[ 71.811357][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.817922][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 Warning: Permanently added '10.128.1.210' (ED25519) to the list of known hosts. 2024/08/07 04:10:20 ignoring optional flag "sandboxArg"="0" 2024/08/07 04:10:21 parsed 1 programs 2024/08/07 04:10:23 executed programs: 0 [ 79.143844][ T5514] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.189567][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.198597][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.210268][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.218839][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.226920][ T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 79.234421][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.348783][ T5528] chnl_net:caif_netlink_parms(): no params data found [ 79.406046][ T5528] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.414090][ T5528] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.421638][ T5528] bridge_slave_0: entered allmulticast mode [ 79.428672][ T5528] bridge_slave_0: entered promiscuous mode [ 79.436362][ T5528] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.444971][ T5528] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.452579][ T5528] bridge_slave_1: entered allmulticast mode [ 79.460104][ T5528] bridge_slave_1: entered promiscuous mode [ 79.484114][ T5528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.495341][ T5528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.524373][ T5528] team0: Port device team_slave_0 added [ 79.531966][ T5528] team0: Port device team_slave_1 added [ 79.554168][ T5528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.561811][ T5528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.588049][ T5528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.600099][ T5528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.607243][ T5528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.634514][ T5528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.669604][ T5528] hsr_slave_0: entered promiscuous mode [ 79.675917][ T5528] hsr_slave_1: entered promiscuous mode [ 80.215458][ T5528] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.227548][ T5528] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.238386][ T5528] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.249045][ T5528] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.280505][ T5528] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.287862][ T5528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.295424][ T5528] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.302642][ T5528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.379679][ T5239] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.387886][ T5239] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.418695][ T5528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.446578][ T5528] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.462410][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.469628][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.501852][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.509086][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.702359][ T5528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.765172][ T5528] veth0_vlan: entered promiscuous mode [ 80.782934][ T5528] veth1_vlan: entered promiscuous mode [ 80.825730][ T5528] veth0_macvtap: entered promiscuous mode [ 80.841205][ T5528] veth1_macvtap: entered promiscuous mode [ 80.867569][ T5528] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.885933][ T5528] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.902391][ T5528] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.912806][ T5528] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.923060][ T5528] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.932990][ T5528] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.011889][ T971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.027125][ T971] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.066887][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.075157][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.146177][ T5592] input: syz1 as /devices/virtual/input/input5 [ 81.163092][ T5592] [ 81.165449][ T5592] ====================================================== [ 81.172472][ T5592] WARNING: possible circular locking dependency detected [ 81.179608][ T5592] 6.11.0-rc2-syzkaller-gd4560686726f #0 