device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode ================================ WARNING: inconsistent lock state 4.19.177-syzkaller #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. swapper/1/0 [HC0[0]:SC1[1]:HE1:SE0] takes: 000000005e24ca21 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}, at: spin_lock include/linux/spinlock.h:329 [inline] 000000005e24ca21 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}, at: sco_sock_timeout+0x31/0x210 net/bluetooth/sco.c:82 {SOFTIRQ-ON-W} state was registered at: __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] sco_conn_del+0xe2/0x240 net/bluetooth/sco.c:175 sco_disconn_cfm+0x74/0xb0 net/bluetooth/sco.c:1133 hci_disconn_cfm include/net/bluetooth/hci_core.h:1261 [inline] hci_conn_hash_flush+0x127/0x260 net/bluetooth/hci_conn.c:1512 hci_dev_do_close+0x659/0xf10 net/bluetooth/hci_core.c:1666 hci_unregister_dev+0x18b/0x910 net/bluetooth/hci_core.c:3271 vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xbf3/0x2be0 kernel/exit.c:870 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe irq event stamp: 6193556 hardirqs last enabled at (6193556): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (6193556): [] _raw_spin_unlock_irq+0x24/0x80 kernel/locking/spinlock.c:192 hardirqs last disabled at (6193555): [] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline] hardirqs last disabled at (6193555): [] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:160 softirqs last enabled at (6193552): [] irq_enter+0xbd/0xd0 kernel/softirq.c:354 softirqs last disabled at (6193553): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (6193553): [] irq_exit+0x215/0x260 kernel/softirq.c:412 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(slock-AF_BLUETOOTH-BTPROTO_SCO); lock(slock-AF_BLUETOOTH-BTPROTO_SCO); *** DEADLOCK *** 1 lock held by swapper/1/0: #0: 000000005540f0b5 ((&sk->sk_timer)#2){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:168 [inline] #0: 000000005540f0b5 ((&sk->sk_timer)#2){+.-.}, at: call_timer_fn+0xc9/0x700 kernel/time/timer.c:1328 stack backtrace: CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.177-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_usage_bug.cold+0x42e/0x570 kernel/locking/lockdep.c:2544 valid_state kernel/locking/lockdep.c:2557 [inline] mark_lock_irq kernel/locking/lockdep.c:2751 [inline] mark_lock+0xc70/0x1160 kernel/locking/lockdep.c:3131 mark_irqflags kernel/locking/lockdep.c:3009 [inline] __lock_acquire+0xdc4/0x3ff0 kernel/locking/lockdep.c:3372 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] sco_sock_timeout+0x31/0x210 net/bluetooth/sco.c:82 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:535 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61 Code: 48 89 df e8 14 d5 81 f9 e9 2e ff ff ff 48 89 df e8 07 d5 81 f9 eb 82 90 90 90 90 90 e9 07 00 00 00 0f 00 2d 14 46 51 00 fb f4 90 e9 07 00 00 00 0f 00 2d 04 46 51 00 f4 c3 90 90 41 56 41 55 RSP: 0018:ffff8880b5aafd40 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3044 RBX: dffffc0000000000 RCX: 0000000000000000 RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880b5a9ac44 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff89f18210 R13: 1ffff11016b55fb2 R14: 0000000000000000 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0x49/0x310 arch/x86/kernel/process.c:557 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x2ec/0x4b0 kernel/sched/idle.c:263 cpu_startup_entry+0xc5/0xe0 kernel/sched/idle.c:369 start_secondary+0x435/0x5c0 arch/x86/kernel/smpboot.c:271 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 device vxlan0 entered promiscuous mode FAT-fs (loop4): Unrecognized mount option "func=FIRMWARE_CHECK" or missing value device vxlan0 entered promiscuous mode xt_ct_set_helper: 26 callbacks suppressed xt_CT: You must specify a L4 protocol and not use inversions on it ptrace attach of "/root/syz-executor.1"[30045] was attempted by "/root/syz-executor.1"[30046] xt_CT: You must specify a L4 protocol and not use inversions on it xt_CT: You must specify a L4 protocol and not use inversions on it xt_CT: You must specify a L4 protocol and not use inversions on it ptrace attach of "/root/syz-executor.1"[30068] was attempted by "/root/syz-executor.1"[30069] xt_CT: You must specify a L4 protocol and not use inversions on it device vxlan0 entered promiscuous mode ptrace attach of "/root/syz-executor.5"[30070] was attempted by "/root/syz-executor.5"[30071] xt_CT: You must specify a L4 protocol and not use inversions on it xt_CT: You must specify a L4 protocol and not use inversions on it ptrace attach of "/root/syz-executor.1"[30084] was attempted by "/root/syz-executor.1"[30087] xt_CT: You must specify a L4 protocol and not use inversions on it hfsplus: unable to parse mount options xt_CT: You must specify a L4 protocol and not use inversions on it ptrace attach of "/root/syz-executor.5"[30096] was attempted by "/root/syz-executor.5"[30105] xt_CT: You must specify a L4 protocol and not use inversions on it device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode xt_ct_set_helper: 30 callbacks suppressed xt_CT: You must specify a L4 protocol and not use inversions on it device vxlan0 entered promiscuous mode ptrace attach of "/root/syz-executor.5"[30326] was attempted by "/root/syz-executor.5"[30327] xt_CT: You must specify a L4 protocol and not use inversions on it xt_CT: You must specify a L4 protocol and not use inversions on it device vxlan0 entered promiscuous mode xt_CT: You must specify a L4 protocol and not use inversions on it ptrace attach of "/root/syz-executor.5"[30369] was attempted by "/root/syz-executor.5"[30371] xt_CT: You must specify a L4 protocol and not use inversions on it device vxlan0 entered promiscuous mode xt_CT: You must specify a L4 protocol and not use inversions on it ptrace attach of "/root/syz-executor.5"[30388] was attempted by "/root/syz-executor.5"[30389] xt_CT: You must specify a L4 protocol and not use inversions on it device vxlan0 entered promiscuous mode xt_CT: You must specify a L4 protocol and not use inversions on it ptrace attach of "/root/syz-executor.5"[30411] was attempted by "/root/syz-executor.5"[30415] device vxlan0 entered promiscuous mode xt_CT: You must specify a L4 protocol and not use inversions on it xt_CT: You must specify a L4 protocol and not use inversions on it device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode