Warning: Permanently added '10.128.10.16' (ECDSA) to the list of known hosts.
syzkaller login: [   50.640114][ T3593] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   50.648104][ T3593] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   50.655829][ T3593] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   50.663691][ T3593] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   50.671326][ T3593] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   50.678738][ T3593] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   50.756320][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.770506][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.780556][ T1142] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   50.790667][   T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.799455][   T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[   50.807938][ T1142] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   50.942219][    C0] 
[   50.944556][    C0] ================================
[   50.949643][    C0] WARNING: inconsistent lock state
[   50.954728][    C0] 5.17.0-rc3-syzkaller-00043-gf4bc5bbb5fef #0 Not tainted
[   50.961810][    C0] --------------------------------
[   50.966889][    C0] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
[   50.973709][    C0] syz-executor198/3596 [HC1[1]:SC0[0]:HE0:SE1] takes:
[   50.980455][    C0] ffffffff8c7096d8 (sync_timeline_list_lock){?.+.}-{2:2}, at: sync_timeline_debug_remove+0x25/0x190
[   50.991223][    C0] {HARDIRQ-ON-W} state was registered at:
[   50.996915][    C0]   lockdep_hardirqs_on_prepare+0x135/0x400
[   51.002792][    C0]   trace_hardirqs_on+0x5b/0x1c0
[   51.007768][    C0]   _raw_spin_unlock_irq+0x1f/0x40
[   51.012889][    C0]   sync_info_debugfs_show+0xeb/0x200
[   51.018256][    C0]   seq_read_iter+0x4f5/0x1280
[   51.023012][    C0]   seq_read+0x3e8/0x5c0
[   51.027240][    C0]   vfs_read+0x1b5/0x600
[   51.031482][    C0]   ksys_read+0x12d/0x250
[   51.035795][    C0]   do_syscall_64+0x35/0xb0
[   51.040284][    C0]   entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.046257][    C0] irq event stamp: 5708
[   51.050390][    C0] hardirqs last  enabled at (5707): [<ffffffff894db1ef>] _raw_spin_unlock_irq+0x1f/0x40
[   51.060093][    C0] hardirqs last disabled at (5708): [<ffffffff894a992b>] sysvec_irq_work+0xb/0xc0
[   51.069275][    C0] softirqs last  enabled at (5570): [<ffffffff84da6fd6>] __tun_set_ebpf+0xf6/0x1c0
[   51.078542][    C0] softirqs last disabled at (5568): [<ffffffff84da6f83>] __tun_set_ebpf+0xa3/0x1c0
[   51.087811][    C0] 
[   51.087811][    C0] other info that might help us debug this:
[   51.095847][    C0]  Possible unsafe locking scenario:
[   51.095847][    C0] 
[   51.103279][    C0]        CPU0
[   51.106545][    C0]        ----
[   51.109805][    C0]   lock(sync_timeline_list_lock);
[   51.114899][    C0]   <Interrupt>
[   51.118350][    C0]     lock(sync_timeline_list_lock);
[   51.123618][    C0] 
[   51.123618][    C0]  *** DEADLOCK ***
[   51.123618][    C0] 
[   51.131739][    C0] no locks held by syz-executor198/3596.
