[   75.781027][    T7] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts.
2023/01/15 21:58:57 ignoring optional flag "sandboxArg"="0"
2023/01/15 21:58:57 parsed 1 programs
2023/01/15 21:58:57 executed programs: 0
[   77.054708][ T5516] cgroup: Unknown subsys name 'net'
[   77.064368][ T5516] cgroup: Unknown subsys name 'rlimit'
[   78.185982][ T4384] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.193679][ T4384] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.201841][ T4384] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.210968][ T4384] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.218600][ T4384] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   78.227065][ T4384] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.292275][ T5520] chnl_net:caif_netlink_parms(): no params data found
[   78.327359][ T5520] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.334737][ T5520] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.342537][ T5520] device bridge_slave_0 entered promiscuous mode
[   78.350837][ T5520] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.357939][ T5520] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.366258][ T5520] device bridge_slave_1 entered promiscuous mode
[   78.384455][ T5520] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.395225][ T5520] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.416328][ T5520] team0: Port device team_slave_0 added
[   78.423709][ T5520] team0: Port device team_slave_1 added
[   78.439541][ T5520] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.446483][ T5520] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.472579][ T5520] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.484443][ T5520] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.491644][ T5520] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.519162][ T5520] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.543190][ T5520] device hsr_slave_0 entered promiscuous mode
[   78.550271][ T5520] device hsr_slave_1 entered promiscuous mode
[   78.603850][ T5520] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.610975][ T5520] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.618243][ T5520] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.625455][ T5520] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.660711][ T5520] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.674913][ T5520] 8021q: adding VLAN 0 to HW filter on device team0
[   78.682662][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   78.691408][   T22] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.698757][   T22] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.708041][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   78.720968][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   78.729310][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.736436][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.746978][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   78.755631][ T5074] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.762915][ T5074] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.779098][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   78.793224][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   78.803735][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   78.815029][ T5520] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   78.829617][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   78.837286][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   78.847828][ T5520] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.160680][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   79.175065][ T5520] device veth0_vlan entered promiscuous mode
[   79.181993][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   79.191736][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   79.199508][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   79.210075][ T5520] device veth1_vlan entered promiscuous mode
[   79.227627][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   79.235789][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   79.244411][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   79.255547][ T5520] device veth0_macvtap entered promiscuous mode
[   79.264355][ T5520] device veth1_macvtap entered promiscuous mode
[   79.278659][ T5520] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.287453][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   79.296899][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   79.307572][ T5520] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.315544][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   79.324434][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   79.369092][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.385864][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.397985][ T1174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.398964][  T896] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   79.410499][ T1174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.423094][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   80.270257][   T48] Bluetooth: hci0: command 0x0409 tx timeout
[   80.287634][ T5540] 
[   80.289977][ T5540] ======================================================
[   80.297597][ T5540] WARNING: possible circular locking dependency detected
[   80.304600][ T5540] 6.2.0-rc4-syzkaller-00390-g5dc4c995db9e #0 Not tainted
[   80.311600][ T5540] ------------------------------------------------------
[   80.318595][ T5540] syz-executor.0/5540 is trying to acquire lock:
[   80.325417][ T5540] ffff88807a6aa130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x6d/0x3a0
[   80.336881][ T5540] 
[   80.336881][ T5540] but task is already holding lock:
[   80.344227][ T5540] ffff888071668928 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x15d/0x890
[   80.353080][ T5540] 
[   80.353080][ T5540] which lock already depends on the new lock.
[   80.353080][ T5540] 
[   80.363465][ T5540] 
[   80.363465][ T5540] the existing dependency chain (in reverse order) is:
[   80.372551][ T5540] 
[   80.372551][ T5540] -> #2 (&d->lock){+.+.}-{3:3}:
[   80.380092][ T5540]        __mutex_lock+0x12f/0x1360
[   80.385198][ T5540]        __rfcomm_dlc_close+0x15d/0x890
[   80.390740][ T5540]        rfcomm_dlc_close+0x1e9/0x240
[   80.396205][ T5540]        __rfcomm_sock_close+0x13c/0x250
[   80.401844][ T5540]        rfcomm_sock_shutdown+0xd8/0x230
[   80.407464][ T5540]        rfcomm_sock_release+0x68/0x140
[   80.413010][ T5540]        __sock_release+0xcd/0x280
[   80.418116][ T5540]        sock_close+0x1c/0x20
[   80.422788][ T5540]        __fput+0x27c/0xa90
[   80.427279][ T5540]        task_work_run+0x16f/0x270
[   80.432379][ T5540]        get_signal+0x1c7/0x2450
[   80.437303][ T5540]        arch_do_signal_or_restart+0x79/0x5c0
[   80.443391][ T5540]        exit_to_user_mode_prepare+0x15f/0x250
[   80.449536][ T5540]        syscall_exit_to_user_mode+0x1d/0x50
[   80.455506][ T5540]        do_syscall_64+0x46/0xb0
[   80.460440][ T5540]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   80.466847][ T5540] 
[   80.466847][ T5540] -> #1 (rfcomm_mutex){+.+.}-{3:3}:
[   80.474227][ T5540]        __mutex_lock+0x12f/0x1360
[   80.479332][ T5540]        rfcomm_dlc_open+0x93/0xa80
[   80.484521][ T5540]        rfcomm_sock_connect+0x329/0x450
[   80.490147][ T5540]        __sys_connect_file+0x153/0x1a0
[   80.495685][ T5540]        __sys_connect+0x165/0x1a0
[   80.500796][ T5540]        __x64_sys_connect+0x73/0xb0
[   80.506164][ T5540]        do_syscall_64+0x39/0xb0
[   80.511096][ T5540]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   80.517518][ T5540] 
[   80.517518][ T5540] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}:
[   80.527075][ T5540]        __lock_acquire+0x2a43/0x56d0
[   80.532443][ T5540]        lock_acquire+0x1e3/0x630
[   80.537454][ T5540]        lock_sock_nested+0x3a/0xf0
[   80.542643][ T5540]        rfcomm_sk_state_change+0x6d/0x3a0
[   80.548527][ T5540]        __rfcomm_dlc_close+0x1b1/0x890
[   80.554165][ T5540]        rfcomm_dlc_close+0x1e9/0x240
[   80.559549][ T5540]        __rfcomm_sock_close+0x13c/0x250
[   80.565176][ T5540]        rfcomm_sock_shutdown+0xd8/0x230
[   80.570816][ T5540]        rfcomm_sock_release+0x68/0x140
[   80.576352][ T5540]        __sock_release+0xcd/0x280
[   80.581453][ T5540]        sock_close+0x1c/0x20
[   80.586117][ T5540]        __fput+0x27c/0xa90
[   80.590616][ T5540]        task_work_run+0x16f/0x270
[   80.595740][ T5540]        get_signal+0x1c7/0x2450
[   80.600669][ T5540]        arch_do_signal_or_restart+0x79/0x5c0
[   80.606726][ T5540]        exit_to_user_mode_prepare+0x15f/0x250
[   80.612869][ T5540]        syscall_exit_to_user_mode+0x1d/0x50
[   80.619012][ T5540]        do_syscall_64+0x46/0xb0
[   80.624113][ T5540]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   80.630525][ T5540] 
[   80.630525][ T5540] other info that might help us debug this:
[   80.630525][ T5540] 
[   80.640927][ T5540] Chain exists of:
[   80.640927][ T5540]   sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock
[   80.640927][ T5540] 
[   80.654816][ T5540]  Possible unsafe locking scenario:
[   80.654816][ T5540] 
[   80.662359][ T5540]        CPU0                    CPU1
[   80.667706][ T5540]        ----                    ----
[   80.673139][ T5540]   lock(&d->lock);
[   80.676935][ T5540]                                lock(rfcomm_mutex);
[   80.683610][ T5540]                                lock(&d->lock);
[   80.689927][ T5540]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM);
[   80.696160][ T5540] 
[   80.696160][ T5540]  *** DEADLOCK ***
[   80.696160][ T5540] 
[   80.704286][ T5540] 3 locks held by syz-executor.0/5540:
[   80.709727][ T5540]  #0: ffff888071a42c10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   80.720260][ T5540]  #1: ffffffff8e313a08 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x33/0x240
