Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts. 2022/12/28 06:17:17 ignoring optional flag "sandboxArg"="0" 2022/12/28 06:17:17 parsed 1 programs 2022/12/28 06:17:17 executed programs: 0 [ 75.550357][ T4390] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.558362][ T4390] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.566365][ T4390] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.574246][ T4390] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.582466][ T4390] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.589911][ T4390] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.657996][ T5528] chnl_net:caif_netlink_parms(): no params data found [ 75.693264][ T5528] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.700511][ T5528] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.708448][ T5528] device bridge_slave_0 entered promiscuous mode [ 75.716455][ T5528] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.723703][ T5528] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.731793][ T5528] device bridge_slave_1 entered promiscuous mode [ 75.751105][ T5528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.762997][ T5528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.783784][ T5528] team0: Port device team_slave_0 added [ 75.791303][ T5528] team0: Port device team_slave_1 added [ 75.808595][ T5528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.815762][ T5528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.841899][ T5528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.853912][ T5528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.861029][ T5528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.887928][ T5528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.912151][ T5528] device hsr_slave_0 entered promiscuous mode [ 75.919312][ T5528] device hsr_slave_1 entered promiscuous mode [ 75.973819][ T5528] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.981021][ T5528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.988422][ T5528] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.995569][ T5528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.031866][ T5528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.044628][ T5079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.053376][ T5079] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.061239][ T5079] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.069575][ T5079] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 76.081583][ T5528] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.091979][ T5079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.101049][ T5079] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.108185][ T5079] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.130254][ T5078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.139451][ T5078] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.146599][ T5078] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.160112][ T5528] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 76.173476][ T5528] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.186007][ T5079] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.194221][ T5079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.203377][ T5079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.212726][ T5079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.232364][ T5528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.240185][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.248618][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.277141][ T897] cfg80211: failed to load regulatory.db [ 76.815070][ T5528] device veth0_vlan entered promiscuous mode [ 76.821941][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.830930][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.840443][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.848884][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.858018][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.865987][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.878026][ T5528] device veth1_vlan entered promiscuous mode [ 76.894086][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 76.902054][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 76.910467][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.919201][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.930807][ T5528] device veth0_macvtap