Warning: Permanently added '[localhost]:14708' (ECDSA) to the list of known hosts.
2023/02/24 11:45:03 fuzzer started
2023/02/24 11:45:03 dialing manager at localhost:41417
syzkaller login: [   38.228172] cgroup: Unknown subsys name 'net'
[   38.325538] cgroup: Unknown subsys name 'rlimit'
2023/02/24 11:45:20 syscalls: 2217
2023/02/24 11:45:20 code coverage: enabled
2023/02/24 11:45:20 comparison tracing: enabled
2023/02/24 11:45:20 extra coverage: enabled
2023/02/24 11:45:20 setuid sandbox: enabled
2023/02/24 11:45:20 namespace sandbox: enabled
2023/02/24 11:45:20 Android sandbox: enabled
2023/02/24 11:45:20 fault injection: enabled
2023/02/24 11:45:20 leak checking: enabled
2023/02/24 11:45:20 net packet injection: enabled
2023/02/24 11:45:20 net device setup: enabled
2023/02/24 11:45:20 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2023/02/24 11:45:20 devlink PCI setup: PCI device 0000:00:10.0 is not available
2023/02/24 11:45:20 USB emulation: enabled
2023/02/24 11:45:20 hci packet injection: enabled
2023/02/24 11:45:20 wifi device emulation: enabled
2023/02/24 11:45:20 802.15.4 emulation: enabled
2023/02/24 11:45:20 fetching corpus: 0, signal 0/2000 (executing program)
2023/02/24 11:45:20 fetching corpus: 47, signal 28308/31917 (executing program)
2023/02/24 11:45:20 fetching corpus: 97, signal 45083/50169 (executing program)
2023/02/24 11:45:20 fetching corpus: 147, signal 57508/63934 (executing program)
2023/02/24 11:45:21 fetching corpus: 197, signal 64557/72315 (executing program)
2023/02/24 11:45:21 fetching corpus: 247, signal 72088/81088 (executing program)
2023/02/24 11:45:21 fetching corpus: 297, signal 77313/87582 (executing program)
2023/02/24 11:45:21 fetching corpus: 347, signal 82742/94172 (executing program)
2023/02/24 11:45:21 fetching corpus: 397, signal 88671/101138 (executing program)
2023/02/24 11:45:21 fetching corpus: 447, signal 95105/108495 (executing program)
2023/02/24 11:45:21 fetching corpus: 497, signal 101395/115659 (executing program)
2023/02/24 11:45:22 fetching corpus: 547, signal 105324/120521 (executing program)
2023/02/24 11:45:22 fetching corpus: 597, signal 108136/124343 (executing program)
2023/02/24 11:45:22 fetching corpus: 647, signal 112582/129595 (executing program)
2023/02/24 11:45:22 fetching corpus: 697, signal 116595/134411 (executing program)
2023/02/24 11:45:22 fetching corpus: 747, signal 119310/137964 (executing program)
2023/02/24 11:45:22 fetching corpus: 797, signal 121550/141088 (executing program)
2023/02/24 11:45:22 fetching corpus: 847, signal 124574/144919 (executing program)
2023/02/24 11:45:22 fetching corpus: 897, signal 126844/147989 (executing program)
2023/02/24 11:45:22 fetching corpus: 947, signal 129348/151278 (executing program)
2023/02/24 11:45:22 fetching corpus: 997, signal 133076/155532 (executing program)
2023/02/24 11:45:23 fetching corpus: 1046, signal 135051/158296 (executing program)
2023/02/24 11:45:23 fetching corpus: 1096, signal 137226/161171 (executing program)
2023/02/24 11:45:23 fetching corpus: 1146, signal 139123/163790 (executing program)
2023/02/24 11:45:23 fetching corpus: 1196, signal 141867/167058 (executing program)
2023/02/24 11:45:23 fetching corpus: 1246, signal 143932/169774 (executing program)
2023/02/24 11:45:23 fetching corpus: 1296, signal 146937/173223 (executing program)
2023/02/24 11:45:23 fetching corpus: 1346, signal 148706/175609 (executing program)
2023/02/24 11:45:24 fetching corpus: 1396, signal 150857/178335 (executing program)
2023/02/24 11:45:24 fetching corpus: 1446, signal 152495/180605 (executing program)
2023/02/24 11:45:24 fetching corpus: 1496, signal 154336/183019 (executing program)
2023/02/24 11:45:24 fetching corpus: 1545, signal 155936/185232 (executing program)
2023/02/24 11:45:24 fetching corpus: 1595, signal 157870/187654 (executing program)
2023/02/24 11:45:24 fetching corpus: 1645, signal 159603/189911 (executing program)
2023/02/24 11:45:24 fetching corpus: 1695, signal 161235/192045 (executing program)
2023/02/24 11:45:24 fetching corpus: 1745, signal 162750/194081 (executing program)
2023/02/24 11:45:24 fetching corpus: 1795, signal 164632/196324 (executing program)
2023/02/24 11:45:24 fetching corpus: 1845, signal 165783/198049 (executing program)
2023/02/24 11:45:25 fetching corpus: 1894, signal 166711/199580 (executing program)
2023/02/24 11:45:25 fetching corpus: 1944, signal 167926/201347 (executing program)
2023/02/24 11:45:25 fetching corpus: 1994, signal 169306/203112 (executing program)
2023/02/24 11:45:25 fetching corpus: 2044, signal 170751/204918 (executing program)
2023/02/24 11:45:25 fetching corpus: 2093, signal 172149/206732 (executing program)
2023/02/24 11:45:25 fetching corpus: 2143, signal 174238/208995 (executing program)
2023/02/24 11:45:25 fetching corpus: 2193, signal 175808/210888 (executing program)
2023/02/24 11:45:25 fetching corpus: 2243, signal 176586/212214 (executing program)
