Warning: Permanently added '10.128.0.81' (ED25519) to the list of known hosts.
2024/05/13 12:27:00 ignoring optional flag "sandboxArg"="0"
2024/05/13 12:27:00 parsed 1 programs
[  289.167594][ T3527] cgroup: Unknown subsys name 'net'
[  289.271380][ T3527] cgroup: Unknown subsys name 'rlimit'
2024/05/13 12:27:01 executed programs: 0
[  290.672730][ T3527] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[  290.851926][ T3535] chnl_net:caif_netlink_parms(): no params data found
[  290.901725][ T3535] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.909506][ T3535] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.917767][ T3535] device bridge_slave_0 entered promiscuous mode
[  290.927573][ T3535] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.934768][ T3535] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.942536][ T3535] device bridge_slave_1 entered promiscuous mode
[  290.966183][ T3535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  290.977791][ T3535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  291.002272][ T3535] team0: Port device team_slave_0 added
[  291.010045][ T3535] team0: Port device team_slave_1 added
[  291.029598][ T3535] batman_adv: batadv0: Adding interface: batadv_slave_0
[  291.036607][ T3535] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  291.063347][ T3535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  291.076867][ T3535] batman_adv: batadv0: Adding interface: batadv_slave_1
[  291.083809][ T3535] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  291.110378][ T3535] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  291.143168][ T3535] device hsr_slave_0 entered promiscuous mode
[  291.150168][ T3535] device hsr_slave_1 entered promiscuous mode
[  291.245903][ T3535] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  291.256576][ T3535] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  291.266745][ T3535] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  291.276018][ T3535] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  291.298513][ T3535] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.305851][ T3535] bridge0: port 2(bridge_slave_1) entered forwarding state
[  291.313735][ T3535] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.320854][ T3535] bridge0: port 1(bridge_slave_0) entered forwarding state
[  291.369345][ T3535] 8021q: adding VLAN 0 to HW filter on device bond0
[  291.381897][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  291.392092][   T25] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.401468][   T25] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.410130][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  291.423612][ T3535] 8021q: adding VLAN 0 to HW filter on device team0
[  291.435916][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  291.444413][ T3544] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.451474][ T3544] bridge0: port 1(bridge_slave_0) entered forwarding state
[  291.474822][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  291.483308][ T3544] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.490416][ T3544] bridge0: port 2(bridge_slave_1) entered forwarding state
[  291.499088][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  291.508432][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  291.517978][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  291.528523][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  291.541806][ T3535] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  291.553338][ T3535] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  291.561731][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  291.637625][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  291.646222][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  291.656729][ T3535] 8021q: adding VLAN 0 to HW filter on device batadv0
[  291.676172][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  291.696476][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  291.705352][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  291.713038][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  291.723241][ T3535] device veth0_vlan entered promiscuous mode
[  291.736072][ T3535] device veth1_vlan entered promiscuous mode
[  291.758317][ T3546] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  291.766500][ T3546] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  291.775245][ T3546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  291.787149][ T3535] device veth0_macvtap entered promiscuous mode
[  291.796384][ T3535] device veth1_macvtap entered promiscuous mode
[  291.812290][ T3535] batman_adv: batadv0: Interface activated: batadv_slave_0
[  291.821310][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  291.831190][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  291.842736][ T3535] batman_adv: batadv0: Interface activated: batadv_slave_1
[  291.851383][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  291.859956][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  291.871399][ T3535] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  291.880790][ T3535] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  291.890939][ T3535] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  291.900402][ T3535] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  291.967374][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  291.978626][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  291.990630][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  292.003353][  T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  292.012330][  T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  292.021834][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  292.786064][   T25] Bluetooth: hci0: command 0x0409 tx timeout
[  294.864661][ T3546] Bluetooth: hci0: command 0x041b tx timeout
[  296.954751][ T3544] Bluetooth: hci0: command 0x040f tx timeout
[  299.024214][ T3544] Bluetooth: hci0: command 0x0419 tx timeout
[  301.114243][ T3544] Bluetooth: hci0: command 0x0405 tx timeout
[  317.026500][ T1377] ieee802154 phy0 wpan0: encryption failed: -22
[  317.032952][ T1377] ieee802154 phy1 wpan1: encryption failed: -22
2024/05/13 12:27:33 executed programs: 1
[  322.253245][ T3557] chnl_net:caif_netlink_parms(): no params data found
[  322.319378][ T3557] bridge0: port 1(bridge_slave_0) entered blocking state
[  322.326669][ T3557] bridge0: port 1(bridge_slave_0) entered disabled state
[  322.335120][ T3557] device bridge_slave_0 entered promiscuous mode
[  322.343722][ T3557] bridge0: port 2(bridge_slave_1) entered blocking state
[  322.350944][ T3557] bridge0: port 2(bridge_slave_1) entered disabled state
[  322.359280][ T3557] device bridge_slave_1 entered promiscuous mode
[  322.386342][ T3557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  322.398521][ T3557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  322.428920][ T3557] team0: Port device team_slave_0 added
[  322.437588][ T3557] team0: Port device team_slave_1 added
[  322.462107][ T3557] batman_adv: batadv0: Adding interface: batadv_slave_0
[  322.469244][ T3557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  322.495770][ T3557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  322.508402][ T3557] batman_adv: batadv0: Adding interface: batadv_slave_1
[  322.515441][ T3557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  322.541501][ T3557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  322.581178][ T3557] device hsr_slave_0 entered promiscuous mode
[  322.588797][ T3557] device hsr_slave_1 entered promiscuous mode
[  322.596246][ T3557] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  322.604210][ T3557] Cannot create hsr debugfs directory
[  322.713194][ T3557] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  322.802804][ T3557] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  322.871778][ T3557] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  322.940576][ T3557] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  323.010447][ T3557] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  323.020696][ T3557] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  323.030105][ T3557] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  323.039583][ T3557] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  323.059421][ T3557] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.066536][ T3557] bridge0: port 2(bridge_slave_1) entered forwarding state
[  323.073940][ T3557] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.081051][ T3557] bridge0: port 1(bridge_slave_0) entered forwarding state
[  323.127323][ T3557] 8021q: adding VLAN 0 to HW filter on device bond0
[  323.141259][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  323.150329][ T3544] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.158713][ T3544] bridge0: port 2(bridge_slave_1) entered disabled state
[  323.167112][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  323.180123][ T3557] 8021q: adding VLAN 0 to HW filter on device team0
[  323.190874][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  323.200023][ T3544] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.207117][ T3544] bridge0: port 1(bridge_slave_0) entered forwarding state
[  323.218120][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  323.228294][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  323.237134][ T1291] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.244308][ T1291] bridge0: port 2(bridge_slave_1) entered forwarding state
[  323.265521][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  323.275279][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  323.284558][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  323.294309][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  323.302977][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  323.312082][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  323.321310][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  323.330026][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  323.342139][ T3557] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  323.355744][ T3557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  323.363941][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  323.373933][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  323.382401][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  323.464658][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  323.472108][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  323.481534][ T3557] 8021q: adding VLAN 0 to HW filter on device batadv0
[  323.502048][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  323.510830][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  323.531131][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  323.540994][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  323.550310][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  323.560257][ T1291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  323.570576][ T3557] device veth0_vlan entered promiscuous mode
[  323.581957][ T3557] device veth1_vlan entered promiscuous mode
[  323.600921][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  323.609028][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  323.617414][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  323.626514][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  323.638458][ T3557] device veth0_macvtap entered promiscuous mode
[  323.648681][ T3557] device veth1_macvtap entered promiscuous mode
[  323.664362][ T3557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.675328][ T3557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.688656][ T3557] batman_adv: batadv0: Interface activated: batadv_slave_0
[  323.696790][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  323.706665][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  323.714988][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  323.723530][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  323.736935][ T3557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.749165][ T3557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.760280][ T3557] batman_adv: batadv0: Interface activated: batadv_slave_1
[  323.771429][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  323.780298][ T3544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  323.793988][ T3557] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  323.802797][ T3557] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  323.812196][ T3557] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  323.821718][ T3557] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  323.879956][ T1177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  323.889924][ T1177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  323.901476][ T3545] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  323.920189][ T1177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  323.928528][ T1177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  323.938042][ T3545] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  324.144703][ T3545] Bluetooth: hci1: command 0x0409 tx timeout
[  326.224248][ T3545] Bluetooth: hci1: command 0x041b tx timeout
[  328.304430][ T3545] Bluetooth: hci1: command 0x040f tx timeout
[  330.384352][ T3545] Bluetooth: hci1: command 0x0419 tx timeout
[  332.399652][ T3553] 
[  332.402009][ T3553] ======================================================
[  332.409015][ T3553] WARNING: possible circular locking dependency detected
[  332.416036][ T3553] 5.15.158-syzkaller #0 Not tainted
[  332.421484][ T3553] ------------------------------------------------------
[  332.428485][ T3553] syz-executor.0/3553 is trying to acquire lock:
[  332.434886][ T3553] ffff8880795ee270 ((work_completion)(&(&conn->timeout_work)->work)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0
[  332.446546][ T3553] 
[  332.446546][ T3553] but task is already holding lock:
[  332.453890][ T3553] ffffffff8db30de8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220
[  332.463447][ T3553] 
[  332.463447][ T3553] which lock already depends on the new lock.
