Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts. 2022/12/08 12:32:54 ignoring optional flag "sandboxArg"="0" 2022/12/08 12:32:54 parsed 1 programs 2022/12/08 12:32:54 executed programs: 0 [ 75.690414][ T4084] cgroup: Unknown subsys name 'net' [ 75.699281][ T4084] cgroup: Unknown subsys name 'rlimit' [ 76.523154][ T14] cfg80211: failed to load regulatory.db [ 76.847196][ T3635] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.855376][ T3635] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.863495][ T3635] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.871420][ T3635] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.880003][ T3635] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.887402][ T3635] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.896290][ T4091] Bluetooth: hci0: HCI_REQ-0x0c1a [ 76.966431][ T4091] chnl_net:caif_netlink_parms(): no params data found [ 77.007698][ T4091] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.014986][ T4091] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.023789][ T4091] device bridge_slave_0 entered promiscuous mode [ 77.032188][ T4091] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.039384][ T4091] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.047879][ T4091] device bridge_slave_1 entered promiscuous mode [ 77.070390][ T4091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.081406][ T4091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.104483][ T4091] team0: Port device team_slave_0 added [ 77.111878][ T4091] team0: Port device team_slave_1 added [ 77.129991][ T4091] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.137036][ T4091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.163266][ T4091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.175434][ T4091] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.182487][ T4091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.208670][ T4091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.235091][ T4091] device hsr_slave_0 entered promiscuous mode [ 77.241954][ T4091] device hsr_slave_1 entered promiscuous mode [ 77.305193][ T4091] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.312362][ T4091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.319646][ T4091] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.326771][ T4091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.366876][ T4091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.379073][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.388333][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.397003][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.405032][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 77.417075][ T4091] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.426931][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.436130][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.443342][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.463799][ T3632] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.472575][ T3632] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.479814][ T3632] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.488596][ T3632] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.505273][ T4091] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 77.518569][ T4091] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.531166][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.539432][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.548333][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.557061][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.570120][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.586708][ T4091] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.594343][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.602188][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.942574][ T2016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.952097][ T2016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.960883][ T2016] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.969133][ T2016] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.980465][ T4091] device veth0_vlan entered promiscuous mode [ 77.991091][ T4091] device veth1_vlan entered promiscuous mode [ 78.009765][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 78.018789][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.029120][ T4091] device veth0_macvtap entered promiscuous mode [ 78.040749][ T4091] device veth1_macvtap entered promiscuous mode [ 78.058850][ T4091] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.066854][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 