INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 1 PID: 17078 Comm: syz-executor.4 Not tainted 4.19.172-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack syzkaller/managers/linux-4-19/kernel/lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef syzkaller/managers/linux-4-19/kernel/lib/dump_stack.c:118 assign_lock_key syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:727 [inline] register_lock_class+0xe76/0x11c0 syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:753 __lock_acquire+0x17d/0x3ff0 syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:3303 lock_acquire+0x170/0x3c0 syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:3907 __raw_spin_lock_irqsave syzkaller/managers/linux-4-19/kernel/./include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 syzkaller/managers/linux-4-19/kernel/kernel/locking/spinlock.c:152 skb_dequeue+0x1c/0x180 syzkaller/managers/linux-4-19/kernel/net/core/skbuff.c:2834 skb_queue_purge+0x21/0x30 syzkaller/managers/linux-4-19/kernel/net/core/skbuff.c:2872 l2cap_chan_del+0x690/0xa50 syzkaller/managers/linux-4-19/kernel/net/bluetooth/l2cap_core.c:637 l2cap_chan_close+0x1b5/0x950 syzkaller/managers/linux-4-19/kernel/net/bluetooth/l2cap_core.c:757 l2cap_sock_shutdown+0x339/0xe10 syzkaller/managers/linux-4-19/kernel/net/bluetooth/l2cap_sock.c:1159 l2cap_sock_release+0x77/0x290 syzkaller/managers/linux-4-19/kernel/net/bluetooth/l2cap_sock.c:1202 __sock_release+0xcd/0x2a0 syzkaller/managers/linux-4-19/kernel/net/socket.c:579 sock_close+0x15/0x20 syzkaller/managers/linux-4-19/kernel/net/socket.c:1140 __fput+0x2ce/0x890 syzkaller/managers/linux-4-19/kernel/fs/file_table.c:278 task_work_run+0x148/0x1c0 syzkaller/managers/linux-4-19/kernel/kernel/task_work.c:113 get_signal+0x1b64/0x1f70 syzkaller/managers/linux-4-19/kernel/kernel/signal.c:2400 do_signal+0x8f/0x1670 syzkaller/managers/linux-4-19/kernel/arch/x86/kernel/signal.c:821 exit_to_usermode_loop+0x204/0x2a0 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:163 prepare_exit_to_usermode syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:198 [inline] syscall_return_slowpath syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465d99 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fe65de88188 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: fffffffffffffffc RBX: 000000000056bf60 RCX: 0000000000465d99 RDX: 000000000000000e RSI: 0000000020000500 RDI: 0000000000000004 RBP: 00000000004bcf27 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffc43d054ff R14: 00007fe65de88300 R15: 0000000000022000 sctp: [Deprecated]: syz-executor.5 (pid 17164) Use of int in maxseg socket option. Use struct sctp_assoc_value instead Bluetooth: hci5: command 0x0405 tx timeout kauditd_printk_skb: 2 callbacks suppressed audit: type=1804 audit(1613467113.447:14): pid=17581 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir194831248/syzkaller.bJMXSF/425/file1" dev="sda1" ino=16375 res=1 audit: type=1804 audit(1613467113.797:15): pid=17640 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir105352011/syzkaller.pvDC6t/420/file0" dev="sda1" ino=16372 res=1 audit: type=1804 audit(1613467113.897:16): pid=17663 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir410776888/syzkaller.lCvLX5/435/file1" dev="sda1" ino=16375 res=1 audit: type=1804 audit(1613467114.037:17): pid=17685 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir105352011/syzkaller.pvDC6t/424/file1/bus" dev="loop1" ino=3 res=1 attempt to access beyond end of device loop1: rw=0, want=90, limit=87 attempt to access beyond end of device loop1: rw=2049, want=98, limit=87 audit: type=1800 audit(1613467114.037:18): pid=17685 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=3 res=0 block nbd0: Receive control failed (result -32) block nbd0: shutting down sockets block nbd0: Could not allocate knbd recv work queue. block nbd0: shutting down sockets audit: type=1804 audit(1613467114.117:19): pid=17691 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir105352011/syzkaller.pvDC6t/424/file1/bus" dev="loop1" ino=3 res=1 netlink: 'syz-executor.1': attribute type 1 has an invalid length. block nbd0: Receive control failed (result -32) block nbd0: shutting