program: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_hardware_error={{0x10, 0x1}}}, 0x4) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x2}, 0x6) [ 87.985836][ T55] cfg80211: failed to load regulatory.db [ 87.992900][ T4707] Bluetooth: hci0: command tx timeout [ 88.089853][ T4707] Bluetooth: hci0: hardware error 0x00 [ 88.102736][ T55] [ 88.103908][ T55] ====================================================== [ 88.107039][ T55] WARNING: possible circular locking dependency detected [ 88.110205][ T55] syzkaller #0 Not tainted [ 88.112375][ T55] ------------------------------------------------------ [ 88.115534][ T55] kworker/0:2/55 is trying to acquire lock: [ 88.118247][ T55] ffff88803f05ab38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_info_timeout+0x60/0xa0 [ 88.123215][ T55] [ 88.123215][ T55] but task is already holding lock: [ 88.127727][ T55] ffffc9000101fbc0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 88.133029][ T55] [ 88.133029][ T55] which lock already depends on the new lock. [ 88.133029][ T55] [ 88.137959][ T55] [ 88.137959][ T55] the existing dependency chain (in reverse order) is: [ 88.142368][ T55] [ 88.142368][ T55] -> #1 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}: [ 88.146920][ T55] lock_acquire+0x120/0x360 [ 88.149772][ T55] __flush_work+0x6b8/0xbc0 [ 88.152275][ T55] __cancel_work_sync+0xbe/0x110 [ 88.154736][ T55] l2cap_conn_del+0x4f0/0x680 [ 88.156967][ T55] hci_conn_hash_flush+0x10a/0x230 [ 88.159800][ T55] hci_dev_close_sync+0xaef/0x1330 [ 88.162842][ T55] hci_error_reset+0x127/0x3e0 [ 88.165426][ T55] process_scheduled_works+0xae1/0x17b0 [ 88.168010][ T55] worker_thread+0x8a0/0xda0 [ 88.170314][ T55] kthread+0x70e/0x8a0 [ 88.172789][ T55] ret_from_fork+0x439/0x7d0 [ 88.175465][ T55] ret_from_fork_asm+0x1a/0x30 [ 88.177719][ T55] [ 88.177719][ T55] -> #0 (&conn->lock#2){+.+.}-{4:4}: [ 88.181141][ T55] validate_chain+0xb9b/0x2140 [ 88.183583][ T55] __lock_acquire+0xab9/0xd20 [ 88.186094][ T55] lock_acquire+0x120/0x360 [ 88.188880][ T55] __mutex_lock+0x187/0x1350 [ 88.191695][ T55] l2cap_info_timeout+0x60/0xa0 [ 88.194199][ T55] process_scheduled_works+0xae1/0x17b0 [ 88.196973][ T55] worker_thread+0x8a0/0xda0 [ 88.199431][ T55] kthread+0x70e/0x8a0 [ 88.202037][ T55] ret_from_fork+0x439/0x7d0 [ 88.204720][ T55] ret_from_fork_asm+0x1a/0x30 [ 88.207189][ T55] [ 88.207189][ T55] other info that might help us debug this: [ 88.207189][ T55] [ 88.211750][ T55] Possible unsafe locking scenario: [ 88.211750][ T55] [ 88.215391][ T55] CPU0 CPU1 [ 88.217702][ T55] ---- ---- [ 88.220062][ T55] lock((work_completion)(&(&conn->info_timer)->work)); [ 88.223160][ T55] lock(&conn->lock#2); [ 88.226337][ T55] lock((work_completion)(&(&conn->info_timer)->work)); [ 88.231256][ T55] lock(&conn->lock#2); [ 88.233253][ T55] [ 88.233253][ T55] *** DEADLOCK *** [ 88.233253][ T55] [ 88.236833][ T55] 2 locks held by kworker/0:2/55: [ 88.238989][ T55] #0: ffff88801a874d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 88.243269][ T55] #1: ffffc9000101fbc0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 88.248473][ T55] [ 88.248473][ T55] stack backtrace: [ 88.251248][ T55] CPU: 0 UID: 0 PID: 55 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full) [ 88.251268][ T55] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.251278][ T55] Workqueue: events l2cap_info_timeout [ 88.251301][ T55] Call Trace: [ 88.251313][ T55] [ 88.251320][ T55] dump_stack_lvl+0x189/0x250 [ 88.251338][ T55] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.251351][ T55] ? __pfx__printk+0x10/0x10 [ 88.251368][ T55] ? print_lock_name+0xde/0x100 [ 88.251383][ T55] print_circular_bug+0x2ee/0x310 [ 88.251398][ T55] check_noncircular+0x134/0x160 [ 88.251410][ T55] validate_chain+0xb9b/0x2140 [ 88.251427][ T55] __lock_acquire+0xab9/0xd20 [ 88.251442][ T55] ? l2cap_info_timeout+0x60/0xa0 [ 88.251451][ T55] lock_acquire+0x120/0x360 [ 88.251464][ T55] ? l2cap_info_timeout+0x60/0xa0 [ 88.251477][ T55] __mutex_lock+0x187/0x1350 [ 88.251490][ T55] ? l2cap_info_timeout+0x60/0xa0 [ 88.251502][ T55] ? irqentry_exit+0x74/0x90 [ 88.251513][ T55] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.251523][ T55] ? l2cap_info_timeout+0x60/0xa0 [ 88.251538][ T55] ? __pfx___mutex_lock+0x10/0x10 [ 88.251549][ T55] l2cap_info_timeout+0x60/0xa0 [ 88.251557][ T55] ? process_scheduled_works+0x9ef/0x17b0 [ 88.251569][ T55] process_scheduled_works+0xae1/0x17b0 [ 88.251584][ T55] ? __pfx_process_scheduled_works+0x10/0x10 [ 88.251597][ T55] worker_thread+0x8a0/0xda0 [ 88.251609][ T55] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 88.251624][ T55] ? __kthread_parkme+0x7b/0x200 [ 88.251638][ T55] kthread+0x70e/0x8a0 [ 88.251651][ T55] ? __pfx_worker_thread+0x10/0x10 [ 88.251661][ T55] ? __pfx_kthread+0x10/0x10 [ 88.251673][ T55] ? _raw_spin_unlock_irq+0x23/0x50 [ 88.251688][ T55] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.251697][ T55] ? __pfx_kthread+0x10/0x10 [ 88.251710][ T55] ret_from_fork+0x439/0x7d0 [ 88.251723][ T55] ? __pfx_ret_from_fork+0x10/0x10 [ 88.251736][ T55] ? __pfx_kthread+0x10/0x10 [ 88.251747][ T55] ret_from_fork_asm+0x1a/0x30 [ 88.251765][ T55]