[ 86.924239][ T1139] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.181' (ED25519) to the list of known hosts. [ 89.395585][ T5082] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.403645][ T5082] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.411855][ T5085] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.426622][ T5087] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.434318][ T5087] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.443635][ T5090] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.443795][ T5087] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.451101][ T5090] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.458344][ T5087] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.465944][ T5090] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.472988][ T5087] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.481806][ T5090] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.487498][ T5087] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.494068][ T5090] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.499876][ T5087] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.514034][ T5087] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.514434][ T5090] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 89.521181][ T5087] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 89.528502][ T5090] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.536061][ T5087] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 89.549679][ T5087] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 89.550644][ T5090] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 89.556981][ T5094] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.564741][ T5090] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 89.570910][ T5094] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.583619][ T5090] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 89.584748][ T5094] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.592242][ T5090] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 89.605469][ T5094] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.607899][ T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.615026][ T5094] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 89.621826][ T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 89.626729][ T5094] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.633614][ T5090] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 89.647604][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.677115][ T5082] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program executing program executing program executing program executing program executing program executing program executing program [ 91.563014][ T5084] Bluetooth: hci2: command 0x0409 tx timeout [ 91.723114][ T5082] Bluetooth: hci5: command 0x0409 tx timeout [ 91.729440][ T5087] Bluetooth: hci3: command 0x0409 tx timeout [ 91.735611][ T50] Bluetooth: hci4: command 0x0409 tx timeout [ 91.735945][ T4468] Bluetooth: hci1: command 0x0409 tx timeout [ 91.748156][ T5084] Bluetooth: hci0: command 0x0409 tx timeout executing program executing program executing program [ 93.642515][ T5084] Bluetooth: hci2: command 0x041b tx timeout executing program [ 93.802562][ T5084] Bluetooth: hci0: command 0x041b tx timeout [ 93.808615][ T5084] Bluetooth: hci4: command 0x041b tx timeout [ 93.812928][ T4468] Bluetooth: hci1: command 0x041b tx timeout [ 93.814701][ T5082] Bluetooth: hci5: command 0x041b tx timeout [ 93.820573][ T4468] Bluetooth: hci3: command 0x041b tx timeout executing program executing program executing program [ 95.586699][ T5113] [ 95.589054][ T5113] ====================================================== [ 95.596070][ T5113] WARNING: possible circular locking dependency detected [ 95.603082][ T5113] 6.7.0-rc2-syzkaller-00099-gc9213ddad2bd #0 Not tainted [ 95.610099][ T5113] ------------------------------------------------------ [ 95.617114][ T5113] syz-executor358/5113 is trying to acquire lock: [ 95.623523][ T5113] ffffffff8ed3b648 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_exists+0x5b/0x190 [ 95.632616][ T5113] [ 95.632616][ T5113] but task is already holding lock: [ 95.639979][ T5113] ffffffff8ed405c8 (rfcomm_ioctl_mutex){+.+.