Warning: Permanently added '10.128.0.246' (ED25519) to the list of known hosts. 2024/05/04 21:54:21 ignoring optional flag "sandboxArg"="0" 2024/05/04 21:54:21 parsed 1 programs [ 290.499706][ T3569] cgroup: Unknown subsys name 'net' [ 290.658297][ T3569] cgroup: Unknown subsys name 'rlimit' 2024/05/04 21:54:23 executed programs: 0 [ 291.924580][ T3569] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 291.980688][ T3578] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 291.989305][ T3578] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 291.997499][ T3578] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 292.005280][ T3578] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 292.012918][ T3578] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 292.020306][ T3578] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 292.126252][ T3577] chnl_net:caif_netlink_parms(): no params data found [ 292.170980][ T3577] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.178647][ T3577] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.186741][ T3577] device bridge_slave_0 entered promiscuous mode [ 292.196019][ T3577] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.203544][ T3577] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.211319][ T3577] device bridge_slave_1 entered promiscuous mode [ 292.233064][ T3577] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 292.244341][ T3577] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 292.266250][ T3577] team0: Port device team_slave_0 added [ 292.274354][ T3577] team0: Port device team_slave_1 added [ 292.292244][ T3577] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 292.299276][ T3577] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 292.325584][ T3577] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 292.338480][ T3577] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 292.345581][ T3577] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 292.371517][ T3577] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 292.400102][ T3577] device hsr_slave_0 entered promiscuous mode [ 292.407310][ T3577] device hsr_slave_1 entered promiscuous mode [ 292.490861][ T3577] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 292.501684][ T3577] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 292.510589][ T3577] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 292.519358][ T3577] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 292.539236][ T3577] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.546440][ T3577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.554514][ T3577] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.561643][ T3577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 292.609896][ T3577] 8021q: adding VLAN 0 to HW filter on device bond0 [ 292.622994][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 292.632921][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.641851][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.650825][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 292.664353][ T3577] 8021q: adding VLAN 0 to HW filter on device team0 [ 292.675634][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 292.684129][ T152] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.691180][ T152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 292.702083][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 292.711128][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.718358][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.746358][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 292.755080][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 292.763841][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 292.772162][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 292.781120][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 292.790676][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 292.899214][ T3577] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 292.907662][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 292.915519][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 292.934215][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 292.950482][ T3577] device veth0_vlan entered promiscuous mode [ 292.957967][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 292.966623][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 292.974528][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 292.988942][ T3577] device veth1_vlan entered promiscuous mode [ 293.008002][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 293.016041][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 293.024325][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 293.036479][ T3577] device veth0_macvtap entered