Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts.
2023/01/15 18:38:15 ignoring optional flag "sandboxArg"="0"
2023/01/15 18:38:15 parsed 1 programs
2023/01/15 18:38:15 executed programs: 0
[   73.552932][ T5515] cgroup: Unknown subsys name 'net'
[   73.562965][ T5515] cgroup: Unknown subsys name 'rlimit'
[   74.680888][ T5067] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   74.689265][ T5067] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   74.697012][ T5067] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   74.704993][ T5067] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   74.712777][ T5067] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   74.720059][ T5067] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   74.784241][ T5521] chnl_net:caif_netlink_parms(): no params data found
[   74.818136][ T5521] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.825311][ T5521] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.833089][ T5521] device bridge_slave_0 entered promiscuous mode
[   74.842096][ T5521] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.849169][ T5521] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.856978][ T5521] device bridge_slave_1 entered promiscuous mode
[   74.875088][ T5521] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.885887][ T5521] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.906578][ T5521] team0: Port device team_slave_0 added
[   74.913765][ T5521] team0: Port device team_slave_1 added
[   74.929228][ T5521] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.936315][ T5521] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.962275][ T5521] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.974075][ T5521] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.981082][ T5521] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.007050][ T5521] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.031241][ T5521] device hsr_slave_0 entered promiscuous mode
[   75.037779][ T5521] device hsr_slave_1 entered promiscuous mode
[   75.090545][ T5521] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.097619][ T5521] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.105080][ T5521] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.112178][ T5521] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.145478][ T5521] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.156833][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   75.165791][   T14] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.173438][   T14] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.181415][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   75.193477][ T5521] 8021q: adding VLAN 0 to HW filter on device team0
[   75.203346][  T892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   75.211827][  T892] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.218956][  T892] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.229211][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   75.238736][   T22] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.245831][   T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.263152][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   75.277870][ T5521] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   75.288794][ T5521] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   75.302581][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   75.310876][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   75.320131][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   75.336996][ T5521] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.344964][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   75.352574][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   75.660561][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   75.674232][  T892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   75.682794][  T892] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   75.691150][  T892] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   75.700331][ T5521] device veth0_vlan entered promiscuous mode
[   75.710134][ T5521] device veth1_vlan entered promiscuous mode
[   75.727145][ T5521] device veth0_macvtap entered promiscuous mode
[   75.735397][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   75.743616][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   75.752361][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   75.760809][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   75.770855][ T5521] device veth1_macvtap entered promiscuous mode
[   75.784562][ T5521] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.795553][ T1107] cfg80211: failed to load regulatory.db
[   75.796894][ T5521] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.810404][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   75.819085][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   75.867894][ T2826] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.890658][ T2826] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.894347][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.899601][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   75.906935][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.923994][  T892] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   76.751284][ T5067] Bluetooth: hci0: command 0x0409 tx timeout
[   76.789795][ T5541] 
[   76.792160][ T5541] ======================================================
[   76.799182][ T5541] WARNING: possible circular locking dependency detected
[   76.806197][ T5541] 6.2.0-rc4-syzkaller-00390-g5dc4c995db9e #0 Not tainted
[   76.813210][ T5541] ------------------------------------------------------
[   76.820210][ T5541] syz-executor.0/5541 is trying to acquire lock:
[   76.826524][ T5541] ffff888028394130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x6d/0x3a0
[   76.838095][ T5541] 
[   76.838095][ T5541] but task is already holding lock:
[   76.845486][ T5541] ffff8880776fd928 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x15d/0x890
[   76.854365][ T5541] 
[   76.854365][ T5541] which lock already depends on the new lock.
