Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts. 2022/08/28 00:45:30 ignoring optional flag "sandboxArg"="0" 2022/08/28 00:45:30 parsed 1 programs 2022/08/28 00:45:31 executed programs: 0 [ 60.101265][ T4049] cgroup: Unknown subsys name 'net' [ 60.111416][ T4049] cgroup: Unknown subsys name 'rlimit' [ 63.293823][ T3607] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 65.935829][ T1236] ieee802154 phy0 wpan0: encryption failed: -22 [ 65.942273][ T1236] ieee802154 phy1 wpan1: encryption failed: -22 [ 67.453773][ T3607] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 71.056829][ T14] cfg80211: failed to load regulatory.db [ 71.613766][ T3607] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 75.773816][ T3607] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 77.857138][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.865149][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.873037][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.881800][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.889415][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.897950][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.961124][ T4069] chnl_net:caif_netlink_parms(): no params data found [ 77.994939][ T4069] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.002076][ T4069] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.010214][ T4069] device bridge_slave_0 entered promiscuous mode [ 78.018813][ T4069] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.026081][ T4069] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.033917][ T4069] device bridge_slave_1 entered promiscuous mode [ 78.051324][ T4069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.062556][ T4069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.083251][ T4069] team0: Port device team_slave_0 added [ 78.090235][ T4069] team0: Port device team_slave_1 added [ 78.106895][ T4069] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.114307][ T4069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.141568][ T4069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.153567][ T4069] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.160859][ T4069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.186979][ T4069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.210212][ T4069] device hsr_slave_0 entered promiscuous mode [ 78.216721][ T4069] device hsr_slave_1 entered promiscuous mode [ 78.268119][ T4069] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.275235][ T4069] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.282754][ T4069] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.289932][ T4069] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.322093][ T4069] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.333401][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.342511][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.351591][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.359702][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 78.371437][ T4069] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.381113][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.389653][ T3613] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.396732][ T3613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.415380][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.424918][ T3613] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.431959][ T3613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.440016][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.448944][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.459216][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.468784][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.480588][ T4069] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.492232][ T4069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.502276][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.520873][ T2931] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.529200][ T2931] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.538922][ T4069] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.704211][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.717083][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.725389][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.733058][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.743214][ T4069] device veth0_vlan entered promiscuous mode [ 78.753215][ T4069] device veth1_vlan entered promiscuous mode [ 78.769449][ T4069] device veth0_macvtap entered promiscuous mode [ 78.778069][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.786409][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 78.795016][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.803465][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 78.813353][ T4069] device veth1_macvtap entered promiscuous mode [ 78.827726][ T4069] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.835513][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.847443][ T4069] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.855100][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.734200][ T4089] [ 79.736586][ T4089] ============================================ [ 79.742826][ T4089] WARNING: possible recursive locking detected [ 79.748967][ T4089] 6.0.0-rc2-syzkaller #0 Not tainted [ 79.754234][ T4089] -------------------------------------------- [ 79.760371][ T4089] syz-executor.0/4089 is trying to acquire lock: [ 79.766755][ T4089] ffff8880707ef130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x58/0x320 [ 79.778280][ T4089] [ 79.778280][ T4089] but task is already holding lock: [ 79.785616][ T4089] ffff8880707ef130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x44/0x1c0 [ 79.796888][ T4089] [ 79.796888][ T4089] other info that might help us debug this: [ 79.804960][ T4089] Possible unsafe locking scenario: [ 79.804960][ T4089] [ 79.812470][ T4089] CPU0 [ 79.815724][ T4089] ---- [ 79.818977][ T4089] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 79.825102][ T4089] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 79.831226][ T4089] [ 79.831226][ T4089] *** DEADLOCK *** [ 79.831226][ T4089] [ 79.839443][ T4089] May be due to missing lock nesting notation [ 79.839443][ T4089] [ 79.847760][ T4089] 4 locks held by syz-executor.0/4089: [ 79.853451][ T4089] #0: ffff888073ff2010 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: __sock_release+0x76/0x270 [ 79.863844][ T4089] #1: ffff8880707ef130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x44/0x1c0 [ 79.875640][ T4089] #2: ffffffff8cab2b08 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x25/0x200 [ 79.885010][ T4089] #3: ffff88801aa25928 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0xff/0x770 [ 79.894198][ T4089] [ 79.894198][ T4089] stack backtrace: [ 79.900072][ T4089] CPU: 1 PID: 4089 Comm: syz-executor.0 Not tainted 6.0.0-rc2-syzkaller #0 [ 79.908711][ T4089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 79.918854][ T4089] Call Trace: [ 79.922112][ T4089] [ 79.925038][ T4089] dump_stack_lvl+0x57/0x7d [ 79.929556][ T4089] __lock_acquire.cold+0x116/0x397 [ 79.934653][ T4089] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 79.940620][ T4089] lock_acquire+0x1ab/0x570 [ 79.945095][ T4089] ? rfcomm_sk_state_change+0x58/0x320 [ 79.950528][ T4089] ? lock_release+0x780/0x780 [ 79.955195][ T4089] ? mutex_lock_io_nested+0x1190/0x1190 [ 79.960825][ T4089] ? _raw_spin_unlock_irqrestore+0x38/0x70 [ 79.966601][ T4089] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 79.972381][ T4089] ? del_timer+0xb3/0xf0 [ 79.976722][ T4089] lock_sock_nested+0x2b/0xd0 [ 79.981719][ T4089] ? rfcomm_sk_state_change+0x58/0x320 [ 79.987151][ T4089] rfcomm_sk_state_change+0x58/0x320 [ 79.992428][ T4089] __rfcomm_dlc_close+0x153/0x770 [ 79.997453][ T4089] rfcomm_dlc_close+0x1a4/0x200 [ 80.002554][ T4089] __rfcomm_sock_close+0x10d/0x200 [ 80.007664][ T4089] rfcomm_sock_shutdown+0xa4/0x1c0 [ 80.012938][ T4089] rfcomm_sock_release+0x4f/0x120 [ 80.017955][ T4089] __sock_release+0xbb/0x270 [ 80.022522][ T4089] sock_close+0xf/0x20 [ 80.026560][ T4089] __fput+0x1f5/0x8c0 [ 80.030516][ T4089] task_work_run+0xc0/0x160 [ 80.034993][ T4089] get_signal+0x19a/0x1e40 [ 80.039467][ T4089] ? find_held_lock+0x2d/0x110 [ 80.044289][ T4089] ? exit_signals+0x6f0/0x6f0 [ 80.049627][ T4089] ? rfcomm_sock_connect+0xf8/0x3b0 [ 80.054793][ T4089] ? lock_downgrade+0x6e0/0x6e0 [ 80.059706][ T4089] arch_do_signal_or_restart+0x88/0x1b00 [ 80.065313][ T4089] ? kick_process+0xf2/0x190 [ 80.069895][ T4089] ? task_work_add+0x13b/0x160 [ 80.074629][ T4089] ? get_sigframe_size+0x10/0x10 [ 80.079745][ T4089] ? __sys_connect+0x106/0x120 [ 80.084570][ T4089] ? __sys_connect_file+0x180/0x180 [ 80.089739][ T4089] exit_to_user_mode_prepare+0x15f/0x250 [ 80.095339][ T4089] syscall_exit_to_user_mode+0x19/0x50 [ 80.100788][ T4089] do_syscall_64+0x42/0x80 [ 80.105197][ T4089] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.111060][ T4089] RIP: 0033:0x7f4d49a89049 [ 80.115445][ T4089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.135193][ T4089] RSP: 002b:00007f4d4ac99168 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 80.143596][ T4089] RAX: fffffffffffffffc RBX: 00007f4d49b9bf60 RCX: 00007f4d49a89049 [ 80.152118][ T4089] RDX: 000000000000005a RSI: 0000000020000000 RDI: 0000000000000004 [ 80.160082][ T4089] RBP: 00007f4d49ae308d R08: 0000000000000000 R09: 0000000000000000 [ 80.168023][ T4089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 80.175976][ T4089] R13: 00007ffcabebc7ef R14: 00007f4d4ac99300 R15: 0000000000022000 [ 80.183924][ T4089] [ 80.187540][ T3613] Bluetooth: hci0: command 0x0409 tx timeout [ 82.253769][ T3613] Bluetooth: hci0: command 0x041b tx timeout [ 84.334209][ T3613] Bluetooth: hci0: command 0x040f tx timeout [ 86.413718][ T3613] Bluetooth: hci0: command 0x0419 tx timeout [ 88.493718][ T3613] Bluetooth: hci0: command 0x0405 tx timeout