2023/02/24 11:45:26 fetching corpus: 2293, signal 177862/213823 (executing program)
2023/02/24 11:45:26 fetching corpus: 2343, signal 179500/215679 (executing program)
2023/02/24 11:45:26 fetching corpus: 2393, signal 180737/217283 (executing program)
2023/02/24 11:45:26 fetching corpus: 2443, signal 181908/218775 (executing program)
2023/02/24 11:45:26 fetching corpus: 2493, signal 182881/220164 (executing program)
2023/02/24 11:45:26 fetching corpus: 2543, signal 184143/221676 (executing program)
2023/02/24 11:45:26 fetching corpus: 2593, signal 185234/223120 (executing program)
2023/02/24 11:45:26 fetching corpus: 2642, signal 186129/224387 (executing program)
2023/02/24 11:45:27 fetching corpus: 2692, signal 187611/225984 (executing program)
2023/02/24 11:45:27 fetching corpus: 2742, signal 188737/227363 (executing program)
2023/02/24 11:45:27 fetching corpus: 2792, signal 189500/228501 (executing program)
2023/02/24 11:45:27 fetching corpus: 2842, signal 190222/229609 (executing program)
2023/02/24 11:45:27 fetching corpus: 2892, signal 191273/230925 (executing program)
2023/02/24 11:45:27 fetching corpus: 2942, signal 192269/232136 (executing program)
2023/02/24 11:45:27 fetching corpus: 2992, signal 193534/233515 (executing program)
2023/02/24 11:45:27 fetching corpus: 3041, signal 194173/234517 (executing program)
2023/02/24 11:45:28 fetching corpus: 3091, signal 195018/235657 (executing program)
2023/02/24 11:45:28 fetching corpus: 3141, signal 196291/237011 (executing program)
2023/02/24 11:45:28 fetching corpus: 3191, signal 197477/238361 (executing program)
2023/02/24 11:45:28 fetching corpus: 3241, signal 198223/239437 (executing program)
2023/02/24 11:45:28 fetching corpus: 3291, signal 199064/240526 (executing program)
2023/02/24 11:45:28 fetching corpus: 3341, signal 200114/241705 (executing program)
2023/02/24 11:45:28 fetching corpus: 3390, signal 200863/242655 (executing program)
2023/02/24 11:45:28 fetching corpus: 3439, signal 201578/243638 (executing program)
2023/02/24 11:45:29 fetching corpus: 3489, signal 202505/244705 (executing program)
2023/02/24 11:45:29 fetching corpus: 3539, signal 203320/245738 (executing program)
2023/02/24 11:45:29 fetching corpus: 3589, signal 204134/246688 (executing program)
2023/02/24 11:45:29 fetching corpus: 3639, signal 205023/247685 (executing program)
2023/02/24 11:45:29 fetching corpus: 3689, signal 205848/248686 (executing program)
2023/02/24 11:45:29 fetching corpus: 3739, signal 206604/249651 (executing program)
2023/02/24 11:45:29 fetching corpus: 3789, signal 208856/251277 (executing program)
2023/02/24 11:45:30 fetching corpus: 3839, signal 209460/252100 (executing program)
2023/02/24 11:45:30 fetching corpus: 3888, signal 210193/252957 (executing program)
2023/02/24 11:45:30 fetching corpus: 3937, signal 211057/253862 (executing program)
2023/02/24 11:45:30 fetching corpus: 3987, signal 211897/254742 (executing program)
2023/02/24 11:45:30 fetching corpus: 4037, signal 212804/255654 (executing program)
2023/02/24 11:45:30 fetching corpus: 4087, signal 213618/256521 (executing program)
2023/02/24 11:45:30 fetching corpus: 4137, signal 214304/257317 (executing program)
2023/02/24 11:45:30 fetching corpus: 4187, signal 215152/258147 (executing program)
2023/02/24 11:45:31 fetching corpus: 4237, signal 215998/258988 (executing program)
2023/02/24 11:45:31 fetching corpus: 4287, signal 216686/259760 (executing program)
2023/02/24 11:45:31 fetching corpus: 4337, signal 217068/260428 (executing program)
2023/02/24 11:45:31 fetching corpus: 4387, signal 217881/261285 (executing program)
2023/02/24 11:45:31 fetching corpus: 4436, signal 218479/261985 (executing program)
2023/02/24 11:45:31 fetching corpus: 4486, signal 219066/262687 (executing program)
2023/02/24 11:45:32 fetching corpus: 4536, signal 220034/263503 (executing program)
2023/02/24 11:45:32 fetching corpus: 4585, signal 220988/264337 (executing program)
2023/02/24 11:45:32 fetching corpus: 4635, signal 221810/265122 (executing program)
2023/02/24 11:45:32 fetching corpus: 4685, signal 222276/265722 (executing program)
2023/02/24 11:45:32 fetching corpus: 4735, signal 222712/266301 (executing program)
2023/02/24 11:45:32 fetching corpus: 4785, signal 223212/266932 (executing program)
2023/02/24 11:45:33 fetching corpus: 4835, signal 223910/267586 (executing program)
2023/02/24 11:45:33 fetching corpus: 4884, signal 224382/268182 (executing program)
2023/02/24 11:45:33 fetching corpus: 4934, signal 224990/268771 (executing program)
2023/02/24 11:45:33 fetching corpus: 4984, signal 225875/269487 (executing program)
2023/02/24 11:45:33 fetching corpus: 5034, signal 226870/270156 (executing program)
2023/02/24 11:45:33 fetching corpus: 5084, signal 227580/270798 (executing program)
2023/02/24 11:45:33 fetching corpus: 5134, signal 228116/271386 (executing program)
2023/02/24 11:45:33 fetching corpus: 5183, signal 228596/271897 (executing program)
2023/02/24 11:45:34 fetching corpus: 5233, signal 229364/272479 (executing program)
2023/02/24 11:45:34 fetching corpus: 5283, signal 229798/273006 (executing program)
2023/02/24 11:45:34 fetching corpus: 5333, signal 230412/273595 (executing program)
2023/02/24 11:45:34 fetching corpus: 5383, signal 230795/274095 (executing program)
2023/02/24 11:45:34 fetching corpus: 5432, signal 231375/274601 (executing program)
2023/02/24 11:45:34 fetching corpus: 5482, signal 231759/275068 (executing program)
2023/02/24 11:45:34 fetching corpus: 5532, signal 232395/275643 (executing program)
2023/02/24 11:45:34 fetching corpus: 5582, signal 232984/276156 (executing program)
2023/02/24 11:45:35 fetching corpus: 5632, signal 233560/276668 (executing program)
2023/02/24 11:45:35 fetching corpus: 5680, signal 233973/277148 (executing program)
2023/02/24 11:45:35 fetching corpus: 5730, signal 234521/277635 (executing program)
2023/02/24 11:45:35 fetching corpus: 5780, signal 235287/278153 (executing program)
2023/02/24 11:45:35 fetching corpus: 5830, signal 236109/278623 (executing program)
2023/02/24 11:45:35 fetching corpus: 5879, signal 236565/279076 (executing program)
2023/02/24 11:45:35 fetching corpus: 5929, signal 237111/279545 (executing program)
2023/02/24 11:45:35 fetching corpus: 5979, signal 237540/279992 (executing program)
2023/02/24 11:45:36 fetching corpus: 6029, signal 238023/280448 (executing program)
2023/02/24 11:45:36 fetching corpus: 6079, signal 238452/280870 (executing program)
2023/02/24 11:45:36 fetching corpus: 6129, signal 239064/281306 (executing program)
2023/02/24 11:45:36 fetching corpus: 6179, signal 239416/281676 (executing program)
2023/02/24 11:45:36 fetching corpus: 6229, signal 239810/282066 (executing program)
2023/02/24 11:45:36 fetching corpus: 6279, signal 240225/282480 (executing program)
2023/02/24 11:45:36 fetching corpus: 6329, signal 240633/282841 (executing program)
2023/02/24 11:45:37 fetching corpus: 6379, signal 241109/283230 (executing program)
2023/02/24 11:45:37 fetching corpus: 6429, signal 241525/283588 (executing program)
2023/02/24 11:45:37 fetching corpus: 6479, signal 242071/283955 (executing program)
2023/02/24 11:45:37 fetching corpus: 6529, signal 242473/284333 (executing program)
2023/02/24 11:45:37 fetching corpus: 6579, signal 243197/284703 (executing program)
2023/02/24 11:45:37 fetching corpus: 6629, signal 243692/285055 (executing program)
2023/02/24 11:45:37 fetching corpus: 6679, signal 244181/285384 (executing program)
2023/02/24 11:45:37 fetching corpus: 6729, signal 244638/285730 (executing program)
2023/02/24 11:45:38 fetching corpus: 6779, signal 245172/286079 (executing program)
2023/02/24 11:45:38 fetching corpus: 6829, signal 245519/286400 (executing program)
2023/02/24 11:45:38 fetching corpus: 6878, signal 245912/286720 (executing program)
2023/02/24 11:45:38 fetching corpus: 6928, signal 246579/287065 (executing program)
2023/02/24 11:45:38 fetching corpus: 6977, signal 247032/287384 (executing program)
2023/02/24 11:45:38 fetching corpus: 7026, signal 247456/287695 (executing program)
2023/02/24 11:45:38 fetching corpus: 7076, signal 247828/287995 (executing program)
2023/02/24 11:45:38 fetching corpus: 7126, signal 248365/288269 (executing program)
2023/02/24 11:45:38 fetching corpus: 7176, signal 248860/288317 (executing program)
2023/02/24 11:45:39 fetching corpus: 7225, signal 249177/288317 (executing program)
2023/02/24 11:45:39 fetching corpus: 7275, signal 249729/288318 (executing program)
2023/02/24 11:45:39 fetching corpus: 7325, signal 250247/288318 (executing program)
2023/02/24 11:45:39 fetching corpus: 7374, signal 250741/288318 (executing program)
2023/02/24 11:45:39 fetching corpus: 7423, signal 251456/288318 (executing program)
2023/02/24 11:45:39 fetching corpus: 7472, signal 251967/288318 (executing program)
2023/02/24 11:45:39 fetching corpus: 7522, signal 252577/288318 (executing program)
2023/02/24 11:45:40 fetching corpus: 7572, signal 253097/288318 (executing program)
2023/02/24 11:45:40 fetching corpus: 7622, signal 253521/288318 (executing program)
2023/02/24 11:45:40 fetching corpus: 7672, signal 253804/288318 (executing program)
2023/02/24 11:45:40 fetching corpus: 7722, signal 254253/288318 (executing program)
2023/02/24 11:45:40 fetching corpus: 7771, signal 254586/288346 (executing program)
2023/02/24 11:45:40 fetching corpus: 7821, signal 254865/288346 (executing program)
2023/02/24 11:45:40 fetching corpus: 7870, signal 255316/288346 (executing program)
2023/02/24 11:45:40 fetching corpus: 7920, signal 255790/288346 (executing program)
2023/02/24 11:45:40 fetching corpus: 7970, signal 256175/288346 (executing program)
2023/02/24 11:45:41 fetching corpus: 8020, signal 256886/288346 (executing program)
