Warning: Permanently added '[localhost]:2032' (ECDSA) to the list of known hosts. 2023/02/24 11:09:36 fuzzer started 2023/02/24 11:09:37 dialing manager at localhost:41417 syzkaller login: [ 45.430275] cgroup: Unknown subsys name 'net' [ 45.537096] cgroup: Unknown subsys name 'rlimit' 2023/02/24 11:09:52 syscalls: 2217 2023/02/24 11:09:52 code coverage: enabled 2023/02/24 11:09:52 comparison tracing: enabled 2023/02/24 11:09:52 extra coverage: enabled 2023/02/24 11:09:52 setuid sandbox: enabled 2023/02/24 11:09:52 namespace sandbox: enabled 2023/02/24 11:09:52 Android sandbox: enabled 2023/02/24 11:09:52 fault injection: enabled 2023/02/24 11:09:52 leak checking: enabled 2023/02/24 11:09:52 net packet injection: enabled 2023/02/24 11:09:52 net device setup: enabled 2023/02/24 11:09:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 11:09:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 11:09:52 USB emulation: enabled 2023/02/24 11:09:52 hci packet injection: enabled 2023/02/24 11:09:52 wifi device emulation: enabled 2023/02/24 11:09:52 802.15.4 emulation: enabled 2023/02/24 11:09:52 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/24 11:09:52 fetching corpus: 38, signal 18391/22063 (executing program) 2023/02/24 11:09:52 fetching corpus: 65, signal 32850/37970 (executing program) 2023/02/24 11:09:52 fetching corpus: 112, signal 44616/51009 (executing program) 2023/02/24 11:09:52 fetching corpus: 162, signal 54810/62320 (executing program) 2023/02/24 11:09:53 fetching corpus: 212, signal 60305/69009 (executing program) 2023/02/24 11:09:53 fetching corpus: 262, signal 68439/78043 (executing program) 2023/02/24 11:09:53 fetching corpus: 312, signal 75544/86006 (executing program) 2023/02/24 11:09:53 fetching corpus: 362, signal 82014/93290 (executing program) 2023/02/24 11:09:53 fetching corpus: 412, signal 88348/100316 (executing program) 2023/02/24 11:09:53 fetching corpus: 462, signal 94613/107109 (executing program) 2023/02/24 11:09:53 fetching corpus: 512, signal 98923/112109 (executing program) 2023/02/24 11:09:54 fetching corpus: 562, signal 101956/115816 (executing program) 2023/02/24 11:09:54 fetching corpus: 612, signal 104496/119107 (executing program) 2023/02/24 11:09:54 fetching corpus: 661, signal 108200/123255 (executing program) 2023/02/24 11:09:54 fetching corpus: 711, signal 110776/126462 (executing program) 2023/02/24 11:09:54 fetching corpus: 761, signal 113716/129962 (executing program) 2023/02/24 11:09:54 fetching corpus: 811, signal 116259/133013 (executing program) 2023/02/24 11:09:54 fetching corpus: 861, signal 119122/136305 (executing program) 2023/02/24 11:09:55 fetching corpus: 910, signal 121399/139072 (executing program) 2023/02/24 11:09:55 fetching corpus: 960, signal 124598/142545 (executing program) 2023/02/24 11:09:55 fetching corpus: 1010, signal 127133/145381 (executing program) 2023/02/24 11:09:55 fetching corpus: 1059, signal 129194/147811 (executing program) 2023/02/24 11:09:55 fetching corpus: 1107, signal 131327/150334 (executing program) 2023/02/24 11:09:55 fetching corpus: 1157, signal 133556/152830 (executing program) 2023/02/24 11:09:55 fetching corpus: 1207, signal 135547/155084 (executing program) 2023/02/24 11:09:56 fetching corpus: 1257, signal 137220/157101 (executing program) 2023/02/24 11:09:56 fetching corpus: 1307, signal 138467/158724 (executing program) 2023/02/24 11:09:56 fetching corpus: 1355, signal 140014/160564 (executing program) 2023/02/24 11:09:56 fetching corpus: 1404, signal 142206/162836 (executing program) 2023/02/24 11:09:56 fetching corpus: 1454, signal 144448/165115 (executing program) 2023/02/24 11:09:56 fetching corpus: 1504, signal 146348/167102 (executing program) 2023/02/24 11:09:56 fetching corpus: 1554, signal 147733/168701 (executing program) 2023/02/24 11:09:57 fetching corpus: 1604, signal 150805/171413 (executing program) 2023/02/24 11:09:57 fetching corpus: 1653, signal 153040/173544 (executing program) 2023/02/24 11:09:57 fetching corpus: 1703, signal 154326/175023 (executing program) 2023/02/24 11:09:57 fetching corpus: 1753, signal 156002/176658 (executing program) 2023/02/24 11:09:57 fetching corpus: 1803, signal 157421/178128 (executing program) 2023/02/24 11:09:57 fetching corpus: 1853, signal 158540/179435 (executing program) 2023/02/24 11:09:57 fetching corpus: 1903, signal 159512/180582 (executing program) 2023/02/24 11:09:57 fetching corpus: 1953, signal 161022/182028 (executing program) 2023/02/24 11:09:58 fetching corpus: 2003, signal 161893/183055 (executing program) 2023/02/24 11:09:58 fetching corpus: 2052, signal 162897/184112 (executing program) 2023/02/24 11:09:58 fetching corpus: 2102, signal 164012/185262 (executing program) 2023/02/24 11:09:58 fetching corpus: 2152, signal 164970/186335 (executing program) 2023/02/24 11:09:58 fetching corpus: 2202, signal 165947/187392 (executing program) 2023/02/24 11:09:58 fetching corpus: 2252, signal 167497/188757 (executing program) 2023/02/24 11:09:58 fetching corpus: 2301, signal 168976/190052 (executing program) 2023/02/24 11:09:58 fetching corpus: 2351, signal 170038/191101 (executing program) 2023/02/24 11:09:58 fetching corpus: 2401, signal 171109/192120 (executing program) 2023/02/24 11:09:59 fetching corpus: 2450, signal 171852/192923 (executing program) 2023/02/24 11:09:59 fetching corpus: 2499, signal 172738/193781 (executing program) 2023/02/24 11:09:59 fetching corpus: 2549, signal 173867/194759 (executing program) 2023/02/24 11:09:59 fetching corpus: 2599, signal 175339/195942 (executing program) 2023/02/24 11:09:59 fetching corpus: 2649, signal 176246/196753 (executing program) 2023/02/24 11:09:59 fetching corpus: 2699, signal 177550/197761 (executing program) 2023/02/24 11:09:59 fetching corpus: 2749, signal 178738/198649 (executing program) 2023/02/24 11:09:59 fetching corpus: 2799, signal 179710/199410 (executing program) 2023/02/24 11:10:00 fetching corpus: 2848, signal 180776/200250 (executing program) 2023/02/24 11:10:00 fetching corpus: 2898, signal 181568/200972 (executing program) 2023/02/24 11:10:00 fetching corpus: 2948, signal 182395/201679 (executing program) 2023/02/24 11:10:00 fetching corpus: 2998, signal 183546/202476 (executing program) 2023/02/24 11:10:00 fetching corpus: 3047, signal 184889/203301 (executing program) 2023/02/24 11:10:00 fetching corpus: 3095, signal 185749/203985 (executing program) 2023/02/24 11:10:01 fetching corpus: 3145, signal 186971/204786 (executing program) 2023/02/24 11:10:01 fetching corpus: 3195, signal 188194/205535 (executing program) 2023/02/24 11:10:01 fetching corpus: 3245, signal 189631/206369 (executing program) 2023/02/24 11:10:01 fetching corpus: 3295, signal 190531/206951 (executing program) 2023/02/24 11:10:01 fetching corpus: 3345, signal 191248/207463 (executing program) 2023/02/24 11:10:01 fetching corpus: 3395, signal 191731/207892 (executing program) 2023/02/24 11:10:01 fetching corpus: 3445, signal 192526/208376 (executing program) 2023/02/24 11:10:01 fetching corpus: 3495, signal 193261/208837 (executing program) 2023/02/24 11:10:02 fetching corpus: 3545, signal 194096/209334 (executing program) 2023/02/24 11:10:02 fetching corpus: 3595, signal 194547/209710 (executing program) 2023/02/24 11:10:02 fetching corpus: 3645, signal 195190/210072 (executing program) 2023/02/24 11:10:02 fetching corpus: 3695, signal 195993/210482 (executing program) 2023/02/24 11:10:02 fetching corpus: 3745, signal 197113/211004 (executing program) 2023/02/24 11:10:02 fetching corpus: 3791, signal 197561/211336 (executing program) 2023/02/24 11:10:02 fetching corpus: 3841, signal 198626/211793 (executing program) 2023/02/24 11:10:03 fetching corpus: 3891, signal 199127/212118 (executing program) 2023/02/24 11:10:03 fetching corpus: 3941, signal 199946/212497 (executing program) 2023/02/24 11:10:03 fetching corpus: 3991, signal 200747/212835 (executing program) 2023/02/24 11:10:03 fetching corpus: 4040, signal 201386/213142 (executing program) 2023/02/24 11:10:03 fetching corpus: 4089, signal 202233/213509 (executing program) 2023/02/24 11:10:03 fetching corpus: 4139, signal 203443/213900 (executing program) 2023/02/24 11:10:03 fetching corpus: 4189, signal 204396/214198 (executing program) 2023/02/24 11:10:03 fetching corpus: 4238, signal 205187/214472 (executing program) 2023/02/24 11:10:04 fetching corpus: 4288, signal 205689/214675 (executing program) 2023/02/24 11:10:04 fetching corpus: 4338, signal 206249/214853 (executing program) 2023/02/24 11:10:04 fetching corpus: 4388, signal 207283/215151 (executing program) 2023/02/24 11:10:04 fetching corpus: 4438, signal 207714/215339 (executing program) 2023/02/24 11:10:04 fetching corpus: 4487, signal 208413/215519 (executing program) 2023/02/24 11:10:04 fetching corpus: 4537, signal 208959/215695 (executing program) 2023/02/24 11:10:04 fetching corpus: 4587, signal 209564/215828 (executing program) 2023/02/24 11:10:05 fetching corpus: 4637, signal 210009/215967 (executing program) 2023/02/24 11:10:05 fetching corpus: 4687, signal 210638/216116 (executing program) 2023/02/24 11:10:05 fetching corpus: 4737, signal 211092/216211 (executing program) 2023/02/24 11:10:05 fetching corpus: 4787, signal 211612/216309 (executing program) 2023/02/24 11:10:05 fetching corpus: 4836, signal 212164/216416 (executing program) 2023/02/24 11:10:05 fetching corpus: 4886, signal 212595/216507 (executing program) 2023/02/24 11:10:05 fetching corpus: 4903, signal 212750/216593 (executing program) 2023/02/24 11:10:05 fetching corpus: 4903, signal 212750/216634 (executing program) 2023/02/24 11:10:05 fetching corpus: 4903, signal 212750/216707 (executing program) 2023/02/24 11:10:05 fetching corpus: 4903, signal 212750/216735 (executing program) 2023/02/24 11:10:05 fetching corpus: 4903, signal 212750/216771 (executing program) 2023/02/24 11:10:05 fetching corpus: 4903, signal 212750/216807 (executing program) 2023/02/24 11:10:05 fetching corpus: 4903, signal 212750/216856 (executing program) 2023/02/24 11:10:05 fetching corpus: 4903, signal 212750/216896 (executing program) 2023/02/24 11:10:05 fetching corpus: 4903, signal 212750/216919 (executing program) 2023/02/24 11:10:05 fetching corpus: 4903, signal 212750/216919 (executing program) 2023/02/24 11:10:08 starting 8 fuzzer processes 11:10:08 executing program 0: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)=0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=0x0) fgetxattr(r0, &(0x7f0000000140)=@random={'system.', '/dev/ttyS3\x00'}, &(0x7f0000000480)=""/8, 0x8) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r4, 0x80047213, &(0x7f00000004c0)) epoll_create(0x101) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone3(&(0x7f0000000400)={0x115811800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100), {0x1f}, &(0x7f0000000180)=""/228, 0xe4, &(0x7f0000000700)=""/193, &(0x7f0000000380)=[r2, r2, r3, r2], 0x4}, 0x58) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pidfd_open(r3, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:10:08 executing program 1: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) connect$802154_dgram(r0, &(0x7f00000001c0)={0x24, @short}, 0x14) 11:10:08 executing program 2: io_setup(0x6, &(0x7f0000000040)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105241, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f00000000c0)={0x8}) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0}]) 11:10:08 executing program 3: r0 = fsopen(&(0x7f0000000080)='proc\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x3, &(0x7f0000000040)='jg\x9f\xbe{\xe5\xb2\x9b\xcaY\x02\x00!V\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00', &(0x7f00000001c0)='\x00\x00\x00', 0x0) [ 74.897047] audit: type=1400 audit(1677237008.080:6): avc: denied { execmem } for pid=259 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:10:08 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = timerfd_create(0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 11:10:08 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000180)={0xfffffffb}) 11:10:08 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000300), 0x4) 11:10:08 executing program 5: syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x8, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @remote}, @source_quench={0x2a, 0x2c, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @broadcast}}}}}}, 0x0) [ 76.219848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.222935] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.225428] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.226810] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.228522] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.231670] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.233690] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.234918] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.267000] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.270181] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.272945] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.275947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.278518] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.279828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.321809] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.336297] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.341519] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.342863] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.345037] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.346533] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.348888] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.357290] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.363431] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 76.364934] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 76.366586] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.388482] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 76.394176] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 76.413854] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 76.416592] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 76.417853] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 76.452964] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 76.456932] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 76.459506] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 76.465077] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 76.467725] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 76.471905] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 78.292827] Bluetooth: hci1: command 0x0409 tx timeout [ 78.293306] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 78.294841] [ 78.295042] ====================================================== [ 78.295507] WARNING: possible circular locking dependency detected [ 78.295963] 6.2.0-next-20230224 #1 Not tainted [ 78.296298] ------------------------------------------------------ [ 78.300485] syz-executor.0/272 is trying to acquire lock: [ 78.300883] ffff88801613c880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 78.301682] [ 78.301682] but task is already holding lock: [ 78.302108] ffff88801613c920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 78.302824] [ 78.302824] which lock already depends on the new lock. [ 78.302824] [ 78.303424] [ 78.303424] the existing dependency chain (in reverse order) is: [ 78.303992] [ 78.303992] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 78.304546] __mutex_lock+0x133/0x14a0 [ 78.304901] hci_cmd_sync_work+0x1e6/0x320 [ 78.305279] process_one_work+0xa0f/0x1790 [ 78.305688] worker_thread+0x63b/0x1260 [ 78.306063] kthread+0x2e9/0x3a0 [ 78.306440] ret_from_fork+0x2c/0x50 [ 78.306852] [ 78.306852] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 78.307625] __lock_acquire+0x2d56/0x6380 [ 78.308083] lock_acquire.part.0+0xea/0x320 [ 78.308552] __flush_work+0x109/0xd80 [ 78.308965] __cancel_work_timer+0x39c/0x4e0 [ 78.309430] hci_cmd_sync_clear+0x52/0x250 [ 78.309891] hci_unregister_dev+0xf9/0x410 [ 78.310347] vhci_release+0x80/0x100 [ 78.310758] __fput+0x263/0xa40 [ 78.311139] task_work_run+0x174/0x280 [ 78.311580] do_exit+0xad8/0x2800 [ 78.311978] do_group_exit+0xd4/0x2a0 [ 78.312395] __x64_sys_exit_group+0x3e/0x50 [ 78.312872] do_syscall_64+0x3f/0x90 [ 78.313286] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 78.313844] [ 78.313844] other info that might help us debug this: [ 78.313844] [ 78.314584] Possible unsafe locking scenario: [ 78.314584] [ 78.315129] CPU0 CPU1 [ 78.315551] ---- ---- [ 78.315974] lock(&hdev->cmd_sync_work_lock); [ 78.316409] lock((work_completion)(&hdev->cmd_sync_work)); [ 78.317158] lock(&hdev->cmd_sync_work_lock); [ 78.317820] lock((work_completion)(&hdev->cmd_sync_work)); [ 78.318319] [ 78.318319] *** DEADLOCK *** [ 78.318319] [ 78.318781] 1 lock held by syz-executor.0/272: [ 78.319127] #0: ffff88801613c920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 78.319912] [ 78.319912] stack backtrace: [ 78.320241] CPU: 1 PID: 272 Comm: syz-executor.0 Not tainted 6.2.0-next-20230224 #1 [ 78.320826] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 78.321465] Call Trace: [ 78.321664] [ 78.321840] dump_stack_lvl+0x91/0xf0 [ 78.322140] check_noncircular+0x263/0x2e0 [ 78.322477] ? __pfx_check_noncircular+0x10/0x10 [ 78.322869] __lock_acquire+0x2d56/0x6380 [ 78.323212] ? lock_is_held_type+0x9f/0x120 [ 78.323562] ? __pfx___lock_acquire+0x10/0x10 [ 78.323919] ? __pfx_register_lock_class+0x10/0x10 [ 78.324297] ? __wait_for_common+0x394/0x550 [ 78.324655] ? __pfx_lock_release+0x10/0x10 [ 78.325006] lock_acquire.part.0+0xea/0x320 [ 78.325364] ? __flush_work+0xdd/0xd80 [ 78.325699] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 78.326085] ? __flush_work+0xdd/0xd80 [ 78.326413] ? rcu_read_lock_sched_held+0x42/0x80 [ 78.326787] ? trace_lock_acquire+0x170/0x1e0 [ 78.327148] ? __flush_work+0xdd/0xd80 [ 78.327443] ? lock_acquire+0x32/0xc0 [ 78.327735] ? __flush_work+0xdd/0xd80 [ 78.328037] __flush_work+0x109/0xd80 [ 78.328335] ? __flush_work+0xdd/0xd80 [ 78.328643] ? __pfx_mark_lock.part.0+0x10/0x10 [ 78.328998] ? __pfx___flush_work+0x10/0x10 [ 78.329327] ? lock_acquire.part.0+0xea/0x320 [ 78.329680] ? hci_cmd_sync_clear+0x45/0x250 [ 78.330016] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 78.330384] ? hci_cmd_sync_clear+0x45/0x250 [ 78.330711] ? rcu_read_lock_sched_held+0x42/0x80 [ 78.331064] ? trace_lock_acquire+0x170/0x1e0 [ 78.331402] ? lock_is_held_type+0x9f/0x120 [ 78.331730] ? mark_held_locks+0x9e/0xe0 [ 78.332034] __cancel_work_timer+0x39c/0x4e0 [ 78.332359] ? __pfx___cancel_work_timer+0x10/0x10 [ 78.332725] ? __cancel_work_timer+0x2aa/0x4e0 [ 78.333060] ? __pfx___cancel_work_timer+0x10/0x10 [ 78.333423] ? lock_release+0x1e3/0x710 [ 78.333726] ? __pfx_lock_release+0x10/0x10 [ 78.334049] ? do_raw_write_lock+0x11e/0x3b0 [ 78.334387] ? __pfx_vhci_release+0x10/0x10 [ 78.334707] hci_cmd_sync_clear+0x52/0x250 [ 78.335021] ? __pfx_vhci_release+0x10/0x10 [ 78.335345] hci_unregister_dev+0xf9/0x410 [ 78.335680] vhci_release+0x80/0x100 [ 78.335970] __fput+0x263/0xa40 [ 78.336215] task_work_run+0x174/0x280 [ 78.336499] ? __pfx_task_work_run+0x10/0x10 [ 78.336816] ? do_raw_spin_unlock+0x53/0x220 [ 78.337130] do_exit+0xad8/0x2800 [ 78.337387] ? lock_release+0x1e3/0x710 [ 78.337692] ? __pfx_lock_release+0x10/0x10 [ 78.338007] ? do_raw_spin_lock+0x125/0x270 [ 78.338315] ? __pfx_do_exit+0x10/0x10 [ 78.338599] do_group_exit+0xd4/0x2a0 [ 78.338872] __x64_sys_exit_group+0x3e/0x50 [ 78.339179] do_syscall_64+0x3f/0x90 [ 78.339444] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 78.339803] RIP: 0033:0x7f44adb7ab19 [ 78.340062] Code: Unable to access opcode bytes at 0x7f44adb7aaef. [ 78.340485] RSP: 