Warning: Permanently added '10.128.1.168' (ED25519) to the list of known hosts. 2023/08/23 23:04:58 ignoring optional flag "sandboxArg"="0" 2023/08/23 23:04:58 parsed 1 programs [ 91.304301][ T26] kauditd_printk_skb: 76 callbacks suppressed [ 91.304319][ T26] audit: type=1400 audit(1692831898.648:201): avc: denied { getattr } for pid=5354 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 2023/08/23 23:04:58 executed programs: 0 [ 91.335283][ T26] audit: type=1400 audit(1692831898.648:202): avc: denied { read } for pid=5354 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 91.358872][ T26] audit: type=1400 audit(1692831898.648:203): avc: denied { open } for pid=5354 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 91.393517][ T26] audit: type=1400 audit(1692831898.708:204): avc: denied { mounton } for pid=5359 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 91.448716][ T26] audit: type=1400 audit(1692831898.708:205): avc: denied { mount } for pid=5359 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 92.509883][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.518293][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.526629][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.534520][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.542116][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 92.549556][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.567610][ T26] audit: type=1400 audit(1692831899.908:206): avc: denied { mounton } for pid=5367 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 92.647436][ T5367] chnl_net:caif_netlink_parms(): no params data found [ 92.691933][ T5367] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.699253][ T5367] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.707235][ T5367] bridge_slave_0: entered allmulticast mode [ 92.714207][ T5367] bridge_slave_0: entered promiscuous mode [ 92.722010][ T5367] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.730533][ T5367] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.738157][ T5367] bridge_slave_1: entered allmulticast mode [ 92.746024][ T5367] bridge_slave_1: entered promiscuous mode [ 92.769234][ T5367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.781380][ T5367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.807203][ T5367] team0: Port device team_slave_0 added [ 92.816676][ T5367] team0: Port device team_slave_1 added [ 92.835281][ T5367] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.842261][ T5367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.868678][ T5367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.881129][ T5367] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.888157][ T5367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.915017][ T5367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.947789][ T5367] hsr_slave_0: entered promiscuous mode [ 92.954282][ T5367] hsr_slave_1: entered promiscuous mode [ 93.022555][ T5367] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.029733][ T5367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.037358][ T5367] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.044544][ T5367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.088394][ T5367] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.101769][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.110706][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.125435][ T5367] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.136887][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.144307][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.158000][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.165581][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.216738][ T5367] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.248364][ T26] audit: type=1400 audit(1692831900.588:207): avc: denied { sys_module } for pid=5367 comm="syz-executor.0" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 93.527068][ T5367] veth0_vlan: entered promiscuous mode [ 93.537691][ T5367] veth1_vlan: entered promiscuous mode [ 93.560997][ T5367] veth0_macvtap: entered promiscuous mode [ 93.571100][ T5367] veth1_macvtap: entered promiscuous mode [ 93.586052][ T5367] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.600548][ T5367] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.661980][ T25] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.677704][ T25] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.699804][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.707921][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.729230][ T26] audit: type=1400 audit(1692831901.068:208): avc: denied { mounton } for pid=5367 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=2323 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 94.583710][ T48] Bluetooth: hci0: command 0x0409 tx timeout [ 96.354368][ T5487] [ 96.356728][ T5487] ================================ [ 96.361818][ T5487] WARNING: inconsistent lock state [ 96.366923][ T5487] 6.5.0-rc7-syzkaller-00024-g93f5de5f648d #0 Not tainted [ 96.374028][ T5487] -------------------------------- [ 96.379130][ T5487] inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. [ 96.386141][ T5487] syz-executor.0/5487 [HC0[0]:SC0[0]:HE0:SE1] takes: [ 96.392804][ T5487] ffffffff8d73fdd8 (sync_timeline_list_lock){?...