======================================================
WARNING: possible circular locking dependency detected
5.19.0-rc2-next-20220614 #1 Not tainted
------------------------------------------------------
syz-executor.0/8090 is trying to acquire lock:
ffff888039efd130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0x11c/0x2c0
but task is already holding lock:
ffffffff857da8e8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xc7/0x230
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (hci_cb_list_lock){+.+.}-{3:3}:
__mutex_lock+0x136/0x14c0
hci_remote_features_evt+0x59d/0x990
hci_event_packet+0x779/0xee0
hci_rx_work+0x24c/0xb90
process_one_work+0xa1c/0x16a0
worker_thread+0x637/0x1250
kthread+0x2f2/0x3b0
ret_from_fork+0x22/0x30
-> #1 (&hdev->lock){+.+.}-{3:3}:
__mutex_lock+0x136/0x14c0
sco_sock_connect+0x1e0/0xa60
__sys_connect_file+0x151/0x190
__sys_connect+0x161/0x190
__x64_sys_connect+0x6f/0xb0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
-> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}:
__lock_acquire+0x2c2f/0x6120
lock_acquire+0x1a2/0x530
lock_sock_nested+0x3d/0xf0
sco_conn_del+0x11c/0x2c0
sco_disconn_cfm+0x62/0x80
hci_conn_hash_flush+0x119/0x230
hci_dev_close_sync+0x4e8/0xf20
hci_rfkill_set_block+0x16f/0x1b0
rfkill_set_block+0x1fd/0x540
rfkill_fop_write+0x2b3/0x530
vfs_write+0x264/0xac0
ksys_write+0x1e8/0x250
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
other info that might help us debug this:
Chain exists of:
sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(hci_cb_list_lock);
lock(&hdev->lock);
lock(hci_cb_list_lock);
lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO);
*** DEADLOCK ***
4 locks held by syz-executor.0/8090:
#0: ffffffff85893da8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x15d/0x530
#1: ffff88801b5c5048 (&hdev->req_lock){+.+.}-{3:3}, at: hci_rfkill_set_block+0x167/0x1b0
#2: ffff88801b5c4078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x24d/0xf20
#3: ffffffff857da8e8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xc7/0x230
stack backtrace:
CPU: 1 PID: 8090 Comm: syz-executor.0 Not tainted 5.19.0-rc2-next-20220614 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack_lvl+0x8b/0xb3
check_noncircular+0x25f/0x2e0
__lock_acquire+0x2c2f/0x6120
lock_acquire+0x1a2/0x530
lock_sock_nested+0x3d/0xf0
sco_conn_del+0x11c/0x2c0
sco_disconn_cfm+0x62/0x80
hci_conn_hash_flush+0x119/0x230
hci_dev_close_sync+0x4e8/0xf20
hci_rfkill_set_block+0x16f/0x1b0
rfkill_set_block+0x1fd/0x540
rfkill_fop_write+0x2b3/0x530
vfs_write+0x264/0xac0
ksys_write+0x1e8/0x250
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f002df41b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f002b4b7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f002e054f60 RCX: 00007f002df41b19
RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00007f002df9bf6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffef4f363ff R14: 00007f002b4b7300 R15: 0000000000022000
BUG: sleeping function called from invalid context at mm/migrate.c:1432
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 31, name: kcompactd0
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
INFO: lockdep is turned off.
Preemption disabled at:
[] free_unref_page+0x1e5/0x440
CPU: 0 PID: 31 Comm: kcompactd0 Not tainted 5.19.0-rc2-next-20220614 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack_lvl+0x8b/0xb3
__might_resched.cold+0x222/0x26b
migrate_pages+0x2a5/0x49a0
compact_zone+0x1a93/0x3600
kcompactd_do_work+0x45e/0x9d0
kcompactd+0xb14/0xe00
kthread+0x2f2/0x3b0
ret_from_fork+0x22/0x30
BUG: scheduling while atomic: kcompactd0/31/0x00000005
INFO: lockdep is turned off.
Modules linked in:
Preemption disabled at:
[] free_unref_page+0x1e5/0x440
CPU: 0 PID: 31 Comm: kcompactd0 Tainted: G W 5.19.0-rc2-next-20220614 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack_lvl+0x8b/0xb3
__schedule_bug.cold+0x133/0x143
__schedule+0x18e6/0x2470
schedule+0xd2/0x1f0
schedule_timeout+0x143/0x280
kcompactd+0x97f/0xe00
kthread+0x2f2/0x3b0
ret_from_fork+0x22/0x30
BUG: sleeping function called from invalid context at include/linux/pagemap.h:958
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 901, name: kworker/u4:7
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
INFO: lockdep is turned off.
Preemption disabled at:
[] get_page_from_freelist+0x426/0x2ad0
CPU: 1 PID: 901 Comm: kworker/u4:7 Tainted: G W 5.19.0-rc2-next-20220614 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
dump_stack_lvl+0x8b/0xb3
__might_resched.cold+0x222/0x26b
mpage_prepare_extent_to_map+0x77f/0x10d0
ext4_writepages+0x938/0x36d0
do_writepages+0x1b0/0x690
__writeback_single_inode+0x10a/0xf60
writeback_sb_inodes+0x542/0xec0
__writeback_inodes_wb+0xbe/0x270
wb_writeback+0x758/0xb60
wb_workfn+0xa89/0x1170
process_one_work+0xa1c/0x16a0
worker_thread+0x637/0x1250
kthread+0x2f2/0x3b0
ret_from_fork+0x22/0x30
BUG: scheduling while atomic: kworker/u4:7/901/0x00000002
INFO: lockdep is turned off.
Modules linked in:
Preemption disabled at:
[] get_page_from_freelist+0x426/0x2ad0
CPU: 1 PID: 901 Comm: kworker/u4:7 Tainted: G W 5.19.0-rc2-next-20220614 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
dump_stack_lvl+0x8b/0xb3
__schedule_bug.cold+0x133/0x143
__schedule+0x18e6/0x2470
schedule+0xd2/0x1f0
io_schedule+0xba/0x130
blk_mq_get_tag+0x55e/0xbd0
__blk_mq_alloc_requests+0x5a3/0xe30
blk_mq_submit_bio+0xd6c/0x1a10
__submit_bio+0x1c7/0x230
submit_bio_noacct_nocheck+0x6c5/0x8a0
submit_bio_noacct+0x790/0x13b0
submit_bio+0x8b/0x250
ext4_bio_write_page+0x87d/0x18d0
mpage_submit_page+0x127/0x220
mpage_process_page_bufs+0x5fc/0x710
mpage_prepare_extent_to_map+0x61a/0x10d0
ext4_writepages+0x938/0x36d0
do_writepages+0x1b0/0x690
__writeback_single_inode+0x10a/0xf60
writeback_sb_inodes+0x542/0xec0
__writeback_inodes_wb+0xbe/0x270
wb_writeback+0x758/0xb60
wb_workfn+0xa89/0x1170
process_one_work+0xa1c/0x16a0
worker_thread+0x637/0x1250
kthread+0x2f2/0x3b0
ret_from_fork+0x22/0x30
BUG: scheduling while atomic: kcompactd0/31/0x00000003
INFO: lockdep is turned off.
Modules linked in:
Preemption disabled at:
[] free_unref_page+0x1e5/0x440
CPU: 0 PID: 31 Comm: kcompactd0 Tainted: G W 5.19.0-rc2-next-20220614 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack_lvl+0x8b/0xb3
__schedule_bug.cold+0x133/0x143
__schedule+0x18e6/0x2470
schedule+0xd2/0x1f0
schedule_timeout+0x143/0x280
kcompactd+0x97f/0xe00
kthread+0x2f2/0x3b0
ret_from_fork+0x22/0x30
netlink: 88 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 88 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 88 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 88 bytes leftover after parsing attributes in process `syz-executor.5'.
tmpfs: Bad value for 'mpol'
tmpfs: Bad value for 'mpol'
tmpfs: Bad value for 'mpol'
tmpfs: Bad value for 'mpol'
tmpfs: Bad value for 'mpol'
platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
device lo entered promiscuous mode
EXT4-fs warning (device sda): verify_group_input:158: Reserved blocks too high (5)
EXT4-fs warning (device sda): verify_group_input:158: Reserved blocks too high (5)
device lo left promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
EXT4-fs warning (device sda): verify_group_input:158: Reserved blocks too high (5)
device lo entered promiscuous mode
EXT4-fs warning (device sda): verify_group_input:158: Reserved blocks too high (5)
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
EXT4-fs warning (device sda): verify_group_input:158: Reserved blocks too high (5)
device lo left promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
EXT4-fs warning (device sda): verify_group_input:158: Reserved blocks too high (5)
device lo left promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
EXT4-fs warning (device sda): verify_group_input:158: Reserved blocks too high (5)
EXT4-fs warning (device sda): verify_group_input:158: Reserved blocks too high (5)
EXT4-fs warning (device sda): verify_group_input:158: Reserved blocks too high (5)
device lo left promiscuous mode
device lo entered promiscuous mode
EXT4-fs warning (device sda): verify_group_input:158: Reserved blocks too high (5)
device lo left promiscuous mode
device lo entered promiscuous mode
process 'syz-executor.4' launched '/dev/fd/-1/./file1' with NULL argv: empty string added