[   51.137352][    C0] 
[   51.137352][    C0] stack backtrace:
[   51.143217][    C0] CPU: 0 PID: 3596 Comm: syz-executor198 Not tainted 5.17.0-rc3-syzkaller-00043-gf4bc5bbb5fef #0
[   51.153693][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.163732][    C0] Call Trace:
[   51.167017][    C0]  <IRQ>
[   51.169845][    C0]  dump_stack_lvl+0xcd/0x134
[   51.174426][    C0]  mark_lock.cold+0x61/0x8e
[   51.178922][    C0]  ? mark_lock+0xef/0x17b0
[   51.183326][    C0]  ? lock_chain_count+0x20/0x20
[   51.188162][    C0]  ? lock_chain_count+0x20/0x20
[   51.193023][    C0]  ? do_raw_spin_unlock+0x171/0x230
[   51.198209][    C0]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[   51.204005][    C0]  __lock_acquire+0x1499/0x5470
[   51.208844][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   51.214809][    C0]  ? _raw_spin_unlock_irq+0x25/0x40
[   51.220002][    C0]  ? sw_sync_debugfs_release+0x160/0x240
[   51.225678][    C0]  lock_acquire+0x1ab/0x510
[   51.230177][    C0]  ? sync_timeline_debug_remove+0x25/0x190
[   51.235974][    C0]  ? lock_release+0x720/0x720
[   51.240637][    C0]  ? timeline_fence_release+0x1f2/0x340
[   51.246166][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   51.251010][    C0]  _raw_spin_lock_irqsave+0x39/0x50
[   51.256204][    C0]  ? sync_timeline_debug_remove+0x25/0x190
[   51.262125][    C0]  sync_timeline_debug_remove+0x25/0x190
[   51.267752][    C0]  timeline_fence_release+0x263/0x340
[   51.273105][    C0]  ? sync_timeline_signal+0x5b0/0x5b0
[   51.278472][    C0]  dma_fence_release+0x2ee/0x590
[   51.283408][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   51.288245][    C0]  dma_fence_array_release+0x1e4/0x2b0
[   51.294301][    C0]  ? dma_fence_array_cb_func+0x190/0x190
[   51.299928][    C0]  dma_fence_release+0x2ee/0x590
[   51.304855][    C0]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[   51.310651][    C0]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   51.316881][    C0]  irq_dma_fence_array_work+0xa5/0xd0
[   51.322240][    C0]  irq_work_single+0x120/0x270
[   51.327000][    C0]  irq_work_run_list+0x91/0xc0
[   51.331749][    C0]  irq_work_run+0x54/0xd0
[   51.336065][    C0]  __sysvec_irq_work+0x95/0x3d0
[   51.340945][    C0]  sysvec_irq_work+0x8e/0xc0
[   51.345534][    C0]  </IRQ>
[   51.348449][    C0]  <TASK>
[   51.351359][    C0]  asm_sysvec_irq_work+0x12/0x20
[   51.356278][    C0] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40
[   51.362075][    C0] Code: 0f 1f 44 00 00 55 48 8b 74 24 08 48 89 fd 48 83 c7 18 e8 4e a1 0f f8 48 89 ef e8 06 17 10 f8 e8 b1 0b 31 f8 fb bf 01 00 00 00 <e8> 46 ca 02 f8 65 8b 05 bf bd b4 76 85 c0 74 02 5d c3 e8 2b 93 b2
[   51.381685][    C0] RSP: 0018:ffffc90001f5fe18 EFLAGS: 00000206
[   51.387735][    C0] RAX: 000000000000164b RBX: 00000000ffffffff RCX: 1ffffffff1b27381
[   51.395684][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[   51.403718][    C0] RBP: ffff8880153ff050 R08: 0000000000000001 R09: 0000000000000001
[   51.411679][    C0] R10: ffffffff817ebdd8 R11: 0000000000000000 R12: ffff8880153ff000
[   51.419640][    C0] R13: dffffc0000000000 R14: ffff8880153ff000 R15: ffff8880153ff050
[   51.427596][    C0]  ? trace_hardirqs_on+0x38/0x1c0
[   51.432609][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   51.437787][    C0]  sw_sync_debugfs_release+0x160/0x240
[   51.443228][    C0]  __fput+0x286/0x9f0
[   51.447190][    C0]  ? timeline_fence_release+0x340/0x340
[   51.452824][    C0]  task_work_run+0xdd/0x1a0
[   51.457319][    C0]  exit_to_user_mode_prepare+0x27e/0x290
[   51.462931][    C0]  syscall_exit_to_user_mode+0x19/0x60
[   51.468381][    C0]  do_syscall_64+0x42/0xb0
[   51.472777][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.478653][    C0] RIP: 0033:0x7fbe1817b7e9
[   51.483051][    C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   51.502649][    C0] RSP: 002b:00007fbe17901208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   51.511051][    C0] RAX: 0000000000000000 RBX: 00007fbe181fd4f8 RCX: 00007fbe1817b7e9
[   51.518999][    C0] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003
[   51.526949][    C0] RBP: 00007fbe181fd4f0 R08: 00007fbe17901700 R09: 0000000000000000
[   51.534897][    C0] R10: 00007fbe17901700 R11: 0000000000000246 R12: 00007fbe181fd4fc
[   51.542847][    C0] R1