program: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) (async) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) (async) r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000280)={r2, r2, 0xc, 0x1, &(0x7f0000000340)='\x00', 0x9, 0x1, 0x457, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'}) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r4, 0x400448ca, 0x0) (async) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f00000004c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x7, @remote, 0x2}, {0xa, 0x4e23, 0xfffffff8, @private1, 0x3}, 0xffffffffffffffff, 0x4926}}, 0x48) (async) r5 = dup(r0) (async) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) (async) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x80, 0xff}, 0x9c) (async) shutdown(r0, 0x1) (async) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x5, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0xf17a, 0x34, 0x7f, 0x9}, 0x9c) (async) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) (async) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0x2, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x3}}, 0x1000000, 0x72, 0xffff1896, 0x3, 0x62, 0x0, 0x1a}, 0x20) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000600)='./file1\x00', 0x800, &(0x7f00000004c0)=ANY=[], 0x0, 0x152d, &(0x7f0000001f80)="$eJzs3AuYTtUaOPD3XWvtMSS+JrkMa6138yWXZZIklyS5JEklSXJLSJrkSEJiCEkakpBchiSGkFwmJo37/X5JSJImSXLLLVn/Z8Lf6dT5dy79j/OceX/Psx/rtfZa+93f+13W3jPzfddlSK3Gtas3JCL4t+CFf5IAIBYABgBAXgAIAKB8XPm4rP6cEpP+vYOwP9dDqVc6A3Ylcf2zN65/9sb1z964/tkb1z974/pnb1z/7I3rz1h2tnFqoWt4y74b3//Pzvjz/39IZpkxX60uc11XgJh/dAjXP3vj+v/PCv6Rnbj+2RvXP7uKvdIJsP8C/PrPDnL83R6uf/bG9WcsO7vS95+v9AaR/7LH4HDOC4X5T50/Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDH2H3DaX6YA4FL7SufFGGOMMcYYY4yxP4/PcaUzYIwxxhhjjDHG2P9/CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgP7ocHoAE8CA3hIWgED0NjeASawKPQFJpBc2gBLf+l8S9AD3gRekIvSILe0Adegr7QD/rDyzAAXoGB8CoMgtcgGQbDEHgdhsIbMAzehOEwAkbCWzAK3obRMAbGwjhIgfEwAd6BifAuTIL3YDJMgVSYCtPgfZgOM2AmfACz4EOYDXNgLsyDNPgI5sMCSIePYSF8AhmwCBbDElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDt8CjvgM9gJu2A3fA574It/cvypvxnfFQEBBQpUqDAGYzAWYzEX5sLcmBvzYB6MYATjMA7zYT7Mj/mxIBbEeIzHIlgEDRokJCyKRTGKUSyOxbEElsBSWAodOkzABCyLN2E5LIflsTxWwApYESthJayCVbAqVsVqWA2rY3WsgTWwFtbCu/Au7I11sS7Ww3pYH+tfuj2FDbEhNsJG2BgbYxNsgk2xKTbH5tgSW2IrbIWtsTW2xbbYDtthe2yPiZiIHbADdsSO2Ak7YWfsjF2wC3bFbtgt84UcgC/ii9gLa4je2Af7YF9MztEfX8aX8RUciK/iq/gaJuNgHIKv4+v4Bg7DkzgcR+BIHIlVxds4GscgiXGYgik4ASfgRJyIWYm+h1MwFafiNJyG03EGzsAPcBZ+iB/iHJyD8zAN03A+LsB0TMeFeAozcBEuxiW4FJfhUlyBK3EFrsY1uBrX4TrcgBtwE27CLbgFt+E2/BQVAH6Gu3AXJuMe3IN7cS/uw324H/djJmbiATyAB/EgHsJDeBgP4xE8isfwKJ7AE3gST+FpPI1n8Syew+fiv2n0aclVySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBP5RD6RX+QXBUVBES/iRRFRRBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxS2igrhVVBSVRBtXRVQRVUVbV03cIaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+uF88IBqI3tgfHxJZlWksBmMTMQSbimZCXnwHayWGYWvRRrQVT4gROBzbi1YuUTwtOojR2FH8RYzBZ0VnMQ67iOdFV9FNdBcviB6itespeolJ2Fv0EVOwr+gn+ouXxXSsKT7AWTlriddEshgshojXxTx8QwwTb4rhYoQYKd4So8TbYrQYI8aKcSJFjBcTxDtionhXTBLvicliikgVU8U08b6YLmaImeIDMUt8KGaLOWKumCfSxEdivlgg0sXHYqH4RGSIRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is4iFrWKb2C4+FTvEZ2Kn2CV2i8/FHvGF2Cu+FPvEV2K/+Fpkim/EAfGtOCi+E4fE9+Kw+EEcEUfFMXFcnBA/ipPilDgtzoiz4idxTvwszgsvQKIUUkolAxkjc8hYmVPmklfJ3DK4+OheI+PktTKfvE7mlwVkQVlIxsvCsojU0kgrSYayqCwmo/J6WVzeIEvIkrKULC2dLCMT5I2yrLxJlpM3y/LyFllB3iorykqysqwib5NV5e0SIheOUUPWlLVkbXmXTIK7ZV15j6wn75X15X3yfvmAbCAflA3lQ7KRfFg2lo/IJvJR2VQ2k81lC9lSPiZbycdla9lGtpVPyHbySdlePiUT5dOyg/QXnyLPys7yOdlFPi+7ym6yu/xZnpde9pS9JPQG2Ue+JPvKfrJ/LADIV+RA+aocJF+TyXKwHCJfl0PlG3KYfFMOlyPkSPmWHCXflqPlGDlWjpMpcrycIN+RE+W7cpJ8T06WU2SqnCr7ywG/zDRTyj8c/87vjB/0y9E3yI1yk9wst8itcpvcLj+VO+QOuVPulLvlbrlH7pF75V65T+6T++V+mSkz5QF5QB6UB+UheUgeloflEXlUnpHH5Qn5ozwpT8lT8ow8K8/KcxcfA1CohJJKqUDFqBwqVuVUudRVKre6WuVReVVEXaPi1LUqn7pO5VcFVEFVSMWrwqqI0sooq0iFqqgqpqLqerz4hFGlVGnlVBmVoG78Z8ar4uoGVUKV/NX4S/kl/Z38WqqWqpVqpVqr1qqtaqvaqXaqvWqvElWi6qA6qI6qo+qkOqnOqrPqorqorqqr6q66qx6qh+qpeqoklaT6qJdUX9VP9VcvqwHqFTVQDVSD1CCVrJLVEDVEDVVD1TA1TA1Xw9VINVKNUqPUaDVajVVjVYpKURPUBDVRTVST1CQ1WU1WqSpVTVPT1HQ1Xc1UM9UsNUvNVrPVXDVXpak0NV/NV+kqXS1UC1WGWqQWqSVqiVqmlqkVaoVapVapNWqNWqfWqQy1UW1Um9VmtVVtVdvVdrVD7VA7xU61W+1We9QetVftVfvUPrVf7VeZKlMdUAfUQXVQHVKH1GF1WB1RR9QxdUydUCfUSXVSnVan1Vl1Vp1T59R5dT5r2ReIQAQqUEFMEBPEBrFBriBXkDvIHeQJ8gSRIBLEBXFBvuC6IH9QICgYFArig8JBkUAHJrCBuFj0aHB9UDy4ISgRlAxKBaUDF5QJEoIbg7LBTUG54OagfHBLUCG4NagYVAoqB1WC24Kqwe1BteCOoHpwZ1AjqBnUCmoHdwV1gruDusE9Qb3g3qB+cF9wf/BA0CB4MGgYPBQ0Ch4OGgePBE2CR4OmQbOgedAiaPmnzu/9yQKPu566l07SvXUf/ZLuq/vp/vplPUC/ogfqV/Ug/ZpO1oP1EP26Hqrf0MP0m3q4HqFH6rf0KP22Hq3H6LF6nE7R4/UE/Y6eqN/Vk/R7erKeolP1VD1Nv6+n6xl6pv5Az9If6tl6jp6r5+k0/ZGerxfodP2xXqg/0Rl6kV6sl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q4/1Tv0Z3qn3qV368/1Hv2F3qu/1Pv0V3q//lpn6m/0Af2tPqi/04f09/qw/kEf0Uf1MX1cn9A/6pP6lD6tz+iz+id9Tv+sz2uftbjP+ng3yigTY2JMrIk1uUwuk9vkNnlMHhMxERNn4kw+k8/kN/lNQVPQxJt4U8QUMVnIkClqipqoiZriprgpYUqYUqaUccaZBJNgypqyppwpZ8qb8qaCqWAqmoqmsqlsbjO3mdvN7eYOc4e509xpapqaprapbeqYOqauqWvqmXqmvqlv7jf3mwamgWloGppGppFpbBqbJqaJaWqamuamuWlpWppWppVpbVqbtqataWfamfamvUk0iaaD6WA6mo6mk+lkOpvOpovpYrqarqa76W56mB6mp+lpkkyS6WP6mL6mr+lv+psBZoAZaAaaQWaQSTbJZogZYoaaoWaYGWaGmxFmZNZC1bxtRpsxZqwZZ1JMiplgJpiJZqKZZCaZyWaySTWpZpqZZqab6WammWlmmVlmtplt5pq5Js2kmflmvkk36WahWWgyTIZZbBabpWapWW6Wm5VmpVltVpu1sNasN+vNRrPRbDabzVaz1Ww3280Os8PsNDvNbrPb7DF7zF6z1+wz+8x+s99kmkxzwBwwB81Bc8gcMofNYXPEHDHHzDFzwpwwJ81Jc9qcNmdNgYufl97E2pw2l73K5rZX2zw2r/3buKAtZONtYVvEapvfFvhVbKy1JWxJW8qWts6WsQn2xt/EFW0lW9lWsbfZqvZ2W+03cR17t61r77H17L22tr3rV3F9e5/NWp00QASwzWwj28I2to/YJvZR29Q2s81tC9vOPmnb26dson3adrDP/CaebxfYlXaVXW3X2J12lz1tz9iD9jt71v5ke9pedoB9xQ60r9pB9jWbbAf/Jh5p37Kj7Nt2tB1jx9pxv4kn2yk21U610+z7drqd8Zs4zX5kZ9l0O9vOsXPtvF/irJzS7cd2of3EZtgAFtsldqldZpfbFZdy9XntOrvebrA77Gd2s91it9ptdvulhbDdZXfbz+0e+4U9YL+1++xXdr89ZDPtN7/EWed3yH5vD9sf7BF71B6zx+0J+6O6NDrr3I/bn+156y0QEpAkRQHFUA6KpZyUi66i3HQ15aG8FKFrKI6upXx0HeWnAlSQClE8FaYipMmQJaKQilIxitL1dCm9UlSaHJWhBLqRytJNVI5upvJ0C1WgW6kiVaLKVIVuo6p0O1WjO6g63Uk1qCbVotp0F9Whu6ku3UP16F6qT/fR/fQANaAHqSE9RI3oYWpMj1ATepSaUjNqTi2oJT1Grehxak1tqC09Qe3oSWpPT1EiPU0d6BnqSH+hTvQsdabnqAs9T12pG3WnF6gHvUg9qRclUW/qQy9RX+pH/ellGkCv0EB6lQbRa5RMg2kIvU5D6Q0aRm/ScBpBI+ktGkVv02gaQ2NpHKXQeJpA79BEepcm0Xs0maZQKk2lafQ+TacZNJM+oFn0Ic2mOTSX5lEafUTzaQGl08e0kD6hDFpEi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6lHfQZ7aRdtJs+pz30BSF9SfvoK9pPX1MmfUMH6Fs6SN/RIfre96If6AgdpWN0nE7Qj3SSTtFpOkNn6Sc6Rz/TefIEIYYilKEKgzAmzBHGhjnDXOFVYe7w6jBPmDeMhNeEceG1Yb7wujB/WCAsGBYK48PCYZFQhya0IYVhWDQsFkbD68Pi4Q1hibBkWCosHbqwTJgQ3hiWDW8Ky4U3h+XDW8IK4a1hxbBS+Mi9VcLbwqrh7WG18I6wenhnWCOsGdYKa4d3hXXCu8O64T1hvfDesFx4X3h/+EDYIHwwbBg+FDYKHw4bh4+ETcJHw6Zhs7B52CJsGT4WtgofD1uHbcK24RNhu/DJsH34VJgYPh12CJ/5pf++BX+/PynsHfYJXwpfCr2/R86NzoumRT+Kzo8uiKZHP44ujH4SzYguii6OLokujS6LLo+uiK6Mroqujq6Jro2ui66Pboh6XzsHOHTCSadc4GJcDhfrcrpc7iqX213t8ri8LuKucXHuWpfPXefyuwKuoCvk4l1hV8RpZ5x15EJX1BVzUXe9K+5ucCVcSVfKlXbOlXEJroVr6Vq6Vu5x19q1cW3dE+4J96R70j3lnnJPuw7uGdfR/cV1cs+6zu4595x73nV13Vx394Lr4cbnufCaTHJ9XB/X1/V1/V1/N8ANcAPdQDfIDXLJLtkNcUPcUDfUDXPD3HA33I10I90oN8qNdqPdWDfWpbgUN8FNcBPdRDfJTXKT3WSX6lLdNDfNTXfTXdUZF44y2812c91cl+bS3HyXtWZMdwvdQpfhMtxit9gtdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9xOn/fCpG6P2+v2un1un9vvvnaZ7ht3wH3rDrrv3CH3vTvsfnBH3FF3zB13J9yP7qQ75U67M+6s+8mdcz+78867lMj4yITIO5GJkXcjkyLvRSZHpkRSI1Mj0yLvR6ZHZkRmRj6IzIp8GJkdmROZG5kXSYt8FJkfWRBJj3wcWRj5JJIRWRRZHFkSWRpZFvG+8ObQF/XFfNRf74v7G3wJX9KX8qW982V8gr/Rl/U3+XL+Zl/e3+Ir+Ft9RV/JV/aP+qa+mW/uW/iW/jHfyj/uW/s2vq1/wrfzT/r2/imf6J/2HfwzvqP/i+/kn/Wd/XO+i3/ed/XdfHf/gu/hX/Q9fS+f5Hv7Pv4l39f38/39y36Af8UP9K/6Qf41n+wH+yH+dT/Uv+GH+Tf9cD/Cj4x5y4+6dIkM43yKH+8n+Hf8RP+un+Tf85P9FJ/qp/pp/n0/3c/wM/0Hfpb/0M/2c/xcP8+n+Y/8fL/Ap/uP/UL/ic/wiy7dVPbL/Qq/0q/yq/0av9av8+v9Br/Rb/Kb/Ra/1W/z2/2nfof/zO/0u/xu/7nf47/we/2Xfp//yu/3X/tM/40/4L/1B/13/pD/3h/2P/gj/qg/5o/7E/5Hf9Kf8qf9GX/W/+TP+Z/9ef6bNcYYY4yxf8j4y03x654Lt/N7/84Y8Vc79wGAq7cUyvzr/qwV5dr8F9r9RHy7CAA83avLQ5e2GjWSkpIu7pshISg2B+DST4KyxMDleBG0hSchEdpA2d/Nv5/odpb+YP7oLQC5/mpMLFyOL8//JQAm/c78jz0xcn6F8HTc/2P+OQAlil0ekxMux4ug7S/3V9pAub+Tf4FWf5B/zq9SAFr/1ZjccDm+nH8CPA7PQOKv9mSMMcYYY4wxxi7oJyp3unT9eek3Pn/v+jxeXR6TAy7Hf3R9zhhjjDHGGGOMsSvv2W7dn3osMbFNp3++Ue2P91H/2sy/NJrAv5oYN/6lhvcA/7dwAPBvTgiQ1ZD/ybPY9B85VvLFl87fdi094wP47yjln9G4wm9MjDHGGGOMsT/d5UX/r/9fXamEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxbOjf/Y43+Ae+pe9KnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2pf2fAAAA//+Bqfni") r7 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0), 0x8402, 0x0) sendfile(r7, r8, 0x0, 0xff7e82) r9 = creat(&(0x7f0000000100)='./bus\x00', 0x4a) ioctl$USBDEVFS_DISCSIGNAL(r5, 0x8010550e, &(0x7f0000000180)={0xfff, &(0x7f0000000540)="9d888fa1a6528b91f340dede8faee0c98098958c2b0478af105dbd13b6961e65b6d1e02162664478755856e75928cffa4aef3501f89d949e65d73b9645e977241207c163375aebac73183ce6b7cab96a85398d839c3599dfddf627"}) (async) ftruncate(r9, 0x201f) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r9, 0x84, 0x16, &(0x7f0000000340)={0x5, [0x8, 0x9, 0x6963, 0xfff9, 0xe3]}, &(0x7f00000003c0)=0xe) (async) ioctl$EVIOCGABS0(r5, 0x80184540, &(0x7f00000002c0)=""/26) [ 85.152819][ T10] hid-multitouch 0005:0457:0009.0002: unknown main item tag 0x0 [ 85.170956][ T5322] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 85.188433][ T10] hid-multitouch 0005:0457:0009.0002: hidraw1: BLUETOOTH HID v0.09 Device [syz1] on aa:aa:aa:aa:aa:aa [ 85.253591][ T5321] [ 85.254721][ T5321] ====================================================== [ 85.257754][ T5321] WARNING: possible circular locking dependency detected [ 85.260789][ T5321] syzkaller #0 Not tainted [ 85.262742][ T5321] ------------------------------------------------------ [ 85.265679][ T5321] syz.0.0/5321 is trying to acquire lock: [ 85.268158][ T5321] ffff88804124b840 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: __flush_work+0x100/0xc50 [ 85.273391][ T5321] [ 85.273391][ T5321] but task is already holding lock: [ 85.276348][ T5321] ffff88804124bb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5b0 [ 85.279860][ T5321] [ 85.279860][ T5321] which lock already depends on the new lock. [ 85.279860][ T5321] [ 85.283937][ T5321] [ 85.283937][ T5321] the existing dependency chain (in reverse order) is: [ 85.287407][ T5321] [ 85.287407][ T5321] -> #1 (&conn->lock#2){+.+.