Warning: Permanently added '[localhost]:40234' (ECDSA) to the list of known hosts. 2023/02/24 10:56:06 fuzzer started 2023/02/24 10:56:06 dialing manager at localhost:41417 syzkaller login: [ 35.526077] cgroup: Unknown subsys name 'net' [ 35.640622] cgroup: Unknown subsys name 'rlimit' 2023/02/24 10:56:20 syscalls: 2217 2023/02/24 10:56:20 code coverage: enabled 2023/02/24 10:56:20 comparison tracing: enabled 2023/02/24 10:56:20 extra coverage: enabled 2023/02/24 10:56:20 setuid sandbox: enabled 2023/02/24 10:56:20 namespace sandbox: enabled 2023/02/24 10:56:20 Android sandbox: enabled 2023/02/24 10:56:20 fault injection: enabled 2023/02/24 10:56:20 leak checking: enabled 2023/02/24 10:56:20 net packet injection: enabled 2023/02/24 10:56:20 net device setup: enabled 2023/02/24 10:56:20 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 10:56:20 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 10:56:20 USB emulation: enabled 2023/02/24 10:56:20 hci packet injection: enabled 2023/02/24 10:56:20 wifi device emulation: enabled 2023/02/24 10:56:20 802.15.4 emulation: enabled 2023/02/24 10:56:20 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/24 10:56:20 fetching corpus: 28, signal 30660/33695 (executing program) 2023/02/24 10:56:20 fetching corpus: 78, signal 47249/51063 (executing program) 2023/02/24 10:56:20 fetching corpus: 128, signal 59421/63851 (executing program) 2023/02/24 10:56:20 fetching corpus: 178, signal 66970/71937 (executing program) 2023/02/24 10:56:21 fetching corpus: 228, signal 73115/78552 (executing program) 2023/02/24 10:56:21 fetching corpus: 278, signal 82042/87417 (executing program) 2023/02/24 10:56:21 fetching corpus: 328, signal 87138/92653 (executing program) 2023/02/24 10:56:21 fetching corpus: 378, signal 91203/96832 (executing program) 2023/02/24 10:56:21 fetching corpus: 428, signal 99076/104146 (executing program) 2023/02/24 10:56:22 fetching corpus: 477, signal 103958/108733 (executing program) 2023/02/24 10:56:22 fetching corpus: 527, signal 107213/111820 (executing program) 2023/02/24 10:56:22 fetching corpus: 576, signal 110571/114896 (executing program) 2023/02/24 10:56:22 fetching corpus: 626, signal 114951/118671 (executing program) 2023/02/24 10:56:22 fetching corpus: 675, signal 117586/120979 (executing program) 2023/02/24 10:56:23 fetching corpus: 725, signal 121096/123935 (executing program) 2023/02/24 10:56:23 fetching corpus: 774, signal 123334/125788 (executing program) 2023/02/24 10:56:23 fetching corpus: 819, signal 125251/127337 (executing program) 2023/02/24 10:56:23 fetching corpus: 868, signal 127615/129164 (executing program) 2023/02/24 10:56:23 fetching corpus: 916, signal 129159/130335 (executing program) 2023/02/24 10:56:23 fetching corpus: 923, signal 129680/130740 (executing program) 2023/02/24 10:56:23 fetching corpus: 923, signal 129680/130782 (executing program) 2023/02/24 10:56:23 fetching corpus: 923, signal 129680/130831 (executing program) 2023/02/24 10:56:23 fetching corpus: 923, signal 129680/130889 (executing program) 2023/02/24 10:56:23 fetching corpus: 923, signal 129680/130936 (executing program) 2023/02/24 10:56:23 fetching corpus: 923, signal 129726/131031 (executing program) 2023/02/24 10:56:23 fetching corpus: 923, signal 129726/131074 (executing program) 2023/02/24 10:56:23 fetching corpus: 923, signal 129726/131126 (executing program) 2023/02/24 10:56:23 fetching corpus: 923, signal 129726/131174 (executing program) 2023/02/24 10:56:24 fetching corpus: 923, signal 129726/131218 (executing program) 2023/02/24 10:56:24 fetching corpus: 923, signal 129726/131274 (executing program) 2023/02/24 10:56:24 fetching corpus: 923, signal 129726/131318 (executing program) 2023/02/24 10:56:24 fetching corpus: 923, signal 129726/131365 (executing program) 2023/02/24 10:56:24 fetching corpus: 923, signal 129726/131412 (executing program) 2023/02/24 10:56:24 fetching corpus: 923, signal 129726/131466 (executing program) 2023/02/24 10:56:24 fetching corpus: 923, signal 129726/131513 (executing program) 2023/02/24 10:56:24 fetching corpus: 923, signal 129726/131568 (executing