Warning: Permanently added '[localhost]:1332' (ECDSA) to the list of known hosts. 2023/02/24 17:06:06 fuzzer started 2023/02/24 17:06:06 dialing manager at localhost:41417 syzkaller login: [ 41.499567] cgroup: Unknown subsys name 'net' [ 41.602487] cgroup: Unknown subsys name 'rlimit' 2023/02/24 17:06:21 syscalls: 208 2023/02/24 17:06:21 code coverage: enabled 2023/02/24 17:06:21 comparison tracing: enabled 2023/02/24 17:06:21 extra coverage: enabled 2023/02/24 17:06:21 setuid sandbox: enabled 2023/02/24 17:06:21 namespace sandbox: enabled 2023/02/24 17:06:21 Android sandbox: enabled 2023/02/24 17:06:21 fault injection: enabled 2023/02/24 17:06:21 leak checking: enabled 2023/02/24 17:06:21 net packet injection: enabled 2023/02/24 17:06:21 net device setup: enabled 2023/02/24 17:06:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 17:06:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 17:06:21 USB emulation: enabled 2023/02/24 17:06:21 hci packet injection: enabled 2023/02/24 17:06:21 wifi device emulation: enabled 2023/02/24 17:06:21 802.15.4 emulation: enabled 2023/02/24 17:06:21 fetching corpus: 0, signal 0/0 (executing program) 2023/02/24 17:06:22 starting 8 fuzzer processes 17:06:22 executing program 1: r0 = fsmount(0xffffffffffffffff, 0x0, 0x4e) ioctl$IOC_PR_REGISTER(r0, 0x401870c8, &(0x7f0000000000)={0x2, 0x6}) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000040)) r1 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000080), 0x2, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000000c0)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_WAIT_SYNC(r1, 0x40089416, &(0x7f00000002c0)=r2) r4 = syz_open_dev$loop(&(0x7f0000000300), 0x3ff, 0x248080) ioctl$BLKROSET(r4, 0x125d, &(0x7f0000000340)=0x4) r5 = fsopen(&(0x7f0000000380)='efs\x00', 0x0) fsconfig$FSCONFIG_SET_PATH(r5, 0x3, &(0x7f00000003c0)='\x00', &(0x7f0000000400)='./file0\x00', r0) r6 = fsmount(r5, 0x1, 0x81) ioctl$BLKGETSIZE(r6, 0x1260, &(0x7f0000000440)) setsockopt$IP_VS_SO_SET_EDITDEST(r6, 0x0, 0x489, &(0x7f0000000480)={{0x6c, @empty, 0x4e21, 0x1, 'fo\x00', 0x20, 0x0, 0xe}, {@private=0xa010101, 0x4e21, 0x4, 0x4180, 0x20, 0x3}}, 0x44) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, &(0x7f0000000500)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x1e) r7 = memfd_secret(0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r7, 0xc0c89425, &(0x7f0000000600)={"3fd747a1919508ed6b70b2e2764b385f", r2, r3, {0x3000000000000, 0xd3}, {0xb4, 0x8}, 0x9, [0xffffffff, 0x101, 0x5, 0xfffffffffffffff7, 0x8, 0x9, 0x0, 0x6, 0xc03, 0x7fffffff, 0x7, 0x272b, 0x8001, 0xf78e, 0x1f, 0x4]}) fsconfig$FSCONFIG_SET_FD(r7, 0x5, &(0x7f0000000700)='+&\x00', 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x8) ioctl$BLKIOMIN(r7, 0x1278, &(0x7f0000000740)) 17:06:22 executing program 2: ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) r0 = fsmount(0xffffffffffffffff, 0x1, 0x70) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000000)) ioctl$IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f0000000040)={0x8000}) r1 = fspick(r0, &(0x7f0000000080)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c00, r2) getsockopt$inet6_tcp_buf(r0, 0x6, 0xb, &(0x7f00000000c0)=""/74, &(0x7f0000000140)=0x4a) fsconfig$FSCONFIG_SET_PATH(r0, 0x3, &(0x7f0000000180)='\x00', &(0x7f00000001c0)='./file0\x00', 0xffffffffffffff9c) fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000200)='\x00', &(0x7f0000000240)='./file0\x00', r0) r3 = memfd_secret(0x0) setsockopt$inet6_tcp_buf(r3, 0x6, 0x21, &(0x7f0000000280)="ab3f5a0dfc", 0x5) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000300)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000800)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000380)={0x410, 0x0, 0x20, 0x70bd28, 