Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. 2023/05/31 05:41:58 ignoring optional flag "sandboxArg"="0" 2023/05/31 05:41:58 parsed 1 programs [ 62.264890][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 62.264895][ T26] audit: type=1400 audit(1685511718.437:204): avc: denied { getattr } for pid=5270 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 2023/05/31 05:41:58 executed programs: 0 [ 62.294965][ T26] audit: type=1400 audit(1685511718.447:205): avc: denied { read } for pid=5270 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 62.317075][ T26] audit: type=1400 audit(1685511718.447:206): avc: denied { open } for pid=5270 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 62.350213][ T26] audit: type=1400 audit(1685511718.477:207): avc: denied { mounton } for pid=5277 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 62.376583][ T26] audit: type=1400 audit(1685511718.477:208): avc: denied { mount } for pid=5277 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 65.473764][ T4347] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 66.115683][ T1214] ieee802154 phy0 wpan0: encryption failed: -22 [ 66.122088][ T1214] ieee802154 phy1 wpan1: encryption failed: -22 [ 69.633760][ T4347] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 71.236109][ T21] cfg80211: failed to load regulatory.db [ 73.793851][ T4347] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 75.882058][ T46] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.890081][ T46] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.898261][ T46] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.906543][ T46] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.914559][ T46] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.921746][ T46] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.932818][ T26] audit: type=1400 audit(1685511732.097:209): avc: denied { mounton } for pid=5293 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 75.999020][ T5293] chnl_net:caif_netlink_parms(): no params data found [ 76.033471][ T5293] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.040658][ T5293] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.048009][ T5293] bridge_slave_0: entered allmulticast mode [ 76.054852][ T5293] bridge_slave_0: entered promiscuous mode [ 76.061953][ T5293] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.069169][ T5293] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.076285][ T5293] bridge_slave_1: entered allmulticast mode [ 76.082631][ T5293] bridge_slave_1: entered promiscuous mode [ 76.101203][ T5293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.111619][ T5293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.133547][ T5293] team0: Port device team_slave_0 added [ 76.141216][ T5293] team0: Port device team_slave_1 added [ 76.158594][ T5293] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.165575][ T5293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.191777][ T5293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.203637][ T5293] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.210576][ T5293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.237096][ T5293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.260395][ T5293] hsr_slave_0: entered promiscuous mode [ 76.266871][ T5293] hsr_slave_1: entered promiscuous mode [ 76.318860][ T5293] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.325953][ T5293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.333274][ T5293] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.340377][ T5293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.372370][ T5293] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.383714][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.391440][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.399310][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.406898][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 76.418740][ T5293] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.434897][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.443203][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.450299][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.457815][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.466501][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.473559][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.485369][ T896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.493796][ T896] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.504479][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.516528][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.527257][ T5293] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.538671][ T5293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.547333][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.564285][ T896] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.571667][ T896] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.581244][ T5293] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.600864][ T26] audit: type=1400 audit(1685511732.767:210): avc: denied { sys_module } for pid=5293 comm="syz-executor.0" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 76.734590][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.748977][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.758110][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.765930][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.775825][ T5293] veth0_vlan: entered promiscuous mode [ 76.784736][ T5293] veth1_vlan: entered promiscuous mode [ 76.799199][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 76.807151][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 76.815255][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.827074][ T5293] veth0_macvtap: entered promiscuous mode [ 76.836241][ T5293] veth1_macvtap: entered promiscuous mode [ 76.848214][ T5293] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.856051][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.865190][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.876294][ T5293] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.887238][ T5054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.925102][ T1118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.933033][ T1118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.952816][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.964570][ T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.972502][ T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.981265][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.990677][ T26] audit: type=1400 audit(1685511733.167:211): avc: denied { mounton } for pid=5293 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=2321 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 77.044196][ C0] [ 77.046543][ C0] ================================ [ 77.051624][ C0] WARNING: inconsistent lock state [ 77.056699][ C0] 6.4.0-rc4-syzkaller #0 Not tainted [ 77.061947][ C0] -------------------------------- [ 77.067020][ C0] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. [ 77.073835][ C0] syz-executor.0/5314 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 77.080482][ C0] ffffffff8bd41218 (sync_timeline_list_lock){?.+.}-{2:2}, at: sync_timeline_debug_remove+0x19/0x180 [ 77.091212][ C0] {HARDIRQ-ON-W} state was registered at: [ 77.096894][ C0] lockdep_hardirqs_on_prepare+0x135/0x400 [ 77.102754][ C0] trace_hardirqs_on+0x32/0x40 [ 77.107573][ C0] _raw_spin_unlock_irq+0x1f/0x40 [ 77.112652][ C0] sync_info_debugfs_show+0xd4/0x1d0 [ 77.118079][ C0] seq_read_iter+0x3fa/0x10e0 [ 77.122809][ C0] seq_read+0x161/0x200 [ 77.127016][ C0] vfs_read+0x16b/0x7b0 [ 77.131310][ C0] ksys_read+0xee/0x1c0 [ 77.135520][ C0] do_syscall_64+0x35/0xb0 [ 77.139988][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.145940][ C0] irq event stamp: 5844 [ 77.150068][ C0] hardirqs last enabled at (5843): [] _raw_spin_unlock_irq+0x1f/0x40 [ 77.159762][ C0] hardirqs last disabled at (5844): [] sysvec_irq_work+0xb/0xc0 [ 77.168927][ C0] softirqs last enabled at (0): [] copy_process+0x1e99/0x6c40 [ 77.178009][ C0] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 77.185085][ C0] [ 77.185085][ C0] other info that might help us debug this: [ 77.193264][ C0] Possible unsafe locking scenario: [ 77.193264][ C0] [ 77.200684][ C0] CPU0 [ 77.203932][ C0] ---- [ 77.207187][ C0] lock(sync_timeline_list_lock); [ 77.212264][ C0] [ 77.215692][ C0] lock(sync_timeline_list_lock); [ 77.221031][ C0] [ 77.221031][ C0] *** DEADLOCK *** [ 77.221031][ C0] [ 77.229139][ C0] no locks held by syz-executor.0/5314. [ 77.234649][ C0] [ 77.234649][ C0] stack backtrace: [ 77.240507][ C0] CPU: 0 PID: 5314 Comm: syz-executor.0 Not tainted 6.4.0-rc4-syzkaller #0 [ 77.249057][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 77.259076][ C0] Call Trace: [ 77.262324][ C0] [ 77.265139][ C0] dump_stack_lvl+0x60/0xa0 [ 77.269615][ C0] mark_lock.part.0+0x1110/0x1970 [ 77.274609][ C0] ? mark_lock.part.0+0xee/0x1970 [ 77.279608][ C0] ? print_usage_bug.part.0+0x660/0x660 [ 77.285137][ C0] ? print_usage_bug.part.0+0x660/0x660 [ 77.290658][ C0] ? __stack_depot_save+0x237/0x510 [ 77.295829][ C0] ? lock_downgrade+0x690/0x690 [ 77.300668][ C0] __lock_acquire+0x16e5/0x5f30 [ 77.305491][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 77.311447][ C0] ? sysvec_irq_work+0x8e/0xc0 [ 77.316189][ C0] ? asm_sysvec_irq_work+0x16/0x20 [ 77.323990][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 77.329948][ C0] ? do_group_exit+0xb0/0x250 [ 77.334598][ C0] ? get_signal+0x1d26/0x1f90 [ 77.339244][ C0] ? arch_do_signal_or_restart+0x75/0x5b0 [ 77.344933][ C0] ? exit_to_user_mode_prepare+0x11f/0x240 [ 77.350712][ C0] ? syscall_exit_to_user_mode+0x19/0x50 [ 77.356317][ C0] lock_acquire+0x1ad/0x520 [ 77.360790][ C0] ? sync_timeline_debug_remove+0x19/0x180 [ 77.366702][ C0] ? lock_sync+0x180/0x180 [ 77.371088][ C0] ? timeline_fence_release+0x1b6/0x2c0 [ 77.376604][ C0] ? lock_downgrade+0x690/0x690 [ 77.381474][ C0] _raw_spin_lock_irqsave+0x39/0x50 [ 77.386644][ C0] ? sync_timeline_debug_remove+0x19/0x180 [ 77.392427][ C0] sync_timeline_debug_remove+0x19/0x180 [ 77.398031][ C0] timeline_fence_release+0x1f6/0x2c0 [ 77.403369][ C0] ? do_raw_spin_unlock+0x171/0x230 [ 77.408544][ C0] dma_fence_array_release+0x170/0x240 [ 77.413972][ C0] irq_work_single+0x106/0x210 [ 77.418703][ C0] irq_work_run_list+0x6a/0x90 [ 77.423433][ C0] irq_work_run+0x4f/0xd0 [ 77.427737][ C0] __sysvec_irq_work+0x95/0x2d0 [ 77.432570][ C0] sysvec_irq_work+0x8e/0xc0 [ 77.437131][ C0] [ 77.440047][ C0] [ 77.442949][ C0] asm_sysvec_irq_work+0x16/0x20 [ 77.447859][ C0] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 [ 77.453645][ C0] Code: 0f 1f 44 00 00 55 48 8b 74 24 08 48 89 fd 48 83 c7 18 e8 0e 5b 81 f8 48 89 ef e8 d6 c8 81 f8 e8 51 33 a1 f8 fb bf 01 00 00 00 c6 ae 73 f8 65 8b 05 17 b5 2b 77 85 c0 74 02 5d c3 e8 84 78 28 [ 77.473236][ C0] RSP: 0018:ffffc900031f7aa0 EFLAGS: 00000202 [ 77.479274][ C0] RAX: 00000000000016d3 RBX: ffff88802a156700 RCX: 1ffffffff19eb891 [ 77.487217][ C0] RDX: 0000000000000000 RSI: ffffffff890bf040 RDI: 0000000000000001 [ 77.495171][ C0] RBP: ffff88802a156750 R08: 0000000000000001 R09: 0000000000000001 [ 77.503108][ C0] R10: fffffbfff19ebea2 R11: 0000000000000010 R12: dffffc0000000000 [ 77.511044][ C0] R13: ffff88802a156700 R14: ffff88802a156750 R15: ffff888079dbc430 [ 77.518987][ C0] sw_sync_debugfs_release+0x134/0x1e0 [ 77.524506][ C0] __fput+0x1fa/0x9a0 [ 77.528454][ C0] task_work_run+0x12b/0x220 [ 77.533006][ C0] ? task_work_cancel+0x10/0x10 [ 77.537830][ C0] ? do_raw_spin_unlock+0x171/0x230 [ 77.543004][ C0] do_exit+0x924/0x2470 [ 77.547123][ C0] ? get_signal+0x69e/0x1f90 [ 77.551678][ C0] ? mm_update_next_owner+0x6d0/0x6d0 [ 77.557023][ C0] ? do_raw_spin_lock+0x120/0x2a0 [ 77.562019][ C0] ? spin_bug+0x1c0/0x1c0 [ 77.566315][ C0] do_group_exit+0xb0/0x250 [ 77.570828][ C0] get_signal+0x1d26/0x1f90 [ 77.575305][ C0] ? exit_signals+0x720/0x720 [ 77.579956][ C0] ? find_held_lock+0x2d/0x110 [ 77.584697][ C0] arch_do_signal_or_restart+0x75/0x5b0 [ 77.590214][ C0] ? get_sigframe_size+0x10/0x10 [ 77.595115][ C0] ? lock_downgrade+0x690/0x690 [ 77.599945][ C0] ? do_futex+0x1c0/0x1c0 [ 77.604240][ C0] exit_to_user_mode_prepare+0x11f/0x240 [ 77.609841][ C0] syscall_exit_to_user_mode+0x19/0x50 [ 77.615269][ C0] do_syscall_64+0x42/0xb0 [ 77.619649][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.625511][ C0] RIP: 0033:0x7f6e2ea89209 [ 77.629889][ C0] Code: Unable to access opcode bytes at 0x7f6e2ea891df. [ 77.636880][ C0] RSP: 002b:00007f6e2fc07218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca 2023/05/31 05:42:13 executed programs: 1 [ 77.645259][ C0] RAX: 0000000000000001 RBX: 00007f6e2eb9bf68 RCX: 00007f6e2ea89209 [ 77.653196][ C0] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6e2eb9bf6c [ 77.661146][ C0] RBP: 00007f6e2eb9bf60 R08: 00007ffc61367080 R09: 0000000000000000 [ 77.669095][ C0] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f6e2eb9bf6c [ 77.677040][ C0] R13: 00007ffc613200af R14: 00007f6e2fc07300 R15: 0000000000022000 [ 77.685070][ C0] [ 77.953739][ T4347] Bluetooth: hci0: command 0x0409 tx timeout [ 80.033876][ T4347] Bluetooth: hci0: command 0x041b tx timeout [ 82.114103][ T4347] Bluetooth: hci0: command 0x040f tx timeout 2023/05/31 05:42:18 executed programs: 325 [ 84.193769][ T4347] Bluetooth: hci0: command 0x0419 tx timeout