Warning: Permanently added '[localhost]:12229' (ECDSA) to the list of known hosts. 2023/02/24 10:57:03 fuzzer started 2023/02/24 10:57:03 dialing manager at localhost:41417 syzkaller login: [ 43.250756] cgroup: Unknown subsys name 'net' [ 43.363745] cgroup: Unknown subsys name 'rlimit' 2023/02/24 10:57:19 syscalls: 2217 2023/02/24 10:57:19 code coverage: enabled 2023/02/24 10:57:19 comparison tracing: enabled 2023/02/24 10:57:19 extra coverage: enabled 2023/02/24 10:57:19 setuid sandbox: enabled 2023/02/24 10:57:19 namespace sandbox: enabled 2023/02/24 10:57:19 Android sandbox: enabled 2023/02/24 10:57:19 fault injection: enabled 2023/02/24 10:57:19 leak checking: enabled 2023/02/24 10:57:19 net packet injection: enabled 2023/02/24 10:57:19 net device setup: enabled 2023/02/24 10:57:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 10:57:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 10:57:19 USB emulation: enabled 2023/02/24 10:57:19 hci packet injection: enabled 2023/02/24 10:57:19 wifi device emulation: enabled 2023/02/24 10:57:19 802.15.4 emulation: enabled 2023/02/24 10:57:19 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/24 10:57:19 fetching corpus: 23, signal 20629/24061 (executing program) 2023/02/24 10:57:19 fetching corpus: 53, signal 31965/36673 (executing program) 2023/02/24 10:57:19 fetching corpus: 73, signal 37326/43270 (executing program) 2023/02/24 10:57:19 fetching corpus: 116, signal 51920/58327 (executing program) 2023/02/24 10:57:19 fetching corpus: 166, signal 58792/65894 (executing program) 2023/02/24 10:57:19 fetching corpus: 216, signal 66267/73749 (executing program) 2023/02/24 10:57:20 fetching corpus: 266, signal 72182/80065 (executing program) 2023/02/24 10:57:20 fetching corpus: 316, signal 81168/88900 (executing program) 2023/02/24 10:57:20 fetching corpus: 366, signal 89259/96696 (executing program) 2023/02/24 10:57:20 fetching corpus: 415, signal 94312/101746 (executing program) 2023/02/24 10:57:20 fetching corpus: 465, signal 97451/105051 (executing program) 2023/02/24 10:57:21 fetching corpus: 514, signal 101824/109219 (executing program) 2023/02/24 10:57:21 fetching corpus: 564, signal 105454/112755 (executing program) 2023/02/24 10:57:21 fetching corpus: 614, signal 109447/116417 (executing program) 2023/02/24 10:57:21 fetching corpus: 664, signal 113338/119930 (executing program) 2023/02/24 10:57:21 fetching corpus: 714, signal 116251/122614 (executing program) 2023/02/24 10:57:22 fetching corpus: 764, signal 119241/125201 (executing program) 2023/02/24 10:57:22 fetching corpus: 813, signal 122475/127908 (executing program) 2023/02/24 10:57:22 fetching corpus: 862, signal 126673/131263 (executing program) 2023/02/24 10:57:22 fetching corpus: 911, signal 129098/133193 (executing program) 2023/02/24 10:57:22 fetching corpus: 961, signal 131474/135007 (executing program) 2023/02/24 10:57:22 fetching corpus: 1010, signal 133404/136473 (executing program) 2023/02/24 10:57:23 fetching corpus: 1060, signal 135031/137672 (executing program) 2023/02/24 10:57:23 fetching corpus: 1110, signal 137118/139174 (executing program) 2023/02/24 10:57:23 fetching corpus: 1158, signal 138892/140401 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140092/141222 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140092/141265 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140092/141309 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140092/141354 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140092/141387 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140092/141433 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/141489 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/141546 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/141591 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/141641 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/141695 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/141748 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/141787 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/141825 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/141870 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/141907 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/141949 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/141994 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140114/142041 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142087 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142127 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142161 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142209 