[ 463.936984][ T650] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.199369][ T650] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.288586][ T650] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. [ 464.401428][ T650] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.641497][ T28] audit: type=1400 audit(1608731118.675:11): avc: denied { execmem } for pid=7510 comm="syz-executor500" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 465.720442][ T7545] IPVS: ftp: loaded support on port[0] = 21 [ 465.740291][ T7544] IPVS: ftp: loaded support on port[0] = 21 [ 465.764360][ T7546] IPVS: ftp: loaded support on port[0] = 21 [ 465.789344][ T7549] IPVS: ftp: loaded support on port[0] = 21 [ 465.805479][ T7550] IPVS: ftp: loaded support on port[0] = 21 [ 465.812521][ T7548] IPVS: ftp: loaded support on port[0] = 21 [ 466.394446][ T650] device hsr_slave_0 left promiscuous mode [ 466.422156][ T650] device hsr_slave_1 left promiscuous mode [ 466.515795][ T650] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 466.528165][ T650] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 466.559182][ T650] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 466.569722][ T650] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 466.589539][ T650] device bridge_slave_1 left promiscuous mode [ 466.606712][ T650] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.653203][ T650] device bridge_slave_0 left promiscuous mode [ 466.659351][ T650] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.732132][ T650] device veth1_macvtap left promiscuous mode [ 466.740025][ T650] device veth0_macvtap left promiscuous mode [ 466.759405][ T650] device veth1_vlan left promiscuous mode [ 466.778733][ T650] device veth0_vlan left promiscuous mode [ 467.751408][ T7437] Bluetooth: hci2: command 0x0409 tx timeout [ 467.758064][ T7437] Bluetooth: hci0: command 0x0409 tx timeout [ 467.831314][ T7472] Bluetooth: hci5: command 0x0409 tx timeout [ 467.831314][ T7437] Bluetooth: hci3: command 0x0409 tx timeout [ 467.862728][ T7437] Bluetooth: hci4: command 0x0409 tx timeout [ 467.883664][ T7437] Bluetooth: hci1: command 0x0409 tx timeout [ 469.836029][ T3583] Bluetooth: hci0: command 0x041b tx timeout [ 469.846336][ T3583] Bluetooth: hci2: command 0x041b tx timeout [ 469.911749][ T3583] Bluetooth: hci1: command 0x041b tx timeout [ 469.922151][ T3583] Bluetooth: hci4: command 0x041b tx timeout [ 469.946227][ T3583] Bluetooth: hci3: command 0x041b tx timeout [ 469.969869][ T3583] Bluetooth: hci5: command 0x041b tx timeout [ 471.926048][ T7472] Bluetooth: hci2: command 0x040f tx timeout [ 471.935083][ T7472] Bluetooth: hci0: command 0x040f tx timeout [ 471.995317][ T7472] Bluetooth: hci3: command 0x040f tx timeout [ 472.002763][ T7472] Bluetooth: hci4: command 0x040f tx timeout [ 472.019980][ T7472] Bluetooth: hci1: command 0x040f tx timeout [ 472.071683][ T7472] Bluetooth: hci5: command 0x040f tx timeout [ 474.001435][ T3583] Bluetooth: hci0: command 0x0419 tx timeout [ 474.018031][ T3583] Bluetooth: hci2: command 0x0419 tx timeout [ 474.071692][ T3583] Bluetooth: hci1: command 0x0419 tx timeout [ 474.095831][ T3583] Bluetooth: hci4: command 0x0419 tx timeout [ 474.136398][ T3583] Bluetooth: hci3: command 0x0419 tx timeout [ 474.182099][ T3583] Bluetooth: hci5: command 0x0419 tx timeout [ 476.112325][ T650] team0 (unregistering): Port device team_slave_1 removed [ 476.147155][ T650] team0 (unregistering): Port device team_slave_0 removed [ 476.186083][ T650] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 476.230956][ T3583] Bluetooth: hci5: command 0x0405 tx timeout [ 476.255666][ T650] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 476.418187][ T650] bond0 (unregistering): Released all slaves [ 480.368718][ T650] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.511417][ T650] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.716957][ T650] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.949959][ T650] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.253592][ T650] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.586772][ T650] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.867190][ T650] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.088168][ T650] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.356517][ T650] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.086326][ T650] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.242953][ T650] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.400399][ T650] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.623847][ T650] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.936023][ T650] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.162045][ T650] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.336203][ T650] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.659549][ T650] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.973722][ T650] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.181993][ T650] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.374158][ T650] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.424055][ T650] device hsr_slave_0 left promiscuous mode [ 494.461440][ T650] device hsr_slave_1 left promiscuous mode [ 494.560528][ T650] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 494.574355][ T650] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 494.584876][ T650] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 494.594657][ T650] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 494.606578][ T650] device bridge_slave_1 left promiscuous mode [ 494.616461][ T650] bridge0: port 2(bridge_slave_1) entered disabled state [ 494.641283][ T650] device bridge_slave_0 left promiscuous mode [ 494.650606][ T650] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.703326][ T650] device hsr_slave_0 left promiscuous mode [ 494.750779][ T650] device hsr_slave_1 left promiscuous mode [ 494.812738][ T650] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 494.821387][ T650] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 494.831917][ T650] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 494.841755][ T650] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 494.855429][ T650] device bridge_slave_1 left promiscuous mode [ 494.865858][ T650] bridge0: port 2(bridge_slave_1) entered disabled state [ 494.914974][ T650] device bridge_slave_0 left promiscuous mode [ 494.921250][ T650] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.972350][ T650] device hsr_slave_0 left promiscuous mode [ 494.994114][ T650] device hsr_slave_1 left promiscuous mode [ 495.070300][ T650] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 495.084397][ T650] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 495.097037][ T650] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 495.106969][ T650] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 495.123211][ T650] device bridge_slave_1 left promiscuous mode [ 495.131449][ T650] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.191385][ T650] device bridge_slave_0 left promiscuous mode [ 495.198850][ T650] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.253884][ T650] device hsr_slave_0 left promiscuous mode [ 495.290224][ T650] device hsr_slave_1 left promiscuous mode [ 495.342876][ T650] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 495.355229][ T650] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 495.366720][ T650] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 495.375403][ T650] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 495.384508][ T650] device bridge_slave_1 left promiscuous mode [ 495.392300][ T650] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.466013][ T650] device bridge_slave_0 left promiscuous mode [ 495.474521][ T650] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.532957][ T650] device hsr_slave_0 left promiscuous mode [ 495.593086][ T650] device hsr_slave_1 left promiscuous mode [ 495.662591][ T650] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 495.672686][ T650] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 495.685347][ T650] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 495.695462][ T650] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 495.706520][ T650] device bridge_slave_1 