[  332.463447][ T3553] 
[  332.464218][   T21] Bluetooth: hci1: command 0x0405 tx timeout
[  332.474038][ T3553] 
[  332.474038][ T3553] the existing dependency chain (in reverse order) is:
[  332.474045][ T3553] 
[  332.474045][ T3553] -> #3 (hci_cb_list_lock){+.+.}-{3:3}:
[  332.474075][ T3553]        lock_acquire+0x1db/0x4f0
[  332.474096][ T3553]        __mutex_lock_common+0x1da/0x25a0
[  332.507523][ T3553]        mutex_lock_nested+0x17/0x20
[  332.512801][ T3553]        hci_remote_features_evt+0x52f/0xb50
[  332.518778][ T3553]        hci_event_packet+0x6fe/0x1550
[  332.524769][ T3553]        hci_rx_work+0x232/0x990
[  332.529707][ T3553]        process_one_work+0x8a1/0x10c0
[  332.535160][ T3553]        worker_thread+0xaca/0x1280
[  332.540351][ T3553]        kthread+0x3f6/0x4f0
[  332.544940][ T3553]        ret_from_fork+0x1f/0x30
[  332.549868][ T3553] 
[  332.549868][ T3553] -> #2 (&hdev->lock){+.+.}-{3:3}:
[  332.557154][ T3553]        lock_acquire+0x1db/0x4f0
[  332.562288][ T3553]        __mutex_lock_common+0x1da/0x25a0
[  332.568119][ T3553]        mutex_lock_nested+0x17/0x20
[  332.573393][ T3553]        sco_sock_connect+0x181/0x8e0
[  332.578936][ T3553]        __sys_connect+0x38b/0x410
[  332.584041][ T3553]        __x64_sys_connect+0x76/0x80
[  332.589327][ T3553]        do_syscall_64+0x3b/0xb0
[  332.594351][ T3553]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  332.600785][ T3553] 
[  332.600785][ T3553] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}:
[  332.609898][ T3553]        lock_acquire+0x1db/0x4f0
[  332.614913][ T3553]        lock_sock_nested+0x44/0x100
[  332.620201][ T3553]        sco_sock_timeout+0xbd/0x230
[  332.625475][ T3553]        process_one_work+0x8a1/0x10c0
[  332.630923][ T3553]        worker_thread+0xaca/0x1280
[  332.636116][ T3553]        kthread+0x3f6/0x4f0
[  332.640795][ T3553]        ret_from_fork+0x1f/0x30
[  332.645724][ T3553] 
[  332.645724][ T3553] -> #0 ((work_completion)(&(&conn->timeout_work)->work)){+.+.}-{0:0}:
[  332.656238][ T3553]        validate_chain+0x1649/0x5930
[  332.661605][ T3553]        __lock_acquire+0x1295/0x1ff0
[  332.666966][ T3553]        lock_acquire+0x1db/0x4f0
[  332.671978][ T3553]        __flush_work+0xeb/0x1a0
[  332.676909][ T3553]        __cancel_work_timer+0x519/0x6a0
[  332.682537][ T3553]        sco_conn_del+0x205/0x300
[  332.687549][ T3553]        hci_conn_hash_flush+0x10d/0x220
[  332.693168][ T3553]        hci_dev_do_close+0x9f6/0x1070
[  332.698625][ T3553]        hci_unregister_dev+0x2a7/0x550
[  332.704163][ T3553]        vhci_release+0x73/0xc0
[  332.709023][ T3553]        __fput+0x3bf/0x890
[  332.713541][ T3553]        task_work_run+0x129/0x1a0
[  332.718646][ T3553]        do_exit+0x6a3/0x2480
[  332.723349][ T3553]        do_group_exit+0x144/0x310
[  332.728624][ T3553]        get_signal+0xc66/0x14e0
[  332.733554][ T3553]        arch_do_signal_or_restart+0xc3/0x1890
[  332.739700][ T3553]        exit_to_user_mode_loop+0x97/0x130
[  332.745495][ T3553]        exit_to_user_mode_prepare+0xb1/0x140
[  332.751550][ T3553]        syscall_exit_to_user_mode+0x5d/0x240
[  332.757870][ T3553]        do_syscall_64+0x47/0xb0
[  332.762804][ T3553]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  332.769209][ T3553] 
[  332.769209][ T3553] other info that might help us debug this:
[  332.769209][ T3553] 
[  332.779439][ T3553] Chain exists of:
[  332.779439][ T3553]   (work_completion)(&(&conn->timeout_work)->work) --> &hdev->lock --> hci_cb_list_lock
[  332.779439][ T3553] 
[  332.795090][ T3553]  Possible unsafe locking scenario:
[  332.795090][ T3553] 
[  332.802527][ T3553]        CPU0                    CPU1
[  332.807876][ T3553]        ----                    ----
[  332.813226][ T3553]   lock(hci_cb_list_lock);
[  332.817738][ T3553]                                lock(&hdev->lock);
[  332.824327][ T3553]                                lock(hci_cb_list_lock);
[  332.831339][ T3553]   lock((work_completion)(&(&conn->timeout_work)->work));
[  332.838530][ T3553] 
[  332.838530][ T3553]  *** DEADLOCK ***
[  332.838530][ T3553] 
[  332.846672][ T3553] 3 locks held by syz-executor.0/3553:
[  332.852110][ T3553]  #0: ffff888014fb4ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070
[  332.861847][ T3553]  #1: ffff888014fb4078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070
[  332.871340][ T3553]  #2: ffffffff8db30de8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220
[  332.881349][ T3553] 
[  332.881349][ T3553] stack backtrace:
[  332.887241][ T3553] CPU: 0 PID: 3553 Comm: syz-executor.0 Not tainted 5.15.158-syzkaller #0
[  332.895738][ T3553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  332.905793][ T3553] Call Trace:
[  332.909157][ T3553]  <TASK>
[  332.912077][ T3553]  dump_stack_lvl+0x1e3/0x2d0
[  332.916837][ T3553]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  332.922476][ T3553]  ? print_circular_bug+0x12b/0x1a0
[  332.927693][ T3553]  check_noncircular+0x2f8/0x3b0
[  332.932636][ T3553]  ? add_chain_block+0x850/0x850
[  332.937594][ T3553]  ? lockdep_lock+0x11f/0x2a0
[  332.942298][ T3553]  validate_chain+0x1649/0x5930
[  332.947148][ T3553]  ? stack_trace_save+0x1c0/0x1c0
[  332.952169][ T3553]  ? reacquire_held_locks+0x660/0x660
[  332.957539][ T3553]  ? look_up_lock_class+0x77/0x120
[  332.962840][ T3553]  ? register_lock_class+0x100/0x9a0
[  332.968115][ T3553]  ? read_lock_is_recursive+0x10/0x10
[  332.973492][ T3553]  ? debug_object_assert_init+0x2bf/0x420
[  332.979204][ T3553]  ? do_raw_spin_lock+0x14a/0x370
[  332.984219][ T3553]  ? is_dynamic_key+0x1f0/0x1f0
[  332.989059][ T3553]  ? mark_lock+0x98/0x340
[  332.993375][ T3553]  __lock_acquire+0x1295/0x1ff0
[  332.998217][ T3553]  lock_acquire+0x1db/0x4f0
[  333.002836][ T3553]  ? __flush_work+0xcf/0x1a0
[  333.007433][ T3553]  ? read_lock_is_recursive+0x10/0x10
[  333.012820][ T3553]  ? mark_lock+0x98/0x340
[  333.017155][ T3553]  __flush_work+0xeb/0x1a0
[  333.021573][ T3553]  ? __flush_work+0xcf/0x1a0
[  333.026337][ T3553]  ? flush_work+0x20/0x20
[  333.030661][ T3553]  ? print_irqtrace_events+0x210/0x210
[  333.036121][ T3553]  ? __cancel_work_timer+0x467/0x6a0
[  333.041402][ T3553]  __cancel_work_timer+0x519/0x6a0
[  333.046514][ T3553]  ? cancel_work_sync+0x20/0x20
[  333.051352][ T3553]  ? __lock_acquire+0x1ff0/0x1ff0
[  333.056364][ T3553]  ? do_raw_spin_lock+0x14a/0x370
[  333.065986][ T3553]  ? do_raw_spin_unlock+0x137/0x8b0
[  333.071186][ T3553]  sco_conn_del+0x205/0x300
[  333.075690][ T3553]  ? sco_connect_cfm+0xad0/0xad0
[  333.080638][ T3553]  hci_conn_hash_flush+0x10d/0x220
[  333.085852][ T3553]  hci_dev_do_close+0x9f6/0x1070
