Warning: Permanently added '[localhost]:1569' (ECDSA) to the list of known hosts. 2023/02/24 10:47:48 fuzzer started 2023/02/24 10:47:48 dialing manager at localhost:41417 2023/02/24 10:47:48 checking machine... 2023/02/24 10:47:48 checking revisions... syzkaller login: [ 35.040783] kmemleak: Automatic memory scanning thread ended 2023/02/24 10:47:48 testing simple program... [ 35.103953] cgroup: Unknown subsys name 'net' [ 35.173119] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program executing program [ 48.516377] audit: type=1400 audit(1677235681.901:6): avc: denied { execmem } for pid=260 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 49.659608] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 49.661681] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 49.663087] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 49.665993] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 49.667951] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 49.669382] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 51.745369] Bluetooth: hci0: command 0x0409 tx timeout executing program [ 53.792442] Bluetooth: hci0: command 0x041b tx timeout [ 55.840418] Bluetooth: hci0: command 0x040f tx timeout executing program [ 57.888133] Bluetooth: hci0: command 0x0419 tx timeout executing program executing program executing program [ 66.315807] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.317077] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.319309] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.378772] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.379825] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.382231] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2023/02/24 10:48:20 building call list... [ 66.834785] [ 66.835065] ====================================================== [ 66.835807] WARNING: possible circular locking dependency detected [ 66.836548] 6.2.0-next-20230224 #1 Not tainted [ 66.837357] ------------------------------------------------------ [ 66.841735] syz-executor.0/261 is trying to acquire lock: [ 66.842395] ffff8880163a4880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 66.843645] [ 66.843645] but task is already holding lock: [ 66.844355] ffff8880163a4920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 66.845515] [ 66.845515] which lock already depends on the new lock. [ 66.845515] [ 66.846466] [ 66.846466] the existing dependency chain (in reverse order) is: [ 66.847358] [ 66.847358] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 66.848211] __mutex_lock+0x133/0x14a0 [ 66.848777] hci_cmd_sync_work+0x1e6/0x320 [ 66.849376] process_one_work+0xa0f/0x1790 [ 66.849981] worker_thread+0x63b/0x1260 [ 66.850556] kthread+0x2e9/0x3a0 [ 66.851059] ret_from_fork+0x2c/0x50 [ 66.851604] [ 66.851604] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 66.852597] __lock_acquire+0x2d56/0x6380 [ 66.853200] lock_acquire.part.0+0xea/0x320 [ 66.853825] __flush_work+0x109/0xd80 [ 66.854369] __cancel_work_timer+0x39c/0x4e0 [ 66.854969] hci_cmd_sync_clear+0x52/0x250 [ 66.855563] hci_unregister_dev+0xf9/0x410 [ 66.856148] vhci_release+0x80/0x100 [ 66.856678] __fput+0x263/0xa40 [ 66.857159] task_work_run+0x174/0x280 [ 66.857741] do_exit+0xad8/0x2800 [ 66.858253] do_group_exit+0xd4/0x2a0 [ 66.858788] get_signal+0x23c8/0x2450 [ 66.859324] arch_do_signal_or_restart+0x79/0x590 [ 66.859963] exit_to_user_mode_prepare+0x122/0x190 [ 66.860635] syscall_exit_to_user_mode+0x1d/0x50 [ 66.861287] do_syscall_64+0x4c/0x90 [ 66.861813] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 66.862495] [ 66.862495] other info that might help us debug this: [ 66.862495] [ 66.863419] Possible unsafe locking scenario: [ 66.863419] [ 66.864114] CPU0 CPU1 [ 66.864661] ---- ---- [ 66.865212] lock(&hdev->cmd_sync_work_lock); [ 66.865796] lock((work_completion)(&hdev->cmd_sync_work)); [ 66.866764] lock(&hdev->cmd_sync_work_lock); [ 66.867607] lock((work_completion)(&hdev->cmd_sync_work)); [ 66.868305] [ 66.868305] *** DEADLOCK *** [ 66.868305] [ 66.869019] 1 lock held by syz-executor.0/261: [ 66.869580] #0: ffff8880163a4920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 66.870811] [ 66.870811] stack backtrace: [ 66.871343] CPU: 0 PID: 261 Comm: syz-executor.0 Not tainted 6.2.0-next-20230224 #1 [ 66.872259] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 66.873238] Call Trace: [ 66.873557] [ 66.873857] dump_stack_lvl+0x91/0xf0 [ 66.874340] check_noncircular+0x263/0x2e0 [ 66.874880] ? __pfx_check_noncircular+0x10/0x10 [ 66.875489] ? __lock_acquire+0xbba/0x6380 [ 66.876025] ? __pfx_register_lock_class+0x10/0x10 [ 66.876648] __lock_acquire+0x2d56/0x6380 [ 66.877187] ? __pfx___lock_acquire+0x10/0x10 [ 66.877770] ? __pfx_register_lock_class+0x10/0x10 [ 66.878389] ? __pfx___lock_acquire+0x10/0x10 [ 66.878969] ? __pfx___lock_acquire+0x10/0x10 [ 66.879542] lock_acquire.part.0+0xea/0x320 [ 66.880087] ? __flush_work+0xdd/0xd80 [ 66.880595] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 66.881218] ? __flush_work+0xdd/0xd80 [ 66.881721] ? rcu_read_lock_sched_held+0x42/0x80 [ 66.882320] ? trace_lock_acquire+0x170/0x1e0 [ 66.882890] ? __flush_work+0xdd/0xd80 [ 66.883402] ? lock_acquire+0x32/0xc0 [ 66.883888] ? __flush_work+0xdd/0xd80 [ 66.884396] __flush_work+0x109/0xd80 [ 66.884891] ? __flush_work+0xdd/0xd80 [ 66.885398] ? __pfx_mark_lock.part.0+0x10/0x10 [ 66.886015] ? __pfx___flush_work+0x10/0x10 [ 66.886570] ? lock_acquire.part.0+0xea/0x320 [ 66.887154] ? hci_cmd_sync_clear+0x45/0x250 [ 66.887710] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 66.888330] ? hci_cmd_sync_clear+0x45/0x250 [ 66.888882] ? rcu_read_lock_sched_held+0x42/0x80 [ 66.889482] ? trace_lock_acquire+0x170/0x1e0 [ 66.890076] ? lock_is_held_type+0x9f/0x120 [ 66.890636] ? mark_held_locks+0x9e/0xe0 [ 66.891163] __cancel_work_timer+0x39c/0x4e0 [ 66.891712] ? __pfx___cancel_work_timer+0x10/0x10 [ 66.892311] ? __cancel_work_timer+0x2aa/0x4e0 [ 66.892881] ? __pfx___cancel_work_timer+0x10/0x10 [ 66.893498] ? lock_release+0x1e3/0x710 [ 66.894027] ? __pfx_lock_release+0x10/0x10 [ 66.894583] ? do_raw_write_lock+0x11e/0x3b0 [ 66.895151] ? __pfx_vhci_release+0x10/0x10 [ 66.895705] hci_cmd_sync_clear+0x52/0x250 [ 66.896249] ? __pfx_vhci_release+0x10/0x10 [ 66.896805] hci_unregister_dev+0xf9/0x410 [ 66.897351] vhci_release+0x80/0x100 [ 66.897847] __fput+0x263/0xa40 [ 66.898286] task_work_run+0x174/0x280 [ 66.898797] ? __pfx_task_work_run+0x10/0x10 [ 66.899361] ? switch_task_namespaces+0xb1/0xd0 [ 66.899931] ? kmem_cache_free+0xff/0x510 [ 66.900462] do_exit+0xad8/0x2800 [ 66.900905] ? find_held_lock+0x2c/0x110 [ 66.901422] ? lock_release+0x1e3/0x710 [ 66.901960] ? __pfx_do_exit+0x10/0x10 [ 66.902448] ? do_raw_spin_lock+0x125/0x270 [ 66.902990] do_group_exit+0xd4/0x2a0 [ 66.903475] get_signal+0x23c8/0x2450 [ 66.903961] ? security_file_permission+0xb5/0xe0 [ 66.904571] ? __pfx_get_signal+0x10/0x10 [ 66.905115] ? __pfx_vfs_read+0x10/0x10 [ 66.905638] arch_do_signal_or_restart+0x79/0x590 [ 66.906237] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 66.906926] exit_to_user_mode_prepare+0x122/0x190 [ 66.907551] syscall_exit_to_user_mode+0x1d/0x50 [ 66.908172] do_syscall_64+0x4c/0x90 [ 66.908645] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 66.909280] RIP: 0033:0x7f7def13469c [ 66.909752] Code: Unable to access opcode bytes at 0x7f7def134672. [ 66.910492] RSP: 002b:00007ffc3984ba50 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 66.911444] RAX: fffffffffffffe00 RBX: 00007ffc3984bb00 RCX: 00007f7def13469c [ 66.912310] RDX: 0000000000000040 RSI: 00007f7def291020 RDI: 00000000000000f9 [ 66.913176] RBP: 0000000000000003 R08: 0000000000000000 R09: fefefefeff646b66 [ 66.914031] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000032 [ 66.914877] R13: 0000000000000000 R14: 0000000000000003 R15: 00007ffc3984bb40 [ 66.915741] executing program [ 69.467257] audit: type=1400 audit(1677235702.851:7): avc: denied { create } for pid=239 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 executing program 2023/02/24 10:48:29 syscalls: 2217 2023/02/24 10:48:29 code coverage: enabled 2023/02/24 10:48:29 comparison tracing: enabled 2023/02/24 10:48:29 extra coverage: enabled 2023/02/24 10:48:29 setuid sandbox: enabled 2023/02/24 10:48:29 namespace sandbox: enabled 2023/02/24 10:48:29 Android sandbox: enabled 2023/02/24 10:48:29 fault injection: enabled 2023/02/24 10:48:29 leak checking: enabled 2023/02/24 10:48:29 net packet injection: enabled 2023/02/24 10:48:29 net device setup: enabled 2023/02/24 10:48:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 10:48:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 10:48:29 USB emulation: enabled 2023/02/24 10:48:29 hci packet injection: enabled 2023/02/24 10:48:29 wifi device emulation: enabled 2023/02/24 10:48:29 802.15.4 emulation: enabled 2023/02/24 10:48:29 fetching corpus: 0, signal 0/0 (executing program) 2023/02/24 10:48:29 fetching corpus: 0, signal 0/0 (executing program) VM DIAGNOSIS: 10:48:20 Registers: info registers vcpu 0 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff8880200def70 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002d R11=0000000000000001 R12=000000000000002d R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe4133422000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe4133420000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000559ffb437dd0 CR3=0000000005482000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=0a6d6172676f727020676e6974756365 XMM02=682e29646e616d6d6f632a282e637069 XMM03=00000000000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=000000000000000a000000c000014016 XMM09=000000000000002a000000c000016000 XMM10=0000000000000009000000c000014040 XMM11=0000000000000007000000c000014049 XMM12=000000000000001c000000c000018000 XMM13=0000000000000041000000c00001a000 XMM14=000000000000000c000000c000014050 XMM15=000000000000000d000000c000014060 info registers vcpu 1 RAX=0000000000000000 RBX=00000000fffffffe RCX=ffffffff8444d472 RDX=ffff88801597b580 RSI=0000000000000002 RDI=0000000000000000 RBP=0000000000000002 RSP=ffff8880167bf748 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000003 R11=0000000000000001 R12=ffff888020762909 R13=ffff8880167bf7e2 R14=ffff888020763000 R15=ffff8880207628fc RIP=ffffffff814b7188 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000000c0002fa790 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe7fc528f000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe7fc528d000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000c000694000 CR3=0000000009984000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=666666660a776f68735f65646f6d5f70 XMM02=646f6d5f706172775f65726f636e755f XMM03=5f7866705f5f20742030316331363031 XMM04=30303030303030303030303030303030 XMM05=74735f65726f636e755f5f5f7866705f XMM06=0a776f68735f65646f6d5f656761726f XMM07=30326331363031386666666666666666 XMM08=726f74735f65726f636e755f5f207420 XMM09=66660a776f68735f65646f6d5f656761 XMM10=74203035633136303138666666666666 XMM11=5f65726f636e755f5f5f7866705f5f20 XMM12=0a776f68735f65646f6d5f746e756f63 XMM13=000000c00018ef00000000c000229a78 XMM14=000000c00018ef80000000c000229a88 XMM15=000000c00018f080000000c000229a98