Warning: Permanently added '[localhost]:31248' (ECDSA) to the list of known hosts. 2023/02/24 11:52:54 fuzzer started 2023/02/24 11:52:54 dialing manager at localhost:41417 syzkaller login: [ 34.860048] cgroup: Unknown subsys name 'net' [ 34.959167] cgroup: Unknown subsys name 'rlimit' 2023/02/24 11:53:07 syscalls: 2217 2023/02/24 11:53:07 code coverage: enabled 2023/02/24 11:53:07 comparison tracing: enabled 2023/02/24 11:53:07 extra coverage: enabled 2023/02/24 11:53:07 setuid sandbox: enabled 2023/02/24 11:53:07 namespace sandbox: enabled 2023/02/24 11:53:07 Android sandbox: enabled 2023/02/24 11:53:07 fault injection: enabled 2023/02/24 11:53:07 leak checking: enabled 2023/02/24 11:53:07 net packet injection: enabled 2023/02/24 11:53:07 net device setup: enabled 2023/02/24 11:53:07 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 11:53:07 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 11:53:07 USB emulation: enabled 2023/02/24 11:53:07 hci packet injection: enabled 2023/02/24 11:53:07 wifi device emulation: enabled 2023/02/24 11:53:07 802.15.4 emulation: enabled 2023/02/24 11:53:07 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/24 11:53:07 fetching corpus: 42, signal 28763/32375 (executing program) 2023/02/24 11:53:07 fetching corpus: 92, signal 50606/55630 (executing program) 2023/02/24 11:53:07 fetching corpus: 142, signal 59772/66198 (executing program) 2023/02/24 11:53:07 fetching corpus: 192, signal 68992/76733 (executing program) 2023/02/24 11:53:07 fetching corpus: 242, signal 75024/84073 (executing program) 2023/02/24 11:53:08 fetching corpus: 291, signal 84171/94267 (executing program) 2023/02/24 11:53:08 fetching corpus: 341, signal 91345/102479 (executing program) 2023/02/24 11:53:08 fetching corpus: 391, signal 96851/108997 (executing program) 2023/02/24 11:53:08 fetching corpus: 441, signal 100623/113845 (executing program) 2023/02/24 11:53:08 fetching corpus: 491, signal 105764/119915 (executing program) 2023/02/24 11:53:08 fetching corpus: 541, signal 108484/123735 (executing program) 2023/02/24 11:53:08 fetching corpus: 590, signal 112268/128480 (executing program) 2023/02/24 11:53:09 fetching corpus: 640, signal 115900/133027 (executing program) 2023/02/24 11:53:09 fetching corpus: 690, signal 118749/136846 (executing program) 2023/02/24 11:53:09 fetching corpus: 740, signal 120593/139664 (executing program) 2023/02/24 11:53:09 fetching corpus: 790, signal 124688/144470 (executing program) 2023/02/24 11:53:09 fetching corpus: 840, signal 128170/148660 (executing program) 2023/02/24 11:53:09 fetching corpus: 890, signal 131258/152475 (executing program) 2023/02/24 11:53:09 fetching corpus: 940, signal 135082/156932 (executing program) 2023/02/24 11:53:09 fetching corpus: 990, signal 138085/160581 (executing program) 2023/02/24 11:53:10 fetching corpus: 1040, signal 140851/164033 (executing program) 2023/02/24 11:53:10 fetching corpus: 1090, signal 142020/166029 (executing program) 2023/02/24 11:53:10 fetching corpus: 1139, signal 145688/170082 (executing program) 2023/02/24 11:53:10 fetching corpus: 1188, signal 146992/172172 (executing program) 2023/02/24 11:53:10 fetching corpus: 1238, signal 149058/174851 (executing program) 2023/02/24 11:53:10 fetching corpus: 1288, signal 150991/177386 (executing program) 2023/02/24 11:53:10 fetching corpus: 1337, signal 153144/180096 (executing program) 2023/02/24 11:53:10 fetching corpus: 1387, signal 154302/181970 (executing program) 2023/02/24 11:53:10 fetching corpus: 1437, signal 156378/184634 (executing program) 2023/02/24 11:53:11 fetching corpus: 1487, signal 158083/186919 (executing program) 2023/02/24 11:53:11 fetching corpus: 1537, signal 159402/188883 (executing program) 2023/02/24 11:53:11 fetching corpus: 1587, signal 161206/191220 (executing program) 2023/02/24 11:53:11 fetching corpus: 1637, signal 162913/193426 (executing program) 2023/02/24 11:53:11 fetching corpus: 1687, signal 165322/196179 (executing program) 2023/02/24 11:53:11 fetching corpus: 1737, signal 167294/198592 (executing program) 2023/02/24 11:53:11 fetching corpus: 1786, signal 168954/200743 (executing program) 2023/02/24 11:53:11 fetching corpus: 1836, signal 170618/202848 (executing program) 2023/02/24 11:53:12 fetching corpus: 1886, signal 172039/204783 (executing program) 2023/02/24 11:53:12 fetching corpus: 1936, signal 173677/206802 (executing program) 2023/02/24 11:53:12 fetching corpus: 1985, signal 174974/208569 (executing program) 2023/02/24 11:53:12 fetching corpus: 2035, signal 175904/210065 (executing program) 2023/02/24 11:53:12 fetching corpus: 2084, signal 177241/211809 (executing program) 