[ 37.864977][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.916529][ T9] device veth1_macvtap left promiscuous mode [ 37.917902][ T9] device veth0_macvtap left promiscuous mode [ 37.919206][ T9] device veth1_vlan left promiscuous mode [ 37.920358][ T9] device veth0_vlan left promiscuous mode [ 38.030282][ T9] team0 (unregistering): Port device team_slave_1 removed [ 38.035200][ T9] team0 (unregistering): Port device team_slave_0 removed [ 38.039729][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 38.079849][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 38.157578][ T9] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts. 1970/01/01 00:00:52 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:53 parsed 1 programs 1970/01/01 00:00:53 executed programs: 0 [ 53.156954][ T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.159510][ T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.162206][ T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.164775][ T45] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 53.167062][ T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.169294][ T3501] Bluetooth: hci0: HCI_REQ-0x0c1a [ 53.211550][ T3501] chnl_net:caif_netlink_parms(): no params data found [ 53.229700][ T3501] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.231237][ T3501] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.233930][ T3501] device bridge_slave_0 entered promiscuous mode [ 53.236667][ T3501] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.238247][ T3501] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.240470][ T3501] device bridge_slave_1 entered promiscuous mode [ 53.248572][ T3501] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.252055][ T3501] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.260363][ T3501] team0: Port device team_slave_0 added [ 53.262682][ T3501] team0: Port device team_slave_1 added [ 53.269388][ T3501] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.271181][ T3501] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.277994][ T3501] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.281651][ T3501] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.283534][ T3501] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.289846][ T3501] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.334114][ T3501] device hsr_slave_0 entered promiscuous mode [ 53.373013][ T3501] device hsr_slave_1 entered promiscuous mode [ 54.098407][ T3501] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.144450][ T3501] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.203992][ T3501] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.224804][ T3501] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.308395][ T3501] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.315517][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.317585][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.321470][ T3501] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.326979][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.329360][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.331620][ T3052] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.333491][ T3052] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.342510][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.344848][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.347008][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.348836][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.350614][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.352725][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.355641][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.363452][ T3501] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.366367][ T3501] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.371025][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.374064][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.376552][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.378742][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.384431][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.386635][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.389072][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.391348][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.394267][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.396548][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.435560][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 54.437397][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 54.440210][ T3501] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.448204][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 