entered promiscuous mode [ 76.939896][ T5528] device veth1_macvtap entered promiscuous mode [ 76.953785][ T5528] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.962564][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.970847][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.979515][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.988361][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.999657][ T5528] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.008555][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.017249][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.064675][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.080525][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.090297][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.100059][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.109565][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.119397][ T5078] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.626256][ T48] Bluetooth: hci0: command 0x0409 tx timeout [ 77.979126][ T5550] [ 77.981588][ T5550] ====================================================== [ 77.988876][ T5550] WARNING: possible circular locking dependency detected [ 77.996074][ T5550] 6.1.0-syzkaller-12784-gc183e6c3ec34 #0 Not tainted [ 78.002848][ T5550] ------------------------------------------------------ [ 78.009852][ T5550] syz-executor.0/5550 is trying to acquire lock: [ 78.016153][ T5550] ffff88802974a130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x6d/0x3a0 [ 78.027692][ T5550] [ 78.027692][ T5550] but task is already holding lock: [ 78.035048][ T5550] ffff888071675d28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x15d/0x890 [ 78.044023][ T5550] [ 78.044023][ T5550] which lock already depends on the new lock. [ 78.044023][ T5550] [ 78.054411][ T5550] [ 78.054411][ T5550] the existing dependency chain (in reverse order) is: [ 78.063842][ T5550] [ 78.063842][ T5550] -> #2 (&d->lock){+.+.}-{3:3}: [ 78.070872][ T5550] __mutex_lock+0x12f/0x1360 [ 78.076090][ T5550] __rfcomm_dlc_close+0x15d/0x890 [ 78.081746][ T5550] rfcomm_dlc_close+0x1e9/0x240 [ 78.087471][ T5550] __rfcomm_sock_close+0x13c/0x250 [ 78.093103][ T5550] rfcomm_sock_shutdown+0xd8/0x230 [ 78.098827][ T5550] rfcomm_sock_release+0x68/0x140 [ 78.104390][ T5550] __sock_release+0xcd/0x280 [ 78.109503][ T5550] sock_close+0x1c/0x20 [ 78.115314][ T5550] __fput+0x27c/0xa90 [ 78.119901][ T5550] task_work_run+0x16f/0x270 [ 78.125010][ T5550] get_signal+0x1c7/0x2450 [ 78.129941][ T5550] arch_do_signal_or_restart+0x79/0x5c0 [ 78.136007][ T5550] exit_to_user_mode_prepare+0x15f/0x250 [ 78.142248][ T5550] syscall_exit_to_user_mode+0x1d/0x50 [ 78.148222][ T5550] do_syscall_64+0x46/0xb0 [ 78.153170][ T5550] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.159761][ T5550] [ 78.159761][ T5550] -> #1 (rfcomm_mutex){+.+.}-{3:3}: [ 78.167149][ T5550] __mutex_lock+0x12f/0x1360 [ 78.172261][ T5550] rfcomm_dlc_open+0x93/0xa80 [ 78.177455][ T5550] rfcomm_sock_connect+0x329/0x450 [ 78.183090][ T5550] __sys_connect_file+0x153/0x1a0 [ 78.188723][ T5550] __sys_connect+0x165/0x1a0 [ 78.193926][ T5550] __x64_sys_connect+0x73/0xb0 [ 78.199208][ T5550] do_syscall_64+0x39/0xb0 [ 78.204142][ T5550] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.210561][ T5550] [ 78.210561][ T5550] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}: [ 78.219936][ T5550] __lock_acquire+0x2a43/0x56d0 [ 78.225328][ T5550] lock_acquire+0x1e3/0x630 [ 78.230342][ T5550] lock_sock_nested+0x3a/0xf0 [ 78.235537][ T5550] rfcomm_sk_state_change+0x6d/0x3a0 [ 78.241368][ T5550] __rfcomm_dlc_close+0x1b1/0x890 [ 78.247097][ T5550] rfcomm_dlc_close+0x1e9/0x240 [ 78.252649][ T5550] __rfcomm_sock_close+0x13c/0x250 [ 78.258298][ T5550] rfcomm_sock_shutdown+0xd8/0x230 [ 78.263941][ T5550] rfcomm_sock_release+0x68/0x140 [ 78.269513][ T5550] __sock_release+0xcd/0x280 [ 78.274708][ T5550] sock_close+0x1c/0x20 [ 78.279550][ T5550] __fput+0x27c/0xa90 [ 78.284243][ T5550] task_work_run+0x16f/0x270 [ 78.289444][ T5550] get_signal+0x1c7/0x2450 [ 78.294391][ T5550] arch_do_signal_or_restart+0x79/0x5c0 [ 78.300451][ T5550] exit_to_user_mode_prepare+0x15f/0x250 [ 78.306605][ T5550] syscall_exit_to_user_mode+0x1d/0x50 [ 78.312574][ T5550] do_syscall_64+0x46/0xb0 [ 78.317612][ T5550] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.324126][ T5550] [ 78.324126][ T5550] other info that might help us debug this: [ 78.324126][ T5550] [ 78.334350][ T5550] Chain exists of: [ 78.334350][ T5550] sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock [ 78.334350][ T5550] [ 78.348369][ T5550] Possible unsafe locking scenario: [ 78.348369][ T5550] [ 78.355805][ T5550] CPU0 CPU1 [ 78.361243][ T5550] ---- ---- [ 78.366683][ T5550] lock(&d->lock); [ 78.370486][ T5550] lock(rfcomm_mutex); [ 78.377162][ T5550] lock(&d->lock); [ 78.383483][ T5550] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 78.389636][ T5550] [ 78.389636][ T5550] *** DEADLOCK *** [ 78.389636][ T5550] [ 78.397855][ T5550] 3 locks held by syz-executor.0/5550: [ 78.403304][ T5550] #0: ffff888073538810 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280 [ 78.413833][ T5550] #1: ffffffff8e3141c8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x33/0x240 [ 78.423226][ T5550] #2: ffff888071675d28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x15d/0x890 [ 78.432532][ T5550] [ 78.432532][ T5550] stack backtrace: [ 78.438405][ T5550] CPU: 0 PID: 5550 Comm: syz-executor.0 Not tainted 6.1.0-syzkaller-12784-gc183e6c3ec34 #0 [ 78.448639][ T5550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 78.458771][ T5550] Call Trace: [ 78.462070][ T5550] [ 78.465090][ T5550] dump_stack_lvl+0xd1/0x138 [ 78.469683][ T5550] check_noncircular+0x25f/0x2e0 [ 78.474716][ T5550] ? __lock_acquire+0x2567/0x56d0 [ 78.479747][ T5550] ? print_circular_bug+0x1e0/0x1e0 [ 78.484942][ T5550] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 78.490953][ T5550] __lock_acquire+0x2a43/0x56d0 [ 78.495814][ T5550] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 78.501998][ T5550] lock_acquire+0x1e3/0x630 [ 78.506599][ T5550] ? rfcomm_sk_state_change+0x6d/0x3a0 [ 78.512066][ T5550] ? lock_release+0x810/0x810 [ 78.516830][ T5550] ? __rfcomm_dlc_close+0x15d/0x890 [ 78.522024][ T5550] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 78.527917][ T5550] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 78.533468][ T5550] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 78.539271][ T5550] ? __timer_delete+0xe8/0x1b0 [ 78.544031][ T5550] lock_sock_nested+0x3a/0xf0 [ 78.548712][ T5550] ? rfcomm_sk_state_change+0x6d/0x3a0 [ 78.554171][ T5550] rfcomm_sk_state_change+0x6d/0x3a0 [ 78.559565][ T5550] __rfcomm_dlc_close+0x1b1/0x890 [ 78.564706][ T5550] rfcomm_dlc_close+0x1e9/0x240 [ 78.569582][ T5550] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 78.575500][ T5550] __rfcomm_sock_close+0x13c/0x250 [ 78.580616][ T5550] ? lockdep_hardirqs_on+0x7d/0x100 [ 78.585852][ T5550] rfcomm_sock_shutdown+0xd8/0x230 [ 78.590980][ T5550] rfcomm_sock_release+0x68/0x140 [ 78.596020][ T5550] __sock_release+0xcd/0x280 [ 78.600813][ T5550] sock_close+0x1c/0x20 [ 78.604976][ T5550] __fput+0x27c/0xa90 [ 78.608965][ T5550] ? __sock_release+0x280/0x280 [ 78.614700][ T5550] task_work_run+0x16f/0x270 [ 78.619306][ T5550] ? task_work_cancel+0x30/0x30 [ 78.624172][ T5550] ? rfcomm_sock_connect+0x159/0x450 [ 78.629463][ T5550] get_signal+0x1c7/0x2450 [ 78.633876][ T5550] ? task_work_func_match+0x40/0x40 [ 78.639076][ T5550] ? exit_signals+0x8b0/0x8b0 [ 78.643753][ T5550] ? rfcomm_sock_connect+0x15e/0x450 [ 78.649051][ T5550] arch_do_signal_or_restart+0x79/0x5c0 [ 78.654605][ T5550] ? get_sigframe_size+0x10/0x10 [ 78.659552][ T5550] exit_to_user_mode_prepare+0x15f/0x250 [ 78.665204][ T5550] syscall_exit_to_user_mode+0x1d/0x50 [ 78.670791][ T5550] do_syscall_64+0x46/0xb0 [ 78.675212][ T5550] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.681128][ T5550] RIP: 0033:0x4665f9 [ 78.685035][ T5550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 78.704719][ T5550] RSP: 002b:00007fd86c7f5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 78.713666][ T5550] RAX: fffffffffffffffc RBX: 000000000056bf80 RCX: 00000000004665f9 [ 78.721720][ T5550] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004 [ 78.729734][ T5550] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 [ 78.737697][ T5550] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 78.745927][ T5550] R13: 00007ffd68aeeabf R14: 00007fd86c7f5300 R15: 0000000000022000 [ 78.754368][ T5550] 2022/12/28 06:17:23 executed programs: 2 [ 79.706287][ T48] Bluetooth: hci0: command 0x041b tx timeout [ 81.785431][ T48] Bluetooth: hci0: command 0x040f tx timeout [ 83.865320][ T48] Bluetooth: hci0: command 0x0419 tx timeout 2022/12/28 06:17:28 executed programs: 8 [ 85.945297][ T48] Bluetooth: hci0: command 0x0405 tx timeout