Warning: Permanently added '10.128.1.128' (ECDSA) to the list of known hosts.
syzkaller login: [   57.076915][ T3538] cgroup: Unknown subsys name 'net'
[   57.208151][ T3538] cgroup: Unknown subsys name 'rlimit'
[   57.367831][ T3550] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   57.390620][ T3566] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   57.399493][ T3566] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   57.399622][ T3567] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   57.407691][ T3568] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   57.414771][ T3567] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   57.421348][ T3568] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   57.428667][ T3567] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   57.443189][ T3567] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   57.443288][ T3568] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   57.450441][ T3567] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   57.457450][ T3568] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   57.464502][ T3567] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   57.471356][ T3568] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   57.479166][ T3567] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   57.485490][ T3568] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   57.492068][ T3567] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   57.506530][ T3568] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   57.507231][ T3567] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   57.515923][ T3569] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   57.522456][ T3567] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   57.528629][ T3568] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   57.535184][ T3567] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   57.542692][ T3568] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   57.548881][ T3567] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   57.555761][ T3568] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   57.563153][ T3567] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   57.569597][ T3568] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   57.577065][ T3567] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   57.583738][ T3568] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   57.591448][ T3567] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   57.598165][ T3569] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   57.605311][ T3567] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   57.611339][ T3568] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   57.619181][ T3567] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   57.632783][ T3569] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   57.876436][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.884668][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.902949][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   57.949934][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.960227][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.964165][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.976012][  T102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.984350][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.984357][  T102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.992543][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.002466][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.020055][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.025559][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.035602][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.043524][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
executing program
[   58.093706][ T3572] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.101617][ T3572] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.127322][ T3572] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.135568][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.143853][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.144458][ T3572] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.151756][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.158394][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   58.192156][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.249650][ T3553] 