002b:00007fff118e97d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 78.341002] RAX: ffffffffffffffda RBX: 00007fff118e9fb8 RCX: 00007f44adb7ab19 [ 78.341499] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 78.341979] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007fff118e9fb8 [ 78.342458] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f44adbd4233 [ 78.342934] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 78.343416] [ 78.356442] Bluetooth: hci3: command 0x0409 tx timeout [ 78.420329] Bluetooth: hci4: command 0x0409 tx timeout [ 78.420353] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 78.420749] Bluetooth: hci0: command 0x0409 tx timeout [ 78.484252] Bluetooth: hci5: command 0x0409 tx timeout [ 78.548327] Bluetooth: hci6: command 0x0409 tx timeout [ 80.340421] Bluetooth: hci1: command 0x041b tx timeout [ 80.404315] Bluetooth: hci3: command 0x041b tx timeout [ 80.468271] Bluetooth: hci4: command 0x041b tx timeout [ 80.469026] Bluetooth: hci0: command 0x041b tx timeout [ 80.532888] Bluetooth: hci5: command 0x041b tx timeout [ 80.596266] Bluetooth: hci6: command 0x041b tx timeout [ 81.495193] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.496804] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.498093] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.500161] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.501898] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 81.502734] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.388272] Bluetooth: hci1: command 0x040f tx timeout [ 82.452262] Bluetooth: hci3: command 0x040f tx timeout [ 82.516272] Bluetooth: hci0: command 0x040f tx timeout [ 82.516282] Bluetooth: hci4: command 0x040f tx timeout [ 82.580232] Bluetooth: hci5: command 0x040f tx timeout [ 82.644245] Bluetooth: hci6: command 0x040f tx timeout [ 83.540265] Bluetooth: hci2: command 0x0409 tx timeout [ 83.604229] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 84.436279] Bluetooth: hci1: command 0x0419 tx timeout [ 84.500283] Bluetooth: hci3: command 0x0419 tx timeout [ 84.564252] Bluetooth: hci4: command 0x0419 tx timeout [ 84.564657] Bluetooth: hci0: command 0x0419 tx timeout [ 84.628263] Bluetooth: hci5: command 0x0419 tx timeout [ 84.692238] Bluetooth: hci6: command 0x0419 tx timeout [ 85.588307] Bluetooth: hci2: command 0x041b tx timeout [ 86.052531] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 86.053139] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 86.054466] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 86.058073] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 86.058825] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 86.059585] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 87.636272] Bluetooth: hci2: command 0x040f tx timeout [ 88.084293] Bluetooth: hci7: command 0x0409 tx timeout VM DIAGNOSIS: 11:10:11 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=ffffffff86497b47 RCX=ffffffff86497b42 RDX=1ffff110028a5e84 RSI=0000000000000001 RDI=ffffffff86035808 RBP=ffff88801452f430 RSP=ffff88801452f368 R8 =ffffffff86497b46 R9 =ffff88801452f418 R10=0000000000038001 R11=0000000000000001 R12=ffff88801452f438 R13=ffff88801452f3d8 R14=0000000000000005 R15=0000000000000001 RIP=ffffffff81132a82 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe198ad90000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe198ad8e000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f0b8a5fd260 CR3=0000000016a2a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff88800fcf7190 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002d R11=0000000000000001 R12=000000000000002d R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe2993467000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe2993465000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f0911fa56f4 CR3=000000001bdf6000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f0911fb447000007f0911fb3f20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000