[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '[localhost]:30918' (ECDSA) to the list of known hosts.
2021/08/04 20:53:48 fuzzer started
2021/08/04 20:53:49 connecting to host at localhost:40789
2021/08/04 20:53:49 checking machine...
2021/08/04 20:53:49 checking revisions...
2021/08/04 20:53:49 testing simple program...
syzkaller login: [  113.036334][   T50] audit: type=1400 audit(1628110430.066:8): avc:  denied  { execmem } for  pid=8666 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
executing program
executing program
executing program
executing program
[  125.130161][ T8667] BUG: sleeping function called from invalid context at net/core/sock.c:3161
[  125.146119][ T8667] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8667, name: syz-executor.0
[  125.168520][ T8667] 1 lock held by syz-executor.0/8667:
[  125.176859][ T8667]  #0: ffffffff8d2ea5e0 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x3db/0x660
[  125.191660][ T8667] Preemption disabled at:
[  125.191685][ T8667] [<0000000000000000>] 0x0
[  125.203613][ T8667] CPU: 2 PID: 8667 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  125.214371][ T8667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[  125.226875][ T8667] Call Trace:
[  125.231156][ T8667]  dump_stack_lvl+0xcd/0x134
[  125.237284][ T8667]  ___might_sleep.cold+0x1f1/0x237
[  125.243603][ T8667]  lock_sock_nested+0x25/0x120
[  125.249775][ T8667]  hci_sock_dev_event+0x465/0x660
[  125.256191][ T8667]  ? hci_send_monitor_ctrl_event+0x5c0/0x5c0
[  125.264321][ T8667]  ? do_raw_read_unlock+0x70/0x70
[  125.270788][ T8667]  hci_unregister_dev+0x2fd/0x1130
[  125.277295][ T8667]  ? fsnotify+0x1050/0x1050
[  125.283295][ T8667]  ? hci_bdaddr_list_clear+0x200/0x200
[  125.290128][ T8667]  ? fcntl_setlk+0xeb0/0xeb0
[  125.297315][ T8667]  vhci_release+0x70/0xe0
[  125.302225][ T8667]  __fput+0x288/0x920
[  125.305962][ T8667]  ? vhci_close_dev+0x50/0x50
[  125.310668][ T8667]  task_work_run+0xdd/0x1a0
[  125.315413][ T8667]  do_exit+0xbd4/0x2a60
[  125.319566][ T8667]  ? __context_tracking_exit+0xb8/0xe0
[  125.326012][ T8667]  ? lock_downgrade+0x6e0/0x6e0
[  125.331287][ T8667]  ? lock_downgrade+0x6e0/0x6e0
[  125.337061][ T8667]  ? mm_update_next_owner+0x7a0/0x7a0
[  125.342348][ T8667]  do_group_exit+0x125/0x310
[  125.347477][ T8667]  __x64_sys_exit_group+0x3a/0x50
[  125.353766][ T8667]  do_syscall_64+0x35/0xb0
[  125.359178][ T8667]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  125.366029][ T8667] RIP: 0033:0x4665e9
[  125.370410][ T8667] Code: Unable to access opcode bytes at RIP 0x4665bf.
[  125.377255][ T8667] RSP: 002b:00007ffcb2f9c4b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  125.388094][ T8667] RAX: ffffffffffffffda RBX: 00007ffcb2f9cc78 RCX: 00000000004665e9
[  125.398106][ T8667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[  125.407576][ T8667] RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffcb2f9cc78
[  125.418059][ T8667] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004bef74
[  125.428479][ T8667] R13: 0000000000000010 R14: 0000000000000000 R15: 00000000000000f8
[  125.459868][ T8667] 
[  125.462654][ T8667] ======================================================
[  125.472136][ T8667] WARNING: possible circular locking dependency detected
[  125.481597][ T8667] 5.14.0-rc4-syzkaller #0 Tainted: G        W        
[  125.490228][ T8667] ------------------------------------------------------
[  125.499354][ T8667] syz-executor.0/8667 is trying to acquire lock:
[  125.507894][ T8667] ffffffff8d2ea5e0 (hci_sk_list.lock){++++}-{2:2}, at: bt_sock_unlink+0x1d/0x1c0
[  125.520232][ T8667] 
[  125.520232][ T8667] but task is already holding lock:
[  125.528656][ T8667] ffff88802215b120 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_release+0x61/0x4d0
[  125.538895][ T8667] 
[  125.538895][ T8667] which lock already depends on the new lock.
[  125.538895][ T8667] 
[  125.549991][ T8667] 
[  125.549991][ T8667] the existing dependency chain (in reverse order) is:
[  125.559858][ T8667] 
[  125.559858][ T8667] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}:
[  125.569080][ T8667]        lock_sock_nested+0xca/0x120
[  125.574942][ T8667]        hci_sock_dev_event+0x465/0x660
[  125.582100][ T8667]        hci_unregister_dev+0x2fd/0x1130
[  125.589431][ T8667]        vhci_release+0x70/0xe0
[  125.595788][ T8667]        __fput+0x288/0x920
[  125.601862][ T8667]        task_work_run+0xdd/0x1a0
[  125.609209][ T8667]        do_exit+0xbd4/0x2a60
[  125.615923][ T8667]        do_group_exit+0x125/0x310
[  125.622059][ T8667]        __x64_sys_exit_group+0x3a/0x50
[  125.628111][ T8667]        do_syscall_64+0x35/0xb0
[  125.634179][ T8667]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[  125.641393][ T8667] 
[  125.641393][ T8667] -> #0 (hci_sk_list.lock){++++}-{2:2}:
[  125.650155][ T8667]        __lock_acquire+0x2a07/0x54a0
[  125.656456][ T8667]        lock_acquire+0x1ab/0x510
[  125.662940][ T8667]        _raw_write_lock+0x2a/0x40
[  125.668565][ T8667]        bt_sock_unlink+0x1d/0x1c0
[  125.673838][ T8667]        hci_sock_release+0xcf/0x4d0
[  125.678957][ T8667]        __sock_release+0xcd/0x280
[  125.685356][ T8667]        sock_close+0x18/0x20
[  125.691420][ T8667]        __fput+0x288/0x920
[  125.696748][ T8667]        task_work_run+0xdd/0x1a0
[  125.702906][ T8667]        do_exit+0xbd4/0x2a60
[  125.707984][ T8667]        do_group_exit+0x125/0x310
[  125.714154][ T8667]        __x64_sys_exit_group+0x3a/0x50
[  125.721355][ T8667]        do_syscall_64+0x35/0xb0
[  125.728550][ T8667]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[  125.737532][ T8667] 
[  125.737532][ T8667] other info that might help us debug this:
[  125.737532][ T8667] 
[  125.752762][ T8667]  Possible unsafe locking scenario:
[  125.752762][ T8667] 
[  125.763174][ T8667]        CPU0                    CPU1
[  125.769843][ T8667]        ----                    ----
[  125.778145][ T8667]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_HCI);
[  125.785605][ T8667]                                lock(hci_sk_list.lock);
[  125.796047][ T8667]                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_HCI);
[  125.807561][ T8667]   lock(hci_sk_list.lock);
[  125.813937][ T8667] 
[  125.813937][ T8667]  *** DEADLOCK ***
[  125.813937][ T8667] 
[  125.825664][ T8667] 2 locks held by syz-executor.0/8667:
[  125.832137][ T8667]  #0: ffff88802959c210 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[  125.844763][ T8667]  #1: ffff88802215b120 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_release+0x61/0x4d0
[  125.858309][ T8667] 
[  125.858309][ T8667] stack backtrace:
[  125.865903][ T8667] CPU: 2 PID: 8667 Comm: syz-executor.0 Tainted: G        W         5.14.0-rc4-syzkaller #0
[  125.878316][ T8667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[  125.889236][ T8667] Call Trace:
[  125.893360][ T8667]  dump_stack_lvl+0xcd/0x134
[  125.899449][ T8667]  check_noncircular+0x25f/0x2e0
[  125.905056][ T8667]  ? pv_hash+0x100/0x100
[  125.910652][ T8667]  ? print_circular_bug+0x1e0/0x1e0
[  125.916807][ T8667]  ? lockdep_lock+0x1b7/0x200
[  125.922629][ T8667]  ? call_rcu_zapped+0xb0/0xb0
[  125.928417][ T8667]  __lock_acquire+0x2a07/0x54a0
[  125.934126][ T8667]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  125.941857][ T8667]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  125.949278][ T8667]  lock_acquire+0x1ab/0x510
[  125.955466][ T8667]  ? bt_sock_unlink+0x1d/0x1c0
[  125.961463][ T8667]  ? lock_release+0x720/0x720
[  125.967825][ T8667]  ? lock_release+0x720/0x720
[  125.973130][ T8667]  ? lock_downgrade+0x6e0/0x6e0
[  125.978009][ T8667]  ? do_raw_spin_lock+0x120/0x2b0
[  125.983471][ T8667]  ? mark_held_locks+0x9f/0xe0
[  125.988555][ T8667]  _raw_write_lock+0x2a/0x40
[  125.992938][ T8667]  ? bt_sock_unlink+0x1d/0x1c0
[  125.997183][ T8667]  bt_sock_unlink+0x1d/0x1c0
[  126.001139][ T8667]  hci_sock_release+0xcf/0x4d0
[  126.005547][ T8667]  __sock_release+0xcd/0x280
[  126.009960][ T8667]  sock_close+0x18/0x20
[  126.013786][ T8667]  __fput+0x288/0x920
[  126.018140][ T8667]  ? __sock_release+0x280/0x280
[  126.022884][ T8667]  task_work_run+0xdd/0x1a0
[  126.028279][ T8667]  do_exit+0xbd4/0x2a60
[  126.033168][ T8667]  ? __context_tracking_exit+0xb8/0xe0
[  126.039060][ T8667]  ? lock_downgrade+0x6e0/0x6e0
[  126.044443][ T8667]  ? lock_downgrade+0x6e0/0x6e0
[  126.049872][ T8667]  ? mm_update_next_owner+0x7a0/0x7a0
[  126.056196][ T8667]  do_group_exit+0x125/0x310
[  126.061365][ T8667]  __x64_sys_exit_group+0x3a/0x50
[  126.067325][ T8667]  do_syscall_64+0x35/0xb0
[  126.072901][ T8667]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  126.078818][ T8667] RIP: 0033:0x4665e9
[  126.082811][ T8667] Code: Unable to access opcode bytes at RIP 0x4665bf.
[  126.089546][ T8667] RSP: 002b:00007ffcb2f9c4b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  126.098787][ T8667] RAX: ffffffffffffffda RBX: 00007ffcb2f9cc78 RCX: 00000000004665e9
[  126.107206][ T8667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[  126.116655][ T8667] RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffcb2f9cc78
[  126.126982][ T8667] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004bef74
[  126.137651][ T8667] R13: 0000000000000010 R14: 0000000000000000 R15: 00000000000000f8
2021/08/04 20:54:03 BUG: program execution failed: executor 0: exit status 67
SYZFAIL: wrong response packet
 (errno 16: Device or resource busy)
loop exited with status 67

SYZFAIL: wrong response packet
 (errno 16: Device or resource busy)
loop exited with status 67
[  126.336260][ T8662] syz-fuzzer (8662) used greatest stack depth: 21736 bytes left

VM DIAGNOSIS:
20:54:03  Registers:
info registers vcpu 0
RAX=000000000002bfe9 RBX=ffffffff8b6bc640 RCX=ffffffff892a61ff RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffffff8b607e40
R8 =0000000000000001 R9 =ffff88802ca52b4b R10=ffffed100594a569 R11=0000000000000000
R12=fffffbfff16d78c8 R13=0000000000000000 R14=ffffffff8d6c41d0 R15=0000000000000000
RIP=ffffffff892d014b RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802ca00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000556bb9b38b58 CR3=0000000000128000 CR4=00150ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=0a6d6172676f727020676e6974756365
XMM02=000000000000000040c3880000000000 XMM03=0000000000000000416312d000000000
XMM04=00000000000000003fd7f16ccf11f691 XMM05=000000c00012b050000000c00012b020
XMM06=00000000000000003fd3333333333333 XMM07=00000000000000003fd20c269e0cb8e1
XMM08=00000000000000003fdfff019bcbce18 XMM09=00000000000000003f9989b356567b20
XMM10=00000000000000003fd97180e7f92228 XMM11=000000c00012b380000000c00012b350
XMM12=000000c00012b3e0000000c00012b3b0 XMM13=000000c00012b440000000c00012b410
XMM14=000000c00012b470000000c00005ad50 XMM15=000000c00012b4d0000000c00012b4a0
info registers vcpu 1
RAX=000000000002cef1 RBX=ffff8880116aa0c0 RCX=ffffffff892a61ff RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000001 RSP=ffffc9000065fdf8
R8 =0000000000000001 R9 =ffff88802cb52b4b R10=ffffed100596a569 R11=0000000000000000
R12=ffffed10022d5418 R13=0000000000000001 R14=ffffffff8d6c41d0 R15=0000000000000000
RIP=ffffffff892d014b RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cb00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000003c000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f7b5e129000 CR3=00000000247c5000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000a60ce07b00000000cec3662e XMM01=00000000000000006ef500d98866ac34
XMM02=00000000000000000000000000000000 XMM03=0000000000188240325f21f15be0b97f
XMM04=409d7a69c94e111e0000000000040648 XMM05=ea1e58c088ec64720000000000188240
XMM06=fa3e1bb23d47e7920000000000188120 XMM07=cef72be8fdc6d01c0000000000188048
XMM08=eed1febb67cc00aa0000000000187f98 XMM09=070707070707505151515151685b0c13
XMM10=311100226b5151515151515151515151 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 2
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff84330a2c RDI=ffffffff904f9ea0 RBP=ffffffff904f9e60 RSP=ffffc900014776e8
R8 =0000000000000069 R9 =0000000000000000 R10=ffffffff84330a1d R11=000000000000001f
R12=0000000000000000 R13=fffffbfff209f41f R14=fffffbfff209f3d6 R15=dffffc0000000000
RIP=ffffffff84330a52 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cc00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000077000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f413933eab4 CR3=0000000000128000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=0000000000000000bfe62e42fefa39ef XMM03=0000ff00000000000000000000000000
XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962
XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 3
RAX=000000000002d07d RBX=ffff8880116b0140 RCX=ffffffff892a61ff RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000003 RSP=ffffc9000067fdf8
R8 =0000000000000001 R9 =ffff88802cd52b4b R10=ffffed10059aa569 R11=0000000000000000
R12=ffffed10022d6028 R13=0000000000000003 R14=ffffffff8d6c41d0 R15=0000000000000000
RIP=ffffffff892d014b RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00000000
FS =0000 0000000000000000 ffffffff 00000000
GS =0000 ffff88802cd00000 ffffffff 00000000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000b2000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000556bb9b31aa0 CR3=000000000b68e000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=ffffffffffff0000ffff0000ff000000 XMM05=6374652f2074726f7065722d2d207374
XMM06=7261702d6e7572202626202f20646320 XMM07=28207c7c206e6f7263616e612f6e6962
XMM08=20000000200000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000