Warning: Permanently added '[localhost]:54699' (ECDSA) to the list of known hosts. 2023/02/24 11:03:24 fuzzer started 2023/02/24 11:03:25 dialing manager at localhost:41417 syzkaller login: [ 44.640888] cgroup: Unknown subsys name 'net' [ 44.730164] cgroup: Unknown subsys name 'rlimit' 2023/02/24 11:03:38 syscalls: 2217 2023/02/24 11:03:38 code coverage: enabled 2023/02/24 11:03:38 comparison tracing: enabled 2023/02/24 11:03:38 extra coverage: enabled 2023/02/24 11:03:38 setuid sandbox: enabled 2023/02/24 11:03:38 namespace sandbox: enabled 2023/02/24 11:03:38 Android sandbox: enabled 2023/02/24 11:03:38 fault injection: enabled 2023/02/24 11:03:38 leak checking: enabled 2023/02/24 11:03:38 net packet injection: enabled 2023/02/24 11:03:38 net device setup: enabled 2023/02/24 11:03:38 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 11:03:38 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 11:03:38 USB emulation: enabled 2023/02/24 11:03:38 hci packet injection: enabled 2023/02/24 11:03:38 wifi device emulation: enabled 2023/02/24 11:03:38 802.15.4 emulation: enabled 2023/02/24 11:03:38 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/24 11:03:38 fetching corpus: 34, signal 18571/22171 (executing program) 2023/02/24 11:03:38 fetching corpus: 69, signal 36798/41633 (executing program) 2023/02/24 11:03:39 fetching corpus: 119, signal 48133/54057 (executing program) 2023/02/24 11:03:39 fetching corpus: 168, signal 54163/61232 (executing program) 2023/02/24 11:03:39 fetching corpus: 218, signal 63422/71293 (executing program) 2023/02/24 11:03:39 fetching corpus: 268, signal 67561/76439 (executing program) 2023/02/24 11:03:39 fetching corpus: 318, signal 78150/87384 (executing program) 2023/02/24 11:03:39 fetching corpus: 368, signal 84282/94065 (executing program) 2023/02/24 11:03:40 fetching corpus: 417, signal 89229/99552 (executing program) 2023/02/24 11:03:40 fetching corpus: 467, signal 93293/104142 (executing program) 2023/02/24 11:03:40 fetching corpus: 517, signal 96866/108289 (executing program) 2023/02/24 11:03:40 fetching corpus: 565, signal 99387/111418 (executing program) 2023/02/24 11:03:40 fetching corpus: 613, signal 102067/114647 (executing program) 2023/02/24 11:03:40 fetching corpus: 663, signal 104100/117276 (executing program) 2023/02/24 11:03:40 fetching corpus: 713, signal 107561/121047 (executing program) 2023/02/24 11:03:41 fetching corpus: 762, signal 111483/125089 (executing program) 2023/02/24 11:03:41 fetching corpus: 812, signal 114208/128124 (executing program) 2023/02/24 11:03:41 fetching corpus: 861, signal 116711/130887 (executing program) 2023/02/24 11:03:41 fetching corpus: 909, signal 118140/132746 (executing program) 2023/02/24 11:03:41 fetching corpus: 959, signal 123463/137624 (executing program) 2023/02/24 11:03:41 fetching corpus: 1009, signal 125968/140205 (executing program) 2023/02/24 11:03:41 fetching corpus: 1058, signal 128490/142747 (executing program) 2023/02/24 11:03:42 fetching corpus: 1107, signal 130212/144684 (executing program) 2023/02/24 11:03:42 fetching corpus: 1157, signal 132964/147292 (executing program) 2023/02/24 11:03:42 fetching corpus: 1207, signal 134846/149287 (executing program) 2023/02/24 11:03:42 fetching corpus: 1255, signal 136900/151296 (executing program) 2023/02/24 11:03:42 fetching corpus: 1304, signal 138594/153055 (executing program) 2023/02/24 11:03:42 fetching corpus: 1354, signal 141116/155354 (executing program) 2023/02/24 11:03:42 fetching corpus: 1402, signal 142441/156713 (executing program) 2023/02/24 11:03:43 fetching corpus: 1452, signal 144132/158283 (executing program) 2023/02/24 11:03:43 fetching corpus: 1502, signal 145397/159598 (executing program) 2023/02/24 11:03:43 fetching corpus: 1551, signal 146909/161026 (executing program) 2023/02/24 11:03:43 fetching corpus: 1601, signal 148420/162383 (executing program) 2023/02/24 11:03:43 fetching corpus: 1651, signal 150155/163875 (executing program) 2023/02/24 11:03:43 fetching corpus: 1700, signal 152999/166013 (executing program) 2023/02/24 11:03:43 fetching corpus: 1750, signal 