possible deadlock in mgmt_index_removed
============================================
WARNING: possible recursive locking detected
6.15.0-rc6-syzkaller-00346-g5723cc3450bc-dirty #0 Not tainted
--------------------------------------------
syz-executor/5428 is trying to acquire lock:
ffff88803ef90078 (&hdev->lock){+.+.}-{4:4}, at: mgmt_index_removed+0x10b/0x310 net/bluetooth/mgmt.c:9365
but task is already holding lock:
ffff88803ef90078 (&hdev->lock){+.+.}-{4:4}, at: hci_unregister_dev+0x2d3/0x500 net/bluetooth/hci_core.c:2683
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&hdev->lock);
lock(&hdev->lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
1 lock held by syz-executor/5428:
#0: ffff88803ef90078 (&hdev->lock){+.+.}-{4:4}, at: hci_unregister_dev+0x2d3/0x500 net/bluetooth/hci_core.c:2683
stack backtrace:
CPU: 0 UID: 0 PID: 5428 Comm: syz-executor Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc-dirty #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
print_deadlock_bug+0x28b/0x2a0 kernel/locking/lockdep.c:3042
check_deadlock kernel/locking/lockdep.c:3094 [inline]
validate_chain+0x1a3f/0x2140 kernel/locking/lockdep.c:3896
__lock_acquire+0xaac/0xd20 kernel/locking/lockdep.c:5235
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
__mutex_lock_common kernel/locking/mutex.c:601 [inline]
__mutex_lock+0x182/0xe80 kernel/locking/mutex.c:746
mgmt_index_removed+0x10b/0x310 net/bluetooth/mgmt.c:9365
hci_unregister_dev+0x2db/0x500 net/bluetooth/hci_core.c:2684
vhci_release+0x80/0xd0 drivers/bluetooth/hci_vhci.c:665
__fput+0x44c/0xa70 fs/file_table.c:465
task_work_run+0x1d1/0x260 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x8d6/0x2550 kernel/exit.c:953
do_group_exit+0x21c/0x2d0 kernel/exit.c:1102
__do_sys_exit_group kernel/exit.c:1113 [inline]
__se_sys_exit_group kernel/exit.c:1111 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1111
x64_sys_call+0x21ba/0x21c0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f462058e969
Code: Unable to access opcode bytes at 0x7f462058e93f.
RSP: 002b:00007fff116e7dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f4620612297 RCX: 00007f462058e969
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 00007f46206122a9 R08: 00007fff116e5b67 R09: 00007f462077d260
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 00007f462077d260 R14: 0000000000019780 R15: 00007fff116e7f70
Warning: Permanently added '[localhost]:20099' (ED25519) to the list of known hosts.
2025/05/17 23:41:13 ignoring optional flag "sandboxArg"="0"
2025/05/17 23:41:15 parsed 1 programs
syzkaller login: [ 88.311484][ T5314] cgroup: Unknown subsys name 'net'
[ 88.383627][ T5314] cgroup: Unknown subsys name 'cpuset'
[ 88.388890][ T5314] cgroup: Unknown subsys name 'rlimit'
[ 90.008177][ T5314] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.799220][ T9] cfg80211: failed to load regulatory.db
[ 94.566712][ T5338] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 97.135660][ T1037] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.164086][ T1037] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.702746][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.706327][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.935202][ T5349] syz-executor (5349) used greatest stack depth: 19544 bytes left
[ 99.574690][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 99.578987][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 99.584537][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 99.588433][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 99.592438][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 99.676739][ T5335] chnl_net:caif_netlink_parms(): no params data found
[ 100.312741][ T5335] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.319262][ T5335] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.322593][ T5335] bridge_slave_0: entered allmulticast mode
[ 100.359392][ T5335] bridge_slave_0: entered promiscuous mode
[ 100.491870][ T5335] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.495127][ T5335] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.498204][ T5335] bridge_slave_1: entered allmulticast mode
[ 100.549870][ T5335] bridge_slave_1: entered promiscuous mode
[ 100.693954][ T5335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 100.730243][ T5335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 100.895900][ T5335] team0: Port device team_slave_0 added
[ 100.938405][ T5335] team0: Port device team_slave_1 added
[ 101.226767][ T5335] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 101.259133][ T5335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 101.329141][ T5335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 101.384818][ T5335] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 101.387885][ T5335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 101.446440][ T5335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 101.610884][ T5335] hsr_slave_0: entered promiscuous mode
