BUG: sleeping function called from invalid context in lock_sock_nested (3)
9 views
Skip to first unread message
syzbot
Jun 10, 2021, 4:33:21 PM6/10/21
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3d3abdc8 Linux 4.14.236
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10f7a4e0300000
kernel config: https://syzkaller.appspot.com/x/.config?x=e6e4259bddde8f24
dashboard link: https://syzkaller.appspot.com/bug?extid=0a12c5ce4f3771ea9d22
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0a12c5...@syzkaller.appspotmail.com
Bluetooth: hci0 command 0x0419 tx timeout
Bluetooth: hci1 command 0x0419 tx timeout
Bluetooth: hci2 command 0x0419 tx timeout
Bluetooth: hci3 command 0x0419 tx timeout
Bluetooth: hci4 command 0x0419 tx timeout
BUG: sleeping function called from invalid context at net/core/sock.c:2787
in_atomic(): 1, irqs_disabled(): 0, pid: 7980, name: syz-executor.3
1 lock held by syz-executor.3/7980:
#0: (hci_sk_list.lock){++++}, at: [<ffffffff86673c59>] hci_sock_dev_event+0x379/0x5e0 net/bluetooth/hci_sock.c:751
Preemption disabled at:
[< (null)>] (null)
CPU: 0 PID: 7980 Comm: syz-executor.3 Not tainted 4.14.236-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6038
lock_sock_nested+0x31/0x100 net/core/sock.c:2787
lock_sock include/net/sock.h:1471 [inline]
hci_sock_dev_event+0x403/0x5e0 net/bluetooth/hci_sock.c:753
hci_unregister_dev+0x232/0x8c0 net/bluetooth/hci_core.c:3212
vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354
__fput+0x25f/0x7a0 fs/file_table.c:210
task_work_run+0x11f/0x190 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0xa44/0x2850 kernel/exit.c:868
do_group_exit+0x100/0x2e0 kernel/exit.c:965
SYSC_exit_group kernel/exit.c:976 [inline]
SyS_exit_group+0x19/0x20 kernel/exit.c:974
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x4665d9
RSP: 002b:00007ffd1590b648 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007ffd1590be08 RCX: 00000000004665d9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffd1590be08
R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004bef54
R13: 0000000000000010 R14: 0000000000000000 R15: 00000000000000f8
IPVS: ftp: loaded support on port[0] = 21
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: Enslaving bond_slave_0 as an active interface with an up link
bond0: Enslaving bond_slave_1 as an active interface with an up link
IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
team0: Port device team_slave_0 added
IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 2(bridge_slave_1) entered disabled state
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
device veth0_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
device veth1_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
device veth1_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
WARNING: can't dereference registers at 00000000000000a6 for ip entry_SYSCALL_64_after_hwframe+0x46/0xbb
Bluetooth: hci5 command 0x0409 tx timeout
syz-executor.5 uses obsolete (PF_INET,SOCK_PACKET)
hrtimer: interrupt took 32532 ns
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
md: could not open unknown-block(0,0).
md: md_import_device returned -6
: renamed from syzkaller1
Bluetooth: hci5 command 0x041b tx timeout
netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'.
overlayfs: unrecognized mount option "xino=on" or missing value
overlayfs: unrecognized mount option "xino=on" or missing value
Bluetooth: hci5 command 0x040f tx timeout
F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
F2FS-fs (loop3): invalid crc value
F2FS-fs (loop3): SIT is corrupted node# 0 vs 7
F2FS-fs (loop3): Failed to initialize F2FS segment manager
F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
F2FS-fs (loop3): invalid crc value
F2FS-fs (loop3): SIT is corrupted node# 0 vs 7
F2FS-fs (loop3): Failed to initialize F2FS segment manager
UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
md: md0 has zero or unknown size, marking faulty!
