program: connect$rxrpc(0xffffffffffffffff, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x3f) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) (async) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) (async) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x400448cb, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0) syz_emit_vhci(&(0x7f00000005c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_WRITE_SCAN_ENABLE={{0x14}}}}, 0x7) write$rfkill(r0, &(0x7f0000000080)={0x7fffffff, 0x0, 0x3, 0x1}, 0xfffffffffffffdca) (async) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) pwrite64(r2, &(0x7f0000000040)="b250fd0000002d930000000000000000", 0x10, 0x9) (async) timer_create(0x5, &(0x7f00000001c0)={0x0, 0x38, 0x2, @thr={&(0x7f00000000c0)="34de10d0cef9c76bddc2251392daf72f09792ae325be74a64fbd96a859974427f7b7a3a0838f02241c5bacdbf1ba4b63e366835e0b69", &(0x7f0000000140)="8195c1d39de39dc86bc3dff0d8ada5125c0c1f04faf0451ec7d64336d5f7d561447468d624c15d019fd35585e588059a24833e2e58091e1517981ec9c23eb7c8b61b776d4e291e8df03c94a15338b6ddb5e4a3852e91543675e81628bfc0d10a397d77ff49ecda060278270e83"}}, &(0x7f0000000200)) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) (async) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f00000000c0)=@raw={'raw\x00', 0x41, 0x3, 0x200, 0x0, 0x0, 0x0, 0x98, 0x0, 0x168, 0x1f0, 0x1f0, 0x168, 0x1f0, 0x3, 0x0, {[{{@ip={@remote, @broadcast, 0x0, 0x0, 'wlan1\x00', 'wg1\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0xffffffffa0028000}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@dev, @broadcast, 0x0, 0x0, 'batadv_slave_1\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x260) (async, rerun: 64) write$binfmt_misc(r3, &(0x7f0000000000), 0xd) (rerun: 64) [ 83.439045][ T4658] Bluetooth: hci0: command tx timeout [ 83.442669][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 83.446031][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 83.519166][ T5304] [ 83.520344][ T5304] ====================================================== [ 83.523353][ T5304] WARNING: possible circular locking dependency detected [ 83.526364][ T5304] 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 Not tainted [ 83.529452][ T5304] ------------------------------------------------------ [ 83.532440][ T5304] kworker/0:4/5304 is trying to acquire lock: [ 83.534954][ T5304] ffff8880427e4338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_info_timeout+0x60/0xa0 [ 83.538869][ T5304] [ 83.538869][ T5304] but task is already holding lock: [ 83.542031][ T5304] ffffc9000d3d7c60 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 83.547429][ T5304] [ 83.547429][ T5304] which lock already depends on the new lock. [ 83.547429][ T5304] [ 83.552302][ T5304] [ 83.552302][ T5304] the existing dependency chain (in reverse order) is: [ 83.555839][ T5304] [ 83.555839][ T5304] -> #1 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}: [ 83.560194][ T5304] lock_acquire+0x120/0x360 [ 83.562451][ T5304] __flush_work+0x6b8/0xbc0 [ 83.564565][ T5304] __cancel_work_sync+0xbe/0x110 [ 83.566953][ T5304] l2cap_conn_del+0x4f0/0x680 [ 83.569129][ T5304] hci_conn_hash_flush+0x10a/0x230 [ 83.571571][ T5304] hci_dev_reset+0x3e0/0x5c0 [ 83.573720][ T5304] sock_do_ioctl+0xd9/0x300 [ 83.575887][ T5304] sock_ioctl+0x576/0x790 [ 83.577970][ T5304] __se_sys_ioctl+0xf9/0x170 [ 83.580160][ T5304] do_syscall_64+0xf6/0x210 [ 83.582349][ T5304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.585060][ T5304] [ 83.585060][ T5304] -> #0 (&conn->lock#2){+.+.