2023/02/24 11:53:12 fetching corpus: 2133, signal 179411/214125 (executing program) 2023/02/24 11:53:12 fetching corpus: 2182, signal 181013/215977 (executing program) 2023/02/24 11:53:13 fetching corpus: 2232, signal 182022/217460 (executing program) 2023/02/24 11:53:13 fetching corpus: 2282, signal 182910/218799 (executing program) 2023/02/24 11:53:13 fetching corpus: 2332, signal 184183/220438 (executing program) 2023/02/24 11:53:13 fetching corpus: 2381, signal 185337/221948 (executing program) 2023/02/24 11:53:13 fetching corpus: 2431, signal 186449/223413 (executing program) 2023/02/24 11:53:13 fetching corpus: 2481, signal 187412/224769 (executing program) 2023/02/24 11:53:13 fetching corpus: 2530, signal 188327/226096 (executing program) 2023/02/24 11:53:13 fetching corpus: 2580, signal 189428/227506 (executing program) 2023/02/24 11:53:14 fetching corpus: 2630, signal 190174/228750 (executing program) 2023/02/24 11:53:14 fetching corpus: 2680, signal 191129/229991 (executing program) 2023/02/24 11:53:14 fetching corpus: 2730, signal 192881/231796 (executing program) 2023/02/24 11:53:14 fetching corpus: 2780, signal 194068/233191 (executing program) 2023/02/24 11:53:14 fetching corpus: 2830, signal 194877/234405 (executing program) 2023/02/24 11:53:14 fetching corpus: 2880, signal 195771/235605 (executing program) 2023/02/24 11:53:14 fetching corpus: 2929, signal 196933/236953 (executing program) 2023/02/24 11:53:14 fetching corpus: 2978, signal 198215/238388 (executing program) 2023/02/24 11:53:15 fetching corpus: 3028, signal 199157/239562 (executing program) 2023/02/24 11:53:15 fetching corpus: 3078, signal 200110/240736 (executing program) 2023/02/24 11:53:15 fetching corpus: 3128, signal 201236/242004 (executing program) 2023/02/24 11:53:15 fetching corpus: 3178, signal 202095/243050 (executing program) 2023/02/24 11:53:15 fetching corpus: 3228, signal 202809/244075 (executing program) 2023/02/24 11:53:15 fetching corpus: 3278, signal 203640/245178 (executing program) 2023/02/24 11:53:15 fetching corpus: 3328, signal 204737/246436 (executing program) 2023/02/24 11:53:15 fetching corpus: 3378, signal 205697/247617 (executing program) 2023/02/24 11:53:16 fetching corpus: 3428, signal 206854/248833 (executing program) 2023/02/24 11:53:16 fetching corpus: 3478, signal 207833/249928 (executing program) 2023/02/24 11:53:16 fetching corpus: 3528, signal 208890/251053 (executing program) 2023/02/24 11:53:16 fetching corpus: 3578, signal 209787/252076 (executing program) 2023/02/24 11:53:16 fetching corpus: 3628, signal 210425/252982 (executing program) 2023/02/24 11:53:16 fetching corpus: 3678, signal 211233/253919 (executing program) 2023/02/24 11:53:16 fetching corpus: 3728, signal 211898/254824 (executing program) 2023/02/24 11:53:16 fetching corpus: 3778, signal 212738/255771 (executing program) 2023/02/24 11:53:17 fetching corpus: 3828, signal 213642/256754 (executing program) 2023/02/24 11:53:17 fetching corpus: 3876, signal 214931/257924 (executing program) 2023/02/24 11:53:17 fetching corpus: 3926, signal 215753/258825 (executing program) 2023/02/24 11:53:17 fetching corpus: 3976, signal 216310/259567 (executing program) 2023/02/24 11:53:17 fetching corpus: 4025, signal 216996/260399 (executing program) 2023/02/24 11:53:17 fetching corpus: 4075, signal 218007/261351 (executing program) 2023/02/24 11:53:17 fetching corpus: 4125, signal 219060/262296 (executing program) 2023/02/24 11:53:18 fetching corpus: 4175, signal 219827/263131 (executing program) 2023/02/24 11:53:18 fetching corpus: 4225, signal 220551/263948 (executing program) 2023/02/24 11:53:18 fetching corpus: 4275, signal 221356/264797 (executing program) 2023/02/24 11:53:18 fetching corpus: 4325, signal 222012/265548 (executing program) 2023/02/24 11:53:18 fetching corpus: 4375, signal 222604/266304 (executing program) 2023/02/24 11:53:18 fetching corpus: 4425, signal 223322/267067 (executing program) 2023/02/24 11:53:18 fetching corpus: 4474, signal 223971/267801 (executing program) 2023/02/24 11:53:19 fetching corpus: 4524, signal 224741/268554 (executing program) 2023/02/24 11:53:19 fetching corpus: 4574, signal 225154/269195 (executing program) 2023/02/24 11:53:19 fetching corpus: 4624, signal 225734/269896 (executing program) 2023/02/24 11:53:19 fetching corpus: 4674, signal 226511/270640 (executing program) 2023/02/24 11:53:19 fetching corpus: 4724, signal 227343/271378 (executing program) 2023/02/24 11:53:19 fetching corpus: 4774, signal 227930/271982 (executing program) 2023/02/24 11:53:19 fetching corpus: 4824, signal 228456/272632 (executing program) 2023/02/24 11:53:19 fetching