Warning: Permanently added '10.128.1.109' (ED25519) to the list of known hosts. 2023/11/04 13:31:39 ignoring optional flag "sandboxArg"="0" 2023/11/04 13:31:39 parsed 1 programs [ 106.610485][ T27] kauditd_printk_skb: 34 callbacks suppressed [ 106.610509][ T27] audit: type=1400 audit(1699104699.582:199): avc: denied { getattr } for pid=5406 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 106.641792][ T27] audit: type=1400 audit(1699104699.582:200): avc: denied { read } for pid=5406 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 106.665724][ T27] audit: type=1400 audit(1699104699.582:201): avc: denied { open } for pid=5406 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 2023/11/04 13:31:39 executed programs: 0 [ 106.692940][ T27] audit: type=1400 audit(1699104699.662:202): avc: denied { mounton } for pid=5412 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 106.719300][ T27] audit: type=1400 audit(1699104699.662:203): avc: denied { mount } for pid=5412 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 106.831697][ T4453] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 106.841037][ T4453] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 106.849302][ T4453] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 106.858682][ T4453] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 106.867968][ T4453] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 106.878380][ T4453] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 106.901575][ T27] audit: type=1400 audit(1699104699.862:204): avc: denied { mounton } for pid=5418 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 107.062129][ T5418] chnl_net:caif_netlink_parms(): no params data found [ 107.142825][ T5418] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.150459][ T5418] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.158119][ T5418] bridge_slave_0: entered allmulticast mode [ 107.165729][ T5418] bridge_slave_0: entered promiscuous mode [ 107.174584][ T5418] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.181905][ T5418] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.189173][ T5418] bridge_slave_1: entered allmulticast mode [ 107.197700][ T5418] bridge_slave_1: entered promiscuous mode [ 107.235622][ T5418] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.248741][ T5418] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.289619][ T5418] team0: Port device team_slave_0 added [ 107.298800][ T5418] team0: Port device team_slave_1 added [ 107.332654][ T5418] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.340190][ T5418] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.368428][ T5418] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.389660][ T5418] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.397194][ T5418] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.424280][ T5418] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.474157][ T5418] hsr_slave_0: entered promiscuous mode [ 107.482160][ T5418] hsr_slave_1: entered promiscuous mode [ 108.387377][ T5418] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 108.402239][ T5418] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 108.417018][ T5418] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 108.432900][ T5418] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 108.604247][ T5418] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.643324][ T5418] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.663864][ T5076] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.671694][ T5076] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.705749][ T5076] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.713249][ T5076] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.911476][ T4453] Bluetooth: hci0: command 0x0409 tx timeout [ 109.026664][ T5418] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.121822][ T5418] veth0_vlan: entered promiscuous mode [ 109.147112][ T5418] veth1_vlan: entered promiscuous mode [ 109.219398][ T5418] veth0_macvtap: entered promiscuous mode [ 109.237717][ T5418] veth1_macvtap: entered promiscuous mode [ 