down sockets block nbd5: Receive control failed (result -32) block nbd5: shutting down sockets audit: type=1804 audit(1613467114.117:20): pid=17691 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir105352011/syzkaller.pvDC6t/424/file1/bus" dev="loop1" ino=3 res=1 IPv6: ADDRCONF(NETDEV_UP): bond1: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1 team0: Port device bond1 added netlink: 'syz-executor.1': attribute type 1 has an invalid length. block nbd0: Receive control failed (result -32) block nbd0: shutting down sockets netlink: 'syz-executor.2': attribute type 1 has an invalid length. block nbd0: Receive control failed (result -32) block nbd0: shutting down sockets netlink: 'syz-executor.1': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond2: link is not ready block nbd0: Receive control failed (result -32) 8021q: adding VLAN 0 to HW filter on device bond2 block nbd0: shutting down sockets team0: Port device bond2 added IPv6: ADDRCONF(NETDEV_UP): bond1: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1 team0: Port device bond1 added netlink: 'syz-executor.1': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond3: link is not ready 8021q: adding VLAN 0 to HW filter on device bond3 team0: Port device bond3 added netlink: 'syz-executor.1': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond4: link is not ready 8021q: adding VLAN 0 to HW filter on device bond4 team0: Port device bond4 added ieee80211 phy14: Selected rate control algorithm 'minstrel_ht' block nbd0: Receive control failed (result -32) block nbd0: shutting down sockets netlink: 'syz-executor.1': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond5: link is not ready 8021q: adding VLAN 0 to HW filter on device bond5 team0: Port device bond5 added netlink: 'syz-executor.1': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond6: link is not ready 8021q: adding VLAN 0 to HW filter on device bond6 team0: Port device bond6 added ieee80211 phy15: Selected rate control algorithm 'minstrel_ht' netlink: 'syz-executor.1': attribute type 1 has an invalid length. block nbd0: Receive control failed (result -32) block nbd0: shutting down sockets netlink: 'syz-executor.1': attribute type 1 has an invalid length. ieee80211 phy16: Selected rate control algorithm 'minstrel_ht' audit: type=1804 audit(1613467117.359:21): pid=18237 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir611439033/syzkaller.Pa4X6P/417/cgroup.controllers" dev="sda1" ino=16421 res=1 ieee80211 phy17: Selected rate control algorithm 'minstrel_ht' audit: type=1800 audit(1613467117.359:22): pid=18251 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="cgroup.controllers" dev="sda1" ino=16421 res=0 audit: type=1804 audit(1613467117.359:23): pid=18202 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir611439033/syzkaller.Pa4X6P/417/cgroup.controllers" dev="sda1" ino=16421 res=1 block nbd0: Receive control failed (result -32) block nbd0: shutting down sockets netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. block nbd0: Receive control failed (result -32) block nbd0: shutting down sockets ieee80211 phy18: Selected rate control algorithm 'minstrel_ht' block nbd3: Receive control failed (result -32) block nbd3: shutting down sockets ieee80211 phy19: Selected rate control algorithm 'minstrel_ht' block nbd0: Receive control failed (result -32) block nbd0: shutting down sockets validate_nla: 6 callbacks suppressed netlink: 'syz-executor.1': attribute type 1 has an invalid length. ieee80211 phy20: Selected rate control algorithm 'minstrel_ht' block nbd3: Receive control failed (result -32) block nbd3: shutting down sockets netlink: 'syz-executor.1': attribute type 1 has an invalid length. ieee80211 phy21: Selected rate control algorithm 'minstrel_ht' block nbd0: Receive control failed (result -32) block nbd0: shutting down sockets netlink: 'syz-executor.1': attribute type 1 has an invalid length. ieee80211 phy22: Selected rate control algorithm 'minstrel_ht' netlink: 'syz-executor.1': attribute type 1 has an invalid length. block nbd3: Receive control failed (result -32) block nbd3: shutting down sockets ieee80211 phy23: Selected rate control algorithm 'minstrel_ht'