corpus: 4874, signal 229064/273261 (executing program) 2023/02/24 11:53:20 fetching corpus: 4924, signal 229858/274008 (executing program) 2023/02/24 11:53:20 fetching corpus: 4974, signal 230597/274708 (executing program) 2023/02/24 11:53:20 fetching corpus: 5023, signal 231193/275362 (executing program) 2023/02/24 11:53:20 fetching corpus: 5073, signal 231824/275984 (executing program) 2023/02/24 11:53:20 fetching corpus: 5123, signal 232401/276581 (executing program) 2023/02/24 11:53:20 fetching corpus: 5172, signal 233008/277196 (executing program) 2023/02/24 11:53:20 fetching corpus: 5222, signal 233545/277810 (executing program) 2023/02/24 11:53:20 fetching corpus: 5272, signal 234278/278421 (executing program) 2023/02/24 11:53:21 fetching corpus: 5322, signal 234722/278950 (executing program) 2023/02/24 11:53:21 fetching corpus: 5372, signal 235282/279514 (executing program) 2023/02/24 11:53:21 fetching corpus: 5421, signal 235947/280060 (executing program) 2023/02/24 11:53:21 fetching corpus: 5471, signal 236517/280619 (executing program) 2023/02/24 11:53:21 fetching corpus: 5520, signal 237181/281190 (executing program) 2023/02/24 11:53:21 fetching corpus: 5570, signal 238721/281960 (executing program) 2023/02/24 11:53:21 fetching corpus: 5620, signal 239271/282478 (executing program) 2023/02/24 11:53:22 fetching corpus: 5670, signal 239936/283012 (executing program) 2023/02/24 11:53:24 fetching corpus: 5720, signal 240603/283489 (executing program) 2023/02/24 11:53:24 fetching corpus: 5765, signal 241245/284028 (executing program) 2023/02/24 11:53:24 fetching corpus: 5815, signal 241706/284467 (executing program) 2023/02/24 11:53:24 fetching corpus: 5865, signal 242306/284945 (executing program) 2023/02/24 11:53:24 fetching corpus: 5915, signal 242886/285394 (executing program) 2023/02/24 11:53:25 fetching corpus: 5965, signal 243553/285877 (executing program) 2023/02/24 11:53:25 fetching corpus: 6015, signal 244210/286346 (executing program) 2023/02/24 11:53:25 fetching corpus: 6065, signal 244770/286774 (executing program) 2023/02/24 11:53:25 fetching corpus: 6114, signal 245052/287169 (executing program) 2023/02/24 11:53:25 fetching corpus: 6164, signal 245636/287580 (executing program) 2023/02/24 11:53:25 fetching corpus: 6213, signal 246075/287977 (executing program) 2023/02/24 11:53:25 fetching corpus: 6263, signal 246598/288391 (executing program) 2023/02/24 11:53:26 fetching corpus: 6313, signal 247199/288811 (executing program) 2023/02/24 11:53:26 fetching corpus: 6363, signal 247922/289254 (executing program) 2023/02/24 11:53:26 fetching corpus: 6413, signal 248541/289641 (executing program) 2023/02/24 11:53:26 fetching corpus: 6463, signal 249041/289986 (executing program) 2023/02/24 11:53:26 fetching corpus: 6513, signal 249305/290349 (executing program) 2023/02/24 11:53:26 fetching corpus: 6563, signal 249738/290710 (executing program) 2023/02/24 11:53:27 fetching corpus: 6612, signal 250312/291025 (executing program) 2023/02/24 11:53:27 fetching corpus: 6662, signal 250700/291354 (executing program) 2023/02/24 11:53:27 fetching corpus: 6712, signal 251116/291677 (executing program) 2023/02/24 11:53:27 fetching corpus: 6762, signal 251679/292007 (executing program) 2023/02/24 11:53:27 fetching corpus: 6812, signal 252480/292376 (executing program) 2023/02/24 11:53:27 fetching corpus: 6862, signal 253089/292713 (executing program) 2023/02/24 11:53:27 fetching corpus: 6911, signal 253473/293056 (executing program) 2023/02/24 11:53:27 fetching corpus: 6961, signal 254013/293386 (executing program) 2023/02/24 11:53:28 fetching corpus: 7011, signal 254484/293690 (executing program) 2023/02/24 11:53:28 fetching corpus: 7061, signal 254949/293965 (executing program) 2023/02/24 11:53:28 fetching corpus: 7110, signal 255398/294263 (executing program) 2023/02/24 11:53:28 fetching corpus: 7160, signal 255789/294561 (executing program) 2023/02/24 11:53:28 fetching corpus: 7210, signal 256089/294800 (executing program) 2023/02/24 11:53:28 fetching corpus: 7260, signal 256549/295070 (executing program) 2023/02/24 11:53:28 fetching corpus: 7310, signal 256852/295225 (executing program) 2023/02/24 11:53:29 fetching corpus: 7360, signal 257251/295225 (executing program) 2023/02/24 11:53:29 fetching corpus: 7409, signal 257694/295225 (executing program) 2023/02/24 11:53:29 fetching corpus: 7459, signal 258194/295225 (executing program) 2023/02/24 11:53:29 fetching corpus: 7509, signal 258557/295225 (executing program) 2023/02/24 11:53:29 fetching corpus: 7559, signal 258995/295225 (executing program) 2023/02/24 11:53:29 fetching corpus: 7609, signal 259591/295225 (executing program) 2023/02/24 11:53:29 fetching corpus: 7658, signal 260112/295225 (executing program) 2023/02/24 11:53:29 fetching corpus: 7708, signal 260640/295225 (executing program) 2023/02/24 11:53:30 fetching corpus: 7758, signal 261055/295225 (executing program) 2023/02/24 11:53:30 fetching corpus: 7808, signal 261447/295225 (executing program) 2023/02/24 11:53:30 fetching corpus: 7858, signal 261765/295225 (executing program) 2023/02/24 11:53:30 fetching corpus: 7908, signal 262182/295225 (executing program) 2023/02/24 11:53:30 fetching corpus: 7957, signal 262644/295225 (executing program) 2023/02/24 11:53:30 fetching corpus: 8007, signal 262947/295225 (executing program) 2023/02/24 11:53:30 fetching corpus: 8057, signal 263238/295225 (executing program) 2023/02/24 11:53:30 fetching corpus: 8107, signal 263692/295225 (executing program) 2023/02/24 11:53:31 fetching corpus: 8157, signal 264075/295225 (executing program) 2023/02/24 11:53:31 fetching corpus: 8207, signal 264375/295225 (executing program) 2023/02/24 11:53:31 fetching corpus: 8257, signal 264750/295225 (executing program) 2023/02/24 11:53:31 fetching corpus: 8307, signal 265186/295225 (executing program) 2023/02/24 11:53:31 fetching corpus: 8357, signal 265539/295225 (executing program) 2023/02/24 11:53:31 fetching corpus: 8407, signal 265918/295225 (executing program) 2023/02/24 11:53:31 fetching corpus: 8457, signal 266524/295225 (executing program) 2023/02/24 11:53:31 fetching corpus: 8507, signal 266900/295225 (executing program) 2023/02/24 11:53:32 fetching corpus: 8556, signal 267251/295231 (executing program) 2023/02/24 11:53:32 fetching corpus: 8605, signal 267674/295231 (executing program) 2023/02/24 11:53:32 fetching corpus: 8655, signal 268128/295231 (executing program) 2023/02/24 11:53:32 fetching corpus: 8705, signal 268384/295231 (executing program) 2023/02/24 11:53:32 fetching corpus: 8755, signal 268836/295231 (executing program) 2023/02/24 11:53:32 fetching corpus: 8805, signal 269174/295231 (executing program) 2023/02/24 11:53:32 fetching corpus: 8855, signal 269552/295231 (executing program) 2023/02/24 11:53:32 fetching corpus: 8904, signal 269889/295231 (executing program) 2023/02/24 11:53:33 fetching corpus: 8954, signal 270169/295231 (executing program) 2023/02/24 11:53:33 fetching corpus: 9004, signal 270659/295231 (executing program) 2023/02/24 11:53:33 fetching corpus: 9053, signal 271052/295231 (executing program) 2023/02/24 11:53:33 fetching corpus: 9102, signal 271346/295236 (executing program) 2023/02/24 11:53:33 fetching corpus: 9152, signal 271848/295237 (executing program) 2023/02/24 11:53:33 fetching corpus: 9202, signal 272150/295237 (executing program) 2023/02/24 11:53:33 fetching corpus: 9252, signal 272521/295237 (executing program) 2023/02/24 11:53:33 fetching corpus: 9302, signal 273084/295237 (executing program) 2023/02/24 11:53:34 fetching corpus: 9352, signal 273586/295237 (executing program) 2023/02/24 11:53:34 fetching corpus: 9401, signal 274075/295237 (executing program) 2023/02/24 11:53:34 fetching corpus: 9451, signal 274435/295237 (executing program) 2023/02/24 11:53:34 fetching corpus: 9501, signal 274705/295237 (executing program) 2023/02/24 11:53:34 fetching corpus: 9551, signal 275064/295237 (executing program) 2023/02/24 11:53:34 fetching corpus: 9599, signal 275464/295262 (executing program) 2023/02/24 11:53:34 fetching corpus: 9649, signal 275805/295265 (executing program) 2023/02/24 11:53:34 fetching corpus: 9699, signal 276072/295265 (executing program) 2023/02/24 11:53:35 fetching corpus: 9747, signal 276381/295265 (executing program) 2023/02/24 11:53:35 fetching corpus: 9797, signal 276829/295265 (executing program) 2023/02/24 11:53:35 fetching corpus: 9845, signal 277160/295265 (executing program) 2023/02/24 11:53:35 fetching corpus: 9895, signal 277614/295265 (executing program) 2023/02/24 11:53:35 fetching corpus: 9945, signal 278037/295265 (executing program) 2023/02/24 11:53:35 fetching corpus: 9995, signal 278509/295265 (executing program) 2023/02/24 11:53:35 fetching corpus: 10044, signal 278818/295265 (executing program) 2023/02/24 11:53:36 fetching corpus: 10094, signal 279120/295265 (executing program) 2023/02/24 11:53:36 fetching corpus: 10144, signal 279411/295265 (executing program) 2023/02/24 11:53:36 fetching corpus: 10194, signal 279702/295265 (executing program) 2023/02/24 11:53:36 fetching corpus: 10244, signal 279999/295265 (executing program) 2023/02/24 11:53:36 fetching corpus: 10294, signal 280341/295265 (executing program) 2023/02/24 11:53:36 fetching corpus: 10344, signal 280819/295265 (executing program) 