possible deadlock in mgmt_index_removed
============================================
WARNING: possible recursive locking detected
6.15.0-rc6-syzkaller-00234-g83a896549f92-dirty #0 Not tainted
--------------------------------------------
syz-executor/5368 is trying to acquire lock:
ffff88803f6a8078 (&hdev->lock){+.+.}-{4:4}, at: mgmt_index_removed+0x10b/0x310 net/bluetooth/mgmt.c:9365
but task is already holding lock:
ffff88803f6a8078 (&hdev->lock){+.+.}-{4:4}, at: hci_unregister_dev+0x2d3/0x500 net/bluetooth/hci_core.c:2683
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&hdev->lock);
lock(&hdev->lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
1 lock held by syz-executor/5368:
#0: ffff88803f6a8078 (&hdev->lock){+.+.}-{4:4}, at: hci_unregister_dev+0x2d3/0x500 net/bluetooth/hci_core.c:2683
stack backtrace:
CPU: 0 UID: 0 PID: 5368 Comm: syz-executor Not tainted 6.15.0-rc6-syzkaller-00234-g83a896549f92-dirty #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
print_deadlock_bug+0x28b/0x2a0 kernel/locking/lockdep.c:3042
check_deadlock kernel/locking/lockdep.c:3094 [inline]
validate_chain+0x1a3f/0x2140 kernel/locking/lockdep.c:3896
__lock_acquire+0xaac/0xd20 kernel/locking/lockdep.c:5235
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
__mutex_lock_common kernel/locking/mutex.c:601 [inline]
__mutex_lock+0x182/0xe80 kernel/locking/mutex.c:746
mgmt_index_removed+0x10b/0x310 net/bluetooth/mgmt.c:9365
hci_unregister_dev+0x2db/0x500 net/bluetooth/hci_core.c:2684
vhci_release+0x80/0xd0 drivers/bluetooth/hci_vhci.c:665
__fput+0x44c/0xa70 fs/file_table.c:465
task_work_run+0x1d4/0x260 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x8d6/0x2550 kernel/exit.c:953
do_group_exit+0x21c/0x2d0 kernel/exit.c:1102
get_signal+0x125e/0x1310 kernel/signal.c:3034
arch_do_signal_or_restart+0x95/0x780 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x8b/0x120 kernel/entry/common.c:218
do_syscall_64+0x103/0x210 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f47a758d37c
Code: Unable to access opcode bytes at 0x7f47a758d352.
RSP: 002b:00007ffdfb34eb80 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 00007f47a758d37c
RDX: 0000000000000030 RSI: 00007ffdfb34ec40 RDI: 00000000000000f9
RBP: 00007ffdfb34ebec R08: 0000000000000000 R09: 0079746972756365
R10: 00007ffdfb34e540 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000000927c0 R14: 0000000000018061 R15: 00007ffdfb34ec40
Warning: Permanently added '[localhost]:49415' (ED25519) to the list of known hosts.
2025/05/16 19:28:06 ignoring optional flag "sandboxArg"="0"
2025/05/16 19:28:08 parsed 1 programs
syzkaller login: [ 88.210394][ T5315] cgroup: Unknown subsys name 'net'
[ 88.296604][ T5315] cgroup: Unknown subsys name 'cpuset'
[ 88.302295][ T5315] cgroup: Unknown subsys name 'rlimit'
[ 89.962319][ T5315] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.923095][ T58] cfg80211: failed to load regulatory.db
[ 94.704530][ T5336] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 94.901644][ T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.923113][ T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 95.457537][ T2998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 95.460815][ T2998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 96.501230][ T5338] syz-executor (5338) used greatest stack depth: 17752 bytes left
[ 96.865110][ T5369] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 96.893057][ T5369] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 96.914883][ T5369] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 96.919327][ T5369] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 96.934003][ T5369] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 98.774198][ T5368]
[ 98.775322][ T5368] ============================================
[ 98.778110][ T5368] WARNING: possible recursive locking detected
[ 98.780779][ T5368] 6.15.0-rc6-syzkaller-00234-g83a896549f92-dirty #0 Not tainted
