Warning: Permanently added '[localhost]:59446' (ED25519) to the list of known hosts. 2023/11/13 17:52:26 ignoring optional flag "sandboxArg"="0" 2023/11/13 17:52:26 parsed 1 programs [ 72.325622][ T37] kauditd_printk_skb: 26 callbacks suppressed [ 72.325637][ T37] audit: type=1400 audit(1699897946.538:204): avc: denied { getattr } for pid=5360 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 72.338321][ T37] audit: type=1400 audit(1699897946.538:205): avc: denied { read } for pid=5360 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 72.346893][ T37] audit: type=1400 audit(1699897946.538:206): avc: denied { open } for pid=5360 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 72.371352][ T37] audit: type=1400 audit(1699897946.588:207): avc: denied { mounton } for pid=5382 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 72.382628][ T37] audit: type=1400 audit(1699897946.588:208): avc: denied { mount } for pid=5382 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 72.392117][ T37] audit: type=1400 audit(1699897946.588:209): avc: denied { setattr } for pid=5382 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 72.400916][ T37] audit: type=1400 audit(1699897946.598:210): avc: denied { read write } for pid=5382 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 72.411984][ T37] audit: type=1400 audit(1699897946.608:211): avc: denied { open } for pid=5382 comm="syz-executor" path="/swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 72.443549][ T37] audit: type=1400 audit(1699897946.658:212): avc: denied { unlink } for pid=5382 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 72.893115][ T37] audit: type=1400 audit(1699897947.108:213): avc: denied { relabelto } for pid=5396 comm="mkswap" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 73.829430][ T5382] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2023/11/13 17:52:28 executed programs: 0 [ 73.895405][ T4618] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.898876][ T4618] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.902046][ T4618] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.906096][ T4618] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.909728][ T4618] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 73.912549][ T4618] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.030182][ T5413] chnl_net:caif_netlink_parms(): no params data found [ 74.131921][ T5413] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.135251][ T5413] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.138513][ T5413] bridge_slave_0: entered allmulticast mode [ 74.142433][ T5413] bridge_slave_0: entered promiscuous mode [ 74.146565][ T5413] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.149834][ T5413] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.152613][ T5413] bridge_slave_1: entered allmulticast mode [ 74.156019][ T5413] bridge_slave_1: entered promiscuous mode [ 74.201112][ T5413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.209118][ T5413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.254473][ T5413] team0: Port device team_slave_0 added [ 74.259044][ T5413] team0: Port device team_slave_1 added [ 74.299375][ T5413] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.301889][ T5413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.311195][ T5413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.318238][ T5413] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.320748][ T5413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.330004][ T5413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.383886][ T5413] hsr_slave_0: entered promiscuous mode [ 74.386987][ T5413] hsr_slave_1: entered promiscuous mode [ 74.981983][ T5413] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.991805][ T5413] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.996404][ T5413] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.002067][ T5413] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.023408][ T5413] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.026180][ T5413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.029601][ T5413] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.032641][ T5413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.073454][ T5413] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.084787][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.092193][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.101969][ T5413] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.111028][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.113423][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.116889][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.119364][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.149796][ T5413] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.235108][ T5413] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.275587][ T5413] veth0_vlan: entered promiscuous mode [ 75.286509][ T5413] veth1_vlan: entered promiscuous mode [ 75.315086][ T5413] veth0_macvtap: entered promiscuous mode [ 75.319996][ T5413] veth1_macvtap: entered promiscuous mode [ 75.331162][ T5413] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.339962][ T5413] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.346213][ T5413] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.349528][ T5413] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.353270][ T5413] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.356872][ T5413] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.415600][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.420233][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.441084][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.444194][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.958986][ T4618] Bluetooth: hci0: command 0x0409 tx timeout [ 78.048655][ T4618] Bluetooth: hci0: command 0x041b tx timeout 2023/11/13 17:52:33 executed programs: 4 [ 80.118462][ T4618] Bluetooth: hci0: command 0x040f tx timeout [ 81.649313][ T1397] cfg80211: failed to load regulatory.db [ 82.208039][ T4618] Bluetooth: hci0: command 0x0419 tx timeout 2023/11/13 17:52:38 executed programs: 11 2023/11/13 17:52:43 executed programs: 17 2023/11/13 17:52:48 executed programs: 23 2023/11/13 17:52:53 executed programs: 30 2023/11/13 17:52:58 executed programs: 37 2023/11/13 17:53:03 executed programs: 43 2023/11/13 17:53:09 executed programs: 49 2023/11/13 17:53:14 executed programs: 55 2023/11/13 17:53:19 executed programs: 61 2023/11/13 17:53:24 executed programs: 67 [ 132.841560][ T1350] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.844835][ T1350] ieee802154 phy1 wpan1: encryption failed: -22 2023/11/13 17:53:29 executed programs: 73 2023/11/13 17:53:34 executed programs: 79 2023/11/13 17:53:39 executed programs: 85 2023/11/13 17:53:44 executed programs: 91 2023/11/13 17:53:50 executed programs: 97 2023/11/13 17:53:55 executed programs: 103 2023/11/13 17:54:00 executed programs: 110 2023/11/13 17:54:05 executed programs: 116 2023/11/13 17:54:10 executed programs: 122 2023/11/13 17:54:15 executed programs: 128 2023/11/13 17:54:20 executed programs: 135 2023/11/13 17:54:26 executed programs: 141 [ 194.291708][ T1350] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.294685][ T1350] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.357997][ T5193] Bluetooth: hci0: command 0x0406 tx timeout 2023/11/13 17:54:31 executed programs: 147 2023/11/13 17:54:36 executed programs: 