Warning: Permanently added '10.128.10.3' (ED25519) to the list of known hosts. 2023/11/15 07:57:56 ignoring optional flag "sandboxArg"="0" 2023/11/15 07:57:56 parsed 1 programs 2023/11/15 07:57:58 executed programs: 0 [ 104.800544][ T5421] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 104.866743][ T5077] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 104.876617][ T5077] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 104.887260][ T5077] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 104.895967][ T5077] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 104.905497][ T5077] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 104.913149][ T5077] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 105.091415][ T5427] chnl_net:caif_netlink_parms(): no params data found [ 105.185954][ T5427] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.193842][ T5427] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.201546][ T5427] bridge_slave_0: entered allmulticast mode [ 105.209520][ T5427] bridge_slave_0: entered promiscuous mode [ 105.220919][ T5427] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.229818][ T5427] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.239207][ T5427] bridge_slave_1: entered allmulticast mode [ 105.246576][ T5427] bridge_slave_1: entered promiscuous mode [ 105.286318][ T5427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.299534][ T5427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.339888][ T5427] team0: Port device team_slave_0 added [ 105.349437][ T5427] team0: Port device team_slave_1 added [ 105.382788][ T5427] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.390469][ T5427] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.417721][ T5427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.430877][ T5427] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.438038][ T5427] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.465771][ T5427] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.517017][ T5427] hsr_slave_0: entered promiscuous mode [ 105.524430][ T5427] hsr_slave_1: entered promiscuous mode [ 106.473550][ T5427] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.500716][ T5427] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.515935][ T5427] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.531680][ T5427] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.683787][ T5427] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.717435][ T5427] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.736779][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.744467][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.774068][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.781687][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.856560][ T5427] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 106.970960][ T5077] Bluetooth: hci0: command 0x0409 tx timeout [ 107.080254][ T5427] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.156736][ T5427] veth0_vlan: entered promiscuous mode [ 107.177794][ T5427] veth1_vlan: entered promiscuous mode [ 107.237727][ T5427] veth0_macvtap: entered promiscuous mode [ 107.255092][ T5427] veth1_macvtap: entered promiscuous mode [ 107.284873][ T5427] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.305542][ T5427] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.328841][ T5427] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.337705][ T5427] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.350437][ T5427] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.360288][ T5427] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.491857][ T1081] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.509901][ T1081] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.559576][ T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.568502][ T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.672032][ T5493] [ 107.674405][ T5493] ====================================================== [ 107.681790][ T5493] WARNING: possible circular locking dependency detected [ 107.688821][ T5493] 6.7.0-rc1-syzkaller-00019-gc42d9eeef8e5 #0 Not tainted [ 107.695945][ T5493] ------------------------------------------------------ [ 107.703073][ T5493] syz-executor.0/5493 is trying to acquire lock: [ 107.709800][ T5493] ffff88801ccf1108 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 107.719508][ T5493] [ 107.719508][ T5493] but task is already holding lock: [ 107.727435][ T5493] ffffffff8ef37888 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x16e/0x570 [ 107.737768][ T5493] [ 107.737768][ T5493] which lock already depends on the new lock. [ 107.737768][ T5493] [ 107.749253][ T5493] [ 107.749253][ T5493] the existing dependency chain (in reverse order) is: [ 107.758900][ T5493] [ 107.758900][ T5493] -> #3 (rfkill_global_mutex){+.+.}-{3:3}: [ 107.767838][ T5493] __mutex_lock+0x181/0x1340 [ 107.773182][ T5493] rfkill_register+0x3a/0xb30 [ 107.778888][ T5493] hci_register_dev+0x43a/0xd40 [ 107.784635][ T5493] __vhci_create_device+0x393/0x800 [ 107.790638][ T5493] vhci_write+0x2c7/0x470 [ 107.796280][ T5493] vfs_write+0x64f/0xdf0 [ 107.801062][ T5493] ksys_write+0x12f/0x250 [ 107.806091][ T5493] do_syscall_64+0x3f/0x110 [ 107.811234][ T5493] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 107.818216][ T5493] [ 107.818216][ T5493] -> #2 (&data->open_mutex){+.+.}-{3:3}: [ 107.826311][ T5493] __mutex_lock+0x181/0x1340 [ 107.831523][ T5493] vhci_send_frame+0x67/0xa0 [ 107.836761][ T5493] hci_send_frame+0x220/0x470 [ 107.841965][ T5493] hci_tx_work+0x1456/0x1e40 [ 107.847160][ T5493] process_one_work+0x884/0x15c0 [ 107.852622][ T5493] worker_thread+0x8b9/0x1290 [ 107.858081][ T5493] kthread+0x33c/0x440 [ 107.862672][ T5493] ret_from_fork+0x45/0x80 [ 107.867806][ T5493] ret_from_fork_asm+0x11/0x20 [ 107.873095][ T5493] [ 107.873095][ T5493] -> #1 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 107.882304][ T5493] __flush_work+0x103/0xa10 [ 107.887335][ T5493] hci_dev_close_sync+0x22d/0x1160 [ 107.892991][ T5493] hci_dev_do_close+0x2e/0x90 [ 107.898218][ T5493] hci_unregister_dev+0x1eb/0x600 [ 107.903777][ T5493] vhci_release+0x7f/0x100 [ 107.908728][ T5493] __fput+0x270/0xbb0 [ 107.913247][ T5493] task_work_run+0x14d/0x240 [ 107.918371][ T5493] do_exit+0xa92/0x2ae0 [ 107.923054][ T5493] do_group_exit+0xd4/0x2a0 [ 107.928081][ T5493] get_signal+0x23ba/0x2790 [ 107.933127][ T5493] arch_do_signal_or_restart+0x90/0x7f0 [ 107.939211][ T5493] exit_to_user_mode_prepare+0x11f/0x240 [ 107.945361][ T5493] syscall_exit_to_user_mode+0x1d/0x60 [ 107.951349][ T5493] do_syscall_64+0x4b/0x110 [ 107.956396][ T5493] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 107.962823][ T5493] [ 107.962823][ T5493] -> #0 (&hdev->req_lock){+.+.}-{3:3}: [ 107.970484][ T5493] __lock_acquire+0x2e3d/0x5de0 [ 107.975900][ T5493] lock_acquire+0x1ae/0x510 [ 107.981039][ T5493] __mutex_lock+0x181/0x1340 [ 107.986157][ T5493] hci_dev_do_close+0x26/0x90 [ 107.992249][ T5493] hci_rfkill_set_block+0x1b9/0x200 [ 107.998236][ T5493] rfkill_set_block+0x200/0x550 [ 108.003642][ T5493] rfkill_fop_write+0x2d4/0x570 [ 108.009372][ T5493] vfs_write+0x2a4/0xdf0 [ 108.014236][ T5493] ksys_write+0x1f0/0x250 [ 108.019531][ T5493] do_syscall_64+0x3f/0x110 [ 108.025089][ T5493] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 108.031777][ T5493] [ 108.031777][ T5493] other info that might help us debug this: [ 108.031777][ T5493] [ 108.042348][ T5493] Chain exists of: [ 108.042348][ T5493] &hdev->req_lock --> &data->open_mutex --> rfkill_global_mutex [ 