Warning: Permanently added '[localhost]:30162' (ECDSA) to the list of known hosts. 2023/02/24 10:57:17 fuzzer started 2023/02/24 10:57:17 dialing manager at localhost:41417 syzkaller login: [ 35.373866] cgroup: Unknown subsys name 'net' [ 35.479724] cgroup: Unknown subsys name 'rlimit' 2023/02/24 10:57:31 syscalls: 2217 2023/02/24 10:57:31 code coverage: enabled 2023/02/24 10:57:31 comparison tracing: enabled 2023/02/24 10:57:31 extra coverage: enabled 2023/02/24 10:57:31 setuid sandbox: enabled 2023/02/24 10:57:31 namespace sandbox: enabled 2023/02/24 10:57:31 Android sandbox: enabled 2023/02/24 10:57:31 fault injection: enabled 2023/02/24 10:57:31 leak checking: enabled 2023/02/24 10:57:31 net packet injection: enabled 2023/02/24 10:57:31 net device setup: enabled 2023/02/24 10:57:31 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 10:57:31 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 10:57:31 USB emulation: enabled 2023/02/24 10:57:31 hci packet injection: enabled 2023/02/24 10:57:31 wifi device emulation: enabled 2023/02/24 10:57:31 802.15.4 emulation: enabled 2023/02/24 10:57:31 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/24 10:57:31 fetching corpus: 27, signal 20229/23689 (executing program) 2023/02/24 10:57:31 fetching corpus: 64, signal 44758/48952 (executing program) 2023/02/24 10:57:31 fetching corpus: 112, signal 56493/61443 (executing program) 2023/02/24 10:57:31 fetching corpus: 160, signal 67941/73287 (executing program) 2023/02/24 10:57:32 fetching corpus: 210, signal 75446/81161 (executing program) 2023/02/24 10:57:32 fetching corpus: 259, signal 83824/89677 (executing program) 2023/02/24 10:57:32 fetching corpus: 309, signal 88404/94603 (executing program) 2023/02/24 10:57:32 fetching corpus: 358, signal 93233/99577 (executing program) 2023/02/24 10:57:32 fetching corpus: 407, signal 97271/103792 (executing program) 2023/02/24 10:57:32 fetching corpus: 457, signal 101536/108089 (executing program) 2023/02/24 10:57:32 fetching corpus: 507, signal 104835/111467 (executing program) 2023/02/24 10:57:33 fetching corpus: 557, signal 107686/114351 (executing program) 2023/02/24 10:57:33 fetching corpus: 606, signal 110969/117543 (executing program) 2023/02/24 10:57:33 fetching corpus: 656, signal 115464/121629 (executing program) 2023/02/24 10:57:33 fetching corpus: 706, signal 120146/125672 (executing program) 2023/02/24 10:57:33 fetching corpus: 754, signal 122176/127601 (executing program) 2023/02/24 10:57:33 fetching corpus: 804, signal 124674/129842 (executing program) 2023/02/24 10:57:34 fetching corpus: 854, signal 127473/132180 (executing program) 2023/02/24 10:57:34 fetching corpus: 903, signal 129961/134274 (executing program) 2023/02/24 10:57:34 fetching corpus: 952, signal 131651/135718 (executing program) 2023/02/24 10:57:34 fetching corpus: 1001, signal 133836/137400 (executing program) 2023/02/24 10:57:34 fetching corpus: 1049, signal 135687/138840 (executing program) 2023/02/24 10:57:34 fetching corpus: 1094, signal 138082/140593 (executing program) 2023/02/24 10:57:35 fetching corpus: 1143, signal 139626/141707 (executing program) 2023/02/24 10:57:35 fetching corpus: 1193, signal 141405/142994 (executing program) 2023/02/24 10:57:35 fetching corpus: 1226, signal 142819/143973 (executing program) 2023/02/24 10:57:35 fetching corpus: 1226, signal 142819/144007 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 142820/144066 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 142820/144118 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 142847/144203 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 142847/144236 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 142847/144282 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 142942/144399 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143004/144479 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143004/144517 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143004/144557 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143004/144614 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143004/144664 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143004/144704 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143004/144739 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143004/144783 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143004/144829 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143004/144866 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143004/144911 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143004/144954 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143109/145014 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143109/145060 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143109/145101 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143109/145137 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143109/145169 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145215 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145261 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145294 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145322 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145352 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145393 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145430 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145466 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145520 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145561 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145604 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145636 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145670 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145715 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145768 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145812 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145847 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145887 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145925 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/145963 (executing program) 2023/02/24 10:57:35 fetching corpus: 1227, signal 143119/146003 (executing program) 2023/02/24 10:57:36 fetching corpus: 1228, signal 143144/146059 (executing program) 2023/02/24 10:57:36 fetching corpus: 1229, signal 143145/146063 (executing program) 2023/02/24 10:57:36 fetching corpus: 1229, signal 143145/146063 (executing program) 2023/02/24 10:57:38 starting 8 fuzzer processes 10:57:38 executing program 0: perf_event_open(&(0x7f0000000ac0)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0x24, &(0x7f0000000340)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "8fcf37e83856fa6b4f208edebad177093eb0bca98099ec47386a6063f1ddb9f48fafedb7ea3e381106d7b1e4f1a38c361b3146c3f222a763f9fbb240b192309012da6ecff1e5db9f4ecc20c137a8efa8"}, 0xf0) 10:57:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000a940)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="280000001c0001000000000000faffff07"], 0x28}], 0x1}, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) 10:57:38 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fork() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) 10:57:38 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x0, 0x3}) [ 55.866940] audit: type=1400 audit(1677236258.877:6): avc: denied { execmem } for pid=260 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:57:38 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r3, 0x3, 0x6, @link_local}, 0x10) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000000)={r6, 0x3, 0x6, @link_local}, 0x10) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x6}, 0x4) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10:57:38 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000100)=@ethtool_gstrings={0x1b, 0x4}}) 10:57:38 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x101, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x40100000284) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) openat(r1, &(0x7f0000000200)='./file1\x00', 0x4000, 0x12) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000080)=""/107, 0x6b, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PTP_EXTTS_REQUEST(r2, 0x40103d02, &(0x7f0000000140)={0x7, 0x8}) r3 = fork() process_vm_writev(r3, &(0x7f0000000680)=[{&(0x7f00000005c0)=""/113, 0x71}, {&(0x7f0000000640)}], 0x2, &(0x7f0000000980)=[{&(0x7f00000006c0)=""/199, 0xc7}, {&(0x7f00000007c0)=""/176, 0xb0}, {&(0x7f0000000880)=""/228, 0xe4}, {&(0x7f0000000a80)=""/145, 0x91}], 0x4, 0x0) fcntl$lock(r2, 0x6, &(0x7f00000004c0)={0x0, 0x1, 0xffffffff, 0x6}) io_submit(0x0, 0x0, &(0x7f0000000180)) 10:57:38 executing program 7: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0x3, 0x0, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$hwrng(0xffffffffffffff9c, &(0x7f0000001280), 0x20740, 0x0) ioctl$sock_bt_hci(r1, 0x400448cb, 0x0) socket$packet(0x11, 0x2, 0x300) r2 = epoll_create1(0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000000c0)) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001380)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=0x0) fgetxattr(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="73797374656d2e2f6465762f747479533300b1735f8f50b3f4e0a42c8839955b5ca8b96f65c419897eec5719"], &(0x7f0000000480)=""/8, 0x8) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, &(0x7f00000004c0)) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone3(&(0x7f0000000400)={0x115811800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100), {0x1f}, &(0x7f0000000180)=""/228, 0xe4, &(0x7f0000000700)=""/193, 0x0}, 0x58) sendto(r5, &(0x7f0000001340)="821c642eea", 0x5, 0x8800, &(0x7f00000012c0)=@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x80) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pidfd_open(r4, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 57.113926] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 57.116730] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 57.119412] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 57.124048] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 57.127218] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 57.131710] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 57.168018] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 57.170994] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 57.172523] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 57.177055] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 57.178870] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 57.182493] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 57.185160] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 57.194516] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 57.197060] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 57.200486] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 57.208135] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 57.209455] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 57.253436] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 57.255052] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 57.256670] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 57.258399] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 57.261254] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 57.262385] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 57.263472] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 57.264564] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 57.269090] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 57.270101] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 57.271065] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 57.272228] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 57.307028] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 57.308377] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 57.311077] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 57.312139] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 57.315080] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 57.316330] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 57.318245] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 57.319492] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 57.324001] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 57.325213] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 57.327602] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 57.329243] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 59.201236] Bluetooth: hci0: command 0x0409 tx timeout [ 59.263931] Bluetooth: hci2: command 0x0409 tx timeout [ 59.263965] Bluetooth: hci1: command 0x0409 tx timeout [ 59.264944] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 59.266205] [ 59.266436] ====================================================== [ 59.267174] WARNING: possible circular locking dependency detected [ 59.267891] 6.2.0-next-20230224 #1 Not tainted [ 59.268438] ------------------------------------------------------ [ 59.272433] syz-executor.6/277 is trying to acquire lock: [ 59.273069] ffff888019c78880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 59.274304] [ 59.274304] but task is already holding lock: [ 59.274987] ffff888019c78920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 59.276120] [ 59.276120] which lock already depends on the new lock. [ 59.276120] [ 59.277051] [ 59.277051] the existing dependency chain (in reverse order) is: [ 59.277907] [ 59.277907] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 59.278742] __mutex_lock+0x133/0x14a0 [ 59.279298] hci_cmd_sync_work+0x1e6/0x320 [ 59.279880] process_one_work+0xa0f/0x1790 [ 59.280489] worker_thread+0x63b/0x1260 [ 59.281049] kthread+0x2e9/0x3a0 [ 59.281524] ret_from_fork+0x2c/0x50 [ 59.282052] [ 59.282052] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 59.283036] __lock_acquire+0x2d56/0x6380 [ 59.283616] lock_acquire.part.0+0xea/0x320 [ 59.284219] __flush_work+0x109/0xd80 [ 59.284757] __cancel_work_timer+0x39c/0x4e0 [ 59.285341] hci_cmd_sync_clear+0x52/0x250 [ 59.285921] hci_unregister_dev+0xf9/0x410 [ 59.286499] vhci_release+0x80/0x100 [ 59.287025] __fput+0x263/0xa40 [ 59.287489] task_work_run+0x174/0x280 [ 59.288039] do_exit+0xad8/0x2800 [ 59.288525] do_group_exit+0xd4/0x2a0 [ 59.289046] __x64_sys_exit_group+0x3e/0x50 [ 59.289632] do_syscall_64+0x3f/0x90 [ 59.290145] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 59.290817] [ 59.290817] other info that might help us debug this: [ 59.290817] [ 59.291735] Possible unsafe locking scenario: [ 59.291735] [ 59.292441] CPU0 CPU1 [ 59.292982] ---- ---- [ 59.293517] lock(&hdev->cmd_sync_work_lock); [ 59.294064] lock((work_completion)(&hdev->cmd_sync_work)); [ 59.295012] lock(&hdev->cmd_sync_work_lock); [ 59.295821] lock((work_completion)(&hdev->cmd_sync_work)); [ 59.296500] [ 59.296500] *** DEADLOCK *** [ 59.296500] [ 59.297190] 1 lock held by syz-executor.6/277: [ 59.297732] #0: ffff888019c78920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 59.298926] [ 59.298926] stack backtrace: [ 59.299449] CPU: 0 PID: 277 Comm: syz-executor.6 Not tainted 6.2.0-next-20230224 #1 [ 59.300363] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 59.301313] Call Trace: [ 59.301624] [ 59.301913] dump_stack_lvl+0x91/0xf0 [ 59.302395] check_noncircular+0x263/0x2e0 [ 59.302937] ? __pfx_check_noncircular+0x10/0x10 [ 59.303553] __lock_acquire+0x2d56/0x6380 [ 59.304104] ? lock_is_held_type+0x9f/0x120 [ 59.304657] ? __pfx___lock_acquire+0x10/0x10 [ 59.305237] ? __pfx_register_lock_class+0x10/0x10 [ 59.305862] ? __wait_for_common+0x394/0x550 [ 59.306434] ? __pfx_lock_release+0x10/0x10 [ 59.306995] lock_acquire.part.0+0xea/0x320 [ 59.307547] ? __flush_work+0xdd/0xd80 [ 59.308066] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 59.308688] ? __flush_work+0xdd/0xd80 [ 59.309195] ? rcu_read_lock_sched_held+0x42/0x80 [ 59.309802] ? trace_lock_acquire+0x170/0x1e0 [ 59.310380] ? __flush_work+0xdd/0xd80 [ 59.310888] ? lock_acquire+0x32/0xc0 [ 59.311384] ? __flush_work+0xdd/0xd80 [ 59.311894] __flush_work+0x109/0xd80 [ 59.312413] ? __flush_work+0xdd/0xd80 [ 59.312930] ? __pfx_mark_lock.part.0+0x10/0x10 [ 59.313511] ? __pfx___flush_work+0x10/0x10 [ 59.314060] ? lock_acquire.part.0+0xea/0x320 [ 59.314625] ? hci_cmd_sync_clear+0x45/0x250 [ 59.315176] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 59.315789] ? hci_cmd_sync_clear+0x45/0x250 [ 59.316339] ? rcu_read_lock_sched_held+0x42/0x80 [ 59.316934] ? trace_lock_acquire+0x170/0x1e0 [ 59.317508] ? lock_is_held_type+0x9f/0x120 [ 59.318077] ? mark_held_locks+0x9e/0xe0 [ 59.318604] __cancel_work_timer+0x39c/0x4e0 [ 59.319150] ? __pfx___cancel_work_timer+0x10/0x10 [ 59.319747] ? __cancel_work_timer+0x2aa/0x4e0 [ 59.320314] ? __pfx___cancel_work_timer+0x10/0x10 [ 59.320903] ? lock_release+0x1e3/0x710 [ 59.321409] ? __pfx_lock_release+0x10/0x10 [ 59.321952] ? do_raw_write_lock+0x11e/0x3b0 [ 59.322498] ? __pfx_vhci_release+0x10/0x10 [ 59.323049] hci_cmd_sync_clear+0x52/0x250 [ 59.323590] ? __pfx_vhci_release+0x10/0x10 [ 59.324303] hci_unregister_dev+0xf9/0x410 [ 59.324855] vhci_release+0x80/0x100 [ 59.325365] __fput+0x263/0xa40 [ 59.325814] task_work_run+0x174/0x280 [ 59.326336] ? __pfx_task_work_run+0x10/0x10 [ 59.326921] ? do_raw_spin_unlock+0x53/0x220 [ 59.327493] do_exit+0xad8/0x2800 [ 59.327968] ? lock_release+0x1e3/0x710 [ 59.328507] ? __pfx_lock_release+0x10/0x10 [ 59.329054] ? do_raw_spin_lock+0x125/0x270 [ 59.329583] ? __pfx_do_exit+0x10/0x10 [ 59.330082] do_group_exit+0xd4/0x2a0 [ 59.330567] __x64_sys_exit_group+0x3e/0x50 [ 59.331112] do_syscall_64+0x3f/0x90 [ 59.331587] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 59.332245] RIP: 0033:0x7f3f22654b19 [ 59.332713] Code: Unable to access opcode bytes at 0x7f3f22654aef. [ 59.333461] RSP: 002b:00007ffd18367178 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 59.334378] RAX: ffffffffffffffda RBX: 00007ffd18367958 RCX: 00007f3f22654b19 [ 59.335234] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 59.336097] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffd18367958 [ 59.336947] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f3f226ae233 [ 59.337805] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 59.338670] [ 59.391843] Bluetooth: hci5: command 0x0409 tx timeout [ 59.392270] Bluetooth: hci7: command 0x0409 tx timeout [ 59.392615] Bluetooth: hci6: command 0x0409 tx timeout [ 59.393135] Bluetooth: hci4: command 0x0409 tx timeout [ 61.247840] Bluetooth: hci0: command 0x041b tx timeout [ 61.311816] Bluetooth: hci1: command 0x041b tx timeout [ 61.313075] Bluetooth: hci2: command 0x041b tx timeout [ 61.440859] Bluetooth: hci4: command 0x041b tx timeout [ 61.441270] Bluetooth: hci6: command 0x041b tx timeout [ 61.441612] Bluetooth: hci7: command 0x041b tx timeout [ 61.441976] Bluetooth: hci5: command 0x041b tx timeout [ 63.296814] Bluetooth: hci0: command 0x040f tx timeout [ 63.359817] Bluetooth: hci2: command 0x040f tx timeout [ 63.359918] Bluetooth: hci1: command 0x040f tx timeout [ 63.488861] Bluetooth: hci5: command 0x040f tx timeout [ 63.488959] Bluetooth: hci7: command 0x040f tx timeout [ 63.489295] Bluetooth: hci6: command 0x040f tx timeout [ 63.489691] Bluetooth: hci4: command 0x040f tx timeout [ 64.192870] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 65.345436] Bluetooth: hci0: command 0x0419 tx timeout [ 65.408370] Bluetooth: hci2: command 0x0419 tx timeout [ 65.409137] Bluetooth: hci1: command 0x0419 tx timeout [ 65.535823] Bluetooth: hci4: command 0x0419 tx timeout [ 65.536827] Bluetooth: hci6: command 0x0419 tx timeout [ 65.536845] Bluetooth: hci7: command 0x0419 tx timeout [ 65.537196] Bluetooth: hci5: command 0x0419 tx timeout [ 68.543827] Bluetooth: hci3: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 10:57:42 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff8880372bf190 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000020 R11=0000000000000001 R12=0000000000000020 R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe66725f0000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe66725ee000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fcb11f20270 CR3=000000003ca58000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffffffffffff XMM01=2f7273752f3a6e6962732f3d48544150 XMM02=000000000000000000ff000000000000 XMM03=00000000000000000000ff00000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=5f45424f5250444f4d0068563a623a6b XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffffffff813a4f10 RBX=ffffffff8606a9b3 RCX=0000000000000001 RDX=ffff88803d157701 RSI=ffff88803d1577b8 RDI=ffff88803d1577b8 RBP=ffff88803d157770 RSP=ffff88803d157658 R8 =ffffffff8606a9b2 R9 =ffff88803d157758 R10=0000000000038001 R11=0000000000000001 R12=ffff88803d157778 R13=ffff88803d157718 R14=ffff88803d1577c0 R15=0000000000000001 RIP=ffffffff81133240 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe59c2bec000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe59c2bea000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f0f8609e368 CR3=00000000169e8000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=322e6f732e6c6462696c2f756e672d78 XMM02=00322e6f732e6c6462696c2f756e672d XMM03=78756e696c2d34365f3638782f62696c XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000