153 2023/11/13 17:54:41 executed programs: 159 2023/11/13 17:54:46 executed programs: 165 2023/11/13 17:54:51 executed programs: 171 2023/11/13 17:54:56 executed programs: 177 2023/11/13 17:55:01 executed programs: 183 [ 231.176233][ T6108] [ 231.177614][ T6108] ====================================================== [ 231.181317][ T6108] WARNING: possible circular locking dependency detected [ 231.184666][ T6108] 6.7.0-rc1-syzkaller-g9bacdd8996c7 #0 Not tainted [ 231.189053][ T6108] ------------------------------------------------------ [ 231.191569][ T6108] syz-executor.0/6108 is trying to acquire lock: [ 231.194179][ T6108] ffff88802b777e30 (&rs->rs_recv_lock){...-}-{2:2}, at: rds_wake_sk_sleep+0x23/0xe0 [ 231.198183][ T6108] [ 231.198183][ T6108] but task is already holding lock: [ 231.200897][ T6108] ffff888019642900 (&rm->m_rs_lock){..-.}-{2:2}, at: rds_send_remove_from_sock+0x155/0xa50 [ 231.205167][ T6108] [ 231.205167][ T6108] which lock already depends on the new lock. [ 231.205167][ T6108] [ 231.209456][ T6108] [ 231.209456][ T6108] the existing dependency chain (in reverse order) is: [ 231.213142][ T6108] [ 231.213142][ T6108] -> #1 (&rm->m_rs_lock){..-.}-{2:2}: [ 231.216267][ T6108] _raw_spin_lock_irqsave+0x3a/0x50 [ 231.218648][ T6108] rds_message_put+0x1dd/0xc40 [ 231.220840][ T6108] rds_inc_put+0x13c/0x1a0 [ 231.223041][ T6108] rds_clear_recv_queue+0x14c/0x350 [ 231.225628][ T6108] rds_release+0xdb/0x3c0 [ 231.227683][ T6108] __sock_release+0xae/0x260 [ 231.229984][ T6108] sock_close+0x1c/0x20 [ 231.232200][ T6108] __fput+0x270/0xbb0 [ 231.234238][ T6108] __fput_sync+0x47/0x50 [ 231.236182][ T6108] __x64_sys_close+0x87/0xf0 [ 231.238392][ T6108] do_syscall_64+0x3f/0x110 [ 231.240565][ T6108] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 231.243280][ T6108] [ 231.243280][ T6108] -> #0 (&rs->rs_recv_lock){...-}-{2:2}: [ 231.246570][ T6108] __lock_acquire+0x2e3d/0x5de0 [ 231.248947][ T6108] lock_acquire+0x1ae/0x510 [ 231.251152][ T6108] _raw_read_lock_irqsave+0x46/0x90 [ 231.253716][ T6108] rds_wake_sk_sleep+0x23/0xe0 [ 231.256048][ T6108] rds_send_remove_from_sock+0x1e9/0xa50 [ 231.258765][ T6108] rds_send_path_drop_acked+0x2f4/0x3c0 [ 231.261570][ T6108] rds_tcp_write_space+0x1b5/0x6d0 [ 231.264075][ T6108] tcp_check_space+0x178/0x8c0 [ 231.266402][ T6108] tcp_rcv_established+0x953/0x20d0 [ 231.268944][ T6108] tcp_v4_do_rcv+0x68c/0xa10 [ 231.271302][ T6108] __release_sock+0x132/0x3a0 [ 231.273697][ T6108] release_sock+0x5a/0x1f0 [ 231.275956][ T6108] rds_send_xmit+0x164f/0x2490 [ 231.278296][ T6108] rds_sendmsg+0x2af0/0x31e0 [ 231.280537][ T6108] __sock_sendmsg+0xd5/0x180 [ 231.282836][ T6108] __sys_sendto+0x255/0x340 [ 231.285177][ T6108] __x64_sys_sendto+0xe0/0x1b0 [ 231.287499][ T6108] do_syscall_64+0x3f/0x110 [ 231.289725][ T6108] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 231.292603][ T6108] [ 231.292603][ T6108] other info that might help us debug this: [ 231.292603][ T6108] [ 231.297074][ T6108] Possible unsafe locking scenario: [ 231.297074][ T6108] [ 231.300174][ T6108] CPU0 CPU1 [ 231.302767][ T6108] ---- ---- [ 231.305409][ T6108] lock(&rm->m_rs_lock); [ 231.307373][ T6108] lock(&rs->rs_recv_lock); [ 231.310445][ T6108] lock(&rm->m_rs_lock); [ 231.313148][ T6108] rlock(&rs->rs_recv_lock); [ 231.315255][ T6108] [ 231.315255][ T6108] *** DEADLOCK *** [ 231.315255][ T6108] [ 231.318955][ T6108] 3 locks held by syz-executor.0/6108: [ 231.321472][ T6108] #0: ffff8880192293b0 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sock_set_cork+0x1c/0x90 [ 231.325617][ T6108] #1: ffff888019229638 (k-clock-AF_INET){++.-}-{2:2}, at: rds_tcp_write_space+0x29/0x6d0 [ 231.330085][ T6108] #2: ffff888019642900 (&rm->m_rs_lock){..-.