3563] rfkill_set_block+0x1e7/0x430 [ 64.643788][ T3563] rfkill_fop_write+0x5b7/0x790 [ 64.649181][ T3563] vfs_write+0x30c/0xe50 [ 64.653966][ T3563] ksys_write+0x1a2/0x2c0 [ 64.658842][ T3563] do_syscall_64+0x3b/0xb0 [ 64.663797][ T3563] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.670235][ T3563] [ 64.670235][ T3563] -> #2 (rfkill_global_mutex){+.+.}-{3:3}: [ 64.678252][ T3563] lock_acquire+0x1db/0x4f0 [ 64.683294][ T3563] __mutex_lock_common+0x1da/0x25a0 [ 64.689033][ T3563] mutex_lock_nested+0x17/0x20 [ 64.694333][ T3563] rfkill_register+0x30/0x880 [ 64.699550][ T3563] hci_register_dev+0x4dd/0xa50 [ 64.704941][ T3563] vhci_create_device+0x310/0x590 [ 64.710508][ T3563] vhci_write+0x382/0x430 [ 64.715375][ T3563] vfs_write+0xacd/0xe50 [ 64.720161][ T3563] ksys_write+0x1a2/0x2c0 [ 64.725030][ T3563] do_syscall_64+0x3b/0xb0 [ 64.729981][ T3563] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.736422][ T3563] [ 64.736422][ T3563] -> #1 (&data->open_mutex){+.+.}-{3:3}: [ 64.744264][ T3563] lock_acquire+0x1db/0x4f0 [ 64.749306][ T3563] __mutex_lock_common+0x1da/0x25a0 [ 64.755045][ T3563] mutex_lock_nested+0x17/0x20 [ 64.760352][ T3563] vhci_send_frame+0x8a/0xf0 [ 64.765487][ T3563] hci_send_frame+0x1af/0x2f0 [ 64.771132][ T3563] hci_tx_work+0xb0b/0x19d0 [ 64.776177][ T3563] process_one_work+0x8a1/0x10c0 [ 64.781654][ T3563] worker_thread+0xaca/0x1280 [ 64.786875][ T3563] kthread+0x3f6/0x4f0 [ 64.791480][ T3563] ret_from_fork+0x1f/0x30 [ 64.796440][ T3563] [ 64.796440][ T3563] -> #0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 64.805667][ T3563] validate_chain+0x1649/0x5930 [ 64.811066][ T3563] __lock_acquire+0x1295/0x1ff0 [ 64.816474][ T3563] lock_acquire+0x1db/0x4f0 [ 64.821524][ T3563] __flush_work+0xeb/0x1a0 [ 64.826482][ T3563] hci_dev_do_close+0x20a/0x1070 [ 64.831960][ T3563] hci_rfkill_set_block+0x114/0x1a0 [ 64.837743][ T3563] rfkill_set_block+0x1e7/0x430 [ 64.843223][ T3563] rfkill_fop_write+0x5b7/0x790 [ 64.848713][ T3563] vfs_write+0x30c/0xe50 [ 64.853496][ T3563] ksys_write+0x1a2/0x2c0 [ 64.858366][ T3563] do_syscall_64+0x3b/0xb0 [ 64.863325][ T3563] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.869764][ T3563] [ 64.869764][ T3563] other info that might help us debug this: [ 64.869764][ T3563] [ 64.880172][ T3563] Chain exists of: [ 64.880172][ T3563] (work_completion)(&hdev->tx_work) --> rfkill_global_mutex --> &hdev->req_lock [ 64.880172][ T3563] [ 64.895144][ T3563] Possible unsafe locking scenario: [ 64.895144][ T3563] [ 64.902600][ T3563] CPU0 CPU1 [ 64.907985][ T3563] ---- ---- [ 64.913355][ T3563] lock(&hdev->req_lock); [ 64.917787][ T3563] lock(rfkill_global_mutex); [ 64.925085][ T3563] lock(&hdev->req_lock); [ 64.932035][ T3563] lock((work_completion)(&hdev->tx_work)); [ 64.938212][ T3563] [ 64.938212][ T3563] *** DEADLOCK *** [ 64.938212][ T3563] [ 64.946365][ T3563] 2 locks held by syz-executor422/3563: [ 64.951916][ T3563] #0: ffffffff8dcbd1a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 64.962047][ T3563] #1: ffff888074008ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 64.971828][ T3563] [ 64.971828][ T3563] stack backtrace: [ 64.977759][ T3563] CPU: 1 PID: 3563 Comm: syz-executor422 Not tainted 5.15.165-syzkaller #0 [ 64.986472][ T3563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 