syzbot


inconsistent lock state in sco_conn_del

Status: upstream: reported syz repro on 2020/07/31 12:31
Reported-by: syzbot+45000e83e9cecf0569d5@syzkaller.appspotmail.com
First crash: 1421d, last: 602d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream inconsistent lock state in sco_conn_del bluetooth C done 110 1026d 1410d 0/27 closed as dup on 2021/06/28 04:28
linux-4.19 inconsistent lock state in sco_conn_del C error 68 1004d 1383d 0/1 upstream: reported C repro on 2020/09/07 19:17
Fix bisection attempts (17)
Created Duration User Patch Repo Result
2023/02/03 12:10 0m bisect fix linux-4.14.y error job log (0)
2022/10/29 05:10 26m bisect fix linux-4.14.y job log (0) log
2022/09/10 07:57 29m bisect fix linux-4.14.y job log (0) log
2022/08/11 07:28 27m bisect fix linux-4.14.y job log (0) log
2022/07/12 06:54 27m bisect fix linux-4.14.y job log (0) log
2022/06/12 06:05 29m bisect fix linux-4.14.y job log (0) log
2022/05/13 05:04 24m bisect fix linux-4.14.y job log (0) log
2022/04/13 04:21 26m bisect fix linux-4.14.y job log (0) log
2022/03/14 02:51 28m bisect fix linux-4.14.y job log (0) log
2022/02/10 19:02 29m bisect fix linux-4.14.y job log (0) log
2021/12/13 23:10 27m bisect fix linux-4.14.y job log (0) log
2021/11/13 22:38 31m bisect fix linux-4.14.y job log (0) log
2021/10/14 22:09 28m bisect fix linux-4.14.y job log (0) log
2021/09/14 21:37 32m bisect fix linux-4.14.y job log (0) log
2021/08/15 21:03 33m bisect fix linux-4.14.y job log (0) log
2021/07/16 20:34 29m bisect fix linux-4.14.y job log (0) log
2021/06/16 19:50 26m bisect fix linux-4.14.y job log (0) log

Sample crash report:
Bluetooth: hci2 command 0x040f tx timeout
Bluetooth: hci2 command 0x0419 tx timeout
Bluetooth: hci2 command 0x0405 tx timeout
================================
WARNING: inconsistent lock state
4.14.213-syzkaller #0 Not tainted
--------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
syz-executor.0/7450 [HC0[0]:SC0[0]:HE1:SE1] takes:
 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}, at: [<ffffffff8689b94f>] spin_lock include/linux/spinlock.h:317 [inline]
 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}, at: [<ffffffff8689b94f>] sco_conn_del+0xbf/0x290 net/bluetooth/sco.c:175
{IN-SOFTIRQ-W} state was registered at:
  lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:152
  spin_lock include/linux/spinlock.h:317 [inline]
  sco_sock_timeout+0x29/0x1c0 net/bluetooth/sco.c:82
  call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
  expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
  __run_timers kernel/time/timer.c:1637 [inline]
  run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
  __do_softirq+0x254/0xa1d kernel/softirq.c:288
  invoke_softirq kernel/softirq.c:368 [inline]
  irq_exit+0x193/0x240 kernel/softirq.c:409
  exiting_irq arch/x86/include/asm/apic.h:648 [inline]
  smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1102
  apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793
  fast_dput fs/dcache.c:696 [inline]
  dput.part.0+0x93/0x710 fs/dcache.c:818
  dput+0x1b/0x30 fs/dcache.c:811
  path_put fs/namei.c:501 [inline]
  terminate_walk+0x25e/0x530 fs/namei.c:615
  path_lookupat+0x1fb/0x780 fs/namei.c:2361
  filename_lookup+0x18a/0x510 fs/namei.c:2377
  user_path_at include/linux/namei.h:57 [inline]
  SYSC_faccessat fs/open.c:403 [inline]
  SyS_faccessat+0x21b/0x680 fs/open.c:353
  do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
  entry_SYSCALL_64_after_hwframe+0x46/0xbb
irq event stamp: 893
hardirqs last  enabled at (893): [<ffffffff8720b874>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last  enabled at (893): [<ffffffff8720b874>] _raw_spin_unlock_irq+0x24/0x80 kernel/locking/spinlock.c:200
hardirqs last disabled at (892): [<ffffffff8720b505>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (892): [<ffffffff8720b505>] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:168
softirqs last  enabled at (218): [<ffffffff8689a48d>] sco_sock_connect+0x4bd/0x9c0 net/bluetooth/sco.c:584
softirqs last disabled at (216): [<ffffffff85d8f08b>] spin_lock_bh include/linux/spinlock.h:322 [inline]
softirqs last disabled at (216): [<ffffffff85d8f08b>] release_sock+0x1b/0x1b0 net/core/sock.c:2803