0x25dfdbfb, {}, [{{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r4}, {0x1d0, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xa8d}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x10001}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x5c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x2c, 0x4, [{0x8, 0x5, 0x5, 0x2}, {0x8c, 0x9, 0xd2, 0x6}, {0xfff9, 0xd2, 0x6, 0x101}, {0x200, 0x8, 0x80, 0x400}, {0x7, 0x3, 0x80, 0x9}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x150, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1000}}, {0x8}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x662c, 0x7f, 0x7f, 0x6}, {0x9224, 0x9, 0x8}, {0x1000, 0x3f, 0xff, 0x9}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}]}}, {{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}]}}]}, 0x410}}, 0xc000) r6 = fsopen(&(0x7f0000000840)='configfs\x00', 0x1) fsconfig$FSCONFIG_SET_PATH(r6, 0x3, &(0x7f0000000880)='*\x00', &(0x7f00000008c0)='./file0\x00', 0xffffffffffffffff) r7 = accept4$packet(r1, &(0x7f0000000900), &(0x7f0000000940)=0x14, 0x3380e4e8bd54a60) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000980)) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x4002000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x1c, 0x0, 0x228, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xf06}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040080}, 0x20000081) 17:06:22 executing program 0: ioctl$SCSI_IOCTL_DOORUNLOCK(0xffffffffffffffff, 0x5381) ioctl$SG_SCSI_RESET(0xffffffffffffffff, 0x2284, 0x0) ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) r0 = fsmount(0xffffffffffffffff, 0x0, 0x70) ioctl$BLKRESETZONE(r0, 0x40101283, &(0x7f0000000000)={0x7, 0xfffffffffffffffb}) ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000040)) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000080)) accept4$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @private}, &(0x7f0000000100)=0x10, 0x180800) r1 = syz_open_dev$loop(&(0x7f0000000140), 0x80000001, 0x200140) ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000180)) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f00000001c0)={0x7, 0x2}) r2 = socket$inet(0x2, 0x5, 0x0) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000200)={0x0, @multicast2, @local}, &(0x7f0000000240)=0xc) r3 = fsmount(r0, 0x0, 0x0) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) ioctl$SG_SCSI_RESET(r3, 0x2284, 0x0) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000280)) ioctl$HDIO_GETGEO(r0, 0x301, &(0x7f00000002c0)) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1010822}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x58, r4, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xff}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x49}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xffffff59}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0xc000004}, 0xc090) [ 56.089855] audit: type=1400 audit(1677258382.372:6): avc: denied { execmem } for pid=262 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 17:06:22 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000000), 0xd1a, 0x82) r1 = io_uring_setup(0x779e, &(0x7f0000000040)={0x0, 0xff53, 0x4, 0x2, 0xa4}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x6) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000000c0)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f00000002c0)={{r2, 0xfffffffffffff82b, 0x9, 0x9, 0x1000, 0x101, 0x1, 0x6, 0x1, 0x27, 0x5, 0x5, 0x5, 0x10000, 0x5}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x24, 0x0, 0x808, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x81}, 0x800) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000480)={0x5, 0x80, 0x48, 0x8, 0x7f, 0x2, 0x0, 0xffffffff, 0x2020, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x1, @perf_config_ext={0xffff, 