}-{2:2}, at: sync_info_debugfs_show+0x31/0x200 [ 96.403317][ T5487] {IN-HARDIRQ-W} state was registered at: [ 96.409481][ T5487] lock_acquire+0x1ae/0x510 [ 96.414086][ T5487] _raw_spin_lock_irqsave+0x3a/0x50 [ 96.419373][ T5487] sync_timeline_debug_remove+0x29/0x1a0 [ 96.425101][ T5487] timeline_fence_release+0x262/0x340 [ 96.430785][ T5487] dma_fence_release+0x2ef/0x500 [ 96.436011][ T5487] dma_fence_array_release+0x1fa/0x2e0 [ 96.441650][ T5487] dma_fence_release+0x2ef/0x500 [ 96.446668][ T5487] irq_dma_fence_array_work+0xa9/0xd0 [ 96.453289][ T5487] irq_work_single+0x1b5/0x260 [ 96.458258][ T5487] irq_work_run_list+0x92/0xc0 [ 96.463361][ T5487] irq_work_run+0x58/0xd0 [ 96.468069][ T5487] __sysvec_irq_work+0x99/0x2d0 [ 96.473113][ T5487] sysvec_irq_work+0x8e/0xc0 [ 96.477965][ T5487] asm_sysvec_irq_work+0x1a/0x20 [ 96.482989][ T5487] _raw_spin_unlock_irq+0x29/0x50 [ 96.488098][ T5487] sw_sync_debugfs_release+0x164/0x240 [ 96.493682][ T5487] __fput+0x3f7/0xac0 [ 96.497740][ T5487] task_work_run+0x14d/0x240 [ 96.502511][ T5487] exit_to_user_mode_prepare+0x210/0x240 [ 96.508247][ T5487] syscall_exit_to_user_mode+0x1d/0x60 [ 96.513884][ T5487] do_syscall_64+0x44/0xb0 [ 96.518380][ T5487] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 96.524703][ T5487] irq event stamp: 210 [ 96.528849][ T5487] hardirqs last enabled at (209): [] mod_objcg_state+0x59d/0x9e0 [ 96.538482][ T5487] hardirqs last disabled at (210): [] _raw_spin_lock_irq+0x45/0x50 [ 96.548475][ T5487] softirqs last enabled at (94): [] sk_common_release+0x13f/0x3a0 [ 96.558468][ T5487] softirqs last disabled at (92): [] sk_common_release+0xca/0x3a0 [ 96.568027][ T5487] [ 96.568027][ T5487] other info that might help us debug this: [ 96.576173][ T5487] Possible unsafe locking scenario: [ 96.576173][ T5487] [ 96.583824][ T5487] CPU0 [ 96.587187][ T5487] ---- [ 96.590450][ T5487] lock(sync_timeline_list_lock); [ 96.595671][ T5487] [ 96.599166][ T5487] lock(sync_timeline_list_lock); [ 96.604448][ T5487] [ 96.604448][ T5487] *** DEADLOCK *** [ 96.604448][ T5487] [ 96.612723][ T5487] 3 locks held by syz-executor.0/5487: [ 96.618286][ T5487] #0: ffff8880260ecb88 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe7/0x170 [ 96.627525][ T5487] #1: ffff88802a1515c0 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xda/0x1280 [ 96.636496][ T5487] #2: ffffffff8d73fdd8 (sync_timeline_list_lock){?...}-{2:2}, at: sync_info_debugfs_show+0x31/0x200 [ 96.648930][ T5487] [ 96.648930][ T5487] stack backtrace: [ 96.655353][ T5487] CPU: 1 PID: 5487 Comm: syz-executor.0 Not tainted 6.5.0-rc7-syzkaller-00024-g93f5de5f648d #0 [ 96.665972][ T5487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 96.676117][ T5487] Call Trace: [ 96.679644][ T5487] [ 96.682562][ T5487] dump_stack_lvl+0xd9/0x1b0 [ 96.687532][ T5487] mark_lock+0x11f3/0x1950 [ 96.691974][ T5487] ? vsprintf+0x30/0x30 [ 96.696192][ T5487] ? print_usage_bug.part.0+0x670/0x670 [ 96.702007][ T5487] ? pointer+0xbf0/0xbf0 [ 96.706432][ T5487] ? seq_putc+0x6c/0xf0 [ 96.710589][ T5487] ? find_held_lock+0x2d/0x110 [ 96.715352][ T5487] ? sync_info_debugfs_show+0xef/0x200 [ 96.720822][ T5487] ? reacquire_held_locks+0x4b0/0x4b0 [ 96.726278][ T5487] mark_held_locks+0x9f/0xe0 [ 96.731241][ T5487] lockdep_hardirqs_on_prepare+0x139/0x410 [ 96.737154][ T5487] trace_hardirqs_on+0x36/0x40 [ 96.741944][ T5487] _raw_spin_unlock_irq+0x23/0x50 [ 96.747064][ T5487] sync_info_debugfs_show+0xef/0x200 [ 96.752519][ T5487] seq_read_iter+0x4e5/0x1280 [ 96.757298][ T5487] seq_read+0x196/0x240 [ 96.761532][ T5487] ? seq_read_iter+0x1280/0x1280 [ 96.766610][ T5487] ? security_file_permission+0xdc/0x100 [ 96.772440][ T5487] ? seq_read_iter+0x1280/0x1280 [ 96.777473][ T5487] vfs_read+0x1ce/0x930 [ 96.781705][ T5487] ? kernel_read+0x1b0/0x1b0 [ 96.786280][ T5487] ? __fget_files+0x279/0x410 [ 96.791039][ T5487] ksys_read+0x12f/0x250 [ 96.795265][ T5487] ? vfs_write+0xe40/0xe40 [ 96.799704][ T5487] ? syscall_enter_from_user_mode+0x26/0x80 [ 96.805631][ T5487] do_syscall_64+0x38/0xb0 [ 96.812041][ T5487] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 96.818039][ T5487] RIP: 0033:0x7f1e374799e9 [ 96.822531][ T5487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 96.842383][ T5487] RSP: 002b:00007f1e385730c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 2023/08/23 23:05:04 executed programs: 34 [ 96.851745][ T5487] RAX: ffffffffffffffda RBX: 00007f1e3758c030 RCX: 00007f1e374799e9 [ 96.859879][ T5487] RDX: 0000000000002020 RSI: 0000000020001540 RDI: 0000000000000003 [ 96.867923][ T5487] RBP: 00007f1e374d5148 R08: 0000000000000000 R09: 0000000000000000 [ 96.875885][ T5487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 96.883862][ T5487] R13: 000000000000006e R14: 00007f1e3758c030 R15: 00007ffee00ce8a8 [ 96.891840][ T5487] [ 96.896851][ T4423] Bluetooth: hci0: command 0x041b tx timeout [ 98.984190][ T48] Bluetooth: hci0: command 0x040f tx timeout [ 101.063231][ T48] Bluetooth: hci0: command 0x0419 tx timeout 2023/08/23 23:05:09 executed programs: 110