2023/02/24 11:53:36 fetching corpus: 10393, signal 281136/295265 (executing program) 2023/02/24 11:53:37 fetching corpus: 10443, signal 281671/295265 (executing program) 2023/02/24 11:53:37 fetching corpus: 10492, signal 281904/295265 (executing program) 2023/02/24 11:53:37 fetching corpus: 10542, signal 282333/295265 (executing program) 2023/02/24 11:53:37 fetching corpus: 10592, signal 282735/295265 (executing program) 2023/02/24 11:53:37 fetching corpus: 10642, signal 283119/295265 (executing program) 2023/02/24 11:53:37 fetching corpus: 10691, signal 283551/295273 (executing program) 2023/02/24 11:53:37 fetching corpus: 10740, signal 283844/295273 (executing program) 2023/02/24 11:53:37 fetching corpus: 10790, signal 284087/295273 (executing program) 2023/02/24 11:53:38 fetching corpus: 10840, signal 284374/295273 (executing program) 2023/02/24 11:53:38 fetching corpus: 10890, signal 284664/295273 (executing program) 2023/02/24 11:53:38 fetching corpus: 10940, signal 284881/295273 (executing program) 2023/02/24 11:53:38 fetching corpus: 10989, signal 285141/295273 (executing program) 2023/02/24 11:53:38 fetching corpus: 11039, signal 285386/295273 (executing program) 2023/02/24 11:53:38 fetching corpus: 11088, signal 285712/295273 (executing program) 2023/02/24 11:53:38 fetching corpus: 11138, signal 285949/295273 (executing program) 2023/02/24 11:53:38 fetching corpus: 11188, signal 286366/295273 (executing program) 2023/02/24 11:53:38 fetching corpus: 11237, signal 286654/295275 (executing program) 2023/02/24 11:53:39 fetching corpus: 11287, signal 286908/295283 (executing program) 2023/02/24 11:53:39 fetching corpus: 11337, signal 287189/295283 (executing program) 2023/02/24 11:53:39 fetching corpus: 11387, signal 287508/295283 (executing program) 2023/02/24 11:53:39 fetching corpus: 11436, signal 287789/295283 (executing program) 2023/02/24 11:53:39 fetching corpus: 11485, signal 288276/295283 (executing program) 2023/02/24 11:53:39 fetching corpus: 11535, signal 288503/295283 (executing program) 2023/02/24 11:53:39 fetching corpus: 11585, signal 288785/295285 (executing program) 2023/02/24 11:53:40 fetching corpus: 11633, signal 289020/295285 (executing program) 2023/02/24 11:53:40 fetching corpus: 11683, signal 289336/295285 (executing program) 2023/02/24 11:53:40 fetching corpus: 11732, signal 289684/295296 (executing program) 2023/02/24 11:53:40 fetching corpus: 11781, signal 290018/295296 (executing program) 2023/02/24 11:53:40 fetching corpus: 11830, signal 290208/295296 (executing program) 2023/02/24 11:53:40 fetching corpus: 11880, signal 290454/295296 (executing program) 2023/02/24 11:53:40 fetching corpus: 11930, signal 290735/295296 (executing program) 2023/02/24 11:53:40 fetching corpus: 11979, signal 290981/295296 (executing program) 2023/02/24 11:53:41 fetching corpus: 12029, signal 291292/295296 (executing program) 2023/02/24 11:53:41 fetching corpus: 12079, signal 291590/295296 (executing program) 2023/02/24 11:53:41 fetching corpus: 12099, signal 291698/295306 (executing program) 2023/02/24 11:53:41 fetching corpus: 12100, signal 291703/295310 (executing program) 2023/02/24 11:53:41 fetching corpus: 12100, signal 291704/295311 (executing program) 2023/02/24 11:53:41 fetching corpus: 12100, signal 291705/295319 (executing program) 2023/02/24 11:53:41 fetching corpus: 12100, signal 291705/295319 (executing program) 2023/02/24 11:53:44 starting 8 fuzzer processes 11:53:44 executing program 0: mkdir(&(0x7f00000003c0)='./file1\x00', 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) rmdir(&(0x7f0000000000)='./file1\x00') 11:53:44 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@updpolicy={0xb8, 0x1c, 0x1, 0x0, 0x0, {{@in, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x0) [ 84.213116] audit: type=1400 audit(1677239624.299:6): avc: denied { execmem } for pid=260 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:53:44 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x5200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0) ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, &(0x7f0000000200)) openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PIO_FONTX(0xffffffffffffffff, 0x4b6c, &(0x7f0000000240)={0x1c, 0xf, 0x0}) sendfile(r0, 0xffffffffffffffff, 0x0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x1f, 0x5, 0x6, 0x8, 0x0, 0x0, 0x200, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x10001, 0x4, @perf_config_ext={0x2, 0x7}, 0x800, 0x3f, 0x4, 0x9, 0x0, 0x8, 0x1ff, 0x0, 0x8, 0x0, 0x8}, 0x0, 0x80000000, r2, 0x2) pwritev(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0) r3 = socket$nl_audit(0x10, 0x3, 