2023/02/24 11:45:41 fetching corpus: 8069, signal 257415/288348 (executing program)
2023/02/24 11:45:41 fetching corpus: 8119, signal 257852/288348 (executing program)
2023/02/24 11:45:41 fetching corpus: 8168, signal 258391/288363 (executing program)
2023/02/24 11:45:41 fetching corpus: 8216, signal 258770/288369 (executing program)
2023/02/24 11:45:41 fetching corpus: 8266, signal 259063/288369 (executing program)
2023/02/24 11:45:41 fetching corpus: 8316, signal 259380/288369 (executing program)
2023/02/24 11:45:41 fetching corpus: 8365, signal 259773/288399 (executing program)
2023/02/24 11:45:42 fetching corpus: 8415, signal 260291/288399 (executing program)
2023/02/24 11:45:42 fetching corpus: 8464, signal 260757/288399 (executing program)
2023/02/24 11:45:42 fetching corpus: 8514, signal 261222/288399 (executing program)
2023/02/24 11:45:42 fetching corpus: 8564, signal 261584/288399 (executing program)
2023/02/24 11:45:42 fetching corpus: 8614, signal 262001/288399 (executing program)
2023/02/24 11:45:42 fetching corpus: 8664, signal 262495/288399 (executing program)
2023/02/24 11:45:42 fetching corpus: 8712, signal 262906/288409 (executing program)
2023/02/24 11:45:42 fetching corpus: 8762, signal 263544/288415 (executing program)
2023/02/24 11:45:42 fetching corpus: 8812, signal 263912/288415 (executing program)
2023/02/24 11:45:43 fetching corpus: 8862, signal 264230/288415 (executing program)
2023/02/24 11:45:43 fetching corpus: 8912, signal 264556/288415 (executing program)
2023/02/24 11:45:43 fetching corpus: 8962, signal 264919/288415 (executing program)
2023/02/24 11:45:43 fetching corpus: 9012, signal 265163/288415 (executing program)
2023/02/24 11:45:43 fetching corpus: 9062, signal 265542/288415 (executing program)
2023/02/24 11:45:43 fetching corpus: 9112, signal 265860/288415 (executing program)
2023/02/24 11:45:43 fetching corpus: 9162, signal 266273/288513 (executing program)
2023/02/24 11:45:43 fetching corpus: 9212, signal 266564/288513 (executing program)
2023/02/24 11:45:44 fetching corpus: 9261, signal 266910/288513 (executing program)
2023/02/24 11:45:44 fetching corpus: 9310, signal 267354/288513 (executing program)
2023/02/24 11:45:44 fetching corpus: 9359, signal 267656/288513 (executing program)
2023/02/24 11:45:44 fetching corpus: 9409, signal 268026/288513 (executing program)
2023/02/24 11:45:44 fetching corpus: 9459, signal 268407/288513 (executing program)
2023/02/24 11:45:44 fetching corpus: 9508, signal 268728/288513 (executing program)
2023/02/24 11:45:44 fetching corpus: 9558, signal 269157/288513 (executing program)
2023/02/24 11:45:45 fetching corpus: 9607, signal 269497/288513 (executing program)
2023/02/24 11:45:45 fetching corpus: 9657, signal 269788/288515 (executing program)
2023/02/24 11:45:45 fetching corpus: 9707, signal 270045/288515 (executing program)
2023/02/24 11:45:45 fetching corpus: 9757, signal 270420/288515 (executing program)
2023/02/24 11:45:45 fetching corpus: 9807, signal 271053/288515 (executing program)
2023/02/24 11:45:45 fetching corpus: 9857, signal 271380/288515 (executing program)
2023/02/24 11:45:45 fetching corpus: 9907, signal 271632/288515 (executing program)
2023/02/24 11:45:45 fetching corpus: 9957, signal 271912/288515 (executing program)
2023/02/24 11:45:45 fetching corpus: 10007, signal 272167/288515 (executing program)
2023/02/24 11:45:46 fetching corpus: 10057, signal 272573/288515 (executing program)
2023/02/24 11:45:46 fetching corpus: 10107, signal 272920/288515 (executing program)
2023/02/24 11:45:46 fetching corpus: 10157, signal 273370/288515 (executing program)
2023/02/24 11:45:46 fetching corpus: 10207, signal 273643/288515 (executing program)
2023/02/24 11:45:46 fetching corpus: 10257, signal 273985/288515 (executing program)
2023/02/24 11:45:46 fetching corpus: 10307, signal 274480/288515 (executing program)
2023/02/24 11:45:46 fetching corpus: 10357, signal 274959/288515 (executing program)
2023/02/24 11:45:47 fetching corpus: 10407, signal 275294/288515 (executing program)
2023/02/24 11:45:47 fetching corpus: 10455, signal 275832/288515 (executing program)
2023/02/24 11:45:47 fetching corpus: 10504, signal 276183/288515 (executing program)
2023/02/24 11:45:47 fetching corpus: 10553, signal 276439/288518 (executing program)
2023/02/24 11:45:47 fetching corpus: 10603, signal 276812/288518 (executing program)
2023/02/24 11:45:47 fetching corpus: 10653, signal 277206/288518 (executing program)
2023/02/24 11:45:47 fetching corpus: 10703, signal 277531/288518 (executing program)
2023/02/24 11:45:48 fetching corpus: 10752, signal 277814/288518 (executing program)
2023/02/24 11:45:48 fetching corpus: 10802, signal 278119/288518 (executing program)
2023/02/24 11:45:48 fetching corpus: 10852, signal 278403/288518 (executing program)
2023/02/24 11:45:48 fetching corpus: 10902, signal 278761/288518 (executing program)
