Warning: Permanently added '10.128.0.209' (ED25519) to the list of known hosts.
[   47.346232][ T4019] chnl_net:caif_netlink_parms(): no params data found
[   47.387024][ T4019] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.389095][ T4019] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.392129][ T4019] device bridge_slave_0 entered promiscuous mode
[   47.396541][ T4019] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.398541][ T4019] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.402833][ T4019] device bridge_slave_1 entered promiscuous mode
[   47.420936][ T4019] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.425348][ T4019] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.441224][ T4019] team0: Port device team_slave_0 added
[   47.444569][ T4019] team0: Port device team_slave_1 added
[   47.458692][ T4019] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.460854][ T4019] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.467491][ T4019] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.472267][ T4019] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.474115][ T4019] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.481041][ T4019] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.561711][ T4019] device hsr_slave_0 entered promiscuous mode
[   47.620746][ T4019] device hsr_slave_1 entered promiscuous mode
[   47.746668][ T4019] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   47.802782][ T4019] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   47.852479][ T4019] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   47.891644][ T4019] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   47.956921][ T4019] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.958845][ T4019] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.961380][ T4019] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.963229][ T4019] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.006572][ T4019] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.015912][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   48.021277][  T136] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.025169][  T136] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.028124][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   48.037055][ T4019] 8021q: adding VLAN 0 to HW filter on device team0
[   48.044485][  T607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   48.046847][  T607] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.048602][  T607] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.054805][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   48.057480][  T136] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.059336][  T136] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.075628][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   48.078622][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   48.085088][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   48.094066][  T607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   48.099299][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   48.105352][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   48.118688][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   48.122139][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   48.129055][ T4019] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.144300][  T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   48.158327][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   48.162450][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   48.165047][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   48.169440][ T4019] device veth0_vlan entered promiscuous mode
[   48.177753][ T4019] device veth1_vlan entered promiscuous mode
[   48.194864][  T607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   48.197739][  T607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   48.201288][  T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   48.206376][ T4019] device veth0_macvtap entered promiscuous mode
[   48.211776][ T4019] device veth1_macvtap entered promiscuous mode
[   48.225663][ T4019] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.227898][  T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   48.233502][  T607] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   48.239201][ T4019] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.242717][  T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   48.248000][ T4019] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.251017][ T4019] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.253261][ T4019] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.255554][ T4019] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   49.301649][   T21] Bluetooth: hci0: command 0x0409 tx timeout
[   51.390047][   T13] Bluetooth: hci0: command 0x041b tx timeout
[   53.459897][   T13] Bluetooth: hci0: command 0x040f tx timeout
[   55.539700][   T13] Bluetooth: hci0: command 0x0419 tx timeout
[   57.619644][   T13] Bluetooth: hci0: command 0x0405 tx timeout
[   74.753323][   T25] cfg80211: failed to load regulatory.db
[   88.822307][ T4023] 
[   88.822911][ T4023] ======================================================
[   88.824713][ T4023] WARNING: possible circular locking dependency detected
[   88.826451][ T4023] 5.15.178-syzkaller #0 Not tainted
[   88.827707][ T4023] ------------------------------------------------------
[   88.829481][ T4023] kworker/u5:2/4023 is trying to acquire lock:
[   88.830951][ T4023] ffff0000ce600120 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x140/0x908
[   88.833547][ T4023] 
[   88.833547][ T4023] but task is already holding lock:
[   88.835360][ T4023] ffff800016df9988 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x404/0x8c0
[   88.837775][ T4023] 
[   88.837775][ T4023] which lock already depends on the new lock.