[ 101.624828][ T5335] hsr_slave_1: entered promiscuous mode
[ 101.630788][ T50] Bluetooth: hci0: command tx timeout
[ 101.873491][ T5335] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 101.882626][ T5335] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 101.888490][ T5335] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 101.895931][ T5335] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 101.988600][ T5335] 8021q: adding VLAN 0 to HW filter on device bond0
[ 102.012218][ T5335] 8021q: adding VLAN 0 to HW filter on device team0
[ 102.022072][ T1033] bridge0: port 1(bridge_slave_0) entered blocking state
[ 102.025263][ T1033] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 102.047177][ T1033] bridge0: port 2(bridge_slave_1) entered blocking state
[ 102.050334][ T1033] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 102.256961][ T5335] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 102.472910][ T5335] veth0_vlan: entered promiscuous mode
[ 102.482161][ T5335] veth1_vlan: entered promiscuous mode
[ 102.514766][ T5335] veth0_macvtap: entered promiscuous mode
[ 102.522175][ T5335] veth1_macvtap: entered promiscuous mode
[ 102.540767][ T5335] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 102.552484][ T5335] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 102.563140][ T5335] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.567057][ T5335] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.572711][ T5335] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.576643][ T5335] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/05/17 23:41:32 executed programs: 0
[ 102.805394][ T4661] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 102.816765][ T4661] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 102.822313][ T4661] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 102.826927][ T4661] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 102.831502][ T4661] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 103.247744][ T5428] chnl_net:caif_netlink_parms(): no params data found
[ 103.362978][ T5428] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.366187][ T5428] bridge0: port 1(bridge_slave_0) entered disabled state
[ 103.370874][ T5428] bridge_slave_0: entered allmulticast mode
[ 103.374573][ T5428] bridge_slave_0: entered promiscuous mode
[ 103.381245][ T5428] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.384385][ T5428] bridge0: port 2(bridge_slave_1) entered disabled state
[ 103.387479][ T5428] bridge_slave_1: entered allmulticast mode
[ 103.393306][ T5428] bridge_slave_1: entered promiscuous mode
[ 103.424410][ T5428] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 103.431177][ T5428] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 103.462347][ T5428] team0: Port device team_slave_0 added
[ 103.467110][ T5428] team0: Port device team_slave_1 added
[ 103.497176][ T5428] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 103.502248][ T5428] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 103.513924][ T5428] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 103.522248][ T5428] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 103.525378][ T5428] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 103.537171][ T5428] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 103.582304][ T5428] hsr_slave_0: entered promiscuous mode
[ 103.585816][ T5428] hsr_slave_1: entered promiscuous mode
[ 103.588868][ T5428] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 103.594216][ T5428] Cannot create hsr debugfs directory
[ 103.709492][ T50] Bluetooth: hci0: command tx timeout
[ 103.793117][ T5428] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 103.800887][ T5428] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 103.807875][ T5428] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 103.818377][ T5428] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 103.843826][ T5428] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.847192][ T5428] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 103.851261][ T5428] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.854322][ T5428] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 103.908010][ T5428] 8021q: adding VLAN 0 to HW filter on device bond0
[ 103.923183][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 103.927845][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 103.942255][ T5428] 8021q: adding VLAN 0 to HW filter on device team0
[ 103.957634][ T1033] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.960875][ T1033] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 103.974735][ T1033] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.978310][ T1033] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 104.174524][ T5428] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 104.215304][ T5428] veth0_vlan: entered promiscuous mode
