[ 57.721000][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.738626][ T11] device veth1_macvtap left promiscuous mode [ 57.745190][ T11] device veth0_macvtap left promiscuous mode [ 57.753175][ T11] device veth1_vlan left promiscuous mode [ 57.759334][ T11] device veth0_vlan left promiscuous mode [ 57.989451][ T11] team0 (unregistering): Port device team_slave_1 removed [ 58.005800][ T11] team0 (unregistering): Port device team_slave_0 removed [ 58.021679][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 58.038005][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 58.115310][ T11] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts. 2022/12/09 07:10:13 ignoring optional flag "sandboxArg"="0" 2022/12/09 07:10:13 parsed 1 programs 2022/12/09 07:10:14 executed programs: 0 [ 74.797138][ T4086] cgroup: Unknown subsys name 'net' [ 74.807175][ T4086] cgroup: Unknown subsys name 'rlimit' [ 75.895996][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.904629][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.912455][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.920243][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.928146][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.935733][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.011928][ T4093] chnl_net:caif_netlink_parms(): no params data found [ 76.052003][ T4093] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.059408][ T4093] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.067393][ T4093] device bridge_slave_0 entered promiscuous mode [ 76.076005][ T4093] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.083369][ T4093] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.091709][ T4093] device bridge_slave_1 entered promiscuous mode [ 76.113302][ T4093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.124201][ T4093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.148118][ T4093] team0: Port device team_slave_0 added [ 76.155512][ T4093] team0: Port device team_slave_1 added [ 76.173268][ T4093] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.180495][ T4093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.206814][ T4093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.219327][ T4093] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.226728][ T4093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.253712][ T4093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.280528][ T4093] device hsr_slave_0 entered promiscuous mode [ 76.287365][ T4093] device hsr_slave_1 entered promiscuous mode [ 76.350339][ T4093] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.357467][ T4093] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.365320][ T4093] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.372513][ T4093] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.381857][ T14] cfg80211: failed to load regulatory.db [ 76.423793][ T4093] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.436425][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.446120][ T14] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.453920][ T14] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.461974][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 76.475586][ T4093] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.485913][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.495565][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.502858][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.519505][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.528427][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.535556][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.553902][ T4093] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 76.566321][ T4093] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.579636][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.588860][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.597505][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.606853][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.625861][ T4093] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.635412][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.643398][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.651761][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.659786][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.002814][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.017089][ T4093] device veth0_vlan entered promiscuous mode [ 77.025229][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 77.034055][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.044328][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.052373][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.063818][ T4093] device veth1_vlan entered promiscuous