0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @remote, @broadcast}}}], 0x20}, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x8000}, 0x4) 11:53:44 executing program 4: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) clone3(0x0, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000ff9000/0x1000)=nil) r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000380), 0x4080, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000140)={0x0, 0x0}) fcntl$setown(r1, 0x8, r2) clone3(&(0x7f00000016c0)={0x200088200, &(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001340), {0x35}, &(0x7f0000001480)=""/214, 0xd6, &(0x7f0000001680)=""/44, &(0x7f00000015c0)=[r2, 0x0, 0x0, 0x0], 0x4}, 0x58) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0xbfe1, 0x2, 0x1, 0x15c}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) mincore(&(0x7f0000ff9000/0x4000)=nil, 0x4000, &(0x7f0000000100)=""/45) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x1020) 11:53:44 executing program 3: mlock2(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) pkey_mprotect(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x3) 11:53:44 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random='z'}, @NL80211_ATTR_WANT_1X_4WAY_HS={0x4}]}, 0x28}}, 0x0) 11:53:44 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x10) r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) lsetxattr$security_selinux(&(0x7f0000000340)='./file1\x00', &(0x7f0000000380), &(0x7f00000003c0)='system_u:object_r:mouse_device_t:s0\x00', 0x24, 0x2) fsetxattr$system_posix_acl(r1, &(0x7f0000000440)='system.posix_acl_access\x00', &(0x7f0000001900)=ANY=[@ANYBLOB="02000000010000000000000004000300320c000010000400000000002000000000000000"], 0x24, 0x0) ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f0000000240)) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) recvfrom$unix(r0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000180)=@file={0x0, './file1\x00'}, 0x6e) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x82) 11:53:44 executing program 7: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000100)={0x2, 0x7b, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001280)) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000000), &(0x7f0000000040)=0x40) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x6, 0xa, &(0x7f0000004b80)={0x0, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @private}}}, 0x108) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 85.397675] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.401686] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.403940] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.407766] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.410060] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.411724] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.450644] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.452208] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.456865] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.458295] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.459430] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.474697] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.478308] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.480244] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.481416] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.483391] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.485614] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.492771] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.494319] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.505596] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.512356] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.514584] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.515755] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.517426] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.568683] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 85.570862] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 85.574489] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 85.583562] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 85.587719] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 85.589618] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.592047] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 85.593230] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.595349] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.601575] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.603774] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 