Warning: Permanently added '10.128.0.40' (ED25519) to the list of known hosts. 1970/01/01 00:00:55 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:55 parsed 1 programs 1970/01/01 00:00:56 executed programs: 0 [ 56.085497][ T5563] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 56.088057][ T5563] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 56.091895][ T5563] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 56.094475][ T5563] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 56.096593][ T5563] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 56.170682][ T6348] chnl_net:caif_netlink_parms(): no params data found [ 56.199927][ T6348] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.201975][ T6348] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.203892][ T6348] bridge_slave_0: entered allmulticast mode [ 56.205948][ T6348] bridge_slave_0: entered promiscuous mode [ 56.210157][ T6348] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.212073][ T6348] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.214001][ T6348] bridge_slave_1: entered allmulticast mode [ 56.216032][ T6348] bridge_slave_1: entered promiscuous mode [ 56.227675][ T6348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.231737][ T6348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.244932][ T6348] team0: Port device team_slave_0 added [ 56.248117][ T6348] team0: Port device team_slave_1 added [ 56.258549][ T6348] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.260652][ T6348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.267137][ T6348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.272456][ T6348] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.274251][ T6348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.281090][ T6348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.330227][ T6348] hsr_slave_0: entered promiscuous mode [ 56.368961][ T6348] hsr_slave_1: entered promiscuous mode [ 57.131640][ T6348] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 57.160220][ T6348] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.200269][ T6348] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.256140][ T6348] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 57.326228][ T6348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.336630][ T6348] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.344364][ T1612] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.346284][ T1612] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.354100][ T6012] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.355904][ T6012] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.463643][ T6348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.486127][ T6348] veth0_vlan: entered promiscuous mode [ 57.492877][ T6348] veth1_vlan: entered promiscuous mode [ 57.511932][ T6348] veth0_macvtap: entered promiscuous mode [ 57.515601][ T6348] veth1_macvtap: entered promiscuous mode [ 57.524675][ T6348] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.532529][ T6348] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.537727][ T6348] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.540555][ T6348] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.542868][ T6348] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.545095][ T6348] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.594555][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.596644][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.617496][ T6012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.620567][ T6012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.179235][ T6000] Bluetooth: hci0: command 0x0409 tx timeout [ 59.057151][ T40] [ 59.057801][ T40] ====================================================== [ 59.059628][ T40] WARNING: possible circular locking dependency detected [ 59.061446][ T40] 6.5.0-rc7-syzkaller-00071-gfe4469582053 #0 Not tainted [ 59.063272][ T40] ------------------------------------------------------ [ 59.065175][ T40] kworker/u4:3/40 is trying to acquire lock: [ 59.066686][ T40] ffff0000de1f2cf0 (&rs->rs_recv_lock){....}-{2:2}, at: rds_wake_sk_sleep+0x34/0xc8 [ 59.069117][ T40] [ 59.069117][ T40] but task is already holding lock: [ 59.071026][ T40] ffff0000dc2fa100 (&rm->m_rs_lock){....}-{2:2}, at: rds_send_remove_from_sock+0x134/0x78c [ 59.073651][ T40] [ 59.073651][ T40] which lock already depends on the new lock. [ 59.073651][ T40] [ 59.076330][ T40] [ 59.076330][ T40] the existing dependency chain (in reverse order) is: [ 59.078590][ T40] [ 59.078590][ T40] -> #1 (&rm->m_rs_lock){....