program) 2023/02/24 10:56:24 fetching corpus: 923, signal 129726/131617 (executing program) 2023/02/24 10:56:24 fetching corpus: 923, signal 129726/131663 (executing program) 2023/02/24 10:56:24 fetching corpus: 923, signal 129726/131711 (executing program) 2023/02/24 10:56:24 fetching corpus: 924, signal 129777/131812 (executing program) 2023/02/24 10:56:24 fetching corpus: 924, signal 129790/131870 (executing program) 2023/02/24 10:56:24 fetching corpus: 924, signal 129790/131923 (executing program) 2023/02/24 10:56:24 fetching corpus: 924, signal 129790/131987 (executing program) 2023/02/24 10:56:24 fetching corpus: 925, signal 129792/132039 (executing program) 2023/02/24 10:56:24 fetching corpus: 926, signal 129795/132090 (executing program) 2023/02/24 10:56:24 fetching corpus: 926, signal 129795/132141 (executing program) 2023/02/24 10:56:24 fetching corpus: 926, signal 129795/132189 (executing program) 2023/02/24 10:56:24 fetching corpus: 926, signal 129795/132240 (executing program) 2023/02/24 10:56:24 fetching corpus: 926, signal 129795/132284 (executing program) 2023/02/24 10:56:24 fetching corpus: 926, signal 129795/132319 (executing program) 2023/02/24 10:56:24 fetching corpus: 926, signal 129795/132372 (executing program) 2023/02/24 10:56:24 fetching corpus: 926, signal 129795/132423 (executing program) 2023/02/24 10:56:24 fetching corpus: 927, signal 129819/132502 (executing program) 2023/02/24 10:56:24 fetching corpus: 927, signal 129819/132556 (executing program) 2023/02/24 10:56:24 fetching corpus: 927, signal 129819/132612 (executing program) 2023/02/24 10:56:24 fetching corpus: 928, signal 129837/132679 (executing program) 2023/02/24 10:56:24 fetching corpus: 928, signal 129837/132724 (executing program) 2023/02/24 10:56:24 fetching corpus: 928, signal 129837/132779 (executing program) 2023/02/24 10:56:24 fetching corpus: 928, signal 129837/132831 (executing program) 2023/02/24 10:56:24 fetching corpus: 928, signal 129837/132883 (executing program) 2023/02/24 10:56:24 fetching corpus: 928, signal 129837/132934 (executing program) 2023/02/24 10:56:24 fetching corpus: 928, signal 129837/132974 (executing program) 2023/02/24 10:56:24 fetching corpus: 928, signal 129837/133034 (executing program) 2023/02/24 10:56:24 fetching corpus: 928, signal 129837/133071 (executing program) 2023/02/24 10:56:24 fetching corpus: 928, signal 129837/133122 (executing program) 2023/02/24 10:56:24 fetching corpus: 928, signal 129837/133155 (executing program) 2023/02/24 10:56:24 fetching corpus: 928, signal 129837/133155 (executing program) 2023/02/24 10:56:27 starting 8 fuzzer processes 10:56:27 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x801) close(r0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 10:56:27 executing program 1: shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) shmat(0x0, &(0x7f0000ff3000/0x4000)=nil, 0x4000) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r1, 0x4) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x0, 0x8, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000ffc000/0x2000)=nil) shmctl$IPC_RMID(r0, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) shmat(r0, &(0x7f0000fed000/0x4000)=nil, 0x2000) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x0, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) shmget(0x3, 0x1000, 0x1, &(0x7f0000ffe000/0x1000)=nil) shmget(0x2, 0x2000, 0x54000000, &(0x7f0000ffc000/0x2000)=nil) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmctl$SHM_LOCK(0x0, 0xb) 10:56:27 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000009a40)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000001700)=[@dstopts={{0x10}}], 0x18}}], 0x1, 0x0) [ 55.611516] audit: type=1400 audit(1677236187.244:6): avc: denied { execmem } for pid=260 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:56:27 executing program 4: r0 = open$dir(&(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000180)=""/201, 0x18) 10:56:27 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_mtu(r0, 0x0, 0x18, 0x0, &(0x7f0000000200)) 10:56:27 executing program 5: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000140)='(\x10\xe1\x1f\x7f\xfc7\xd7\x82\x1f\xea\xfc\'\x85\xd5\x1c \xea\xaa\xea\xe1\n[dq\xc7wD~\xc2\xf1\xde!