Bluetooth: hci6: sending frame failed (-49) Bluetooth: hci7: command 0x1001 tx timeout Bluetooth: hci7: sending frame failed (-49) Bluetooth: hci6: command 0x1009 tx timeout Bluetooth: hci7: command 0x1009 tx timeout BUG: sleeping function called from invalid context at net/core/sock.c:2863 in_atomic(): 1, irqs_disabled(): 0, pid: 24907, name: syz-executor.2 3 locks held by syz-executor.2/24907: #0: 000000009437d211 (&tty->legacy_mutex){+.+.}, at: tty_lock+0x6a/0xa0 drivers/tty/tty_mutex.c:19 #1: 000000006045dc8b (&tty->ldisc_sem){++++}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:320 [inline] #1: 000000006045dc8b (&tty->ldisc_sem){++++}, at: tty_ldisc_lock+0x4d/0x90 drivers/tty/tty_ldisc.c:344 #2: 0000000034752438 (hci_sk_list.lock){++++}, at: hci_sock_dev_event+0x3db/0x660 net/bluetooth/hci_sock.c:756 Preemption disabled at: [<0000000000000000>] (null) CPU: 1 PID: 24907 Comm: syz-executor.2 Not tainted 4.19.202-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192 lock_sock_nested+0x33/0x110 net/core/sock.c:2863 lock_sock include/net/sock.h:1510 [inline] hci_sock_dev_event+0x465/0x660 net/bluetooth/hci_sock.c:758 hci_unregister_dev+0x25b/0x910 net/bluetooth/hci_core.c:3292 hci_uart_tty_close+0x277/0x2e0 drivers/bluetooth/hci_ldisc.c:553 tty_ldisc_close+0xa2/0xd0 drivers/tty/tty_ldisc.c:493 tty_ldisc_kill drivers/tty/tty_ldisc.c:639 [inline] tty_ldisc_hangup+0x2a1/0x700 drivers/tty/tty_ldisc.c:757 __tty_hangup.part.0+0x359/0x780 drivers/tty/tty_io.c:623 __tty_hangup drivers/tty/tty_io.c:2608 [inline] tty_vhangup drivers/tty/tty_io.c:696 [inline] tty_ioctl+0x80e/0x15c0 drivers/tty/tty_io.c:2607 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4665e9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb560988188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9 RDX: 0000000000000000 RSI: 0000000000005437 RDI: 0000000000000003 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 R13: 00007ffecf7b087f R14: 00007fb560988300 R15: 0000000000022000 device vxlan0 entered promiscuous mode IPVS: ftp: loaded support on port[0] = 21 device vxlan0 entered promiscuous mode IPVS: ftp: loaded support on port[0] = 21 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 audit: type=1804 audit(1628586732.097:179): pid=25412 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir759423099/syzkaller.30V3Xw/446/file1/bus" dev="loop4" ino=158 res=1 attempt to access beyond end of device loop4: rw=0, want=90, limit=87 audit: type=1800 audit(1628586732.127:180): pid=25412 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=158 res=0 attempt to access beyond end of device loop4: rw=2049, want=98, limit=87 audit: type=1804 audit(1628586732.327:181): pid=25412 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir759423099/syzkaller.30V3Xw/446/file1/bus" dev="loop4" ino=158 res=1 audit: type=1800 audit(1628586732.327:182): pid=25412 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=158 res=0