109.279510][ T5418] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.305460][ T5418] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.327534][ T5418] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.341131][ T5418] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.353467][ T5418] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.362944][ T5418] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.521916][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.542261][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.596527][ T142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.604885][ T142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.621889][ T27] audit: type=1400 audit(1699104702.582:205): avc: denied { mounton } for pid=5418 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=2323 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 109.797800][ T5485] [ 109.800179][ T5485] ====================================================== [ 109.807430][ T5485] WARNING: possible circular locking dependency detected [ 109.814827][ T5485] 6.6.0-syzkaller-14142-g90b0c2b2edd1 #0 Not tainted [ 109.821519][ T5485] ------------------------------------------------------ [ 109.828814][ T5485] syz-executor.0/5485 is trying to acquire lock: [ 109.835247][ T5485] ffff8880211c9108 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 109.845131][ T5485] [ 109.845131][ T5485] but task is already holding lock: [ 109.852931][ T5485] ffffffff8ef22848 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x16e/0x570 [ 109.862633][ T5485] [ 109.862633][ T5485] which lock already depends on the new lock. [ 109.862633][ T5485] [ 109.873220][ T5485] [ 109.873220][ T5485] the existing dependency chain (in reverse order) is: [ 109.882334][ T5485] [ 109.882334][ T5485] -> #3 (rfkill_global_mutex){+.+.}-{3:3}: [ 109.890709][ T5485] __mutex_lock+0x181/0x1340 [ 109.895945][ T5485] rfkill_register+0x3a/0xb30 [ 109.901175][ T5485] hci_register_dev+0x43a/0xd40 [ 109.906900][ T5485] __vhci_create_device+0x393/0x800 [ 109.912646][ T5485] vhci_write+0x2c7/0x470 [ 109.917621][ T5485] vfs_write+0x64f/0xdf0 [ 109.924163][ T5485] ksys_write+0x12f/0x250 [ 109.929399][ T5485] do_syscall_64+0x3f/0x110 [ 109.934455][ T5485] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 109.941179][ T5485] [ 109.941179][ T5485] -> #2 (&data->open_mutex){+.+.}-{3:3}: [ 109.949139][ T5485] __mutex_lock+0x181/0x1340 [ 109.954551][ T5485] vhci_send_frame+0x67/0xa0 [ 109.959689][ T5485] hci_send_frame+0x220/0x470 [ 109.965086][ T5485] hci_tx_work+0x1456/0x1e40 [ 109.970477][ T5485] process_one_work+0x884/0x15c0 [ 109.977284][ T5485] worker_thread+0x8b9/0x1290 [ 109.982608][ T5485] kthread+0x33c/0x440 [ 109.987652][ T5485] ret_from_fork+0x45/0x80 [ 109.992892][ T5485] ret_from_fork_asm+0x11/0x20 [ 109.998225][ T5485] [ 109.998225][ T5485] -> #1 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 110.007461][ T5485] __flush_work+0x103/0xa10 [ 110.012612][ T5485] hci_dev_close_sync+0x22d/0x1160 [ 110.018459][ T5485] hci_dev_do_close+0x2e/0x90 [ 110.023689][ T5485] hci_unregister_dev+0x1eb/0x600 [ 110.029636][ T5485] vhci_release+0x7f/0x100 [ 110.034787][ T5485] __fput+0x270/0xbb0 [ 110.039488][ T5485] task_work_run+0x14d/0x240 [ 110.044817][ T5485] do_exit+0xa92/0x2ae0 [ 110.049558][ T5485] do_group_exit+0xd4/0x2a0 [ 110.055431][ T5485] get_signal+0x23ba/0x2790 [ 110.060723][ T5485] arch_do_signal_or_restart+0x90/0x7f0 [ 110.067003][ T5485] exit_to_user_mode_prepare+0x11f/0x240 [ 110.073374][ T5485] syscall_exit_to_user_mode+0x1d/0x60 [ 110.080206][ T5485] do_syscall_64+0x4b/0x110 [ 110.085352][ T5485] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 110.092119][ T5485] [ 110.092119][ T5485] -> #0 (&hdev->req_lock){+.+.