[   80.729659][ T5540]  #2: ffff888071668928 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x15d/0x890
[   80.738961][ T5540] 
[   80.738961][ T5540] stack backtrace:
[   80.744829][ T5540] CPU: 1 PID: 5540 Comm: syz-executor.0 Not tainted 6.2.0-rc4-syzkaller-00390-g5dc4c995db9e #0
[   80.755139][ T5540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   80.765179][ T5540] Call Trace:
[   80.768443][ T5540]  <TASK>
[   80.771375][ T5540]  dump_stack_lvl+0xd1/0x138
[   80.776133][ T5540]  check_noncircular+0x25f/0x2e0
[   80.781077][ T5540]  ? __lock_acquire+0x2567/0x56d0
[   80.786100][ T5540]  ? print_circular_bug+0x1e0/0x1e0
[   80.791294][ T5540]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   80.797348][ T5540]  __lock_acquire+0x2a43/0x56d0
[   80.802190][ T5540]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   80.808159][ T5540]  lock_acquire+0x1e3/0x630
[   80.812647][ T5540]  ? rfcomm_sk_state_change+0x6d/0x3a0
[   80.818100][ T5540]  ? lock_release+0x810/0x810
[   80.825372][ T5540]  ? __rfcomm_dlc_close+0x15d/0x890
[   80.830563][ T5540]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[   80.836358][ T5540]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   80.841913][ T5540]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[   80.847710][ T5540]  ? __timer_delete+0xe8/0x1b0
[   80.852488][ T5540]  lock_sock_nested+0x3a/0xf0
[   80.857163][ T5540]  ? rfcomm_sk_state_change+0x6d/0x3a0
[   80.862614][ T5540]  rfcomm_sk_state_change+0x6d/0x3a0
[   80.868497][ T5540]  __rfcomm_dlc_close+0x1b1/0x890
[   80.873515][ T5540]  rfcomm_dlc_close+0x1e9/0x240
[   80.878355][ T5540]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   80.884247][ T5540]  __rfcomm_sock_close+0x13c/0x250
[   80.889459][ T5540]  ? lockdep_hardirqs_on+0x7d/0x100
[   80.894654][ T5540]  rfcomm_sock_shutdown+0xd8/0x230
[   80.899760][ T5540]  rfcomm_sock_release+0x68/0x140
[   80.904782][ T5540]  __sock_release+0xcd/0x280
[   80.909373][ T5540]  sock_close+0x1c/0x20
[   80.913524][ T5540]  __fput+0x27c/0xa90
[   80.917497][ T5540]  ? __sock_release+0x280/0x280
[   80.922346][ T5540]  task_work_run+0x16f/0x270
[   80.926932][ T5540]  ? task_work_cancel+0x30/0x30
[   80.931864][ T5540]  ? rfcomm_sock_connect+0x159/0x450
[   80.937171][ T5540]  get_signal+0x1c7/0x2450
[   80.941579][ T5540]  ? task_work_func_match+0x40/0x40
[   80.946775][ T5540]  ? exit_signals+0x8b0/0x8b0
[   80.951442][ T5540]  ? rfcomm_sock_connect+0x15e/0x450
[   80.956721][ T5540]  arch_do_signal_or_restart+0x79/0x5c0
[   80.962259][ T5540]  ? get_sigframe_size+0x10/0x10
[   80.967186][ T5540]  exit_to_user_mode_prepare+0x15f/0x250
[   80.972918][ T5540]  syscall_exit_to_user_mode+0x1d/0x50
[   80.978370][ T5540]  do_syscall_64+0x46/0xb0
[   80.982779][ T5540]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   80.988663][ T5540] RIP: 0033:0x7fa0eb489049
[   80.993064][ T5540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   81.012657][ T5540] RSP: 002b:00007fa0ec54a168 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   81.021143][ T5540] RAX: fffffffffffffffc RBX: 00007fa0eb59bf60 RCX: 00007fa0eb489049
[   81.029103][ T5540] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004
[   81.037232][ T5540] RBP: 00007fa0eb4e308d R08: 0000000000000000 R09: 0000000000000000
[   81.045193][ T5540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   81.053150][ T5540] R13: 00007ffe0ca35dff R14: 00007fa0ec54a300 R15: 0000000000022000
[   81.061112][ T5540]  </TASK>
[   82.339525][   T48] Bluetooth: hci0: command 0x041b tx timeout
2023/01/15 21:59:03 executed programs: 3
[   84.419433][   T48] Bluetooth: hci0: command 0x040f tx timeout
[   86.499413][   T48] Bluetooth: hci0: command 0x0419 tx timeout
2023/01/15 21:59:08 executed programs: 9
[   88.579468][   T48] Bluetooth: hci0: command 0x0405 tx timeout