85.604900] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.633879] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 85.640931] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 85.643556] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 85.646636] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 85.648952] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 85.650848] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.480674] Bluetooth: hci0: command 0x0409 tx timeout [ 87.543560] Bluetooth: hci1: command 0x0409 tx timeout [ 87.543598] Bluetooth: hci2: command 0x0409 tx timeout [ 87.607171] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 87.608775] Bluetooth: hci3: command 0x0409 tx timeout [ 87.608972] [ 87.609762] ====================================================== [ 87.610297] WARNING: possible circular locking dependency detected [ 87.610834] 6.2.0-next-20230224 #1 Not tainted [ 87.611216] ------------------------------------------------------ [ 87.614668] syz-executor.6/276 is trying to acquire lock: [ 87.615154] ffff888017ab4880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 87.616077] [ 87.616077] but task is already holding lock: [ 87.616588] ffff888017ab4920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 87.617440] [ 87.617440] which lock already depends on the new lock. [ 87.617440] [ 87.618083] [ 87.618083] the existing dependency chain (in reverse order) is: [ 87.618711] [ 87.618711] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 87.619299] __mutex_lock+0x133/0x14a0 [ 87.619662] hci_cmd_sync_work+0x1e6/0x320 [ 87.620092] process_one_work+0xa0f/0x1790 [ 87.620516] worker_thread+0x63b/0x1260 [ 87.620921] kthread+0x2e9/0x3a0 [ 87.621268] ret_from_fork+0x2c/0x50 [ 87.621643] [ 87.621643] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 87.622423] __lock_acquire+0x2d56/0x6380 [ 87.622883] lock_acquire.part.0+0xea/0x320 [ 87.623361] __flush_work+0x109/0xd80 [ 87.623781] __cancel_work_timer+0x39c/0x4e0 [ 87.624242] hci_cmd_sync_clear+0x52/0x250 [ 87.624693] hci_unregister_dev+0xf9/0x410 [ 87.625144] vhci_release+0x80/0x100 [ 87.625564] __fput+0x263/0xa40 [ 87.625942] task_work_run+0x174/0x280 [ 87.626365] do_exit+0xad8/0x2800 [ 87.626745] do_group_exit+0xd4/0x2a0 [ 87.627166] __x64_sys_exit_group+0x3e/0x50 [ 87.627622] do_syscall_64+0x3f/0x90 [ 87.628024] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 87.628558] [ 87.628558] other info that might help us debug this: [ 87.628558] [ 87.629298] Possible unsafe locking scenario: [ 87.629298] [ 87.629849] CPU0 CPU1 [ 87.630276] ---- ---- [ 87.630698] lock(&hdev->cmd_sync_work_lock); [ 87.631151] lock((work_completion)(&hdev->cmd_sync_work)); [ 87.631881] lock(&hdev->cmd_sync_work_lock); [ 87.632500] lock((work_completion)(&hdev->cmd_sync_work)); [ 87.632987] [ 87.632987] *** DEADLOCK *** [ 87.632987] [ 87.633484] 1 lock held by syz-executor.6/276: [ 87.633837] #0: ffff888017ab4920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 87.634609] [ 87.634609] stack backtrace: [ 87.634948] CPU: 0 PID: 276 Comm: syz-executor.6 Not tainted 6.2.0-next-20230224 #1 [ 87.635539] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 87.636159] Call Trace: [ 87.636366] [ 87.636566] dump_stack_lvl+0x91/0xf0 [ 87.636904] check_noncircular+0x263/0x2e0 [ 87.637290] ? __pfx_check_noncircular+0x10/0x10 [ 87.637680] ? queued_spin_lock_slowpath+0xd1/0xc50 [ 87.638084] __lock_acquire+0x2d56/0x6380 [ 87.638428] ? __pfx___lock_acquire+0x10/0x10 [ 87.638797] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 87.639250] ? __wait_for_common+0x394/0x550 [ 87.639639] ? __pfx_lock_release+0x10/0x10 [ 87.640010] lock_acquire.part.0+0xea/0x320 [ 87.640360] ? __flush_work+0xdd/0xd80 [ 87.640682] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 87.641077] ? __flush_work+0xdd/0xd80 [ 87.641399] ? rcu_read_lock_sched_held+0x42/0x80 [ 87.641780] ? trace_lock_acquire+0x170/0x1e0 [ 87.642148] ? __flush_work+0xdd/0xd80 [ 87.642467] ? lock_acquire+0x32/0xc0 [ 87.642782] ? __flush_work+0xdd/0xd80 [ 87.643108] __flush_work+0x109/0xd80 [ 87.643422] ? __flush_work+0xdd/0xd80 [ 87.643740] ? __pfx_mark_lock.part.0+0x10/0x10 [ 87.644124] ? __pfx___flush_work+0x10/0x10 [ 87.644471] ? lock_acquire.part.0+0xea/0x320 [ 87.644835] ? hci_cmd_sync_clear+0x45/0x250 [ 87.645187] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 87.645579] ? hci_cmd_sync_clear+0x45/0x250 [ 87.645932] ? rcu_read_lock_sched_held+0x42/0x80 [ 87.646312] ? trace_lock_acquire+0x170/0x1e0 [ 87.646674] ? lock_is_held_type+0x9f/0x120 [ 87.647033] ? mark_held_locks+0x9e/0xe0 [ 87.647381] __cancel_work_timer+0x39c/0x4e0 [ 