promiscuous mode [ 293.045410][ T3577] device veth1_macvtap entered promiscuous mode [ 293.062236][ T3577] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 293.070717][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 293.079919][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 293.091566][ T3577] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 293.099715][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 293.110828][ T3577] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.119843][ T3577] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.129732][ T3577] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.138604][ T3577] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.201198][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.216879][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.227241][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 293.237354][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.245423][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.254400][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 294.073775][ T3578] Bluetooth: hci0: command tx timeout [ 296.153760][ T3578] Bluetooth: hci0: command tx timeout [ 298.232914][ T3578] Bluetooth: hci0: command tx timeout [ 300.313234][ T48] Bluetooth: hci0: command tx timeout [ 302.394273][ T48] Bluetooth: hci0: command tx timeout [ 317.114862][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.121337][ T1255] ieee802154 phy1 wpan1: encryption failed: -22 2024/05/04 21:54:54 executed programs: 1 [ 323.336540][ T3578] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 323.344986][ T3578] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 323.352535][ T3578] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 323.362296][ T3578] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 323.370089][ T3578] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 323.377727][ T3578] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 323.480290][ T3597] chnl_net:caif_netlink_parms(): no params data found [ 323.519346][ T3597] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.527010][ T3597] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.535002][ T3597] device bridge_slave_0 entered promiscuous mode [ 323.542845][ T3597] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.549977][ T3597] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.557900][ T3597] device bridge_slave_1 entered promiscuous mode [ 323.578926][ T3597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.589589][ T3597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 323.611176][ T3597] team0: Port device team_slave_0 added [ 323.618477][ T3597] team0: Port device team_slave_1 added [ 323.635600][ T3597] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 323.642562][ T3597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 323.668685][ T3597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 323.680943][ T3597] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 323.688338][ T3597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 323.714548][ T3597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 323.742920][ T3597] device hsr_slave_0 entered promiscuous mode [ 323.749582][ T3597] device hsr_slave_1 entered promiscuous mode [ 323.756357][ T3597] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 323.764286][ T3597] Cannot create hsr debugfs directory [ 323.879725][ T3597] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.985401][ T3597] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.020862][ T3597] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.108407][ T3597] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.203015][ T3597] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 324.212152][ T3597] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 324.221520][ T3597] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 324.230494][ T3597] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 324.248711][ T3597] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.255809][ T3597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 324.263219][ T3597] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.270311][ T3597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.311112][ T3597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 324.325138][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 324.334722][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.343179][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.351114][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 324.364029][ T3597] 8021q: adding VLAN 0 to HW filter on device team0 [ 324.374508][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 324.383924][ T2964] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.391006][ T2964] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.418721][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 324.427467][ T152] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.434596][ T152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 324.444090][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 324.453026][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 324.461365][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 324.474213][ T3597] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 324.487059][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 324.496751][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 324.505283][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 324.615196][ T3597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 324.624688][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 324.632129][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 324.651466][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 324.660331][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 324.677918][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 324.686338][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 324.697886][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 324.705778][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 324.715369][ T3597] device veth0_vlan entered promiscuous mode [ 324.726039][ T3597] device veth1_vlan entered promiscuous mode [ 324.744741][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 324.754818][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 324.763086][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 324.771468][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 324.783474][ T3597] device veth0_macvtap entered promiscuous mode [ 324.792104][ T3597] device veth1_macvtap entered promiscuous mode [ 324.807608][ T3597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 324.818300][ T3597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 324.829567][ T3597] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 324.837240][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 324.845450][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 324.853889][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 324.862321][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 324.874674][ T3597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 324.885223][ T3597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 324.897876][ T3597] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 324.906996][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 324.915831][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 324.926634][ T3597] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.936170][ T3597] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.945373][ T3597] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.954748][ T3597] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 325.005572][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 325.014663][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 325.027051][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 325.044823][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 325.053483][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 325.062247][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 325.444513][ T3578] Bluetooth: hci1: command tx timeout [ 327.512765][ T3578] Bluetooth: hci1: command tx timeout [ 329.602874][ T3578] Bluetooth: hci1: command tx timeout [ 331.672859][ T3578] Bluetooth: hci1: command tx timeout [ 333.752885][ T3578] Bluetooth: hci1: command tx timeout [ 333.772119][ T3595] [ 333.774472][ T3595] ====================================================== [ 333.781490][ T3595] WARNING: possible circular locking dependency detected [ 333.788529][ T3595] 6.1.90-syzkaller #0 Not tainted [ 333.793544][ T3595] ------------------------------------------------------ [ 333.800547][ T3595] syz-executor.0/3595 is trying to acquire lock: [ 333.806855][ T3595] ffff88814124fe70 ((work_completion)(&(&conn->timeout_work)->work)){+.+.}-{0:0}, at: __flush_work+0xe5/0xad0 [ 333.818580][ T3595] [ 333.818580][ T3595] but task is already holding lock: [ 333.825935][ T3595] ffffffff8e3f1968 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x2a0 [ 333.835588][ T3595] [ 333.835588][ T3595] which lock already depends on the new lock. [ 333.835588][ T3595] [ 333.845990][ T3595] [ 333.845990][ T3595] the existing dependency chain (in reverse order) is: [ 333.854988][ T3595] [ 333.854988][ T3595] -> #3 (hci_cb_list_lock){+.+.