Warning: Permanently added '10.128.1.150' (ED25519) to the list of known hosts. [ 36.825387][ T4295] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 36.827785][ T4295] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 36.829827][ T4295] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 36.833160][ T4295] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 36.835206][ T4295] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 36.837024][ T4295] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 36.904417][ T4292] chnl_net:caif_netlink_parms(): no params data found [ 36.934906][ T4292] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.936633][ T4292] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.938658][ T4292] device bridge_slave_0 entered promiscuous mode [ 36.942393][ T4292] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.943932][ T4292] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.946016][ T4292] device bridge_slave_1 entered promiscuous mode [ 36.959245][ T4292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.963028][ T4292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.976448][ T4292] team0: Port device team_slave_0 added [ 36.979382][ T4292] team0: Port device team_slave_1 added [ 36.989999][ T4292] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.991719][ T4292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.997152][ T4292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.001868][ T4292] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.003429][ T4292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.008885][ T4292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.092883][ T4292] device hsr_slave_0 entered promiscuous mode [ 37.131437][ T4292] device hsr_slave_1 entered promiscuous mode [ 37.242119][ T4292] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.293255][ T4292] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 37.333094][ T4292] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 37.374135][ T4292] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 37.426406][ T4292] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.428329][ T4292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.430598][ T4292] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.432598][ T4292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.466653][ T4292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.473744][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.478013][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.483278][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.486270][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 37.493293][ T4292] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.503487][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.506021][ T55] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.507885][ T55] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.510013][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.512558][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.514295][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.525232][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.527875][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 37.535212][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.540054][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 37.546638][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 37.550897][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 37.563789][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 37.565707][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 37.573417][ T4292] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.585559][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.597081][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.600016][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 37.603982][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.608083][ T4292] device veth0_vlan entered promiscuous mode [ 37.614756][ T4292] device veth1_vlan entered promiscuous mode [ 37.630256][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 37.633907][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 37.636708][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.640824][ T4292] device veth0_macvtap entered promiscuous mode [ 37.646107][ T4292] device veth1_macvtap entered promiscuous mode [ 37.656120][ T4292] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.658157][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.663766][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 37.669016][ T4292] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.672101][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.676411][ T4292] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.678612][ T4292] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.680877][ T4292] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.684362][ T4292] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 37.719502][ T47] BUG: sleeping function called from invalid context at net/core/sock.c:3490 [ 37.721844][ T47] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 47, name: kworker/u5:0 [ 37.724167][ T47] preempt_count: 1, expected: 0 [ 37.725358][ T47] RCU nest depth: 0, expected: 0 [ 37.726559][ T47] 5 locks held by kworker/u5:0/47: [ 37.727899][ T47] #0: ffff0000d8e42138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x6bc/0x1484 [ 37.730472][ T47] #1: ffff80001d857c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6fc/0x1484 [ 37.733578][ T47] #2: ffff0000d3124078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0xe8/0x9b0 [ 37.736134][ T47] #3: ffff0000c3e18a20 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x24c/0x8ec [ 37.738451][ T47] #4: ffff0000cfe85130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3d8/0x8ec [ 37.741369][ T47] Preemption disabled at: [ 37.741379][ T47] [] sco_connect_cfm+0x24c/0x8ec [ 37.744087][ T47] CPU: 0 PID: 47 Comm: kworker/u5:0 Not tainted 6.1.129-syzkaller #0 [ 37.746102][ T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 37.748525][ T47] Workqueue: hci0 hci_rx_work [ 37.749696][ T47] Call trace: [ 37.750483][ T47] dump_backtrace+0x1c8/0x1f4 [ 37.751661][ T47] show_stack+0x2c/0x3c [ 37.752635][ T47] dump_stack_lvl+0x108/0x170 [ 37.753818][ T47] dump_stack+0x1c/0x58 [ 37.754834][ T47] __might_resched+0x37c/0x4d8 [ 37.756122][ T47] __might_sleep+0x90/0xe4 [ 37.757193][ T47] lock_sock_nested+0x88/0x138 [ 37.758416][ T47] sco_connect_cfm+0x3d8/0x8ec [ 37.759544][ T47] hci_sync_conn_complete_evt+0x4f0/0x9b0 [ 37.761023][ T47] hci_event_packet+0x744/0x109c [ 37.762261][ T47] hci_rx_work+0x310/0xa84 [ 37.763369][ T47] process_one_work+0x804/0x1484 [ 37.764525][ T47] worker_thread+0x8e4/0xfec [ 37.765685][ T47] kthread+0x250/0x2d8 [ 37.766690][ T47] ret_from_fork+0x10/0x20 [ 41.141801][ T4292] [ 41.142439][ T4292] ====================================================== [ 41.144231][ T4292] WARNING: possible circular locking dependency detected [ 41.146010][ T4292] 6.1.129-syzkaller #0 Tainted: G W [ 41.147725][ T4292] ------------------------------------------------------ [ 41.149602][ T4292] syz-executor382/4292 is trying to acquire lock: [ 41.151212][ T4292] ffff0000daaa9130 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: bt_accept_dequeue+0xe8/0x530 [ 41.153883][ T4292] [ 41.153883][ T4292] but task is already holding lock: [ 41.155928][ T4292] ffff0000cfe85130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_sock_release+0x60/0x2c0 [ 41.158735][ T4292] [ 41.158735][ T4292] which lock already depends on the new lock. [ 41.158735][ T4292] [ 41.161453][ T4292] [ 41.161453][ T4292] the existing dependency chain (in reverse order) is: [ 41.163865][ T4292] [ 41.163865][ T4292] -> #2 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}: [ 41.166278][ T4292] lock_sock_nested+0x78/0x138 [ 41.167722][ T4292] sco_connect_cfm+0x3d8/0x8ec [ 41.169042][ T4292] hci_sync_conn_complete_evt+0x4f0/0x9b0 [ 41.170623][ T4292] hci_event_packet+0x744/0x109c [ 41.172091][ T4292] hci_rx_work+0x310/0xa84 [ 41.173404][ T4292] process_one_work+0x804/0x1484 [ 41.174843][ T4292] worker_thread+0x8e4/0xfec [ 41.176168][ T4292] kthread+0x250/0x2d8 [ 41.177341][ T4292] ret_from_fork+0x10/0x20 [ 41.178643][ T4292] [ 41.178643][ T4292] -> #1 (&conn->lock#2){+.+.}-{2:2}: [ 41.180604][ T4292] _raw_spin_lock+0x54/0x6c [ 41.181902][ T4292] sco_conn_del+0x1c4/0x4ac [ 41.183303][ T4292] sco_disconn_cfm+0x38/0x70 [ 41.184754][ T4292] hci_conn_hash_flush+0x194/0x330 [ 41.186188][ T4292] hci_dev_close_sync+0x7e0/0xf1c [ 41.187671][ T4292] hci_unregister_dev+0x200/0x4c4 [ 41.189167][ T4292] vhci_release+0x7c/0xcc [ 41.190629][ T4292] __fput+0x1c8/0x7c8 [ 41.191904][ T4292] ____fput+0x20/0x30 [ 41.193109][ T4292] task_work_run+0x240/0x2f0 [ 41.194532][ T4292] do_exit+0x550/0x1a84 [ 41.195806][ T4292] do_group_exit+0x194/0x22c [ 41.197167][ T4292] __wake_up_parent+0x0/0x60 [ 41.198529][ T4292] invoke_syscall+0x98/0x2bc [ 41.199815][ T4292] el0_svc_common+0x138/0x258 [ 41.201182][ T4292] do_el0_svc+0x58/0x13c [ 41.202454][ T4292] el0_svc+0x58/0x168 [ 41.203644][ T4292] el0t_64_sync_handler+0x84/0xf0 [ 41.205059][ T4292] el0t_64_sync+0x18c/0x190 [ 41.206425][ T4292] [ 41.206425][ T4292] -> #0 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}: [ 41.208608][ T4292] __lock_acquire+0x3338/0x7680 [ 41.210091][ T4292] lock_acquire+0x26c/0x7cc [ 41.211377][ T4292] lock_sock_nested+0x78/0x138 [ 41.212734][ T4292] bt_accept_dequeue+0xe8/0x530 [ 41.214095][ T4292] __sco_sock_close+0xfc/0x7b0 [ 41.215513][ T4292] sco_sock_release+0xb4/0x2c0 [ 41.216928][ T4292] sock_close+0xb8/0x1fc [ 41.218162][ T4292] __fput+0x1c8/0x7c8 [ 41.219291][ T4292] ____fput+0x20/0x30 [ 41.220525][ T4292] task_work_run+0x240/0x2f0 [ 41.221858][ T4292] do_exit+0x550/0x1a84 [ 41.222984][ T4292] do_group_exit+0x194/0x22c [ 41.224358][ T4292] __wake_up_parent+0x0/0x60 [ 41.225746][ T4292] invoke_syscall+0x98/0x2bc [ 41.227109][ T4292] el0_svc_common+0x138/0x258 [ 41.228401][ T4292] do_el0_svc+0x58/0x13c [ 41.229626][ T4292] el0_svc+0x58/0x168 [ 41.230867][ T4292] el0t_64_sync_handler+0x84/0xf0 [ 41.232354][ T4292] el0t_64_sync+0x18c/0x190 [ 41.233664][ T4292] [ 41.233664][ T4292] other info that might help us debug this: [ 41.233664][ T4292] [ 41.236387][ T4292] Chain exists of: [ 41.236387][ T4292] sk_lock-AF_BLUETOOTH --> &conn->lock#2 --> sk_lock-AF_BLUETOOTH-BTPROTO_SCO [ 41.236387][ T4292] [ 41.240164][ T4292] Possible unsafe locking scenario: [ 41.240164][ T4292] [ 41.242146][ T4292] CPU0 CPU1 [ 41.243601][ T4292] ---- ---- [ 41.245030][ T4292] lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); [ 41.246471][ T4292] lock(&conn->lock#2); [ 41.248255][ T4292] lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); [ 41.250430][ T4292] lock(sk_lock-AF_BLUETOOTH); [ 41.251627][ T4292] [ 41.251627][ T4292] *** DEADLOCK *** [ 41.251627][ T4292] [ 41.253886][ T4292] 2 locks held by syz-executor382/4292: [ 41.255355][ T4292] #0: ffff0000e23ba610 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x80/0x1fc [ 41.258202][ T4292] #1: ffff0000cfe85130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_sock_release+0x60/0x2c0 [ 41.261156][ T4292] [ 41.261156][ T4292] stack backtrace: [ 41.262615][ T4292] CPU: 1 PID: 4292 Comm: syz-executor382 Tainted: G W 6.1.129-syzkaller #0 [ 41.265224][ T4292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 41.267907][ T4292] Call trace: [ 41.268759][ T4292] dump_backtrace+0x1c8/0x1f4 [ 41.270024][ T4292] show_stack+0x2c/0x3c [ 41.271197][ T4292] dump_stack_lvl+0x108/0x170 [ 41.272412][ T4292] dump_stack+0x1c/0x58 [ 41.273510][ T4292] print_circular_bug+0x150/0x1b8 [ 41.274871][ T4292] check_noncircular+0x2cc/0x378 [ 41.276195][ T4292] __lock_acquire+0x3338/0x7680 [ 41.277449][ T4292] lock_acquire+0x26c/0x7cc [ 41.278723][ T4292] lock_sock_nested+0x78/0x138 [ 41.279989][ T4292] bt_accept_dequeue+0xe8/0x530 [ 41.281234][ T4292] __sco_sock_close+0xfc/0x7b0 [ 41.282413][ T4292] sco_sock_release+0xb4/0x2c0 [ 41.283696][ T4292] sock_close+0xb8/0x1fc [ 41.284785][ T4292] __fput+0x1c8/0x7c8 [ 41.285818][ T4292] ____fput+0x20/0x30 [ 41.286867][ T4292] task_work_run+0x240/0x2f0 [ 41.287982][ T4292] do_exit+0x550/0x1a84 [ 41.289036][ T4292] do_group_exit+0x194/0x22c [ 41.290273][ T4292] __wake_up_parent+0x0/0x60 [ 41.291479][ T4292] invoke_syscall+0x98/0x2bc [ 41.292759][ T4292] el0_svc_common+0x138/0x258 [ 41.293939][ T4292] do_el0_svc+0x58/0x13c [ 41.295096][ T4292] el0_svc+0x58/0x168 [ 41.296151][ T4292] el0t_64_sync_handler+0x84/0xf0 [ 41.297438][ T4292] el0t_64_sync+0x18c/0x190