\xb2\x1a\xc5\xa1\xe9\xac\xd2\xce\x8f\xea\xee7\xdd\xad\xf0\xf4\x179<\xa5\xa4\xd0\t\x18\xddI\x8c\xf9K\n4\xf8@\xa8\x1dC\x97+\x8f\x11\xf5=zQ9q\xbb/|\xb1\x90#K\xd3A/\x1ex\xbbw\xa2J$]t\xa7o:?p\xcb\x04\x99\x06\x98\x11\xf1\x96\xbb\xc9FT\xcb\x92\'C=\xc5\xf2\x13g\x19\b\x99\xfb:\xa6 ,W%\xebg.S\xcc\xa2\xb9;73\xda\xe2;\x88\xda\xfd\x99\x16_e\xe4\x95\xca\x0f') 10:56:27 executing program 6: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000003fc0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000040)) 10:56:27 executing program 7: clock_nanosleep(0x4f14dc04d5a661b4, 0x0, &(0x7f0000000040), 0x0) [ 56.861163] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 56.862757] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 56.864768] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 56.866555] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 56.867459] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 56.871042] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 56.873943] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 56.875044] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 56.877922] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 56.879267] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 56.881552] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 56.886215] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 56.926553] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 56.928043] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 56.933008] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 56.935582] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 56.937370] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 56.940356] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 56.945994] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 56.947156] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 56.988325] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 56.990058] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 56.992743] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 56.994051] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 56.996792] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 56.997018] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 56.999246] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 56.999455] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 57.001278] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 57.002531] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 57.032088] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 57.037942] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 57.039300] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 57.042898] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 57.045277] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 57.047511] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 57.112791] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 57.119358] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 57.127645] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 57.144340] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 57.188461] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 57.202140] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 58.944259] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 58.944271] Bluetooth: hci1: command 0x0409 tx timeout [ 58.945370] Bluetooth: hci0: command 0x0409 tx timeout [ 58.946114] [ 58.946269] ====================================================== [ 58.946758] WARNING: possible circular locking dependency detected [ 58.947256] 6.2.0-next-20230224 #1 Not tainted [ 58.947645] ------------------------------------------------------ [ 58.950364] syz-executor.6/271 is trying to acquire lock: [ 58.952317] ffff8880101cc880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 58.953171] [ 58.953171] but task is already holding lock: [ 58.953635] ffff8880101cc920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 