[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.234' (ECDSA) to the list of known hosts. 2021/08/01 14:11:08 parsed 1 programs 2021/08/01 14:11:08 executed programs: 0 syzkaller login: [ 70.186771][ T6616] chnl_net:caif_netlink_parms(): no params data found [ 70.266743][ T6616] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.275210][ T6616] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.283621][ T6616] device bridge_slave_0 entered promiscuous mode [ 70.293980][ T6616] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.301148][ T6616] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.308945][ T6616] device bridge_slave_1 entered promiscuous mode [ 70.337366][ T6616] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.348470][ T6616] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.390150][ T6616] team0: Port device team_slave_0 added [ 70.399277][ T6616] team0: Port device team_slave_1 added [ 70.428507][ T6616] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.435835][ T6616] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.462434][ T6616] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.475269][ T6616] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.484537][ T6616] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.511316][ T6616] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.547569][ T6616] device hsr_slave_0 entered promiscuous mode [ 70.554804][ T6616] device hsr_slave_1 entered promiscuous mode [ 70.672602][ T6616] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.687198][ T6616] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.696913][ T6616] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.707776][ T6616] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.731508][ T6616] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.738654][ T6616] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.746390][ T6616] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.753541][ T6616] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.796875][ T6616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.809644][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.822010][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.829767][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.839926][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 70.853587][ T6616] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.864096][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.873036][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.880132][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.902715][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.912057][ T2994] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.919096][ T2994] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.928501][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.946080][ T6616] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 70.958952][ T6616] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 70.973262][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 70.981645][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.989901][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.992432][ T1375] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.999371][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.010312][ T1375] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.013552][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 71.038156][ T1071] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 71.046900][ T1071] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 71.059888][ T6616] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.078818][ T1071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 71.099205][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 71.108030][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 71.116590][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 71.127503][ T6616] device veth0_vlan entered promiscuous mode [ 71.139089][ T6616] device veth1_vlan entered promiscuous mode [ 71.159808][ T1071] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 71.168644][ T1071] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 71.177354][ T1071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 71.192336][ T6616] device veth0_macvtap entered promiscuous mode [ 71.203312][ T6616] device veth1_macvtap entered promiscuous mode [ 71.220907][ T6616] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.228310][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 71.238360][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 71.251507][ T6616] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.260413][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 71.269085][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 71.280164][ T6616] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.289151][ T6616] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.298047][ T6616] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.307095][ T6616] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.404422][ T149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.414048][ T149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.441048][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 71.456256][ T2603] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.464574][ T2603] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.476299][ T1071] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 71.567534][ T6968] [ 71.569883][ T6968] ============================================ [ 71.576024][ T6968] WARNING: possible recursive locking detected [ 71.582167][ T6968] 5.14.0-rc3-next-20210730-syzkaller #0 Not tainted [ 71.588732][ T6968] -------------------------------------------- [ 71.594859][ T6968] syz-executor.0/6968 is trying to acquire lock: [ 71.601169][ T6968] ffff888075372c00 (&u->iolock){+.+.}-{3:3}, at: __unix_dgram_recvmsg+0x226/0xb80 [ 71.610396][ T6968] [ 71.610396][ T6968] but task is already holding lock: [ 71.617743][ T6968] ffff888075372c00 (&u->iolock){+.+.}-{3:3}, at: unix_dgram_bpf_recvmsg+0xa49/0xd10 [ 71.627116][ T6968] [ 71.627116][ T6968] other info that might help us debug this: [ 71.635153][ T6968] Possible unsafe locking scenario: [ 71.635153][ T6968] [ 71.642580][ T6968] CPU0 [ 71.645860][ T6968] ---- [ 71.649120][ T6968] lock(&u->iolock); [ 71.653079][ T6968] lock(&u->iolock); [ 71.657039][ T6968] [ 71.657039][ T6968] *** DEADLOCK *** [ 71.657039][ T6968] [ 71.665165][ T6968] May be due to missing lock nesting notation [ 71.665165][ T6968] [ 71.673564][ T6968] 1 lock held by syz-executor.0/6968: [ 71.678912][ T6968] #0: ffff888075372c00 (&u->iolock){+.+.}-{3:3}, at: unix_dgram_bpf_recvmsg+0xa49/0xd10 [ 71.688730][ T6968] [ 71.688730][ T6968] stack backtrace: [ 71.694619][ T6968] CPU: 0 PID: 6968 Comm: syz-executor.0 Not tainted 5.14.0-rc3-next-20210730-syzkaller #0 [ 71.705030][ T6968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.715065][ T6968] Call Trace: [ 71.718339][ T6968] dump_stack_lvl+0xcd/0x134 [ 71.722921][ T6968] __lock_acquire.cold+0x149/0x3ab [ 71.728033][ T6968] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.734003][ T6968] lock_acquire+0x1ab/0x510 [ 71.738494][ T6968] ? __unix_dgram_recvmsg+0x226/0xb80 [ 71.743863][ T6968] ? lock_release+0x720/0x720 [ 71.748526][ T6968] __mutex_lock+0x131/0x1300 [ 71.753101][ T6968] ? __unix_dgram_recvmsg+0x226/0xb80 [ 71.758465][ T6968] ? __lock_acquire+0x162f/0x54a0 [ 71.763480][ T6968] ? __unix_dgram_recvmsg+0x226/0xb80 [ 71.768838][ T6968] ? mutex_lock_io_nested+0x1160/0x1160 [ 71.774376][ T6968] ? __schedule+0x951/0x2710 [ 71.778953][ T6968] ? mark_lock+0xef/0x17b0 [ 71.783360][ T6968] __unix_dgram_recvmsg+0x226/0xb80 [ 71.788569][ T6968] ? unix_stream_connect+0x1650/0x1650 [ 71.794039][ T6968] ? unix_dgram_bpf_recvmsg+0xae0/0xd10 [ 71.799601][ T6968] ? mark_held_locks+0x9f/0xe0 [ 71.804364][ T6968] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 71.810156][ T6968] unix_dgram_bpf_recvmsg+0x630/0xd10 [ 71.815523][ T6968] ? unix_sysctl_unregister+0x80/0x80 [ 71.820879][ T6968] ? __init_waitqueue_head+0xd0/0xd0 [ 71.826148][ T6968] ? __might_fault+0xd3/0x180 [ 71.830815][ T6968] unix_seqpacket_recvmsg+0xed/0x150 [ 71.836090][ T6968] ? unix_dgram_recvmsg+0xf0/0xf0 [ 71.841096][ T6968] ____sys_recvmsg+0x2c4/0x600 [ 71.845845][ T6968] ? kernel_recvmsg+0x160/0x160 [ 71.850681][ T6968] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.856912][ T6968] ? __import_iovec+0x2b5/0x580 [ 71.861750][ T6968] ? import_iovec+0x10c/0x150 [ 71.866412][ T6968] ___sys_recvmsg+0x127/0x200 [ 71.871083][ T6968] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 71.876706][ T6968] ? __fget_files+0x21b/0x3e0 [ 71.881371][ T6968] ? lock_downgrade+0x6e0/0x6e0 [ 71.886213][ T6968] ? __fget_files+0x23d/0x3e0 [ 71.890900][ T6968] ? __fget_light+0xea/0x280 [ 71.895497][ T6968] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.901744][ T6968] __sys_recvmsg+0xe2/0x1a0 [ 71.906238][ T6968] ? __sys_recvmsg_sock+0x40/0x40 [ 71.911261][ T6968] ? syscall_enter_from_user_mode+0x21/0x70 [ 71.917149][ T6968] do_syscall_64+0x35/0xb0 [ 71.921564][ T6968] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.927499][ T6968] RIP: 0033:0x4665e9 [ 71.931388][ T6968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 71.951080][ T6968] RSP: 002b:00007f94909e2188 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 71.959474][ T6968] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 71.967431][ T6968] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000005 [ 71.975389][ T6968] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 [ 71.983539][ T6968] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 71.991492][ T6968] R13: 00007fffb0608c4f R14: 00007f94909e2300 R15: 0000000000022000 [ 72.030770][ T1071] Bluetooth: hci0: command 0x0409 tx timeout [ 74.110365][ T1071] Bluetooth: hci0: command 0x041b tx timeout [ 76.190299][ T3003] Bluetooth: hci0: command 0x040f tx timeout [ 78.269934][ T3003] Bluetooth: hci0: command 0x0419 tx timeout