Warning: Permanently added '10.128.10.2' (ED25519) to the list of known hosts. 2023/10/20 14:13:16 ignoring optional flag "sandboxArg"="0" 2023/10/20 14:13:16 parsed 1 programs 2023/10/20 14:13:16 executed programs: 0 [ 49.773505][ T1907] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 49.794716][ T1246] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 49.802365][ T1246] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 49.809928][ T1246] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 49.818562][ T1246] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 49.826228][ T1246] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 49.833815][ T1246] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 49.921021][ T1912] chnl_net:caif_netlink_parms(): no params data found [ 50.653328][ T1912] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.143385][ T1912] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.862858][ T45] Bluetooth: hci0: command 0x0409 tx timeout [ 52.028805][ T2313] [ 52.031259][ T2313] ====================================================== [ 52.038502][ T2313] WARNING: possible circular locking dependency detected [ 52.045798][ T2313] 6.6.0-rc4-syzkaller #0 Not tainted [ 52.052478][ T2313] ------------------------------------------------------ [ 52.059489][ T2313] syz-executor.0/2313 is trying to acquire lock: [ 52.065798][ T2313] ffff88810f2f90b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_rfkill_set_block+0x5e/0xe0 [ 52.075677][ T2313] [ 52.075677][ T2313] but task is already holding lock: [ 52.083112][ T2313] ffffffff83761560 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0xad/0x1e0 [ 52.092823][ T2313] [ 52.092823][ T2313] which lock already depends on the new lock. [ 52.092823][ T2313] [ 52.103293][ T2313] [ 52.103293][ T2313] the existing dependency chain (in reverse order) is: [ 52.112287][ T2313] [ 52.112287][ T2313] -> #3 (rfkill_global_mutex){+.+.}-{3:3}: [ 52.120243][ T2313] __mutex_lock+0x99/0x980 [ 52.125163][ T2313] rfkill_register+0x24/0x300 [ 52.130819][ T2313] hci_register_dev+0x188/0x370 [ 52.136166][ T2313] vhci_create_device+0x151/0x290 [ 52.141959][ T2313] vhci_write+0x136/0x190 [ 52.146885][ T2313] vfs_write+0x266/0x2e0 [ 52.151632][ T2313] ksys_write+0x70/0xe0 [ 52.156299][ T2313] do_syscall_64+0x41/0xc0 [ 52.161243][ T2313] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.167812][ T2313] [ 52.167812][ T2313] -> #2 (&data->open_mutex){+.+.}-{3:3}: [ 52.175714][ T2313] __mutex_lock+0x99/0x980 [ 52.180636][ T2313] vhci_send_frame+0x38/0x70 [ 52.185758][ T2313] hci_send_frame+0x8b/0x100 [ 52.191367][ T2313] hci_tx_work+0x2b1/0x810 [ 52.196369][ T2313] process_scheduled_works+0x24c/0x4d0 [ 52.203915][ T2313] worker_thread+0x23d/0x300 [ 52.209043][ T2313] kthread+0xe5/0x100 [ 52.213611][ T2313] ret_from_fork+0x2e/0x40 [ 52.218609][ T2313] ret_from_fork_asm+0x11/0x20 [ 52.223958][ T2313] [ 52.223958][ T2313] -> #1 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 52.233317][ T2313] __flush_work+0x77/0x470 [ 52.238319][ T2313] hci_dev_close_sync+0xf0/0x600 [ 52.243756][ T2313] hci_unregister_dev+0xd5/0x200 [ 52.249539][ T2313] vhci_release+0x3b/0x70 [ 52.254542][ T2313] __fput+0xfc/0x270 [ 52.259106][ T2313] task_work_run+0x7d/0xa0 [ 52.264104][ T2313] do_exit+0x2df/0xa50 [ 52.268672][ T2313] do_group_exit+0x85/0xa0 [ 52.273675][ T2313] get_signal+0x77b/0x830 [ 52.278950][ T2313] arch_do_signal_or_restart+0x89/0x2b0 [ 52.285062][ T2313] exit_to_user_mode_loop+0x6a/0xe0 [ 52.290760][ T2313] exit_to_user_mode_prepare+0x9a/0xe0 [ 52.296735][ T2313] syscall_exit_to_user_mode+0x62/0x230 [ 52.302778][ T2313] do_syscall_64+0x4d/0xc0 [ 52.307693][ T2313] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.314091][ T2313] [ 52.314091][ T2313] -> #0 (&hdev->req_lock){+.