58.954395] [ 58.954395] which lock already depends on the new lock. [ 58.954395] [ 58.955055] [ 58.955055] the existing dependency chain (in reverse order) is: [ 58.955673] [ 58.955673] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 58.956274] __mutex_lock+0x133/0x14a0 [ 58.956659] hci_cmd_sync_work+0x1e6/0x320 [ 58.957084] process_one_work+0xa0f/0x1790 [ 58.957488] worker_thread+0x63b/0x1260 [ 58.957878] kthread+0x2e9/0x3a0 [ 58.958216] ret_from_fork+0x2c/0x50 [ 58.958578] [ 58.958578] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 58.959267] __lock_acquire+0x2d56/0x6380 [ 58.959679] lock_acquire.part.0+0xea/0x320 [ 58.960110] __flush_work+0x109/0xd80 [ 58.960494] __cancel_work_timer+0x39c/0x4e0 [ 58.960933] hci_cmd_sync_clear+0x52/0x250 [ 58.961368] hci_unregister_dev+0xf9/0x410 [ 58.961855] vhci_release+0x80/0x100 [ 58.962298] __fput+0x263/0xa40 [ 58.962687] task_work_run+0x174/0x280 [ 58.963140] do_exit+0xad8/0x2800 [ 58.963547] do_group_exit+0xd4/0x2a0 [ 58.963983] __x64_sys_exit_group+0x3e/0x50 [ 58.964473] do_syscall_64+0x3f/0x90 [ 58.964911] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 58.965475] [ 58.965475] other info that might help us debug this: [ 58.965475] [ 58.966246] Possible unsafe locking scenario: [ 58.966246] [ 58.966820] CPU0 CPU1 [ 58.967267] ---- ---- [ 58.967713] lock(&hdev->cmd_sync_work_lock); [ 58.968163] lock((work_completion)(&hdev->cmd_sync_work)); [ 58.968953] lock(&hdev->cmd_sync_work_lock); [ 58.969582] lock((work_completion)(&hdev->cmd_sync_work)); [ 58.970068] [ 58.970068] *** DEADLOCK *** [ 58.970068] [ 58.970565] 1 lock held by syz-executor.6/271: [ 58.970949] #0: ffff8880101cc920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 58.971808] [ 58.971808] stack backtrace: [ 58.972181] CPU: 1 PID: 271 Comm: syz-executor.6 Not tainted 6.2.0-next-20230224 #1 [ 58.972821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 58.973507] Call Trace: [ 58.973731] [ 58.973927] dump_stack_lvl+0x91/0xf0 [ 58.974255] check_noncircular+0x263/0x2e0 [ 58.974634] ? __pfx_check_noncircular+0x10/0x10 [ 58.975056] __lock_acquire+0x2d56/0x6380 [ 58.975424] ? lock_is_held_type+0x9f/0x120 [ 58.975797] ? __pfx___lock_acquire+0x10/0x10 [ 58.976198] ? __pfx_register_lock_class+0x10/0x10 [ 58.976628] ? __wait_for_common+0x394/0x550 [ 58.977041] ? __pfx_lock_release+0x10/0x10 [ 58.977430] lock_acquire.part.0+0xea/0x320 [ 58.977810] ? __flush_work+0xdd/0xd80 [ 58.978156] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 58.978580] ? __flush_work+0xdd/0xd80 [ 58.978923] ? rcu_read_lock_sched_held+0x42/0x80 [ 58.979334] ? trace_lock_acquire+0x170/0x1e0 [ 58.979727] ? __flush_work+0xdd/0xd80 [ 58.980075] ? lock_acquire+0x32/0xc0 [ 58.980416] ? __flush_work+0xdd/0xd80 [ 58.980768] __flush_work+0x109/0xd80 [ 58.981109] ? __flush_work+0xdd/0xd80 [ 58.981455] ? __pfx_mark_lock.part.0+0x10/0x10 [ 58.981868] ? __pfx___flush_work+0x10/0x10 [ 58.982246] ? lock_acquire.part.0+0xea/0x320 [ 58.982642] ? hci_cmd_sync_clear+0x45/0x250 [ 58.983032] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 58.983460] ? hci_cmd_sync_clear+0x45/0x250 [ 58.983840] ? rcu_read_lock_sched_held+0x42/0x80 [ 58.984250] ? trace_lock_acquire+0x170/0x1e0 [ 58.984643] ? lock_is_held_type+0x9f/0x120 [ 58.985032] ? mark_held_locks+0x9e/0xe0 [ 58.985392] __cancel_work_timer+0x39c/0x4e0 [ 58.985763] ? __pfx___cancel_work_timer+0x10/0x10 [ 58.986175] ? __cancel_work_timer+0x2aa/0x4e0 [ 58.986565] ? __pfx___cancel_work_timer+0x10/0x10 [ 58.986978] ? lock_release+0x1e3/0x710 [ 58.987329] ? __pfx_lock_release+0x10/0x10 [ 58.987705] ? do_raw_write_lock+0x11e/0x3b0 [ 58.988080] ? __pfx_vhci_release+0x10/0x10 [ 58.988450] hci_cmd_sync_clear+0x52/0x250 [ 58.988824] ? __pfx_vhci_release+0x10/0x10 [ 58.989194] hci_unregister_dev+0xf9/0x410 [ 58.989558] vhci_release+0x80/0x100 [ 58.989883] __fput+0x263/0xa40 [ 58.990172] task_work_run+0x174/0x280 [ 58.990520] ? __pfx_task_work_run+0x10/0x10 [ 58.990897] ? do_raw_spin_unlock+0x53/0x220 [ 58.991273] do_exit+0xad8/0x2800 [ 58.991573] ? lock_release+0x1e3/0x710 [ 58.991920] ? __pfx_lock_release+0x10/0x10 [ 58.992289] ? do_raw_spin_lock+0x125/0x270 [ 58.992654] ? __pfx_do_exit+0x10/0x10 [ 58.993013] do_group_exit+0xd4/0x2a0 [ 58.993343] __x64_sys_exit_group+0x3e/0x50 [ 58.993712] do_syscall_64+0x3f/0x90 [ 58.994032] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 58.994459] RIP: 0033:0x7f34a9c48b19 [ 58.994772] Code: Unable to access opcode bytes at 0x7f34a9c48aef. [ 58.995279] RSP: 002b:00007ffc9186bfd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 58.995903] RAX: ffffffffffffffda RBX: 00007ffc9186c7b8 RCX: 00007f34a9c48b19 [ 58.996488] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 58.997084] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffc9186c7b8 [ 58.997671] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f34a9ca2233 [ 58.998249] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 58.998836] [ 59.007759] Bluetooth: hci4: command 0x0409 tx timeout [ 59.071736] Bluetooth: hci6: command 0x0409 tx timeout [ 59.071764] Bluetooth: hci3: command 0x0409 tx timeout [ 59.072151] Bluetooth: hci5: command 0x0409 tx timeout [ 59.263925] Bluetooth: hci7: command 0x0409 tx timeout [ 60.991872] Bluetooth: hci1: command 0x041b tx timeout [ 60.991906] Bluetooth: hci0: command 0x041b tx timeout [ 61.055750] Bluetooth: hci4: command 0x041b tx timeout [ 61.119754] Bluetooth: hci3: command 0x041b tx timeout [ 61.120154] Bluetooth: hci5: command 0x041b tx timeout [ 61.120493] Bluetooth: hci6: command 0x041b tx timeout [ 61.311936] Bluetooth: hci7: command 0x041b tx timeout [ 63.039751] Bluetooth: hci1: command 0x040f tx timeout [ 63.039768] Bluetooth: hci0: command 0x040f tx timeout [ 63.103746] Bluetooth: hci4: command 0x040f tx timeout [ 63.167755] Bluetooth: hci6: command 0x040f tx timeout [ 63.167792] Bluetooth: hci5: command 0x040f tx timeout [ 63.168163] Bluetooth: hci3: command 0x040f tx timeout [ 63.359783] Bluetooth: hci7: command 0x040f tx timeout [ 63.615729] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 65.087794] Bluetooth: hci0: command 0x0419 tx timeout [ 65.087806] Bluetooth: hci1: command 0x0419 tx timeout [ 65.151736] Bluetooth: hci4: command 0x0419 tx timeout [ 65.215737] Bluetooth: hci3: command 0x0419 tx timeout [ 65.215785] Bluetooth: hci5: command 0x0419 tx timeout [ 65.216160] Bluetooth: hci6: command 0x0419 tx timeout [ 65.407923] Bluetooth: hci7: command 0x0419 tx timeout [ 65.879612] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.882916] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.883921] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.885055] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.886413] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 65.887195] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.903762] Bluetooth: hci2: command 0x0409 tx timeout VM DIAGNOSIS: 10:56:30 Registers: info registers vcpu 0 RAX=0000000080000001 RBX=0000000000000000 RCX=0000000000000000 RDX=ffff88803b4c9ac0 RSI=ffffffff81750595 RDI=0000000000000007 RBP=ffffea0001b3ef40 RSP=ffff888014567b48 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=ffff88800e95bb60 R13=ffffea0001b3ef40 R14=0000000000000000 R15=ffff88800845de80 RIP=ffffffff814b75bb RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f166e7d8540 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe67c4bf7000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe67c4bf5000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f166e90c570 CR3=000000003b73a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000ff0000000000000000000000 XMM01=ffffffff00ffffffffffffffffffffff XMM02=42494c4700342e332e325f4342494c47 XMM03=00000000000000000000000000006f72 XMM04=6f6c77725f646165726874705f5f0079 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff888035b37190 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000020 R11=0000000000000001 R12=0000000000000020 R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe6a97add000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe6a97adb000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd18edf3260 CR3=000000003b78c000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000