}-{4:4}: [ 83.588194][ T5304] validate_chain+0xb9b/0x2140 [ 83.590364][ T5304] __lock_acquire+0xaac/0xd20 [ 83.592374][ T5304] lock_acquire+0x120/0x360 [ 83.594493][ T5304] __mutex_lock+0x182/0xe80 [ 83.596638][ T5304] l2cap_info_timeout+0x60/0xa0 [ 83.599011][ T5304] process_scheduled_works+0xadb/0x17a0 [ 83.601591][ T5304] worker_thread+0x8a0/0xda0 [ 83.603754][ T5304] kthread+0x70e/0x8a0 [ 83.605770][ T5304] ret_from_fork+0x4b/0x80 [ 83.607877][ T5304] ret_from_fork_asm+0x1a/0x30 [ 83.610146][ T5304] [ 83.610146][ T5304] other info that might help us debug this: [ 83.610146][ T5304] [ 83.614411][ T5304] Possible unsafe locking scenario: [ 83.614411][ T5304] [ 83.617662][ T5304] CPU0 CPU1 [ 83.619882][ T5304] ---- ---- [ 83.622135][ T5304] lock((work_completion)(&(&conn->info_timer)->work)); [ 83.625063][ T5304] lock(&conn->lock#2); [ 83.628095][ T5304] lock((work_completion)(&(&conn->info_timer)->work)); [ 83.632092][ T5304] lock(&conn->lock#2); [ 83.633754][ T5304] [ 83.633754][ T5304] *** DEADLOCK *** [ 83.633754][ T5304] [ 83.637245][ T5304] 2 locks held by kworker/0:4/5304: [ 83.639476][ T5304] #0: ffff88801a074d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 83.644092][ T5304] #1: ffffc9000d3d7c60 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 83.650102][ T5304] [ 83.650102][ T5304] stack backtrace: [ 83.652735][ T5304] CPU: 0 UID: 0 PID: 5304 Comm: kworker/0:4 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 83.652750][ T5304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 83.652758][ T5304] Workqueue: events l2cap_info_timeout [ 83.652776][ T5304] Call Trace: [ 83.652783][ T5304] [ 83.652788][ T5304] dump_stack_lvl+0x189/0x250 [ 83.652805][ T5304] ? __pfx_dump_stack_lvl+0x10/0x10 [ 83.652818][ T5304] ? __pfx__printk+0x10/0x10 [ 83.652828][ T5304] ? print_lock_name+0xde/0x100 [ 83.652842][ T5304] print_circular_bug+0x2ee/0x310 [ 83.652853][ T5304] check_noncircular+0x134/0x160 [ 83.652864][ T5304] validate_chain+0xb9b/0x2140 [ 83.652873][ T5304] ? arch_stack_walk+0x11c/0x150 [ 83.652887][ T5304] ? ret_from_fork_asm+0x1a/0x30 [ 83.652898][ T5304] __lock_acquire+0xaac/0xd20 [ 83.652912][ T5304] ? l2cap_info_timeout+0x60/0xa0 [ 83.652922][ T5304] lock_acquire+0x120/0x360 [ 83.652930][ T5304] ? l2cap_info_timeout+0x60/0xa0 [ 83.652939][ T5304] __mutex_lock+0x182/0xe80 [ 83.652949][ T5304] ? l2cap_info_timeout+0x60/0xa0 [ 83.652961][ T5304] ? irqentry_exit+0x74/0x90 [ 83.652971][ T5304] ? lockdep_hardirqs_on+0x9c/0x150 [ 83.652980][ T5304] ? l2cap_info_timeout+0x60/0xa0 [ 83.652993][ T5304] ? __pfx___mutex_lock+0x10/0x10 [ 83.653007][ T5304] l2cap_info_timeout+0x60/0xa0 [ 83.653026][ T5304] ? process_scheduled_works+0x9ec/0x17a0 [ 83.653040][ T5304] process_scheduled_works+0xadb/0x17a0 [ 83.653059][ T5304] ? __pfx_process_scheduled_works+0x10/0x10 [ 83.653075][ T5304] worker_thread+0x8a0/0xda0 [ 83.653084][ T5304] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 83.653096][ T5304] ? __kthread_parkme+0x7b/0x200 [ 83.653107][ T5304] kthread+0x70e/0x8a0 [ 83.653119][ T5304] ? __pfx_worker_thread+0x10/0x10 [ 83.653127][ T5304] ? __pfx_kthread+0x10/0x10 [ 83.653137][ T5304] ? __pfx_kthread+0x10/0x10 [ 83.653145][ T5304] ? _raw_spin_unlock_irq+0x23/0x50 [ 83.653153][ T5304] ? lockdep_hardirqs_on+0x9c/0x150 [ 83.653163][ T5304] ? __pfx_kthread+0x10/0x10 [ 83.653173][ T5304] ret_from_fork+0x4b/0x80 [ 83.653183][ T5304] ? __pfx_kthread+0x10/0x10 [ 83.653192][ T5304] ret_from_fork_asm+0x1a/0x30 [ 83.653204][ T5304] [ 86.553426][ T57] cfg80211: failed to load regulatory.db