Warning: Permanently added '10.128.1.138' (ED25519) to the list of known hosts. 2024/05/29 01:47:54 ignoring optional flag "sandboxArg"="0" 2024/05/29 01:47:54 parsed 1 programs [ 82.279495][ T25] cfg80211: failed to load regulatory.db 2024/05/29 01:47:55 executed programs: 0 [ 82.766770][ T5384] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 82.815462][ T4489] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.823810][ T4489] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.832159][ T4489] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.840789][ T4489] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.848689][ T4489] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 82.856799][ T4489] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.975595][ T5394] chnl_net:caif_netlink_parms(): no params data found [ 83.028253][ T5394] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.035677][ T5394] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.042993][ T5394] bridge_slave_0: entered allmulticast mode [ 83.050710][ T5394] bridge_slave_0: entered promiscuous mode [ 83.058776][ T5394] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.066402][ T5394] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.074381][ T5394] bridge_slave_1: entered allmulticast mode [ 83.082102][ T5394] bridge_slave_1: entered promiscuous mode [ 83.107505][ T5394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.119724][ T5394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.147396][ T5394] team0: Port device team_slave_0 added [ 83.155180][ T5394] team0: Port device team_slave_1 added [ 83.176383][ T5394] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.183758][ T5394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.210329][ T5394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.223216][ T5394] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.230383][ T5394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.256797][ T5394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.292445][ T5394] hsr_slave_0: entered promiscuous mode [ 83.298852][ T5394] hsr_slave_1: entered promiscuous mode [ 83.928593][ T5394] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.943549][ T5394] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.963697][ T5394] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.975190][ T5394] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.081135][ T5394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.106361][ T5394] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.122415][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.129973][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.153419][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.160630][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.206906][ T5394] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 84.384655][ T5394] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.444561][ T5394] veth0_vlan: entered promiscuous mode [ 84.457742][ T5394] veth1_vlan: entered promiscuous mode [ 84.496873][ T5394] veth0_macvtap: entered promiscuous mode [ 84.511987][ T5394] veth1_macvtap: entered promiscuous mode [ 84.538895][ T5394] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.560485][ T5394] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.576602][ T5394] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.587452][ T5394] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.598221][ T5394] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.608190][ T5394] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.701890][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.718668][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.761277][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.770876][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.825838][ T5465] input: syz1 as /devices/virtual/input/input5 [ 84.846801][ T5465] [ 84.849173][ T5465] ====================================================== [ 84.856369][ T5465] WARNING: possible circular locking dependency detected [ 84.863410][ T5465] 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0 Not tainted [ 84.870624][ T5465] ------------------------------------------------------ [ 84.877651][ T5465] syz-executor.0/5465 is trying to acquire lock: [ 84.883990][ T5465] ffff8880255e1070 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x19c/0x740 [ 84.893703][ T5465] [ 84.893703][ T5465] but task is already holding lock: [ 84.901088][ T5465] ffff8880255e00b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x3e4/0xb00 [ 84.909920][ T5465] [ 84.909920][ T5465] which lock already depends on the new lock. [ 84.909920][ T5465] [ 84.920520][ T5465] [ 84.920520][ T5465] the existing dependency chain (in reverse order) is: [ 84.929633][ T5465] [ 84.929633][ T5465] -> #3 (&ff->mutex){+.