[  333.090798][ T3553]  hci_unregister_dev+0x2a7/0x550
[  333.095818][ T3553]  vhci_release+0x73/0xc0
[  333.100143][ T3553]  ? vhci_open+0x290/0x290
[  333.104551][ T3553]  __fput+0x3bf/0x890
[  333.108544][ T3553]  task_work_run+0x129/0x1a0
[  333.113138][ T3553]  do_exit+0x6a3/0x2480
[  333.117307][ T3553]  ? put_task_struct+0x80/0x80
[  333.122083][ T3553]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  333.128068][ T3553]  do_group_exit+0x144/0x310
[  333.132664][ T3553]  ? lockdep_hardirqs_on+0x94/0x130
[  333.137871][ T3553]  get_signal+0xc66/0x14e0
[  333.142317][ T3553]  arch_do_signal_or_restart+0xc3/0x1890
[  333.148086][ T3553]  ? print_irqtrace_events+0x210/0x210
[  333.153550][ T3553]  ? kasan_quarantine_put+0xd4/0x220
[  333.158838][ T3553]  ? lockdep_hardirqs_on+0x94/0x130
[  333.164043][ T3553]  ? get_sigframe_size+0x10/0x10
[  333.169007][ T3553]  ? __se_sys_mount+0x378/0x3c0
[  333.173861][ T3553]  ? exit_to_user_mode_loop+0x39/0x130
[  333.179314][ T3553]  exit_to_user_mode_loop+0x97/0x130
[  333.184597][ T3553]  exit_to_user_mode_prepare+0xb1/0x140
[  333.190137][ T3553]  syscall_exit_to_user_mode+0x5d/0x240
[  333.195694][ T3553]  do_syscall_64+0x47/0xb0
[  333.200111][ T3553]  ? clear_bhb_loop+0x15/0x70
[  333.204788][ T3553]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  333.210671][ T3553] RIP: 0033:0x7f79d92bdd69
[  333.215075][ T3553] Code: Unable to access opcode bytes at RIP 0x7f79d92bdd3f.
[  333.222430][ T3553] RSP: 002b:00007f79d861d0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  333.230836][ T3553] RAX: fffffffffffffe00 RBX: 00007f79d93ec050 RCX: 00007f79d92bdd69
[  333.238800][ T3553] RDX: 0000000020000040 RSI: 0000000020000240 RDI: 0000000000000000
[  333.246765][ T3553] RBP: 00007f79d930a49e R08: 0000000020000000 R09: 0000000000000000
[  333.254735][ T3553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  333.262822][ T3553] R13: 000000000000006e R14: 00007f79d93ec050 R15: 00007ffdb6bc9e58
[  333.270798][ T3553]  </TASK>
[  334.005505][ T3574] device hsr_slave_0 left promiscuous mode
[  334.011662][ T3574] device hsr_slave_1 left promiscuous mode
[  334.018175][ T3574] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  334.025666][ T3574] batman_adv: batadv0: Removing interface: batadv_slave_0
[  334.033500][ T3574] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  334.040943][ T3574] batman_adv: batadv0: Removing interface: batadv_slave_1
[  334.049218][ T3574] device bridge_slave_1 left promiscuous mode
[  334.055513][ T3574] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.063473][ T3574] device bridge_slave_0 left promiscuous mode
[  334.069988][ T3574] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.080203][ T3574] device veth1_macvtap left promiscuous mode
[  334.086291][ T3574] device veth0_macvtap left promiscuous mode
[  334.092421][ T3574] device veth1_vlan left promiscuous mode
[  334.098601][ T3574] device veth0_vlan left promiscuous mode
[  334.191149][ T3574] team0 (unregistering): Port device team_slave_1 removed
[  334.202008][ T3574] team0 (unregistering): Port device team_slave_0 removed
[  334.213152][ T3574] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  334.226327][ T3574] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  334.267825][ T3574] bond0 (unregistering): Released all slaves