153781/166828 (executing program) 2023/02/24 11:03:44 fetching corpus: 1800, signal 154978/167910 (executing program) 2023/02/24 11:03:44 fetching corpus: 1850, signal 156587/169173 (executing program) 2023/02/24 11:03:44 fetching corpus: 1900, signal 158300/170494 (executing program) 2023/02/24 11:03:44 fetching corpus: 1950, signal 159459/171439 (executing program) 2023/02/24 11:03:44 fetching corpus: 1998, signal 160306/172232 (executing program) 2023/02/24 11:03:44 fetching corpus: 2047, signal 161915/173364 (executing program) 2023/02/24 11:03:44 fetching corpus: 2097, signal 163159/174282 (executing program) 2023/02/24 11:03:45 fetching corpus: 2146, signal 165247/175661 (executing program) 2023/02/24 11:03:45 fetching corpus: 2196, signal 166703/176645 (executing program) 2023/02/24 11:03:45 fetching corpus: 2246, signal 168373/177712 (executing program) 2023/02/24 11:03:45 fetching corpus: 2296, signal 169244/178357 (executing program) 2023/02/24 11:03:45 fetching corpus: 2346, signal 170240/179055 (executing program) 2023/02/24 11:03:45 fetching corpus: 2396, signal 171640/179903 (executing program) 2023/02/24 11:03:46 fetching corpus: 2446, signal 173342/180874 (executing program) 2023/02/24 11:03:46 fetching corpus: 2496, signal 174681/181604 (executing program) 2023/02/24 11:03:46 fetching corpus: 2546, signal 175827/182247 (executing program) 2023/02/24 11:03:46 fetching corpus: 2596, signal 176782/182772 (executing program) 2023/02/24 11:03:46 fetching corpus: 2644, signal 177930/183357 (executing program) 2023/02/24 11:03:46 fetching corpus: 2694, signal 178849/183850 (executing program) 2023/02/24 11:03:47 fetching corpus: 2743, signal 180059/184452 (executing program) 2023/02/24 11:03:47 fetching corpus: 2793, signal 181119/184952 (executing program) 2023/02/24 11:03:47 fetching corpus: 2843, signal 182434/185514 (executing program) 2023/02/24 11:03:47 fetching corpus: 2870, signal 183487/186001 (executing program) 2023/02/24 11:03:47 fetching corpus: 2870, signal 183487/186054 (executing program) 2023/02/24 11:03:47 fetching corpus: 2870, signal 183487/186090 (executing program) 2023/02/24 11:03:47 fetching corpus: 2870, signal 183487/186129 (executing program) 2023/02/24 11:03:47 fetching corpus: 2870, signal 183487/186180 (executing program) 2023/02/24 11:03:47 fetching corpus: 2870, signal 183487/186223 (executing program) 2023/02/24 11:03:47 fetching corpus: 2870, signal 183487/186269 (executing program) 2023/02/24 11:03:47 fetching corpus: 2870, signal 183487/186303 (executing program) 2023/02/24 11:03:47 fetching corpus: 2870, signal 183487/186340 (executing program) 2023/02/24 11:03:47 fetching corpus: 2870, signal 183487/186389 (executing program) 2023/02/24 11:03:47 fetching corpus: 2870, signal 183487/186437 (executing program) 2023/02/24 11:03:47 fetching corpus: 2870, signal 183487/186478 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183489/186533 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183489/186577 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183491/186628 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183491/186684 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183491/186729 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183491/186778 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183491/186820 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183491/186855 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183491/186903 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183491/186948 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183491/186988 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183491/187046 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183491/187095 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183492/187139 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183492/187176 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183492/187219 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183492/187257 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183498/187291 