Not tainted [ 81.186203][ T5592] ------------------------------------------------------ [ 81.193233][ T5592] syz-executor.0/5592 is trying to acquire lock: [ 81.199750][ T5592] ffff88802a4f8070 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x19c/0x740 [ 81.209474][ T5592] [ 81.209474][ T5592] but task is already holding lock: [ 81.216943][ T5592] ffff88802a4fb0b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x3e4/0xb00 [ 81.226131][ T5592] [ 81.226131][ T5592] which lock already depends on the new lock. [ 81.226131][ T5592] [ 81.236631][ T5592] [ 81.236631][ T5592] the existing dependency chain (in reverse order) is: [ 81.245652][ T5592] [ 81.245652][ T5592] -> #3 (&ff->mutex){+.+.}-{3:3}: [ 81.252975][ T5592] lock_acquire+0x1ed/0x550 [ 81.258021][ T5592] __mutex_lock+0x136/0xd70 [ 81.263071][ T5592] input_ff_flush+0x5e/0x140 [ 81.268203][ T5592] input_flush_device+0x9c/0xc0 [ 81.273607][ T5592] evdev_release+0xf9/0x7d0 [ 81.278654][ T5592] __fput+0x24a/0x8a0 [ 81.283175][ T5592] __x64_sys_close+0x7f/0x110 [ 81.288396][ T5592] do_syscall_64+0xf3/0x230 [ 81.293453][ T5592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.299885][ T5592] [ 81.299885][ T5592] -> #2 (&dev->mutex#2){+.+.}-{3:3}: [ 81.307559][ T5592] lock_acquire+0x1ed/0x550 [ 81.312608][ T5592] __mutex_lock+0x136/0xd70 [ 81.317742][ T5592] input_register_handle+0x6d/0x3b0 [ 81.323493][ T5592] kbd_connect+0xbf/0x130 [ 81.328384][ T5592] input_register_device+0xd3b/0x1110 [ 81.334305][ T5592] acpi_button_add+0x6c6/0xb90 [ 81.339611][ T5592] acpi_device_probe+0xa5/0x2b0 [ 81.345101][ T5592] really_probe+0x2b8/0xad0 [ 81.350234][ T5592] __driver_probe_device+0x1a2/0x390 [ 81.356238][ T5592] driver_probe_device+0x50/0x430 [ 81.361807][ T5592] __driver_attach+0x45f/0x710 [ 81.367204][ T5592] bus_for_each_dev+0x239/0x2b0 [ 81.372605][ T5592] bus_add_driver+0x346/0x670 [ 81.378012][ T5592] driver_register+0x23a/0x320 [ 81.383319][ T5592] do_one_initcall+0x248/0x880 [ 81.388809][ T5592] do_initcall_level+0x157/0x210 [ 81.394354][ T5592] do_initcalls+0x3f/0x80 [ 81.399334][ T5592] kernel_init_freeable+0x435/0x5d0 [ 81.405176][ T5592] kernel_init+0x1d/0x2b0 [ 81.410139][ T5592] ret_from_fork+0x4b/0x80 [ 81.415394][ T5592] ret_from_fork_asm+0x1a/0x30 [ 81.421047][ T5592] [ 81.421047][ T5592] -> #1 (input_mutex){+.+.}-{3:3}: [ 81.428553][ T5592] lock_acquire+0x1ed/0x550 [ 81.433624][ T5592] __mutex_lock+0x136/0xd70 [ 81.438681][ T5592] input_register_device+0xaee/0x1110 [ 81.444601][ T5592] uinput_create_device+0x40e/0x630 [ 81.450525][ T5592] uinput_ioctl_handler+0x48b/0x1770 [ 81.456364][ T5592] __se_sys_ioctl+0xfc/0x170 [ 81.461500][ T5592] do_syscall_64+0xf3/0x230 [ 81.466563][ T5592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.472999][ T5592] [ 81.472999][ T5592] -> #0 (&newdev->mutex){+.+.}-{3:3}: [ 81.480579][ T5592] validate_chain+0x18e0/0x5900 [ 81.485968][ T5592] __lock_acquire+0x137a/0x2040 [ 81.491369][ T5592] lock_acquire+0x1ed/0x550 [ 81.496428][ T5592] __mutex_lock+0x136/0xd70 [ 81.501564][ T5592] uinput_request_submit+0x19c/0x740 [ 81.507403][ T5592] uinput_dev_upload_effect+0x199/0x240 [ 81.513497][ T5592] input_ff_upload+0x5df/0xb00 [ 81.518809][ T5592] evdev_ioctl_handler+0x17d0/0x21b0 [ 81.524809][ T5592] __se_sys_ioctl+0xfc/0x170 [ 81.530210][ T5592] do_syscall_64+0xf3/0x230 [ 81.535525][ T5592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.541966][ T5592] [ 81.541966][ T5592] other info that might help us debug this: [ 81.541966][ T5592] [ 81.552319][ T5592] Chain exists of: [ 81.552319][ T5592] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 81.552319][ T5592] [ 81.564877][ T5592] Possible unsafe locking scenario: [ 81.564877][ T5592] [ 81.572339][ T5592] CPU0 CPU1 [ 81.577811][ T5592] ---- ---- [ 81.583212][ T5592] lock(&ff->mutex); [ 81.587210][ T5592] lock(&dev->mutex#2); [ 81.594092][ T5592] lock(&ff->mutex); [ 81.600613][ T5592] lock(&newdev->mutex); [ 81.604960][ T5592] [ 81.604960][ T5592] *** DEADLOCK *** [ 81.604960][ T5592] [ 81.613383][ T5592] 2 locks held by syz-executor.0/5592: [ 81.619018][ T5592] #0: ffff88802ae25110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x125/0x21b0 [ 81.628984][ T5592] #1: ffff88802a4fb0b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x3e4/0xb00 [ 81.638258][ T5592] [ 81.638258][ T5592] stack backtrace: [ 81.644185][ T5592] CPU: 1 UID: 0 PID: 5592 Comm: syz-executor.0 Not tainted 6.11.0-rc2-syzkaller-gd4560686726f #0 [ 81.654705][ T5592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 