left promiscuous mode [ 495.719190][ T650] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.774022][ T650] device bridge_slave_0 left promiscuous mode [ 495.782417][ T650] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.850621][ T650] device veth1_macvtap left promiscuous mode [ 495.858754][ T650] device veth0_macvtap left promiscuous mode [ 495.867293][ T650] device veth1_vlan left promiscuous mode [ 495.876271][ T650] device veth0_vlan left promiscuous mode [ 495.981244][ T650] device veth1_macvtap left promiscuous mode [ 495.994315][ T650] device veth0_macvtap left promiscuous mode [ 496.002586][ T650] device veth1_vlan left promiscuous mode [ 496.011478][ T650] device veth0_vlan left promiscuous mode [ 496.120729][ T650] device veth1_macvtap left promiscuous mode [ 496.131234][ T650] device veth0_macvtap left promiscuous mode [ 496.143552][ T650] device veth1_vlan left promiscuous mode [ 496.157907][ T650] device veth0_vlan left promiscuous mode [ 496.272022][ T650] device veth1_macvtap left promiscuous mode [ 496.284224][ T650] device veth0_macvtap left promiscuous mode [ 496.291116][ T650] device veth1_vlan left promiscuous mode [ 496.298847][ T650] device veth0_vlan left promiscuous mode [ 496.421008][ T650] device veth1_macvtap left promiscuous mode [ 496.428879][ T650] device veth0_macvtap left promiscuous mode [ 496.442528][ T650] device veth1_vlan left promiscuous mode [ 496.456665][ T650] device veth0_vlan left promiscuous mode [ 499.057111][ T3618] [ 499.060803][ T3618] ================================ [ 499.066619][ T3618] WARNING: inconsistent lock state [ 499.072760][ T3618] 5.10.0-syzkaller #0 Not tainted [ 499.077958][ T3618] -------------------------------- [ 499.083800][ T3618] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. [ 499.091086][ T3618] syz-executor500/3618 [HC0[0]:SC0[0]:HE1:SE1] takes: [ 499.098515][ T3618] ffff8881ee2250a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at: sco_conn_del.isra.7+0x73/0x120 [ 499.110691][ T3618] {IN-SOFTIRQ-W} state was registered at: [ 499.117226][ T3618] lock_acquire+0xf9/0x420 [ 499.122789][ T3618] _raw_spin_lock+0x2a/0x40 [ 499.128710][ T3618] sco_sock_timeout+0x1d/0x80 [ 499.135114][ T3618] call_timer_fn+0xa5/0x300 [ 499.140648][ T3618] run_timer_softirq+0x20d/0x570 [ 499.145916][ T3618] __do_softirq+0xeb/0x52d [ 499.151422][ T3618] asm_call_irq_on_stack+0xf/0x20 [ 499.157098][ T3618] do_softirq_own_stack+0x7c/0xa0 [ 499.164303][ T3618] irq_exit_rcu+0xec/0x110 [ 499.170368][ T3618] sysvec_apic_timer_interrupt+0x57/0xf0 [ 499.176692][ T3618] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 499.184103][ T3618] native_safe_halt+0xe/0x10 [ 499.189362][ T3618] acpi_idle_do_entry+0x50/0x90 [ 499.195201][ T3618] acpi_idle_enter+0xa0/0xf0 [ 499.200811][ T3618] cpuidle_enter_state+0x94/0x520 [ 499.206194][ T3618] cpuidle_enter+0x24/0x40 [ 499.211502][ T3618] do_idle+0x2dc/0x350 [ 499.216046][ T3618] cpu_startup_entry+0x14/0x20 [ 499.221271][ T3618] start_kernel+0x4f2/0x511 [ 499.225999][ T3618] secondary_startup_64_no_verify+0xb0/0xbb [ 499.233394][ T3618] irq event stamp: 1995 [ 499.237572][ T3618] hardirqs last enabled at (1995): [] _raw_spin_unlock_irq+0x1f/0x50 [ 499.247707][ T3618] hardirqs last disabled at (1994): [] _raw_spin_lock_irq+0x68/0x70 [ 499.257412][ T3618] softirqs last enabled at (0): [] copy_process+0x9bc/0x1d40 [ 499.266929][ T3618] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 499.275137][ T3618] [ 499.275137][ T3618] other info that might help us debug this: [ 499.283260][ T3618] Possible unsafe locking scenario: [ 499.283260][ T3618] [ 499.291134][ T3618] CPU0 [ 499.294414][ T3618] ---- [ 499.297692][ T3618] lock(slock-AF_BLUETOOTH-BTPROTO_SCO); [ 499.303512][ T3618] [ 499.306996][ T3618] lock(slock-AF_BLUETOOTH-BTPROTO_SCO); [ 499.313239][ T3618] [ 499.313239][ T3618] *** DEADLOCK *** [ 499.313239][ T3618] [ 499.321887][ T3618] 3 locks held by syz-executor500/3618: [ 499.329133][ T3618] #0: ffff888114f3cf48 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x62/0x500 [ 499.340028][ T3618] #1: ffff888114f3c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0xf5/0x500 [ 499.349428][ T3618] #2: ffffffff84851208 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0x45/0xc0 [ 499.359849][ T3618] [ 499.359849][ T3618] stack backtrace: [ 499.365976][ T3618] CPU: 1 PID: 3618 Comm: syz-executor500 Not tainted 5.10.0-syzkaller #0 [ 499.375342][ T3618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.385618][ T3618] Call Trace: [ 499.388884][ T3618] dump_stack+0xa3/0xc8 [ 499.393234][ T3618] mark_lock.part.50+0x500/0x550 [ 499.398273][ T3618] ? __lock_acquire+0x4ef/0x1770 [ 499.403419][ T3618] __lock_acquire+0x3b9/0x1770 [ 499.408636][ T3618] lock_acquire+0xf9/0x420 [ 499.413033][ T3618] ? sco_conn_del.isra.7+0x73/0x120 [ 499.418210][ T3618] ? sco_conn_del.isra.7+0x34/0x120 [ 499.424148][ T3618] _raw_spin_lock+0x2a/0x40 [ 499.428710][ T3618] ? sco_conn_del.isra.7+0x73/0x120 [ 499.434670][ T3618] sco_conn_del.isra.7+0x73/0x120 [ 499.439848][ T3618] hci_conn_hash_flush+0x64/0xc0 [ 499.444939][ T3618] hci_dev_do_close+0x1ed/0x500 [ 499.450992][ T3618] hci_unregister_dev+0xc0/0x2c0 [ 499.456396][ T3618] vhci_release+0x2a/0x60 [ 499.462353][ T3618] __fput+0xa1/0x250 [ 499.466445][ T3618] task_work_run+0x68/0xb0 [ 499.472144][ T3618] do_exit+0x42f/0xd20 [ 499.477490][ T3618] ? find_held_lock+0x2d/0x90 [ 499.482410][ T3618] do_group_exit+0x42/0xb0 [ 499.487720][ T3618] get_signal+0x151/0xc40 [ 499.492613][ T3618] arch_do_signal_or_restart+0xaa/0x8f0 [ 499.498386][ T3618] ? __x64_sys_futex+0x93/0x1e0 [ 499.503872][ T3618] exit_to_user_mode_prepare+0x1b7/0x250 [ 499.510966][ T3618] syscall_exit_to_user_mode+0x40/0x80 [ 499.516585][ T3618] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 499.522551][ T3618] RIP: 0033:0x447269 [ 499.526428][ T3618] Code: Unable to access opcode bytes at RIP 0x44723f. [ 499.533655][ T3618] RSP: 002b:00007f7a5dfced88 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 499.542343][ T3618] RAX: fffffffffffffe00 RBX: 00000000006dcc28 RCX: 0000000000447269 [ 499.551033][ T3618] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dcc28 [ 499.559321][ T3618] RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000 [ 499.567471][ T3618] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc2c [ 499.575621][ T3618] R13: 0000000000000004 R14: 0000000000000003 R15: 00007f7a5dfcf6d0 [ 501.590575][ T48] Bluetooth: hci4: command 0x0405 tx timeout [ 501.763598][ T650] team0 (unregistering): Port device team_slave_1 removed [ 501.772716][ T650] team0 (unregistering): Port device team_slave_0 removed [ 501.781415][ T650] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 501.820571][ T650] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 501.901266][ T650] bond0 (unregistering): Released all slaves [ 502.032995][ T650] team0 (unregistering): Port device team_slave_1 removed [ 502.042566][ T650] team0 (unregistering): Port device team_slave_0 removed [ 502.052333][ T650] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 502.100585][ T650] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 502.170561][ T650] bond0 (unregistering): Released all slaves [ 502.283180][ T650] team0 (unregistering): Port device team_slave_1 removed [ 502.293333][ T650] team0 (unregistering): Port device team_slave_0 removed [ 502.304038][ T650] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 502.340797][ T650] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 502.410897][ T650] bond0 (unregistering): Released all slaves [ 502.503656][ T650] team0 (unregistering): Port device team_slave_1 removed [ 502.513613][ T650] team0 (unregistering): Port device team_slave_0 removed [ 502.522112][ T650] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 502.570754][ T650] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 502.641167][ T650] bond0 (unregistering): Released all slaves [ 502.773200][ T650] team0 (unregistering): Port device team_slave_1 removed [ 502.782480][ T650] team0 (unregistering): Port device team_slave_0 removed [ 502.793026][ T650] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 502.820562][ T650] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 502.880783][ T650] bond0 (unregistering): Released all slaves