mode [ 77.081962][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.090276][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 77.100154][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.109190][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.119847][ T4093] device veth0_macvtap entered promiscuous mode [ 77.135899][ T4093] device veth1_macvtap entered promiscuous mode [ 77.150342][ T4093] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.159277][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 77.167376][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 77.175617][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 77.184151][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.195723][ T4093] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.203484][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.212327][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.265890][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.276029][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.295507][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.304654][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.313162][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.322620][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.972223][ T48] Bluetooth: hci0: command 0x0409 tx timeout [ 78.201951][ T4114] [ 78.204326][ T4114] ====================================================== [ 78.211324][ T4114] WARNING: possible circular locking dependency detected [ 78.218318][ T4114] 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0 Not tainted [ 78.225326][ T4114] ------------------------------------------------------ [ 78.232321][ T4114] syz-executor.0/4114 is trying to acquire lock: [ 78.238630][ T4114] ffff8880224f7130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x52/0x2f0 [ 78.250091][ T4114] [ 78.250091][ T4114] but task is already holding lock: [ 78.257527][ T4114] ffff88806f6a9d28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x276/0x470 [ 78.266469][ T4114] [ 78.266469][ T4114] which lock already depends on the new lock. [ 78.266469][ T4114] [ 78.276855][ T4114] [ 78.276855][ T4114] the existing dependency chain (in reverse order) is: [ 78.285851][ T4114] [ 78.285851][ T4114] -> #2 (&d->lock){+.+.}-{3:3}: [ 78.293069][ T4114] lock_acquire+0x1a7/0x400 [ 78.298083][ T4114] __mutex_lock_common+0x1de/0x26c0 [ 78.303881][ T4114] mutex_lock_nested+0x17/0x20 [ 78.309152][ T4114] __rfcomm_dlc_close+0x276/0x470 [ 78.314813][ T4114] rfcomm_dlc_close+0x10d/0x1c0 [ 78.320197][ T4114] __rfcomm_sock_close+0x101/0x220 [ 78.325897][ T4114] rfcomm_sock_shutdown+0xad/0x230 [ 78.331521][ T4114] rfcomm_sock_release+0x55/0x120 [ 78.337048][ T4114] sock_close+0xd7/0x260 [ 78.341797][ T4114] __fput+0x3ba/0x880 [ 78.346297][ T4114] task_work_run+0x243/0x300 [ 78.351487][ T4114] get_signal+0x1642/0x1810 [ 78.356608][ T4114] arch_do_signal_or_restart+0x8d/0x750 [ 78.362758][ T4114] exit_to_user_mode_loop+0x74/0x160 [ 78.368729][ T4114] exit_to_user_mode_prepare+0xad/0x110 [ 78.374863][ T4114] syscall_exit_to_user_mode+0x2e/0x60 [ 78.380898][ T4114] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.387326][ T4114] [ 78.387326][ T4114] -> #1 (rfcomm_mutex){+.+.}-{3:3}: [ 78.394787][ T4114] lock_acquire+0x1a7/0x400 [ 78.399889][ T4114] __mutex_lock_common+0x1de/0x26c0 [ 78.405601][ T4114] mutex_lock_nested+0x17/0x20 [ 78.410873][ T4114] rfcomm_dlc_open+0x25/0x50 [ 78.415977][ T4114] rfcomm_sock_connect+0x285/0x470 [ 78.421601][ T4114] __sys_connect+0x29b/0x2d0 [ 78.426698][ T4114] __x64_sys_connect+0x76/0x80 [ 78.431966][ T4114] do_syscall_64+0x2b/0x70 [ 78.436886][ T4114] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.443280][ T4114] [ 78.443280][ T4114] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}: [ 78.452652][ T4114] validate_chain+0x184a/0x6470 [ 78.458008][ T4114] __lock_acquire+0x1292/0x1f60 [ 78.463465][ T4114] lock_acquire+0x1a7/0x400 [ 78.468488][ T4114] lock_sock_nested+0x44/0xf0 [ 78.473677][ T4114] rfcomm_sk_state_change+0x52/0x2f0 [ 78.479470][ T4114] __rfcomm_dlc_close+0x2bb/0x470 [ 78.484996][ T4114] rfcomm_dlc_close+0x10d/0x1c0 [ 78.490347][ T4114] __rfcomm_sock_close+0x101/0x220 [ 78.496055][ T4114] rfcomm_sock_shutdown+0xad/0x230 [ 78.501667][ T4114] rfcomm_sock_release+0x55/0x120 [ 78.507207][ T4114] sock_close+0xd7/0x260 [ 78.511965][ T4114] __fput+0x3ba/0x880 [ 78.516470][ T4114] task_work_run+0x243/0x300 [ 78.521571][ T4114] get_signal+0x1642/0x1810 [ 78.526587][ T4114] arch_do_signal_or_restart+0x8d/0x750 [ 78.532642][ T4114] exit_to_user_mode_loop+0x74/0x160 [ 78.538539][ T4114] exit_to_user_mode_prepare+0xad/0x110 [ 78.544589][ T4114] syscall_exit_to_user_mode+0x2e/0x60 [ 78.550555][ T4114] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.556952][ T4114] [ 78.556952][ T4114] other info that might help us debug this: [ 78.556952][ T4114] [ 78.567193][ T4114] Chain exists of: [ 78.567193][ T4114] sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock [ 78.567193][ T4114] [ 78.581259][ T4114] Possible unsafe locking scenario: [ 78.581259][ T4114] [ 78.588886][ T4114] CPU0 CPU1 [ 78.594240][ T4114] ---- ---- [ 78.599592][ T4114] lock(&d->lock); [ 78.603392][ T4114] lock(rfcomm_mutex); [ 78.610421][ T4114] lock(&d->lock); [ 78.616895][ T4114] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 78.623044][ T4114] [ 78.623044][ T4114] *** DEADLOCK *** [ 78.623044][ T4114] [ 78.631783][ T4114] 3 locks held by syz-executor.0/4114: [ 78.637232][ T4114] #0: ffff888072eac410 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: sock_close+0x93/0x260 [ 78.647320][ T4114] #1: ffffffff8e5df5c8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x32/0x1c0 [ 78.656711][ T4114] #2: ffff88806f6a9d28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x276/0x470 [ 78.666092][ T4114] [ 78.666092][ T4114] stack backtrace: [ 78.672049][ T4114] CPU: 1 PID: 4114 Comm: syz-executor.0 Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0 [ 78.682885][ T4114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 78.693446][ T4114] Call Trace: [ 78.696777][ T4114] [ 78.699692][ T4114] dump_stack_lvl+0x1e3/0x2cb [ 78.704361][ T4114] ? nf_tcp_handle_invalid+0x62e/0x62e [ 78.709813][ T4114] ? print_circular_bug+0x13e/0x1c0 [ 78.715020][ T4114] check_noncircular+0x2f9/0x3b0 [ 78.719953][ T4114] ? add_chain_block+0x850/0x850 [ 78.724876][ T4114] ? lockdep_lock+0x11d/0x2a0 [ 78.729534][ T4114] ? _find_first_zero_bit+0xe8/0x110 [ 78.734808][ T4114] validate_chain+0x184a/0x6470 [ 78.740166][ T4114] ? reacquire_held_locks+0x680/0x680 [ 78.745524][ T4114] ? register_lock_class+0xfe/0x9b0 [ 78.750704][ T4114] ? is_dynamic_key+0x1f0/0x1f0 [ 78.755535][ T4114] ? mark_lock+0x9a/0x350 [ 78.759869][ T4114] ? __lock_acquire+0x1292/0x1f60 [ 78.764972][ T4114] ? mark_lock+0x9a/0x350 [ 78.769385][ T4114] __lock_acquire+0x1292/0x1f60 [ 78.774576][ T4114] lock_acquire+0x1a7/0x400 [ 78.779377][ T4114] ? rfcomm_sk_state_change+0x52/0x2f0 [ 78.784999][ T4114] ? read_lock_is_recursive+0x10/0x10 [ 78.790353][ T4114] ? __mutex_lock_common+0x45d/0x26c0 [ 78.795801][ T4114] ? del_timer+0x340/0x3d0 [ 78.800204][ T4114] ? __rfcomm_dlc_close+0x276/0x470 [ 78.805384][ T4114] ? mutex_lock_io_nested+0x60/0x60 [ 78.810567][ T4114] lock_sock_nested+0x44/0xf0 [ 78.815241][ T4114] ? rfcomm_sk_state_change+0x52/0x2f0 [ 78.820748][ T4114] rfcomm_sk_state_change+0x52/0x2f0 [ 78.826021][ T4114] __rfcomm_dlc_close+0x2bb/0x470 [ 78.831030][ T4114] rfcomm_dlc_close+0x10d/0x1c0 [ 78.835872][ T4114] __rfcomm_sock_close+0x101/0x220 [ 78.841166][ T4114] rfcomm_sock_shutdown+0xad/0x230 [ 78.846361][ T4114] rfcomm_sock_release+0x55/0x120 [ 78.851866][ T4114] sock_close+0xd7/0x260 [ 78.856092][ T4114] ? __fput+0x3b2/0x880 [ 78.860229][ T4114] ? sock_mmap+0x90/0x90 [ 78.864465][ T4114] __fput+0x3ba/0x880 [ 78.868439][ T4114] task_work_run+0x243/0x300 [ 78.873031][ T4114] ? task_work_cancel+0x290/0x290 [ 78.878045][ T4114] get_signal+0x1642/0x1810 [ 78.882539][ T4114] ? kick_process+0xd6/0x140 [ 78.887264][ T4114] ? task_work_add+0x2e6/0x340 [ 78.892393][ T4114] ? rcu_lock_release+0x20/0x20 [ 78.897288][ T4114] ? ptrace_notify+0x340/0x340 [ 78.902107][ T4114] arch_do_signal_or_restart+0x8d/0x750 [ 78.907636][ T4114] ? __sys_connect+0x157/0x2d0 [ 78.912413][ T4114] ? get_sigframe_size+0x10/0x10 [ 78.917351][ T4114] ? exit_to_user_mode_loop+0x42/0x160 [ 78.922800][ T4114] exit_to_user_mode_loop+0x74/0x160 [ 78.928071][ T4114] exit_to_user_mode_prepare+0xad/0x110 [ 78.933597][ T4114] syscall_exit_to_user_mode+0x2e/0x60 [ 78.939044][ T4114] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.944920][ T4114] RIP: 0033:0x7f1a3f889049 [ 78.949406][ T4114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 78.969012][ T4114] RSP: 002b:00007f1a40a75168 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 78.977421][ T4114] RAX: fffffffffffffffc RBX: 00007f1a3f99bf60 RCX: 00007f1a3f889049 [ 78.985374][ T4114] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004 [ 78.993505][ T4114] RBP: 00007f1a3f8e308d R08: 0000000000000000 R09: 0000000000000000 [ 79.001478][ T4114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 79.009433][ T4114] R13: 00007ffd6e5105ef R14: 00007f1a40a75300 R15: 0000000000022000 [ 79.017571][ T4114] 2022/12/09 07:10:19 executed programs: 2 [ 80.051029][ T48] Bluetooth: hci0: command 0x041b tx timeout [ 82.131462][ T48] Bluetooth: hci0: command 0x040f tx timeout [ 84.211040][ T48] Bluetooth: hci0: command 0x0419 tx timeout 2022/12/09 07:10:24 executed programs: 8 [ 86.291005][ T48] Bluetooth: hci0: command 0x0405 tx timeout