[   76.854365][ T5541] 
[   76.864765][ T5541] 
[   76.864765][ T5541] the existing dependency chain (in reverse order) is:
[   76.873765][ T5541] 
[   76.873765][ T5541] -> #2 (&d->lock){+.+.}-{3:3}:
[   76.880785][ T5541]        __mutex_lock+0x12f/0x1360
[   76.885891][ T5541]        __rfcomm_dlc_close+0x15d/0x890
[   76.891427][ T5541]        rfcomm_dlc_close+0x1e9/0x240
[   76.896813][ T5541]        __rfcomm_sock_close+0x13c/0x250
[   76.902441][ T5541]        rfcomm_sock_shutdown+0xd8/0x230
[   76.908064][ T5541]        rfcomm_sock_release+0x68/0x140
[   76.913608][ T5541]        __sock_release+0xcd/0x280
[   76.918716][ T5541]        sock_close+0x1c/0x20
[   76.923385][ T5541]        __fput+0x27c/0xa90
[   76.927879][ T5541]        task_work_run+0x16f/0x270
[   76.932991][ T5541]        get_signal+0x1c7/0x2450
[   76.937917][ T5541]        arch_do_signal_or_restart+0x79/0x5c0
[   76.943978][ T5541]        exit_to_user_mode_prepare+0x15f/0x250
[   76.950122][ T5541]        syscall_exit_to_user_mode+0x1d/0x50
[   76.956100][ T5541]        do_syscall_64+0x46/0xb0
[   76.961032][ T5541]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   76.967443][ T5541] 
[   76.967443][ T5541] -> #1 (rfcomm_mutex){+.+.}-{3:3}:
[   76.974825][ T5541]        __mutex_lock+0x12f/0x1360
[   76.979935][ T5541]        rfcomm_dlc_open+0x93/0xa80
[   76.985164][ T5541]        rfcomm_sock_connect+0x329/0x450
[   76.990800][ T5541]        __sys_connect_file+0x153/0x1a0
[   76.996390][ T5541]        __sys_connect+0x165/0x1a0
[   77.001589][ T5541]        __x64_sys_connect+0x73/0xb0
[   77.006869][ T5541]        do_syscall_64+0x39/0xb0
[   77.011800][ T5541]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   77.018198][ T5541] 
[   77.018198][ T5541] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}:
[   77.027575][ T5541]        __lock_acquire+0x2a43/0x56d0
[   77.032942][ T5541]        lock_acquire+0x1e3/0x630
[   77.037950][ T5541]        lock_sock_nested+0x3a/0xf0
[   77.043141][ T5541]        rfcomm_sk_state_change+0x6d/0x3a0
[   77.048938][ T5541]        __rfcomm_dlc_close+0x1b1/0x890
[   77.054484][ T5541]        rfcomm_dlc_close+0x1e9/0x240
[   77.059848][ T5541]        __rfcomm_sock_close+0x13c/0x250
[   77.065485][ T5541]        rfcomm_sock_shutdown+0xd8/0x230
[   77.071132][ T5541]        rfcomm_sock_release+0x68/0x140
[   77.076724][ T5541]        __sock_release+0xcd/0x280
[   77.081837][ T5541]        sock_close+0x1c/0x20
[   77.086498][ T5541]        __fput+0x27c/0xa90
[   77.090984][ T5541]        task_work_run+0x16f/0x270
[   77.096087][ T5541]        get_signal+0x1c7/0x2450
[   77.101014][ T5541]        arch_do_signal_or_restart+0x79/0x5c0
[   77.107067][ T5541]        exit_to_user_mode_prepare+0x15f/0x250
[   77.113384][ T5541]        syscall_exit_to_user_mode+0x1d/0x50
[   77.119348][ T5541]        do_syscall_64+0x46/0xb0
[   77.124281][ T5541]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   77.130687][ T5541] 
[   77.130687][ T5541] other info that might help us debug this:
[   77.130687][ T5541] 
[   77.140897][ T5541] Chain exists of:
[   77.140897][ T5541]   sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock
[   77.140897][ T5541] 
[   77.154790][ T5541]  Possible unsafe locking scenario:
[   77.154790][ T5541] 
[   77.162225][ T5541]        CPU0                    CPU1
[   77.167572][ T5541]        ----                    ----
[   77.172934][ T5541]   lock(&d->lock);
[   77.176726][ T5541]                                lock(rfcomm_mutex);
[   77.183393][ T5541]                                lock(&d->lock);
[   77.189719][ T5541]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM);
[   77.195869][ T5541] 
[   77.195869][ T5541]  *** DEADLOCK ***
[   77.195869][ T5541] 
[   77.204004][ T5541] 3 locks held by syz-executor.0/5541:
[   77.209442][ T5541]  #0: ffff88807080d610 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   77.219974][ T5541]  #1: ffffffff8e313a08 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x33/0x240
