Warning: Permanently added '[localhost]:53995' (ECDSA) to the list of known hosts. 2023/02/24 11:05:13 fuzzer started 2023/02/24 11:05:13 dialing manager at localhost:41417 syzkaller login: [ 36.935891] cgroup: Unknown subsys name 'net' [ 37.085448] cgroup: Unknown subsys name 'rlimit' 2023/02/24 11:05:26 syscalls: 2217 2023/02/24 11:05:26 code coverage: enabled 2023/02/24 11:05:26 comparison tracing: enabled 2023/02/24 11:05:26 extra coverage: enabled 2023/02/24 11:05:26 setuid sandbox: enabled 2023/02/24 11:05:26 namespace sandbox: enabled 2023/02/24 11:05:26 Android sandbox: enabled 2023/02/24 11:05:26 fault injection: enabled 2023/02/24 11:05:26 leak checking: enabled 2023/02/24 11:05:26 net packet injection: enabled 2023/02/24 11:05:26 net device setup: enabled 2023/02/24 11:05:26 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 11:05:26 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 11:05:26 USB emulation: enabled 2023/02/24 11:05:26 hci packet injection: enabled 2023/02/24 11:05:26 wifi device emulation: enabled 2023/02/24 11:05:26 802.15.4 emulation: enabled 2023/02/24 11:05:26 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/24 11:05:26 fetching corpus: 32, signal 22205/25767 (executing program) 2023/02/24 11:05:26 fetching corpus: 64, signal 34728/39661 (executing program) 2023/02/24 11:05:27 fetching corpus: 102, signal 43562/49767 (executing program) 2023/02/24 11:05:27 fetching corpus: 152, signal 50159/57578 (executing program) 2023/02/24 11:05:27 fetching corpus: 201, signal 56751/65167 (executing program) 2023/02/24 11:05:27 fetching corpus: 251, signal 65911/75094 (executing program) 2023/02/24 11:05:27 fetching corpus: 299, signal 71122/81175 (executing program) 2023/02/24 11:05:27 fetching corpus: 347, signal 74835/85742 (executing program) 2023/02/24 11:05:27 fetching corpus: 393, signal 78013/89858 (executing program) 2023/02/24 11:05:28 fetching corpus: 442, signal 83596/96060 (executing program) 2023/02/24 11:05:28 fetching corpus: 492, signal 88062/101144 (executing program) 2023/02/24 11:05:28 fetching corpus: 541, signal 93964/107314 (executing program) 2023/02/24 11:05:28 fetching corpus: 591, signal 96819/110819 (executing program) 2023/02/24 11:05:28 fetching corpus: 641, signal 99119/113764 (executing program) 2023/02/24 11:05:28 fetching corpus: 690, signal 103288/118235 (executing program) 2023/02/24 11:05:28 fetching corpus: 740, signal 105955/121416 (executing program) 2023/02/24 11:05:29 fetching corpus: 788, signal 107702/123740 (executing program) 2023/02/24 11:05:29 fetching corpus: 838, signal 110567/126917 (executing program) 2023/02/24 11:05:29 fetching corpus: 888, signal 113913/130449 (executing program) 2023/02/24 11:05:29 fetching corpus: 938, signal 117339/133999 (executing program) 2023/02/24 11:05:29 fetching corpus: 986, signal 119071/136110 (executing program) 2023/02/24 11:05:29 fetching corpus: 1036, signal 122570/139560 (executing program) 2023/02/24 11:05:29 fetching corpus: 1084, signal 124166/141529 (executing program) 2023/02/24 11:05:29 fetching corpus: 1134, signal 126063/143669 (executing program) 2023/02/24 11:05:30 fetching corpus: 1183, signal 129589/146961 (executing program) 2023/02/24 11:05:30 fetching corpus: 1233, signal 132492/149802 (executing program) 2023/02/24 11:05:30 fetching corpus: 1283, signal 134194/151664 (executing program) 2023/02/24 11:05:30 fetching corpus: 1333, signal 136043/153580 (executing program) 2023/02/24 11:05:30 fetching corpus: 1382, signal 137663/155303 (executing program) 2023/02/24 11:05:30 fetching corpus: 1432, signal 138817/156726 (executing program) 2023/02/24 11:05:30 fetching corpus: 1482, signal 142355/159695 (executing program) 2023/02/24 11:05:31 fetching corpus: 1532, signal 144739/161814 (executing program) 2023/02/24 11:05:31 fetching corpus: 1581, signal 146305/163350 (executing program) 2023/02/24 11:05:31 fetching corpus: 1630, signal 148136/165022 (executing program) 2023/02/24 11:05:31 fetching corpus: 1680, signal 149160/166175 (executing program) 2023/02/24 11:05:31 fetching corpus: 1730, signal 150711/167606 (executing program) 2023/02/24 11:05:31 fetching corpus: 1780, signal 152515/169165 (executing program) 2023/02/24 11:05:31 fetching corpus: 1830, signal 154079/170561 (executing program) 2023/02/24 11:05:31 fetching corpus: 1879, signal 155613/171868 (executing program) 2023/02/24 11:05:32 fetching corpus: 1928, signal 156834/172978 (executing program) 2023/02/24 11:05:32 fetching corpus: 1977, signal 158134/174123 (executing program) 2023/02/24 11:05:32 fetching corpus: 2027, signal 159982/175518 (executing program) 2023/02/24 11:05:32 fetching corpus: 2075, signal 161672/176843 (executing program) 2023/02/24 11:05:32 fetching corpus: 2125, signal 163145/178028 (executing program) 2023/02/24 11:05:32 fetching corpus: 2175, signal 165036/179338 (executing program) 2023/02/24 11:05:32 fetching corpus: 2225, signal 166213/180297 (executing program) 2023/02/24 11:05:33 fetching corpus: 2273, signal 167537/181293 (executing program) 2023/02/24 11:05:33 fetching corpus: 2323, signal 168574/182064 (executing program) 2023/02/24 11:05:33 fetching corpus: 2373, signal 170227/183203 (executing program) 2023/02/24 11:05:33 fetching corpus: 2423, signal 171131/183900 (executing program) 2023/02/24 11:05:33 fetching corpus: 2473, signal 172214/184661 (executing program) 2023/02/24 11:05:33 fetching corpus: 2523, signal 173505/185481 (executing program) 2023/02/24 11:05:33 fetching corpus: 2572, signal 174785/186279 (executing program) 2023/02/24 11:05:34 fetching corpus: 2622, signal 175624/186869 (executing program) 2023/02/24 11:05:34 fetching corpus: 2671, signal 176738/187589 (executing program) 2023/02/24 11:05:34 fetching corpus: 2720, signal 177698/188221 (executing program) 2023/02/24 11:05:34 fetching corpus: 2770, signal 178910/188911 (executing program) 2023/02/24 11:05:34 fetching corpus: 2820, signal 179798/189452 (executing program) 2023/02/24 11:05:34 fetching corpus: 2870, signal 180665/189971 (executing program) 2023/02/24 11:05:34 fetching corpus: 2919, signal 181776/190528 (executing program) 2023/02/24 11:05:35 fetching corpus: 2968, signal 182716/190990 (executing program) 2023/02/24 11:05:35 fetching corpus: 3018, signal 183716/191518 (executing program) 2023/02/24 11:05:35 fetching corpus: 3068, signal 184498/191914 (executing program) 2023/02/24 11:05:35 fetching corpus: 3117, signal 185462/192337 (executing program) 2023/02/24 11:05:35 fetching corpus: 3167, signal 186507/192800 (executing program) 2023/02/24 11:05:35 fetching corpus: 3217, signal 187185/193108 (executing program) 2023/02/24 11:05:35 fetching corpus: 3265, signal 187999/193451 (executing program) 2023/02/24 11:05:35 fetching corpus: 3315, signal 189126/193872 (executing program) 2023/02/24 11:05:36 fetching corpus: 3365, signal 189925/194202 (executing program) 2023/02/24 11:05:36 fetching corpus: 3415, signal 191001/194555 (executing program) 2023/02/24 11:05:36 fetching corpus: 3464, signal 191695/194785 (executing program) 2023/02/24 11:05:36 fetching corpus: 3467, signal 191741/194850 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/194881 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/194943 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/194987 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/195024 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/195065 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/195114 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/195159 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/195215 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/195258 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/195298 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/195339 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/195390 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/195434 (executing program) 2023/02/24 11:05:36 fetching corpus: 3468, signal 191743/195485 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195526 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195572 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195634 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195672 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195705 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195748 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195787 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195850 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195885 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195928 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195975 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195975 (executing program) 2023/02/24 11:05:36 fetching corpus: 3469, signal 191749/195975 (executing program) 2023/02/24 11:05:39 starting 8 fuzzer processes 11:05:39 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000000)=@fragment, 0x8) getsockopt$inet6_opts(r0, 0x29, 0x37, 0x0, &(0x7f00000000c0)=0xfffffffffffffcb2) 11:05:39 executing program 1: syz_open_dev$loop(0x0, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), 0xffffffffffffffff) syz_open_procfs$namespace(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 11:05:39 executing program 2: socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr, @multicast1}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @local}}}}}}, 