0x5}, 0x0, 0x7fff, 0x0, 0x0, 0xcdd, 0x3ff, 0x6, 0x0, 0x9492, 0x0, 0xa01f}) r3 = syz_open_dev$loop(&(0x7f0000000500), 0x8, 0xffe48a54850b00f0) ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000540)=0x7) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x5) io_uring_register$IORING_REGISTER_PROBE(r1, 0x8, &(0x7f0000000580)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0xd) r4 = accept$inet(0xffffffffffffffff, &(0x7f0000000600)={0x2, 0x0, @empty}, &(0x7f0000000640)=0x10) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r4) r5 = getuid() setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000680)={{{@in=@broadcast, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x101, 0x4e21, 0x7fff, 0x2, 0x80, 0x20, 0x3b, 0x0, r5}, {0x6, 0x800, 0x3a65, 0x72, 0x7f, 0x100000001, 0x0, 0x3}, {0x2, 0xffffffffffff8000, 0x0, 0x1}, 0x9, 0x6e6bb8, 0x2, 0x0, 0x2, 0x1}, {{@in=@private=0xa010102, 0x4d3, 0x6c}, 0x2, @in=@local, 0x3503, 0x4, 0x3, 0x9, 0x4, 0x2, 0x1}}, 0xe8) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000780)={0x7, 0x2, 0x1}) setsockopt$IP_VS_SO_SET_EDITDEST(r4, 0x0, 0x489, &(0x7f00000007c0)={{0x3b, @loopback, 0xffff, 0x4, 'wrr\x00', 0xd, 0xec9, 0x62}, {@private=0x8, 0x4e20, 0x4, 0x2, 0xc9d4, 0x10000}}, 0x44) ioctl$BLKBSZGET(r4, 0x80081270, &(0x7f0000000840)) 17:06:22 executing program 7: ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) ioctl$HDIO_GETGEO(0xffffffffffffffff, 0x301, &(0x7f0000000000)) ioctl$SG_GET_SCSI_ID(0xffffffffffffffff, 0x2276, &(0x7f0000000040)) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000003c0)={0x53, 0xfffffffffffffffc, 0xe1, 0x7, @buffer={0x0, 0xee, &(0x7f0000000080)=""/238}, &(0x7f0000000180)="00accb81680f2930b1314847cd2fe333e239f87753608087251d9463faf58cc7897f873be52dd14f0d252cea6944c7c5f9a2b3f05053db770b2a5c9c6fe7dd92bce0a53e773e72a6048ef8ce6781076da6c224685475f7c63e936c1073f9be614f15adfac141531ebd9884dd99103d6e47e54fa00507ce8f7d0855f811890f670bd5bf8d230cb4f23519b617b9de592f6f11b5ae4f6607f993b4a5adb39cc47f78c199c4424b893f0992f57351e17980ad6a109e553d49d3ec9f4c2788c8279fb7ca24de06a185abc4c39a24f8d08c70ce45f719d065584c8858464dca2fa282a5", &(0x7f0000000280)=""/200, 0x63a6, 0x31, 0xffffffffffffffff, &(0x7f0000000380)}) r0 = perf_event_open(&(0x7f0000000440)={0x3, 0x80, 0xf5, 0x0, 0x2c, 0x81, 0x0, 0x6a81, 0x4000, 0xa, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x8001}, 0x40400, 0x7, 0x200, 0x0, 0x5, 0x3f, 0x4, 0x0, 0x3365, 0x0, 0x4}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x9) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f00000004c0)={0x8, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = syz_open_dev$sg(&(0x7f0000000500), 0x20, 0x2) ioctl$SCSI_IOCTL_PROBE_HOST(r1, 0x5385, &(0x7f0000000540)={0x41, ""/65}) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000600)={0x5, 0x80, 0x9, 0x20, 0x3f, 0x3, 0x0, 0xfffffffffffffffd, 0x2, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3f, 0x0, @perf_bp={&(0x7f00000005c0)}, 0x1c24, 0x7, 0x0, 0xf, 0x8000, 0xffffff00, 0x8001, 0x0, 0x80, 0x0, 0x9}) ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000680), 0x40c, 0x6ac941) ioctl$SG_SET_COMMAND_Q(r2, 0x2271, &(0x7f00000006c0)=0x1) r3 = syz_open_dev$sg(&(0x7f0000000700), 0x3, 0x2000) ioctl$SG_SET_TIMEOUT(r3, 0x2201, &(0x7f0000000740)=0x5) r4 = memfd_secret(0x0) ioctl$SG_GET_TIMEOUT(r4, 0x2202, 0x0) ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f0000000780)) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f0000000900)) fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, &(0x7f0000000940)='sync\x00', 0x0, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000ac0)) 17:06:22 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040), 0x2, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x4, 0x5, 0x5, 0x2, 0xff}, 0x14) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x7f) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8, 0x110, 0xffffffffffffffff, 0x10000000) ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f00000000c0)={0x0, 0x8000, 0x1}) ioctl$SG_SCSI_RESET(0xffffffffffffffff, 0x2284, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder0\x00', 0xc00, 0x0) r3 = fsmount(0xffffffffffffffff, 0x1, 0x3) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000900)={0x134, 0x0, &(0x7f0000000740)=[@exit_looper, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000200)={@ptr={0x70742a85, 0x0, &(0x7f0000000100)=""/117, 0x75, 0x2, 0x10}, @flat=@weak_handle={0x77682a85, 0x1, 0x3}, @ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/72, 0x48, 0x2, 0x3c}}, &(0x7f0000000280)={0x0, 0x28, 0x40}}, 0x400}, @register_looper, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@fd={0x66642a85, 0x0, r2}, @flat=@handle={0x73682a85, 0x100, 0x2}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000380)={0x0, 0x18, 0x30}}}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, &(0x7f00000003c0)=""/205, 0xcd, 0x1, 0x23}, @ptr={0x70742a85, 0x1, &(0x7f00000004c0)=""/177, 0xb1, 0x1, 0x33}, @flat=@weak_binder={0x77622a85, 0xa, 0x1}}, &(0x7f0000000600)={0x0, 0x28, 0x50}}}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000680)={@fd={0x66642a85, 0x0, r3}, @flat=@handle, @ptr={0x70742a85, 0x1, &(0x7f0000000640)=""/37, 0x25, 0x2, 0x2e}}, &(0x7f0000000700)={0x0, 0x18, 0x30}}}, @increfs_done={0x40106308, 0x3}], 0x49, 0x0, &(0x7f0000000880)="4efe5f4b5b7635ee8f9371e29d855dd226dff76ea39f1ba5ce7011fa1b0ef3526f8dd68f47c3e82a545a32dc58d60e86958391c129183c82ea25ad950c91e2b69d62b4ab81deea594b"}) ioctl$SG_SCSI_RESET(r3, 0x2284, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f0000000940)="c39573d9cff38f777f3ccd6dbca1db34", 0x10) ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381) getsockopt$inet6_tcp_buf(r2, 0x6, 0x1c, &(0x7f0000000980)=""/184, &(0x7f0000000a40)=0xb8) r4 = fsmount(r3, 0x0, 0xf5) accept4$packet(r4, &(0x7f0000000ac0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000b00)=0x14, 0x800) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000b40)={{{@in, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@multicast2}}, &(0x7f0000000c40)=0xe8) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000c80)={'batadv0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000001100)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x42040}, 0xc, &(0x7f00000010c0)={&(0x7f0000000cc0)={0x3e4, 0x0, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [{{0x8}, {0x1d0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xfffffffd}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xff}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}]}}, {{0x8}, {0x1f0, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x101}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}]}}]}, 0x3e4}, 0x1, 0x0, 0x0, 0x40005}, 0x8000) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000001140)) 17:06:22 executing program 6: ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000000)={"1c9e4baa43c730c758f9315702639bc4", 0x0, 0x0, {0x2, 0x1}, {0x7, 0x3}, 0x4, [0x2, 0x2, 0x1, 0x400, 0xb365, 0x105f, 0x3107, 0x1ff, 0x1, 0x6, 0x6, 0x1ff, 0x9c41, 0x3ff, 0xffff, 0x8]}) ioctl$BLKRAGET(0xffffffffffffffff, 0x1263, &(0x7f0000000100)) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x8) r0 = fsmount(0xffffffffffffffff, 0x0, 0xe0) socketpair(0x5, 0x2, 0x5, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x401) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f00000001c0)={'mangle\x00', 