[   58.252014][ T3553] ======================================================
[   58.259040][ T3553] WARNING: possible circular locking dependency detected
[   58.266054][ T3553] 6.1.31-syzkaller #0 Not tainted
[   58.271053][ T3553] ------------------------------------------------------
[   58.278072][ T3553] syz-executor280/3553 is trying to acquire lock:
[   58.284477][ T3553] ffff888076942130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0x104/0x300
[   58.294911][ T3553] 
[   58.294911][ T3553] but task is already holding lock:
[   58.302806][ T3553] ffffffff8e1eb488 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x280
[   58.312378][ T3553] 
[   58.312378][ T3553] which lock already depends on the new lock.
[   58.312378][ T3553] 
[   58.322774][ T3553] 
[   58.322774][ T3553] the existing dependency chain (in reverse order) is:
[   58.331780][ T3553] 
[   58.331780][ T3553] -> #2 (hci_cb_list_lock){+.+.}-{3:3}:
[   58.339495][ T3553]        lock_acquire+0x1f8/0x5a0
[   58.344507][ T3553]        __mutex_lock_common+0x1d4/0x2520
[   58.350219][ T3553]        mutex_lock_nested+0x17/0x20
[   58.355505][ T3553]        hci_remote_features_evt+0x671/0xaa0
[   58.361488][ T3553]        hci_event_packet+0x96c/0x1360
[   58.366955][ T3553]        hci_rx_work+0x40d/0xa80
[   58.371983][ T3553]        process_one_work+0x8aa/0x11f0
[   58.377443][ T3553]        worker_thread+0xa5f/0x1210
[   58.382636][ T3553]        kthread+0x26e/0x300
[   58.387214][ T3553]        ret_from_fork+0x1f/0x30
[   58.392140][ T3553] 
[   58.392140][ T3553] -> #1 (&hdev->lock){+.+.}-{3:3}:
[   58.399630][ T3553]        lock_acquire+0x1f8/0x5a0
[   58.404652][ T3553]        __mutex_lock_common+0x1d4/0x2520
[   58.410367][ T3553]        mutex_lock_nested+0x17/0x20
[   58.415652][ T3553]        sco_sock_connect+0x181/0x8d0
[   58.421014][ T3553]        __sys_connect+0x2c9/0x300
[   58.426114][ T3553]        __x64_sys_connect+0x76/0x80
[   58.431427][ T3553]        do_syscall_64+0x3d/0xb0
[   58.436361][ T3553]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.444675][ T3553] 
[   58.444675][ T3553] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}:
[   58.453778][ T3553]        validate_chain+0x1667/0x58e0
[   58.459142][ T3553]        __lock_acquire+0x125b/0x1f80
[   58.464510][ T3553]        lock_acquire+0x1f8/0x5a0
[   58.469515][ T3553]        lock_sock_nested+0x44/0x100
[   58.474803][ T3553]        sco_conn_del+0x104/0x300
[   58.479832][ T3553]        hci_conn_hash_flush+0x10e/0x280
[   58.485457][ T3553]        hci_dev_close_sync+0xa2d/0x1000
[   58.491082][ T3553]        hci_unregister_dev+0x1c6/0x470
[   58.496618][ T3553]        vhci_release+0x7f/0xd0
[   58.501458][ T3553]        __fput+0x3b7/0x890
[   58.505950][ T3553]        task_work_run+0x246/0x300
[   58.511062][ T3553]        do_exit+0x6fb/0x2300
[   58.515737][ T3553]        do_group_exit+0x202/0x2b0
[   58.520836][ T3553]        __x64_sys_exit_group+0x3b/0x40
[   58.526373][ T3553]        do_syscall_64+0x3d/0xb0
[   58.531303][ T3553]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.537709][ T3553] 
[   58.537709][ T3553] other info that might help us debug this:
[   58.537709][ T3553] 
[   58.547934][ T3553] Chain exists of:
[   58.547934][ T3553]   sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock
[   58.547934][ T3553] 
[   58.562180][ T3553]  Possible unsafe locking scenario:
[   58.562180][ T3553] 
[   58.569610][ T3553]        CPU0                    CPU1
[   58.575043][ T3553]        ----                    ----
[   58.580388][ T3553]   lock(hci_cb_list_lock);
[   58.584876][ T3553]                                lock(&hdev->lock);
[   58.591446][ T3553]                                lock(hci_cb_list_lock);
[   58.598456][ T3553]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO);
[   58.604333][ T3553] 
[   58.604333][ T3553]  *** DEADLOCK ***
[   58.604333][ T3553] 
[   58.612461][ T3553] 3 locks held by syz-executor280/3553:
[   58.617986][ T3553]  #0: ffff888023559028 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x1be/0x470
[   58.627904][ T3553]  #1: ffff888023558078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x445/0x1000