UDF-fs: Scanning with blocksize 4096 failed
md: md_import_device returned -22
md: md0 has zero or unknown size, marking faulty!
audit: type=1326 audit(1623357194.407:2): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10175 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x40000000
md: md_import_device returned -22
UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3d3abdc8 Linux 4.14.236
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10f7a4e0300000
kernel config: https://syzkaller.appspot.com/x/.config?x=e6e4259bddde8f24
dashboard link: https://syzkaller.appspot.com/bug?extid=0a12c5ce4f3771ea9d22
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0a12c5...@syzkaller.appspotmail.com
Bluetooth: hci0 command 0x0419 tx timeout
Bluetooth: hci1 command 0x0419 tx timeout
Bluetooth: hci2 command 0x0419 tx timeout
Bluetooth: hci3 command 0x0419 tx timeout
Bluetooth: hci4 command 0x0419 tx timeout
BUG: sleeping function called from invalid context at net/core/sock.c:2787
in_atomic(): 1, irqs_disabled(): 0, pid: 7980, name: syz-executor.3
1 lock held by syz-executor.3/7980:
#0: (hci_sk_list.lock){++++}, at: [<ffffffff86673c59>] hci_sock_dev_event+0x379/0x5e0 net/bluetooth/hci_sock.c:751
Preemption disabled at:
[< (null)>] (null)
CPU: 0 PID: 7980 Comm: syz-executor.3 Not tainted 4.14.236-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6038
lock_sock_nested+0x31/0x100 net/core/sock.c:2787
lock_sock include/net/sock.h:1471 [inline]
hci_sock_dev_event+0x403/0x5e0 net/bluetooth/hci_sock.c:753
hci_unregister_dev+0x232/0x8c0 net/bluetooth/hci_core.c:3212
vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354
__fput+0x25f/0x7a0 fs/file_table.c:210
task_work_run+0x11f/0x190 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0xa44/0x2850 kernel/exit.c:868
do_group_exit+0x100/0x2e0 kernel/exit.c:965
SYSC_exit_group kernel/exit.c:976 [inline]
SyS_exit_group+0x19/0x20 kernel/exit.c:974
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x4665d9
RSP: 002b:00007ffd1590b648 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007ffd1590be08 RCX: 00000000004665d9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffd1590be08
R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004bef54
R13: 0000000000000010 R14: 0000000000000000 R15: 00000000000000f8
IPVS: ftp: loaded support on port[0] = 21
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: Enslaving bond_slave_0 as an active interface with an up link
bond0: Enslaving bond_slave_1 as an active interface with an up link
IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
team0: Port device team_slave_0 added
IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 2(bridge_slave_1) entered disabled state
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
device veth0_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
device veth1_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
device veth1_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
WARNING: can't dereference registers at 00000000000000a6 for ip entry_SYSCALL_64_after_hwframe+0x46/0xbb
Bluetooth: hci5 command 0x0409 tx timeout
syz-executor.5 uses obsolete (PF_INET,SOCK_PACKET)
hrtimer: interrupt took 32532 ns
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
: renamed from syzkaller1
md: could not open unknown-block(0,0).
md: md_import_device returned -6
: renamed from syzkaller1
Bluetooth: hci5 command 0x041b tx timeout
netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'.
overlayfs: unrecognized mount option "xino=on" or missing value
overlayfs: unrecognized mount option "xino=on" or missing value
Bluetooth: hci5 command 0x040f tx timeout
F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
F2FS-fs (loop3): invalid crc value
F2FS-fs (loop3): SIT is corrupted node# 0 vs 7
F2FS-fs (loop3): Failed to initialize F2FS segment manager
F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
F2FS-fs (loop3): invalid crc value
F2FS-fs (loop3): SIT is corrupted node# 0 vs 7
F2FS-fs (loop3): Failed to initialize F2FS segment manager
UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
md: md0 has zero or unknown size, marking faulty!