2023/02/24 11:45:48 fetching corpus: 10952, signal 279034/288518 (executing program)
2023/02/24 11:45:48 fetching corpus: 10998, signal 279291/288614 (executing program)
2023/02/24 11:45:48 fetching corpus: 11048, signal 280124/288614 (executing program)
2023/02/24 11:45:49 fetching corpus: 11098, signal 280377/288614 (executing program)
2023/02/24 11:45:49 fetching corpus: 11148, signal 280620/288614 (executing program)
2023/02/24 11:45:49 fetching corpus: 11197, signal 280885/288614 (executing program)
2023/02/24 11:45:49 fetching corpus: 11247, signal 281213/288614 (executing program)
2023/02/24 11:45:49 fetching corpus: 11297, signal 281621/288614 (executing program)
2023/02/24 11:45:49 fetching corpus: 11345, signal 282028/288614 (executing program)
2023/02/24 11:45:49 fetching corpus: 11394, signal 282633/288614 (executing program)
2023/02/24 11:45:49 fetching corpus: 11444, signal 282841/288614 (executing program)
2023/02/24 11:45:50 fetching corpus: 11494, signal 283189/288614 (executing program)
2023/02/24 11:45:50 fetching corpus: 11544, signal 283512/288614 (executing program)
2023/02/24 11:45:50 fetching corpus: 11594, signal 283834/288614 (executing program)
2023/02/24 11:45:50 fetching corpus: 11644, signal 284057/288614 (executing program)
2023/02/24 11:45:50 fetching corpus: 11694, signal 284573/288614 (executing program)
2023/02/24 11:45:50 fetching corpus: 11744, signal 284896/288614 (executing program)
2023/02/24 11:45:50 fetching corpus: 11769, signal 285106/288614 (executing program)
2023/02/24 11:45:50 fetching corpus: 11769, signal 285106/288614 (executing program)
2023/02/24 11:45:53 starting 8 fuzzer processes
11:45:53 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x30]}}}}]})
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1/file0\x00', 0x121042, 0x120)
write(r0, &(0x7f0000000080)="01", 0x292e9)

11:45:53 executing program 1:
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x76, &(0x7f0000000440)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x40, 0x3a, 0x0, @empty, @local, {[], @time_exceed={0x3, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "8135b6", 0x0, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback, [@hopopts={0x3a}], "33668d3d313999e6"}}}}}}}, 0x0)

11:45:53 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

11:45:53 executing program 3:
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000001480))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x400, 0x88)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000014c0)=@IORING_OP_NOP={0x0, 0x3}, 0x6)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
fsetxattr$trusted_overlay_opaque(r1, &(0x7f00000001c0), &(0x7f0000000240), 0x2, 0x3)
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_pts(0xffffffffffffffff, 0x4a880)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x1, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1, {0x0, r3}}, 0xff)
r4 = openat$cgroup_freezer_state(r0, &(0x7f0000000340), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000380)={{0x1, 0x1, 0x18, r4, {0xfffffff7}}, './file0\x00'})
dup(r2)
syz_io_uring_setup(0xfa7, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000180)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r7, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0)
syz_io_uring_submit(r5, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0xa, 0x0, @fd_index=0x9, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r3}}, 0x1)

11:45:53 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt(r0, 0x8, 0x0, 0x0, 0x0)

[   85.140977] audit: type=1400 audit(1677239153.633:6): avc:  denied  { execmem } for  pid=260 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
11:45:53 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x8912, &(0x7f0000000080)={'sit0\x00', 0x0})

11:45:53 executing program 6:
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLY\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x17\xa2\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\x92#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x06L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x84\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\xd00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xfe\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\xd6\xcf\xf6\xb5\x82\xb7\x9dA\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/L\x01\xe2\xba|\xf0\x01)PP\xcdl\x06\xfc\x15;qZ\xb1u\xc9\xd0\xd16~JEGm\xe4\x1e@\x9dG\xe4@\xdf\xba\'\x8b\x1cD\xc7\xec\xd1@}tR\xd9P\xf4N\xe3\xd8x\xa0\x91\x17\xc2}\x13\b\xca\t(Z\xa3_\xa1\x90\x15T\x93\xe7%\x98\xa7\xfb\x8bp/eq\x93\xbf\x1f =|\xf3\xb1\xfcR\xd8\nM,\xcb%@\'\x15\x88\xd8\xad\f\x91|\x95\x8fq+\x98\x81W\xba\x9f\xe0elOt\xbd\by\r\x87\x1c\xba\xbd\x8e+S>\xb8\xe29\x91h^x\xfb`\x00\xdd/\xa6\xb1\x16=\xa1bw\xc5I\xb1\x00'/549, 0x7)
ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000280)={0x0, 0x0, 0x2, 0x8800000})

11:45:53 executing program 7:
sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0}, 0x0)
ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89})
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448cb, 0x0)
epoll_create(0x4)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
perf_event_open(&(0x7f00000006c0)={0x3, 0x80, 0x0, 0x64, 0x7, 0xe0, 0x0, 0xfffffffffffffffc, 0x800, 0xc, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x10001, 0x0, 0x3, 0x8, 0x0, 0x7}, 0x0, 0xc, 0xffffffffffffffff, 0x1)
openat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x101080, 0x40)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000004400000008000300", @ANYRES32=r3, @ANYBLOB="1000181b3dff02e912a851419ea37acfdc42a99c0e80da5a800c0000af507135990038f1769b4d6d9c729baf74ae84db731878ac9f5712b65429cc1de7e7c7507ccf2fceeea00ca65595f571dfc0b7444b09cf5ac9c0ffd08e73853f293908c56fc4268164897bb8f774e294c263e662b06da74eb18a884a124c67e090eed60a2a6568fd587845fbc2e2af16d603d69151f83e0b9160d9e30cca9518bce44294f8193d28151fede206cd512cd8e01780c3c9cfd8a23e828b2fbd7621de57c84c87d1f3e41f73c9a97d89915655ff9f5f5b2b7ea66909bed3377b791d45a19fda39ae3e8618ec6b665f30a6bd55d119bad091ba46f0c2f66d980166c67776617ae3eb051563175f494b992785e35088ccbd5622"], 0x38}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)={0x28, r0, 0x0, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x1, 0x7}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[   86.436847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.439637] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.441002] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.444653] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.446348] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   86.448189] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.516067] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   86.518742] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   86.520178] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   86.529595] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   86.531422] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   86.534180] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   86.571684] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   86.573327] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   86.577648] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   86.581298] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   86.584318] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   86.586508] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   86.590647] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   86.592031] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   86.594017] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   86.597106] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   86.601424] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   86.603274] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   86.606133] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   86.607554] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   86.611945] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   86.614288] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   86.616376] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   86.618140] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   86.621515] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   86.624255] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   86.626256] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   86.627399] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   86.629175] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   86.629204] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   86.632770] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   86.694990] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   86.727158] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   86.728355] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   86.740968] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   86.781186] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   88.523907] Bluetooth: hci1: Opcode 0x c03 failed: -110
[   88.524843] Bluetooth: hci0: command 0x0409 tx timeout
[   88.525032] 
[   88.525592] ======================================================
[   88.526004] WARNING: possible circular locking dependency detected
[   88.526407] 6.2.0-next-20230224 #1 Not tainted
[   88.526710] ------------------------------------------------------
[   88.527113] syz-executor.4/273 is trying to acquire lock:
[   88.531010] ffff88801385c880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80
[   88.531735] 
[   88.531735] but task is already holding lock:
[   88.532190] ffff88801385c920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250
[   88.532964] 
[   88.532964] which lock already depends on the new lock.