0x0) [ 61.505094] audit: type=1400 audit(1677236739.501:6): avc: denied { execmem } for pid=260 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:05:39 executing program 3: syz_io_uring_setup(0xc3b, &(0x7f0000000140), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000200)) syz_io_uring_setup(0x646f, &(0x7f0000000240)={0x0, 0x0, 0x2}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)=0x0) syz_io_uring_submit(r0, r1, &(0x7f0000000480)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_open_dev$sg(&(0x7f0000003400), 0x0, 0x2) 11:05:39 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0), 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, 0x0, 0x0) 11:05:39 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lstat(0x0, 0x0) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140), &(0x7f00000001c0)=@v3={0x3000000, [{0x0, 0x3f}]}, 0x18, 0x0) 11:05:39 executing program 6: add_key$fscrypt_v1(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffd) perf_event_open(&(0x7f0000000080)={0x2, 0x67, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x10) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000340)) r1 = add_key$keyring(&(0x7f0000002440), &(0x7f0000002480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r2 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x1e, r1, r2, r1, 0x0) add_key$keyring(&(0x7f0000000040), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) r3 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x1, 0xd6c2}) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000180)=0x10000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x85cf, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r4 = add_key$keyring(&(0x7f0000002440), &(0x7f0000002480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r5 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x1e, r4, r5, r4, 0x0) 11:05:39 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000140)) ioctl$BTRFS_IOC_DEFRAG_RANGE(0xffffffffffffffff, 0x40309410, 0x0) [ 62.753194] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.755251] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.756724] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.759553] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.761214] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.762551] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.877473] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.879324] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.883742] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.886737] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.889528] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.891288] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.892254] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.895703] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.895839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.900746] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.905333] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.906464] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 62.908540] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.911677] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 62.941541] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.945658] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.958614] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 62.968785] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.975818] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 62.980606] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 62.985233] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 62.992298] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 62.997304] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 62.999292] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 63.032697] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 63.034446] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 63.049850] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 63.050893] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 63.056303] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 63.057281] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 63.067391] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 63.069745] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 63.073618] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 63.083519] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 63.085324] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 63.090786] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 64.837604] Bluetooth: hci0: command 0x0409 tx timeout [ 