+.}-{3:3}: [ 84.936952][ T5465] lock_acquire+0x1ed/0x550 [ 84.942085][ T5465] __mutex_lock+0x136/0xd70 [ 84.947230][ T5465] input_ff_flush+0x5e/0x140 [ 84.952384][ T5465] input_flush_device+0x9c/0xc0 [ 84.957778][ T5465] evdev_release+0xf9/0x7d0 [ 84.962913][ T5465] __fput+0x406/0x8b0 [ 84.967437][ T5465] __x64_sys_close+0x7f/0x110 [ 84.972650][ T5465] do_syscall_64+0xf3/0x230 [ 84.977688][ T5465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.984121][ T5465] [ 84.984121][ T5465] -> #2 (&dev->mutex#2){+.+.}-{3:3}: [ 84.991729][ T5465] lock_acquire+0x1ed/0x550 [ 84.997133][ T5465] __mutex_lock+0x136/0xd70 [ 85.002321][ T5465] input_register_handle+0x6d/0x3b0 [ 85.008245][ T5465] kbd_connect+0xbf/0x130 [ 85.013209][ T5465] input_register_device+0xcf3/0x1090 [ 85.019142][ T5465] acpi_button_add+0x6c6/0xb90 [ 85.024455][ T5465] acpi_device_probe+0xa5/0x2b0 [ 85.029946][ T5465] really_probe+0x2b8/0xad0 [ 85.035427][ T5465] __driver_probe_device+0x1a2/0x390 [ 85.041244][ T5465] driver_probe_device+0x50/0x430 [ 85.046969][ T5465] __driver_attach+0x45f/0x710 [ 85.050032][ T5096] Bluetooth: hci0: command tx timeout [ 85.052268][ T5465] bus_for_each_dev+0x239/0x2b0 [ 85.063039][ T5465] bus_add_driver+0x346/0x670 [ 85.068342][ T5465] driver_register+0x23a/0x320 [ 85.073654][ T5465] do_one_initcall+0x248/0x880 [ 85.078964][ T5465] do_initcall_level+0x157/0x210 [ 85.084540][ T5465] do_initcalls+0x3f/0x80 [ 85.089412][ T5465] kernel_init_freeable+0x435/0x5d0 [ 85.095153][ T5465] kernel_init+0x1d/0x2b0 [ 85.100026][ T5465] ret_from_fork+0x4b/0x80 [ 85.105084][ T5465] ret_from_fork_asm+0x1a/0x30 [ 85.110394][ T5465] [ 85.110394][ T5465] -> #1 (input_mutex){+.+.}-{3:3}: [ 85.117725][ T5465] lock_acquire+0x1ed/0x550 [ 85.122771][ T5465] __mutex_lock+0x136/0xd70 [ 85.127818][ T5465] input_register_device+0xade/0x1090 [ 85.133729][ T5465] uinput_create_device+0x40e/0x630 [ 85.139502][ T5465] uinput_ioctl_handler+0x48b/0x1770 [ 85.145376][ T5465] __se_sys_ioctl+0xfc/0x170 [ 85.150522][ T5465] do_syscall_64+0xf3/0x230 [ 85.155745][ T5465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.162307][ T5465] [ 85.162307][ T5465] -> #0 (&newdev->mutex){+.+.}-{3:3}: [ 85.169894][ T5465] validate_chain+0x18e0/0x5900 [ 85.175390][ T5465] __lock_acquire+0x1346/0x1fd0 [ 85.180869][ T5465] lock_acquire+0x1ed/0x550 [ 85.185911][ T5465] __mutex_lock+0x136/0xd70 [ 85.190970][ T5465] uinput_request_submit+0x19c/0x740 [ 85.196885][ T5465] uinput_dev_upload_effect+0x199/0x240 [ 85.202976][ T5465] input_ff_upload+0x5df/0xb00 [ 85.208347][ T5465] evdev_ioctl_handler+0x17d0/0x21b0 [ 85.214208][ T5465] __se_sys_ioctl+0xfc/0x170 [ 85.219349][ T5465] do_syscall_64+0xf3/0x230 [ 85.224429][ T5465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.230950][ T5465] [ 85.230950][ T5465] other info that might help us debug this: [ 85.230950][ T5465] [ 85.241924][ T5465] Chain exists of: [ 85.241924][ T5465] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 85.241924][ T5465] [ 85.254359][ T5465] Possible unsafe locking scenario: [ 85.254359][ T5465] [ 85.261873][ T5465] CPU0 CPU1 [ 85.267262][ T5465] ---- ---- [ 85.272645][ T5465] lock(&ff->mutex); [ 85.276832][ T5465] lock(&dev->mutex#2); [ 85.283707][ T5465] lock(&ff->mutex); [ 85.290243][ T5465] lock(&newdev->mutex); [ 85.294597][ T5465] [ 85.294597][ T5465] *** DEADLOCK *** [ 85.294597][ T5465] [ 85.302853][ T5465] 2 locks held by syz-executor.0/5465: [ 85.308347][ T5465] #0: ffff888023cab110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x125/0x21b0 [ 85.318306][ T5465] #1: ffff8880255e00b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x3e4/0xb00 [ 85.327650][ T5465] [ 85.327650][ T5465] stack backtrace: [ 85.333648][ T5465] CPU: 0 PID: 5465 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0 [ 85.344167][ T5465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 85.354254][ T5465] Call Trace: [ 85.357556][ T5465] [ 85.360509][ T5465] dump_stack_lvl+0x241/0x360 [ 85.365226][ T5465] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.370449][ T5465] ? print_circular_bug+0x130/0x1a0 [ 85.375667][ T5465] check_noncircular+0x36a/0x4a0 [ 85.380635][ T5465] ? __pfx_check_noncircular+0x10/0x10 [ 85.386113][ T5465] ? lockdep_lock+0x123/0x2b0 [ 85.390820][ T5465] ? stack_trace_save+0x118/0x1d0 [ 85.395864][ T5465] ? __pfx_stack_trace_save+0x10/0x10 [ 85.401250][ T5465] ? check_noncircular+0x259/0x4a0 [ 85.406411][ T5465] validate_chain+0x18e0/0x5900 [ 85.411280][ T5465] ? __pfx_check_noncircular+0x10/0x10 [ 85.416768][ T5465] ? __pfx_validate_chain+0x10/0x10 [ 85.421998][ T5465] ? __pfx_validate_chain+0x10/0x10 [ 85.427225][ T5465] ? stack_trace_save+0x118/0x1d0 [ 85.432268][ T5465] ? __pfx_stack_trace_save+0x10/0x10 [ 85.437742][ T5465] ? mark_lock+0x9a/0x350 [ 85.442099][ T5465] __lock_acquire+0x1346/0x1fd0 [ 85.447152][ T5465] lock_acquire+0x1ed/0x550 [ 85.451683][ T5465] ? uinput_request_submit+0x19c/0x740 [ 85.457343][ T5465] ? __pfx_lock_acquire+0x10/0x10 [ 85.462389][ T5465] ? __pfx___might_resched+0x10/0x10 [ 85.467710][ T5465] __mutex_lock+0x136/0xd70 [ 85.472290][ T5465] ? uinput_request_submit+0x19c/0x740 [ 85.477773][ T5465] ? uinput_request_alloc_id+0x3c5/0x3f0 [ 85.483429][ T5465] ? do_raw_spin_lock+0x14f/0x370 [ 85.489087][ T5465] ? __pfx_lock_release+0x10/0x10 [ 85.494131][ T5465] ? uinput_request_submit+0x19c/0x740 [ 85.499613][ T5465] ? __pfx___mutex_lock+0x10/0x10 [ 85.504950][ T5465] ? _raw_spin_unlock+0x28/0x50 [ 85.509912][ T5465] ? uinput_request_alloc_id+0x3c5/0x3f0 [ 85.515590][ T5465] uinput_request_submit+0x19c/0x740 [ 85.520943][ T5465] ? __pfx_uinput_request_submit+0x10/0x10 [ 85.526771][ T5465] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.532687][ T5465] ? rcu_is_watching+0x15/0xb0 [ 85.537481][ T5465] uinput_dev_upload_effect+0x199/0x240 [ 85.543048][ T5465] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 85.549237][ T5465] input_ff_upload+0x5df/0xb00 [ 85.554029][ T5465] evdev_ioctl_handler+0x17d0/0x21b0 [ 85.559343][ T5465] ? tomoyo_path_number_perm+0x208/0x880 [ 85.565093][ T5465] ? __pfx_evdev_ioctl_handler+0x10/0x10 [ 85.570871][ T5465] ? bpf_lsm_file_ioctl+0x9/0x10 [ 85.576016][ T5465] ? security_file_ioctl+0x87/0xb0 [ 85.581161][ T5465] ? __pfx_evdev_ioctl+0x10/0x10 [ 85.586126][ T5465] __se_sys_ioctl+0xfc/0x170 [ 85.591012][ T5465] do_syscall_64+0xf3/0x230 [ 85.595672][ T5465] ? clear_bhb_loop+0x35/0x90 [ 85.600376][ T5465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.606310][ T5465] RIP: 0033:0x7fa96ae7dca9 [ 85.610757][ T5465] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 85.630467][ T5465] RSP: 002b:00007fa96bc450c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.638914][ T5465] RAX: ffffffffffffffda RBX: 00007fa96afabf80 RCX: 00007fa96ae7dca9 [ 85.647078][ T5465] RDX: 0000000020000300 RSI: 0000000040304580 RDI: 0000000000000004 [ 85.655075][ T5465] RBP: 00007fa96aec947e R08: 0000000000000000 R09: 0000000000000000 [ 85.663063][ T5465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.671058][ T5465] R13: 000000000000000b R14: 00007fa96afabf80 R15: 00007ffcb6c36278 [ 85.679325][ T5465] [ 85.846152][ T5519] input: syz1 as /devices/virtual/input/input6 [ 86.719927][ T5586] input: syz1 as /devices/virtual/input/input7 [ 87.069542][ T5096] Bluetooth: hci0: command tx timeout [ 87.582089][ T5655] input: syz1 as /devices/virtual/input/input8 2024/05/29 01:48:01 executed programs: 4 [ 88.459282][ T5728] input: syz1 as /devices/virtual/input/input9 [ 89.149227][ T5096] Bluetooth: hci0: command tx timeout [ 89.288940][ T5757] input: syz1 as /devices/virtual/input/input10 [ 90.141701][ T5759] input: syz1 as /devices/virtual/input/input11 [ 90.993206][ T5761] input: syz1 as /devices/virtual/input/input12 [ 91.229274][ T5096] Bluetooth: hci0: command tx timeout [ 91.845789][ T5763] input: syz1 as /devices/virtual/input/input13 [ 92.697975][ T5765] input: syz1 as /devices/virtual/input/input14 2024/05/29 01:48:06 executed programs: 10 [ 93.552503][ T5767] input: syz1 as /devices/virtual/input/input15 [ 94.404213][ T5769] input: syz1 as /devices/virtual/input/input16