[   88.532964] 
[   88.533623] 
[   88.533623] the existing dependency chain (in reverse order) is:
[   88.534141] 
[   88.534141] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}:
[   88.534630]        __mutex_lock+0x133/0x14a0
[   88.534949]        hci_cmd_sync_work+0x1e6/0x320
[   88.535270]        process_one_work+0xa0f/0x1790
[   88.535605]        worker_thread+0x63b/0x1260
[   88.535921]        kthread+0x2e9/0x3a0
[   88.536189]        ret_from_fork+0x2c/0x50
[   88.536504] 
[   88.536504] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}:
[   88.537006]        __lock_acquire+0x2d56/0x6380
[   88.537302]        lock_acquire.part.0+0xea/0x320
[   88.537607]        __flush_work+0x109/0xd80
[   88.537900]        __cancel_work_timer+0x39c/0x4e0
[   88.538294]        hci_cmd_sync_clear+0x52/0x250
[   88.538687]        hci_unregister_dev+0xf9/0x410
[   88.539091]        vhci_release+0x80/0x100
[   88.539466]        __fput+0x263/0xa40
[   88.539784]        task_work_run+0x174/0x280
[   88.540258]        do_exit+0xad8/0x2800
[   88.540716]        do_group_exit+0xd4/0x2a0
[   88.541211]        __x64_sys_exit_group+0x3e/0x50
[   88.541758]        do_syscall_64+0x3f/0x90
[   88.542231]        entry_SYSCALL_64_after_hwframe+0x72/0xdc
[   88.542862] 
[   88.542862] other info that might help us debug this:
[   88.542862] 
[   88.543720]  Possible unsafe locking scenario:
[   88.543720] 
[   88.544275]        CPU0                    CPU1
[   88.544695]        ----                    ----
[   88.545125]   lock(&hdev->cmd_sync_work_lock);
[   88.545554]                                lock((work_completion)(&hdev->cmd_sync_work));
[   88.546303]                                lock(&hdev->cmd_sync_work_lock);
[   88.546955]   lock((work_completion)(&hdev->cmd_sync_work));
[   88.547508] 
[   88.547508]  *** DEADLOCK ***
[   88.547508] 
[   88.548041] 1 lock held by syz-executor.4/273:
[   88.548351]  #0: ffff88801385c920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250
[   88.549024] 
[   88.549024] stack backtrace:
[   88.549330] CPU: 1 PID: 273 Comm: syz-executor.4 Not tainted 6.2.0-next-20230224 #1
[   88.549831] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   88.550343] Call Trace:
[   88.550502]  <TASK>
[   88.550644]  dump_stack_lvl+0x91/0xf0
[   88.550885]  check_noncircular+0x263/0x2e0
[   88.551162]  ? __pfx_check_noncircular+0x10/0x10
[   88.551470]  ? queued_spin_lock_slowpath+0xd1/0xc50
[   88.551790]  __lock_acquire+0x2d56/0x6380
[   88.552061]  ? __pfx___lock_acquire+0x10/0x10
[   88.552348]  ? __pfx_queued_spin_lock_slowpath+0x10/0x10
[   88.552685]  ? __wait_for_common+0x394/0x550
[   88.552968]  ? __pfx_lock_release+0x10/0x10
[   88.553245]  lock_acquire.part.0+0xea/0x320
[   88.553521]  ? __flush_work+0xdd/0xd80
[   88.553775]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   88.554085]  ? __flush_work+0xdd/0xd80
[   88.554336]  ? rcu_read_lock_sched_held+0x42/0x80
[   88.554638]  ? trace_lock_acquire+0x170/0x1e0
[   88.554925]  ? __flush_work+0xdd/0xd80
[   88.555175]  ? lock_acquire+0x32/0xc0
[   88.555428]  ? __flush_work+0xdd/0xd80
[   88.555696]  __flush_work+0x109/0xd80
[   88.555944]  ? __flush_work+0xdd/0xd80
[   88.556197]  ? __pfx_mark_lock.part.0+0x10/0x10
[   88.556492]  ? __pfx___flush_work+0x10/0x10
[   88.556766]  ? lock_acquire.part.0+0xea/0x320
[   88.557052]  ? hci_cmd_sync_clear+0x45/0x250
[   88.557330]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   88.557640]  ? hci_cmd_sync_clear+0x45/0x250
[   88.557916]  ? rcu_read_lock_sched_held+0x42/0x80
[   88.558212]  ? trace_lock_acquire+0x170/0x1e0
[   88.558497]  ? lock_is_held_type+0x9f/0x120
[   88.558773]  ? mark_held_locks+0x9e/0xe0
[   88.559037]  __cancel_work_timer+0x39c/0x4e0
[   88.559314]  ? __pfx___cancel_work_timer+0x10/0x10
[   88.559630]  ? __cancel_work_timer+0x2aa/0x4e0
[   88.559915]  ? __pfx___cancel_work_timer+0x10/0x10
[   88.560219]  ? lock_release+0x1e3/0x710
[   88.560482]  ? __pfx_lock_release+0x10/0x10
[   88.560760]  ? do_raw_write_lock+0x11e/0x3b0
[   88.561039]  ? __pfx_vhci_release+0x10/0x10
[   88.561315]  hci_cmd_sync_clear+0x52/0x250
[   88.561585]  ? __pfx_vhci_release+0x10/0x10
[   88.561860]  hci_unregister_dev+0xf9/0x410
[   88.562129]  vhci_release+0x80/0x100
[   88.562374]  __fput+0x263/0xa40
[   88.562590]  task_work_run+0x174/0x280
[   88.562841]  ? __pfx_task_work_run+0x10/0x10
[   88.563125]  ? do_raw_spin_unlock+0x53/0x220
[   88.563410]  do_exit+0xad8/0x2800
[   88.563637]  ? lock_release+0x1e3/0x710
[   88.563899]  ? __pfx_lock_release+0x10/0x10
[   88.564177]  ? do_raw_spin_lock+0x125/0x270
[   88.564449]  ? __pfx_do_exit+0x10/0x10
[   88.564700]  do_group_exit+0xd4/0x2a0
[   88.564948]  __x64_sys_exit_group+0x3e/0x50
[   88.565222]  do_syscall_64+0x3f/0x90
[   88.565460]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[   88.565781] RIP: 0033:0x7fbe39202b19
[   88.566015] Code: Unable to access opcode bytes at 0x7fbe39202aef.