UDF-fs: Scanning with blocksize 4096 failed
md: md_import_device returned -22
md: md0 has zero or unknown size, marking faulty!
audit: type=1326 audit(1623357194.407:2): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10175 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x40000000
md: md_import_device returned -22
UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jun 13, 2021, 10:08:25 PM6/13/21
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 3d3abdc8 Linux 4.14.236
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=104d5268300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0a12c5...@syzkaller.appspotmail.com
1 lock held by syz-executor.5/7985:
RAX: ffffffffffffffda RBX: 00007ffe0a07ef38 RCX: 00000000004665d9
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
HEAD commit: 3d3abdc8 Linux 4.14.236
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=e6e4259bddde8f24
dashboard link: https://syzkaller.appspot.com/bug?extid=0a12c5ce4f3771ea9d22
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1758ed88300000
dashboard link: https://syzkaller.appspot.com/bug?extid=0a12c5ce4f3771ea9d22
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0a12c5...@syzkaller.appspotmail.com
Bluetooth: hci3 command 0x0419 tx timeout
Bluetooth: hci1 command 0x0419 tx timeout
Bluetooth: hci2 command 0x0419 tx timeout
Bluetooth: hci4 command 0x0419 tx timeout
Bluetooth: hci1 command 0x0419 tx timeout
Bluetooth: hci2 command 0x0419 tx timeout
Bluetooth: hci4 command 0x0419 tx timeout
Bluetooth: hci0 command 0x0419 tx timeout
BUG: sleeping function called from invalid context at net/core/sock.c:2787
in_atomic(): 1, irqs_disabled(): 0, pid: 7985, name: syz-executor.5
1 lock held by syz-executor.5/7985:
#0: (hci_sk_list.lock){++++}, at: [<ffffffff86673c59>] hci_sock_dev_event+0x379/0x5e0 net/bluetooth/hci_sock.c:751
Preemption disabled at:
[< (null)>] (null)
CPU: 1 PID: 7985 Comm: syz-executor.5 Not tainted 4.14.236-syzkaller #0
Preemption disabled at:
[< (null)>] (null)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6038
lock_sock_nested+0x31/0x100 net/core/sock.c:2787
lock_sock include/net/sock.h:1471 [inline]
hci_sock_dev_event+0x403/0x5e0 net/bluetooth/hci_sock.c:753
hci_unregister_dev+0x232/0x8c0 net/bluetooth/hci_core.c:3212
vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354
__fput+0x25f/0x7a0 fs/file_table.c:210
task_work_run+0x11f/0x190 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0xa44/0x2850 kernel/exit.c:868
do_group_exit+0x100/0x2e0 kernel/exit.c:965
SYSC_exit_group kernel/exit.c:976 [inline]
SyS_exit_group+0x19/0x20 kernel/exit.c:974
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x4665d9
RSP: 002b:00007ffe0a07e778 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6038
lock_sock_nested+0x31/0x100 net/core/sock.c:2787
lock_sock include/net/sock.h:1471 [inline]
hci_sock_dev_event+0x403/0x5e0 net/bluetooth/hci_sock.c:753
hci_unregister_dev+0x232/0x8c0 net/bluetooth/hci_core.c:3212
vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354
__fput+0x25f/0x7a0 fs/file_table.c:210
task_work_run+0x11f/0x190 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0xa44/0x2850 kernel/exit.c:868
do_group_exit+0x100/0x2e0 kernel/exit.c:965
SYSC_exit_group kernel/exit.c:976 [inline]
SyS_exit_group+0x19/0x20 kernel/exit.c:974
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x4665d9
RAX: ffffffffffffffda RBX: 00007ffe0a07ef38 RCX: 00000000004665d9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffe0a07ef38
R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004bef54
R13: 0000000000000010 R14: 0000000000000000 R15: 0000000000400538
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
device veth0_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
Bluetooth: hci5 command 0x0409 tx timeout
Bluetooth: hci5 command 0x041b tx timeout
Reply all
Reply to author
Forward
0 new messages