Warning: Permanently added '10.128.0.199' (ED25519) to the list of known hosts. 2024/06/09 23:37:31 ignoring optional flag "sandboxArg"="0" 2024/06/09 23:37:31 parsed 1 programs 2024/06/09 23:37:31 executed programs: 0 [ 44.659741][ T1879] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 44.679684][ T1305] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 44.687557][ T1305] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 44.695388][ T1305] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 44.703120][ T1305] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 44.710517][ T1305] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 44.718098][ T1305] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 44.801380][ T1884] chnl_net:caif_netlink_parms(): no params data found [ 45.470998][ T1884] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.890024][ T1884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.762279][ T1305] Bluetooth: hci0: command tx timeout [ 47.506938][ T2285] [ 47.509266][ T2285] ====================================================== [ 47.516248][ T2285] WARNING: possible circular locking dependency detected [ 47.523466][ T2285] 6.10.0-rc2-syzkaller #0 Not tainted [ 47.528797][ T2285] ------------------------------------------------------ [ 47.535775][ T2285] syz-executor.0/2285 is trying to acquire lock: [ 47.542085][ T2285] ffff88810bbca258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x28/0x110 [ 47.553602][ T2285] [ 47.553602][ T2285] but task is already holding lock: [ 47.561013][ T2285] ffff888103b83528 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0xac/0x250 [ 47.569735][ T2285] [ 47.569735][ T2285] which lock already depends on the new lock. [ 47.569735][ T2285] [ 47.580680][ T2285] [ 47.580680][ T2285] the existing dependency chain (in reverse order) is: [ 47.589665][ T2285] [ 47.589665][ T2285] -> #3 (&d->lock){+.+.}-{3:3}: [ 47.596834][ T2285] __mutex_lock+0x99/0x9a0 [ 47.601768][ T2285] __rfcomm_dlc_close+0xac/0x250 [ 47.607194][ T2285] rfcomm_dlc_close+0x5f/0xb0 [ 47.612874][ T2285] __rfcomm_sock_close+0x8d/0xf0 [ 47.618295][ T2285] rfcomm_sock_shutdown+0x40/0xc0 [ 47.624767][ T2285] rfcomm_sock_release+0x1e/0x90 [ 47.630633][ T2285] sock_close+0x45/0xe0 [ 47.635285][ T2285] __fput+0x105/0x2a0 [ 47.639933][ T2285] task_work_run+0x82/0xb0 [ 47.645198][ T2285] get_signal+0x65/0x7d0 [ 47.649944][ T2285] arch_do_signal_or_restart+0x89/0x2b0 [ 47.655979][ T2285] syscall_exit_to_user_mode+0xb2/0x280 [ 47.662004][ T2285] do_syscall_64+0xad/0x1b0 [ 47.667348][ T2285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.674024][ T2285] [ 47.674024][ T2285] -> #2 (rfcomm_mutex){+.+.}-{3:3}: [ 47.681628][ T2285] __mutex_lock+0x99/0x9a0 [ 47.686533][ T2285] rfcomm_dlc_exists+0x43/0x130 [ 47.691864][ T2285] rfcomm_dev_ioctl+0xb01/0xbf0 [ 47.697219][ T2285] rfcomm_sock_ioctl+0x43/0x80 [ 47.702672][ T2285] sock_do_ioctl+0x6f/0x160 [ 47.707659][ T2285] sock_ioctl+0x2ec/0x3b0 [ 47.712476][ T2285] __se_sys_ioctl+0x6e/0xc0 [ 47.717471][ T2285] do_syscall_64+0xa0/0x1b0 [ 47.722456][ T2285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.728929][ T2285] [ 47.728929][ T2285] -> #1 (rfcomm_ioctl_mutex){+.+.}-{3:3}: [ 47.737520][ T2285] __mutex_lock+0x99/0x9a0 [ 47.742432][ T2285] rfcomm_dev_ioctl+0x3de/0xbf0 [ 47.747764][ T2285] rfcomm_sock_ioctl+0x43/0x80 [ 47.753009][ T2285] sock_do_ioctl+0x6f/0x160 [ 47.757996][ T2285] sock_ioctl+0x2ec/0x3b0 [ 47.762807][ T2285] __se_sys_ioctl+0x6e/0xc0 [ 47.767805][ T2285] do_syscall_64+0xa0/0x1b0 [ 47.772803][ T2285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.779398][ T2285] [ 47.779398][ T2285] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}: [ 47.788903][ T2285] __lock_acquire+0x11fe/0x2490 [ 47.794328][ T2285] lock_acquire+0xeb/0x270 [ 47.799249][ T2285] lock_sock_nested+0x2e/0x70 [ 47.804600][ T2285] rfcomm_sk_state_change+0x28/0x110 [ 47.810729][ T2285] __rfcomm_dlc_close+0xc7/0x250 [ 47.816165][ T2285] rfcomm_dlc_close+0x5f/0xb0 [ 47.821506][ T2285] __rfcomm_sock_close+0x8d/0xf0 [ 47.827143][ T2285] rfcomm_sock_shutdown+0x40/0xc0 [ 47.832683][ T2285] rfcomm_sock_release+0x1e/0x90 [ 47.838173][ T2285] sock_close+0x45/0xe0 [ 47.843184][ T2285] __fput+0x105/0x2a0 [ 47.848002][ T2285] task_work_run+0x82/0xb0 [ 47.853017][ T2285] get_signal+0x65/0x7d0 [ 47.857740][ T2285] arch_do_signal_or_restart+0x89/0x2b0 [ 47.864069][ T2285] syscall_exit_to_user_mode+0xb2/0x280 [ 47.870193][ T2285] do_syscall_64+0xad/0x1b0 [ 47.875182][ T2285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.881922][ T2285] [ 47.881922][ T2285] other info that might help us debug this: [ 47.881922][ T2285] [ 47.893268][ T2285] Chain exists of: [ 47.893268][ T2285] sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock [ 47.893268][ T2285] [ 47.907728][ T2285] Possible unsafe locking scenario: [ 47.907728][ T2285] [ 47.915138][ T2285] CPU0 CPU1 [ 47.920656][ T2285] ---- ---- [ 47.926445][ T2285] lock(&d->lock); [ 47.930244][ T2285] lock(rfcomm_mutex); [ 47.936928][ T2285] lock(&d->lock); [ 47.943491][ T2285] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 47.949618][ T2285] [ 47.949618][ T2285] *** DEADLOCK *** [ 47.949618][ T2285] [ 47.958265][ T2285] 3 locks held by syz-executor.0/2285: [ 47.963773][ T2285] #0: ffff888111f19810 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x3b/0xe0 [ 47.973890][ T2285] #1: ffffffff83d2dfc8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x1b/0xb0 [ 47.983248][ T2285] #2: ffff888103b83528 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0xac/0x250 [ 47.992510][ T2285] [ 47.992510][ T2285] stack backtrace: [ 47.998656][ T2285] CPU: 1 PID: 2285 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller #0 [ 48.007387][ T2285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 48.017540][ T2285] Call Trace: [ 48.020979][ T2285] [ 48.023887][ T2285] dump_stack_lvl+0xa3/0x100 [ 48.028712][ T2285] check_noncircular+0x119/0x140 [ 48.033618][ T2285] __lock_acquire+0x11fe/0x2490 [ 48.038435][ T2285] ? __rfcomm_dlc_close+0xac/0x250 [ 48.043535][ T2285] ? __rfcomm_dlc_close+0xac/0x250 [ 48.048702][ T2285] ? rfcomm_sk_state_change+0x28/0x110 [ 48.054573][ T2285] lock_acquire+0xeb/0x270 [ 48.058971][ T2285] ? rfcomm_sk_state_change+0x28/0x110 [ 48.064511][ T2285] ? rcu_is_watching+0x10/0x40 [ 48.069243][ T2285] ? __mutex_lock+0x230/0x9a0 [ 48.074101][ T2285] lock_sock_nested+0x2e/0x70 [ 48.078924][ T2285] ? rfcomm_sk_state_change+0x28/0x110 [ 48.085059][ T2285] rfcomm_sk_state_change+0x28/0x110 [ 48.090392][ T2285] __rfcomm_dlc_close+0xc7/0x250 [ 48.095316][ T2285] rfcomm_dlc_close+0x5f/0xb0 [ 48.100215][ T2285] __rfcomm_sock_close+0x8d/0xf0 [ 48.105165][ T2285] rfcomm_sock_shutdown+0x40/0xc0 [ 48.110251][ T2285] rfcomm_sock_release+0x1e/0x90 [ 48.115242][ T2285] sock_close+0x45/0xe0 [ 48.119446][ T2285] __fput+0x105/0x2a0 [ 48.123393][ T2285] task_work_run+0x82/0xb0 [ 48.127773][ T2285] get_signal+0x65/0x7d0 [ 48.131975][ T2285] ? rfcomm_sock_connect+0x15f/0x1d0 [ 48.137232][ T2285] arch_do_signal_or_restart+0x89/0x2b0 [ 48.142998][ T2285] syscall_exit_to_user_mode+0xb2/0x280 [ 48.148967][ T2285] do_syscall_64+0xad/0x1b0 [ 48.153610][ T2285] ? clear_bhb_loop+0x55/0xb0 [ 48.158246][ T2285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.164203][ T2285] RIP: 0033:0x7fef32e7cbe9 [ 48.168676][ T2285] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 48.188683][ T2285] RSP: 002b:00007fef33b630c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 48.197155][ T2285] RAX: fffffffffffffffc RBX: 00007fef32f9bf80 RCX: 00007fef32e7cbe9 [ 48.205180][ T2285] RDX: 000000000000000a RSI: 0000000020000000 RDI: 0000000000000004 [ 48.213124][ T2285] RBP: 00007fef32ec847a R08: 0000000000000000 R09: 0000000000000000 [ 48.221428][ T2285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.230523][ T2285] R13: 0000000000000006 R14: 00007fef32f9bf80 R15: 00007ffd58d10a98 [ 48.238473][ T2285] [ 48.841894][ T1305] Bluetooth: hci0: command 0x041b tx timeout 2024/06/09 23:37:37 executed programs: 3 [ 50.921913][ T1305] Bluetooth: hci0: command 0x041b tx timeout [ 53.001927][ T1305] Bluetooth: hci0: command 0x041b tx timeout 2024/06/09 23:37:42 executed programs: 9 [ 55.081933][ T1305] Bluetooth: hci0: command 0x041b tx timeout