}-{2:2}, at: rds_send_remove_from_sock+0x155/0xa50 [ 231.334871][ T6108] [ 231.334871][ T6108] stack backtrace: [ 231.337654][ T6108] CPU: 0 PID: 6108 Comm: syz-executor.0 Not tainted 6.7.0-rc1-syzkaller-g9bacdd8996c7 #0 [ 231.342455][ T6108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 231.347279][ T6108] Call Trace: [ 231.348844][ T6108] [ 231.350224][ T6108] dump_stack_lvl+0xd9/0x1b0 [ 231.352379][ T6108] check_noncircular+0x311/0x3f0 [ 231.354671][ T6108] ? print_circular_bug+0x750/0x750 [ 231.357102][ T6108] ? __pv_queued_spin_lock_slowpath+0x272/0xc70 [ 231.360283][ T6108] __lock_acquire+0x2e3d/0x5de0 [ 231.362686][ T6108] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 231.365557][ T6108] ? mark_lock+0x105/0x1950 [ 231.367616][ T6108] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 231.370096][ T6108] lock_acquire+0x1ae/0x510 [ 231.371967][ T6108] ? rds_wake_sk_sleep+0x23/0xe0 [ 231.373994][ T6108] ? lock_sync+0x190/0x190 [ 231.375566][ T6108] ? lock_sync+0x190/0x190 [ 231.377199][ T6108] ? do_raw_spin_lock+0x12e/0x2b0 [ 231.379124][ T6108] ? spin_bug+0x1d0/0x1d0 [ 231.380861][ T6108] _raw_read_lock_irqsave+0x46/0x90 [ 231.383048][ T6108] ? rds_wake_sk_sleep+0x23/0xe0 [ 231.385110][ T6108] rds_wake_sk_sleep+0x23/0xe0 [ 231.387131][ T6108] rds_send_remove_from_sock+0x1e9/0xa50 [ 231.389683][ T6108] rds_send_path_drop_acked+0x2f4/0x3c0 [ 231.391747][ T6108] ? rds_tcp_recv_exit+0x20/0x20 [ 231.393769][ T6108] ? rds_send_remove_from_sock+0xa50/0xa50 [ 231.396448][ T6108] ? sk_stream_wait_memory+0x1010/0x1010 [ 231.398556][ T6108] rds_tcp_write_space+0x1b5/0x6d0 [ 231.400503][ T6108] tcp_check_space+0x178/0x8c0 [ 231.402300][ T6108] ? tcp_rbtree_insert+0x1f0/0x1f0 [ 231.404397][ T6108] tcp_rcv_established+0x953/0x20d0 [ 231.406516][ T6108] ? __release_sock+0xd4/0x3a0 [ 231.408287][ T6108] ? tcp_check_space+0x8c0/0x8c0 [ 231.410130][ T6108] tcp_v4_do_rcv+0x68c/0xa10 [ 231.411851][ T6108] __release_sock+0x132/0x3a0 [ 231.413724][ T6108] release_sock+0x5a/0x1f0 [ 231.415441][ T6108] ? rds_tcp_xmit_path_prepare+0xa0/0xa0 [ 231.417638][ T6108] rds_send_xmit+0x164f/0x2490 [ 231.419744][ T6108] ? rds_atomic_send_complete+0x4a0/0x4a0 [ 231.422042][ T6108] rds_sendmsg+0x2af0/0x31e0 [ 231.424218][ T6108] ? futex_wait_queue+0x42/0x1f0 [ 231.426637][ T6108] ? rds_send_drop_to+0x1340/0x1340 [ 231.429147][ T6108] ? tomoyo_socket_bind_permission+0x340/0x340 [ 231.431986][ T6108] ? rds_send_drop_to+0x1340/0x1340 [ 231.434422][ T6108] ? __sock_sendmsg+0xd5/0x180 [ 231.436672][ T6108] __sock_sendmsg+0xd5/0x180 [ 231.438962][ T6108] __sys_sendto+0x255/0x340 [ 231.441317][ T6108] ? __ia32_sys_getpeername+0xb0/0xb0 [ 231.443856][ T6108] ? reacquire_held_locks+0x4b0/0x4b0 [ 231.446356][ T6108] ? preempt_count_sub+0x150/0x150 [ 231.448747][ T6108] ? __sys_connect+0xed/0x170 [ 231.450937][ T6108] __x64_sys_sendto+0xe0/0x1b0 [ 231.453254][ T6108] ? syscall_enter_from_user_mode+0x26/0x80 [ 231.455441][ T6108] do_syscall_64+0x3f/0x110 [ 231.457115][ T6108] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 231.459545][ T6108] RIP: 0033:0x7f4c1fa7cae9 [ 231.461661][ T6108] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 231.469643][ T6108] RSP: 002b:00007f4c207830c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 231.472957][ T6108] RAX: ffffffffffffffda RBX: 00007f4c1fb9bf80 RCX: 00007f4c1fa7cae9 [ 231.476035][ T6108] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 231.478949][ T6108] RBP: 00007f4c1fac847a R08: 0000000000000000 R09: 0000000000000000 [ 231.481932][ T6108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 231.485050][ T6108] R13: 000000000000000b R14: 00007f4c1fb9bf80 R15: 00007ffcc8549928 [ 231.488185][ T6108] 2023/11/13 17:55:07 executed programs: 190 2023/11/13 17:55:12 executed programs: 196