Warning: Permanently added '10.128.0.55' (ED25519) to the list of known hosts. 2024/05/29 02:10:14 ignoring optional flag "sandboxArg"="0" 2024/05/29 02:10:14 parsed 1 programs 2024/05/29 02:10:16 executed programs: 0 [ 81.094450][ T5386] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.147006][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.158523][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.167366][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.175535][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.184447][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.192147][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.307843][ T5392] chnl_net:caif_netlink_parms(): no params data found [ 81.360094][ T5392] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.367871][ T5392] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.375088][ T5392] bridge_slave_0: entered allmulticast mode [ 81.382605][ T5392] bridge_slave_0: entered promiscuous mode [ 81.391201][ T5392] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.398574][ T5392] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.405850][ T5392] bridge_slave_1: entered allmulticast mode [ 81.412621][ T5392] bridge_slave_1: entered promiscuous mode [ 81.437926][ T5392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.449308][ T5392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.477406][ T5392] team0: Port device team_slave_0 added [ 81.486215][ T5392] team0: Port device team_slave_1 added [ 81.509251][ T5392] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.516265][ T5392] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.542287][ T5392] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.555299][ T5392] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.562702][ T5392] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.589433][ T5392] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.623487][ T5392] hsr_slave_0: entered promiscuous mode [ 81.630271][ T5392] hsr_slave_1: entered promiscuous mode [ 82.241394][ T5392] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.254178][ T5392] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.267063][ T5392] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.269430][ T9] cfg80211: failed to load regulatory.db [ 82.284121][ T5392] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.319095][ T5392] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.326330][ T5392] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.334702][ T5392] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.341971][ T5392] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.369077][ T784] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.377451][ T784] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.461257][ T5392] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.490443][ T5392] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.504396][ T4685] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.511663][ T4685] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.542882][ T4685] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.550377][ T4685] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.754753][ T5392] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.819356][ T5392] veth0_vlan: entered promiscuous mode [ 82.835478][ T5392] veth1_vlan: entered promiscuous mode [ 82.880761][ T5392] veth0_macvtap: entered promiscuous mode [ 82.891930][ T5392] veth1_macvtap: entered promiscuous mode [ 82.921358][ T5392] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.941115][ T5392] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.960055][ T5392] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.969052][ T5392] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.980267][ T5392] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.991285][ T5392] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.088385][ T2425] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.108701][ T2425] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.140692][ T2482] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.150102][ T2482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.217225][ T5462] input: syz1 as /devices/virtual/input/input5 [ 83.227202][ T53] Bluetooth: hci0: command tx timeout [ 83.251810][ T5462] [ 83.254711][ T5462] ====================================================== [ 83.261745][ T5462] WARNING: possible circular locking dependency detected [ 83.268833][ T5462] 