64.996558][ T3563] Call Trace: [ 64.999865][ T3563] [ 65.002808][ T3563] dump_stack_lvl+0x1e3/0x2d0 [ 65.007505][ T3563] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 65.013157][ T3563] ? print_circular_bug+0x12b/0x1a0 [ 65.018385][ T3563] check_noncircular+0x2f8/0x3b0 [ 65.023392][ T3563] ? add_chain_block+0x850/0x850 [ 65.028368][ T3563] ? lockdep_lock+0x11f/0x2a0 [ 65.033064][ T3563] ? stack_trace_save+0x113/0x1c0 [ 65.038112][ T3563] validate_chain+0x1649/0x5930 [ 65.042987][ T3563] ? reacquire_held_locks+0x660/0x660 [ 65.048380][ T3563] ? validate_chain+0x13bd/0x5930 [ 65.053475][ T3563] ? look_up_lock_class+0x77/0x120 [ 65.058612][ T3563] ? register_lock_class+0x100/0x9a0 [ 65.064007][ T3563] ? reacquire_held_locks+0x660/0x660 [ 65.069400][ T3563] ? is_dynamic_key+0x1f0/0x1f0 [ 65.074266][ T3563] ? mark_lock+0x98/0x340 [ 65.078619][ T3563] __lock_acquire+0x1295/0x1ff0 [ 65.083494][ T3563] lock_acquire+0x1db/0x4f0 [ 65.088012][ T3563] ? __flush_work+0xcf/0x1a0 [ 65.092626][ T3563] ? mark_lock+0x98/0x340 [ 65.096973][ T3563] ? read_lock_is_recursive+0x10/0x10 [ 65.102455][ T3563] ? __lock_acquire+0x1295/0x1ff0 [ 65.107508][ T3563] __flush_work+0xeb/0x1a0 [ 65.111941][ T3563] ? __flush_work+0xcf/0x1a0 [ 65.116545][ T3563] ? flush_work+0x20/0x20 [ 65.120909][ T3563] hci_dev_do_close+0x20a/0x1070 [ 65.125870][ T3563] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 65.131781][ T3563] ? kmem_cache_alloc_trace+0x143/0x290 [ 65.137350][ T3563] hci_rfkill_set_block+0x114/0x1a0 [ 65.142569][ T3563] ? rcu_lock_release+0x20/0x20 [ 65.147444][ T3563] rfkill_set_block+0x1e7/0x430 [ 65.152318][ T3563] rfkill_fop_write+0x5b7/0x790 [ 65.157184][ T3563] ? mark_lock+0x98/0x340 [ 65.161528][ T3563] ? rfkill_fop_read+0x470/0x470 [ 65.166482][ T3563] ? fsnotify_perm+0x64/0x590 [ 65.171185][ T3563] ? security_file_permission+0x75/0xa0 [ 65.176763][ T3563] ? rfkill_fop_read+0x470/0x470 [ 65.181720][ T3563] vfs_write+0x30c/0xe50 [ 65.185988][ T3563] ? file_end_write+0x250/0x250 [ 65.190863][ T3563] ? rcu_lock_acquire+0x30/0x30 [ 65.195739][ T3563] ? __context_tracking_exit+0x4c/0x80 [ 65.201222][ T3563] ? __lock_acquire+0x1ff0/0x1ff0 [ 65.206267][ T3563] ? __fdget_pos+0x1e9/0x380 [ 65.210884][ T3563] ksys_write+0x1a2/0x2c0 [ 65.215236][ T3563] ? print_irqtrace_events+0x210/0x210 [ 65.220715][ T3563] ? __ia32_sys_read+0x80/0x80 [ 65.225506][ T3563] ? syscall_enter_from_user_mode+0x2e/0x240 [ 65.231534][ T3563] ? lockdep_hardirqs_on+0x94/0x130 [ 65.236754][ T3563] ? syscall_enter_from_user_mode+0x2e/0x240 [ 65.242774][ T3563] do_syscall_64+0x3b/0xb0 [ 65.247209][ T3563] ? clear_bhb_loop+0x15/0x70 [ 65.251917][ T3563] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.258017][ T3563] RIP: 0033:0x7fc159932719 [ 65.262461][ T3563] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 65.282286][ T3563] RSP: 002b:00007ffcc3432a98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 65.290721][ T3563] RAX: ffffffffffffffda RBX: 00007fc15998a11b RCX: 00007fc159932719 [ 65.298710][ T3563] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003 [ 65.306694][ T3563] RBP: 00007fc15998a0f9 R08: 000000ff00ff7650 R09: 000000ff00ff7650 [ 65.314686][ T3563] R10: 000000ff00ff7650 R11: 0000000000000246 R12: 00007fc1599901fc [ 65.322673][ T3563] R13