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183498/187342 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183498/187388 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183498/187423 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183498/187472 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183498/187502 (executing program) 2023/02/24 11:03:47 fetching corpus: 2871, signal 183498/187502 (executing program) 2023/02/24 11:03:50 starting 8 fuzzer processes 11:03:50 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x10) r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x80, 0x20) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) lsetxattr$security_selinux(&(0x7f0000000340)='./file1\x00', &(0x7f0000000380), &(0x7f00000003c0)='system_u:object_r:mouse_device_t:s0\x00', 0x24, 0x2) fsetxattr$system_posix_acl(r1, &(0x7f0000000440)='system.posix_acl_access\x00', &(0x7f0000001900)=ANY=[@ANYBLOB="02000000010000000000000004000300320c000010000400000000002000000000000000"], 0x24, 0x0) ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f0000000240)) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) recvfrom$unix(r0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000180)=@file={0x0, './file1\x00'}, 0x6e) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r3, 0x0, 0xfffffdef) 11:03:50 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x29, &(0x7f0000000000)={0x77359400}, 0x10) 11:03:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r0, &(0x7f0000000040), 0x14) connect$802154_dgram(r0, &(0x7f00000005c0)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0302}}}, 0xffffffffffffff9b) r1 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r2, &(0x7f00000001c0)='./file0\x00') r3 = openat(r2, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x0) sendmmsg(r0, &(0x7f00000000c0), 0x45d, 0x0) socket$nl_audit(0x10, 0x3, 0x9) openat(r3, &(0x7f0000000140)='./file0/../file0\x00', 0x400640, 0x110) 11:03:50 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) flistxattr(r0, &(0x7f0000001640)=""/108, 0x6c) 11:03:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sync_file_range(r0, 0xfffffffffffffff9, 0x0, 0x0) [ 68.827849] audit: type=1400 audit(1677236630.601:6): avc: denied { execmem } for pid=260 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:03:50 executing program 5: openat$ptp0(0xffffffffffffff9c, &(0x7f0000002480), 0x185100, 0x0) 11:03:50 executing program 6: r0 = syz_io_uring_setup(0x74ab, &(0x7f0000000140), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) io_uring_register$IORING_REGISTER_PROBE(r0, 0x8, &(0x7f0000000240)={0x0, 0x0, 0x0, '\x00', [{}, {}]}, 0x2) 11:03:50 executing program 7: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f00000022c0)=[{0x408, 0x1, 0x1, "001b2088c7c289de2f2fa979f4d36439b215159d04cf0d7c9b7199b8e7c64986d66318c9bd42a086249d32f67b40ad89911650adfb0ff5569cd83be694fb35c9b2604af134f90e1b7cc60e7d433ab43a83a7666f8f4bb6fee8050e72d1433b7fa686eb542ff958a2eb5716e29c51da4b84f1ad4a35131c94796dd3ecf181fff7c9e38f9c5f383650af1f9e2df8edd12f03f8563f208fb0c713aa08a45079d22cb88f78fa292468e4f2bfbe1b758530015ed64e4ab68ab4ead3cefd87b99474206da66cb433299d03de58ca604b9573a6f57596986ffc7695418a8012895a5761d0a2ba22424a0cccfaf7ab2c30567a4870acbcae604f887466156fc906e67492062f0e868b6f7d3cf83e2548f1623e7dd9f589af1d7118814a264e3bb62a00b736794e9d8c9d447e599547cc7ca67d34d61ea749c08a34dc60cf110ae54b8dd76e4834998aa5385f46c0a29aa65c118eecf820944cb55fb8c417cb20e19320ba050dac912b082ba40d18ecdba5ff8598ee4414a25a4ea3dc3cee7936eeb3e3743f304bd49cdd38f41a26f81f861ba7134508214a2b46d2ba579f8eb4efa270ab71db9933f05f713107e62cc5544dd6d1643ce0e5e559e38a029270da138bb769e0333f052ac964aaae107615d141308119e6ebb4fe74de351cb16d730f65b884fb879fa2d33fa2badc7ba152dbc8a16e8ad4bc38bfb54903d971e473d16bb5e08a3d117714c36f761ddd4df75bfcf1b37b963dd316c9e673727be55b8bbfefb2df726a42c27ee2fda62bb9bd95e8418c39ae3dfc3a44de7cbb4528d0362f26b94282468a765a85ebca669c5e0175b2ce858e2cdbe391dbcf9411453d771b7811a90d81e757d6938fe76d90bff445cdd2cf1baab0603885c616a6d0d3a1ee855cfc060ed1e4fad5c77a6ee4f5769c3c748a8fdd46e49233d5cd550c8c1abce4597390fa564339614e