0x9d, "5dbd66e351b67da8fdf4a8197418e52bb043f0d021561bff4e595f4a0a46f740733149a64008dfbbbb0559b088c4e03a9a9de8ed26d819633b1970e1f946c4af9cae9d7af1111b54e33096c5658a0bbb31099e8ae9414d8ae2dfdfea5f9a3e93e777e296fbce663eb9bbe5a9e4ff8e0f332dd395a8c591ea819e1c7687641681d816be6409ea6d3701b62999e3d5bddf503e87d1174312c1406c3c6f89"}, &(0x7f00000002c0)=0xc1) ioctl$BLKRAGET(r0, 0x1263, &(0x7f0000000300)) r3 = accept4$inet(r1, &(0x7f0000000340)={0x2, 0x0, @initdev}, &(0x7f0000000380)=0x10, 0x0) connect$inet(r3, &(0x7f00000003c0)={0x2, 0x4e24, @empty}, 0x10) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000400)=0x6) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x34, r4, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) prctl$PR_SET_DUMPABLE(0x4, 0x1) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x7ff) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000580)=0x1) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x2c, r4, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x6000800}, 0x4044010) getsockopt$inet_mreqn(r2, 0x0, 0x24, &(0x7f0000000700)={@rand_addr, @empty, 0x0}, &(0x7f0000000740)=0xc) sendmsg$BATADV_CMD_GET_VLAN(r1, &(0x7f0000000840)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x50, r4, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1a}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x80000001}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x800) 17:06:22 executing program 3: r0 = fsmount(0xffffffffffffffff, 0x0, 0x78) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000000)=0x8) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) capget(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x3ff, 0x800, 0x81, 0x0, 0x80000001}) ioctl$RTC_WIE_OFF(r0, 0x7010) ioctl$RTC_WIE_OFF(r0, 0x7010) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000002c0)={0xffffffffffff7598, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}], 0xb0, "a1a66ea16489cf"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000012c0)={0x4, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}], 0x9, "d9e1f76b4ccfe7"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000022c0)={0x7fffffff, [{0x0}], 0x0, "c4f3bbca014cca"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000032c0)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f00000034c0)={{0x0, 0xfff, 0x6, 0x7, 0x4, 0x4, 0x2, 0x5, 0x3, 0x1f, 0xb5e, 0x89, 0x3, 0x200, 0xfff}}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000003540)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000003740)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000003940)={0xd25b, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x1f, "eed4f4fc03cbcc"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f0000004940)={0xfffffffffffff6bc, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x4, "e89d2db0f4e1f1"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000005940)={{0x0, 0x0, 0x10000, 0x2, 0x3, 0x8, 0x114, 0x4, 0x9, 0x29d, 0x2, 0x100, 0x1, 0x1000, 0x68e812b0}, 0x10, [0x0, 0x0]}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000059c0)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000005bc0)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f000004c900)={0x1000, [{r2}, {r3}, {}, {r4}, {}, {r5, r6}, {r7}, {}, {0x0, r8}, {}, {}, {0x0, r9}, {0x0, r10}, {}, {0x0, r11}, {}, {r12, r13}, {r14}], 0xbd, "1e6ab15d94c095"}) [ 57.267501] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 57.270071] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 57.271421] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 57.280182] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 57.282016] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 57.283339] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 57.325417] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 57.335067] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 57.340554] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 