}-{3:3}: [ 110.100322][ T5485] __lock_acquire+0x2e3d/0x5de0 [ 110.105899][ T5485] lock_acquire+0x1ae/0x510 [ 110.110964][ T5485] __mutex_lock+0x181/0x1340 [ 110.116293][ T5485] hci_dev_do_close+0x26/0x90 [ 110.121602][ T5485] hci_rfkill_set_block+0x1b9/0x200 [ 110.127885][ T5485] rfkill_set_block+0x200/0x550 [ 110.133517][ T5485] rfkill_fop_write+0x2d4/0x570 [ 110.139096][ T5485] vfs_write+0x2a4/0xdf0 [ 110.143993][ T5485] ksys_write+0x1f0/0x250 [ 110.148904][ T5485] do_syscall_64+0x3f/0x110 [ 110.154131][ T5485] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 110.160678][ T5485] [ 110.160678][ T5485] other info that might help us debug this: [ 110.160678][ T5485] [ 110.171269][ T5485] Chain exists of: [ 110.171269][ T5485] &hdev->req_lock --> &data->open_mutex --> rfkill_global_mutex [ 110.171269][ T5485] [ 110.185237][ T5485] Possible unsafe locking scenario: [ 110.185237][ T5485] [ 110.192832][ T5485] CPU0 CPU1 [ 110.198212][ T5485] ---- ---- [ 110.204243][ T5485] lock(rfkill_global_mutex); [ 110.209134][ T5485] lock(&data->open_mutex); [ 110.216538][ T5485] lock(rfkill_global_mutex); [ 110.224022][ T5485] lock(&hdev->req_lock); [ 110.228557][ T5485] [ 110.228557][ T5485] *** DEADLOCK *** [ 110.228557][ T5485] [ 110.236981][ T5485] 1 lock held by syz-executor.0/5485: [ 110.242472][ T5485] #0: ffffffff8ef22848 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x16e/0x570 [ 110.254369][ T5485] [ 110.254369][ T5485] stack backtrace: [ 110.260357][ T5485] CPU: 0 PID: 5485 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller-14142-g90b0c2b2edd1 #0 [ 110.271054][ T5485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 110.281307][ T5485] Call Trace: [ 110.284685][ T5485] [ 110.287633][ T5485] dump_stack_lvl+0xd9/0x1b0 [ 110.292344][ T5485] check_noncircular+0x311/0x3f0 [ 110.297460][ T5485] ? print_circular_bug+0x750/0x750 [ 110.302778][ T5485] ? __read_once_word_nocheck+0x9/0x10 [ 110.308286][ T5485] ? mark_lock+0x105/0x1950 [ 110.312832][ T5485] __lock_acquire+0x2e3d/0x5de0 [ 110.317725][ T5485] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 110.324023][ T5485] ? __lock_acquire+0x182f/0x5de0 [ 110.329191][ T5485] lock_acquire+0x1ae/0x510 [ 110.333742][ T5485] ? hci_dev_do_close+0x26/0x90 [ 110.338706][ T5485] ? lock_sync+0x190/0x190 [ 110.343158][ T5485] ? preempt_count_sub+0x150/0x150 [ 110.348313][ T5485] __mutex_lock+0x181/0x1340 [ 110.353038][ T5485] ? hci_dev_do_close+0x26/0x90 [ 110.358107][ T5485] ? hci_dev_do_close+0x26/0x90 [ 110.363252][ T5485] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 110.368880][ T5485] ? lock_acquire+0x1ae/0x510 [ 110.373764][ T5485] ? find_held_lock+0x2d/0x110 [ 110.378821][ T5485] ? rfkill_set_block+0x195/0x550 [ 110.383886][ T5485] ? reacquire_held_locks+0x4b0/0x4b0 [ 110.389390][ T5485] ? hci_dev_do_close+0x26/0x90 [ 110.394809][ T5485] hci_dev_do_close+0x26/0x90 [ 110.399538][ T5485] hci_rfkill_set_block+0x1b9/0x200 [ 110.405113][ T5485] ? lockdep_hardirqs_on+0x7d/0x100 [ 110.410352][ T5485] ? hci_power_on+0x670/0x670 [ 110.415324][ T5485] rfkill_set_block+0x200/0x550 [ 110.420297][ T5485] rfkill_fop_write+0x2d4/0x570 [ 110.425260][ T5485] ? rfkill_register+0xb30/0xb30 [ 110.430613][ T5485] ? security_file_permission+0x94/0x100 [ 110.436361][ T5485] vfs_write+0x2a4/0xdf0 [ 110.440793][ T5485] ? rfkill_register+0xb30/0xb30 [ 110.445822][ T5485] ? kernel_write+0x6c0/0x6c0 [ 110.450592][ T5485] ? __might_fault+0xe6/0x1a0 [ 110.455494][ T5485] ? __fget_files+0x1c6/0x340 [ 110.460182][ T5485] ? __fget_light+0xe6/0x260 [ 110.464868][ T5485] ksys_write+0x1f0/0x250 [ 110.469294][ T5485] ? __ia32_sys_read+0xb0/0xb0 [ 110.474162][ T5485] ? syscall_enter_from_user_mode+0x26/0x80 [ 110.480262][ T5485] do_syscall_64+0x3f/0x110 [ 110.484791][ T5485] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 110.490714][ T5485] RIP: 0033:0x7fe9d4e7c959 [ 110.496021][ T5485] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 110.515650][ T5485] RSP: 002b:00007fe9d5c1a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 110.524128][ T5485] RAX: ffffffffffffffda RBX: 00007fe9d4f9bf80 RCX: 00007fe9d4e7c959 [ 110.532464][ T5485] RDX: 0000000000000008 RSI: 0000000020000000 RDI: 0000000000000004 [ 110.540469][ T5485] RBP: 00007fe9d4ed8c88 R08: 0000000000000000 R09: 0000000000000000 [ 110.548580][ T5485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.556838][ T5485] R13: 000000000000000b R14: 00007fe9d4f9bf80 R15: 00007ffd8c2b4a58 [ 110.565199][ T5485]