Warning: Permanently added '10.128.1.105' (ED25519) to the list of known hosts. 2023/11/04 17:00:11 ignoring optional flag "sandboxArg"="0" 2023/11/04 17:00:12 parsed 1 programs 2023/11/04 17:00:14 executed programs: 0 [ 101.597340][ T5422] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 101.664276][ T4467] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 101.672381][ T4467] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 101.680408][ T4467] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 101.689019][ T4467] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 101.697703][ T4467] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 101.706513][ T4467] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 101.863861][ T5429] chnl_net:caif_netlink_parms(): no params data found [ 101.936718][ T5429] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.944014][ T5429] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.951493][ T5429] bridge_slave_0: entered allmulticast mode [ 101.958803][ T5429] bridge_slave_0: entered promiscuous mode [ 101.968515][ T5429] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.975880][ T5429] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.983124][ T5429] bridge_slave_1: entered allmulticast mode [ 101.990589][ T5429] bridge_slave_1: entered promiscuous mode [ 102.022720][ T5429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.036985][ T5429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.073739][ T5429] team0: Port device team_slave_0 added [ 102.082806][ T5429] team0: Port device team_slave_1 added [ 102.112351][ T5429] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.119479][ T5429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.145622][ T5429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.158953][ T5429] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.166123][ T5429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.192437][ T5429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.239339][ T5429] hsr_slave_0: entered promiscuous mode [ 102.245886][ T5429] hsr_slave_1: entered promiscuous mode [ 103.142439][ T5429] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 103.155005][ T5429] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 103.174497][ T5429] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 103.188350][ T5429] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.327170][ T5429] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.361360][ T5429] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.379901][ T5085] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.387167][ T5085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.416203][ T5085] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.423416][ T5085] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.701532][ T5429] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.726838][ T5077] Bluetooth: hci0: command 0x0409 tx timeout [ 103.789155][ T5429] veth0_vlan: entered promiscuous mode [ 103.809327][ T5429] veth1_vlan: entered promiscuous mode [ 103.862597][ T5429] veth0_macvtap: entered promiscuous mode [ 103.880362][ T5429] veth1_macvtap: entered promiscuous mode [ 103.911045][ T5429] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.931659][ T5429] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.953489][ T5429] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.974769][ T5429] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.987780][ T5429] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.996932][ T5429] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.117538][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.139853][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.193360][ T5085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.203249][ T5085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.344475][ T5494] [ 104.346849][ T5494] ====================================================== [ 104.353974][ T5494] WARNING: possible circular locking dependency detected [ 104.361006][ T5494] 6.6.0-next-20231103-syzkaller #0 Not tainted [ 104.367263][ T5494] ------------------------------------------------------ [ 104.374291][ T5494] syz-executor.0/5494 is trying to acquire lock: [ 104.380630][ T5494] ffff888027561108 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 104.390026][ T5494] [ 104.390026][ T5494] but task is already holding lock: [ 104.397402][ T5494] ffffffff8ef38ac8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x16e/0x570 [ 104.407108][ T5494] [ 104.407108][ T5494] which lock already depends on the new lock. [ 104.407108][ T5494] [ 104.417519][ T5494] [ 104.417519][ T5494] the existing dependency chain (in reverse order) is: [ 104.426559][ T5494] [ 104.426559][ T5494] -> #3 (rfkill_global_mutex){+.+.}-{3:3}: [ 104.434842][ T5494] __mutex_lock+0x181/0x1330 [ 104.439972][ T5494] rfkill_register+0x3a/0xb30 [ 104.445186][ T5494] hci_register_dev+0x43a/0xd40 [ 104.450736][ T5494] __vhci_create_device+0x393/0x800 [ 104.456454][ T5494] vhci_write+0x2c7/0x470 [ 104.461309][ T5494] vfs_write+0x64d/0xdf0 [ 104.466072][ T5494] ksys_write+0x12f/0x250 [ 104.470920][ T5494] do_syscall_64+0x3f/0x110 [ 104.475943][ T5494] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 104.482351][ T5494] [ 104.482351][ T5494] -> #2 (&data->open_mutex){+.+.}-{3:3}: [ 104.490164][ T5494] __mutex_lock+0x181/0x1330 [ 104.495282][ T5494] vhci_send_frame+0x67/0xa0 [ 104.500563][ T5494] hci_send_frame+0x220/0x470 [ 104.505758][ T5494] hci_tx_work+0x1456/0x1e40 [ 104.510869][ T5494] process_one_work+0x8a2/0x15e0 [ 104.516338][ T5494] worker_thread+0x8b6/0x1280 [ 104.521549][ T5494] kthread+0x337/0x440 [ 104.526230][ T5494] ret_from_fork+0x45/0x80 [ 104.531175][ T5494] ret_from_fork_asm+0x11/0x20 [ 104.536463][ T5494] [ 104.536463][ T5494] -> #1 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 104.545666][ T5494] __flush_work+0x103/0xa10 [ 104.550688][ T5494] hci_dev_close_sync+0x22d/0x1160 [ 104.556499][ T5494] hci_dev_do_close+0x2e/0x90 [ 104.562047][ T5494] hci_unregister_dev+0x1eb/0x600 [ 104.567762][ T5494] vhci_release+0x7f/0x100 [ 104.572708][ T5494] __fput+0x270/0xbb0 [ 104.577238][ T5494] task_work_run+0x14c/0x240 [ 104.582364][ T5494] do_exit+0xa85/0x2ac0 [ 104.587062][ T5494] do_group_exit+0xd3/0x2a0 [ 104.592272][ T5494] get_signal+0x2391/0x2760 [ 104.597309][ T5494] arch_do_signal_or_restart+0x90/0x7e0 [ 104.603387][ T5494] exit_to_user_mode_prepare+0x11c/0x240 [ 104.609568][ T5494] syscall_exit_to_user_mode+0x1d/0x60 [ 104.615549][ T5494] do_syscall_64+0x4b/0x110 [ 104.620575][ T5494] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 104.627274][ T5494] [ 104.627274][ T5494] -> #0 (&hdev->req_lock){+.+.}-{3:3}: [ 104.635007][ T5494] __lock_acquire+0x2e22/0x5dc0 [ 104.640397][ T5494] lock_acquire+0x1b1/0x530 [ 104.645440][ T5494] __mutex_lock+0x181/0x1330 [ 104.650546][ T5494] hci_dev_do_close+0x26/0x90 [ 104.655830][ T5494] hci_rfkill_set_block+0x1b9/0x200 [ 104.661550][ T5494] rfkill_set_block+0x200/0x550 [ 104.666921][ T5494] rfkill_fop_write+0x2d4/0x570 [ 104.672467][ T5494] vfs_write+0x2a4/0xdf0 [ 104.677228][ T5494] ksys_write+0x1f0/0x250 [ 104.682257][ T5494] do_syscall_64+0x3f/0x110 [ 104.687292][ T5494] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 104.693702][ T5494] [ 104.693702][ T5494] other info that might help us debug this: [ 104.693702][ T5494] [ 104.703915][ T5494] Chain exists of: [ 104.703915][ T5494] &hdev->req_lock --> &data->open_mutex --> rfkill_global_mutex [ 104.703915][ T5494] [ 104.717466][ T5494] Possible unsafe locking scenario: [ 104.717466][ T5494] [ 104.724986][ T5494] CPU0 CPU1 [ 104.730425][ T5494] ---- ---- [ 104.736037][ T5494] lock(rfkill_global_mutex); [ 104.740894][ T5494] lock(&data->open_mutex); [ 104.748012][ T5494] lock(rfkill_global_mutex); [ 104.755503][ T5494] lock(&hdev->req_lock); [ 104.759912][ T5494] [ 104.759912][ T5494] *** DEADLOCK *** [ 104.759912][ T5494] [ 104.768040][ T5494] 1 lock held by syz-executor.0/5494: [ 104.773399][ T5494] #0: ffffffff8ef38ac8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x16e/0x570 [ 104.783592][ T5494] [ 104.783592][ T5494] stack backtrace: [ 104.789474][ T5494] CPU: 0 PID: 5494 Comm: syz-executor.0 Not tainted 6.6.0-next-20231103-syzkaller #0 [ 104.798925][ T5494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 104.808972][ T5494] Call Trace: [ 104.812248][ T5494] [ 104.815181][ T5494] dump_stack_lvl+0xd9/0x1b0 [ 104.819780][ T5494] check_noncircular+0x310/0x3f0 [ 104.825682][ T5494] ? print_circular_bug+0x750/0x750 [ 104.830880][ T5494] ? reacquire_held_locks+0x4b0/0x4b0 [ 104.836343][ T5494] ? mark_lock+0x105/0x1950 [ 104.840856][ T5494] __lock_acquire+0x2e22/0x5dc0 [ 104.845712][ T5494] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 104.851700][ T5494] ? __lock_acquire+0x1868/0x5dc0 [ 104.856730][ T5494] lock_acquire+0x1b1/0x530 [ 104.861246][ T5494] ? hci_dev_do_close+0x26/0x90 [ 104.866106][ T5494] ? lock_sync+0x180/0x180 [ 104.870526][ T5494] ? preempt_count_sub+0x150/0x150 [ 104.875634][ T5494] __mutex_lock+0x181/0x1330 [ 104.880309][ T5494] ? hci_dev_do_close+0x26/0x90 [ 104.885162][ T5494] ? hci_dev_do_close+0x26/0x90 [ 104.890013][ T5494] ? mutex_lock_io_nested+0x1190/0x1190 [ 104.895552][ T5494] ? lock_acquire+0x1b1/0x530 [ 104.900229][ T5494] ? find_held_lock+0x2d/0x110 [ 104.904995][ T5494] ? rfkill_set_block+0x195/0x550 [ 104.910023][ T5494] ? reacquire_held_locks+0x4b0/0x4b0 [ 104.915515][ T5494] ? hci_dev_do_close+0x26/0x90 [ 104.920371][ T5494] hci_dev_do_close+0x26/0x90 [ 104.925047][ T5494] hci_rfkill_set_block+0x1b9/0x200 [ 104.930245][ T5494] ? lockdep_hardirqs_on+0x7c/0x100 [ 104.935611][ T5494] ? hci_power_on+0x670/0x670 [ 104.940284][ T5494] rfkill_set_block+0x200/0x550 [ 104.945138][ T5494] rfkill_fop_write+0x2d4/0x570 [ 104.950016][ T5494] ? rfkill_register+0xb30/0xb30 [ 104.954972][ T5494] ? bpf_lsm_inode_getsecid+0x10/0x10 [ 104.960363][ T5494] ? security_file_permission+0x94/0x100 [ 104.966009][ T5494] vfs_write+0x2a4/0xdf0 [ 104.970253][ T5494] ? rfkill_register+0xb30/0xb30 [ 104.975207][ T5494] ? kernel_write+0x6c0/0x6c0 [ 104.979883][ T5494] ? __might_fault+0xe3/0x190 [ 104.984560][ T5494] ? __fget_files+0x1c6/0x340 [ 104.989239][ T5494] ? __fget_light+0xe4/0x260 [ 104.993829][ T5494] ksys_write+0x1f0/0x250 [ 104.998169][ T5494] ? __ia32_sys_read+0xb0/0xb0 [ 105.002933][ T5494] ? syscall_enter_from_user_mode+0x26/0x80 [ 105.008999][ T5494] do_syscall_64+0x3f/0x110 [ 105.013510][ T5494] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 105.019461][ T5494] RIP: 0033:0x7f50b627cae9 [ 105.023871][ T5494] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 105.044018][ T5494] RSP: 002b:00007f50b701e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 105.052426][ T5494] RAX: ffffffffffffffda RBX: 00007f50b639bf80 RCX: 00007f50b627cae9 [ 105.060574][ T5494] RDX: 0000000000000008 RSI: 0000000020000200 RDI: 0000000000000004 [ 105.068551][ T5494] RBP: 00007f50b62c847a R08: 0000000000000000 R09: 0000000000000000 [ 105.077034][ T5494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.084997][ T5494] R13: 000000000000000b R14: 00007f50b639bf80 R15: 00007fff714ef598 [ 105.093061][ T5494]