57.342189] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 57.343553] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 57.345564] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 57.345615] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 57.348500] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 57.352113] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 57.353318] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 57.353652] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 57.355315] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 57.375386] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 57.377148] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 57.379391] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 57.380824] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 57.381952] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 57.383181] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 57.413448] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 57.416026] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 57.417890] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 57.424102] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 57.425810] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 57.428487] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 57.495460] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 57.502119] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 57.504028] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 57.519985] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 57.525948] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 57.532032] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 57.609438] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 57.611480] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 57.614057] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 57.618920] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 57.633641] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 57.637111] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 59.353381] Bluetooth: hci0: command 0x0409 tx timeout [ 59.416894] Bluetooth: hci1: command 0x0409 tx timeout [ 59.416919] Bluetooth: hci3: command 0x0409 tx timeout [ 59.417892] Bluetooth: hci2: command 0x0409 tx timeout [ 59.480795] Bluetooth: hci4: command 0x0409 tx timeout [ 59.480904] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 59.483077] [ 59.483280] ====================================================== [ 59.483916] WARNING: possible circular locking dependency detected [ 59.484550] 6.2.0-next-20230224 #1 Not tainted [ 59.485032] ------------------------------------------------------ [ 59.489435] syz-executor.7/274 is trying to acquire lock: [ 59.490022] ffff88800fdf0880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 59.491120] [ 59.491120] but task is already holding lock: [ 59.491721] ffff88800fdf0920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 59.492721] [ 59.492721] which lock already depends on the new lock. [ 59.492721] [ 59.493536] [ 59.493536] the existing dependency chain (in reverse order) is: [ 59.494303] [ 59.494303] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 59.495040] __mutex_lock+0x133/0x14a0 [ 59.495536] hci_cmd_sync_work+0x1e6/0x320 [ 59.496045] process_one_work+0xa0f/0x1790 [ 59.496559] worker_thread+0x63b/0x1260 [ 59.497045] kthread+0x2e9/0x3a0 [ 59.497463] ret_from_fork+0x2c/0x50 [ 59.497924] [ 59.497924] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 59.498773] __lock_acquire+0x2d56/0x6380 [ 59.499280] lock_acquire.part.0+0xea/0x320 [ 59.499806] __flush_work+0x109/0xd80 [ 59.500276] __cancel_work_timer+0x39c/0x4e0 [ 59.500810] hci_cmd_sync_clear+0x52/0x250 [ 59.501312] hci_unregister_dev+0xf9/0x410 [ 59.501823] vhci_release+0x80/0x100 [ 59.502292] __fput+0x263/0xa40 [ 59.502697] task_work_run+0x174/0x280 [ 59.503172] do_exit+0xad8/0x2800 [ 59.503595] do_group_exit+0xd4/0x2a0 [ 59.504053] __x64_sys_exit_group+0x3e/0x50 [ 59.504563] do_syscall_64+0x3f/0x90 [ 59.505007] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 59.505597] [ 59.505597] other info that might help us debug this: [ 59.505597] [ 59.506396] Possible unsafe locking scenario: [ 59.506396] [ 59.506991] CPU0 CPU1 [ 59.507459] ---- ---- [ 59.507927] lock(&hdev->cmd_sync_work_lock); [ 59.508404] lock((work_completion)(&hdev->cmd_sync_work)); [ 59.509221] lock(&hdev->cmd_sync_work_lock); [ 59.509933] lock((work_completion)(&hdev->cmd_sync_work)); [ 59.510539] [ 59.510539] *** DEADLOCK *** [ 59.510539] [ 59.511139] 1 lock held by syz-executor.7/274: [ 59.511607] #0: ffff88800fdf0920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 59.512641] [ 59.512641] stack backtrace: [ 59.513098] CPU: 0 PID: 274 Comm: syz-executor.7 Not tainted 6.2.0-next-20230224 #1 [ 59.513901] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 59.514732] Call Trace: [ 59.515008] [ 59.515251] dump_stack_lvl+0x91/0xf0 [ 59.515663] check_noncircular+0x263/0x2e0 [ 59.516120] ? __pfx_check_noncircular+0x10/0x10 [ 59.516647] __lock_acquire+0x2d56/0x6380 [ 59.517108] ? lock_is_held_type+0x9f/0x120 [ 59.517577] ? __pfx___lock_acquire+0x10/0x10 [ 59.518076] ? __pfx_register_lock_class+0x10/0x10 [ 59.518602] ? __wait_for_common+0x394/0x550 [ 59.519085] ? __pfx_lock_release+0x10/0x10 [ 59.519558] lock_acquire.part.0+0xea/0x320 [ 59.520032] ? __flush_work+0xdd/0xd80 [ 59.520464] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 59.520997] ? __flush_work+0xdd/0xd80 [ 59.521420] ? rcu_read_lock_sched_held+0x42/0x80 [ 59.521931] ? trace_lock_acquire+0x170/0x1e0 [ 59.522414] ? __flush_work+0xdd/0xd80 [ 59.522836] ? lock_acquire+0x32/0xc0 [ 59.523256] ? __flush_work+0xdd/0xd80 [ 59.523680] __flush_work+0x109/0xd80 [ 59.524095] ? __flush_work+0xdd/0xd80 [ 59.524522] ? __pfx_mark_lock.part.0+0x10/0x10 [ 59.525023] ? __pfx___flush_work+0x10/0x10 [ 59.525481] ? lock_acquire.part.0+0xea/0x320 [ 59.525980] ? hci_cmd_sync_clear+0x45/0x250 [ 59.526447] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 59.526970] ? hci_cmd_sync_clear+0x45/0x250 [ 59.527436] ? rcu_read_lock_sched_held+0x42/0x80 [ 59.527944] ? trace_lock_acquire+0x170/0x1e0 [ 59.528431] ? lock_is_held_type+0x9f/0x120 [ 59.528895] ? mark_held_locks+0x9e/0xe0 [ 59.529345] __cancel_work_timer+0x39c/0x4e0 [ 59.529803] ? __pfx___cancel_work_timer+0x10/0x10 [ 59.530320] ? __cancel_work_timer+0x2aa/0x4e0 [ 59.530799] ? __pfx___cancel_work_timer+0x10/0x10 [ 59.531302] ? lock_release+0x1e3/0x710 [ 59.531733] ? __pfx_lock_release+0x10/0x10 [ 59.532194] ? do_raw_write_lock+0x11e/0x3b0 [ 59.532659] ? __pfx_vhci_release+0x10/0x10 [ 59.533117] hci_cmd_sync_clear+0x52/0x250 [ 59.533569] ? __pfx_vhci_release+0x10/0x10 [ 59.534035] hci_unregister_dev+0xf9/0x410 [ 59.534488] vhci_release+0x80/0x100 [ 59.534894] __fput+0x263/0xa40 [ 59.535266] task_work_run+0x174/0x280 [ 59.535695] ? __pfx_task_work_run+0x10/0x10 [ 59.536184] ? do_raw_spin_unlock+0x53/0x220 [ 59.536647] do_exit+0xad8/0x2800 [ 59.537016] ? lock_release+0x1e3/0x710 [ 59.537450] ? __pfx_lock_release+0x10/0x10 [ 59.537925] ? do_raw_spin_lock+0x125/0x270 [ 59.538382] ? __pfx_do_exit+0x10/0x10 [ 59.538811] do_group_exit+0xd4/0x2a0 [ 59.539215] __x64_sys_exit_group+0x3e/0x50 [ 59.539656] do_syscall_64+0x3f/0x90 [ 59.540043] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 59.540576] RIP: 0033:0x7fae908f9b19 [ 59.540970] Code: Unable to access opcode bytes at 0x7fae908f9aef. [ 59.541590] RSP: 002b:00007ffc07c1f498 