======================================================
WARNING: possible circular locking dependency detected
5.10.226 #1 Not tainted
------------------------------------------------------
syz-executor.2/16100 is trying to acquire lock:
ffff88800eb6cb78 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xdd/0xa90 kernel/workqueue.c:3050
but task is already holding lock:
ffffffff8561cc88 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0xff/0x4b0 net/rfkill/core.c:1232
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (rfkill_global_mutex){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:968 [inline]
__mutex_lock+0x13d/0x10b0 kernel/locking/mutex.c:1109
rfkill_register+0x36/0xa10 net/rfkill/core.c:1016
hci_register_dev+0x42e/0xc00 net/bluetooth/hci_core.c:3774
__vhci_create_device+0x2c8/0x5c0 drivers/bluetooth/hci_vhci.c:129
vhci_create_device drivers/bluetooth/hci_vhci.c:153 [inline]
vhci_open_timeout+0x38/0x50 drivers/bluetooth/hci_vhci.c:310
process_one_work+0x9a9/0x14b0 kernel/workqueue.c:2282
worker_thread+0x61d/0x1310 kernel/workqueue.c:2428
kthread+0x38f/0x470 kernel/kthread.c:328
ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:298
-> #3 (&data->open_mutex){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:968 [inline]
__mutex_lock+0x13d/0x10b0 kernel/locking/mutex.c:1109
vhci_send_frame+0x63/0xa0 drivers/bluetooth/hci_vhci.c:71
hci_send_frame+0x1b9/0x320 net/bluetooth/hci_core.c:4065
hci_sched_acl_pkt net/bluetooth/hci_core.c:4590 [inline]
hci_sched_acl net/bluetooth/hci_core.c:4675 [inline]
hci_tx_work+0xfb4/0x15d0 net/bluetooth/hci_core.c:4741
process_one_work+0x9a9/0x14b0 kernel/workqueue.c:2282
worker_thread+0x61d/0x1310 kernel/workqueue.c:2428
kthread+0x38f/0x470 kernel/kthread.c:328
ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:298
-> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}:
__flush_work+0x105/0xa90 kernel/workqueue.c:3053
hci_dev_do_close+0x131/0x1240 net/bluetooth/hci_core.c:1745
hci_unregister_dev+0x179/0x460 net/bluetooth/hci_core.c:3854
vhci_release+0x70/0xf0 drivers/bluetooth/hci_vhci.c:345
__fput+0x285/0x9f0 fs/file_table.c:281
task_work_run+0xe2/0x1a0 kernel/task_work.c:185
exit_task_work include/linux/task_work.h:33 [inline]
do_exit+0xb6f/0x2600 kernel/exit.c:860
do_group_exit+0x125/0x310 kernel/exit.c:982
get_signal+0x4bc/0x2350 kernel/signal.c:2759
arch_do_signal_or_restart+0x2b7/0x1990 arch/x86/kernel/signal.c:805
handle_signal_work kernel/entry/common.c:145 [inline]
exit_to_user_mode_loop kernel/entry/common.c:169 [inline]
exit_to_user_mode_prepare+0x10f/0x190 kernel/entry/common.c:199
syscall_exit_to_user_mode+0x38/0x1d0 kernel/entry/common.c:274
entry_SYSCALL_64_after_hwframe+0x67/0xd1
-> #1 (&hdev->req_lock){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:968 [inline]
__mutex_lock+0x13d/0x10b0 kernel/locking/mutex.c:1109
hci_req_sync net/bluetooth/hci_request.c:277 [inline]
bg_scan_update+0x82/0x500 net/bluetooth/hci_request.c:2897
process_one_work+0x9a9/0x14b0 kernel/workqueue.c:2282
worker_thread+0x61d/0x1310 kernel/workqueue.c:2428
kthread+0x38f/0x470 kernel/kthread.c:328
ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:298
-> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}:
check_prev_add kernel/locking/lockdep.c:2988 [inline]
check_prevs_add kernel/locking/lockdep.c:3113 [inline]
validate_chain kernel/locking/lockdep.c:3729 [inline]
__lock_acquire+0x29e7/0x5b00 kernel/locking/lockdep.c:4955
lock_acquire kernel/locking/lockdep.c:5566 [inline]
lock_acquire+0x197/0x470 kernel/locking/lockdep.c:5531
__flush_work+0x105/0xa90 kernel/workqueue.c:3053
__cancel_work_timer+0x368/0x4c0 kernel/workqueue.c:3144
hci_request_cancel_all+0x73/0x230 net/bluetooth/hci_request.c:3440
hci_dev_do_close+0xd9/0x1240 net/bluetooth/hci_core.c:1733
hci_rfkill_set_block+0x166/0x1a0 net/bluetooth/hci_core.c:2223
rfkill_set_block+0x1fd/0x540 net/rfkill/core.c:341
rfkill_fop_write+0x253/0x4b0 net/rfkill/core.c:1240
vfs_write+0x29a/0xb10 fs/read_write.c:603