81.664791][ T5592] Call Trace: [ 81.668172][ T5592] [ 81.671114][ T5592] dump_stack_lvl+0x241/0x360 [ 81.676599][ T5592] ? __pfx_dump_stack_lvl+0x10/0x10 [ 81.681860][ T5592] ? print_circular_bug+0x130/0x1a0 [ 81.687339][ T5592] check_noncircular+0x36a/0x4a0 [ 81.692311][ T5592] ? __pfx_check_noncircular+0x10/0x10 [ 81.697878][ T5592] ? lockdep_lock+0x123/0x2b0 [ 81.702659][ T5592] ? stack_trace_save+0x118/0x1d0 [ 81.707793][ T5592] ? __pfx_stack_trace_save+0x10/0x10 [ 81.713188][ T5592] ? check_noncircular+0x259/0x4a0 [ 81.718321][ T5592] validate_chain+0x18e0/0x5900 [ 81.723276][ T5592] ? __pfx_check_noncircular+0x10/0x10 [ 81.728763][ T5592] ? __pfx_validate_chain+0x10/0x10 [ 81.733993][ T5592] ? __pfx_validate_chain+0x10/0x10 [ 81.739251][ T5592] ? stack_trace_save+0x118/0x1d0 [ 81.744398][ T5592] ? __pfx_stack_trace_save+0x10/0x10 [ 81.749794][ T5592] ? mark_lock+0x9a/0x350 [ 81.754239][ T5592] __lock_acquire+0x137a/0x2040 [ 81.759121][ T5592] lock_acquire+0x1ed/0x550 [ 81.763653][ T5592] ? uinput_request_submit+0x19c/0x740 [ 81.769139][ T5592] ? __pfx_lock_acquire+0x10/0x10 [ 81.774319][ T5592] ? __pfx___might_resched+0x10/0x10 [ 81.779813][ T5592] __mutex_lock+0x136/0xd70 [ 81.784454][ T5592] ? uinput_request_submit+0x19c/0x740 [ 81.789940][ T5592] ? uinput_request_alloc_id+0x3c5/0x3f0 [ 81.795683][ T5592] ? do_raw_spin_lock+0x14f/0x370 [ 81.800733][ T5592] ? __pfx_lock_release+0x10/0x10 [ 81.805798][ T5592] ? uinput_request_submit+0x19c/0x740 [ 81.811297][ T5592] ? __pfx___mutex_lock+0x10/0x10 [ 81.816882][ T5592] ? _raw_spin_unlock+0x28/0x50 [ 81.821860][ T5592] ? uinput_request_alloc_id+0x3c5/0x3f0 [ 81.827522][ T5592] uinput_request_submit+0x19c/0x740 [ 81.832847][ T5592] ? __pfx_uinput_request_submit+0x10/0x10 [ 81.838689][ T5592] ? __pfx___mutex_trylock_common+0x10/0x10 [ 81.844782][ T5592] ? rcu_is_watching+0x15/0xb0 [ 81.849576][ T5592] uinput_dev_upload_effect+0x199/0x240 [ 81.855162][ T5592] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 81.861259][ T5592] input_ff_upload+0x5df/0xb00 [ 81.866062][ T5592] evdev_ioctl_handler+0x17d0/0x21b0 [ 81.871385][ T5592] ? tomoyo_path_number_perm+0x208/0x880 [ 81.877043][ T5592] ? __pfx_evdev_ioctl_handler+0x10/0x10 [ 81.882805][ T5592] ? bpf_lsm_file_ioctl+0x9/0x10 [ 81.887771][ T5592] ? security_file_ioctl+0x87/0xb0 [ 81.892903][ T5592] ? __pfx_evdev_ioctl+0x10/0x10 [ 81.897870][ T5592] __se_sys_ioctl+0xfc/0x170 [ 81.902579][ T5592] do_syscall_64+0xf3/0x230 [ 81.907125][ T5592] ? clear_bhb_loop+0x35/0x90 [ 81.911820][ T5592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.917745][ T5592] RIP: 0033:0x7f8bc007dca9 [ 81.922199][ T5592] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 81.941838][ T5592] RSP: 002b:00007f8bc0e5d0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 81.950277][ T5592] RAX: ffffffffffffffda RBX: 00007f8bc01abf80 RCX: 00007f8bc007dca9 [ 81.958624][ T5592] RDX: 0000000020000300 RSI: 0000000040304580 RDI: 0000000000000004 [ 81.966615][ T5592] RBP: 00007f8bc00c947e R08: 0000000000000000 R09: 0000000000000000 [ 81.974599][ T5592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.982851][ T5592] R13: 000000000000000b R14: 00007f8bc01abf80 R15: 00007fffc1763978 [ 81.990849][ T5592] [ 81.997046][ T55] Bluetooth: hci0: command tx timeout [ 82.073809][ T8] cfg80211: failed to load regulatory.db [ 82.185040][ T5648] input: syz1 as /devices/virtual/input/input6 [ 83.062877][ T5717] input: syz1 as /devices/virtual/input/input7 [ 83.920800][ T5788] input: syz1 as /devices/virtual/input/input8 [ 84.048145][ T55] Bluetooth: hci0: command tx timeout 2024/08/07 04:10:28 executed programs: 4 [ 84.791698][ T5860] input: syz1 as /devices/virtual/input/input9 [ 85.612617][ T5530] udevd[5530]: setting mode of /dev/input/event4 to 020660 failed: No such file or directory [ 85.623387][ T5530] udevd[5530]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 85.654190][ T5892] input: syz1 as /devices/virtual/input/input10 [ 86.128570][ T55] Bluetooth: hci0: command tx timeout [ 86.507294][ T5894] input: syz1 as /devices/virtual/input/input11 [ 87.362718][ T5896] input: syz1 as /devices/virtual/input/input12 [ 88.208141][ T55] Bluetooth: hci0: command tx timeout [ 88.225810][ T5898] input: syz1 as /devices/virtual/input/input13 [ 89.078679][ T5900] input: syz1 as /devices/virtual/input/input14 2024/08/07 04:10:34 executed programs: 10 [ 89.927640][ T5902] input: syz1 as /devices/virtual/input/input15 [ 90.781516][ T5904] input: syz1 as /devices/virtual/input/input16