Extracting prog: 2m4.748312382s
Minimizing prog: 9m26.02863815s
Simplifying prog options: 0s
Extracting C: 35.626365955s
Simplifying C: 17m3.786654116s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000080), 0x8)
listen(r0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)

program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
single: successfully extracted reproducer
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=45.516200097s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000080), 0x8)
listen(r0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd)

program did not crash
testing program (duration=45.516200097s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000080), 0x8)
listen(r0, 0x0)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)

program did not crash
testing program (duration=45.516200097s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000080), 0x8)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)

program did not crash
testing program (duration=45.516200097s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
listen(r0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)

program did not crash
testing program (duration=45.516200097s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
bind$bt_sco(0xffffffffffffffff, &(0x7f0000000080), 0x8)
listen(0xffffffffffffffff, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)

program did not crash
testing program (duration=45.516200097s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, 0x0, 0x0)
listen(r0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)

program did not crash
testing program (duration=45.516200097s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000080), 0x8)
listen(r0, 0x0)
syz_emit_vhci(0x0, 0x0)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)

program did not crash
testing program (duration=45.516200097s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000080), 0x8)
listen(r0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd)
syz_emit_vhci(0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=45.516200097s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
simplifying C reproducer
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program did not crash
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program did not crash
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program did not crash
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program did not crash
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program did not crash
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program did not crash
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
testing compiled C program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
testing program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000080), 0x8)
listen(r0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)

program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
validation run: crashed=true
testing program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000080), 0x8)
listen(r0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)

program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
validation run: crashed=true
testing program (duration=45.516200097s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-bind$bt_sco-listen-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000080), 0x8)
listen(r0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)

program crashed: BUG: sleeping function called from invalid context in lock_sock_nested
validation run: crashed=true
reproducing took 32m0.912807175s
repro crashed as (corrupted=false):
Bluetooth: hci4: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci2: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci4: Ignoring HCI_Sync_Conn_Complete event for existing connection
BUG: sleeping function called from invalid context at net/core/sock.c:3498
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4447, name: kworker/u5:4
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
6 locks held by kworker/u5:4/4447:
 #0: ffff0000c3c1a138 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
 #1: ffff8000209c7c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
 #2: ffff0000d4dd4078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x98/0x90c net/bluetooth/hci_event.c:5029
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1811 [inline]
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x3f8/0x90c net/bluetooth/hci_event.c:5115
 #4: ffff0000c8b57e20 (&conn->lock#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #4: ffff0000c8b57e20 (&conn->lock#2){+.+.}-{2:2}, at: sco_conn_ready net/bluetooth/sco.c:1304 [inline]
 #4: ffff0000c8b57e20 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x25c/0x8fc net/bluetooth/sco.c:1389
 #5: ffff0000c3725130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1792 [inline]
 #5: ffff0000c3725130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_ready net/bluetooth/sco.c:1317 [inline]
 #5: ffff0000c3725130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3cc/0x8fc net/bluetooth/sco.c:1389
Preemption disabled at:
[<ffff800010bfaf10>] spin_lock include/linux/spinlock.h:351 [inline]
[<ffff800010bfaf10>] sco_conn_ready net/bluetooth/sco.c:1304 [inline]
[<ffff800010bfaf10>] sco_connect_cfm+0x25c/0x8fc net/bluetooth/sco.c:1389
CPU: 0 PID: 4447 Comm: kworker/u5:4 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: hci1 hci_rx_work
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 __might_resched+0x350/0x4cc kernel/sched/core.c:9966
 __might_sleep+0x94/0x110 kernel/sched/core.c:9895
 lock_sock_nested+0x80/0x130 net/core/sock.c:3498
 lock_sock include/net/sock.h:1792 [inline]
 sco_conn_ready net/bluetooth/sco.c:1317 [inline]
 sco_connect_cfm+0x3cc/0x8fc net/bluetooth/sco.c:1389
 hci_connect_cfm include/net/bluetooth/hci_core.h:1814 [inline]
 hci_sync_conn_complete_evt+0x460/0x90c net/bluetooth/hci_event.c:5115
 hci_event_func net/bluetooth/hci_event.c:7415 [inline]
 hci_event_packet+0x6f4/0xf08 net/bluetooth/hci_event.c:7467
 hci_rx_work+0x324/0xaa0 net/bluetooth/hci_core.c:4083
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci3: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci3: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci4: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci4: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci5: Ignoring HCI_Sync_Conn_Complete event for existing connection

final repro crashed as (corrupted=false):
Bluetooth: hci4: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci2: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci4: Ignoring HCI_Sync_Conn_Complete event for existing connection
BUG: sleeping function called from invalid context at net/core/sock.c:3498
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4447, name: kworker/u5:4
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
6 locks held by kworker/u5:4/4447:
 #0: ffff0000c3c1a138 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
 #1: ffff8000209c7c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
 #2: ffff0000d4dd4078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x98/0x90c net/bluetooth/hci_event.c:5029
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1811 [inline]
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x3f8/0x90c net/bluetooth/hci_event.c:5115
 #4: ffff0000c8b57e20 (&conn->lock#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #4: ffff0000c8b57e20 (&conn->lock#2){+.+.}-{2:2}, at: sco_conn_ready net/bluetooth/sco.c:1304 [inline]
 #4: ffff0000c8b57e20 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x25c/0x8fc net/bluetooth/sco.c:1389
 #5: ffff0000c3725130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1792 [inline]
 #5: ffff0000c3725130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_ready net/bluetooth/sco.c:1317 [inline]
 #5: ffff0000c3725130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3cc/0x8fc net/bluetooth/sco.c:1389
Preemption disabled at:
[<ffff800010bfaf10>] spin_lock include/linux/spinlock.h:351 [inline]
[<ffff800010bfaf10>] sco_conn_ready net/bluetooth/sco.c:1304 [inline]
[<ffff800010bfaf10>] sco_connect_cfm+0x25c/0x8fc net/bluetooth/sco.c:1389
CPU: 0 PID: 4447 Comm: kworker/u5:4 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: hci1 hci_rx_work
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 __might_resched+0x350/0x4cc kernel/sched/core.c:9966
 __might_sleep+0x94/0x110 kernel/sched/core.c:9895
 lock_sock_nested+0x80/0x130 net/core/sock.c:3498
 lock_sock include/net/sock.h:1792 [inline]
 sco_conn_ready net/bluetooth/sco.c:1317 [inline]
 sco_connect_cfm+0x3cc/0x8fc net/bluetooth/sco.c:1389
 hci_connect_cfm include/net/bluetooth/hci_core.h:1814 [inline]
 hci_sync_conn_complete_evt+0x460/0x90c net/bluetooth/hci_event.c:5115
 hci_event_func net/bluetooth/hci_event.c:7415 [inline]
 hci_event_packet+0x6f4/0xf08 net/bluetooth/hci_event.c:7467
 hci_rx_work+0x324/0xaa0 net/bluetooth/hci_core.c:4083
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci3: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci3: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci4: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci4: Ignoring HCI_Sync_Conn_Complete event for existing connection
Bluetooth: hci5: Ignoring HCI_Sync_Conn_Complete event for existing connection