+.}-{3:3}: [ 52.321699][ T2313] __lock_acquire+0x136e/0x2660 [ 52.327048][ T2313] lock_acquire+0xea/0x260 [ 52.331994][ T2313] __mutex_lock+0x99/0x980 [ 52.336911][ T2313] hci_rfkill_set_block+0x5e/0xe0 [ 52.342435][ T2313] rfkill_set_block+0x82/0x140 [ 52.347719][ T2313] rfkill_fop_write+0x190/0x1e0 [ 52.353418][ T2313] vfs_write+0xe5/0x2e0 [ 52.358096][ T2313] ksys_write+0x70/0xe0 [ 52.362754][ T2313] do_syscall_64+0x41/0xc0 [ 52.367755][ T2313] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.374409][ T2313] [ 52.374409][ T2313] other info that might help us debug this: [ 52.374409][ T2313] [ 52.384616][ T2313] Chain exists of: [ 52.384616][ T2313] &hdev->req_lock --> &data->open_mutex --> rfkill_global_mutex [ 52.384616][ T2313] [ 52.398218][ T2313] Possible unsafe locking scenario: [ 52.398218][ T2313] [ 52.405646][ T2313] CPU0 CPU1 [ 52.411078][ T2313] ---- ---- [ 52.416427][ T2313] lock(rfkill_global_mutex); [ 52.421271][ T2313] lock(&data->open_mutex); [ 52.428357][ T2313] lock(rfkill_global_mutex); [ 52.435612][ T2313] lock(&hdev->req_lock); [ 52.440010][ T2313] [ 52.440010][ T2313] *** DEADLOCK *** [ 52.440010][ T2313] [ 52.448240][ T2313] 1 lock held by syz-executor.0/2313: [ 52.453706][ T2313] #0: ffffffff83761560 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0xad/0x1e0 [ 52.463753][ T2313] [ 52.463753][ T2313] stack backtrace: [ 52.469629][ T2313] CPU: 0 PID: 2313 Comm: syz-executor.0 Not tainted 6.6.0-rc4-syzkaller #0 [ 52.478280][ T2313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 52.488516][ T2313] Call Trace: [ 52.491790][ T2313] [ 52.494707][ T2313] dump_stack_lvl+0x8d/0xe0 [ 52.499202][ T2313] print_circular_bug+0x32a/0x360 [ 52.504241][ T2313] check_noncircular+0x113/0x130 [ 52.509256][ T2313] __lock_acquire+0x136e/0x2660 [ 52.514088][ T2313] ? __lock_acquire+0x1e03/0x2660 [ 52.519182][ T2313] ? hci_rfkill_set_block+0x5e/0xe0 [ 52.524382][ T2313] lock_acquire+0xea/0x260 [ 52.528796][ T2313] ? hci_rfkill_set_block+0x5e/0xe0 [ 52.534062][ T2313] ? rfkill_set_block+0x43/0x140 [ 52.539239][ T2313] ? hci_rfkill_set_block+0x5e/0xe0 [ 52.544502][ T2313] __mutex_lock+0x99/0x980 [ 52.548901][ T2313] ? hci_rfkill_set_block+0x5e/0xe0 [ 52.554436][ T2313] hci_rfkill_set_block+0x5e/0xe0 [ 52.559829][ T2313] rfkill_set_block+0x82/0x140 [ 52.564666][ T2313] rfkill_fop_write+0x190/0x1e0 [ 52.569503][ T2313] vfs_write+0xe5/0x2e0 [ 52.573900][ T2313] ? __fget_files+0x1f/0x160 [ 52.578486][ T2313] ? __fget_files+0x147/0x160 [ 52.583421][ T2313] ksys_write+0x70/0xe0 [ 52.589901][ T2313] do_syscall_64+0x41/0xc0 [ 52.594298][ T2313] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.600258][ T2313] RIP: 0033:0x7f63f287cae9 [ 52.604657][ T2313] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 52.624511][ T2313] RSP: 002b:00007f63f36700c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 52.632969][ T2313] RAX: ffffffffffffffda RBX: 00007f63f299bf80 RCX: 00007f63f287cae9 [ 52.641224][ T2313] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003 [ 52.649372][ T2313] RBP: 00007f63f28c847a R08: 0000000000000000 R09: 0000000000000000 [ 52.657332][ T2313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 52.665464][ T2313] R13: 0000000000000006 R14: 00007f63f299bf80 R15: 00007ffed98978a8 [ 52.673423][ T2313] 2023/10/20 14:13:21 executed programs: 590 2023/10/20 14:13:26 executed programs: 2084