}-{2:2}: [ 59.080586][ T40] _raw_spin_lock_irqsave+0x5c/0x7c [ 59.082045][ T40] rds_message_put+0x130/0xb30 [ 59.083457][ T40] rds_loop_inc_free+0x20/0x30 [ 59.084809][ T40] rds_clear_recv_queue+0x288/0x384 [ 59.086330][ T40] rds_release+0xbc/0x2d0 [ 59.087569][ T40] sock_close+0xb8/0x1fc [ 59.088758][ T40] __fput+0x324/0x824 [ 59.089958][ T40] ____fput+0x20/0x30 [ 59.091115][ T40] task_work_run+0x230/0x2e0 [ 59.092534][ T40] do_notify_resume+0x2180/0x3c90 [ 59.094031][ T40] el0_svc+0xa0/0x16c [ 59.095222][ T40] el0t_64_sync_handler+0x84/0xfc [ 59.096721][ T40] el0t_64_sync+0x190/0x194 [ 59.098021][ T40] [ 59.098021][ T40] -> #0 (&rs->rs_recv_lock){....}-{2:2}: [ 59.100078][ T40] __lock_acquire+0x3370/0x75e8 [ 59.101517][ T40] lock_acquire+0x23c/0x71c [ 59.102766][ T40] _raw_read_lock_irqsave+0x6c/0x8c [ 59.104272][ T40] rds_wake_sk_sleep+0x34/0xc8 [ 59.105649][ T40] rds_send_remove_from_sock+0x1a4/0x78c [ 59.107244][ T40] rds_send_path_drop_acked+0x390/0x3f0 [ 59.108822][ T40] rds_tcp_write_space+0x1a8/0x594 [ 59.110302][ T40] tcp_check_space+0x150/0x888 [ 59.111701][ T40] tcp_rcv_established+0xe14/0x1fc4 [ 59.113320][ T40] tcp_v4_do_rcv+0x3b0/0xe00 [ 59.114672][ T40] __release_sock+0x1a8/0x408 [ 59.116067][ T40] release_sock+0x68/0x1b0 [ 59.117363][ T40] tcp_sock_set_cork+0x100/0x188 [ 59.118751][ T40] rds_tcp_xmit_path_complete+0x7c/0x8c [ 59.120351][ T40] rds_send_xmit+0x1978/0x22a0 [ 59.121848][ T40] rds_send_worker+0x84/0x36c [ 59.123220][ T40] process_one_work+0x800/0x1480 [ 59.124600][ T40] worker_thread+0x8e0/0xfe8 [ 59.125984][ T40] kthread+0x288/0x310 [ 59.127196][ T40] ret_from_fork+0x10/0x20 [ 59.128553][ T40] [ 59.128553][ T40] other info that might help us debug this: [ 59.128553][ T40] [ 59.131319][ T40] Possible unsafe locking scenario: [ 59.131319][ T40] [ 59.133244][ T40] CPU0 CPU1 [ 59.134639][ T40] ---- ---- [ 59.136095][ T40] lock(&rm->m_rs_lock); [ 59.137250][ T40] lock(&rs->rs_recv_lock); [ 59.139024][ T40] lock(&rm->m_rs_lock); [ 59.140854][ T40] rlock(&rs->rs_recv_lock); [ 59.142112][ T40] [ 59.142112][ T40] *** DEADLOCK *** [ 59.142112][ T40] [ 59.144232][ T40] 5 locks held by kworker/u4:3/40: [ 59.145596][ T40] #0: ffff0000d492c138 ((wq_completion)krdsd){+.+.}-{0:0}, at: process_one_work+0x6b4/0x1480 [ 59.148479][ T40] #1: ffff800092f77c20 ((work_completion)(&(&cp->cp_send_w)->work)){+.+.}-{0:0}, at: process_one_work+0x6f0/0x1480 [ 59.151810][ T40] #2: ffff0000c1f96f70 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sock_set_cork+0x38/0x188 [ 59.154387][ T40] #3: ffff0000c1f971f8 (k-clock-AF_INET){++.-}-{2:2}, at: rds_tcp_write_space+0x38/0x594 [ 59.156992][ T40] #4: ffff0000dc2fa100 (&rm->m_rs_lock){....}-{2:2}, at: rds_send_remove_from_sock+0x134/0x78c [ 59.159816][ T40] [ 59.159816][ T40] stack backtrace: [ 59.161365][ T40] CPU: 1 PID: 40 Comm: kworker/u4:3 Not tainted 6.5.0-rc7-syzkaller-00071-gfe4469582053 #0 [ 59.163996][ T40] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 59.166732][ T40] Workqueue: krdsd rds_send_worker [ 59.168085][ T40] Call trace: [ 59.168995][ T40] dump_backtrace+0x1b8/0x1e4 [ 59.170309][ T40] show_stack+0x2c/0x44 [ 59.171428][ T40] dump_stack_lvl+0xd0/0x124 [ 59.172688][ T40] dump_stack+0x1c/0x28 [ 59.173819][ T40] print_circular_bug+0x150/0x1b8 [ 59.175163][ T40] check_noncircular+0x310/0x404 [ 59.176505][ T40] __lock_acquire+0x3370/0x75e8 [ 59.177853][ T40] lock_acquire+0x23c/0x71c [ 59.179036][ T40] _raw_read_lock_irqsave+0x6c/0x8c [ 59.180464][ T40] rds_wake_sk_sleep+0x34/0xc8 [ 59.181804][ T40] rds_send_remove_from_sock+0x1a4/0x78c [ 59.183335][ T40] rds_send_path_drop_acked+0x390/0x3f0 [ 59.184873][ T40] rds_tcp_write_space+0x1a8/0x594 [ 59.186264][ T40] tcp_check_space+0x150/0x888 [ 59.187550][ T40] tcp_rcv_established+0xe14/0x1fc4 [ 59.188941][ T40] tcp_v4_do_rcv+0x3b0/0xe00 [ 59.190172][ T40] __release_sock+0x1a8/0x408 [ 59.191467][ T40] release_sock+0x68/0x1b0 [ 59.192635][ T40] tcp_sock_set_cork+0x100/0x188 [ 59.193949][ T40] rds_tcp_xmit_path_complete+0x7c/0x8c [ 59.195419][ T40] rds_send_xmit+0x1978/0x22a0 [ 59.196677][ T40] rds_send_worker+0x84/0x36c [ 59.197882][ T40] process_one_work+0x800/0x1480 [ 59.199232][ T40] worker_thread+0x8e0/0xfe8 [ 59.200466][ T40] kthread+0x288/0x310 [ 59.201535][ T40] ret_from_fork+0x10/0x20 [ 60.259256][ T6000] Bluetooth: hci0: command 0x041b tx timeout 1970/01/01 00:01:01 executed programs: 100 [ 62.339470][ T6000] Bluetooth: hci0: command 0x040f tx timeout [ 64.429388][ T6000] Bluetooth: hci0: command 0x0419 tx timeout [ 64.500435][ T2160] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.502062][ T2160] ieee802154 phy1 wpan1: encryption failed: -22 1970/01/01 00:01:06 executed programs: 341