[   88.837775][ T4023] 
[   88.840261][ T4023] 
[   88.840261][ T4023] the existing dependency chain (in reverse order) is:
[   88.842514][ T4023] 
[   88.842514][ T4023] -> #2 (hci_cb_list_lock){+.+.}-{3:3}:
[   88.844441][ T4023]        __mutex_lock_common+0x194/0x2154
[   88.845819][ T4023]        mutex_lock_nested+0xa4/0xf8
[   88.847050][ T4023]        hci_remote_features_evt+0x444/0x904
[   88.848548][ T4023]        hci_event_packet+0x5ec/0x12b4
[   88.849849][ T4023]        hci_rx_work+0x1d0/0x830
[   88.851084][ T4023]        process_one_work+0x790/0x11b8
[   88.852396][ T4023]        worker_thread+0x910/0x1034
[   88.853660][ T4023]        kthread+0x37c/0x45c
[   88.854805][ T4023]        ret_from_fork+0x10/0x20
[   88.855962][ T4023] 
[   88.855962][ T4023] -> #1 (&hdev->lock){+.+.}-{3:3}:
[   88.857759][ T4023]        __mutex_lock_common+0x194/0x2154
[   88.859166][ T4023]        mutex_lock_nested+0xa4/0xf8
[   88.860416][ T4023]        sco_sock_connect+0x170/0x848
[   88.861605][ T4023]        __sys_connect+0x268/0x290
[   88.862771][ T4023]        __arm64_sys_connect+0x7c/0x94
[   88.864063][ T4023]        invoke_syscall+0x98/0x2b8
[   88.865317][ T4023]        el0_svc_common+0x138/0x258
[   88.866646][ T4023]        do_el0_svc+0x58/0x14c
[   88.867816][ T4023]        el0_svc+0x7c/0x1f0
[   88.868987][ T4023]        el0t_64_sync_handler+0x84/0xe4
[   88.870364][ T4023]        el0t_64_sync+0x1a0/0x1a4
[   88.871579][ T4023] 
[   88.871579][ T4023] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}:
[   88.873839][ T4023]        __lock_acquire+0x32d4/0x7638
[   88.875104][ T4023]        lock_acquire+0x240/0x77c
[   88.876278][ T4023]        lock_sock_nested+0xec/0x1ec
[   88.877513][ T4023]        sco_connect_cfm+0x140/0x908
[   88.878801][ T4023]        hci_sync_conn_complete_evt+0x468/0x8c0
[   88.880285][ T4023]        hci_event_packet+0x8e0/0x12b4
[   88.881627][ T4023]        hci_rx_work+0x1d0/0x830
[   88.882801][ T4023]        process_one_work+0x790/0x11b8
[   88.884104][ T4023]        worker_thread+0x910/0x1034
[   88.885393][ T4023]        kthread+0x37c/0x45c
[   88.886533][ T4023]        ret_from_fork+0x10/0x20
[   88.887688][ T4023] 
[   88.887688][ T4023] other info that might help us debug this:
[   88.887688][ T4023] 
[   88.890137][ T4023] Chain exists of:
[   88.890137][ T4023]   sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock
[   88.890137][ T4023] 
[   88.893654][ T4023]  Possible unsafe locking scenario:
[   88.893654][ T4023] 
[   88.895504][ T4023]        CPU0                    CPU1
[   88.896730][ T4023]        ----                    ----
[   88.897972][ T4023]   lock(hci_cb_list_lock);
[   88.899018][ T4023]                                lock(&hdev->lock);
[   88.900591][ T4023]                                lock(hci_cb_list_lock);
[   88.902214][ T4023]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO);
[   88.903630][ T4023] 
[   88.903630][ T4023]  *** DEADLOCK ***
[   88.903630][ T4023] 
[   88.905568][ T4023] 4 locks held by kworker/u5:2/4023:
[   88.906853][ T4023]  #0: ffff0000cac39938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8
[   88.909324][ T4023]  #1: ffff80001dd77c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8
[   88.912090][ T4023]  #2: ffff0000c9618078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0xb4/0x8c0
[   88.914599][ T4023]  #3: ffff800016df9988 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x404/0x8c0
[   88.917074][ T4023] 
[   88.917074][ T4023] stack backtrace:
[   88.918435][ T4023] CPU: 1 PID: 4023 Comm: kworker/u5:2 Not tainted 5.15.178-syzkaller #0
[   88.920385][ T4023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   88.922710][ T4023] Workqueue: hci0 hci_rx_work
[   88.923753][ T4023] Call trace:
[   88.924504][ T4023]  dump_backtrace+0x0/0x530
[   88.925529][ T4023]  show_stack+0x2c/0x3c
[   88.926575][ T4023]  dump_stack_lvl+0x108/0x170
[   88.927679][ T4023]  dump_stack+0x1c/0x58
[   88.928640][ T4023]  print_circular_bug+0x150/0x1b8
[   88.929821][ T4023]  check_noncircular+0x2cc/0x378
[   88.931011][ T4023]  __lock_acquire+0x32d4/0x7638
[   88.932113][ T4023]  lock_acquire+0x240/0x77c
[   88.933183][ T4023]  lock_sock_nested+0xec/0x1ec
[   88.934268][ T4023]  sco_connect_cfm+0x140/0x908
[   88.935382][ T4023]  hci_sync_conn_complete_evt+0x468/0x8c0
[   88.936726][ T4023]  hci_event_packet+0x8e0/0x12b4
[   88.937880][ T4023]  hci_rx_work+0x1d0/0x830
[   88.938978][ T4023]  process_one_work+0x790/0x11b8
[   88.940114][ T4023]  worker_thread+0x910/0x1034
[   88.941268][ T4023]  kthread+0x37c/0x45c
[   88.942244][ T4023]  ret_from_fork+0x10/0x20