Warning: Permanently added '10.128.1.87' (ED25519) to the list of known hosts. 2023/11/20 08:28:15 ignoring optional flag "sandboxArg"="0" 2023/11/20 08:28:15 parsed 1 programs 2023/11/20 08:28:16 executed programs: 0 [ 102.720791][ T4467] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.730116][ T4467] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.738077][ T4467] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.746601][ T4467] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.754579][ T4467] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 102.762751][ T4467] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.928192][ T5426] chnl_net:caif_netlink_parms(): no params data found [ 103.007076][ T5426] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.014982][ T5426] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.023310][ T5426] bridge_slave_0: entered allmulticast mode [ 103.031494][ T5426] bridge_slave_0: entered promiscuous mode [ 103.041750][ T5426] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.049259][ T5426] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.057154][ T5426] bridge_slave_1: entered allmulticast mode [ 103.064938][ T5426] bridge_slave_1: entered promiscuous mode [ 103.098921][ T5426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.113537][ T5426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.153094][ T5426] team0: Port device team_slave_0 added [ 103.162626][ T5426] team0: Port device team_slave_1 added [ 103.195323][ T5426] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.202996][ T5426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.230266][ T5426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.243311][ T5426] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.250985][ T5426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.277794][ T5426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.327484][ T5426] hsr_slave_0: entered promiscuous mode [ 103.335014][ T5426] hsr_slave_1: entered promiscuous mode [ 104.187910][ T5426] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.202028][ T5426] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.216204][ T5426] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 104.232330][ T5426] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 104.385656][ T5426] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.415639][ T5426] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.434526][ T5087] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.441953][ T5087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.469211][ T5087] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.476842][ T5087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.784359][ T5426] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.820617][ T5078] Bluetooth: hci0: command 0x0409 tx timeout [ 104.873031][ T5426] veth0_vlan: entered promiscuous mode [ 104.894019][ T5426] veth1_vlan: entered promiscuous mode [ 104.950333][ T5426] veth0_macvtap: entered promiscuous mode [ 104.965517][ T5426] veth1_macvtap: entered promiscuous mode [ 105.006346][ T5426] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.032138][ T5426] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.053993][ T5426] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.066506][ T5426] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.077836][ T5426] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.088513][ T5426] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.217584][ T3854] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.236602][ T3854] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.285850][ T4359] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.296174][ T4359] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.437192][ T5488] [ 105.439665][ T5488] ====================================================== [ 105.446803][ T5488] WARNING: possible circular locking dependency detected [ 105.453834][ T5488] 6.7.0-rc2-syzkaller #0 Not tainted [ 105.459308][ T5488] ------------------------------------------------------ [ 105.466531][ T5488] syz-executor.0/5488 is trying to acquire lock: [ 105.473583][ T5488] ffff88801afbd108 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 105.483454][ T5488] [ 105.483454][ T5488] but task is already holding lock: [ 105.491023][ T5488] ffffffff8ef2ca28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x16e/0x570 [ 105.500814][ T5488] [ 105.500814][ T5488] which lock already depends on the new lock. [ 105.500814][ T5488] [ 105.511232][ T5488] [ 105.511232][ T5488] the existing dependency chain (in reverse order) is: [ 105.520555][ T5488] [ 105.520555][ T5488] -> #3 (rfkill_global_mutex){+.+.}-{3:3}: [ 105.528838][ T5488] __mutex_lock+0x175/0x9d0 [ 105.534269][ T5488] rfkill_register+0x3a/0xb30 [ 105.542039][ T5488] hci_register_dev+0x43a/0xd40 [ 105.547673][ T5488] __vhci_create_device+0x393/0x800 [ 105.553589][ T5488] vhci_write+0x2c7/0x470 [ 105.558755][ T5488] vfs_write+0x64f/0xdf0 [ 105.564154][ T5488] ksys_write+0x12f/0x250 [ 105.569206][ T5488] __do_fast_syscall_32+0x62/0xe0 [ 105.574784][ T5488] do_fast_syscall_32+0x33/0x70 [ 105.580182][ T5488] entry_SYSENTER_compat_after_hwframe+0x70/0x7a [ 105.587061][ T5488] [ 105.587061][ T5488] -> #2 (&data->open_mutex){+.+.}-{3:3}: [ 105.595695][ T5488] __mutex_lock+0x175/0x9d0 [ 105.601208][ T5488] vhci_send_frame+0x67/0xa0 [ 105.606356][ T5488] hci_send_frame+0x220/0x470 [ 105.611792][ T5488] hci_tx_work+0x1456/0x1e40 [ 105.617124][ T5488] process_one_work+0x886/0x15d0 [ 105.622626][ T5488] worker_thread+0x8b9/0x1290 [ 105.628298][ T5488] kthread+0x2c6/0x3a0 [ 105.632929][ T5488] ret_from_fork+0x45/0x80 [ 105.638337][ T5488] ret_from_fork_asm+0x11/0x20 [ 105.643667][ T5488] [ 105.643667][ T5488] -> #1 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 105.652918][ T5488] __flush_work+0x103/0xa10 [ 105.658290][ T5488] hci_dev_close_sync+0x22d/0x1160 [ 105.664740][ T5488] hci_dev_do_close+0x2e/0x90 [ 105.670082][ T5488] hci_unregister_dev+0x1eb/0x600 [ 105.675876][ T5488] vhci_release+0x7f/0x100 [ 105.680859][ T5488] __fput+0x270/0xbb0 [ 105.685764][ T5488] task_work_run+0x14d/0x240 [ 105.690898][ T5488] do_exit+0xa92/0x2ae0 [ 105.695602][ T5488] do_group_exit+0xd4/0x2a0 [ 105.701090][ T5488] get_signal+0x23be/0x2790 [ 105.706377][ T5488] arch_do_signal_or_restart+0x90/0x7f0 [ 105.712840][ T5488] exit_to_user_mode_prepare+0x121/0x240 [ 105.719204][ T5488] syscall_exit_to_user_mode+0x1e/0x60 [ 105.725687][ T5488] __do_fast_syscall_32+0x6f/0xe0 [ 105.731267][ T5488] do_fast_syscall_32+0x33/0x70 [ 105.736945][ T5488] entry_SYSENTER_compat_after_hwframe+0x70/0x7a [ 105.743881][ T5488] [ 105.743881][ T5488] -> #0 (&hdev->req_lock){+.+.}-{3:3}: [ 105.752342][ T5488] __lock_acquire+0x2464/0x3b10 [ 105.757883][ T5488] lock_acquire+0x1ae/0x520 [ 105.763272][ T5488] __mutex_lock+0x175/0x9d0 [ 105.768676][ T5488] hci_dev_do_close+0x26/0x90 [ 105.774223][ T5488] hci_rfkill_set_block+0x1b9/0x200 [ 105.780239][ T5488] rfkill_set_block+0x200/0x550 [ 105.785746][ T5488] rfkill_fop_write+0x2d4/0x570 [ 105.791157][ T5488] vfs_write+0x2a4/0xdf0 [ 105.796049][ T5488] ksys_write+0x1f0/0x250 [ 105.801105][ T5488] __do_fast_syscall_32+0x62/0xe0 [ 105.806688][ T5488] do_fast_syscall_32+0x33/0x70 [ 105.812182][ T5488] entry_SYSENTER_compat_after_hwframe+0x70/0x7a [ 105.819351][ T5488] [ 105.819351][ T5488] other info that might help us debug this: [ 105.819351][ T5488] [ 105.829683][ T5488] Chain exists of: [ 105.829683][ T5488] &hdev->req_lock --> &data->open_mutex --> rfkill_global_mutex [ 105.829683][ T5488] [ 105.843586][ T5488] Possible unsafe locking scenario: [ 105.843586][ T5488] [ 105.851400][ T5488] CPU0 CPU1 [ 105.856789][ T5488] ---- ---- [ 105.862615][ T5488] lock(rfkill_global_mutex); [ 105.867754][ T5488] lock(&data->open_mutex); [ 105.876357][ T5488] lock(rfkill_global_mutex); [ 105.883665][ T5488] lock(&hdev->req_lock); [ 105.888278][ T5488] [ 105.888278][ T5488] *** DEADLOCK *** [ 105.888278][ T5488] [ 105.896704][ T5488] 1 lock held by syz-executor.0/5488: [ 105.902269][ T5488] #0: ffffffff8ef2ca28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x16e/0x570 [ 105.912593][ T5488] [ 105.912593][ T5488] stack backtrace: [ 105.918849][ T5488] CPU: 0 PID: 5488 Comm: syz-executor.0 Not tainted 6.7.0-rc2-syzkaller #0 [ 105.927897][ T5488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 105.938154][ T5488] Call Trace: [ 105.941456][ T5488] [ 105.944678][ T5488] dump_stack_lvl+0xd9/0x1b0 [ 105.949827][ T5488] check_noncircular+0x317/0x400 [ 105.955331][ T5488] ? print_circular_bug+0x5c0/0x5c0 [ 105.960930][ T5488] ? bpf_ksym_find+0x124/0x1b0 [ 105.966446][ T5488] ? lockdep_lock+0xc6/0x200 [ 105.971157][ T5488] ? hlock_class+0x130/0x130 [ 105.976142][ T5488] __lock_acquire+0x2464/0x3b10 [ 105.981052][ T5488] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 105.987342][ T5488] ? hlock_class+0x4e/0x130 [ 105.992025][ T5488] ? __lock_acquire+0x14e0/0x3b10 [ 105.997354][ T5488] lock_acquire+0x1ae/0x520 [ 106.001894][ T5488] ? hci_dev_do_close+0x26/0x90 [ 106.007056][ T5488] ? lock_sync+0x190/0x190 [ 106.011871][ T5488] ? preempt_count_sub+0x160/0x160 [ 106.017691][ T5488] __mutex_lock+0x175/0x9d0 [ 106.022232][ T5488] ? hci_dev_do_close+0x26/0x90 [ 106.027730][ T5488] ? print_usage_bug.part.0+0x550/0x550 [ 106.033501][ T5488] ? hci_dev_do_close+0x26/0x90 [ 106.038557][ T5488] ? mutex_trylock+0x130/0x130 [ 106.043388][ T5488] ? find_held_lock+0x2d/0x110 [ 106.048189][ T5488] ? rfkill_set_block+0x195/0x550 [ 106.053399][ T5488] ? reacquire_held_locks+0x4c0/0x4c0 [ 106.058900][ T5488] ? hci_dev_do_close+0x26/0x90 [ 106.063790][ T5488] hci_dev_do_close+0x26/0x90 [ 106.068586][ T5488] hci_rfkill_set_block+0x1b9/0x200 [ 106.074384][ T5488] ? lockdep_hardirqs_on+0x7d/0x110 [ 106.080098][ T5488] ? hci_power_on+0x670/0x670 [ 106.084808][ T5488] rfkill_set_block+0x200/0x550 [ 106.090133][ T5488] rfkill_fop_write+0x2d4/0x570 [ 106.095554][ T5488] ? rfkill_register+0xb30/0xb30 [ 106.100729][ T5488] ? bpf_lsm_inode_remove_acl+0x10/0x10 [ 106.106411][ T5488] ? security_file_permission+0x94/0x100 [ 106.112427][ T5488] vfs_write+0x2a4/0xdf0 [ 106.116796][ T5488] ? rfkill_register+0xb30/0xb30 [ 106.121783][ T5488] ? kernel_write+0x6c0/0x6c0 [ 106.126582][ T5488] ? __might_fault+0xe6/0x1a0 [ 106.131303][ T5488] ? __fget_files+0x1c6/0x340 [ 106.136274][ T5488] ? __fget_light+0xe6/0x260 [ 106.141038][ T5488] ksys_write+0x1f0/0x250 [ 106.145396][ T5488] ? __ia32_sys_read+0xb0/0xb0 [ 106.150290][ T5488] __do_fast_syscall_32+0x62/0xe0 [ 106.155790][ T5488] do_fast_syscall_32+0x33/0x70 [ 106.160939][ T5488] entry_SYSENTER_compat_after_hwframe+0x70/0x7a [ 106.167925][ T5488] RIP: 0023:0xf7f82579 [ 106.172371][ T5488] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 106.193388][ T5488] RSP: 002b:00000000f7f7d5ac EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 106.202114][ T5488] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 106.210659][ T5488] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000 [ 106.219330][ T5488] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 106.228221][ T5488] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 106.236565][ T5488] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 106.245025][ T5488] 2023/11/20 08:28:21 executed programs: 26