program: socket$phonet_pipe(0x23, 0x5, 0x2) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x400448cb, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x90, &(0x7f0000000280)=ANY=[]) read$FUSE(r2, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x10000020, 0x2, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x20}}, 0x50) syz_fuse_handle_req(r2, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0xfffffffffffffff0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) write$FUSE_LSEEK(r4, &(0x7f0000000400)={0x18, 0xfffffffffffffffe, r3, {0x91b}}, 0x18) dup2(r4, r2) socket$nl_route(0x10, 0x3, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340), 0x402, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x11, 0x4, 0x4, 0xa4}, 0x48) pipe(&(0x7f0000000280)) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) socket$nl_netfilter(0x10, 0x3, 0xc) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) socket$nl_generic(0x10, 0x3, 0x10) [ 87.957869][ T5321] Bluetooth: hci0: command tx timeout [ 88.060731][ T5337] [ 88.062043][ T5337] ====================================================== [ 88.064957][ T5337] WARNING: possible circular locking dependency detected [ 88.067882][ T5337] 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 Not tainted [ 88.070990][ T5337] ------------------------------------------------------ [ 88.074015][ T5337] kworker/0:4/5337 is trying to acquire lock: [ 88.076780][ T5337] ffff888012361b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_info_timeout+0x60/0xa0 [ 88.080977][ T5337] [ 88.080977][ T5337] but task is already holding lock: [ 88.083976][ T5337] ffffc9000d4efbc0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 88.089074][ T5337] [ 88.089074][ T5337] which lock already depends on the new lock. [ 88.089074][ T5337] [ 88.094142][ T5337] [ 88.094142][ T5337] the existing dependency chain (in reverse order) is: [ 88.098130][ T5337] [ 88.098130][ T5337] -> #1 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}: [ 88.102148][ T5337] lock_acquire+0x120/0x360 [ 88.104355][ T5337] __flush_work+0x6b8/0xbc0 [ 88.106474][ T5337] __cancel_work_sync+0xbe/0x110 [ 88.108705][ T5337] l2cap_conn_del+0x4f0/0x680 [ 88.111112][ T5337] hci_conn_hash_flush+0x10a/0x230 [ 88.113976][ T5337] hci_dev_reset+0x44b/0x6b0 [ 88.116883][ T5337] sock_do_ioctl+0xd9/0x300 [ 88.119244][ T5337] sock_ioctl+0x576/0x790 [ 88.121375][ T5337] __se_sys_ioctl+0xfc/0x170 [ 88.123640][ T5337] do_syscall_64+0xfa/0x3b0 [ 88.125622][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.128457][ T5337] [ 88.128457][ T5337] -> #0 (&conn->lock#2){+.+.}-{4:4}: [ 88.131728][ T5337] validate_chain+0xb9b/0x2140 [ 88.134690][ T5337] __lock_acquire+0xab9/0xd20 [ 88.137334][ T5337] lock_acquire+0x120/0x360 [ 88.139858][ T5337] __mutex_lock+0x182/0xe80 [ 88.142034][ T5337] l2cap_info_timeout+0x60/0xa0 [ 88.144370][ T5337] process_scheduled_works+0xae1/0x17b0 [ 88.147472][ T5337] worker_thread+0x8a0/0xda0 [ 88.150087][ T5337] kthread+0x70e/0x8a0 [ 88.152309][ T5337] ret_from_fork+0x3fc/0x770 [ 88.154676][ T5337] ret_from_fork_asm+0x1a/0x30 [ 88.156830][ T5337] [ 88.156830][ T5337] other info that might help us debug this: [ 88.156830][ T5337] [ 88.161188][ T5337] Possible unsafe locking scenario: [ 88.161188][ T5337] [ 88.165331][ T5337] CPU0 CPU1 [ 88.168116][ T5337] ---- ---- [ 88.170518][ T5337] lock((work_completion)(&(&conn->info_timer)->work)); [ 88.173103][ T5337] lock(&conn->lock#2); [ 88.175806][ T5337] lock((work_completion)(&(&conn->info_timer)->work)); [ 88.179941][ T5337] lock(&conn->lock#2); [ 88.181776][ T5337] [ 88.181776][ T5337] *** DEADLOCK *** [ 88.181776][ T5337] [ 88.185251][ T5337] 2 locks held by kworker/0:4/5337: [ 88.187778][ T5337] #0: ffff88801a474d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 88.192198][ T5337] #1: ffffc9000d4efbc0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 88.197774][ T5337] [ 88.197774][ T5337] stack backtrace: [ 88.200470][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: kworker/0:4 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) [ 88.200491][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.200499][ T5337] Workqueue: events l2cap_info_timeout [ 88.200518][ T5337] Call Trace: [ 88.200527][ T5337] [ 88.200534][ T5337] dump_stack_lvl+0x189/0x250 [ 88.200552][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.200566][ T5337] ? __pfx__printk+0x10/0x10 [ 88.200582][ T5337] ? print_lock_name+0xde/0x100 [ 88.200598][ T5337] print_circular_bug+0x2ee/0x310 [ 88.200616][ T5337] check_noncircular+0x134/0x160 [ 88.200631][ T5337] validate_chain+0xb9b/0x2140 [ 88.200646][ T5337] ? ret_from_fork_asm+0x1a/0x30 [ 88.200662][ T5337] __lock_acquire+0xab9/0xd20 [ 88.200674][ T5337] ? l2cap_info_timeout+0x60/0xa0 [ 88.200686][ T5337] lock_acquire+0x120/0x360 [ 88.200697][ T5337] ? l2cap_info_timeout+0x60/0xa0 [ 88.200714][ T5337] __mutex_lock+0x182/0xe80 [ 88.200727][ T5337] ? l2cap_info_timeout+0x60/0xa0 [ 88.200740][ T5337] ? irqentry_exit+0x74/0x90 [ 88.200751][ T5337] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.200769][ T5337] ? l2cap_info_timeout+0x60/0xa0 [ 88.200782][ T5337] ? __pfx___mutex_lock+0x10/0x10 [ 88.200797][ T5337] l2cap_info_timeout+0x60/0xa0 [ 88.200810][ T5337] ? process_scheduled_works+0x9ef/0x17b0 [ 88.200824][ T5337] process_scheduled_works+0xae1/0x17b0 [ 88.200844][ T5337] ? __pfx_process_scheduled_works+0x10/0x10 [ 88.200862][ T5337] worker_thread+0x8a0/0xda0 [ 88.200877][ T5337] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 88.200895][ T5337] ? __kthread_parkme+0x7b/0x200 [ 88.200912][ T5337] kthread+0x70e/0x8a0 [ 88.200935][ T5337] ? __pfx_worker_thread+0x10/0x10 [ 88.200949][ T5337] ? __pfx_kthread+0x10/0x10 [ 88.200964][ T5337] ? _raw_spin_unlock_irq+0x23/0x50 [ 88.200980][ T5337] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.200997][ T5337] ? __pfx_kthread+0x10/0x10 [ 88.201013][ T5337] ret_from_fork+0x3fc/0x770 [ 88.201026][ T5337] ? __pfx_ret_from_fork+0x10/0x10 [ 88.201040][ T5337] ? __pfx_kthread+0x10/0x10 [ 88.201057][ T5337] ret_from_fork_asm+0x1a/0x30 [ 88.201076][ T5337] [ 91.610718][ T54] cfg80211: failed to load regulatory.db