78.075353][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 78.083542][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.092255][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.103894][ T4091] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.115378][ T2016] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.124282][ T2016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.175558][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.191263][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.206053][ T2016] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.215681][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.223900][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.233393][ T2016] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 78.922805][ T3635] Bluetooth: hci0: command 0x0409 tx timeout [ 79.101620][ T4111] [ 79.103984][ T4111] ====================================================== [ 79.111080][ T4111] WARNING: possible circular locking dependency detected [ 79.118202][ T4111] 6.1.0-rc8-syzkaller-00018-g479174d402bc #0 Not tainted [ 79.125219][ T4111] ------------------------------------------------------ [ 79.132221][ T4111] syz-executor.0/4111 is trying to acquire lock: [ 79.138704][ T4111] ffff88801fc7b130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x52/0x2f0 [ 79.150263][ T4111] [ 79.150263][ T4111] but task is already holding lock: [ 79.158337][ T4111] ffff88806ddb1528 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x276/0x470 [ 79.167298][ T4111] [ 79.167298][ T4111] which lock already depends on the new lock. [ 79.167298][ T4111] [ 79.177722][ T4111] [ 79.177722][ T4111] the existing dependency chain (in reverse order) is: [ 79.186718][ T4111] [ 79.186718][ T4111] -> #2 (&d->lock){+.+.}-{3:3}: [ 79.193755][ T4111] lock_acquire+0x1a7/0x400 [ 79.198770][ T4111] __mutex_lock_common+0x1de/0x26c0 [ 79.204495][ T4111] mutex_lock_nested+0x17/0x20 [ 79.210104][ T4111] __rfcomm_dlc_close+0x276/0x470 [ 79.215656][ T4111] rfcomm_dlc_close+0x10d/0x1c0 [ 79.221210][ T4111] __rfcomm_sock_close+0x101/0x220 [ 79.226926][ T4111] rfcomm_sock_shutdown+0xad/0x230 [ 79.232637][ T4111] rfcomm_sock_release+0x55/0x120 [ 79.238186][ T4111] sock_close+0xd7/0x260 [ 79.242937][ T4111] __fput+0x3ba/0x880 [ 79.247520][ T4111] task_work_run+0x243/0x300 [ 79.252625][ T4111] get_signal+0x1642/0x1810 [ 79.257820][ T4111] arch_do_signal_or_restart+0x8d/0x750 [ 79.263874][ T4111] exit_to_user_mode_loop+0x74/0x160 [ 79.269701][ T4111] exit_to_user_mode_prepare+0xad/0x110 [ 79.276128][ T4111] syscall_exit_to_user_mode+0x2e/0x60 [ 79.282115][ T4111] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.288521][ T4111] [ 79.288521][ T4111] -> #1 (rfcomm_mutex){+.+.}-{3:3}: [ 79.295898][ T4111] lock_acquire+0x1a7/0x400 [ 79.301107][ T4111] __mutex_lock_common+0x1de/0x26c0 [ 79.306820][ T4111] mutex_lock_nested+0x17/0x20 [ 79.312096][ T4111] rfcomm_dlc_open+0x25/0x50 [ 79.317196][ T4111] rfcomm_sock_connect+0x285/0x470 [ 79.322819][ T4111] __sys_connect+0x29b/0x2d0 [ 79.328111][ T4111] __x64_sys_connect+0x76/0x80 [ 79.333405][ T4111] do_syscall_64+0x2b/0x70 [ 79.338347][ T4111] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.344780][ T4111] [ 79.344780][ T4111] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}: [ 79.354248][ T4111] validate_chain+0x184a/0x6470 [ 79.359626][ T4111] __lock_acquire+0x1292/0x1f60 [ 79.365006][ T4111] lock_acquire+0x1a7/0x400 [ 79.370017][ T4111] lock_sock_nested+0x44/0xf0 [ 79.375294][ T4111] rfcomm_sk_state_change+0x52/0x2f0 [ 79.381097][ T4111] __rfcomm_dlc_close+0x2bb/0x470 [ 79.386642][ T4111] rfcomm_dlc_close+0x10d/0x1c0 [ 79.392003][ T4111] __rfcomm_sock_close+0x101/0x220 [ 79.397725][ T4111] rfcomm_sock_shutdown+0xad/0x230 [ 79.403358][ T4111] rfcomm_sock_release+0x55/0x120 [ 79.408896][ T4111] sock_close+0xd7/0x260 [ 79.413820][ T4111] __fput+0x3ba/0x880 [ 79.418319][ T4111] task_work_run+0x243/0x300 [ 79.423423][ T4111] get_signal+0x1642/0x1810 [ 79.428529][ T4111] arch_do_signal_or_restart+0x8d/0x750 [ 79.434675][ T4111] exit_to_user_mode_loop+0x74/0x160 [ 79.440670][ T4111] exit_to_user_mode_prepare+0xad/0x110 [ 79.447118][ T4111] syscall_exit_to_user_mode+0x2e/0x60 [ 79.453220][ T4111] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.459651][ T4111] [ 79.459651][ T4111] other info that might help us debug this: [ 79.459651][ T4111] [ 79.469893][ T4111] Chain exists of: [ 79.469893][ T4111] sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock [ 79.469893][ T4111] [ 79.484360][ T4111] Possible unsafe locking scenario: [ 79.484360][ T4111] [ 79.491843][ T4111] CPU0 CPU1 [ 79.497230][ T4111] ---- ---- [ 79.502588][ T4111] lock(&d->lock); [ 79.506474][ T4111] lock(rfcomm_mutex); [ 79.513311][ T4111] lock(&d->lock); [ 79.519746][ T4111] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 79.525940][ T4111] [ 79.525940][ T4111] *** DEADLOCK *** [ 79.525940][ T4111] [ 79.534164][ T4111] 3 locks held by syz-executor.0/4111: [ 79.539608][ T4111] #0: ffff888071ff4a10 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: sock_close+0x93/0x260 [ 79.550226][ T4111] #1: ffffffff8e5df5c8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x32/0x1c0 [ 79.559614][ T4111] #2: ffff88806ddb1528 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x276/0x470 [ 79.569054][ T4111] [ 79.569054][ T4111] stack backtrace: [ 79.575021][ T4111] CPU: 0 PID: 4111 Comm: syz-executor.0 Not tainted 6.1.0-rc8-syzkaller-00018-g479174d402bc #0 [ 79.587393][ T4111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 79.597982][ T4111] Call Trace: [ 79.601346][ T4111] [ 79.604277][ T4111] dump_stack_lvl+0x1e3/0x2cb [ 79.609221][ T4111] ? nf_tcp_handle_invalid+0x62e/0x62e [ 79.614791][ T4111] ? print_circular_bug+0x13e/0x1c0 [ 79.620015][ T4111] check_noncircular+0x2f9/0x3b0 [ 79.624966][ T4111] ? add_chain_block+0x850/0x850 [ 79.630113][ T4111] ? lockdep_lock+0x11d/0x2a0 [ 79.634801][ T4111] ? _find_first_zero_bit+0xe8/0x110 [ 79.640259][ T4111] validate_chain+0x184a/0x6470 [ 79.645369][ T4111] ? reacquire_held_locks+0x680/0x680 [ 79.650819][ T4111] ? mark_lock+0x9a/0x350 [ 79.655138][ T4111] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 79.661128][ T4111] ? print_irqtrace_events+0x220/0x220 [ 79.666596][ T4111] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 79.672944][ T4111] ? lockdep_hardirqs_on+0x95/0x140 [ 79.678145][ T4111] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 79.684304][ T4111] ? mark_lock+0x9a/0x350 [ 79.688631][ T4111] __lock_acquire+0x1292/0x1f60 [ 79.693480][ T4111] lock_acquire+0x1a7/0x400 [ 79.698169][ T4111] ? rfcomm_sk_state_change+0x52/0x2f0 [ 79.703721][ T4111] ? read_lock_is_recursive+0x10/0x10 [ 79.709182][ T4111] ? __mutex_lock_common+0x45d/0x26c0 [ 79.714602][ T4111] ? del_timer+0x340/0x3d0 [ 79.719015][ T4111] ? __rfcomm_dlc_close+0x276/0x470 [ 79.724324][ T4111] ? mutex_lock_io_nested+0x60/0x60 [ 79.729524][ T4111] lock_sock_nested+0x44/0xf0 [ 79.734232][ T4111] ? rfcomm_sk_state_change+0x52/0x2f0 [ 79.739775][ T4111] rfcomm_sk_state_change+0x52/0x2f0 [ 79.745247][ T4111] __rfcomm_dlc_close+0x2bb/0x470 [ 79.750358][ T4111] rfcomm_dlc_close+0x10d/0x1c0 [ 79.755295][ T4111] __rfcomm_sock_close+0x101/0x220 [ 79.760408][ T4111] rfcomm_sock_shutdown+0xad/0x230 [ 79.765517][ T4111] rfcomm_sock_release+0x55/0x120 [ 79.770675][ T4111] sock_close+0xd7/0x260 [ 79.774957][ T4111] ? __fput+0x3b2/0x880 [ 79.779111][ T4111] ? sock_mmap+0x90/0x90 [ 79.783519][ T4111] __fput+0x3ba/0x880 [ 79.787500][ T4111] task_work_run+0x243/0x300 [ 79.792096][ T4111] ? task_work_cancel+0x290/0x290 [ 79.797121][ T4111] get_signal+0x1642/0x1810 [ 79.801619][ T4111] ? kick_process+0xd6/0x140 [ 79.806378][ T4111] ? task_work_add+0x2e6/0x340 [ 79.811133][ T4111] ? rcu_lock_release+0x20/0x20 [ 79.816003][ T4111] ? ptrace_notify+0x340/0x340 [ 79.820860][ T4111] arch_do_signal_or_restart+0x8d/0x750 [ 79.826762][ T4111] ? __sys_connect+0x157/0x2d0 [ 79.831527][ T4111] ? get_sigframe_size+0x10/0x10 [ 79.836460][ T4111] ? exit_to_user_mode_loop+0x42/0x160 [ 79.841915][ T4111] exit_to_user_mode_loop+0x74/0x160 [ 79.847303][ T4111] exit_to_user_mode_prepare+0xad/0x110 [ 79.852843][ T4111] syscall_exit_to_user_mode+0x2e/0x60 [ 79.858385][ T4111] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.864266][ T4111] RIP: 0033:0x7ffa18689049 [ 79.868844][ T4111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 79.888525][ T4111] RSP: 002b:00007ffa197db168 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 79.897017][ T4111] RAX: fffffffffffffffc RBX: 00007ffa1879bf60 RCX: 00007ffa18689049 [ 79.904985][ T4111] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004 [ 79.912947][ T4111] RBP: 00007ffa186e308d R08: 0000000000000000 R09: 0000000000000000 [ 79.921087][ T4111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 79.929051][ T4111] R13: 00007ffc9cd21c3f R14: 00007ffa197db300 R15: 0000000000022000 [ 79.937200][ T4111] 2022/12/08 12:32:59 executed programs: 2 [ 81.001727][ T3635] Bluetooth: hci0: command 0x041b tx timeout [ 83.092078][ T3635] Bluetooth: hci0: command 0x040f tx timeout [ 85.161818][ T3635] Bluetooth: hci0: command 0x0419 tx timeout 2022/12/08 12:33:04 executed programs: 8 [ 87.241691][ T3635] Bluetooth: hci0: command 0x0405 tx timeout