108.042348][ T5493] [ 108.056270][ T5493] Possible unsafe locking scenario: [ 108.056270][ T5493] [ 108.063797][ T5493] CPU0 CPU1 [ 108.069429][ T5493] ---- ---- [ 108.075140][ T5493] lock(rfkill_global_mutex); [ 108.080015][ T5493] lock(&data->open_mutex); [ 108.087130][ T5493] lock(rfkill_global_mutex); [ 108.095594][ T5493] lock(&hdev->req_lock); [ 108.100013][ T5493] [ 108.100013][ T5493] *** DEADLOCK *** [ 108.100013][ T5493] [ 108.108336][ T5493] 1 lock held by syz-executor.0/5493: [ 108.113875][ T5493] #0: ffffffff8ef37888 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x16e/0x570 [ 108.124079][ T5493] [ 108.124079][ T5493] stack backtrace: [ 108.130401][ T5493] CPU: 0 PID: 5493 Comm: syz-executor.0 Not tainted 6.7.0-rc1-syzkaller-00019-gc42d9eeef8e5 #0 [ 108.140830][ T5493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 108.150989][ T5493] Call Trace: [ 108.154455][ T5493] [ 108.157570][ T5493] dump_stack_lvl+0xd9/0x1b0 [ 108.162212][ T5493] check_noncircular+0x311/0x3f0 [ 108.167191][ T5493] ? print_circular_bug+0x750/0x750 [ 108.172456][ T5493] ? reacquire_held_locks+0x4b0/0x4b0 [ 108.179297][ T5493] ? mark_lock+0x105/0x1950 [ 108.183911][ T5493] __lock_acquire+0x2e3d/0x5de0 [ 108.188829][ T5493] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 108.194840][ T5493] ? __lock_acquire+0x182f/0x5de0 [ 108.199876][ T5493] lock_acquire+0x1ae/0x510 [ 108.204830][ T5493] ? hci_dev_do_close+0x26/0x90 [ 108.209774][ T5493] ? lock_sync+0x190/0x190 [ 108.214208][ T5493] ? preempt_count_sub+0x150/0x150 [ 108.219498][ T5493] __mutex_lock+0x181/0x1340 [ 108.226076][ T5493] ? hci_dev_do_close+0x26/0x90 [ 108.231157][ T5493] ? hci_dev_do_close+0x26/0x90 [ 108.236199][ T5493] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 108.241924][ T5493] ? lock_acquire+0x1ae/0x510 [ 108.246869][ T5493] ? find_held_lock+0x2d/0x110 [ 108.251996][ T5493] ? rfkill_set_block+0x195/0x550 [ 108.257403][ T5493] ? reacquire_held_locks+0x4b0/0x4b0 [ 108.263169][ T5493] ? hci_dev_do_close+0x26/0x90 [ 108.268308][ T5493] hci_dev_do_close+0x26/0x90 [ 108.273286][ T5493] hci_rfkill_set_block+0x1b9/0x200 [ 108.278774][ T5493] ? lockdep_hardirqs_on+0x7d/0x100 [ 108.284168][ T5493] ? hci_power_on+0x670/0x670 [ 108.289490][ T5493] rfkill_set_block+0x200/0x550 [ 108.294554][ T5493] rfkill_fop_write+0x2d4/0x570 [ 108.299625][ T5493] ? rfkill_register+0xb30/0xb30 [ 108.304689][ T5493] ? bpf_lsm_inode_copy_up+0x10/0x10 [ 108.310014][ T5493] ? security_file_permission+0x94/0x100 [ 108.315710][ T5493] vfs_write+0x2a4/0xdf0 [ 108.319997][ T5493] ? rfkill_register+0xb30/0xb30 [ 108.325220][ T5493] ? kernel_write+0x6c0/0x6c0 [ 108.330280][ T5493] ? __might_fault+0xe6/0x1a0 [ 108.335002][ T5493] ? __fget_files+0x1c6/0x340 [ 108.339811][ T5493] ? __fget_light+0xe6/0x260 [ 108.344533][ T5493] ksys_write+0x1f0/0x250 [ 108.349075][ T5493] ? __ia32_sys_read+0xb0/0xb0 [ 108.355531][ T5493] ? syscall_enter_from_user_mode+0x26/0x80 [ 108.363097][ T5493] do_syscall_64+0x3f/0x110 [ 108.367804][ T5493] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 108.375981][ T5493] RIP: 0033:0x7f3f7767cae9 [ 108.381385][ T5493] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 108.403537][ T5493] RSP: 002b:00007f3f784bb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 108.412682][ T5493] RAX: ffffffffffffffda RBX: 00007f3f7779bf80 RCX: 00007f3f7767cae9 [ 108.421123][ T5493] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003 [ 108.429581][ T5493] RBP: 00007f3f776c847a R08: 0000000000000000 R09: 0000000000000000 [ 108.438256][ T5493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.446508][ T5493] R13: 000000000000000b R14: 00007f3f7779bf80 R15: 00007ffcc7902e88 [ 108.454581][ T5493] 2023/11/15 07:58:03 executed programs: 56 2023/11/15 07:58:08 executed programs: 279