program: syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a440000104000109026000420100000009"], 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0xc45, 0x5112, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, "", [{{0x9, 0x4, 0x0, 0x7, 0x19, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x200, 0x3, 0x1, {0x22, 0x2d}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0xff, 0x3}}}}}]}}]}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000180)={@host}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) socket$nl_route(0x10, 0x3, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r1, 0x7af, &(0x7f0000000080)={@hyper, 0x2}) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) open(&(0x7f0000000000)='.\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 84.765277][ T4657] Bluetooth: hci0: command tx timeout [ 85.034011][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 85.187971][ T10] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 85.192614][ T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 85.197283][ T10] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 66 [ 85.205900][ T10] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 85.209989][ T10] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 85.213751][ T10] usb 5-1: Product: syz [ 85.215699][ T10] usb 5-1: Manufacturer: syz [ 85.431793][ T5326] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 85.439762][ T5326] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 85.515935][ T5327] [ 85.517148][ T5327] ============================================ [ 85.520011][ T5327] WARNING: possible recursive locking detected [ 85.522775][ T5327] syzkaller #0 Not tainted [ 85.524796][ T5327] -------------------------------------------- [ 85.527612][ T5327] syz.0.0/5327 is trying to acquire lock: [ 85.530214][ T5327] ffffffff8f3d4190 (qp_broker_list.mutex){+.+.}-{4:4}, at: vmci_qp_broker_detach+0x117/0xf20 [ 85.534823][ T5327] [ 85.534823][ T5327] but task is already holding lock: [ 85.538120][ T5327] ffffffff8f3d4190 (qp_broker_list.mutex){+.+.}-{4:4}, at: vmci_qp_broker_detach+0x117/0xf20 [ 85.542672][ T5327] [ 85.542672][ T5327] other info that might help us debug this: [ 85.546246][ T5327] Possible unsafe locking scenario: [ 85.546246][ T5327] [ 85.549503][ T5327] CPU0 [ 85.551005][ T5327] ---- [ 85.552539][ T5327] lock(qp_broker_list.mutex); [ 85.554769][ T5327] lock(qp_broker_list.mutex); [ 85.556965][ T5327] [ 85.556965][ T5327] *** DEADLOCK *** [ 85.556965][ T5327] [ 85.560596][ T5327] May be due to missing lock nesting notation [ 85.560596][ T5327] [ 85.564161][ T5327] 1 lock held by syz.0.0/5327: [ 85.566340][ T5327] #0: ffffffff8f3d4190 (qp_broker_list.mutex){+.+.}-{4:4}, at: vmci_qp_broker_detach+0x117/0xf20 [ 85.571051][ T5327] [ 85.571051][ T5327] stack backtrace: [ 85.573698][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.573714][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.573723][ T5327] Call Trace: [ 85.573731][ T5327] [ 85.573737][ T5327] dump_stack_lvl+0xe8/0x150 [ 85.573756][ T5327] print_deadlock_bug+0x279/0x290 [ 85.573773][ T5327] __lock_acquire+0x253f/0x2cf0 [ 85.573788][ T5327] ? is_bpf_text_address+0x292/0x2b0 [ 85.573801][ T5327] ? is_bpf_text_address+0x26/0x2b0 [ 85.573814][ T5327] ? kernel_text_address+0xa5/0xe0 [ 85.573831][ T5327] ? __kernel_text_address+0xd/0x30 [ 85.573848][ T5327] ? vmci_qp_broker_detach+0x117/0xf20 [ 85.573866][ T5327] lock_acquire+0x106/0x350 [ 85.573878][ T5327] ? vmci_qp_broker_detach+0x117/0xf20 [ 85.573898][ T5327] __mutex_lock+0x1a3/0x1550 [ 85.573964][ T5327] ? vmci_qp_broker_detach+0x117/0xf20 [ 85.573982][ T5327] ? kasan_save_track+0x4f/0x80 [ 85.573996][ T5327] ? kasan_save_track+0x3e/0x80 [ 85.574006][ T5327] ? kasan_save_free_info+0x46/0x50 [ 85.574016][ T5327] ? __kasan_slab_free+0x5c/0x80 [ 85.574028][ T5327] ? kfree+0x1c5/0x640 [ 85.574041][ T5327] ? vmci_ctx_put+0x5ef/0xc40 [ 85.574053][ T5327] ? vmci_ctx_enqueue_datagram+0x3ab/0x420 [ 85.574064][ T5327] ? vmci_datagram_dispatch+0x450/0xc60 [ 85.574077][ T5327] ? vmci_qp_broker_detach+0x8dd/0xf20 [ 85.574091][ T5327] ? vmci_host_close+0x98/0x160 [ 85.574104][ T5327] ? vmci_qp_broker_detach+0x117/0xf20 [ 85.574118][ T5327] ? exit_to_user_mode_loop+0xf3/0x4d0 [ 85.574129][ T5327] ? __pfx___mutex_lock+0x10/0x10 [ 85.574145][ T5327] vmci_qp_broker_detach+0x117/0xf20 [ 85.574164][ T5327] ? __pfx_vmci_qp_broker_detach+0x10/0x10 [ 85.574180][ T5327] ? kasan_quarantine_put+0xbb/0x1f0 [ 85.574190][ T5327] ? lockdep_hardirqs_on+0x7a/0x110 [ 85.574203][ T5327] ? kfree+0x1c5/0x640 [ 85.574212][ T5327] ? vmci_ctx_put+0x5ef/0xc40 [ 85.574223][ T5327] ? vmci_ctx_put+0x141/0xc40 [ 85.574236][ T5327] vmci_ctx_put+0x64e/0xc40 [ 85.574249][ T5327] ? __pfx___schedule+0x10/0x10 [ 85.574263][ T5327] ? vmci_ctx_put+0x141/0xc40 [ 85.574275][ T5327] ? __pfx_vmci_ctx_put+0x10/0x10 [ 85.574288][ T5327] ? preempt_schedule_thunk+0x16/0x30 [ 85.574304][ T5327] ? preempt_schedule_common+0x82/0xd0 [ 85.574321][ T5327] vmci_ctx_enqueue_datagram+0x3ab/0x420 [ 85.574336][ T5327] vmci_datagram_dispatch+0x450/0xc60 [ 85.574352][ T5327] ? __pfx_vmci_datagram_dispatch+0x10/0x10 [ 85.574368][ T5327] vmci_qp_broker_detach+0x8dd/0xf20 [ 85.574388][ T5327] ? __pfx_vmci_qp_broker_detach+0x10/0x10 [ 85.574405][ T5327] ? kasan_quarantine_put+0xbb/0x1f0 [ 85.574418][ T5327] ? kfree+0x1c5/0x640 [ 85.574429][ T5327] ? vmci_ctx_put+0x5ef/0xc40 [ 85.574451][ T5327] vmci_ctx_put+0x64e/0xc40 [ 85.574464][ T5327] ? vmci_ctx_put+0x141/0xc40 [ 85.574478][ T5327] ? __pfx_vmci_ctx_put+0x10/0x10 [ 85.574496][ T5327] vmci_host_close+0x98/0x160 [ 85.574513][ T5327] ? __pfx_vmci_host_close+0x10/0x10 [ 85.574530][ T5327] __fput+0x44f/0xa60 [ 85.574544][ T5327] task_work_run+0x1d9/0x270 [ 85.574560][ T5327] ? __pfx_task_work_run+0x10/0x10 [ 85.574578][ T5327] exit_to_user_mode_loop+0xf3/0x4d0 [ 85.574589][ T5327] ? rcu_is_watching+0x15/0xb0 [ 85.574603][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.574614][ T5327] do_syscall_64+0x33e/0xf80 [ 85.574630][ T5327] ? trace_irq_disable+0x3b/0x140 [ 85.574647][ T5327] ? clear_bhb_loop+0x40/0x90 [ 85.574660][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.574672][ T5327] RIP: 0033:0x7f7d6599ce59 [ 85.574685][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.574697][ T5327] RSP: 002b:00007f7d61dd3fe8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 85.574710][ T5327] RAX: 0000000000000000 RBX: 00007f7d65c16090 RCX: 00007f7d6599ce59 [ 85.574719][ T5327] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000006 [ 85.574727][ T5327] RBP: 00007f7d65a32d6f R08: 0000000000000000 R09: 0000000000000000 [ 85.574734][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.574742][ T5327] R13: 00007f7d65c16128 R14: 00007f7d65c16090 R15: 00007ffd9b9667f8 [ 85.574752][ T5327] [ 86.794041][ T4657] Bluetooth: hci0: command tx timeout [ 88.873917][ T4657] Bluetooth: hci0: command tx timeout [ 90.953545][ T4657] Bluetooth: hci0: command tx timeout [ 91.675593][ T1381] cfg80211: failed to load regulatory.db