Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts. 2023/03/31 03:36:26 ignoring optional flag "sandboxArg"="0" 2023/03/31 03:36:26 parsed 1 programs 2023/03/31 03:36:26 executed programs: 0 [ 76.208610][ T4398] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.216885][ T4398] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.225490][ T4398] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.233106][ T4398] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.240801][ T4398] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.341570][ T5551] chnl_net:caif_netlink_parms(): no params data found [ 76.381896][ T5551] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.389376][ T5551] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.397193][ T5551] bridge_slave_0: entered allmulticast mode [ 76.403888][ T5551] bridge_slave_0: entered promiscuous mode [ 76.411443][ T5551] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.418638][ T5551] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.426054][ T5551] bridge_slave_1: entered allmulticast mode [ 76.432692][ T5551] bridge_slave_1: entered promiscuous mode [ 76.451863][ T5551] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.463744][ T5551] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.485923][ T5551] team0: Port device team_slave_0 added [ 76.493422][ T5551] team0: Port device team_slave_1 added [ 76.521510][ T26] cfg80211: failed to load regulatory.db [ 76.561723][ T5551] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.568798][ T5551] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.595664][ T5551] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.615235][ T5551] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.623337][ T5551] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.649937][ T5551] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.691923][ T5551] hsr_slave_0: entered promiscuous mode [ 76.698299][ T5551] hsr_slave_1: entered promiscuous mode [ 77.482403][ T5551] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.500417][ T5551] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.512123][ T5551] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.523417][ T5551] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.602525][ T5551] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.617448][ T5103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.627254][ T5103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.639953][ T5551] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.653685][ T5103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.663531][ T5103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.673735][ T5103] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.681241][ T5103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.701983][ T5103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.710542][ T5103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.719317][ T5103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.728655][ T5103] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.735815][ T5103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.744197][ T5103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.753493][ T5103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.774775][ T5551] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 77.788377][ T5551] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.803444][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.814879][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.823690][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.832822][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.843105][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.852192][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.862456][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.871339][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.885888][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.894232][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.105457][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.113743][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.128416][ T5551] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.151603][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 78.161887][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.183720][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.192751][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.203645][ T5551] veth0_vlan: entered promiscuous mode [ 78.212104][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.221230][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.234716][ T5551] veth1_vlan: entered promiscuous mode [ 78.261637][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.270666][ T5087] Bluetooth: hci0: command 0x0409 tx timeout [ 78.270961][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 78.287919][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 78.297028][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.310213][ T5551] veth0_macvtap: entered promiscuous mode [ 78.319058][ T5551] veth1_macvtap: entered promiscuous mode [ 78.341132][ T5551] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.348527][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 78.357916][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 78.368635][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.378285][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.391529][ T5551] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.404916][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.414396][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.426290][ T5551] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.447352][ T5551] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.456869][ T5551] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.467107][ T5551] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.537217][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.550624][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.564471][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.591725][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.601829][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.613130][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.507677][ T5614] [ 79.510049][ T5614] ====================================================== [ 79.517073][ T5614] WARNING: possible circular locking dependency detected [ 79.524098][ T5614] 6.3.0-rc4-next-20230330-syzkaller-dirty #0 Not tainted [ 79.531132][ T5614] ------------------------------------------------------ [ 79.538165][ T5614] syz-executor.0/5614 is trying to acquire lock: [ 79.544501][ T5614] ffff888028fb5130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x6d/0x3a0 [ 79.556023][ T5614] [ 79.556023][ T5614] but task is already holding lock: [ 79.563397][ T5614] ffffffff8e357cc8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x33/0x240 [ 79.572586][ T5614] [ 79.572586][ T5614] which lock already depends on the new lock. [ 79.572586][ T5614] [ 79.582997][ T5614] [ 79.582997][ T5614] the existing dependency chain (in reverse order) is: [ 79.592109][ T5614] [ 79.592109][ T5614] -> #2 (rfcomm_mutex){+.+.}-{3:3}: [ 79.599522][ T5614] __mutex_lock+0x12f/0x1350 [ 79.604644][ T5614] rfcomm_dlc_exists+0x58/0x190 [ 79.610025][ T5614] rfcomm_dev_ioctl+0x966/0x1c00 [ 79.615516][ T5614] rfcomm_sock_ioctl+0xb7/0xe0 [ 79.620812][ T5614] sock_do_ioctl+0xcc/0x230 [ 79.625843][ T5614] sock_ioctl+0x1f8/0x680 [ 79.630696][ T5614] __x64_sys_ioctl+0x197/0x210 [ 79.635988][ T5614] do_syscall_64+0x39/0xb0 [ 79.640949][ T5614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.647412][ T5614] [ 79.647412][ T5614] -> #1 (rfcomm_ioctl_mutex){+.+.}-{3:3}: [ 79.655665][ T5614] __mutex_lock+0x12f/0x1350 [ 79.660771][ T5614] rfcomm_dev_ioctl+0x8a2/0x1c00 [ 79.666664][ T5614] rfcomm_sock_ioctl+0xb7/0xe0 [ 79.671958][ T5614] sock_do_ioctl+0xcc/0x230 [ 79.677250][ T5614] sock_ioctl+0x1f8/0x680 [ 79.682121][ T5614] __x64_sys_ioctl+0x197/0x210 [ 79.687414][ T5614] do_syscall_64+0x39/0xb0 [ 79.692528][ T5614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.699032][ T5614] [ 79.699032][ T5614] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}: [ 79.708411][ T5614] __lock_acquire+0x2f21/0x5df0 [ 79.713787][ T5614] lock_acquire.part.0+0x11c/0x370 [ 79.719436][ T5614] lock_sock_nested+0x3a/0xf0 [ 79.724809][ T5614] rfcomm_sk_state_change+0x6d/0x3a0 [ 79.730615][ T5614] __rfcomm_dlc_close+0x1b9/0x890 [ 79.736183][ T5614] rfcomm_dlc_close+0x1e9/0x240 [ 79.741566][ T5614] __rfcomm_sock_close+0x17a/0x2f0 [ 79.747195][ T5614] rfcomm_sock_shutdown+0xd8/0x230 [ 79.752914][ T5614] rfcomm_sock_release+0x68/0x140 [ 79.758487][ T5614] __sock_release+0xcd/0x290 [ 79.763602][ T5614] sock_close+0x1c/0x20 [ 79.768288][ T5614] __fput+0x27c/0xa90 [ 79.772787][ T5614] task_work_run+0x16f/0x270 [ 79.777916][ T5614] get_signal+0x1c7/0x25b0 [ 79.782859][ T5614] arch_do_signal_or_restart+0x79/0x5c0 [ 79.788948][ T5614] exit_to_user_mode_prepare+0x11f/0x240 [ 79.795119][ T5614] syscall_exit_to_user_mode+0x1d/0x50 [ 79.801108][ T5614] do_syscall_64+0x46/0xb0 [ 79.806069][ T5614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.812489][ T5614] [ 79.812489][ T5614] other info that might help us debug this: [ 79.812489][ T5614] [ 79.822806][ T5614] Chain exists of: [ 79.822806][ T5614] sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_ioctl_mutex --> rfcomm_mutex [ 79.822806][ T5614] [ 79.837684][ T5614] Possible unsafe locking scenario: [ 79.837684][ T5614] [ 79.845143][ T5614] CPU0 CPU1 [ 79.850509][ T5614] ---- ---- [ 79.856124][ T5614] lock(rfcomm_mutex); [ 79.860279][ T5614] lock(rfcomm_ioctl_mutex); [ 79.867469][ T5614] lock(rfcomm_mutex); [ 79.874140][ T5614] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 79.880289][ T5614] [ 79.880289][ T5614] *** DEADLOCK *** [ 79.880289][ T5614] [ 79.888512][ T5614] 2 locks held by syz-executor.0/5614: [ 79.893963][ T5614] #0: ffff888074585c10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x290 [ 79.904515][ T5614] #1: ffffffff8e357cc8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x33/0x240 [ 79.913928][ T5614] [ 79.913928][ T5614] stack backtrace: [ 79.919816][ T5614] CPU: 1 PID: 5614 Comm: syz-executor.0 Not tainted 6.3.0-rc4-next-20230330-syzkaller-dirty #0 [ 79.930231][ T5614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 79.940544][ T5614] Call Trace: [ 79.943853][ T5614] [ 79.946800][ T5614] dump_stack_lvl+0xd9/0x150 [ 79.951419][ T5614] check_noncircular+0x25f/0x2e0 [ 79.956392][ T5614] ? __lock_acquire+0x280a/0x5df0 [ 79.961440][ T5614] ? print_circular_bug+0x730/0x730 [ 79.966662][ T5614] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 79.972747][ T5614] __lock_acquire+0x2f21/0x5df0 [ 79.977619][ T5614] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 79.983782][ T5614] ? find_held_lock+0x2d/0x110 [ 79.988822][ T5614] ? __rfcomm_dlc_close+0x18b/0x890 [ 79.994296][ T5614] lock_acquire.part.0+0x11c/0x370 [ 79.999511][ T5614] ? rfcomm_sk_state_change+0x6d/0x3a0 [ 80.005332][ T5614] ? lock_sync+0x190/0x190 [ 80.009774][ T5614] ? rcu_is_watching+0x12/0xb0 [ 80.014724][ T5614] ? trace_lock_acquire+0x12d/0x180 [ 80.020195][ T5614] ? rfcomm_sk_state_change+0x6d/0x3a0 [ 80.025761][ T5614] ? lock_acquire+0x32/0xc0 [ 80.030466][ T5614] ? rfcomm_sk_state_change+0x6d/0x3a0 [ 80.035955][ T5614] lock_sock_nested+0x3a/0xf0 [ 80.040640][ T5614] ? rfcomm_sk_state_change+0x6d/0x3a0 [ 80.046102][ T5614] rfcomm_sk_state_change+0x6d/0x3a0 [ 80.051389][ T5614] __rfcomm_dlc_close+0x1b9/0x890 [ 80.056513][ T5614] rfcomm_dlc_close+0x1e9/0x240 [ 80.061387][ T5614] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 80.067375][ T5614] __rfcomm_sock_close+0x17a/0x2f0 [ 80.072583][ T5614] rfcomm_sock_shutdown+0xd8/0x230 [ 80.077789][ T5614] rfcomm_sock_release+0x68/0x140 [ 80.082814][ T5614] __sock_release+0xcd/0x290 [ 80.087423][ T5614] sock_close+0x1c/0x20 [ 80.091595][ T5614] __fput+0x27c/0xa90 [ 80.095590][ T5614] ? __sock_release+0x290/0x290 [ 80.100452][ T5614] task_work_run+0x16f/0x270 [ 80.105059][ T5614] ? task_work_cancel+0x30/0x30 [ 80.109924][ T5614] ? rfcomm_sock_connect+0x1ca/0x680 [ 80.115230][ T5614] get_signal+0x1c7/0x25b0 [ 80.119653][ T5614] ? task_work_func_match+0x40/0x40 [ 80.124865][ T5614] ? exit_signals+0x910/0x910 [ 80.129548][ T5614] arch_do_signal_or_restart+0x79/0x5c0 [ 80.135103][ T5614] ? get_sigframe_size+0x10/0x10 [ 80.140047][ T5614] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 80.145945][ T5614] ? kernel_fpu_begin_mask+0x270/0x270 [ 80.151410][ T5614] exit_to_user_mode_prepare+0x11f/0x240 [ 80.157059][ T5614] syscall_exit_to_user_mode+0x1d/0x50 [ 80.163058][ T5614] do_syscall_64+0x46/0xb0 [ 80.167499][ T5614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.173496][ T5614] RIP: 0033:0x7fe4d528c0f9 [ 80.177912][ T5614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.197612][ T5614] RSP: 002b:00007fe4d602c168 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 80.206119][ T5614] RAX: fffffffffffffffc RBX: 00007fe4d53abf80 RCX: 00007fe4d528c0f9 [ 80.214263][ T5614] RDX: 000000000000000a RSI: 0000000020000040 RDI: 0000000000000003 [ 80.222404][ T5614] RBP: 00007fe4d52e7b39 R08: 0000000000000000 R09: 0000000000000000 [ 80.230398][ T5614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 80.238460][ T5614] R13: 00007ffe4d1bd46f R14: 00007fe4d602c300 R15: 0000000000022000 [ 80.247065][ T5614] [ 80.349739][ T4398] Bluetooth: hci0: command 0x041b tx timeout 2023/03/31 03:36:32 executed programs: 3 [ 82.429642][ T4398] Bluetooth: hci0: command 0x040f tx timeout [ 84.510270][ T4398] Bluetooth: hci0: command 0x0419 tx timeout [ 86.589624][ T4398] Bluetooth: hci0: command 0x0405 tx timeout 2023/03/31 03:36:37 executed programs: 9