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0 Not tainted [ 83.275944][ T5462] ------------------------------------------------------ [ 83.283176][ T5462] syz-executor.0/5462 is trying to acquire lock: [ 83.289958][ T5462] ffff88802336a070 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x19c/0x740 [ 83.299854][ T5462] [ 83.299854][ T5462] but task is already holding lock: [ 83.307281][ T5462] ffff8880233680b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x3e4/0xb00 [ 83.316275][ T5462] [ 83.316275][ T5462] which lock already depends on the new lock. [ 83.316275][ T5462] [ 83.326796][ T5462] [ 83.326796][ T5462] the existing dependency chain (in reverse order) is: [ 83.336006][ T5462] [ 83.336006][ T5462] -> #3 (&ff->mutex){+.+.}-{3:3}: [ 83.343249][ T5462] lock_acquire+0x1ed/0x550 [ 83.348302][ T5462] __mutex_lock+0x136/0xd70 [ 83.353460][ T5462] input_ff_flush+0x5e/0x140 [ 83.358595][ T5462] input_flush_device+0x9c/0xc0 [ 83.364090][ T5462] evdev_release+0xf9/0x7d0 [ 83.369157][ T5462] __fput+0x406/0x8b0 [ 83.373665][ T5462] __x64_sys_close+0x7f/0x110 [ 83.378966][ T5462] do_syscall_64+0xf3/0x230 [ 83.383989][ T5462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.390510][ T5462] [ 83.390510][ T5462] -> #2 (&dev->mutex#2){+.+.}-{3:3}: [ 83.397983][ T5462] lock_acquire+0x1ed/0x550 [ 83.402997][ T5462] __mutex_lock+0x136/0xd70 [ 83.408016][ T5462] input_register_handle+0x6d/0x3b0 [ 83.413828][ T5462] kbd_connect+0xbf/0x130 [ 83.418680][ T5462] input_register_device+0xcf3/0x1090 [ 83.424568][ T5462] acpi_button_add+0x6c6/0xb90 [ 83.430202][ T5462] acpi_device_probe+0xa5/0x2b0 [ 83.435571][ T5462] really_probe+0x2b8/0xad0 [ 83.440601][ T5462] __driver_probe_device+0x1a2/0x390 [ 83.446397][ T5462] driver_probe_device+0x50/0x430 [ 83.451932][ T5462] __driver_attach+0x45f/0x710 [ 83.457470][ T5462] bus_for_each_dev+0x239/0x2b0 [ 83.462843][ T5462] bus_add_driver+0x346/0x670 [ 83.468026][ T5462] driver_register+0x23a/0x320 [ 83.473332][ T5462] do_one_initcall+0x248/0x880 [ 83.478632][ T5462] do_initcall_level+0x157/0x210 [ 83.484124][ T5462] do_initcalls+0x3f/0x80 [ 83.488981][ T5462] kernel_init_freeable+0x435/0x5d0 [ 83.494728][ T5462] kernel_init+0x1d/0x2b0 [ 83.499605][ T5462] ret_from_fork+0x4b/0x80 [ 83.504711][ T5462] ret_from_fork_asm+0x1a/0x30 [ 83.509993][ T5462] [ 83.509993][ T5462] -> #1 (input_mutex){+.+.}-{3:3}: [ 83.517553][ T5462] lock_acquire+0x1ed/0x550 [ 83.522594][ T5462] __mutex_lock+0x136/0xd70 [ 83.527636][ T5462] input_register_device+0xade/0x1090 [ 83.533522][ T5462] uinput_create_device+0x40e/0x630 [ 83.539235][ T5462] uinput_ioctl_handler+0x48b/0x1770 [ 83.545377][ T5462] __se_sys_ioctl+0xfc/0x170 [ 83.550565][ T5462] do_syscall_64+0xf3/0x230 [ 83.555578][ T5462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.561982][ T5462] [ 83.561982][ T5462] -> #0 (&newdev->mutex){+.+.}-{3:3}: [ 83.569531][ T5462] validate_chain+0x18e0/0x5900 [ 83.574899][ T5462] __lock_acquire+0x1346/0x1fd0 [ 83.580543][ T5462] lock_acquire+0x1ed/0x550 [ 83.585750][ T5462] __mutex_lock+0x136/0xd70 [ 83.590875][ T5462] uinput_request_submit+0x19c/0x740 [ 83.596677][ T5462] uinput_dev_upload_effect+0x199/0x240 [ 83.602743][ T5462] input_ff_upload+0x5df/0xb00 [ 83.608102][ T5462] evdev_ioctl_handler+0x17d0/0x21b0 [ 83.613900][ T5462] __se_sys_ioctl+0xfc/0x170 [ 83.618998][ T5462] do_syscall_64+0xf3/0x230 [ 83.624268][ T5462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.630671][ T5462] [ 83.630671][ T5462] other info that might help us debug this: [ 83.630671][ T5462] [ 83.640973][ T5462] Chain exists of: [ 83.640973][ T5462] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 83.640973][ T5462] [ 83.653405][ T5462] Possible unsafe locking scenario: [ 83.653405][ T5462] [ 83.660844][ T5462] CPU0 CPU1 [ 83.666199][ T5462] ---- ---- [ 83.671686][ T5462] lock(&ff->mutex); [ 83.675680][ T5462] lock(&dev->mutex#2); [ 83.682477][ T5462] lock(&ff->mutex); [ 83.689070][ T5462] lock(&newdev->mutex); [ 83.693402][ T5462] [ 83.693402][ T5462] *** DEADLOCK *** [ 83.693402][ T5462] [ 83.701529][ T5462] 2 locks held by syz-executor.0/5462: [ 83.706974][ T5462] #0: ffff8880286f9110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x125/0x21b0 [ 83.716906][ T5462] #1: ffff8880233680b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x3e4/0xb00 [ 83.726121][ T5462] [ 83.726121][ T5462] stack backtrace: [ 83.732035][ T5462] CPU: 1 PID: 5462 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0 [ 83.742550][ T5462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 83.752712][ T5462] Call Trace: [ 83.756094][ T5462] [ 83.759041][ T5462] dump_stack_lvl+0x241/0x360 [ 83.763723][ T5462] ? __pfx_dump_stack_lvl+0x10/0x10 [ 83.768967][ T5462] ? print_circular_bug+0x130/0x1a0 [ 83.774252][ T5462] check_noncircular+0x36a/0x4a0 [ 83.779447][ T5462] ? __pfx_check_noncircular+0x10/0x10 [ 83.784894][ T5462] ? lockdep_lock+0x123/0x2b0 [ 83.789560][ T5462] ? stack_trace_save+0x118/0x1d0 [ 83.794573][ T5462] ? __pfx_stack_trace_save+0x10/0x10 [ 83.799956][ T5462] ? check_noncircular+0x259/0x4a0 [ 83.805500][ T5462] validate_chain+0x18e0/0x5900 [ 83.810702][ T5462] ? __pfx_check_noncircular+0x10/0x10 [ 83.816252][ T5462] ? __pfx_validate_chain+0x10/0x10 [ 83.821447][ T5462] ? __pfx_validate_chain+0x10/0x10 [ 83.826663][ T5462] ? stack_trace_save+0x118/0x1d0 [ 83.831679][ T5462] ? __pfx_stack_trace_save+0x10/0x10 [ 83.837039][ T5462] ? mark_lock+0x9a/0x350 [ 83.841358][ T5462] __lock_acquire+0x1346/0x1fd0 [ 83.846229][ T5462] lock_acquire+0x1ed/0x550 [ 83.850754][ T5462] ? uinput_request_submit+0x19c/0x740 [ 83.856208][ T5462] ? __pfx_lock_acquire+0x10/0x10 [ 83.861309][ T5462] ? __pfx___might_resched+0x10/0x10 [ 83.866614][ T5462] __mutex_lock+0x136/0xd70 [ 83.871116][ T5462] ? uinput_request_submit+0x19c/0x740 [ 83.876564][ T5462] ? uinput_request_alloc_id+0x3c5/0x3f0 [ 83.882188][ T5462] ? do_raw_spin_lock+0x14f/0x370 [ 83.887229][ T5462] ? __pfx_lock_release+0x10/0x10 [ 83.892241][ T5462] ? uinput_request_submit+0x19c/0x740 [ 83.897774][ T5462] ? __pfx___mutex_lock+0x10/0x10 [ 83.903312][ T5462] ? _raw_spin_unlock+0x28/0x50 [ 83.908204][ T5462] ? uinput_request_alloc_id+0x3c5/0x3f0 [ 83.913839][ T5462] uinput_request_submit+0x19c/0x740 [ 83.919155][ T5462] ? __pfx_uinput_request_submit+0x10/0x10 [ 83.924981][ T5462] ? __pfx___mutex_trylock_common+0x10/0x10 [ 83.930895][ T5462] ? rcu_is_watching+0x15/0xb0 [ 83.935750][ T5462] uinput_dev_upload_effect+0x199/0x240 [ 83.941286][ T5462] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 83.947437][ T5462] input_ff_upload+0x5df/0xb00 [ 83.952222][ T5462] evdev_ioctl_handler+0x17d0/0x21b0 [ 83.957555][ T5462] ? tomoyo_path_number_perm+0x208/0x880 [ 83.963339][ T5462] ? __pfx_evdev_ioctl_handler+0x10/0x10 [ 83.969088][ T5462] ? bpf_lsm_file_ioctl+0x9/0x10 [ 83.974024][ T5462] ? security_file_ioctl+0x87/0xb0 [ 83.979220][ T5462] ? __pfx_evdev_ioctl+0x10/0x10 [ 83.984170][ T5462] __se_sys_ioctl+0xfc/0x170 [ 83.988951][ T5462] do_syscall_64+0xf3/0x230 [ 83.993476][ T5462] ? clear_bhb_loop+0x35/0x90 [ 83.998185][ T5462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.004092][ T5462] RIP: 0033:0x7fba0ea7dca9 [ 84.008501][ T5462] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 84.028148][ T5462] RSP: 002b:00007fba0f7f20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.036573][ T5462] RAX: ffffffffffffffda RBX: 00007fba0ebabf80 RCX: 00007fba0ea7dca9 [ 84.044558][ T5462] RDX: 0000000020000300 RSI: 0000000040304580 RDI: 0000000000000004 [ 84.052624][ T5462] RBP: 00007fba0eac947e R08: 0000000000000000 R09: 0000000000000000 [ 84.060683][ T5462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.068842][ T5462] R13: 000000000000000b R14: 00007fba0ebabf80 R15: 00007fffbce6bcf8 [ 84.077389][ T5462] [ 84.248860][ T5479] input: syz1 as /devices/virtual/input/input6 [ 85.110235][ T5548] input: syz1 as /devices/virtual/input/input7 [ 85.305920][ T53] Bluetooth: hci0: command tx timeout [ 85.975544][ T5617] input: syz1 as /devices/virtual/input/input8 2024/05/29 02:10:21 executed programs: 4 [ 86.844054][ T5685] input: syz1 as /devices/virtual/input/input9 [ 87.395843][ T53] Bluetooth: hci0: command tx timeout [ 87.678536][ T5394] udevd[5394]: setting mode of /dev/input/event4 to 020660 failed: No such file or directory [ 87.689118][ T5394] udevd[5394]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 87.738455][ T5756] input: syz1 as /devices/virtual/input/input10 [ 88.581035][ T5758] input: syz1 as /devices/virtual/input/input11 [ 89.437216][ T5760] input: syz1 as /devices/virtual/input/input12 [ 89.475881][ T53] Bluetooth: hci0: command tx timeout [ 90.295519][ T5762] input: syz1 as /devices/virtual/input/input13 [ 91.146686][ T5764] input: syz1 as /devices/virtual/input/input14 2024/05/29 02:10:27 executed programs: 10 [ 91.999854][ T5766] input: syz1 as /devices/virtual/input/input15 [ 92.830177][ T5394] udevd[5394]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 92.859292][ T5768] input: syz1 as /devices/virtual/input/input16