80661dd2efa4ddf353d74b287ea75d5a361558fe0990cd7d5850900fdf3efccfe218750d2bedd73c5b8e7d7418475edd1881fd6796d139f965a9824aec34c48d55bbdf6560e195bc7c52c7c0318406b565e51ff1cbaef55afd02cee55d279a3bc2988c5af9026c14b6d887c702c9ad42451a65078bd01c5f59e84b70fdb3ccc5cc3cdc30f1ff65e428760ad93e38132487273d4217ec4a122ff4d080474610d87467725926b0779765fe31a7dafeceeb013a2fa3447507b9fe9315b74a60ced40eb95936a0b698510632bc9e586f58deb536a947eaf4fd044c1db8364da5b6de5b5d734d7a1f235c7ba44fce5c19d735968b78ca400473aabdbe2968eb1df17a9570f0b3e92b4ad1529324470ba3f126654c86fe660f5ee301ff697630a94b6a7223f0fefd8f29bbc16cf2ea5e821a38bd5b4e63c00f61166ca6621a51513c780411a083823ee57f02"}], 0x408}, 0x0) [ 70.073170] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.082737] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.084737] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.088022] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.089643] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 70.091186] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.136286] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.138530] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.140404] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.143959] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.146918] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.147941] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.148998] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.150347] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.158360] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.159555] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.161558] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.163644] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.163659] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 70.166018] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.167304] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 70.168861] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.196402] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 70.201985] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 70.209954] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 70.210482] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 70.212697] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.243077] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 70.249037] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 70.253061] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 70.269573] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 70.275847] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 70.286115] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 70.313061] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 70.313255] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 70.316346] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 70.321427] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 70.321514] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 70.324412] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 70.325720] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 70.325919] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 70.328242] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 72.159261] Bluetooth: hci0: command 0x0409 tx timeout [ 72.221941] Bluetooth: hci2: command 0x0409 tx timeout [ 72.222824] Bluetooth: hci3: command 0x0409 tx timeout [ 72.223986] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 72.226142] [ 72.226413] ====================================================== [ 72.227261] WARNING: possible circular locking dependency detected [ 72.228106] 6.2.0-next-20230224 #1 Not tainted [ 72.228983] ------------------------------------------------------ [ 72.230623] syz-executor.5/275 is trying to acquire lock: [ 72.232259] ffff888019e04880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 72.234383] [ 72.234383] but task is already holding lock: [ 72.235174] ffff888019e04920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 72.236448] [ 