[ 58.570025][ T33] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.584574][ T33] device veth1_macvtap left promiscuous mode [ 58.591320][ T33] device veth0_macvtap left promiscuous mode [ 58.598256][ T33] device veth1_vlan left promiscuous mode [ 58.604254][ T33] device veth0_vlan left promiscuous mode [ 58.819699][ T33] team0 (unregistering): Port device team_slave_1 removed [ 58.836743][ T33] team0 (unregistering): Port device team_slave_0 removed [ 58.848682][ T33] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 58.862556][ T33] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 58.909433][ T33] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.242' (ECDSA) to the list of known hosts. 2022/12/07 12:50:47 ignoring optional flag "sandboxArg"="0" 2022/12/07 12:50:48 parsed 1 programs 2022/12/07 12:50:48 executed programs: 0 [ 73.998024][ T4077] cgroup: Unknown subsys name 'net' [ 74.006939][ T4077] cgroup: Unknown subsys name 'rlimit' [ 76.388442][ T14] cfg80211: failed to load regulatory.db [ 77.186304][ T48] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 81.346368][ T48] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 83.431589][ T3633] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.439582][ T3633] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.447799][ T3633] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.455940][ T3633] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.464516][ T3633] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 83.472111][ T3633] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.480505][ T4091] Bluetooth: hci0: HCI_REQ-0x0c1a [ 83.547227][ T4091] chnl_net:caif_netlink_parms(): no params data found [ 83.582807][ T4091] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.590239][ T4091] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.598906][ T4091] device bridge_slave_0 entered promiscuous mode [ 83.607181][ T4091] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.614516][ T4091] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.622857][ T4091] device bridge_slave_1 entered promiscuous mode [ 83.643351][ T4091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.654219][ T4091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.677672][ T4091] team0: Port device team_slave_0 added [ 83.685899][ T4091] team0: Port device team_slave_1 added [ 83.702456][ T4091] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.709677][ T4091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.736025][ T4091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.748687][ T4091] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.755648][ T4091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.782345][ T4091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.807773][ T4091] device hsr_slave_0 entered promiscuous mode [ 83.814585][ T4091] device hsr_slave_1 entered promiscuous mode [ 83.870902][ T4091] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.878005][ T4091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.885283][ T4091] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.892679][ T4091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.928519][ T4091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.941203][ T3641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.950745][ T3641] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.958584][ T3641] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.967255][ T3641] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 83.980273][ T4091] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.990358][ T3641] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.998896][ T3641] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.006019][ T3641] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.016622][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.025029][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.032196][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.054499][ T4091] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 84.066022][ T4091] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 84.079914][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.088811][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.097842][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.106017][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.114321][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.122083][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.141311][ T4091] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.149111][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.156804][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.459445][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 84.471615][ T3641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 84.480376][ T3641] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 84.488999][ T3641] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 84.500399][ T4091] device veth0_vlan entered promiscuous mode [ 84.511161][ T4091] device veth1_vlan entered promiscuous mode [ 84.528147][ T3641] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 84.536808][ T3641] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 84.545210][ T3641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 84.559483][ T4091] device veth0_macvtap entered promiscuous mode [ 84.569112][ T4091] device veth1_macvtap entered promiscuous mode [ 84.584454][ T4091] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.592087][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 84.601232][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.612443][ T4091] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.621451][ T3641] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 84.630519][ T3641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.680698][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.688862][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.709095][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 84.719807][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.728552][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.738225][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 85.506890][ T48] Bluetooth: hci0: command 0x0409 tx timeout [ 85.599126][ T4110] [ 85.601575][ T4110] ====================================================== [ 85.608672][ T4110] WARNING: possible circular locking dependency detected [ 85.615688][ T4110] 6.1.0-rc8-syzkaller-00014-g8ed710da2873 #0 Not tainted [ 85.622700][ T4110] ------------------------------------------------------ [ 85.629903][ T4110] syz-executor.0/4110 is trying to acquire lock: [ 85.636220][ T4110] ffff8880742a8130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x52/0x2f0 [ 85.647870][ T4110] [ 85.647870][ T4110] but task is already holding lock: [ 85.655291][ T4110] ffff88806e607128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x276/0x470 [ 85.664176][ T4110] [ 85.664176][ T4110] which lock already depends on the new lock. [ 85.664176][ T4110] [ 85.674654][ T4110] [ 85.674654][ T4110] the existing dependency chain (in reverse order) is: [ 85.683706][ T4110] [ 85.683706][ T4110] -> #2 (&d->lock){+.+.}-{3:3}: [ 85.690905][ T4110] lock_acquire+0x1a7/0x400 [ 85.695922][ T4110] __mutex_lock_common+0x1de/0x26c0 [ 85.701717][ T4110] mutex_lock_nested+0x17/0x20 [ 85.707003][ T4110] __rfcomm_dlc_close+0x276/0x470 [ 85.712544][ T4110] rfcomm_dlc_close+0x10d/0x1c0 [ 85.717901][ T4110] __rfcomm_sock_close+0x101/0x220 [ 85.724301][ T4110] rfcomm_sock_shutdown+0xad/0x230 [ 85.730009][ T4110] rfcomm_sock_release+0x55/0x120 [ 85.735842][ T4110] sock_close+0xd7/0x260 [ 85.740605][ T4110] __fput+0x3ba/0x880 [ 85.745218][ T4110] task_work_run+0x243/0x300 [ 85.750422][ T4110] get_signal+0x1642/0x1810 [ 85.755643][ T4110] arch_do_signal_or_restart+0x8d/0x750 [ 85.762266][ T4110] exit_to_user_mode_loop+0x74/0x160 [ 85.768160][ T4110] exit_to_user_mode_prepare+0xad/0x110 [ 85.774236][ T4110] syscall_exit_to_user_mode+0x2e/0x60 [ 85.780228][ T4110] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.786920][ T4110] [ 85.786920][ T4110] -> #1 (rfcomm_mutex){+.+.}-{3:3}: [ 85.794295][ T4110] lock_acquire+0x1a7/0x400 [ 85.799334][ T4110] __mutex_lock_common+0x1de/0x26c0 [ 85.805169][ T4110] mutex_lock_nested+0x17/0x20 [ 85.810707][ T4110] rfcomm_dlc_open+0x25/0x50 [ 85.815983][ T4110] rfcomm_sock_connect+0x285/0x470 [ 85.822065][ T4110] __sys_connect+0x29b/0x2d0 [ 85.827294][ T4110] __x64_sys_connect+0x76/0x80 [ 85.832573][ T4110] do_syscall_64+0x2b/0x70 [ 85.837814][ T4110] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.844419][ T4110] [ 85.844419][ T4110] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}: [ 85.853892][ T4110] validate_chain+0x184a/0x6470 [ 85.859264][ T4110] __lock_acquire+0x1292/0x1f60 [ 85.864891][ T4110] lock_acquire+0x1a7/0x400 [ 85.869905][ T4110] lock_sock_nested+0x44/0xf0 [ 85.875263][ T4110] rfcomm_sk_state_change+0x52/0x2f0 [ 85.881097][ T4110] __rfcomm_dlc_close+0x2bb/0x470 [ 85.886886][ T4110] rfcomm_dlc_close+0x10d/0x1c0 [ 85.892334][ T4110] __rfcomm_sock_close+0x101/0x220 [ 85.897954][ T4110] rfcomm_sock_shutdown+0xad/0x230 [ 85.903658][ T4110] rfcomm_sock_release+0x55/0x120 [ 85.909226][ T4110] sock_close+0xd7/0x260 [ 85.913970][ T4110] __fput+0x3ba/0x880 [ 85.918640][ T4110] task_work_run+0x243/0x300 [ 85.923917][ T4110] get_signal+0x1642/0x1810 [ 85.929190][ T4110] arch_do_signal_or_restart+0x8d/0x750 [ 85.935422][ T4110] exit_to_user_mode_loop+0x74/0x160 [ 85.941472][ T4110] exit_to_user_mode_prepare+0xad/0x110 [ 85.947725][ T4110] syscall_exit_to_user_mode+0x2e/0x60 [ 85.953784][ T4110] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.960293][ T4110] [ 85.960293][ T4110] other info that might help us debug this: [ 85.960293][ T4110] [ 85.970770][ T4110] Chain exists of: [ 85.970770][ T4110] sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock [ 85.970770][ T4110] [ 85.984746][ T4110] Possible unsafe locking scenario: [ 85.984746][ T4110] [ 85.992287][ T4110] CPU0 CPU1 [ 85.997644][ T4110] ---- ---- [ 86.003277][ T4110] lock(&d->lock); [ 86.007081][ T4110] lock(rfcomm_mutex); [ 86.013743][ T4110] lock(&d->lock); [ 86.020289][ T4110] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 86.026426][ T4110] [ 86.026426][ T4110] *** DEADLOCK *** [ 86.026426][ T4110] [ 86.034741][ T4110] 3 locks held by syz-executor.0/4110: [ 86.040412][ T4110] #0: ffff8880709db810 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: sock_close+0x93/0x260 [ 86.050599][ T4110] #1: ffffffff8e5df588 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x32/0x1c0 [ 86.059983][ T4110] #2: ffff88806e607128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x276/0x470 [ 86.069457][ T4110] [ 86.069457][ T4110] stack backtrace: [ 86.075508][ T4110] CPU: 1 PID: 4110 Comm: syz-executor.0 Not tainted 6.1.0-rc8-syzkaller-00014-g8ed710da2873 #0 [ 86.086015][ T4110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 86.096160][ T4110] Call Trace: [ 86.099452][ T4110] [ 86.102386][ T4110] dump_stack_lvl+0x1e3/0x2cb [ 86.107070][ T4110] ? nf_tcp_handle_invalid+0x62e/0x62e [ 86.112539][ T4110] ? print_circular_bug+0x13e/0x1c0 [ 86.118437][ T4110] check_noncircular+0x2f9/0x3b0 [ 86.123378][ T4110] ? add_chain_block+0x850/0x850 [ 86.128478][ T4110] ? lockdep_lock+0x11d/0x2a0 [ 86.133239][ T4110] ? _find_first_zero_bit+0xe8/0x110 [ 86.139295][ T4110] validate_chain+0x184a/0x6470 [ 86.144231][ T4110] ? reacquire_held_locks+0x680/0x680 [ 86.149592][ T4110] ? register_lock_class+0xfe/0x9b0 [ 86.154774][ T4110] ? is_dynamic_key+0x1f0/0x1f0 [ 86.159699][ T4110] ? mark_lock+0x9a/0x350 [ 86.164033][ T4110] ? __lock_acquire+0x1292/0x1f60 [ 86.169504][ T4110] ? mark_lock+0x9a/0x350 [ 86.173849][ T4110] __lock_acquire+0x1292/0x1f60 [ 86.178699][ T4110] lock_acquire+0x1a7/0x400 [ 86.183359][ T4110] ? rfcomm_sk_state_change+0x52/0x2f0 [ 86.188806][ T4110] ? read_lock_is_recursive+0x10/0x10 [ 86.195267][ T4110] ? __mutex_lock_common+0x45d/0x26c0 [ 86.200722][ T4110] ? del_timer+0x340/0x3d0 [ 86.205166][ T4110] ? __rfcomm_dlc_close+0x276/0x470 [ 86.210352][ T4110] ? mutex_lock_io_nested+0x60/0x60 [ 86.215887][ T4110] lock_sock_nested+0x44/0xf0 [ 86.220566][ T4110] ? rfcomm_sk_state_change+0x52/0x2f0 [ 86.226015][ T4110] rfcomm_sk_state_change+0x52/0x2f0 [ 86.231286][ T4110] __rfcomm_dlc_close+0x2bb/0x470 [ 86.236300][ T4110] rfcomm_dlc_close+0x10d/0x1c0 [ 86.241227][ T4110] __rfcomm_sock_close+0x101/0x220 [ 86.246505][ T4110] rfcomm_sock_shutdown+0xad/0x230 [ 86.252050][ T4110] rfcomm_sock_release+0x55/0x120 [ 86.257763][ T4110] sock_close+0xd7/0x260 [ 86.262076][ T4110] ? __fput+0x3b2/0x880 [ 86.266484][ T4110] ? sock_mmap+0x90/0x90 [ 86.270714][ T4110] __fput+0x3ba/0x880 [ 86.274708][ T4110] task_work_run+0x243/0x300 [ 86.279323][ T4110] ? task_work_cancel+0x290/0x290 [ 86.284551][ T4110] get_signal+0x1642/0x1810 [ 86.289146][ T4110] ? kick_process+0xd6/0x140 [ 86.293837][ T4110] ? task_work_add+0x2e6/0x340 [ 86.298763][ T4110] ? rcu_lock_release+0x20/0x20 [ 86.303773][ T4110] ? ptrace_notify+0x340/0x340 [ 86.308542][ T4110] arch_do_signal_or_restart+0x8d/0x750 [ 86.314071][ T4110] ? __sys_connect+0x157/0x2d0 [ 86.318873][ T4110] ? get_sigframe_size+0x10/0x10 [ 86.323999][ T4110] ? exit_to_user_mode_loop+0x42/0x160 [ 86.329598][ T4110] exit_to_user_mode_loop+0x74/0x160 [ 86.335141][ T4110] exit_to_user_mode_prepare+0xad/0x110 [ 86.341021][ T4110] syscall_exit_to_user_mode+0x2e/0x60 [ 86.346559][ T4110] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.352784][ T4110] RIP: 0033:0x7fe59ea89049 [ 86.357648][ T4110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 86.377517][ T4110] RSP: 002b:00007fe59fc8a168 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 86.387835][ T4110] RAX: fffffffffffffffc RBX: 00007fe59eb9bf60 RCX: 00007fe59ea89049 2022/12/07 12:51:00 executed programs: 1 [ 86.396175][ T4110] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004 [ 86.404871][ T4110] RBP: 00007fe59eae308d R08: 0000000000000000 R09: 0000000000000000 [ 86.413397][ T4110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.421466][ T4110] R13: 00007ffce31504af R14: 00007fe59fc8a300 R15: 0000000000022000 [ 86.429745][ T4110] [ 87.586299][ T48] Bluetooth: hci0: command 0x041b tx timeout [ 89.666314][ T48] Bluetooth: hci0: command 0x040f tx timeout 2022/12/07 12:51:05 executed programs: 7 [ 91.746352][ T48] Bluetooth: hci0: command 0x0419 tx timeout [ 93.826264][ T48] Bluetooth: hci0: command 0x0405 tx timeout