program: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x2000040, &(0x7f0000000000)={[{@errors_remount}, {@data_journal}, {@noquota}, {@bh}, {@dax_never}, {@resgid}, {@sysvgroups}, {@delalloc}, {@usrquota}]}, 0x10, 0x4d2, &(0x7f00000002c0)="$eJzs3c9rHG8ZAPBnJtlvf+VrUvVQC7bFVtKi3U0a2wYPtYLYU8Fa7zUmmxCyyYbspm1CkRTvCiIqePLkRfAPEKR/gggFvUsVRbTVgwd1ZWdnaxt3m0i3OzX5fGA67zvv7j7P27Az88687ARwaJ2LiJsRMRIRlyJiPN+e5sutdvudzutePH80316SaLXu/jmJJN/W/awkX5+IiJ2IOBoRX70V8Y3kv+M2trZX5mq16kZerzRX1yuNre3Ly6tzS9Wl6trMzPS12euzV2enBtLPiYi48aXff/87P/nyjV989sFv7/3x4jfbaY3l7a/2Y5A6XS9l/xddoxGx8S6CFWAkX5f6tH97ZIjJAACwp/Y5/kcj4lPZ+f94jGRnpwAAAMBB0vrCWPwjiWgBAAAAB1aazYFN0nI+F2As0rRc7szh/XgcT2v1RvMzi/XNtYXOXNmJKKWLy7XqVD5XeCJKSbs+nc+x7dav7KrPRMTJiPje+LGsXp6v1xaKvvgBAAAAh8SJXeP/v41n4/8jRecFAAAADNhE0QkAAAAA75zxPwAAABx8xv8AAABwoH3l9u320uo+/3rh/tbmSv3+5YVqY6W8ujlfnq9vrJeX6vWl7Df7Vvf6vFq9vv65WNt8WGlWG81KY2v73mp9c615b/m1R2ADAAAAQ3Ty7JPfJBGx8/lj2dL2QdFJAUOR7NGePSTkWV753RASAoZmpOgEgMKMFp0AUJhS0QkAhdvrOkDfyTu/HHwuAADAuzH5if73/10bgIMtLToBAGDo3P+Hw6v0+gzAq8VlAhTlI3u0v/39/1brf0oIAAAYuLFsSdJyfi9wLNK0XI74MHssQClZXK5Vp/Lxwa/HS0fa9ensncmec4YBAAAAAAAAAAAAAAAAAAAAAAAAgI5WK4kWAAAAcKBFpH9Isl/zj5gcvzC2+/rAB8nfx7N1RDz40d0fPJxrNjem29v/8nJ784f59itFXMEAAAAAduuO07vjeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYpBfPH813l2HG/dMXI2KiZ/yzR7PV0ShFxPG/JjH6yvuSiBgZQPydxxFxqlf8pJ1WTEQni17xjxUYP42IEwOID4fZk/b+52av718a57J17+/faL68rf77vzS6+7+RPvufD/cZ4/TTn1X6xn8ccXq09/6nGz/pE//8PuN//Wvb2/3aWj+OmOx5/Elei1Vprq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTlUWl2vV/N+eMb77yZ//6039P94n/sQe/b+wz/7/8+nD5x/rFEu94l883/v4e6pP/DQ/9n06L7fbJ7vlnU75VWd++qszb+r/Qp/+v/z79zjQtmNe3Gf/L9351rN9vhQAGILG1vbKXK1W3fh/LKTxXqShMJDCkfcjDYVOoeg9EwAAMGj/OekvOhMAAAAAAAAAAAAAAAAAAAA4vIbxc2K7Y+4U01UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDf6dwAAAP//sf7Zeg==") syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="040e0c00031000"], 0xf) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x4, 0x3}, 0x6) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_hardware_error={{0x10, 0x1}, {0x52}}}, 0x4) write(0xffffffffffffffff, &(0x7f0000000340)="0b000000010001", 0x7) [ 85.970014][ T5344] loop0: detected capacity change from 0 to 512 [ 85.992613][ T5344] ======================================================= [ 85.992613][ T5344] WARNING: The mand mount option has been deprecated and [ 85.992613][ T5344] and is ignored by this kernel. Remove the mand [ 85.992613][ T5344] option from the mount to silence this warning. [ 85.992613][ T5344] ======================================================= [ 86.048295][ T5344] EXT4-fs: Ignoring removed bh option [ 86.054999][ T5344] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 86.081594][ T5344] EXT4-fs (loop0): can't mount with both data=journal and delalloc [ 86.108933][ T47] Bluetooth: hci0: hardware error 0x52 [ 86.114993][ T5339] [ 86.116002][ T5339] ====================================================== [ 86.118878][ T5339] WARNING: possible circular locking dependency detected [ 86.121715][ T5339] syzkaller #0 Not tainted [ 86.123601][ T5339] ------------------------------------------------------ [ 86.126512][ T5339] kworker/0:5/5339 is trying to acquire lock: [ 86.129027][ T5339] ffff888040d81b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_info_timeout+0x60/0xa0 [ 86.133169][ T5339] [ 86.133169][ T5339] but task is already holding lock: [ 86.136140][ T5339] ffffc9000e41fbc0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 [ 86.141401][ T5339] [ 86.141401][ T5339] which lock already depends on the new lock. [ 86.141401][ T5339] [ 86.145925][ T5339] [ 86.145925][ T5339] the existing dependency chain (in reverse order) is: [ 86.150089][ T5339] [ 86.150089][ T5339] -> #1 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}: [ 86.154130][ T5339] __flush_work+0x6b8/0xbc0 [ 86.156254][ T5339] __cancel_work_sync+0xbe/0x110 [ 86.158488][ T5339] l2cap_conn_del+0x402/0x5b0 [ 86.160725][ T5339] hci_conn_hash_flush+0x10d/0x260 [ 86.163198][ T5339] hci_dev_close_sync+0x821/0x1100 [ 86.165655][ T5339] hci_error_reset+0x127/0x4d0 [ 86.168039][ T5339] process_scheduled_works+0xad1/0x1770 [ 86.170687][ T5339] worker_thread+0x8a0/0xda0 [ 86.172933][ T5339] kthread+0x711/0x8a0 [ 86.174943][ T5339] ret_from_fork+0x510/0xa50 [ 86.177157][ T5339] ret_from_fork_asm+0x1a/0x30 [ 86.179332][ T5339] [ 86.179332][ T5339] -> #0 (&conn->lock#2){+.+.}-{4:4}: [ 86.182352][ T5339] __lock_acquire+0x15a6/0x2cf0 [ 86.184580][ T5339] lock_acquire+0x107/0x340 [ 86.186701][ T5339] __mutex_lock+0x187/0x1350 [ 86.188906][ T5339] l2cap_info_timeout+0x60/0xa0 [ 86.191167][ T5339] process_scheduled_works+0xad1/0x1770 [ 86.193711][ T5339] worker_thread+0x8a0/0xda0 [ 86.195846][ T5339] kthread+0x711/0x8a0 [ 86.197761][ T5339] ret_from_fork+0x510/0xa50 [ 86.199968][ T5339] ret_from_fork_asm+0x1a/0x30 [ 86.202290][ T5339] [ 86.202290][ T5339] other info that might help us debug this: [ 86.202290][ T5339] [ 86.206722][ T5339] Possible unsafe locking scenario: [ 86.206722][ T5339] [ 86.209849][ T5339] CPU0 CPU1 [ 86.212042][ T5339] ---- ---- [ 86.214263][ T5339] lock((work_completion)(&(&conn->info_timer)->work)); [ 86.217322][ T5339] lock(&conn->lock#2); [ 86.220152][ T5339] lock((work_completion)(&(&conn->info_timer)->work)); [ 86.224159][ T5339] lock(&conn->lock#2); [ 86.225837][ T5339] [ 86.225837][ T5339] *** DEADLOCK *** [ 86.225837][ T5339] [ 86.229108][ T5339] 2 locks held by kworker/0:5/5339: [ 86.231273][ T5339] #0: ffff88801a467548 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 [ 86.235747][ T5339] #1: ffffc9000e41fbc0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 [ 86.240747][ T5339] [ 86.240747][ T5339] stack backtrace: [ 86.243293][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) [ 86.243303][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.243309][ T5339] Workqueue: events l2cap_info_timeout [ 86.243321][ T5339] Call Trace: [ 86.243327][ T5339] [ 86.243332][ T5339] dump_stack_lvl+0xe8/0x150 [ 86.243347][ T5339] print_circular_bug+0x2e2/0x300 [ 86.243361][ T5339] check_noncircular+0x12e/0x150 [ 86.243374][ T5339] __lock_acquire+0x15a6/0x2cf0 [ 86.243385][ T5339] ? __schedule+0x14b1/0x4fd0 [ 86.243402][ T5339] ? l2cap_info_timeout+0x60/0xa0 [ 86.243413][ T5339] lock_acquire+0x107/0x340 [ 86.243422][ T5339] ? l2cap_info_timeout+0x60/0xa0 [ 86.243431][ T5339] __mutex_lock+0x187/0x1350 [ 86.243437][ T5339] ? l2cap_info_timeout+0x60/0xa0 [ 86.243446][ T5339] ? irqentry_exit+0x5e8/0x670 [ 86.243451][ T5339] ? lockdep_hardirqs_on+0x7b/0x110 [ 86.243457][ T5339] ? l2cap_info_timeout+0x60/0xa0 [ 86.243463][ T5339] ? irqentry_exit+0x5e8/0x670 [ 86.243469][ T5339] ? __pfx___mutex_lock+0x10/0x10 [ 86.243479][ T5339] ? lock_acquire+0x222/0x340 [ 86.243488][ T5339] l2cap_info_timeout+0x60/0xa0 [ 86.243498][ T5339] ? process_scheduled_works+0x9ef/0x1770 [ 86.243508][ T5339] process_scheduled_works+0xad1/0x1770 [ 86.243523][ T5339] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.243532][ T5339] ? do_raw_spin_lock+0x121/0x290 [ 86.243548][ T5339] worker_thread+0x8a0/0xda0 [ 86.243558][ T5339] ? __kthread_parkme+0x7b/0x200 [ 86.243566][ T5339] kthread+0x711/0x8a0 [ 86.243574][ T5339] ? __pfx_worker_thread+0x10/0x10 [ 86.243580][ T5339] ? __pfx_kthread+0x10/0x10 [ 86.243588][ T5339] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.243596][ T5339] ? __pfx_kthread+0x10/0x10 [ 86.243603][ T5339] ret_from_fork+0x510/0xa50 [ 86.243610][ T5339] ? __pfx_ret_from_fork+0x10/0x10 [ 86.243616][ T5339] ? __switch_to+0xc9e/0x1480 [ 86.243628][ T5339] ? __pfx_kthread+0x10/0x10 [ 86.243639][ T5339] ret_from_fork_asm+0x1a/0x30 [ 86.243655][ T5339]