87.647729] ? __pfx___cancel_work_timer+0x10/0x10 [ 87.648109] ? __cancel_work_timer+0x2aa/0x4e0 [ 87.648470] ? __pfx___cancel_work_timer+0x10/0x10 [ 87.648851] ? lock_release+0x1e3/0x710 [ 87.649177] ? __pfx_lock_release+0x10/0x10 [ 87.649523] ? do_raw_write_lock+0x11e/0x3b0 [ 87.649872] ? __pfx_vhci_release+0x10/0x10 [ 87.650216] hci_cmd_sync_clear+0x52/0x250 [ 87.650554] ? __pfx_vhci_release+0x10/0x10 [ 87.650898] hci_unregister_dev+0xf9/0x410 [ 87.651253] vhci_release+0x80/0x100 [ 87.651560] __fput+0x263/0xa40 [ 87.651834] task_work_run+0x174/0x280 [ 87.652149] ? __pfx_task_work_run+0x10/0x10 [ 87.652501] ? do_raw_spin_unlock+0x53/0x220 [ 87.652852] do_exit+0xad8/0x2800 [ 87.653136] ? lock_release+0x1e3/0x710 [ 87.653464] ? __pfx_lock_release+0x10/0x10 [ 87.653812] ? do_raw_spin_lock+0x125/0x270 [ 87.654147] ? __pfx_do_exit+0x10/0x10 [ 87.654461] do_group_exit+0xd4/0x2a0 [ 87.654767] __x64_sys_exit_group+0x3e/0x50 [ 87.655113] do_syscall_64+0x3f/0x90 [ 87.655413] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 87.655815] RIP: 0033:0x7f1da39bab19 [ 87.656105] Code: Unable to access opcode bytes at 0x7f1da39baaef. [ 87.656574] RSP: 002b:00007ffcc25d8cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 87.657143] RAX: ffffffffffffffda RBX: 00007ffcc25d94d8 RCX: 00007f1da39bab19 [ 87.657678] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 87.658214] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffcc25d94d8 [ 87.658745] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f1da3a14233 [ 87.659297] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 87.659837] [ 87.671153] Bluetooth: hci4: command 0x0409 tx timeout [ 87.671939] Bluetooth: hci5: command 0x0409 tx timeout [ 87.672684] Bluetooth: hci6: command 0x0409 tx timeout [ 89.527160] Bluetooth: hci0: command 0x041b tx timeout [ 89.591154] Bluetooth: hci2: command 0x041b tx timeout [ 89.591542] Bluetooth: hci1: command 0x041b tx timeout [ 89.655131] Bluetooth: hci3: command 0x041b tx timeout [ 89.720118] Bluetooth: hci6: command 0x041b tx timeout [ 89.720519] Bluetooth: hci5: command 0x041b tx timeout [ 89.720867] Bluetooth: hci4: command 0x041b tx timeout [ 91.575121] Bluetooth: hci0: command 0x040f tx timeout [ 91.639132] Bluetooth: hci1: command 0x040f tx timeout [ 91.639161] Bluetooth: hci2: command 0x040f tx timeout [ 91.703127] Bluetooth: hci3: command 0x040f tx timeout [ 91.767229] Bluetooth: hci4: command 0x040f tx timeout [ 91.767604] Bluetooth: hci5: command 0x040f tx timeout [ 91.767924] Bluetooth: hci6: command 0x040f tx timeout [ 93.111167] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 93.624103] Bluetooth: hci0: command 0x0419 tx timeout [ 93.687184] Bluetooth: hci1: command 0x0419 tx timeout [ 93.687221] Bluetooth: hci2: command 0x0419 tx timeout [ 93.751149] Bluetooth: hci3: command 0x0419 tx timeout [ 93.815144] Bluetooth: hci6: command 0x0419 tx timeout [ 93.815161] Bluetooth: hci5: command 0x0419 tx timeout [ 93.815839] Bluetooth: hci4: command 0x0419 tx timeout VM DIAGNOSIS: 11:53:47 Registers: info registers vcpu 0 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff888019867190 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002d R11=0000000000000001 R12=000000000000002d R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe5843c91000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe5843c8f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbbef830000 CR3=000000000ee38000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00ff0000000000000000000000ff0000 XMM01=ff00ffffffffffffffffffffff0000ff XMM02=00666e6f6373797300657a696c616e69 XMM03=00000000000000000000000000616e69 XMM04=68637300666e6f6373797300657a696c XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=00007f626004c000 RBX=0000000000000032 RCX=00007f6260552d82 RDX=0000000000000003 RSI=0000000000003470 RDI=00007f626004c000 RBP=00007f626004c000 RSP=00007ffffb2e24a8 R8 =00000000ffffffff R9 =0000000000000000 R10=0000000000000032 R11=0000000000000206 R12=00007f6260531f20 R13=00007ffffb2e24c0 R14=00007ffffb2e2550 R15=00007ffffb2e28b0 RIP=00007f6260552d82 RFL=00000206 [-----P-] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA] SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 0000000000000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe5fbfe25000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe5fbfe23000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f626004b310 CR3=000000000d898000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=6461657268747062696c2f756e672d78 XMM02=00302e6f732e6461657268747062696c XMM03=2f756e672d78756e696c2d34365f3638 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000