ksys_write+0x1f6/0x260 fs/read_write.c:658
do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x67/0xd1
other info that might help us debug this:
Chain exists of:
(work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(rfkill_global_mutex);
lock(&data->open_mutex);
lock(rfkill_global_mutex);
lock((work_completion)(&hdev->bg_scan_update));
*** DEADLOCK ***
1 lock held by syz-executor.2/16100:
#0: ffffffff8561cc88 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0xff/0x4b0 net/rfkill/core.c:1232
stack backtrace:
CPU: 1 PID: 16100 Comm: syz-executor.2 Not tainted 5.10.226 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x107/0x167 lib/dump_stack.c:118
check_noncircular+0x263/0x2e0 kernel/locking/lockdep.c:2123
check_prev_add kernel/locking/lockdep.c:2988 [inline]
check_prevs_add kernel/locking/lockdep.c:3113 [inline]
validate_chain kernel/locking/lockdep.c:3729 [inline]
__lock_acquire+0x29e7/0x5b00 kernel/locking/lockdep.c:4955
lock_acquire kernel/locking/lockdep.c:5566 [inline]
lock_acquire+0x197/0x470 kernel/locking/lockdep.c:5531
__flush_work+0x105/0xa90 kernel/workqueue.c:3053
__cancel_work_timer+0x368/0x4c0 kernel/workqueue.c:3144
hci_request_cancel_all+0x73/0x230 net/bluetooth/hci_request.c:3440
hci_dev_do_close+0xd9/0x1240 net/bluetooth/hci_core.c:1733
hci_rfkill_set_block+0x166/0x1a0 net/bluetooth/hci_core.c:2223
rfkill_set_block+0x1fd/0x540 net/rfkill/core.c:341
rfkill_fop_write+0x253/0x4b0 net/rfkill/core.c:1240
vfs_write+0x29a/0xb10 fs/read_write.c:603
ksys_write+0x1f6/0x260 fs/read_write.c:658
do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x67/0xd1
RIP: 0033:0x7f1467568b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1464ade188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f146767bf60 RCX: 00007f1467568b19
RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00007f14675c2f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffda9e094f R14: 00007f1464ade300 R15: 0000000000022000
Module has invalid ELF structures
audit: type=1400 audit(1728749407.982:499): avc: denied { module_load } for pid=16337 comm="syz-executor.1" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=1330 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=system permissive=1
Module has invalid ELF structures
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
Module has invalid ELF structures
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
Module has invalid ELF structures
Module has invalid ELF structures
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
Module has invalid ELF structures
Module has invalid ELF structures
Module has invalid ELF structures
Module has invalid ELF structures
Module has invalid ELF structures
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
Module has invalid ELF structures
Module has invalid ELF structures
Module has invalid ELF structures
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
Module has invalid ELF structures
Module has invalid ELF structures
Module has invalid ELF structures
Module has invalid ELF structures
Module has invalid ELF structures
Module has invalid ELF structures
Module has invalid ELF structures
Module has invalid ELF structures
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
Module has invalid ELF structures
PM: hibernation: Basic memory bitmaps freed
Module has invalid ELF structures
Module has invalid ELF structures
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
Module has invalid ELF structures
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
Module has invalid ELF structures
Module has invalid ELF structures
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
Module has invalid ELF structures
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
Module has invalid ELF structures
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
PM: hibernation: Basic memory bitmaps created
PM: hibernation: Basic memory bitmaps freed
capability: warning: `syz-executor.7' uses 32-bit capabilities (legacy support in use)