}-{4:4}: [ 85.290705][ T5321] __mutex_lock+0x19f/0x1300 [ 85.293023][ T5321] l2cap_info_timeout+0x60/0xa0 [ 85.295385][ T5321] process_scheduled_works+0xaec/0x17a0 [ 85.298102][ T5321] worker_thread+0xda6/0x1360 [ 85.300464][ T5321] kthread+0x726/0x8b0 [ 85.302574][ T5321] ret_from_fork+0x51b/0xa40 [ 85.304886][ T5321] ret_from_fork_asm+0x1a/0x30 [ 85.307293][ T5321] [ 85.307293][ T5321] -> #0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}: [ 85.311743][ T5321] __lock_acquire+0x15a5/0x2cf0 [ 85.313930][ T5321] lock_acquire+0x106/0x330 [ 85.316167][ T5321] __flush_work+0x700/0xc50 [ 85.318414][ T5321] __cancel_work_sync+0xbe/0x110 [ 85.320802][ T5321] l2cap_conn_del+0x402/0x5b0 [ 85.323062][ T5321] hci_conn_hash_flush+0x10d/0x260 [ 85.325465][ T5321] hci_dev_close_sync+0x821/0x10e0 [ 85.327930][ T5321] hci_dev_close+0x108/0x260 [ 85.330231][ T5321] sock_do_ioctl+0x101/0x320 [ 85.332617][ T5321] sock_ioctl+0x5c6/0x7f0 [ 85.334770][ T5321] __se_sys_ioctl+0xfc/0x170 [ 85.337179][ T5321] do_syscall_64+0xe2/0xf80 [ 85.339370][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.342284][ T5321] [ 85.342284][ T5321] other info that might help us debug this: [ 85.342284][ T5321] [ 85.346709][ T5321] Possible unsafe locking scenario: [ 85.346709][ T5321] [ 85.349967][ T5321] CPU0 CPU1 [ 85.352306][ T5321] ---- ---- [ 85.354626][ T5321] lock(&conn->lock#2); [ 85.356450][ T5321] lock((work_completion)(&(&conn->info_timer)->work)); [ 85.360487][ T5321] lock(&conn->lock#2); [ 85.363386][ T5321] lock((work_completion)(&(&conn->info_timer)->work)); [ 85.366381][ T5321] [ 85.366381][ T5321] *** DEADLOCK *** [ 85.366381][ T5321] [ 85.369843][ T5321] 5 locks held by syz.0.0/5321: [ 85.371995][ T5321] #0: ffff88801a650ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_close+0x100/0x260 [ 85.376027][ T5321] #1: ffff88801a6500c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x10e0 [ 85.380032][ T5321] #2: ffffffff8fb3b1e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x260 [ 85.384209][ T5321] #3: ffff88804124bb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5b0 [ 85.388103][ T5321] #4: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: __flush_work+0x100/0xc50 [ 85.392110][ T5321] [ 85.392110][ T5321] stack backtrace: [ 85.394682][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.394697][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.394703][ T5321] Call Trace: [ 85.394711][ T5321] [ 85.394717][ T5321] dump_stack_lvl+0xe8/0x150 [ 85.394735][ T5321] print_circular_bug+0x2e1/0x300 [ 85.394750][ T5321] check_noncircular+0x12e/0x150 [ 85.394762][ T5321] __lock_acquire+0x15a5/0x2cf0 [ 85.394778][ T5321] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.394792][ T5321] ? __flush_work+0x100/0xc50 [ 85.394803][ T5321] lock_acquire+0x106/0x330 [ 85.394817][ T5321] ? __flush_work+0x100/0xc50 [ 85.394830][ T5321] ? __flush_work+0x100/0xc50 [ 85.394840][ T5321] __flush_work+0x700/0xc50 [ 85.394850][ T5321] ? __flush_work+0x100/0xc50 [ 85.394861][ T5321] ? __flush_work+0x100/0xc50 [ 85.394872][ T5321] ? __pfx___flush_work+0x10/0x10 [ 85.394884][ T5321] ? __pfx_wq_barrier_func+0x10/0x10 [ 85.394905][ T5321] ? __cancel_work_sync+0x5c/0x110 [ 85.394918][ T5321] __cancel_work_sync+0xbe/0x110 [ 85.394931][ T5321] l2cap_conn_del+0x402/0x5b0 [ 85.394944][ T5321] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 85.394956][ T5321] hci_conn_hash_flush+0x10d/0x260 [ 85.394969][ T5321] hci_dev_close_sync+0x821/0x10e0 [ 85.394982][ T5321] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 85.394993][ T5321] ? lockdep_hardirqs_on+0x7a/0x110 [ 85.395005][ T5321] ? enable_work+0x1fd/0x230 [ 85.395027][ T5321] hci_dev_close+0x108/0x260 [ 85.395038][ T5321] sock_do_ioctl+0x101/0x320 [ 85.395055][ T5321] ? __pfx_sock_do_ioctl+0x10/0x10 [ 85.395068][ T5321] ? do_futex+0x395/0x420 [ 85.395089][ T5321] sock_ioctl+0x5c6/0x7f0 [ 85.395103][ T5321] ? __pfx_sock_ioctl+0x10/0x10 [ 85.395116][ T5321] ? __fget_files+0x2a/0x420 [ 85.395126][ T5321] ? __fget_files+0x3a0/0x420 [ 85.395136][ T5321] ? __fget_files+0x2a/0x420 [ 85.395146][ T5321] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.395159][ T5321] ? __pfx_sock_ioctl+0x10/0x10 [ 85.395172][ T5321] __se_sys_ioctl+0xfc/0x170 [ 85.395186][ T5321] do_syscall_64+0xe2/0xf80 [ 85.395198][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.395209][ T5321] ? trace_irq_disable+0x37/0x100 [ 85.395222][ T5321] ? clear_bhb_loop+0x60/0xb0 [ 85.395235][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.395246][ T5321] RIP: 0033:0x7f9f3279aeb9 [ 85.395277][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.395287][ T5321] RSP: 002b:00007f9f3370d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.395300][ T5321] RAX: ffffffffffffffda RBX: 00007f9f32a15fa0 RCX: 00007f9f3279aeb9 [ 85.395308][ T5321] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000008 [ 85.395315][ T5321] RBP: 00007f9f32808c1f R08: 0000000000000000 R09: 0000000000000000 [ 85.395322][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.395329][ T5321] R13: 00007f9f32a16038 R14: 00007f9f32a15fa0 R15: 00007ffd6adcb168 [ 85.395342][ T5321] [ 85.543612][ T5330] fido_id[5330]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 85.556283][ T5298] Bluetooth: hci0: command tx timeout [ 87.609570][ T5298] Bluetooth: hci0: command tx timeout [ 89.689624][ T5298] Bluetooth: hci0: command tx timeout