[   58.637560][ T3553]  #2: ffffffff8e1eb488 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x280
[   58.647550][ T3553] 
[   58.647550][ T3553] stack backtrace:
[   58.653421][ T3553] CPU: 0 PID: 3553 Comm: syz-executor280 Not tainted 6.1.31-syzkaller #0
[   58.661913][ T3553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   58.671951][ T3553] Call Trace:
[   58.675220][ T3553]  <TASK>
[   58.678140][ T3553]  dump_stack_lvl+0x1e3/0x2cb
[   58.682900][ T3553]  ? nf_tcp_handle_invalid+0x642/0x642
[   58.688348][ T3553]  ? print_circular_bug+0x12b/0x1a0
[   58.693532][ T3553]  check_noncircular+0x2fa/0x3b0
[   58.698454][ T3553]  ? stack_trace_snprint+0xe0/0xe0
[   58.703550][ T3553]  ? add_chain_block+0x850/0x850
[   58.708470][ T3553]  ? lockdep_lock+0x11f/0x2a0
[   58.713140][ T3553]  ? lockdep_unlock+0x165/0x300
[   58.717986][ T3553]  ? lockdep_lock+0x2a0/0x2a0
[   58.722737][ T3553]  ? _find_first_zero_bit+0xd0/0x100
[   58.728010][ T3553]  validate_chain+0x1667/0x58e0
[   58.732859][ T3553]  ? reacquire_held_locks+0x660/0x660
[   58.738216][ T3553]  ? reacquire_held_locks+0x660/0x660
[   58.743576][ T3553]  ? mark_lock+0x9a/0x340
[   58.747897][ T3553]  ? mark_lock+0x9a/0x340
[   58.752296][ T3553]  __lock_acquire+0x125b/0x1f80
[   58.757223][ T3553]  lock_acquire+0x1f8/0x5a0
[   58.761715][ T3553]  ? sco_conn_del+0x104/0x300
[   58.766381][ T3553]  ? read_lock_is_recursive+0x10/0x10
[   58.771745][ T3553]  ? sco_conn_del+0xfa/0x300
[   58.776324][ T3553]  ? __lock_acquire+0x1f80/0x1f80
[   58.781334][ T3553]  lock_sock_nested+0x44/0x100
[   58.786086][ T3553]  ? sco_conn_del+0x104/0x300
[   58.790750][ T3553]  sco_conn_del+0x104/0x300
[   58.795242][ T3553]  ? sco_connect_cfm+0xc40/0xc40
[   58.800172][ T3553]  hci_conn_hash_flush+0x10e/0x280
[   58.805275][ T3553]  hci_dev_close_sync+0xa2d/0x1000
[   58.810378][ T3553]  hci_unregister_dev+0x1c6/0x470
[   58.815422][ T3553]  vhci_release+0x7f/0xd0
[   58.819837][ T3553]  ? vhci_open+0x360/0x360
[   58.824274][ T3553]  __fput+0x3b7/0x890
[   58.828245][ T3553]  task_work_run+0x246/0x300
[   58.832827][ T3553]  ? kasan_quarantine_put+0xd4/0x220
[   58.838096][ T3553]  ? task_work_cancel+0x2b0/0x2b0
[   58.843108][ T3553]  ? kmem_cache_free+0x292/0x510
[   58.848057][ T3553]  ? do_exit+0x6f6/0x2300
[   58.852378][ T3553]  do_exit+0x6fb/0x2300
[   58.856527][ T3553]  ? do_group_exit+0x1f2/0x2b0
[   58.861280][ T3553]  ? put_task_struct+0x80/0x80
[   58.866032][ T3553]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   58.872084][ T3553]  ? print_irqtrace_events+0x210/0x210
[   58.877525][ T3553]  ? _raw_spin_unlock_irq+0x1f/0x40
[   58.882707][ T3553]  ? lockdep_hardirqs_on+0x94/0x130
[   58.887894][ T3553]  do_group_exit+0x202/0x2b0
[   58.892479][ T3553]  __x64_sys_exit_group+0x3b/0x40
[   58.897497][ T3553]  do_syscall_64+0x3d/0xb0
[   58.901901][ T3553]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.908211][ T3553] RIP: 0033:0x7f289dac46e9
[   58.912612][ T3553] Code: Unable to access opcode bytes at 0x7f289dac46bf.
[   58.919666][ T3553] RSP: 002b:00007fff029ae858 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   58.928064][ T3553] RAX: ffffffffffffffda RBX: 00007f289db4e470 RCX: 00007f289dac46e9
[   58.936022][ T3553] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000007
[   58.943976][ T3553] RBP: 0000000000000007 R08: ffffffffffffffb8 R09: 000000000000000c
executing program
[   58.951933][ T3553] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f289db4e470
[   58.959888][ T3553] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   58.968487][ T3553]  </TASK>
executing program
executing program
executing program
executing program
[   59.702291][ T3570] Bluetooth: hci2: command 0x0409 tx timeout
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   61.782306][ T3570] Bluetooth: hci2: command 0x041b tx timeout
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   63.862363][ T3570] Bluetooth: hci2: command 0x040f tx timeout
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.942304][ T3570] Bluetooth: hci2: command 0x0419 tx timeout
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   68.032363][ T3570] Bluetooth: hci2: command 0x0405 tx timeout
executing program
executing program