72.236448] which lock already depends on the new lock. [ 72.236448] [ 72.237536] [ 72.237536] the existing dependency chain (in reverse order) is: [ 72.238518] [ 72.238518] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 72.239491] __mutex_lock+0x133/0x14a0 [ 72.240107] hci_cmd_sync_work+0x1e6/0x320 [ 72.240754] process_one_work+0xa0f/0x1790 [ 72.241442] worker_thread+0x63b/0x1260 [ 72.242077] kthread+0x2e9/0x3a0 [ 72.242621] ret_from_fork+0x2c/0x50 [ 72.243215] [ 72.243215] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 72.244379] __lock_acquire+0x2d56/0x6380 [ 72.245067] lock_acquire.part.0+0xea/0x320 [ 72.245796] __flush_work+0x109/0xd80 [ 72.246392] __cancel_work_timer+0x39c/0x4e0 [ 72.247057] hci_cmd_sync_clear+0x52/0x250 [ 72.247715] hci_unregister_dev+0xf9/0x410 [ 72.248368] vhci_release+0x80/0x100 [ 72.248955] __fput+0x263/0xa40 [ 72.249527] task_work_run+0x174/0x280 [ 72.250144] do_exit+0xad8/0x2800 [ 72.250691] do_group_exit+0xd4/0x2a0 [ 72.251283] __x64_sys_exit_group+0x3e/0x50 [ 72.251941] do_syscall_64+0x3f/0x90 [ 72.252537] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 72.253360] [ 72.253360] other info that might help us debug this: [ 72.253360] [ 72.254436] Possible unsafe locking scenario: [ 72.254436] [ 72.255239] CPU0 CPU1 [ 72.255854] ---- ---- [ 72.256488] lock(&hdev->cmd_sync_work_lock); [ 72.257125] lock((work_completion)(&hdev->cmd_sync_work)); [ 72.258249] lock(&hdev->cmd_sync_work_lock); [ 72.259204] lock((work_completion)(&hdev->cmd_sync_work)); [ 72.259995] [ 72.259995] *** DEADLOCK *** [ 72.259995] [ 72.260796] 1 lock held by syz-executor.5/275: [ 72.261449] #0: ffff888019e04920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 72.262830] [ 72.262830] stack backtrace: [ 72.263436] CPU: 0 PID: 275 Comm: syz-executor.5 Not tainted 6.2.0-next-20230224 #1 [ 72.264476] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 72.265624] Call Trace: [ 72.265988] [ 72.266310] dump_stack_lvl+0x91/0xf0 [ 72.266857] check_noncircular+0x263/0x2e0 [ 72.267472] ? __pfx_check_noncircular+0x10/0x10 [ 72.268167] __lock_acquire+0x2d56/0x6380 [ 72.268798] ? lock_is_held_type+0x9f/0x120 [ 72.269459] ? __pfx___lock_acquire+0x10/0x10 [ 72.270109] ? __pfx_register_lock_class+0x10/0x10 [ 72.270835] ? __wait_for_common+0x394/0x550 [ 72.271503] ? __pfx_lock_release+0x10/0x10 [ 72.272149] lock_acquire.part.0+0xea/0x320 [ 72.272796] ? __flush_work+0xdd/0xd80 [ 72.273411] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 72.274139] ? __flush_work+0xdd/0xd80 [ 72.274709] ? rcu_read_lock_sched_held+0x42/0x80 [ 72.275411] ? trace_lock_acquire+0x170/0x1e0 [ 72.276087] ? __flush_work+0xdd/0xd80 [ 72.276657] ? lock_acquire+0x32/0xc0 [ 72.277231] ? __flush_work+0xdd/0xd80 [ 72.277815] __flush_work+0x109/0xd80 [ 72.278368] ? __flush_work+0xdd/0xd80 [ 72.278928] ? __pfx_mark_lock.part.0+0x10/0x10 [ 72.279578] ? __pfx___flush_work+0x10/0x10 [ 72.280183] ? lock_acquire.part.0+0xea/0x320 [ 72.280821] ? hci_cmd_sync_clear+0x45/0x250 [ 72.281478] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 72.282165] ? hci_cmd_sync_clear+0x45/0x250 [ 72.282782] ? rcu_read_lock_sched_held+0x42/0x80 [ 72.283445] ? trace_lock_acquire+0x170/0x1e0 [ 72.284083] ? lock_is_held_type+0x9f/0x120 [ 72.284699] ? mark_held_locks+0x9e/0xe0 [ 72.285353] __cancel_work_timer+0x39c/0x4e0 [ 72.285969] ? __pfx___cancel_work_timer+0x10/0x10 [ 72.286657] ? __cancel_work_timer+0x2aa/0x4e0 [ 72.287302] ? __pfx___cancel_work_timer+0x10/0x10 [ 72.287979] ? lock_release+0x1e3/0x710 [ 72.288567] ? __pfx_lock_release+0x10/0x10 [ 72.289192] ? do_raw_write_lock+0x11e/0x3b0 [ 72.289874] ? __pfx_vhci_release+0x10/0x10 [ 72.290500] hci_cmd_sync_clear+0x52/0x250 [ 72.291117] ? __pfx_vhci_release+0x10/0x10 [ 72.291735] hci_unregister_dev+0xf9/0x410 [ 72.292349] vhci_release+0x80/0x100 [ 72.292911] __fput+0x263/0xa40 [ 72.293410] task_work_run+0x174/0x280 [ 72.293993] ? __pfx_task_work_run+0x10/0x10 [ 72.294651] ? do_raw_spin_unlock+0x53/0x220 [ 72.295293] do_exit+0xad8/0x2800 [ 72.295803] ? lock_release+0x1e3/0x710 [ 72.296410] ? __pfx_lock_release+0x10/0x10 [ 72.297041] ? do_raw_spin_lock+0x125/0x270 [ 72.297655] ? __pfx_do_exit+0x10/0x10 [ 72.298245] do_group_exit+0xd4/0x2a0 [ 72.298795] __x64_sys_exit_group+0x3e/0x50 [ 72.299420] do_syscall_64+0x3f/0x90 [ 72.299960] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 72.300671] RIP: 0033:0x7f9e137d3b19 [ 72.301187] Code: Unable to access opcode bytes at 0x7f9e137d3aef. [ 72.302030] RSP: 002b:00007ffd764f22d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 72.303071] RAX: ffffffffffffffda RBX: 00007ffd764f2ab8 RCX: 00007f9e137d3b19 [ 72.304026] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 72.304999] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffd764f2ab8 [ 72.305974] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f9e1382d233 [ 72.306936] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 72.307907] [ 72.308662] Bluetooth: hci7: command 0x0409 tx timeout [ 72.309441] Bluetooth: hci1: command 0x0409 tx timeout [ 72.414812] Bluetooth: hci6: command 0x0409 tx timeout [ 72.415556] Bluetooth: hci5: command 0x0409 tx timeout [ 74.205786] Bluetooth: hci0: command 0x041b tx timeout [ 74.269847] Bluetooth: hci3: command 0x041b tx timeout [ 74.270236] Bluetooth: hci2: command 0x041b tx timeout [ 74.333790] Bluetooth: hci1: command 0x041b tx timeout [ 74.334181] Bluetooth: hci7: command 0x041b tx timeout [ 74.461816] Bluetooth: hci5: command 0x041b tx timeout [ 74.462257] Bluetooth: hci6: command 0x041b tx timeout [ 76.253779] Bluetooth: hci0: command 0x040f tx timeout [ 76.317797] Bluetooth: hci2: command 0x040f tx timeout [ 76.318269] Bluetooth: hci3: command 0x040f tx timeout [ 76.381823] Bluetooth: hci7: command 0x040f tx timeout [ 76.382284] Bluetooth: hci1: command 0x040f tx timeout [ 76.509800] Bluetooth: hci6: command 0x040f tx timeout [ 76.510278] Bluetooth: hci5: command 0x040f tx timeout [ 76.957816] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 78.301812] Bluetooth: hci0: command 0x0419 tx timeout [ 78.365813] Bluetooth: hci3: command 0x0419 tx timeout [ 78.366158] Bluetooth: hci2: command 0x0419 tx timeout [ 78.429790] Bluetooth: hci1: command 0x0419 tx timeout [ 78.430133] Bluetooth: hci7: command 0x0419 tx timeout [ 78.557809] Bluetooth: hci5: command 0x0419 tx timeout [ 78.558168] Bluetooth: hci6: command 0x0419 tx timeout [ 79.331619] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.332635] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.334090] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.336846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.340465] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 79.342229] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.374190] Bluetooth: hci4: command 0x0409 tx timeout VM DIAGNOSIS: 11:03:54 Registers: info registers vcpu 0 RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff8880168af190 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000035 R11=0000000000000001 R12=0000000000000035 R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe3dd93e5000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe3dd93e3000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc3dbf8a620 CR3=000000003c762000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000000000000000ff000000 XMM01=00000000000000000000000000ffffff XMM02=00362e322e325f4342494c4700352e32 XMM03=00000000000000000000004700352e32 XMM04=4342494c4700362e322e325f4342494c XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000293 RCX=0000000000000000 RDX=ffff88801b571ac0 RSI=ffffffff82245820 RDI=ffff88800f8a5580 RBP=0000000000000020 RSP=ffff88803c6ff8c0 R8 =0000000000000005 R9 =0000000000000000 R10=00000000ffffffff R11=0000000000000001 R12=ffff88800f8a5580 R13=ffffffffffffffff R14=dffffc0000000000 R15=00000000ffffffff RIP=ffffffff82245822 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe696d38f000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe696d38d000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f377daa66f4 CR3=000000001b6d0000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f377dab547000007f377dab4f20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000