64.965222] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 64.965385] Bluetooth: hci2: command 0x0409 tx timeout [ 64.967531] Bluetooth: hci3: command 0x0409 tx timeout [ 64.968869] [ 64.969116] ====================================================== [ 64.969904] WARNING: possible circular locking dependency detected [ 64.970675] 6.2.0-next-20230224 #1 Not tainted [ 64.973292] ------------------------------------------------------ [ 64.975431] syz-executor.5/273 is trying to acquire lock: [ 64.976078] ffff888019b0c880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 64.977406] [ 64.977406] but task is already holding lock: [ 64.978097] ffff888019b0c920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 64.979253] [ 64.979253] which lock already depends on the new lock. [ 64.979253] [ 64.980213] [ 64.980213] the existing dependency chain (in reverse order) is: [ 64.981097] [ 64.981097] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 64.981983] __mutex_lock+0x133/0x14a0 [ 64.982547] hci_cmd_sync_work+0x1e6/0x320 [ 64.983139] process_one_work+0xa0f/0x1790 [ 64.983726] worker_thread+0x63b/0x1260 [ 64.984290] kthread+0x2e9/0x3a0 [ 64.984773] ret_from_fork+0x2c/0x50 [ 64.985318] [ 64.985318] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 64.986300] __lock_acquire+0x2d56/0x6380 [ 64.986888] lock_acquire.part.0+0xea/0x320 [ 64.987491] __flush_work+0x109/0xd80 [ 64.988029] __cancel_work_timer+0x39c/0x4e0 [ 64.988617] hci_cmd_sync_clear+0x52/0x250 [ 64.989208] hci_unregister_dev+0xf9/0x410 [ 64.989794] vhci_release+0x80/0x100 [ 64.990326] __fput+0x263/0xa40 [ 64.990799] task_work_run+0x174/0x280 [ 64.991350] do_exit+0xad8/0x2800 [ 64.991843] do_group_exit+0xd4/0x2a0 [ 64.992370] __x64_sys_exit_group+0x3e/0x50 [ 64.992964] do_syscall_64+0x3f/0x90 [ 64.993497] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 64.994178] [ 64.994178] other info that might help us debug this: [ 64.994178] [ 64.995100] Possible unsafe locking scenario: [ 64.995100] [ 64.995798] CPU0 CPU1 [ 64.996340] ---- ---- [ 64.996881] lock(&hdev->cmd_sync_work_lock); [ 64.997436] lock((work_completion)(&hdev->cmd_sync_work)); [ 64.998397] lock(&hdev->cmd_sync_work_lock); [ 64.999218] lock((work_completion)(&hdev->cmd_sync_work)); [ 64.999907] [ 64.999907] *** DEADLOCK *** [ 64.999907] [ 65.000607] 1 lock held by syz-executor.5/273: [ 65.001158] #0: ffff888019b0c920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 65.002390] [ 65.002390] stack backtrace: [ 65.002916] CPU: 0 PID: 273 Comm: syz-executor.5 Not tainted 6.2.0-next-20230224 #1 [ 65.003830] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 65.004793] Call Trace: [ 65.005112] [ 65.005399] dump_stack_lvl+0x91/0xf0 [ 65.005871] check_noncircular+0x263/0x2e0 [ 65.006412] ? __pfx_check_noncircular+0x10/0x10 [ 65.007016] __lock_acquire+0x2d56/0x6380 [ 65.007544] ? lock_is_held_type+0x9f/0x120 [ 65.008089] ? __pfx___lock_acquire+0x10/0x10 [ 65.008662] ? __pfx_register_lock_class+0x10/0x10 [ 65.009280] ? __wait_for_common+0x394/0x550 [ 65.009842] ? __pfx_lock_release+0x10/0x10 [ 65.010399] lock_acquire.part.0+0xea/0x320 [ 65.010939] ? __flush_work+0xdd/0xd80 [ 65.011434] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 65.012055] ? __flush_work+0xdd/0xd80 [ 65.012553] ? rcu_read_lock_sched_held+0x42/0x80 [ 65.013147] ? trace_lock_acquire+0x170/0x1e0 [ 65.013736] ? __flush_work+0xdd/0xd80 [ 65.014237] ? lock_acquire+0x32/0xc0 [ 65.014744] ? __flush_work+0xdd/0xd80 [ 65.015253] __flush_work+0x109/0xd80 [ 65.015737] ? __flush_work+0xdd/0xd80 [ 65.016246] ? __pfx_mark_lock.part.0+0x10/0x10 [ 65.016841] ? __pfx___flush_work+0x10/0x10 [ 65.017401] ? lock_acquire.part.0+0xea/0x320 [ 65.017972] ? hci_cmd_sync_clear+0x45/0x250 [ 65.018534] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 65.019145] ? hci_cmd_sync_clear+0x45/0x250 [ 65.019689] ? rcu_read_lock_sched_held+0x42/0x80 [ 65.020293] ? trace_lock_acquire+0x170/0x1e0 [ 65.020863] ? lock_is_held_type+0x9f/0x120 [ 65.021425] ? mark_held_locks+0x9e/0xe0 [ 65.021942] __cancel_work_timer+0x39c/0x4e0 [ 65.022484] ? __pfx___cancel_work_timer+0x10/0x10 [ 65.023077] ? __cancel_work_timer+0x2aa/0x4e0 [ 65.023633] ? __pfx___cancel_work_timer+0x10/0x10 [ 65.024226] ? lock_release+0x1e3/0x710 [ 65.024735] ? __pfx_lock_release+0x10/0x10 [ 65.025298] ? do_raw_write_lock+0x11e/0x3b0 [ 65.025843] ? __pfx_vhci_release+0x10/0x10 [ 65.026399] hci_cmd_sync_clear+0x52/0x250 [ 65.026934] ? __pfx_vhci_release+0x10/0x10 [ 65.027481] hci_unregister_dev+0xf9/0x410 [ 65.028014] vhci_release+0x80/0x100 [ 65.028507] __fput+0x263/0xa40 [ 65.028943] task_work_run+0x174/0x280 [ 65.029439] ? __pfx_task_work_run+0x10/0x10 [ 65.029992] ? do_raw_spin_unlock+0x53/0x220 [ 65.030555] do_exit+0xad8/0x2800 [ 65.030997] ? lock_release+0x1e3/0x710 [ 65.031525] ? __pfx_lock_release+0x10/0x10 [ 65.032065] ? do_raw_spin_lock+0x125/0x270 [ 65.032594] ? __pfx_do_exit+0x10/0x10 [ 65.033091] do_group_exit+0xd4/0x2a0 [ 65.033587] __x64_sys_exit_group+0x3e/0x50 [ 65.034128] do_syscall_64+0x3f/0x90 [ 65.034611] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 65.035254] RIP: 0033:0x7fa5ea26db19 [ 65.035706] Code: Unable to access opcode bytes at 0x7fa5ea26daef. [ 65.036432] RSP: 002b:00007ffe2d22ebf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 65.037341] RAX: ffffffffffffffda RBX: 00007ffe2d22f3d8 RCX: 00007fa5ea26db19 [ 65.038186] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 65.039029] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffe2d22f3d8 [ 65.039874] R10: 0000000000000020 R11: 0000000000000246 R12: 00007fa5ea2c7233 [ 65.040764] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 65.041681] [ 65.042276] Bluetooth: hci5: command 0x0409 tx timeout [ 65.042961] Bluetooth: hci1: command 0x0409 tx timeout [ 65.157118] Bluetooth: hci6: command 0x0409 tx timeout [ 65.158103] Bluetooth: hci7: command 0x0409 tx timeout [ 66.885076] Bluetooth: hci0: command 0x041b tx timeout [ 67.013124] Bluetooth: hci2: command 0x041b tx timeout [ 67.014121] Bluetooth: hci3: command 0x041b tx timeout [ 67.078061] Bluetooth: hci1: command 0x041b tx timeout [ 67.078572] Bluetooth: hci5: command 0x041b tx timeout [ 67.205100] Bluetooth: hci7: command 0x041b tx timeout [ 67.205570] Bluetooth: hci6: command 0x041b tx timeout [ 68.933079] Bluetooth: hci0: command 0x040f tx timeout [ 69.062100] Bluetooth: hci3: command 0x040f tx timeout [ 69.062163] Bluetooth: hci2: command 0x040f tx timeout [ 69.126060] Bluetooth: hci5: command 0x040f tx timeout [ 69.126485] Bluetooth: hci1: command 0x040f tx timeout [ 69.253073] Bluetooth: hci6: command 0x040f tx timeout [ 69.253108] Bluetooth: hci7: command 0x040f tx timeout [ 70.150045] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 70.981078] Bluetooth: hci0: command 0x0419 tx timeout [ 71.109063] Bluetooth: hci2: command 0x0419 tx timeout [ 71.110079] Bluetooth: hci3: command 0x0419 tx timeout [ 71.173511] Bluetooth: hci1: command 0x0419 tx timeout [ 71.173879] Bluetooth: hci5: command 0x0419 tx timeout [ 71.301071] Bluetooth: hci6: command 0x0419 tx timeout [ 71.302153] Bluetooth: hci7: command 0x0419 tx timeout [ 72.586703] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 72.588454] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.589069] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 72.590099] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 72.592116] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 72.592737] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.630093] Bluetooth: hci4: command 0x0409 tx timeout VM DIAGNOSIS: 11:05:43 Registers: info registers vcpu 0 RAX=000000000000006e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff88801699f190 R8 =0000000000000001 R9 =000000000000000a R10=000000000000006e R11=0000000000000001 R12=000000000000006e R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe113ec6a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe113ec68000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005631a6d2b080 CR3=000000003d26e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000000041445a3d9d60f287 XMM01=00000000000000003f847ae147ae147b XMM02=00000000000000000000000000000000 XMM03=00000000000000003f73d84d56b10695 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=000000c000074300000000c000074180 XMM09=000000c0000ad680000000c000074600 XMM10=000000c0000ad980000000c0000ad800 XMM11=000000c0000adc80000000c0000adb00 XMM12=000000c000074780000000c001ae0000 XMM13=000000c000074d80000000c000074a80 XMM14=000000c000075200000000c000075080 XMM15=000000c000075380000000c001ae0180 info registers vcpu 1 RAX=0000000000000001 RBX=ffff88803d0c7d80 RCX=ffffffff81706560 RDX=000ffffffffff000 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffea00001b7f40 RSP=ffff88803d0c7b78 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=0000000006dfd000 R13=ffff88800c8ef4e0 R14=0000000000000025 R15=0000000000000000 RIP=ffffffff814b71b8 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff396bb7540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe4607277000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe4607275000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff396cc4e60 CR3=0000000019ac8000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000000000000000ff000000000000 XMM02=00ff0000000000000000000000000000 XMM03=00000000000000000000ff00000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000