54.450645][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.459195][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 54.460965][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.463441][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.465777][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.468950][ T3501] device veth0_vlan entered promiscuous mode [ 54.474137][ T3501] device veth1_vlan entered promiscuous mode [ 54.484763][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 54.487083][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 54.489535][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 54.491989][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.496865][ T3501] device veth0_macvtap entered promiscuous mode [ 54.500736][ T3501] device veth1_macvtap entered promiscuous mode [ 54.509148][ T3501] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.511104][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 54.513867][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 54.515913][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 54.518648][ T3052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.522203][ T3501] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.526227][ T3050] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 54.528408][ T3050] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.531458][ T3501] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.534311][ T3501] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.536714][ T3501] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.539007][ T3501] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.572224][ T1206] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.574399][ T1206] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.577502][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 54.592557][ T1206] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.596031][ T1206] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.598249][ T3050] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 55.203308][ T45] Bluetooth: hci0: command 0x0409 tx timeout [ 57.283179][ T45] Bluetooth: hci0: command 0x041b tx timeout 1970/01/01 00:00:58 executed programs: 4 [ 59.362905][ T45] Bluetooth: hci0: command 0x040f tx timeout [ 61.442874][ T45] Bluetooth: hci0: command 0x0419 tx timeout 1970/01/01 00:01:03 executed programs: 10 [ 64.493772][ T1373] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.495304][ T1373] ieee802154 phy1 wpan1: encryption failed: -22 [ 65.797003][ T4111] nci: nci_start_poll: failed to set local general bytes [ 67.960486][ T4106] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 67.963165][ T4106] [ 67.963786][ T4106] ====================================================== [ 67.965653][ T4106] WARNING: possible circular locking dependency detected [ 67.967533][ T4106] 6.1.0-rc4-syzkaller-00039-g1621b6eaebf7-dirty #0 Not tainted [ 67.969544][ T4106] ------------------------------------------------------ [ 67.971401][ T4106] syz-executor.0/4106 is trying to acquire lock: [ 67.973106][ T4106] ffff80000d5eaae0 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58 [ 67.975520][ T4106] [ 67.975520][ T4106] but task is already holding lock: [ 67.977570][ T4106] ffff0000cb1f4350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x74/0x2b4 [ 67.980126][ T4106] [ 67.980126][ T4106] which lock already depends on the new lock. [ 67.980126][ T4106] [ 67.982995][ T4106] [ 67.982995][ T4106] the existing dependency chain (in reverse order) is: [ 67.985472][ T4106] [ 67.985472][ T4106] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 67.987626][ T4106] __mutex_lock_common+0xd4/0xca8 [ 67.989089][ T4106] mutex_lock_nested+0x38/0x44 [ 67.990227][ T4106] nci_set_local_general_bytes+0xbc/0x480 [ 67.991405][ T4106] nci_start_poll+0x1e8/0x474 [ 67.992555][ T4106] nfc_start_poll+0xfc/0x170 [ 67.993574][ T4106] nfc_genl_start_poll+0xd4/0x174 [ 67.995129][ T4106] genl_rcv_msg+0x458/0x4f4 [ 67.996351][ T4106] netlink_rcv_skb+0xe8/0x1d4 [ 67.997750][ T4106] genl_rcv+0x38/0x50 [ 67.998991][ T4106] netlink_unicast_kernel+0xfc/0x1dc [ 68.000620][ T4106] netlink_unicast+0x164/0x248 [ 68.002142][ T4106] netlink_sendmsg+0x484/0x584 [ 68.003701][ T4106] ____sys_sendmsg+0x2f8/0x440 [ 68.005119][ T4106] __sys_sendmsg+0x1ac/0x228 [ 68.006460][ T4106] __arm64_sys_sendmsg+0x2c/0x3c [ 68.007906][ T4106] el0_svc_common+0x138/0x220 [ 68.009320][ T4106] do_el0_svc+0x48/0x164 [ 68.010628][ T4106] el0_svc+0x58/0x150 [ 68.011849][ T4106] el0t_64_sync_handler+0x84/0xf0 [ 68.013385][ T4106] el0t_64_sync+0x190/0x194 [ 68.014747][ T4106] [ 68.014747][ T4106] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 68.017163][ T4106] __mutex_lock_common+0xd4/0xca8 [ 68.018829][ T4106] mutex_lock_nested+0x38/0x44 [ 68.020325][ T4106] nfc_urelease_event_work+0x88/0x16c [ 68.021920][ T4106] process_one_work+0x2d8/0x504 [ 68.023414][ T4106] worker_thread+0x340/0x610 [ 68.024801][ T4106] kthread+0x12c/0x158 [ 68.026029][ T4106] ret_from_fork+0x10/0x20 [ 68.027382][ T4106] [ 68.027382][ T4106] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 68.029525][ T4106] __mutex_lock_common+0xd4/0xca8 [ 68.031043][ T4106] mutex_lock_nested+0x38/0x44 [ 68.032480][ T4106] nfc_register_device+0x34/0x208 [ 68.034039][ T4106] nci_register_device+0x338/0x3b0 [ 68.035555][ T4106] virtual_ncidev_open+0x6c/0xd8 [ 68.037021][ T4106] misc_open+0x1b8/0x200 [ 68.038296][ T4106] chrdev_open+0x2b4/0x2e8 [ 68.039615][ T4106] do_dentry_open+0x364/0x748 [ 68.041052][ T4106] vfs_open+0x38/0x48 [ 68.042247][ T4106] path_openat+0xe34/0x11c4 [ 68.043634][ T4106] do_filp_open+0xdc/0x1b8 [ 68.045079][ T4106] do_sys_openat2+0xb8/0x22c [ 68.046552][ T4106] __arm64_sys_openat+0xb0/0xe0 [ 68.048085][ T4106] el0_svc_common+0x138/0x220 [ 68.049456][ T4106] do_el0_svc+0x48/0x164 [ 68.050723][ T4106] el0_svc+0x58/0x150 [ 68.051867][ T4106] el0t_64_sync_handler+0x84/0xf0 [ 68.053172][ T4106] el0t_64_sync+0x190/0x194 [ 68.054544][ T4106] [ 68.054544][ T4106] -> #0 (nci_mutex){+.+.}-{3:3}: [ 68.056425][ T4106] __lock_acquire+0x1530/0x3084 [ 68.057834][ T4106] lock_acquire+0x100/0x1f8 [ 68.059022][ T4106] __mutex_lock_common+0xd4/0xca8 [ 68.060202][ T4106] mutex_lock_nested+0x38/0x44 [ 68.061609][ T4106] virtual_nci_close+0x28/0x58 [ 68.062778][ T4106] nci_close_device+0x188/0x2b4 [ 68.063974][ T4106] nci_unregister_device+0x3c/0x100 [ 68.065540][ T4106] virtual_ncidev_close+0x70/0xb0 [ 68.067068][ T4106] __fput+0x198/0x3e4 [ 68.068318][ T4106] ____fput+0x20/0x30 [ 68.069476][ T4106] task_work_run+0x100/0x148 [ 68.070855][ T4106] do_notify_resume+0x174/0x1f0 [ 68.072352][ T4106] el0_svc+0x9c/0x150 [ 68.073543][ T4106] el0t_64_sync_handler+0x84/0xf0 [ 68.075053][ T4106] el0t_64_sync+0x190/0x194 [ 68.076420][ T4106] [ 68.076420][ T4106] other info that might help us debug this: [ 68.076420][ T4106] [ 68.079187][ T4106] Chain exists of: [ 68.079187][ T4106] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 68.079187][ T4106] [ 68.082888][ T4106] Possible unsafe locking scenario: [ 68.082888][ T4106] [ 68.084942][ T4106] CPU0 CPU1 [ 68.086428][ T4106] ---- ---- [ 68.087880][ T4106] lock(&ndev->req_lock); [ 68.089074][ T4106] lock(&genl_data->genl_data_mutex); [ 68.091261][ T4106] lock(&ndev->req_lock); [ 68.093170][ T4106] lock(nci_mutex); [ 68.094229][ T4106] [ 68.094229][ T4106] *** DEADLOCK *** [ 68.094229][ T4106] [ 68.096471][ T4106] 1 lock held by syz-executor.0/4106: [ 68.097949][ T4106] #0: ffff0000cb1f4350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x74/0x2b4 [ 68.100614][ T4106] [ 68.100614][ T4106] stack backtrace: [ 68.102241][ T4106] CPU: 1 PID: 4106 Comm: syz-executor.0 Not tainted 6.1.0-rc4-syzkaller-00039-g1621b6eaebf7-dirty #0 [ 68.105328][ T4106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 68.107888][ T4106] Call trace: [ 68.108564][ T4106] dump_backtrace+0x1c4/0x1f0 [ 68.109695][ T4106] show_stack+0x2c/0x54 [ 68.110984][ T4106] dump_stack_lvl+0x104/0x16c [ 68.112185][ T4106] dump_stack+0x1c/0x58 [ 68.113165][ T4106] print_circular_bug+0x2c4/0x2c8 [ 68.114583][ T4106] check_noncircular+0x14c/0x154 [ 68.116097][ T4106] __lock_acquire+0x1530/0x3084 [ 68.117417][ T4106] lock_acquire+0x100/0x1f8 [ 68.118524][ T4106] __mutex_lock_common+0xd4/0xca8 [ 68.119899][ T4106] mutex_lock_nested+0x38/0x44 [ 68.121362][ T4106] virtual_nci_close+0x28/0x58 [ 68.122766][ T4106] nci_close_device+0x188/0x2b4 [ 68.124091][ T4106] nci_unregister_device+0x3c/0x100 [ 68.125514][ T4106] virtual_ncidev_close+0x70/0xb0 [ 68.126892][ T4106] __fput+0x198/0x3e4 [ 68.127993][ T4106] ____fput+0x20/0x30 [ 68.129066][ T4106] task_work_run+0x100/0x148 [ 68.130316][ T4106] do_notify_resume+0x174/0x1f0 [ 68.131644][ T4106] el0_svc+0x9c/0x150 [ 68.132765][ T4106] el0t_64_sync_handler+0x84/0xf0 [ 68.134105][ T4106] el0t_64_sync+0x190/0x194 [ 68.979878][ T4119] nci: nci_start_poll: failed to set local general bytes [ 69.602990][ T23] cfg80211: failed to load regulatory.db [ 71.144540][ T4113] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 1970/01/01 00:01:11 executed programs: 14 [ 71.986875][ T4128] nci: nci_start_poll: failed to set local general bytes [ 74.150850][ T4123] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 74.993522][ T4137] nci: nci_start_poll: failed to set local general bytes [ 77.158462][ T4132] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 1970/01/01 00:01:17 executed programs: 16