[ 98.785018][ T5368] --------------------------------------------
[ 98.787785][ T5368] syz-executor/5368 is trying to acquire lock:
[ 98.790719][ T5368] ffff88803f6a8078 (&hdev->lock){+.+.}-{4:4}, at: mgmt_index_removed+0x10b/0x310
[ 98.794883][ T5368]
[ 98.794883][ T5368] but task is already holding lock:
[ 98.798259][ T5368] ffff88803f6a8078 (&hdev->lock){+.+.}-{4:4}, at: hci_unregister_dev+0x2d3/0x500
[ 98.802384][ T5368]
[ 98.802384][ T5368] other info that might help us debug this:
[ 98.806075][ T5368] Possible unsafe locking scenario:
[ 98.806075][ T5368]
[ 98.809438][ T5368] CPU0
[ 98.810938][ T5368] ----
[ 98.812449][ T5368] lock(&hdev->lock);
[ 98.814277][ T5368] lock(&hdev->lock);
[ 98.816126][ T5368]
[ 98.816126][ T5368] *** DEADLOCK ***
[ 98.816126][ T5368]
[ 98.819747][ T5368] May be due to missing lock nesting notation
[ 98.819747][ T5368]
[ 98.823254][ T5368] 1 lock held by syz-executor/5368:
[ 98.825481][ T5368] #0: ffff88803f6a8078 (&hdev->lock){+.+.}-{4:4}, at: hci_unregister_dev+0x2d3/0x500
[ 98.829680][ T5368]
[ 98.829680][ T5368] stack backtrace:
[ 98.832344][ T5368] CPU: 0 UID: 0 PID: 5368 Comm: syz-executor Not tainted 6.15.0-rc6-syzkaller-00234-g83a896549f92-dirty #0 PREEMPT(full)
[ 98.832358][ T5368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 98.832366][ T5368] Call Trace:
[ 98.832374][ T5368]
[ 98.832379][ T5368] dump_stack_lvl+0x189/0x250
[ 98.832398][ T5368] ? __pfx_dump_stack_lvl+0x10/0x10
[ 98.832411][ T5368] ? __pfx__printk+0x10/0x10
[ 98.832422][ T5368] ? print_lock_name+0xde/0x100
[ 98.832438][ T5368] print_deadlock_bug+0x28b/0x2a0
[ 98.832450][ T5368] validate_chain+0x1a3f/0x2140
[ 98.832460][ T5368] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 98.832479][ T5368] __lock_acquire+0xaac/0xd20
[ 98.832494][ T5368] ? mgmt_index_removed+0x10b/0x310
[ 98.832508][ T5368] lock_acquire+0x120/0x360
[ 98.832522][ T5368] ? mgmt_index_removed+0x10b/0x310
[ 98.832535][ T5368] __mutex_lock+0x182/0xe80
[ 98.832549][ T5368] ? mgmt_index_removed+0x10b/0x310
[ 98.832560][ T5368] ? __mutex_trylock_common+0x153/0x260
[ 98.832571][ T5368] ? __pfx___mutex_trylock_common+0x10/0x10
[ 98.832581][ T5368] ? mgmt_index_removed+0x10b/0x310
[ 98.832593][ T5368] ? __pfx___mutex_lock+0x10/0x10
[ 98.832605][ T5368] ? rcu_is_watching+0x15/0xb0
[ 98.832615][ T5368] ? trace_contention_end+0x39/0x120
[ 98.832626][ T5368] ? hci_unregister_dev+0x20e/0x500
[ 98.832643][ T5368] mgmt_index_removed+0x10b/0x310
[ 98.832654][ T5368] ? __pfx___mutex_lock+0x10/0x10
[ 98.832666][ T5368] ? __pfx_mgmt_index_removed+0x10/0x10
[ 98.832676][ T5368] ? __pfx_hci_dev_close_sync+0x10/0x10
[ 98.832687][ T5368] ? up_write+0x1c4/0x420
[ 98.832699][ T5368] hci_unregister_dev+0x2db/0x500
[ 98.832715][ T5368] vhci_release+0x80/0xd0
[ 98.832727][ T5368] ? __pfx_vhci_release+0x10/0x10
[ 98.832738][ T5368] __fput+0x44c/0xa70
[ 98.832799][ T5368] task_work_run+0x1d4/0x260
[ 98.832815][ T5368] ? __pfx_task_work_run+0x10/0x10
[ 98.832829][ T5368] ? kmem_cache_free+0x192/0x3f0
[ 98.832844][ T5368] do_exit+0x8d6/0x2550
[ 98.832859][ T5368] ? do_raw_spin_lock+0x121/0x290
[ 98.832868][ T5368] ? __pfx_do_exit+0x10/0x10
[ 98.832876][ T5368] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 98.832887][ T5368] do_group_exit+0x21c/0x2d0
[ 98.832900][ T5368] ? lockdep_hardirqs_on+0x9c/0x150
[ 98.832914][ T5368] get_signal+0x125e/0x1310
[ 98.832936][ T5368] arch_do_signal_or_restart+0x95/0x780
[ 98.832946][ T5368] ? kmem_cache_free+0x301/0x3f0
[ 98.832960][ T5368] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 98.832972][ T5368] ? local_irq_enable_exit_to_user+0x5/0x10
[ 98.832983][ T5368] syscall_exit_to_user_mode+0x8b/0x120
[ 98.832992][ T5368] do_syscall_64+0x103/0x210
[ 98.833002][ T5368] ? clear_bhb_loop+0x60/0xb0
[ 98.833010][ T5368] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 98.833018][ T5368] RIP: 0033:0x7f47a758d37c
[ 98.833024][ T5368] Code: Unable to access opcode bytes at 0x7f47a758d352.