}-{3:3}: [ 333.862709][ T3595] lock_acquire+0x1f8/0x5a0 [ 333.867761][ T3595] __mutex_lock+0x132/0xd80 [ 333.872812][ T3595] hci_remote_features_evt+0x664/0xab0 [ 333.878803][ T3595] hci_event_packet+0xa9d/0x1510 [ 333.884264][ T3595] hci_rx_work+0x3cd/0xce0 [ 333.889251][ T3595] process_one_work+0x8a9/0x11d0 [ 333.894697][ T3595] worker_thread+0xa47/0x1200 [ 333.899880][ T3595] kthread+0x28d/0x320 [ 333.904452][ T3595] ret_from_fork+0x1f/0x30 [ 333.909395][ T3595] [ 333.909395][ T3595] -> #2 (&hdev->lock){+.+.}-{3:3}: [ 333.916677][ T3595] lock_acquire+0x1f8/0x5a0 [ 333.921692][ T3595] __mutex_lock+0x132/0xd80 [ 333.926704][ T3595] sco_sock_connect+0x181/0x8f0 [ 333.932114][ T3595] __sys_connect+0x2c9/0x300 [ 333.937243][ T3595] __x64_sys_connect+0x76/0x80 [ 333.942521][ T3595] do_syscall_64+0x3b/0xb0 [ 333.947459][ T3595] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 333.953863][ T3595] [ 333.953863][ T3595] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}: [ 333.962974][ T3595] lock_acquire+0x1f8/0x5a0 [ 333.967991][ T3595] lock_sock_nested+0x44/0x100 [ 333.973274][ T3595] sco_sock_timeout+0xbd/0x230 [ 333.978571][ T3595] process_one_work+0x8a9/0x11d0 [ 333.984034][ T3595] worker_thread+0xa47/0x1200 [ 333.989231][ T3595] kthread+0x28d/0x320 [ 333.993815][ T3595] ret_from_fork+0x1f/0x30 [ 333.998783][ T3595] [ 333.998783][ T3595] -> #0 ((work_completion)(&(&conn->timeout_work)->work)){+.+.}-{0:0}: [ 334.009194][ T3595] validate_chain+0x1661/0x5950 [ 334.014558][ T3595] __lock_acquire+0x125b/0x1f80 [ 334.019917][ T3595] lock_acquire+0x1f8/0x5a0 [ 334.024937][ T3595] __flush_work+0xfe/0xad0 [ 334.029864][ T3595] __cancel_work_timer+0x519/0x6a0 [ 334.035483][ T3595] sco_conn_del+0x205/0x300 [ 334.040499][ T3595] hci_conn_hash_flush+0x10e/0x2a0 [ 334.046118][ T3595] hci_dev_close_sync+0x9a9/0x1020 [ 334.051755][ T3595] hci_unregister_dev+0x1df/0x4d0 [ 334.057297][ T3595] vhci_release+0x7f/0xd0 [ 334.062220][ T3595] __fput+0x3b7/0x890 [ 334.066805][ T3595] task_work_run+0x246/0x300 [ 334.071916][ T3595] do_exit+0xa73/0x26a0 [ 334.076668][ T3595] do_group_exit+0x202/0x2b0 [ 334.081790][ T3595] get_signal+0x16f7/0x17d0 [ 334.086821][ T3595] arch_do_signal_or_restart+0xb0/0x1a10 [ 334.093040][ T3595] exit_to_user_mode_loop+0x6a/0x100 [ 334.098860][ T3595] exit_to_user_mode_prepare+0xb1/0x140 [ 334.104929][ T3595] syscall_exit_to_user_mode+0x60/0x270 [ 334.110996][ T3595] do_syscall_64+0x47/0xb0 [ 334.115928][ T3595] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 334.122333][ T3595] [ 334.122333][ T3595] other info that might help us debug this: [ 334.122333][ T3595] [ 334.132571][ T3595] Chain exists of: [ 334.132571][ T3595] (work_completion)(&(&conn->timeout_work)->work) --> &hdev->lock --> hci_cb_list_lock [ 334.132571][ T3595] [ 334.148124][ T3595] Possible unsafe locking scenario: [ 334.148124][ T3595] [ 334.155560][ T3595] CPU0 CPU1 [ 334.160907][ T3595] ---- ---- [ 334.166253][ T3595] lock(hci_cb_list_lock); [ 334.170742][ T3595] lock(&hdev->lock); [ 334.177315][ T3595] lock(hci_cb_list_lock); [ 334.184326][ T3595] lock((work_completion)(&(&conn->timeout_work)->work)); [ 334.191505][ T3595] [ 334.191505][ T3595] *** DEADLOCK *** [ 334.191505][ T3595] [ 334.199631][ T3595] 3 locks held by syz-executor.0/3595: [ 334.205069][ T3595] #0: ffff888075a810b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x1d7/0x4d0 [ 334.214977][ T3595] #1: ffff888075a80078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x48d/0x1020 [ 334.224712][ T3595] #2: ffffffff8e3f1968 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x2a0 [ 334.234698][ T3595] [ 334.234698][ T3595] stack backtrace: [ 334.240568][ T3595] CPU: 0 PID: 3595 Comm: syz-executor.0 Not tainted 6.1.90-syzkaller #0 [ 334.248879][ T3595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 334.258922][ T3595] Call Trace: [ 334.262190][ T3595] [ 334.265113][ T3595] dump_stack_lvl+0x1e3/0x2cb [ 334.269783][ T3595] ? nf_tcp_handle_invalid+0x642/0x642 [ 334.275234][ T3595] ? print_circular_bug+0x12b/0x1a0 [ 334.280420][ T3595] check_noncircular+0x2fa/0x3b0 [ 334.285346][ T3595] ? add_chain_block+0x850/0x850 [ 334.290273][ T3595] ? lockdep_lock+0x11f/0x2a0 [ 334.294941][ T3595] ? read_lock_is_recursive+0x10/0x10 [ 334.300301][ T3595] ? _find_first_zero_bit+0xd0/0x100 [ 334.305637][ T3595] validate_chain+0x1661/0x5950 [ 334.310485][ T3595] ? reacquire_held_locks+0x660/0x660 [ 334.315846][ T3595] ? __lock_acquire+0x125b/0x1f80 [ 334.320885][ T3595] ? look_up_lock_class+0x77/0x140 [ 334.326007][ T3595] ? register_lock_class+0x100/0x990 [ 334.331302][ T3595] ? is_dynamic_key+0x260/0x260 [ 334.336148][ T3595] ? mark_lock+0x9a/0x340 [ 334.340471][ T3595] __lock_acquire+0x125b/0x1f80 [ 334.345321][ T3595] lock_acquire+0x1f8/0x5a0 [ 334.349813][ T3595] ? __flush_work+0xe5/0xad0 [ 334.354389][ T3595] ? read_lock_is_recursive+0x10/0x10 [ 334.359751][ T3595] ? debug_object_assert_init+0x2c4/0x420 [ 334.365522][ T3595] ? debug_object_free+0x460/0x460 [ 334.370626][ T3595] ? __flush_work+0xe5/0xad0 [ 334.375200][ T3595] __flush_work+0xfe/0xad0 [ 334.379600][ T3595] ? __flush_work+0xe5/0xad0 [ 334.384177][ T3595] ? del_timer+0x172/0x2f0 [ 334.388617][ T3595] ? lock_timer_base+0x260/0x260 [ 334.393546][ T3595] ? flush_work+0x20/0x20 [ 334.397868][ T3595] ? print_irqtrace_events+0x210/0x210 [ 334.403337][ T3595] ? __cancel_work_timer+0x467/0x6a0 [ 334.408639][ T3595] __cancel_work_timer+0x519/0x6a0 [ 334.413760][ T3595] ? cancel_work_sync+0x20/0x20 [ 334.418608][ T3595] ? sco_conn_del+0x184/0x300 [ 334.423282][ T3595] ? __lock_acquire+0x1f80/0x1f80 [ 334.428301][ T3595] ? do_raw_spin_unlock+0x137/0x8a0 [ 334.433491][ T3595] sco_conn_del+0x205/0x300 [ 334.437986][ T3595] ? sco_connect_cfm+0xc40/0xc40 [ 334.442923][ T3595] hci_conn_hash_flush+0x10e/0x2a0 [ 334.448021][ T3595] hci_dev_close_sync+0x9a9/0x1020 [ 334.453120][ T3595] ? hci_unregister_dev+0x1bc/0x4d0 [ 334.458301][ T3595] hci_unregister_dev+0x1df/0x4d0 [ 334.463314][ T3595] vhci_release+0x7f/0xd0 [ 334.467628][ T3595] ? vhci_open+0x360/0x360 [ 334.472029][ T3595] __fput+0x3b7/0x890 [ 334.476005][ T3595] task_work_run+0x246/0x300 [ 334.480584][ T3595] ? kasan_quarantine_put+0xd4/0x220 [ 334.485917][ T3595] ? task_work_cancel+0x2b0/0x2b0 [ 334.490931][ T3595] ? kmem_cache_free+0x292/0x510 [ 334.495884][ T3595] ? do_exit+0xa6e/0x26a0 [ 334.500203][ T3595] do_exit+0xa73/0x26a0 [ 334.504352][ T3595] ? put_task_struct+0x80/0x80 [ 334.509104][ T3595] ? get_signal+0x137e/0x17d0 [ 334.513773][ T3595] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 334.519747][ T3595] ? print_irqtrace_events+0x210/0x210 [ 334.525193][ T3595] ? _raw_spin_lock_irq+0xdb/0x110 [ 334.530291][ T3595] do_group_exit+0x202/0x2b0 [ 334.534869][ T3595] ? _raw_spin_unlock_irq+0x1f/0x40 [ 334.540057][ T3595] ? lockdep_hardirqs_on+0x94/0x130 [ 334.545261][ T3595] get_signal+0x16f7/0x17d0 [ 334.549772][ T3595] ? __kmem_cache_free+0x25c/0x3c0 [ 334.554877][ T3595] ? ptrace_notify+0x370/0x370 [ 334.559636][ T3595] arch_do_signal_or_restart+0xb0/0x1a10 [ 334.565261][ T3595] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 334.571232][ T3595] ? print_irqtrace_events+0x210/0x210 [ 334.576683][ T3595] ? kasan_quarantine_put+0xd4/0x220 [ 334.581961][ T3595] ? get_sigframe_size+0x10/0x10 [ 334.586893][ T3595] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 334.592863][ T3595] ? __se_sys_mount+0x378/0x3c0 [ 334.597760][ T3595] ? exit_to_user_mode_loop+0x39/0x100 [ 334.603204][ T3595] exit_to_user_mode_loop+0x6a/0x100 [ 334.608479][ T3595] exit_to_user_mode_prepare+0xb1/0x140 [ 334.614012][ T3595] syscall_exit_to_user_mode+0x60/0x270 [ 334.619546][ T3595] do_syscall_64+0x47/0xb0 [ 334.623960][ T3595] ? clear_bhb_loop+0x45/0xa0 [ 334.628666][ T3595] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 334.634550][ T3595] RIP: 0033:0x7ff168e7dca9 [ 334.638952][ T3595] Code: Unable to access opcode bytes at 0x7ff168e7dc7f. [ 334.645952][ T3595] RSP: 002b:00007ff169bd20c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 334.654352][ T3595] RAX: fffffffffffffe00 RBX: 00007ff168fac050 RCX: 00007ff168e7dca9 [ 334.662312][ T3595] RDX: 0000000020000040 RSI: 0000000020000240 RDI: 0000000000000000 [ 334.670271][ T3595] RBP: 00007ff168ec947e R08: 0000000020000000 R09: 0000000000000000 [ 334.678228][ T3595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 334.686271][ T3595] R13: 000000000000006e R14: 00007ff168fac050 R15: 00007ffd2797fe88 [ 334.694235][ T3595] [ 335.381060][ T9] device hsr_slave_0 left promiscuous mode [ 335.387186][ T9] device hsr_slave_1 left promiscuous mode [ 335.393605][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 335.400997][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 335.409056][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 335.416693][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 335.424535][ T9] device bridge_slave_1 left promiscuous mode [ 335.430713][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.438719][ T9] device bridge_slave_0 left promiscuous mode [ 335.444986][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.454254][ T9] device veth1_macvtap left promiscuous mode [ 335.460251][ T9] device veth0_macvtap left promiscuous mode [ 335.466650][ T9] device veth1_vlan left promiscuous mode [ 335.472415][ T9] device veth0_vlan left promiscuous mode [ 335.547234][ T9] team0 (unregistering): Port device team_slave_1 removed [ 335.557302][ T9] team0 (unregistering): Port device team_slave_0 removed [ 335.567244][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 335.578617][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 335.607523][ T9] bond0 (unregistering): Released all slaves