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142239 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142277 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142326 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142374 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142411 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142450 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142491 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142543 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142589 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142628 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142674 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142704 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142743 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142778 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142824 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142864 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142897 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142943 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/142988 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/143036 (executing program) 2023/02/24 10:57:23 fetching corpus: 1173, signal 140123/143085 (executing program) 2023/02/24 10:57:24 fetching corpus: 1173, signal 140123/143130 (executing program) 2023/02/24 10:57:24 fetching corpus: 1173, signal 140123/143158 (executing program) 2023/02/24 10:57:24 fetching corpus: 1173, signal 140123/143158 (executing program) 2023/02/24 10:57:26 starting 8 fuzzer processes 10:57:26 executing program 0: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0x3, 0x0, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$packet(0x11, 0x2, 0x300) r0 = epoll_create1(0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000001380)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, &(0x7f00000004c0)) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone3(&(0x7f0000000400)={0x115811800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100), {0x1f}, &(0x7f0000000180)=""/228, 0xe4, &(0x7f0000000700)=""/193, 0x0}, 0x58) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pidfd_open(r2, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:57:26 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) connect$inet6(r0, &(0x7f0000001ac0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000000), 0x4) 10:57:26 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fallocate(r1, 0x10, 0x5, 0x7ffc) preadv(r1, &(0x7f0000001400)=[{&(0x7f0000001480)=""/4111, 0x100f}], 0x1, 0x7fff, 0x0) lseek(r0, 0x0, 0x3) 10:57:26 executing program 3: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmctl$IPC_RMID(0xffffffffffffffff, 0x0) finit_module(r0, 0x0, 0x0) r1 = openat2(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x1b}, 0x18) r2 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff8000/0x4000)=nil) shmat(r2, &(0x7f0000ffc000/0x4000)=nil, 0xcf3caed3d8c7cb92) shmctl$IPC_RMID(r2, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) r5 = syz_open_dev$vcsa(&(0x7f00000003c0), 0x5, 0x400) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x5, 0x9, 0x0, 0xaa, 0x0, 0x200, 0x8, 0x4, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, @perf_config_ext={0xfffffffffffffff8, 0x3}, 0x40, 0x7fffffff, 0x4, 0x7, 0x10000, 0x401, 0x4, 0x0, 0x8, 0x0, 0x2}, r4, 0x2, r5, 0x9) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000040)) ioctl$SNAPSHOT_FREE(r3, 0x3305) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r6, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) 10:57:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setresuid(0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg$unix(r0, 0x0, 0x0, 0x0) recvmsg$unix(r1, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x2002) 10:57:26 executing program 5: connect$inet6(0xffffffffffffffff, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000009080)='/sys/kernel/notes', 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) [ 65.665281] audit: type=1400 audit(1677236246.945:6): avc: denied { execmem } for pid=263 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:57:26 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_encap(r0, 0x11, 0x64, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @empty}, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 10:57:26 executing program 6: perf_event_open(&(0x7f0000000ac0)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_read_part_table(0xfffffffffffffffe, 0x5, &(0x7f0000000480)=[{&(0x7f0000000000)="4299af2e527bb56f82cad083d914db9cea04d157a44ca7ba88cbf3bdce13d95afd6f9e583a7846a8b2e37c759c2d448f3f903ec2f330899a4d96cc886cf62269eb3e6322e7cbbb001e923f119f22416da8719c6b93f768cde300b7e60d9654690c404563ed952f2954f94bcf97ef0afd67d3a3dacce9f004dd157cf5", 0x7c, 0x6}, {&(0x7f0000000180)="0d54507ee9094579eb94cf0c2b07386c78961cbe8b47b442225dca1928eefc18fc5aa30baa508c8f96ea3259f56db8cb73adc4103cf033bc0cb7f010e69328dc2ccdaf7cbf686eab9b259fbea34f27fabf8923d88dc8e2984ded36d1b0bacaaf603081903eb27f903f6e285633c15c2574990c33e83e1dbbab6c28bfb96a3ef8fdd126bc172f0d730a0a70a7cb3e4730f61c0c1094bba6c888f63e27a62f88ced2b8969608739ff83272348fc18c7e599b0bad4cf6bd0eb244cf11c11245856a67a5204c5bc1a2177504efa4b1d771cff4ad76920e80fc26bbd5e3597dd9d870f4a03698d6437146ae4e", 0xffffffffffffff44, 0x1ff}, {&(0x7f0000000580)="edbd048ba11361b2a3202bb7e05d2c98a4842f5e88949e6cffc0135f3d4ed37cac2e6a7d83f830b5e6f1c1deca97db7d332f5a302b365d4e87489daa6d809470e476f122e0a29655c4d723c27824a61cdde4fca667faac6b84c993cdc40ab7632baa011befa0d137465683a0bcb2a4fd2c9e577d29300e3cb8e774472535c43d9532c6573e87f6bdebf1ddf8ccd7cb15ca69fe6ea39891fdef57bb22039bbb1475ec320b352e2693607ef8b42b6e5c3a30afca4ed362557e038b0b9867d752de0ee58c72550779f67d55686434afa9effad75b1bf46f9e1593fb81874c1bda6e0e085c4c3d64b15f6ce74b869f226f63e615d950", 0xf4, 0x2}, {&(0x7f0000000380)="ab2f154047f120a1372f15c127e45e437c62322c4e9c9fa081013d41a541e3b16a79d37fb532f21bfce6f48bc1d6ebff7f8225198e7dcac1a98f667a71238e625e495e8f434a1630121738cdb1b89388e20d5b16c499386f3d002a91a0532babc79d450e9720bbfa789b98fd4c6ef99d7eda195a354d34f07a06846fdd634d8ff019", 0x82, 0x4cf6}, {&(0x7f0000000500)="65a6e48d537fd8cfe7e5bf5529edfcba50b359a9a96b7adcdc51ba9dd04a5ecffe397a851e4297863e16d05748d5592aaa2e36cbaeac80f8a1bca1d9763ef758afcc507ee7abd65065c09a69a14a51e971dc9c186ddf78455aae53c5d14f02b887681bd11ff4db10f4943272eae42f", 0x6f, 0x7443d881}]) [ 66.946846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.949168] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.950703] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.954618] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.956285] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 66.957676] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.015853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.017466] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.019251] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.021072] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.022351] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.024798] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.026317] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.027593] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.028910] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.030095] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.031314] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.032459] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.056703] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.070574] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.073404] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.074753] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.077081] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.083145] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.114047] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.116278] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 67.117949] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 67.121521] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 67.122517] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.123435] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 67.125101] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 67.126034] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.131648] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 67.138063] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.139086] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 67.141600] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 67.143028] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 67.143953] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 67.148490] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 67.149485] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 67.153719] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 67.155723] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 69.033717] Bluetooth: hci0: command 0x0409 tx timeout [ 69.097320] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 69.097615] Bluetooth: hci1: command 0x0409 tx timeout [ 69.099407] [ 69.099639] ====================================================== [ 69.100325] WARNING: possible circular locking dependency detected [ 69.101004] 6.2.0-next-20230224 #1 Not tainted [ 69.101803] ------------------------------------------------------ [ 69.105884] syz-executor.5/277 is trying to acquire lock: [ 69.106490] ffff8880164b4880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 69.107657] [ 69.107657] but task is already holding lock: [ 69.108303] ffff8880164b4920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 69.109372] [ 69.109372] which lock already depends on the new lock. [ 69.109372] [ 69.110255] [ 69.110255] the existing dependency chain (in reverse order) is: [ 69.111072] [ 69.111072] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 69.111865] __mutex_lock+0x133/0x14a0 [ 69.112389] hci_cmd_sync_work+0x1e6/0x320 [ 69.112942] process_one_work+0xa0f/0x1790 [ 69.113503] worker_thread+0x63b/0x1260 [ 69.114061] kthread+0x2e9/0x3a0 [ 69.114511] ret_from_fork+0x2c/0x50 [ 69.115007] [ 69.115007] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 69.115922] __lock_acquire+0x2d56/0x6380 [ 69.116468] lock_acquire.part.0+0xea/0x320 [ 69.117031] __flush_work+0x109/0xd80 [ 69.117537] __cancel_work_timer+0x39c/0x4e0 [ 69.118094] hci_cmd_sync_clear+0x52/0x250 [ 69.118643] hci_unregister_dev+0xf9/0x410 [ 69.119196] vhci_release+0x80/0x100 [ 69.119692] __fput+0x263/0xa40 [ 69.120143] task_work_run+0x174/0x280 [ 69.120660] do_exit+0xad8/0x2800 [ 69.121115] do_group_exit+0xd4/0x2a0 [ 69.121611] __x64_sys_exit_group+0x3e/0x50 [ 69.122185] do_syscall_64+0x3f/0x90 [ 69.122666] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 69.123302] [ 69.123302] other info that might help us debug this: [ 69.123302] [ 69.124164] Possible unsafe locking scenario: [ 69.124164] [ 69.124818] CPU0 CPU1 [ 69.125330] ---- ---- [ 69.125875] lock(&hdev->cmd_sync_work_lock); [ 69.126398] lock((work_completion)(&hdev->cmd_sync_work)); [ 69.127296] lock(&hdev->cmd_sync_work_lock); [ 69.128065] lock((work_completion)(&hdev->cmd_sync_work)); [ 69.128714] [ 69.128714] *** DEADLOCK *** [ 69.128714] [ 69.129367] 1 lock held by syz-executor.5/277: [ 69.129875] #0: ffff8880164b4920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 69.130997] [ 69.130997] stack backtrace: [ 69.131497] CPU: 0 PID: 277 Comm: syz-executor.5 Not tainted 6.2.0-next-20230224 #1 [ 69.132344] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 69.133250] Call Trace: [ 69.133549] [ 69.133841] dump_stack_lvl+0x91/0xf0 [ 69.134286] check_noncircular+0x263/0x2e0 [ 69.134799] ? __pfx_check_noncircular+0x10/0x10 [ 69.135358] ? __pfx___lock_acquire+0x10/0x10 [ 69.135902] ? __pfx_mark_lock.part.0+0x10/0x10 [ 69.136456] ? __pfx___lock_acquire+0x10/0x10 [ 69.137003] ? lock_is_held_type+0x9f/0x120 [ 69.137513] ? find_held_lock+0x2c/0x110 [ 69.138001] __lock_acquire+0x2d56/0x6380 [ 69.138517] ? __pfx___lock_acquire+0x10/0x10 [ 69.139061] ? __pfx_register_lock_class+0x10/0x10 [ 69.139642] ? finish_task_switch.isra.0+0x203/0x830 [ 69.140231] lock_acquire.part.0+0xea/0x320 [ 69.140748] ? __flush_work+0xdd/0xd80 [ 69.141224] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 69.141831] ? __flush_work+0xdd/0xd80 [ 69.142303] ? rcu_read_lock_sched_held+0x42/0x80 [ 69.142863] ? trace_lock_acquire+0x170/0x1e0 [ 69.143406] ? __flush_work+0xdd/0xd80 [ 69.143872] ? lock_acquire+0x32/0xc0 [ 69.144333] ? __flush_work+0xdd/0xd80 [ 69.144803] __flush_work+0x109/0xd80 [ 69.145266] ? __flush_work+0xdd/0xd80 [ 69.145752] ? __pfx_mark_lock.part.0+0x10/0x10 [ 69.146308] ? __pfx___flush_work+0x10/0x10 [ 69.146816] ? lock_acquire.part.0+0xea/0x320 [ 69.147348] ? hci_cmd_sync_clear+0x45/0x250 [ 69.147876] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 69.148458] ? hci_cmd_sync_clear+0x45/0x250 [ 69.148969] ? rcu_read_lock_sched_held+0x42/0x80 [ 69.149526] ? trace_lock_acquire+0x170/0x1e0 [ 69.150082] ? lock_is_held_type+0x9f/0x120 [ 69.150604] ? mark_held_locks+0x9e/0xe0 [ 69.151095] __cancel_work_timer+0x39c/0x4e0 [ 69.151605] ? __pfx___cancel_work_timer+0x10/0x10 [ 69.152161] ? __cancel_work_timer+0x2aa/0x4e0 [ 69.152693] ? __pfx___cancel_work_timer+0x10/0x10 [ 69.153252] ? lock_release+0x1e3/0x710 [ 69.153728] ? __pfx_lock_release+0x10/0x10 [ 69.154239] ? do_raw_write_lock+0x11e/0x3b0 [ 69.154761] ? __pfx_vhci_release+0x10/0x10 [ 69.155284] hci_cmd_sync_clear+0x52/0x250 [ 69.155788] ? __pfx_vhci_release+0x10/0x10 [ 69.156305] hci_unregister_dev+0xf9/0x410 [ 69.156810] vhci_release+0x80/0x100 [ 69.157265] __fput+0x263/0xa40 [ 69.157677] task_work_run+0x174/0x280 [ 69.158142] ? __pfx_task_work_run+0x10/0x10 [ 69.158665] ? do_raw_spin_unlock+0x53/0x220 [ 69.159186] do_exit+0xad8/0x2800 [ 69.159603] ? lock_release+0x1e3/0x710 [ 69.160079] ? __pfx_lock_release+0x10/0x10 [ 69.160592] ? do_raw_spin_lock+0x125/0x270 [ 69.161088] ? __pfx_do_exit+0x10/0x10 [ 69.161552] do_group_exit+0xd4/0x2a0 [ 69.162024] __x64_sys_exit_group+0x3e/0x50 [ 69.162522] do_syscall_64+0x3f/0x90 [ 69.162957] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 69.163546] RIP: 0033:0x7f299e3b9b19 [ 69.163971] Code: Unable to access opcode bytes at 0x7f299e3b9aef. [ 69.164653] RSP: 002b:00007ffd8a9a5448 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 69.165507] RAX: ffffffffffffffda RBX: 00007ffd8a9a5c28 RCX: 00007f299e3b9b19 [ 69.166313] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 69.167110] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffd8a9a5c28 [ 69.167904] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f299e413233 [ 69.168700] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 69.169503] [ 69.170099] Bluetooth: hci3: command 0x0409 tx timeout [ 69.170119] Bluetooth: hci2: command 0x0409 tx timeout [ 69.170881] Bluetooth: hci5: command 0x0409 tx timeout [ 69.225389] Bluetooth: hci4: command 0x0409 tx timeout [ 69.289393] Bluetooth: hci6: command 0x0409 tx timeout [ 71.081327] Bluetooth: hci0: command 0x041b tx timeout [ 71.145286] Bluetooth: hci1: command 0x041b tx timeout [ 71.209484] Bluetooth: hci2: command 0x041b tx timeout [ 71.209505] Bluetooth: hci3: command 0x041b tx timeout [ 71.209533] Bluetooth: hci5: command 0x041b tx timeout [ 71.273476] Bluetooth: hci4: command 0x041b tx timeout [ 71.337444] Bluetooth: hci6: command 0x041b tx timeout [ 71.852485] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 71.853178] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 71.854097] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 71.855137] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 71.856547] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 71.858400] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 73.130306] Bluetooth: hci0: command 0x040f tx timeout [ 73.193309] Bluetooth: hci1: command 0x040f tx timeout [ 73.257323] Bluetooth: hci5: command 0x040f tx timeout [ 73.257385] Bluetooth: hci2: command 0x040f tx timeout [ 73.257749] Bluetooth: hci3: command 0x040f tx timeout [ 73.321273] Bluetooth: hci4: command 0x040f tx timeout [ 73.385251] Bluetooth: hci6: command 0x040f tx timeout [ 73.897340] Bluetooth: hci7: command 0x0409 tx timeout [ 75.177252] Bluetooth: hci0: command 0x0419 tx timeout [ 75.242242] Bluetooth: hci1: command 0x0419 tx timeout [ 75.305316] Bluetooth: hci3: command 0x0419 tx timeout [ 75.305348] Bluetooth: hci2: command 0x0419 tx timeout [ 75.305805] Bluetooth: hci5: command 0x0419 tx timeout [ 75.369472] Bluetooth: hci4: command 0x0419 tx timeout [ 75.433244] Bluetooth: hci6: command 0x0419 tx timeout [ 75.945295] Bluetooth: hci7: command 0x041b tx timeout [ 77.993286] Bluetooth: hci7: command 0x040f tx timeout VM DIAGNOSIS: 10:57:30 Registers: info registers vcpu 0 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff825027d0 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff88803a9e7198 R8 =0000000000000001 R9 =ffff88803a9e7123 R10=ffffed100753ce24 R11=0000000000000001 R12=0000000000000046 R13=ffffffff87f10d60 R14=ffffffff87f10db0 R15=ffffffff87f11018 RIP=ffffffff82502825 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe7210731000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe721072f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f80fe6516f4 CR3=000000000dadc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f80fe66047000007f80fe65ff20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000c4d RBX=000000003911bc45 RCX=0000000000000009 RDX=00000000000024e7 RSI=00007fe9b4644e70 RDI=000000003911bc45 RBP=0000000000000001 RSP=00007fff6f9dfbc0 R8 =0000000000000001 R9 =00007fe9b4977440 R10=00007fe9b4836250 R11=0000000000000007 R12=00007fe9b4631170 R13=00007fe9b4644e70 R14=0000000000000009 R15=00007fe9b4945510 RIP=00007fe9b4955389 RFL=00000216 [----AP-] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA] SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe9b443b540 00000000 00000000 GS =0000 0000000000000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe263d482000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe263d480000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe9b4915000 CR3=000000000e19e000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00ff00000000000000000000000000ff XMM01=ff00ffffffffffffffffffffffffff00 XMM02=315f315f4c53534e45504f00315f315f XMM03=00000000000000000042494c4700342e XMM04=35322e325f4342494c4700332e325f43 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000