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 59.542363] RAX: ffffffffffffffda RBX: 00007ffc07c1fc78 RCX: 00007fae908f9b19 [ 59.543073] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 59.543783] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffc07c1fc78 [ 59.544494] R10: 0000000000000020 R11: 0000000000000246 R12: 00007fae90953233 [ 59.545200] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 59.545917] [ 59.608744] Bluetooth: hci6: command 0x0409 tx timeout [ 59.737178] Bluetooth: hci7: command 0x0409 tx timeout [ 61.402011] Bluetooth: hci0: command 0x041b tx timeout [ 61.464749] Bluetooth: hci3: command 0x041b tx timeout [ 61.465163] Bluetooth: hci1: command 0x041b tx timeout [ 61.466338] Bluetooth: hci2: command 0x041b tx timeout [ 61.528758] Bluetooth: hci4: command 0x041b tx timeout [ 61.657756] Bluetooth: hci6: command 0x041b tx timeout [ 61.785749] Bluetooth: hci7: command 0x041b tx timeout [ 62.246352] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 62.267481] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 62.273163] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 62.281071] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 62.283557] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 62.285060] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 63.448801] Bluetooth: hci0: command 0x040f tx timeout [ 63.512728] Bluetooth: hci2: command 0x040f tx timeout [ 63.513273] Bluetooth: hci1: command 0x040f tx timeout [ 63.514166] Bluetooth: hci3: command 0x040f tx timeout [ 63.576748] Bluetooth: hci4: command 0x040f tx timeout [ 63.704893] Bluetooth: hci6: command 0x040f tx timeout [ 63.832702] Bluetooth: hci7: command 0x040f tx timeout [ 64.344750] Bluetooth: hci5: command 0x0409 tx timeout [ 65.496716] Bluetooth: hci0: command 0x0419 tx timeout [ 65.560735] Bluetooth: hci3: command 0x0419 tx timeout [ 65.561314] Bluetooth: hci1: command 0x0419 tx timeout [ 65.562210] Bluetooth: hci2: command 0x0419 tx timeout [ 65.624832] Bluetooth: hci4: command 0x0419 tx timeout [ 65.752730] Bluetooth: hci6: command 0x0419 tx timeout [ 65.880708] Bluetooth: hci7: command 0x0419 tx timeout [ 66.392812] Bluetooth: hci5: command 0x041b tx timeout [ 68.441747] Bluetooth: hci5: command 0x040f tx timeout VM DIAGNOSIS: 17:06:26 Registers: info registers vcpu 0 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff8880321d7190 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002d R11=0000000000000001 R12=000000000000002d R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe6645af2000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe6645af0000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4e643f1620 CR3=0000000036320000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00ffffffffffff0000000000000000 XMM01=0100010001000000ffffffffffffffff XMM02=0500050005000000455441564952505f XMM03=0000000000000000000000564952505f XMM04=00030005000500050005000000455441 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=00007f3f20d6a000 RCX=ffffffff810084a2 RDX=ffff8880354c1ac0 RSI=0000000000000000 RDI=0000000000000007 RBP=0000000000000001 RSP=ffff8880362c7330 R8 =0000000000000007 R9 =ffffffffff600000 R10=00007f3f20d6a000 R11=0000000000000001 R12=ffff8880362c7478 R13=0000000000000000 R14=ffff8880354c1ac0 R15=ffff88801637b000 RIP=ffffffff814b75b4 RFL=00000207 [-----PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe1dac416000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe1dac414000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3f20847368 CR3=000000002e6d6000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=322e6f732e6c6462696c2f756e672d78 XMM02=00322e6f732e6c6462696c2f756e672d XMM03=78756e696c2d34365f3638782f62696c XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000