[   77.229374][ T5541]  #2: ffff8880776fd928 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x15d/0x890
[   77.238696][ T5541] 
[   77.238696][ T5541] stack backtrace:
[   77.244580][ T5541] CPU: 1 PID: 5541 Comm: syz-executor.0 Not tainted 6.2.0-rc4-syzkaller-00390-g5dc4c995db9e #0
[   77.254891][ T5541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   77.264931][ T5541] Call Trace:
[   77.268192][ T5541]  <TASK>
[   77.271108][ T5541]  dump_stack_lvl+0xd1/0x138
[   77.275697][ T5541]  check_noncircular+0x25f/0x2e0
[   77.280617][ T5541]  ? __lock_acquire+0x2567/0x56d0
[   77.285619][ T5541]  ? print_circular_bug+0x1e0/0x1e0
[   77.290801][ T5541]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   77.296763][ T5541]  __lock_acquire+0x2a43/0x56d0
[   77.301704][ T5541]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   77.308100][ T5541]  lock_acquire+0x1e3/0x630
[   77.312594][ T5541]  ? rfcomm_sk_state_change+0x6d/0x3a0
[   77.318064][ T5541]  ? lock_release+0x810/0x810
[   77.322774][ T5541]  ? __rfcomm_dlc_close+0x15d/0x890
[   77.327986][ T5541]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[   77.333803][ T5541]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   77.339345][ T5541]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[   77.345159][ T5541]  ? __timer_delete+0xe8/0x1b0
[   77.349922][ T5541]  lock_sock_nested+0x3a/0xf0
[   77.354601][ T5541]  ? rfcomm_sk_state_change+0x6d/0x3a0
[   77.360065][ T5541]  rfcomm_sk_state_change+0x6d/0x3a0
[   77.365359][ T5541]  __rfcomm_dlc_close+0x1b1/0x890
[   77.370387][ T5541]  rfcomm_dlc_close+0x1e9/0x240
[   77.375248][ T5541]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   77.381147][ T5541]  __rfcomm_sock_close+0x13c/0x250
[   77.386268][ T5541]  ? lockdep_hardirqs_on+0x7d/0x100
[   77.391462][ T5541]  rfcomm_sock_shutdown+0xd8/0x230
[   77.396602][ T5541]  rfcomm_sock_release+0x68/0x140
[   77.401631][ T5541]  __sock_release+0xcd/0x280
[   77.406230][ T5541]  sock_close+0x1c/0x20
[   77.410389][ T5541]  __fput+0x27c/0xa90
[   77.414376][ T5541]  ? __sock_release+0x280/0x280
[   77.419215][ T5541]  task_work_run+0x16f/0x270
[   77.423847][ T5541]  ? task_work_cancel+0x30/0x30
[   77.428694][ T5541]  ? rfcomm_sock_connect+0x159/0x450
[   77.433981][ T5541]  get_signal+0x1c7/0x2450
[   77.438391][ T5541]  ? task_work_func_match+0x40/0x40
[   77.443588][ T5541]  ? exit_signals+0x8b0/0x8b0
[   77.448265][ T5541]  ? rfcomm_sock_connect+0x15e/0x450
[   77.453640][ T5541]  arch_do_signal_or_restart+0x79/0x5c0
[   77.459212][ T5541]  ? get_sigframe_size+0x10/0x10
[   77.464170][ T5541]  exit_to_user_mode_prepare+0x15f/0x250
[   77.469798][ T5541]  syscall_exit_to_user_mode+0x1d/0x50
[   77.475254][ T5541]  do_syscall_64+0x46/0xb0
[   77.479679][ T5541]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   77.485583][ T5541] RIP: 0033:0x7f7edfe89049
[   77.489994][ T5541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   77.509607][ T5541] RSP: 002b:00007f7ee1010168 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   77.518475][ T5541] RAX: fffffffffffffffc RBX: 00007f7edff9bf60 RCX: 00007f7edfe89049
[   77.526447][ T5541] RDX: 0000000000000080 RSI: 00000000200001c0 RDI: 0000000000000004
[   77.534414][ T5541] RBP: 00007f7edfee308d R08: 0000000000000000 R09: 0000000000000000
[   77.542385][ T5541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.550362][ T5541] R13: 00007ffdc08ec3af R14: 00007f7ee1010300 R15: 0000000000022000
[   77.558348][ T5541]  </TASK>
[   78.830334][ T5067] Bluetooth: hci0: command 0x041b tx timeout
2023/01/15 18:38:21 executed programs: 3
[   80.920351][ T5067] Bluetooth: hci0: command 0x040f tx timeout
[   82.990464][ T5067] Bluetooth: hci0: command 0x0419 tx timeout
2023/01/15 18:38:26 executed programs: 9
[   85.070402][ T5067] Bluetooth: hci0: command 0x0405 tx timeout