Warning: Permanently added '[localhost]:61256' (ECDSA) to the list of known hosts.
2021/07/30 05:49:39 fuzzer started
2021/07/30 05:49:39 connecting to host at localhost:33495
2021/07/30 05:49:40 checking machine...
2021/07/30 05:49:40 checking revisions...
2021/07/30 05:49:40 testing simple program...
executing program
executing program
executing program
executing program
syzkaller login: [  155.241373][ T8664] BUG: sleeping function called from invalid context at net/core/sock.c:3161
[  155.261363][ T8664] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8664, name: syz-executor.0
[  155.292572][ T8664] 1 lock held by syz-executor.0/8664:
[  155.302225][ T8664]  #0: ffffffff8d2ec960 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x3db/0x660
[  155.321056][ T8664] Preemption disabled at:
[  155.321068][ T8664] [<0000000000000000>] 0x0
[  155.335575][ T8664] CPU: 2 PID: 8664 Comm: syz-executor.0 Not tainted 5.14.0-rc3-syzkaller #0
[  155.346991][ T8664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[  155.356917][ T8664] Call Trace:
[  155.360758][ T8664]  dump_stack_lvl+0xcd/0x134
[  155.366089][ T8664]  ___might_sleep.cold+0x1f1/0x237
[  155.371692][ T8664]  lock_sock_nested+0x25/0x120
[  155.377290][ T8664]  hci_sock_dev_event+0x465/0x660
[  155.383868][ T8664]  ? hci_send_monitor_ctrl_event+0x5c0/0x5c0
[  155.391310][ T8664]  ? do_raw_read_unlock+0x70/0x70
[  155.397710][ T8664]  hci_unregister_dev+0x2fd/0x1130
[  155.403998][ T8664]  ? fsnotify+0x1050/0x1050
[  155.409393][ T8664]  ? hci_bdaddr_list_clear+0x200/0x200
[  155.415795][ T8664]  ? fcntl_setlk+0xeb0/0xeb0
[  155.421164][ T8664]  vhci_release+0x70/0xe0
[  155.425468][ T8664]  __fput+0x288/0x920
[  155.430105][ T8664]  ? vhci_close_dev+0x50/0x50
[  155.435851][ T8664]  task_work_run+0xdd/0x1a0
[  155.441639][ T8664]  do_exit+0xbd4/0x2a60
[  155.446241][ T8664]  ? lock_downgrade+0x6e0/0x6e0
[  155.451669][ T8664]  ? mm_update_next_owner+0x7a0/0x7a0
[  155.456967][ T8664]  do_group_exit+0x125/0x310
[  155.462343][ T8664]  __ia32_sys_exit_group+0x3a/0x50
[  155.467930][ T8664]  __do_fast_syscall_32+0x65/0xf0
[  155.472929][ T8664]  do_fast_syscall_32+0x2f/0x70
[  155.477474][ T8664]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  155.483671][ T8664] RIP: 0023:0xf7f7d549
[  155.488076][ T8664] Code: Unable to access opcode bytes at RIP 0xf7f7d51f.
[  155.495540][ T8664] RSP: 002b:00000000ffb86a9c EFLAGS: 00000282 ORIG_RAX: 00000000000000fc
[  155.503838][ T8664] RAX: ffffffffffffffda RBX: 0000000000000043 RCX: 00000000ffb86ae8
[  155.511820][ T8664] RDX: 0000000000000000 RSI: 000000000817214c RDI: 0000000000000010
[  155.519874][ T8664] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  155.530174][ T8664] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  155.540331][ T8664] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  155.571117][ T8664] 
[  155.591352][ T8664] ======================================================
[  155.602029][ T8664] WARNING: possible circular locking dependency detected
[  155.611496][ T8664] 5.14.0-rc3-syzkaller #0 Tainted: G        W        
[  155.620669][ T8664] ------------------------------------------------------
[  155.629363][ T8664] syz-executor.0/8664 is trying to acquire lock:
[  155.636582][ T8664] ffffffff8d2ec960 (hci_sk_list.lock){++++}-{2:2}, at: bt_sock_unlink+0x1d/0x1c0
[  155.648267][ T8664] 
[  155.648267][ T8664] but task is already holding lock:
[  155.657543][ T8664] ffff88804592c120 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_release+0x61/0x4d0
[  155.669253][ T8664] 
[  155.669253][ T8664] which lock already depends on the new lock.
[  155.669253][ T8664] 
[  155.682679][ T8664] 
[  155.682679][ T8664] the existing dependency chain (in reverse order) is:
[  155.692481][ T8664] 
[  155.692481][ T8664] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}:
[  155.702175][ T8664]        lock_sock_nested+0xca/0x120
[  155.707801][ T8664]        hci_sock_dev_event+0x465/0x660
[  155.713943][ T8664]        hci_unregister_dev+0x2fd/0x1130
[  155.719674][ T8664]        vhci_release+0x70/0xe0
[  155.725487][ T8664]        __fput+0x288/0x920
[  155.730851][ T8664]        task_work_run+0xdd/0x1a0
[  155.736300][ T8664]        do_exit+0xbd4/0x2a60
[  155.740886][ T8664]        do_group_exit+0x125/0x310
[  155.746042][ T8664]        __ia32_sys_exit_group+0x3a/0x50
[  155.752655][ T8664]        __do_fast_syscall_32+0x65/0xf0
[  155.759901][ T8664]        do_fast_syscall_32+0x2f/0x70
[  155.766847][ T8664]        entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  155.775547][ T8664] 
[  155.775547][ T8664] -> #0 (hci_sk_list.lock){++++}-{2:2}:
[  155.785916][ T8664]        __lock_acquire+0x2a07/0x54a0
[  155.793078][ T8664]        lock_acquire+0x1ab/0x510
[  155.800228][ T8664]        _raw_write_lock+0x2a/0x40
[  155.807311][ T8664]        bt_sock_unlink+0x1d/0x1c0
[  155.813180][ T8664]        hci_sock_release+0xcf/0x4d0
[  155.819252][ T8664]        __sock_release+0xcd/0x280
[  155.826196][ T8664]        sock_close+0x18/0x20
[  155.831772][ T8664]        __fput+0x288/0x920
[  155.837595][ T8664]        task_work_run+0xdd/0x1a0
[  155.844162][ T8664]        do_exit+0xbd4/0x2a60
[  155.850189][ T8664]        do_group_exit+0x125/0x310
[  155.855660][ T8664]        __ia32_sys_exit_group+0x3a/0x50
[  155.862102][ T8664]        __do_fast_syscall_32+0x65/0xf0
[  155.868428][ T8664]        do_fast_syscall_32+0x2f/0x70
[  155.874420][ T8664]        entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  155.881858][ T8664] 
[  155.881858][ T8664] other info that might help us debug this:
[  155.881858][ T8664] 
[  155.892533][ T8664]  Possible unsafe locking scenario:
[  155.892533][ T8664] 
[  155.900647][ T8664]        CPU0                    CPU1
[  155.907595][ T8664]        ----                    ----
[  155.913965][ T8664]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_HCI);
[  155.921175][ T8664]                                lock(hci_sk_list.lock);
[  155.929584][ T8664]                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_HCI);
[  155.940228][ T8664]   lock(hci_sk_list.lock);
[  155.945540][ T8664] 
[  155.945540][ T8664]  *** DEADLOCK ***
[  155.945540][ T8664] 
[  155.955061][ T8664] 2 locks held by syz-executor.0/8664:
[  155.961237][ T8664]  #0: ffff888025c1b690 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[  155.971979][ T8664]  #1: ffff88804592c120 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_release+0x61/0x4d0
[  155.982819][ T8664] 
[  155.982819][ T8664] stack backtrace:
[  155.988324][ T8664] CPU: 2 PID: 8664 Comm: syz-executor.0 Tainted: G        W         5.14.0-rc3-syzkaller #0
[  155.997691][ T8664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[  156.005511][ T8664] Call Trace:
[  156.008365][ T8664]  dump_stack_lvl+0xcd/0x134
[  156.012499][ T8664]  check_noncircular+0x25f/0x2e0
[  156.017896][ T8664]  ? stack_trace_save+0x8c/0xc0
[  156.022566][ T8664]  ? print_circular_bug+0x1e0/0x1e0
[  156.028560][ T8664]  ? is_dynamic_key+0x1a0/0x1a0
[  156.034050][ T8664]  ? lockdep_lock+0xc6/0x200
[  156.039048][ T8664]  ? call_rcu_zapped+0xb0/0xb0
[  156.044618][ T8664]  __lock_acquire+0x2a07/0x54a0
[  156.051112][ T8664]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  156.058246][ T8664]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  156.065708][ T8664]  lock_acquire+0x1ab/0x510
[  156.070509][ T8664]  ? bt_sock_unlink+0x1d/0x1c0
[  156.076299][ T8664]  ? lock_release+0x720/0x720
[  156.082158][ T8664]  ? lock_release+0x720/0x720
[  156.088210][ T8664]  ? lock_downgrade+0x6e0/0x6e0
[  156.092672][ T8664]  ? do_raw_spin_lock+0x120/0x2b0
[  156.097863][ T8664]  ? mark_held_locks+0x9f/0xe0
[  156.102469][ T8664]  _raw_write_lock+0x2a/0x40
[  156.108073][ T8664]  ? bt_sock_unlink+0x1d/0x1c0
[  156.113994][ T8664]  bt_sock_unlink+0x1d/0x1c0
[  156.118398][ T8664]  hci_sock_release+0xcf/0x4d0
[  156.123567][ T8664]  __sock_release+0xcd/0x280
[  156.128831][ T8664]  sock_close+0x18/0x20
[  156.132849][ T8664]  __fput+0x288/0x920
[  156.136693][ T8664]  ? __sock_release+0x280/0x280
[  156.141364][ T8664]  task_work_run+0xdd/0x1a0
[  156.146048][ T8664]  do_exit+0xbd4/0x2a60
[  156.149945][ T8664]  ? lock_downgrade+0x6e0/0x6e0
[  156.154587][ T8664]  ? mm_update_next_owner+0x7a0/0x7a0
[  156.160043][ T8664]  do_group_exit+0x125/0x310
[  156.165258][ T8664]  __ia32_sys_exit_group+0x3a/0x50
[  156.170633][ T8664]  __do_fast_syscall_32+0x65/0xf0
[  156.175352][ T8664]  do_fast_syscall_32+0x2f/0x70
[  156.180651][ T8664]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  156.187236][ T8664] RIP: 0023:0xf7f7d549
[  156.191031][ T8664] Code: Unable to access opcode bytes at RIP 0xf7f7d51f.
[  156.198169][ T8664] RSP: 002b:00000000ffb86a9c EFLAGS: 00000282 ORIG_RAX: 00000000000000fc
[  156.207570][ T8664] RAX: ffffffffffffffda RBX: 0000000000000043 RCX: 00000000ffb86ae8
[  156.216215][ T8664] RDX: 0000000000000000 RSI: 000000000817214c RDI: 0000000000000010
[  156.225224][ T8664] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  156.234207][ T8664] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  156.242531][ T8664] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
2021/07/30 05:49:53 BUG: program execution failed: executor 0: exit status 67
SYZFAIL: wrong response packet
 (errno 16: Device or resource busy)
loop exited with status 67

SYZFAIL: wrong response packet
 (errno 16: Device or resource busy)
loop exited with status 67

VM DIAGNOSIS:
05:49:56  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=ffff88802cc570c0 RCX=0000000000000000 RDX=ffff888013370000
RSI=ffffffff816a5320 RDI=0000000000000003 RBP=0000000000000003 RSP=ffffc90000787a00
R8 =0000000000000000 R9 =0000000000000001 R10=ffffffff816a5346 R11=0000000000000000
R12=ffffed100598ae19 R13=0000000000000002 R14=ffff88802cc570c8 R15=0000000000000001
RIP=ffffffff816a5322 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 000fffff 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 000fffff 00000000
FS =0000 0000000000000000 000fffff 00000000
GS =0000 ffff88802ca00000 000fffff 00000000
LDT=0000 0000000000000000 000fffff 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f924196aab4 CR3=000000000b68e000 CR4=00150ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=0000000000000000bfe62e42fefa39ef XMM03=0000ff00000000000000000000000000
XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962
XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=00000000000431b1 RBX=ffff888011209c40 RCX=ffffffff892a035f RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000001 RSP=ffffc9000043fdf8
R8 =0000000000000001 R9 =ffff88802cb52a4b R10=ffffed100596a549 R11=0000000000000000
R12=ffffed1002241388 R13=0000000000000001 R14=ffffffff8d6c66d0 R15=0000000000000000
RIP=ffffffff892c9e7b RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00000000
FS =0000 0000000000000000 ffffffff 00000000
GS =0000 ffff88802cb00000 ffffffff 00000000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000003c000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000559711ef4188 CR3=0000000020963000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000003f847ae147ae147b
XMM02=000000000000000040c3880000000000 XMM03=0000000000000000416312d000000000
XMM04=000000c000048870000000c000048860 XMM05=000000c0000488d0000000c0000488f0
XMM06=000000c0000488c0000000c0000488b0 XMM07=000000c0000488a0000000c000048830
XMM08=000000c000048850000000c000048840 XMM09=000000c000048890000000c0000488e0
XMM10=000000c000048860000000c000048820 XMM11=000000c0000488f0000000c000048870
XMM12=000000c0000488b0000000c0000488d0 XMM13=000000c000048830000000c0000488c0
XMM14=000000c000048880000000c0000488a0 XMM15=000000c000048ba0000000c000048bd0
info registers vcpu 2
RAX=0000000000000072 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84330241 RDI=ffffffff904e7660 RBP=ffffffff904e7620 RSP=ffffc90000d77720
R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff84330232 R11=000000000000001f
R12=0000000000000000 R13=0000000000000072 R14=ffffffff904e7620 R15=dffffc0000000000
RIP=ffffffff8433026a RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cc00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000077000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00000000080aa190 CR3=0000000020963000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=0000000000000000bfe62e42fefa39ef XMM03=0000ff00000000000000000000000000
XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962
XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 3
RAX=000000000002d3fd RBX=ffff88801120d4c0 RCX=ffffffff892a035f RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000003 RSP=ffffc9000045fdf8
R8 =0000000000000001 R9 =ffff88802cd52a4b R10=ffffed10059aa549 R11=0000000000000000
R12=ffffed1002241a98 R13=0000000000000003 R14=ffffffff8d6c66d0 R15=0000000000000000
RIP=ffffffff892c9e7b RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cd00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000b2000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000559711f0fa70 CR3=000000000b68e000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00009fc0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffffffffffffffffffff XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=ffff0000000000ff0000000000000000 XMM05=702f736563697665642f3d4854415056
XMM06=6f74616c756765722f6d726f6674616c XMM07=703d4d455453595342555300302e7972
XMM08=00000000000000b00000302e79726f74 XMM09=646431f37598061464641bd2fb0f6454
XMM10=64646464646464556464151349010912 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000