[ 104.224740][ T5428] veth1_vlan: entered promiscuous mode
[ 104.254898][ T5428] veth0_macvtap: entered promiscuous mode
[ 104.261810][ T5428] veth1_macvtap: entered promiscuous mode
[ 104.277764][ T5428] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 104.288769][ T5428] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 104.296500][ T5428] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.302672][ T5428] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.306573][ T5428] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.312273][ T5428] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.385177][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.388595][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.426472][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.433660][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.766732][ T5428]
[ 104.767865][ T5428] ============================================
[ 104.770638][ T5428] WARNING: possible recursive locking detected
[ 104.773310][ T5428] 6.15.0-rc6-syzkaller-00346-g5723cc3450bc-dirty #0 Not tainted
[ 104.777485][ T5428] --------------------------------------------
[ 104.780117][ T5428] syz-executor/5428 is trying to acquire lock:
[ 104.782906][ T5428] ffff88803ef90078 (&hdev->lock){+.+.}-{4:4}, at: mgmt_index_removed+0x10b/0x310
[ 104.786940][ T5428]
[ 104.786940][ T5428] but task is already holding lock:
[ 104.790341][ T5428] ffff88803ef90078 (&hdev->lock){+.+.}-{4:4}, at: hci_unregister_dev+0x2d3/0x500
[ 104.794363][ T5428]
[ 104.794363][ T5428] other info that might help us debug this:
[ 104.797740][ T5428] Possible unsafe locking scenario:
[ 104.797740][ T5428]
[ 104.800954][ T5428] CPU0
[ 104.802424][ T5428] ----
[ 104.803931][ T5428] lock(&hdev->lock);
[ 104.805663][ T5428] lock(&hdev->lock);
[ 104.807445][ T5428]
[ 104.807445][ T5428] *** DEADLOCK ***
[ 104.807445][ T5428]
[ 104.810846][ T5428] May be due to missing lock nesting notation
[ 104.810846][ T5428]
[ 104.814303][ T5428] 1 lock held by syz-executor/5428:
[ 104.816520][ T5428] #0: ffff88803ef90078 (&hdev->lock){+.+.}-{4:4}, at: hci_unregister_dev+0x2d3/0x500
[ 104.820530][ T5428]
[ 104.820530][ T5428] stack backtrace:
[ 104.823093][ T5428] CPU: 0 UID: 0 PID: 5428 Comm: syz-executor Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc-dirty #0 PREEMPT(full)
[ 104.823106][ T5428] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 104.823113][ T5428] Call Trace:
[ 104.823119][ T5428]
[ 104.823124][ T5428] dump_stack_lvl+0x189/0x250
[ 104.823142][ T5428] ? __pfx_dump_stack_lvl+0x10/0x10
[ 104.823155][ T5428] ? __pfx__printk+0x10/0x10
[ 104.823165][ T5428] ? print_lock_name+0xde/0x100
[ 104.823181][ T5428] print_deadlock_bug+0x28b/0x2a0
[ 104.823193][ T5428] validate_chain+0x1a3f/0x2140
[ 104.823202][ T5428] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 104.823220][ T5428] __lock_acquire+0xaac/0xd20
[ 104.823234][ T5428] ? mgmt_index_removed+0x10b/0x310
[ 104.823245][ T5428] lock_acquire+0x120/0x360
[ 104.823258][ T5428] ? mgmt_index_removed+0x10b/0x310
[ 104.823272][ T5428] __mutex_lock+0x182/0xe80
[ 104.823283][ T5428] ? mgmt_index_removed+0x10b/0x310
[ 104.823298][ T5428] ? __mutex_trylock_common+0x153/0x260
[ 104.823311][ T5428] ? __pfx___mutex_trylock_common+0x10/0x10
[ 104.823320][ T5428] ? mgmt_index_removed+0x10b/0x310
[ 104.823330][ T5428] ? __pfx___mutex_lock+0x10/0x10
[ 104.823343][ T5428] ? rcu_is_watching+0x15/0xb0
[ 104.823352][ T5428] ? trace_contention_end+0x39/0x120
[ 104.823362][ T5428] ? hci_unregister_dev+0x20e/0x500
[ 104.823376][ T5428] mgmt_index_removed+0x10b/0x310
[ 104.823386][ T5428] ? __pfx___mutex_lock+0x10/0x10
[ 104.823399][ T5428] ? __pfx_mgmt_index_removed+0x10/0x10
[ 104.823414][ T5428] ? __pfx_hci_dev_close_sync+0x10/0x10
[ 104.823423][ T5428] ? up_write+0x1c4/0x420
[ 104.823436][ T5428] hci_unregister_dev+0x2db/0x500
[ 104.823449][ T5428] vhci_release+0x80/0xd0
[ 104.823461][ T5428] ? __pfx_vhci_release+0x10/0x10
[ 104.823470][ T5428] __fput+0x44c/0xa70
[ 104.826159][ T5428] task_work_run+0x1d1/0x260
[ 104.826172][ T5428] ? __pfx_task_work_run+0x10/0x10
[ 104.826190][ T5428] ? kmem_cache_free+0x192/0x3f0
[ 104.826207][ T5428] do_exit+0x8d6/0x2550
[ 104.826221][ T5428] ? __pfx_do_exit+0x10/0x10
[ 104.826236][ T5428] ? _raw_spin_unlock_irq+0x23/0x50
[ 104.826246][ T5428] ? lockdep_hardirqs_on+0x9c/0x150
[ 104.826263][ T5428] do_group_exit+0x21c/0x2d0
[ 104.826275][ T5428] __x64_sys_exit_group+0x3f/0x40
[ 104.826288][ T5428] x64_sys_call+0x21ba/0x21c0
[ 104.826304][ T5428] do_syscall_64+0xf6/0x210
[ 104.826317][ T5428] ? clear_bhb_loop+0x60/0xb0
[ 104.826329][ T5428] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.826339][ T5428] RIP: 0033:0x7f462058e969
[ 104.826347][ T5428] Code: Unable to access opcode bytes at 0x7f462058e93f.