}-{3:3}, at: rfcomm_dev_ioctl+0x8b9/0x1c50 [ 95.649658][ T5113] [ 95.649658][ T5113] which lock already depends on the new lock. [ 95.649658][ T5113] [ 95.660043][ T5113] [ 95.660043][ T5113] the existing dependency chain (in reverse order) is: [ 95.669039][ T5113] [ 95.669039][ T5113] -> #3 (rfcomm_ioctl_mutex){+.+.}-{3:3}: [ 95.676935][ T5113] __mutex_lock+0x175/0x9d0 [ 95.681972][ T5113] rfcomm_dev_ioctl+0x8b9/0x1c50 [ 95.687427][ T5113] rfcomm_sock_ioctl+0xb0/0xe0 [ 95.692705][ T5113] sock_do_ioctl+0x113/0x270 [ 95.697814][ T5113] sock_ioctl+0x22e/0x6b0 [ 95.702663][ T5113] __x64_sys_ioctl+0x18f/0x210 [ 95.707952][ T5113] do_syscall_64+0x40/0x110 [ 95.712970][ T5113] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 95.719387][ T5113] [ 95.719387][ T5113] -> #2 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}: [ 95.728761][ T5113] lock_sock_nested+0x3a/0xf0 [ 95.733956][ T5113] rfcomm_sk_state_change+0x6d/0x3a0 [ 95.739756][ T5113] __rfcomm_dlc_close+0x285/0x720 [ 95.745308][ T5113] rfcomm_dlc_close+0x1e7/0x240 [ 95.750681][ T5113] __rfcomm_sock_close+0xa7/0x230 [ 95.756221][ T5113] rfcomm_sock_shutdown+0xd1/0x230 [ 95.761847][ T5113] rfcomm_sock_release+0x5d/0x140 [ 95.767389][ T5113] __sock_release+0xae/0x260 [ 95.772496][ T5113] sock_close+0x1c/0x20 [ 95.777169][ T5113] __fput+0x270/0xbb0 [ 95.781665][ T5113] task_work_run+0x14d/0x240 [ 95.786766][ T5113] do_exit+0xa92/0x2ae0 [ 95.791434][ T5113] do_group_exit+0xd4/0x2a0 [ 95.796451][ T5113] get_signal+0x23be/0x2790 [ 95.801478][ T5113] arch_do_signal_or_restart+0x90/0x7f0 [ 95.807546][ T5113] exit_to_user_mode_prepare+0x121/0x240 [ 95.813699][ T5113] syscall_exit_to_user_mode+0x1e/0x60 [ 95.819681][ T5113] do_syscall_64+0x4d/0x110 [ 95.824703][ T5113] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 95.831118][ T5113] [ 95.831118][ T5113] -> #1 (&d->lock){+.+.}-{3:3}: [ 95.838149][ T5113] __mutex_lock+0x175/0x9d0 [ 95.843176][ T5113] __rfcomm_dlc_close+0x231/0x720 [ 95.848717][ T5113] rfcomm_dlc_close+0x1e7/0x240 [ 95.854081][ T5113] __rfcomm_sock_close+0xa7/0x230 [ 95.859618][ T5113] rfcomm_sock_shutdown+0xd1/0x230 [ 95.865243][ T5113] rfcomm_sock_release+0x5d/0x140 [ 95.870781][ T5113] __sock_release+0xae/0x260 [ 95.875886][ T5113] sock_close+0x1c/0x20 [ 95.880557][ T5113] __fput+0x270/0xbb0 [ 95.885054][ T5113] task_work_run+0x14d/0x240 [ 95.890158][ T5113] do_exit+0xa92/0x2ae0 [ 95.894825][ T5113] do_group_exit+0xd4/0x2a0 [ 95.899845][ T5113] get_signal+0x23be/0x2790 [ 95.904863][ T5113] arch_do_signal_or_restart+0x90/0x7f0 [ 95.910938][ T5113] exit_to_user_mode_prepare+0x121/0x240 [ 95.917093][ T5113] syscall_exit_to_user_mode+0x1e/0x60 [ 95.923074][ T5113] do_syscall_64+0x4d/0x110 [ 95.928092][ T5113] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 95.934507][ T5113] [ 95.934507][ T5113] -> #0 (rfcomm_mutex){+.+.}-{3:3}: [ 95.941885][ T5113] __lock_acquire+0x2464/0x3b10 [ 95.947265][ T5113] lock_acquire+0x1ae/0x520 [ 95.952286][ T5113] __mutex_lock+0x175/0x9d0 [ 95.957309][ T5113] rfcomm_dlc_exists+0x5b/0x190 [ 95.962673][ T5113] rfcomm_dev_ioctl+0x999/0x1c50 [ 95.968128][ T5113] rfcomm_sock_ioctl+0xb0/0xe0 [ 95.973405][ T5113] sock_do_ioctl+0x113/0x270 [ 95.978512][ T5113] sock_ioctl+0x22e/0x6b0 [ 95.983357][ T5113] __x64_sys_ioctl+0x18f/0x210 [ 95.988644][ T5113] do_syscall_64+0x40/0x110 [ 95.993665][ T5113] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 96.000080][ T5113] [ 96.000080][ T5113] other info that might help us debug this: [ 96.000080][ T5113] [ 96.010292][ T5113] Chain exists of: [ 96.010292][ T5113] rfcomm_mutex --> sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_ioctl_mutex [ 96.010292][ T5113] [ 96.025055][ T5113] Possible unsafe locking scenario: [ 96.025055][ T5113] [ 96.032488][ T5113] CPU0 CPU1 [ 96.037839][ T5113] ---- ---- [ 96.043197][ T5113] lock(rfcomm_ioctl_mutex); [ 96.047871][ T5113] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 96.056540][ T5113] lock(rfcomm_ioctl_mutex); [ 96.063729][ T5113] lock(rfcomm_mutex); [ 96.067880][ T5113] [ 96.067880][ T5113] *** DEADLOCK *** [ 96.067880][ T5113] [ 96.076008][ T5113] 2 locks held by syz-executor358/5113: [ 96.081541][ T5113] #0: ffff888015add130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_ioctl+0xa3/0xe0 [ 96.092944][ T5113] #1: ffffffff8ed405c8 (rfcomm_ioctl_mutex){+.+.}-{3:3}, at: rfcomm_dev_ioctl+0x8b9/0x1c50 [ 96.103041][ T5113] [ 96.103041][ T5113] stack backtrace: [ 96.108914][ T5113] CPU: 1 PID: 5113 Comm: syz-executor358 Not tainted 6.7.0-rc2-syzkaller-00099-gc9213ddad2bd #0 [ 96.119317][ T5113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 96.129365][ T5113] Call Trace: [ 96.132638][ T5113] [ 96.135563][ T5113] dump_stack_lvl+0xd9/0x1b0 [ 96.140153][ T5113] check_noncircular+0x317/0x400 [ 96.145097][ T5113] ? print_circular_bug+0x5c0/0x5c0 [ 96.150302][ T5113] ? lockdep_lock+0xc6/0x200 [ 96.154891][ T5113] ? hlock_class+0x130/0x130 [ 96.159482][ T5113] ? __switch_to+0x75d/0x1380 [ 96.164165][ T5113] __lock_acquire+0x2464/0x3b10 [ 96.169025][ T5113] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 96.175009][ T5113] ? add_lock_to_list+0x17d/0x380 [ 96.180045][ T5113] lock_acquire+0x1ae/0x520 [ 96.184552][ T5113] ? rfcomm_dlc_exists+0x5b/0x190 [ 96.189574][ T5113] ? lock_sync+0x190/0x190 [ 96.193996][ T5113] ? preempt_count_sub+0x160/0x160 [ 96.199107][ T5113] __mutex_lock+0x175/0x9d0 [ 96.203616][ T5113] ? rfcomm_dlc_exists+0x5b/0x190 [ 96.208635][ T5113] ? aa_get_newest_label+0x376/0x680 [ 96.213918][ T5113] ? rfcomm_dlc_exists+0x5b/0x190 [ 96.218937][ T5113] ? mutex_trylock+0x130/0x130 [ 96.223702][ T5113] ? reacquire_held_locks+0x4c0/0x4c0 [ 96.229079][ T5113] ? apparmor_capable+0x126/0x1e0 [ 96.234106][ T5113] ? rfcomm_dlc_exists+0x5b/0x190 [ 96.239123][ T5113] rfcomm_dlc_exists+0x5b/0x190 [ 96.243985][ T5113] rfcomm_dev_ioctl+0x999/0x1c50 [ 96.248929][ T5113] ? rfcomm_dev_state_change+0x170/0x170 [ 96.254559][ T5113] ? reacquire_held_locks+0x4c0/0x4c0 [ 96.259937][ T5113] ? mark_held_locks+0x9f/0xe0 [ 96.264704][ T5113] ? __local_bh_enable_ip+0xa4/0x120 [ 96.269988][ T5113] rfcomm_sock_ioctl+0xb0/0xe0 [ 96.274747][ T5113] sock_do_ioctl+0x113/0x270 [ 96.279338][ T5113] ? put_user_ifreq+0x140/0x140 [ 96.284186][ T5113] ? do_vfs_ioctl+0x379/0x1920 [ 96.288953][ T5113] ? vfs_fileattr_set+0xbf0/0xbf0 [ 96.293989][ T5113] sock_ioctl+0x22e/0x6b0 [ 96.298322][ T5113] ? br_ioctl_call+0xb0/0xb0 [ 96.302925][ T5113] ? restore_fpregs_from_fpstate+0xc1/0x1d0 [ 96.308825][ T5113] ? kernel_fpu_begin_mask+0x270/0x270 [ 96.314290][ T5113] ? folio_memcg_unlock+0x240/0x240 [ 96.319485][ T5113] ? bpf_lsm_file_ioctl+0x9/0x10 [ 96.324418][ T5113] ? br_ioctl_call+0xb0/0xb0 [ 96.329009][ T5113] __x64_sys_ioctl+0x18f/0x210 [ 96.333779][ T5113] do_syscall_64+0x40/0x110 [ 96.338280][ T5113] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 96.344176][ T5113] RIP: 0033:0x7f8026c9aff9 [ 96.348585][ T5113] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 96.368189][ T5113] RSP: 002b:00007ffcb8a9b718 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 96.376595][ T5113] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8026c9aff9 [ 96.384560][ T5113] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000005 [ 96.392521][ T5113] RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000000000000 [ 96.400484][ T5113] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000161ff [ 96.408448][ T5113] R13: 00007ffcb8a9b748 R14: 00007ffcb8a9b7a0 R15: 00007ffcb8a9b790 [ 96.416417][ T5113] executing program [ 96.472492][ T4468] Bluetooth: hci2: command 0x040f tx timeout [ 96.478510][ T4468] Bluetooth: hci5: command 0x040f tx timeout [ 96.482542][ T50] Bluetooth: hci4: command 0x040f tx timeout [ 96.484517][ T4468] Bluetooth: hci1: command 0x040f tx timeout [ 96.490518][ T50] Bluetooth: hci0: command 0x040f tx timeout [ 96.496431][ T4468] Bluetooth: hci3: command 0x040f tx timeout executing program executing program executing program executing program [ 98.522808][ T5082] Bluetooth: hci3: command 0x0419 tx timeout [ 98.522836][ T5087] Bluetooth: hci5: command 0x0419 tx timeout [ 98.528833][ T5090] Bluetooth: hci2: command 0x0419 tx timeout [ 98.534877][ T5084] Bluetooth: hci4: command 0x0419 tx timeout [ 98.540755][ T50] Bluetooth: hci0: command 0x0419 tx timeout [ 98.552836][ T4468] Bluetooth: hci1: command 0x0419 tx timeout executing program executing program executing program executing program executing program executing program [ 100.602651][ T5084] Bluetooth: hci5: command 0x0405 tx timeout executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program