[   88.566386] RSP: 002b:00007ffcb3675558 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   88.566844] RAX: ffffffffffffffda RBX: 00007ffcb3675d38 RCX: 00007fbe39202b19
[   88.567278] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[   88.567716] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffcb3675d38
[   88.568142] R10: 0000000000000020 R11: 0000000000000246 R12: 00007fbe3925c233
[   88.568572] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8
[   88.569004]  </TASK>
[   88.587984] Bluetooth: hci2: command 0x0409 tx timeout
[   88.651473] Bluetooth: hci5: command 0x0409 tx timeout
[   88.715477] Bluetooth: hci6: command 0x0409 tx timeout
[   88.715877] Bluetooth: hci7: command 0x0409 tx timeout
[   88.843493] Bluetooth: hci4: command 0x0409 tx timeout
[   88.843925] Bluetooth: hci3: command 0x0409 tx timeout
[   90.572482] Bluetooth: hci0: command 0x041b tx timeout
[   90.635516] Bluetooth: hci2: command 0x041b tx timeout
[   90.700550] Bluetooth: hci5: command 0x041b tx timeout
[   90.763539] Bluetooth: hci7: command 0x041b tx timeout
[   90.763937] Bluetooth: hci6: command 0x041b tx timeout
[   90.891545] Bluetooth: hci3: command 0x041b tx timeout
[   90.891982] Bluetooth: hci4: command 0x041b tx timeout
[   91.408272] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   91.409417] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   91.410778] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   91.412992] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   91.414336] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   91.415610] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   92.620499] Bluetooth: hci0: command 0x040f tx timeout
[   92.684240] Bluetooth: hci2: command 0x040f tx timeout
[   92.747688] Bluetooth: hci5: command 0x040f tx timeout
[   92.812572] Bluetooth: hci6: command 0x040f tx timeout
[   92.813248] Bluetooth: hci7: command 0x040f tx timeout
[   92.940767] Bluetooth: hci4: command 0x040f tx timeout
[   92.941396] Bluetooth: hci3: command 0x040f tx timeout
[   93.452508] Bluetooth: hci1: command 0x0409 tx timeout
[   94.668471] Bluetooth: hci0: command 0x0419 tx timeout
[   94.732515] Bluetooth: hci2: command 0x0419 tx timeout
[   94.796509] Bluetooth: hci5: command 0x0419 tx timeout
[   94.860496] Bluetooth: hci7: command 0x0419 tx timeout
[   94.860931] Bluetooth: hci6: command 0x0419 tx timeout
[   94.988580] Bluetooth: hci3: command 0x0419 tx timeout
[   94.988986] Bluetooth: hci4: command 0x0419 tx timeout
[   95.499633] Bluetooth: hci1: command 0x041b tx timeout
[   97.547602] Bluetooth: hci1: command 0x040f tx timeout

VM DIAGNOSIS:
11:45:57  Registers:
info registers vcpu 0
RAX=dffffc0000000000 RBX=ffffffff846000ae RCX=0000000000000001 RDX=1ffff11002dddeed
RSI=ffff888016eeff48 RDI=ffffffff846000ae RBP=ffffffff846000ae RSP=ffff888016eef6c0
R8 =0000000000000001 R9 =ffff888016eef750 R10=0000000000038001 R11=0000000000000001
R12=0000000000000001 R13=0000000000000000 R14=ffff888016385040 R15=ffff88804224fe00
RIP=ffffffff811fb402 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0d60c7b000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0d60c79000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fe2d606b8e0 CR3=0000000041b6e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=756e696c2d34365f3638782f62696c2f XMM01=00362e6f732e6362696c2f756e672d78
XMM02=ffff0000000000ffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000069 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff888016bc7190
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000069 R11=0000000000000001
R12=0000000000000069 R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850
RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe11d988a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe11d9888000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffad0b131f0 CR3=000000001fd6e000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=756e696c2d34365f3638782f62696c2f XMM01=6461657268747062696c2f756e672d78
XMM02=00302e6f732e6461657268747062696c XMM03=2f756e672d78756e696c2d34365f3638
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000