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(slock-AF_BLUETOOTH-BTPROTO_SCO);
  <Interrupt>
    lock(slock-AF_BLUETOOTH-BTPROTO_SCO);

 *** DEADLOCK ***

3 locks held by syz-executor.0/7450:
 #0:  (&hdev->req_lock){+.+.}, at: [<ffffffff867cf279>] hci_dev_do_close+0x109/0xca0 net/bluetooth/hci_core.c:1576
 #1:  (&hdev->lock){+.+.}, at: [<ffffffff867cf38c>] hci_dev_do_close+0x21c/0xca0 net/bluetooth/hci_core.c:1607
 #2:  (hci_cb_list_lock){+.+.}, at: [<ffffffff867e4b2a>] hci_disconn_cfm include/net/bluetooth/hci_core.h:1223 [inline]
 #2:  (hci_cb_list_lock){+.+.}, at: [<ffffffff867e4b2a>] hci_conn_hash_flush+0xda/0x260 net/bluetooth/hci_conn.c:1393

stack backtrace:
CPU: 1 PID: 7450 Comm: syz-executor.0 Not tainted 4.14.213-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 print_usage_bug.cold+0x42e/0x570 kernel/locking/lockdep.c:2589
 valid_state kernel/locking/lockdep.c:2602 [inline]
 mark_lock_irq kernel/locking/lockdep.c:2796 [inline]
 mark_lock+0xb4d/0x1050 kernel/locking/lockdep.c:3194
 mark_irqflags kernel/locking/lockdep.c:3090 [inline]
 __lock_acquire+0xd5c/0x3f20 kernel/locking/lockdep.c:3448
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:152
 spin_lock include/linux/spinlock.h:317 [inline]
 sco_conn_del+0xbf/0x290 net/bluetooth/sco.c:175
 sco_disconn_cfm+0x65/0xa0 net/bluetooth/sco.c:1134
 hci_disconn_cfm include/net/bluetooth/hci_core.h:1226 [inline]
 hci_conn_hash_flush+0x127/0x260 net/bluetooth/hci_conn.c:1393
 hci_dev_do_close+0x535/0xca0 net/bluetooth/hci_core.c:1620
 hci_unregister_dev+0x17f/0x8c0 net/bluetooth/hci_core.c:3191
 vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354
 __fput+0x25f/0x7a0 fs/file_table.c:210
 task_work_run+0x11f/0x190 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0xa44/0x2850 kernel/exit.c:868
 do_group_exit+0x100/0x2e0 kernel/exit.c:965
 get_signal+0x38d/0x1ca0 kernel/signal.c:2423
 do_signal+0x7c/0x1550 arch/x86/kernel/signal.c:814
 exit_to_usermode_loop+0x160/0x200 arch/x86/entry/common.c:160
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45e219
RSP: 002b:00007f7985715cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 000000000119bf88 RCX: 000000000045e219
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000119bf88
RBP: 000000000119bf80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c
R13: 00007ffd69b9833f R14: 00007f79857169c0 R15: 000000000119bf8c
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
device hsr_slave_1 left promiscuous mode
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
IPVS: ftp: loaded support on port[0] = 21
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: Enslaving bond_slave_0 as an active interface with an up link
bond0: Enslaving bond_slave_1 as an active interface with an up link
IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
team0: Port device team_slave_0 added
IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 2(bridge_slave_1) entered disabled state
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
device veth1_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_0
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
Bluetooth: hci2 command 0x0409 tx timeout
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
device hsr_slave_1 left promiscuous mode
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
IPVS: ftp: loaded support on port[0] = 21
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: Enslaving bond_slave_0 as an active interface with an up link
bond0: Enslaving bond_slave_1 as an active interface with an up link
IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
team0: Port device team_slave_0 added
IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
8021q: adding VLAN 0 to HW filter on device bond0
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 2(bridge_slave_1) entered disabled state
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
device hsr_slave_1 left promiscuous mode
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
device veth1_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
Bluetooth: hci2 command 0x0409 tx timeout
IPVS: ftp: loaded support on port[0] = 21
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: Enslaving bond_slave_0 as an active interface with an up link
bond0: Enslaving bond_slave_1 as an active interface with an up link
IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
team0: Port device team_slave_0 added
IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 2(bridge_slave_1) entered disabled state
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
device veth1_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
Bluetooth: hci2 command 0x041b tx timeout
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready

Crashes (47):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/01/06 22:07 linux-4.14.y 1752938529c6 fff20c29 .config console log report syz ci2-linux-4-14
2022/01/11 19:02 linux-4.14.y 4ba8e26127c3 1884f55a .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2022/01/10 01:48 linux-4.14.y bfdef05c8da4 2ca0d385 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/12/28 18:11 linux-4.14.y 8ee0807eedf3 76c8cf06 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/05/17 19:50 linux-4.14.y 7d7d1c0ab3eb a2eb125d .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/05/08 21:06 linux-4.14.y 7d7d1c0ab3eb bc5434be .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/05/07 18:52 linux-4.14.y 7d7d1c0ab3eb f6da8120 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/05/04 17:57 linux-4.14.y 7d7d1c0ab3eb 06c27ff5 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/05/03 15:30 linux-4.14.y 7d7d1c0ab3eb ad61f371 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/04/28 02:32 linux-4.14.y cf256fbcbe34 805b5003 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/04/24 05:04 linux-4.14.y cf256fbcbe34 17f0b706 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/04/22 03:21 linux-4.14.y cf256fbcbe34 2bc8999a .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/04/03 14:58 linux-4.14.y bd634aa64163 6a81331a .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/03/23 12:56 linux-4.14.y cb83ddcd5332 8092f30d .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/03/17 22:48 linux-4.14.y cb83ddcd5332 fdb2bb2c .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/03/16 15:06 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/03/12 20:45 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/03/10 16:20 linux-4.14.y 1d177c0872ab 764067f3 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/03/07 19:00 linux-4.14.y 1d177c0872ab c599ed12 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/02/28 17:52 linux-4.14.y 3242aa3a635c 4c37c133 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/02/25 13:06 linux-4.14.y 3242aa3a635c fcc6d71b .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/02/20 23:41 linux-4.14.y 29c52025152b 3e5ed8b4 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/02/16 21:27 linux-4.14.y 2c8a3fceddf0 98682e5e .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/02/12 02:17 linux-4.14.y 2c8a3fceddf0 a5f86b15 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/02/11 11:42 linux-4.14.y 2c8a3fceddf0 a52ee10a .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/02/05 03:48 linux-4.14.y 2c8a3fceddf0 23a562df .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/01/26 16:11 linux-4.14.y 2d2791fce891 52e37319 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/01/20 12:12 linux-4.14.y 2762b48e9611 d4f4eca5 .config console log report info ci2-linux-4-14 inconsistent lock state in sco_conn_del
2021/01/15 06:06 linux-4.14.y f79dc86058bc 65a7a854 .config console log report info ci2-linux-4-14
2021/01/12 22:47 linux-4.14.y f79dc86058bc 0cdd6185 .config console log report info ci2-linux-4-14
2021/01/06 21:21 linux-4.14.y 1752938529c6 fff20c29 .config console log report info ci2-linux-4-14
2021/01/05 10:51 linux-4.14.y 1752938529c6 a0234d98 .config console log report info ci2-linux-4-14
2020/12/21 14:34 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report info ci2-linux-4-14
2020/11/21 03:53 linux-4.14.y 8961076ed318 68068804 .config console log report info ci2-linux-4-14
2020/11/03 20:15 linux-4.14.y 2b7915014161 cba33199 .config console log report info ci2-linux-4-14
2020/11/02 00:22 linux-4.14.y 2b7915014161 8bc4594f .config console log report info ci2-linux-4-14
2020/10/29 23:58 linux-4.14.y 2b7915014161 a0c7169a .config console log report info ci2-linux-4-14
2020/10/26 21:08 linux-4.14.y 5b7a52cd2eef a7aac492 .config console log report info ci2-linux-4-14
2020/10/13 02:28 linux-4.14.y cbfa1702aaf6 d32b0bbf .config console log report info ci2-linux-4-14
2020/09/25 08:11 linux-4.14.y cbfa1702aaf6 54289b08 .config console log report info ci2-linux-4-14
2020/09/05 09:38 linux-4.14.y 2f166cdcf8a9 abf9ba4f .config console log report ci2-linux-4-14
2020/08/29 00:47 linux-4.14.y d7e78d08fa77 d5a3ae1f .config console log report ci2-linux-4-14
2020/08/19 01:56 linux-4.14.y 14b58326976d e1c29030 .config console log report ci2-linux-4-14
2020/08/15 09:41 linux-4.14.y 14b58326976d 5ce13532 .config console log report ci2-linux-4-14
2020/08/15 06:02 linux-4.14.y 14b58326976d 5ce13532 .config console log report ci2-linux-4-14
2020/08/14 17:28 linux-4.14.y 14b58326976d 5ce13532 .config console log report ci2-linux-4-14
2020/07/31 12:30 linux-4.14.y e5a54aa2d312 8df85ed9 .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.