[ 104.826352][ T5428] RSP: 002b:00007fff116e7dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 104.826363][ T5428] RAX: ffffffffffffffda RBX: 00007f4620612297 RCX: 00007f462058e969
[ 104.826371][ T5428] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[ 104.826376][ T5428] RBP: 00007f46206122a9 R08: 00007fff116e5b67 R09: 00007f462077d260
[ 104.826387][ T5428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 104.826392][ T5428] R13: 00007f462077d260 R14: 0000000000019780 R15: 00007fff116e7f70
[ 104.826402][ T5428]
[ 105.221855][ T48] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 106.001857][ T48] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 106.032391][ T48] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 106.062433][ T48] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 106.141381][ T48] bridge_slave_1: left allmulticast mode
[ 106.143913][ T48] bridge_slave_1: left promiscuous mode
[ 106.146436][ T48] bridge0: port 2(bridge_slave_1) entered disabled state
[ 106.151053][ T48] bridge_slave_0: left allmulticast mode
[ 106.153527][ T48] bridge_slave_0: left promiscuous mode
[ 106.155988][ T48] bridge0: port 1(bridge_slave_0) entered disabled state
[ 106.233284][ T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 106.238207][ T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 106.243434][ T48] bond0 (unregistering): Released all slaves
[ 106.312852][ T48] hsr_slave_0: left promiscuous mode
[ 106.315732][ T48] hsr_slave_1: left promiscuous mode
[ 106.318406][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 106.323733][ T48] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 106.331831][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 106.334694][ T48] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 106.353667][ T48] veth1_macvtap: left promiscuous mode
[ 106.356174][ T48] veth0_macvtap: left promiscuous mode
[ 106.358681][ T48] veth1_vlan: left promiscuous mode
[ 106.370871][ T48] veth0_vlan: left promiscuous mode
[ 106.542004][ T48] team0 (unregistering): Port device team_slave_1 removed
[ 106.553795][ T48] team0 (unregistering): Port device team_slave_0 removed
VM DIAGNOSIS:
23:41:34 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000072 RBX=0000000000000072 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900026d7010
R8 =ffff888000b80237 R9 =1ffff11000170046 R10=dffffc0000000000 R11=ffffffff853e18b0
R12=dffffc0000000000 R13=ffffffff99850c5f R14=ffffffff99b55c40 R15=0000000000000000
RIP=ffffffff853e192c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d6c2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000000000570e60 CR3=000000000dd38000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000a60ce07b 00000000cec3662e
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6cee38cca59f481e
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f17df3c66a3c5e1f d1def7dc81e8bad0
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001e40
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000045fa00000003 28f51c0014361600
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000008000045fa 00000000000045fa
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000045fa24a1fa00 25c0ee00e80dbf00
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 50947d00aa1c9d00 0000000022afe300
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e75ef055f668ac60 5151fed073c43ec7
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3ebecf9dfc61bdd9 0aecfc0672314c27
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 72c1e96872c1e968 72c1e96872c1e968
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1bf6d1761bf6d176 1bf6d1761bf6d176
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
syzkaller build log:
go env (err=)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/syzkaller/jobs/linux/gopath/pkg/mod/golang.org/toolchain@v0.0.1-go1.23.7.linux-amd64'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/syzkaller/jobs/linux/gopath/pkg/mod/golang.org/toolchain@v0.0.1-go1.23.7.linux-amd64/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.7'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build4194737262=/tmp/go-build -gno-record-gcc-switches'
git status (err=)
HEAD detached at 77908e5f2
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=77908e5f2ae80bee6d434bca762a25a0a5fc6a83 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250509-090543'" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"77908e5f2ae80bee6d434bca762a25a0a5fc6a83\"
/usr/bin/ld: /tmp/ccbAI600.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking