program: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, 0x0, 0x26}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x8, 0x4, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, r0, 0x0, 0x1}, 0x48) r2 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200)) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETLED(r4, 0x4b32, 0x6) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f00000000c0)={r5, r5, 0x206, 0x0, 0x0, 0x2, 0x72, 0x1, 0x3, 0x7, 0x0, 0x8, 'syz1\x00'}) ioctl$sock_bt_hci(r3, 0x400448ca, 0x0) syz_open_dev$usbfs(&(0x7f0000000140), 0x4, 0x40000) ioctl$USBDEVFS_IOCTL(r2, 0x80045505, &(0x7f0000000180)=@usbdevfs_connect={0xc}) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0xf, &(0x7f00000004c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r7}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0x8}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0xbb}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @cgroup_sysctl=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x5, &(0x7f0000000080), 0x0, 0x5c4, &(0x7f0000001140)="$eJzs3U1rXFUfAPD/nZkkbdLnSSqCtl0YKNiCmjRpRRHBFuvOhS8FVy5ikpbS9IUmgq0VW6hrN/oBBHduxGURKerGrTvBDyDFIjUbdyN35t40ncxMJnUmN+39/WB6z7lnwjk3zX/OmTPn3AmgtCbTfyoR+5qHGF9XVouscLL5vL/vXZtfvXdtPol6/d2/kkiyc/nzk+w4lv3wroj49ccknqhurHf5ytVzc0tLi5ez/PTK+UvTy1euvnD2/NyZxTOLF2ZnXpp58djR2WNHOrZ9/+e9X+eeiPh56mTt5unXD3w7//XeT7//5lYSxxvno+U6+mUyJtd+J+ulv9eX+11ZQaotx1RSK6gxbFk1+3scioinYjyqcf8/bzw+e7vQxgEDVU8i6vW8m6oDpZK0i/qalwJ4/OXjgPT9b/7YOEo4vp1DEmCb3D3RnADI5/ZW1+K/1pwbjF2NuYHR1STWT+ukbxg6z8z1Lq3j0rPJePqIAc3DAe1dvxERT7fr/5NGbE40ZvHT+K88EP+ViHgrO6bn33nI+idb8uIfts/Dxv9wdszj/4OHrF/8AwAAAAAAQP/cPhERz7f7/K+ytv4n2qz/GevTqsDNP/+r3OlDNUAbd09EvBoRqxvW/1Xyp0xUs9z/GusBhpLTZ5cWj0TE/yPicAyNpPmZLnVMHvhlqGPZuvV/6SOtP18LmLXjTm0kS442DwtzK3P/9bqBiLs3IvbX0vhP4sH4T9b6/6RN/5++HlzqsY76ydd+6lS2efwDg1L/KuJQ2/7//p0rku7355hujAem81HBRh+/f+u7TvW3xH804//6AK4UaJX2/6Pd438iWX+/nuWt1/HJn7/3Gv/dx/+ZdPw/nJxq3HImX4f80dzKyuWZiOHkzY3nZ7feZniUjHQqaLkXUx4Pebyk8X/4YPv3/93G/7sjotde+tQPb9zsVGb8D8VJ439hS/3/1hMH3/vyn07199b/H2v06YezM+b/oLteA7TodgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAo6gSEXsiqUytpSuVqamIsYh4MkYrSxeXV547ffHDCwtpWeP7/yv5N/2ON/NJ/v3/E+vysy35oxGxNyK+qO5u5KfmLy4tFH3xAAAAAAAAAAAAAAAAAAAAsEOMddj/n/qjWnTrgIGrFd0AoDDiH8pL/EN5bTH+hwbVDmD76f+hvMQ/lJf4h/IS/1BeafzvKroRQCH0/wAAAAAA8FjZ+8zt35KIuP7K7sYjNZyVTRbaMmDQKkU3ACiMW/xAeVn6A+VlLz+QbFLeeXvAZj8JAAAAAAAAAAAAAPTLoX2d9//bGwCPN/v/obzs/4fysv8fyst7fMD+fwAAAAAAAAAAAADY+ZavXD03t7S0eLldYrhzUV8SI1kjBliFRHkS9eomf887JxE7oxndEgW/MAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGv+DQAA//9GMuou") seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x8, &(0x7f0000000080)=[{0xfff8, 0xfd, 0x0, 0x87}, {0x7ff, 0x34, 0x0, 0x9}, {0x5, 0x9, 0x9, 0xc}, {0x0, 0x0, 0x9, 0x4}, {0x5, 0xf9, 0x5, 0x9}, {0xfff4, 0xc, 0x81, 0x4395a712}, {0x8, 0x9, 0xd5, 0x3}, {0x1fa3, 0x7, 0x3, 0x5}]}) r8 = syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000000)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f00000016c0)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=") close_range(r8, 0xffffffffffffffff, 0x0) syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501) r9 = accept4$rose(r1, 0x0, &(0x7f0000000280), 0x180800) setsockopt$rose(r9, 0x104, 0x7, &(0x7f0000000340)=0x9, 0x4) [ 86.131953][ T5348] usb 1-1: USB disconnect, device number 2 [ 86.234355][ T5349] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input5 [ 86.359698][ T5349] loop0: detected capacity change from 0 to 1024 [ 86.372106][ T5348] [ 86.373266][ T5348] ====================================================== [ 86.376342][ T5348] WARNING: possible circular locking dependency detected [ 86.379566][ T5348] syzkaller #0 Not tainted [ 86.382212][ T5348] ------------------------------------------------------ [ 86.385423][ T5348] syz.0.0/5348 is trying to acquire lock: [ 86.387654][ T5348] ffff888011f18040 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: __flush_work+0xd2/0xbc0 [ 86.392309][ T5348] [ 86.392309][ T5348] but task is already holding lock: [ 86.395764][ T5348] ffff888011f18338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 86.399802][ T5348] [ 86.399802][ T5348] which lock already depends on the new lock. [ 86.399802][ T5348] [ 86.404237][ T5348] [ 86.404237][ T5348] the existing dependency chain (in reverse order) is: [ 86.408273][ T5348] [ 86.408273][ T5348] -> #1 (&conn->lock#2){+.+.}-{4:4}: [ 86.411620][ T5348] __mutex_lock+0x187/0x1350 [ 86.413954][ T5348] l2cap_info_timeout+0x60/0xa0 [ 86.416402][ T5348] process_scheduled_works+0xad1/0x1770 [ 86.419342][ T5348] worker_thread+0x8a0/0xda0 [ 86.421965][ T5348] kthread+0x711/0x8a0 [ 86.424152][ T5348] ret_from_fork+0x599/0xb30 [ 86.427117][ T5348] ret_from_fork_asm+0x1a/0x30 [ 86.430278][ T5348] [ 86.430278][ T5348] -> #0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}: [ 86.435164][ T5348] __lock_acquire+0x15a6/0x2cf0 [ 86.437799][ T5348] lock_acquire+0x117/0x340 [ 86.440123][ T5348] __flush_work+0x6b8/0xbc0 [ 86.442571][ T5348] __cancel_work_sync+0xbe/0x110 [ 86.444784][ T5348] l2cap_conn_del+0x4f3/0x680 [ 86.446753][ T5348] hci_conn_hash_flush+0x10d/0x230 [ 86.449133][ T5348] hci_dev_close_sync+0x821/0xff0 [ 86.451944][ T5348] hci_dev_close+0x108/0x200 [ 86.454637][ T5348] sock_do_ioctl+0xdc/0x300 [ 86.456993][ T5348] sock_ioctl+0x576/0x790 [ 86.459216][ T5348] __se_sys_ioctl+0xfc/0x170 [ 86.461813][ T5348] do_syscall_64+0xfa/0xf80 [ 86.464300][ T5348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.467667][ T5348] [ 86.467667][ T5348] other info that might help us debug this: [ 86.467667][ T5348] [ 86.472784][ T5348] Possible unsafe locking scenario: [ 86.472784][ T5348] [ 86.476045][ T5348] CPU0 CPU1 [ 86.478787][ T5348] ---- ---- [ 86.481642][ T5348] lock(&conn->lock#2); [ 86.483733][ T5348] lock((work_completion)(&(&conn->info_timer)->work)); [ 86.488969][ T5348] lock(&conn->lock#2); [ 86.492994][ T5348] lock((work_completion)(&(&conn->info_timer)->work)); [ 86.495718][ T5348] [ 86.495718][ T5348] *** DEADLOCK *** [ 86.495718][ T5348] [ 86.499420][ T5348] 5 locks held by syz.0.0/5348: [ 86.501563][ T5348] #0: ffff8880451b4ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_close+0x100/0x200 [ 86.505808][ T5348] #1: ffff8880451b40c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0xff0 [ 86.510794][ T5348] #2: ffffffff8f474808 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 86.516075][ T5348] #3: ffff888011f18338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 86.520060][ T5348] #4: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xd2/0xbc0 [ 86.524141][ T5348] [ 86.524141][ T5348] stack backtrace: [ 86.526874][ T5348] CPU: 0 UID: 0 PID: 5348 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.526894][ T5348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.526901][ T5348] Call Trace: [ 86.526908][ T5348] [ 86.526915][ T5348] dump_stack_lvl+0x189/0x250 [ 86.526935][ T5348] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.526950][ T5348] ? __pfx__printk+0x10/0x10 [ 86.526967][ T5348] ? print_lock_name+0xde/0x100 [ 86.526982][ T5348] print_circular_bug+0x2e2/0x300 [ 86.526999][ T5348] check_noncircular+0x12e/0x150 [ 86.527018][ T5348] __lock_acquire+0x15a6/0x2cf0 [ 86.527034][ T5348] ? do_raw_spin_unlock+0x4d/0x240 [ 86.527052][ T5348] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 86.527067][ T5348] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.527084][ T5348] ? __flush_work+0xd2/0xbc0 [ 86.527101][ T5348] lock_acquire+0x117/0x340 [ 86.527114][ T5348] ? __flush_work+0xd2/0xbc0 [ 86.527130][ T5348] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.527144][ T5348] ? __flush_work+0xd2/0xbc0 [ 86.527159][ T5348] __flush_work+0x6b8/0xbc0 [ 86.527174][ T5348] ? __flush_work+0xd2/0xbc0 [ 86.527189][ T5348] ? __flush_work+0xd2/0xbc0 [ 86.527205][ T5348] ? __pfx___flush_work+0x10/0x10 [ 86.527221][ T5348] ? __pfx_wq_barrier_func+0x10/0x10 [ 86.527237][ T5348] ? __pfx___cancel_work+0x10/0x10 [ 86.527256][ T5348] ? hci_conn_drop+0x153/0x280 [ 86.527275][ T5348] ? __cancel_work_sync+0x5c/0x110 [ 86.527291][ T5348] __cancel_work_sync+0xbe/0x110 [ 86.527307][ T5348] l2cap_conn_del+0x4f3/0x680 [ 86.527323][ T5348] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 86.527337][ T5348] hci_conn_hash_flush+0x10d/0x230 [ 86.527354][ T5348] hci_dev_close_sync+0x821/0xff0 [ 86.527370][ T5348] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 86.527384][ T5348] ? __cancel_work_sync+0x5c/0x110 [ 86.527402][ T5348] hci_dev_close+0x108/0x200 [ 86.527417][ T5348] sock_do_ioctl+0xdc/0x300 [ 86.527432][ T5348] ? __pfx_sock_do_ioctl+0x10/0x10 [ 86.527445][ T5348] ? do_futex+0x333/0x420 [ 86.527461][ T5348] sock_ioctl+0x576/0x790 [ 86.527473][ T5348] ? __pfx_sock_ioctl+0x10/0x10 [ 86.527485][ T5348] ? __fget_files+0x3a0/0x420 [ 86.527504][ T5348] ? __fget_files+0x2a/0x420 [ 86.527520][ T5348] ? bpf_lsm_file_ioctl+0x9/0x20 [ 86.527540][ T5348] ? __pfx_sock_ioctl+0x10/0x10 [ 86.527553][ T5348] __se_sys_ioctl+0xfc/0x170 [ 86.527574][ T5348] do_syscall_64+0xfa/0xf80 [ 86.527599][ T5348] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.527618][ T5348] ? clear_bhb_loop+0x60/0xb0 [ 86.527639][ T5348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.527657][ T5348] RIP: 0033:0x7f272f38f7c9 [ 86.527674][ T5348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.527690][ T5348] RSP: 002b:00007f273013f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.527710][ T5348] RAX: ffffffffffffffda RBX: 00007f272f5e5fa0 RCX: 00007f272f38f7c9 [ 86.527723][ T5348] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000006 [ 86.527733][ T5348] RBP: 00007f272f413f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.527743][ T5348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.527752][ T5348] R13: 00007f272f5e6038 R14: 00007f272f5e5fa0 R15: 00007fffc00b85d8 [ 86.527770][ T5348] [ 86.683166][ T47] Bluetooth: hci0: command tx timeout [ 86.725572][ T5349] EXT4-fs (loop0): orphan cleanup on readonly fs [ 86.739256][ T5349] Quota error (device loop0): v2_read_file_info: Block with free entry 32 out of range (1, 6). [ 86.763122][ T5349] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 86.771569][ T5349] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 86.778477][ T5349] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #12: comm syz.0.0: corrupted in-inode xattr: overlapping e_value [ 86.785464][ T5349] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.0: couldn't read orphan inode 12 (err -117) [ 86.791436][ T5349] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 88.733202][ T47] Bluetooth: hci0: command tx timeout [ 90.812941][ T47] Bluetooth: hci0: command tx timeout [ 91.615661][ T9] cfg80211: failed to load regulatory.db