[ 98.833028][ T5368] RSP: 002b:00007ffdfb34eb80 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 98.833040][ T5368] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 00007f47a758d37c
[ 98.833047][ T5368] RDX: 0000000000000030 RSI: 00007ffdfb34ec40 RDI: 00000000000000f9
[ 98.833053][ T5368] RBP: 00007ffdfb34ebec R08: 0000000000000000 R09: 0079746972756365
[ 98.833061][ T5368] R10: 00007ffdfb34e540 R11: 0000000000000246 R12: 0000000000000001
[ 98.833067][ T5368] R13: 00000000000927c0 R14: 0000000000018061 R15: 00007ffdfb34ec40
[ 98.833078][ T5368]
[ 99.955466][ T5354] chnl_net:caif_netlink_parms(): no params data found
[ 100.073962][ T5354] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.085369][ T5354] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.093068][ T5354] bridge_slave_0: entered allmulticast mode
[ 100.109276][ T5354] bridge_slave_0: entered promiscuous mode
[ 100.120035][ T5354] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.129560][ T5354] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.139791][ T5354] bridge_slave_1: entered allmulticast mode
[ 100.150654][ T5354] bridge_slave_1: entered promiscuous mode
[ 100.193240][ T5354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 100.204143][ T5354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 100.262321][ T5354] team0: Port device team_slave_0 added
[ 100.277316][ T5354] team0: Port device team_slave_1 added
[ 100.323106][ T5354] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 100.326197][ T5354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.357552][ T5354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 100.373484][ T5354] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 100.376636][ T5354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.395454][ T5354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 100.415140][ T5354] hsr_slave_0: entered promiscuous mode
[ 100.418307][ T5354] hsr_slave_1: entered promiscuous mode
[ 100.486378][ T5354] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 100.491425][ T5354] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 100.496773][ T5354] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 100.501497][ T5354] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 100.546723][ T5354] 8021q: adding VLAN 0 to HW filter on device bond0
[ 100.557899][ T5354] 8021q: adding VLAN 0 to HW filter on device team0
[ 100.564484][ T31] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.567698][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 100.575648][ T31] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.578889][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 100.721924][ T5354] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 100.755005][ T5354] veth0_vlan: entered promiscuous mode
[ 100.766421][ T5354] veth1_vlan: entered promiscuous mode
[ 100.794428][ T5354] veth0_macvtap: entered promiscuous mode
[ 100.805683][ T5354] veth1_macvtap: entered promiscuous mode
[ 100.821891][ T5354] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 100.829350][ T5354] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 100.836041][ T5354] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.840356][ T5354] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.844966][ T5354] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.848943][ T5354] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/05/16 19:28:23 executed programs: 0
[ 101.013794][ T5369] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 101.017148][ T5369] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 101.020411][ T5369] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 101.035450][ T5369] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 101.038675][ T5369] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 101.209300][ T5423] chnl_net:caif_netlink_parms(): no params data found
[ 101.264598][ T5423] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.267830][ T5423] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.270938][ T5423] bridge_slave_0: entered allmulticast mode
[ 101.284275][ T5423] bridge_slave_0: entered promiscuous mode
[ 101.288654][ T5423] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.291850][ T5423] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.304908][ T5423] bridge_slave_1: entered allmulticast mode
[ 101.308917][ T5423] bridge_slave_1: entered promiscuous mode
[ 101.344729][ T5423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 101.350123][ T5423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 101.404166][ T5423] team0: Port device team_slave_0 added
[ 101.414160][ T5423] team0: Port device team_slave_1 added
[ 101.464236][ T5423] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 101.467427][ T5423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 101.524876][ T5423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 101.533942][ T5423] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 101.536944][ T5423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 101.556644][ T5423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 101.577493][ T5423] hsr_slave_0: entered promiscuous mode
[ 101.580492][ T5423] hsr_slave_1: entered promiscuous mode
[ 101.583557][ T5423] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 101.586820][ T5423] Cannot create hsr debugfs directory
[ 101.671639][ T5423] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 101.684967][ T5423] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 101.689759][ T5423] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 101.695328][ T5423] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 101.738872][ T5423] 8021q: adding VLAN 0 to HW filter on device bond0
[ 101.750284][ T5423] 8021q: adding VLAN 0 to HW filter on device team0
[ 101.759250][ T3014] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.762476][ T3014] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 101.776899][ T3014] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.780075][ T3014] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 101.794837][ T5423] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 101.799531][ T5423] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 101.893807][ T5423] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 101.921315][ T5423] veth0_vlan: entered promiscuous mode
[ 101.927787][ T5423] veth1_vlan: entered promiscuous mode
[ 101.944392][ T5423] veth0_macvtap: entered promiscuous mode
[ 101.948942][ T5423] veth1_macvtap: entered promiscuous mode
[ 101.959001][ T5423] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 101.967366][ T5423] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 101.974334][ T5423] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.978242][ T5423] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.982099][ T5423] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.987697][ T5423] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.017256][ T5423] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 102.031112][ T1034] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.036826][ T5423] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
[ 102.042499][ T1034] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.060001][ T3014] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.065051][ T3014] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.407753][ T2998] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 103.526458][ T2998] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 104.285604][ T2998] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 104.317214][ T2998] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 104.398084][ T2998] bridge_slave_1: left allmulticast mode
[ 104.400556][ T2998] bridge_slave_1: left promiscuous mode
[ 104.406727][ T2998] bridge0: port 2(bridge_slave_1) entered disabled state
[ 104.410896][ T2998] bridge_slave_0: left allmulticast mode
[ 104.414563][ T2998] bridge_slave_0: left promiscuous mode
[ 104.417073][ T2998] bridge0: port 1(bridge_slave_0) entered disabled state
[ 104.526855][ T2998] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 104.532481][ T2998] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 104.537559][ T2998] bond0 (unregistering): Released all slaves
[ 104.601253][ T2998] hsr_slave_0: left promiscuous mode
[ 104.606654][ T2998] hsr_slave_1: left promiscuous mode
[ 104.614144][ T2998] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 104.617425][ T2998] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 104.633234][ T2998] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 104.636971][ T2998] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 104.663323][ T2998] veth1_macvtap: left promiscuous mode
[ 104.665793][ T2998] veth0_macvtap: left promiscuous mode
[ 104.668265][ T2998] veth1_vlan: left promiscuous mode
[ 104.670638][ T2998] veth0_vlan: left promiscuous mode
[ 104.837769][ T2998] team0 (unregistering): Port device team_slave_1 removed
[ 104.847365][ T2998] team0 (unregistering): Port device team_slave_0 removed
VM DIAGNOSIS:
19:28:21 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000079 RBX=0000000000000079 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000d52edf0
R8 =ffff888000b60237 R9 =1ffff1100016c046 R10=dffffc0000000000 R11=ffffffff853e04f0
R12=dffffc0000000000 R13=ffffffff9984bc64 R14=ffffffff99b50c00 R15=0000000000000000
RIP=ffffffff853e056c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d6c7000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fff08f02e48 CR3=000000001f723000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcfeffd0 Opmask01=0000000000000003 Opmask02=00000000ffff7fdf Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005597abcaeb30
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005597abcbcbf0
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0c36552c80
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3030323a30696368 2f306963682f6874 6f6f7465756c622f 6c6175747269762f
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 005600051f40494c 43055c5155484005 424b4c55554c4e53 004057005b1a0f00
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7377685f31313230 3863616d2f6c6175 747269762f736563 697665642f737973
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 003a756b733a322e 392d3533712d6370 7276633a3174633a 554d45516e76633a
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 322e392d3533712d 63707276703a2939 3030322c39484349 2b35335128435064
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7261646e6174536e 703a554d45516e76 733a302e3072623a 343130322f31302f
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343064623a312b32 316f70627e322d33 2e36312e312d6e61 696265642d332e36
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 313731302c453631 302c353631302c34 3631302c33343130 2c323431302c3134
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
syzkaller build log:
go env (err=)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/syzkaller/jobs/linux/gopath/pkg/mod/golang.org/toolchain@v0.0.1-go1.23.7.linux-amd64'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/syzkaller/jobs/linux/gopath/pkg/mod/golang.org/toolchain@v0.0.1-go1.23.7.linux-amd64/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.7'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2323670350=/tmp/go-build -gno-record-gcc-switches'
git status (err=)
HEAD detached at 77908e5f2
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=77908e5f2ae80bee6d434bca762a25a0a5fc6a83 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250509-090543'" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"77908e5f2ae80bee6d434bca762a25a0a5fc6a83\"
/usr/bin/ld: /tmp/ccKazgFn.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking