Warning: Permanently added '10.128.1.97' (ECDSA) to the list of known hosts.
[   66.008033][ T4078] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   66.018871][ T4078] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   66.019689][ T4079] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   66.027714][ T4078] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   66.041138][ T4078] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   66.041410][ T4079] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   66.050715][ T4078] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   66.056639][ T4079] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   66.063493][ T4078] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   66.074113][ T4079] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   66.080627][ T4078] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   66.085396][ T4079] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   66.091837][ T4078] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   66.099844][ T4079] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   66.105936][ T4078] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   66.114072][ T4079] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   66.128404][ T4078] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   66.128499][ T4079] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   66.137137][ T4078] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   66.143235][ T4079] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   66.149596][ T4078] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   66.157466][ T4079] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   66.171616][ T4078] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   66.171773][ T4080] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   66.178626][ T4078] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   66.185850][ T4080] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   66.193692][ T4079] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   66.200750][ T4080] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   66.206879][ T4081] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   66.214628][ T4075] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   66.457443][ T4084] 
[   66.459802][ T4084] ======================================================
[   66.466806][ T4084] WARNING: possible circular locking dependency detected
[   66.473807][ T4084] 5.18.0-rc1-syzkaller #0 Not tainted
[   66.479285][ T4084] ------------------------------------------------------
[   66.486284][ T4084] syz-executor539/4084 is trying to acquire lock:
[   66.492683][ T4084] ffff8880219db130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0xd4/0x210
[   66.503011][ T4084] 
[   66.503011][ T4084] but task is already holding lock:
[   66.510363][ T4084] ffffffff8c68dee8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb9/0x210
[   66.519907][ T4084] 
[   66.519907][ T4084] which lock already depends on the new lock.
[   66.519907][ T4084] 
[   66.530299][ T4084] 
[   66.530299][ T4084] the existing dependency chain (in reverse order) is:
[   66.539562][ T4084] 
[   66.539562][ T4084] -> #2 (hci_cb_list_lock){+.+.}-{3:3}:
[   66.547362][ T4084]        __mutex_lock+0x12f/0x12f0
[   66.552470][ T4084]        hci_remote_features_evt+0x4eb/0x860
[   66.558442][ T4084]        hci_event_packet+0x609/0xcf0
[   66.563806][ T4084]        hci_rx_work+0x3e4/0xba0
[   66.568735][ T4084]        process_one_work+0x865/0x13d0
[   66.574187][ T4084]        worker_thread+0x598/0xec0
[   66.579289][ T4084]        kthread+0x299/0x340
[   66.583875][ T4084]        ret_from_fork+0x1f/0x30
[   66.588809][ T4084] 
[   66.588809][ T4084] -> #1 (&hdev->lock){+.+.}-{3:3}:
[   66.596092][ T4084]        __mutex_lock+0x12f/0x12f0
[   66.601300][ T4084]        sco_sock_connect+0x16a/0x8f0
[   66.606665][ T4084]        __sys_connect+0xf5/0x120
[   66.611685][ T4084]        __x64_sys_connect+0x6a/0xb0
[   66.616962][ T4084]        do_syscall_64+0x35/0xb0
[   66.622081][ T4084]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   66.628533][ T4084] 
[   66.628533][ T4084] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}:
[   66.637729][ T4084]        __lock_acquire+0x2a44/0x5660
[   66.643189][ T4084]        lock_acquire+0x1ab/0x510
[   66.648205][ T4084]        lock_sock_nested+0x2b/0xd0
[   66.653478][ T4084]        sco_conn_del+0xd4/0x210
[   66.658408][ T4084]        hci_conn_hash_flush+0xfb/0x210
[   66.664297][ T4084]        hci_dev_close_sync+0x462/0xef0
[   66.669934][ T4084]        hci_dev_do_close+0x23/0x60
[   66.675127][ T4084]        hci_rfkill_set_block+0x111/0x140
[   66.680931][ T4084]        rfkill_set_block+0x191/0x440
[   66.686301][ T4084]        rfkill_fop_write+0x233/0x470
[   66.691671][ T4084]        vfs_write+0x1b7/0x8f0
[   66.696433][ T4084]        ksys_write+0x16b/0x1c0
[   66.701277][ T4084]        do_syscall_64+0x35/0xb0
[   66.706220][ T4084]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   66.712627][ T4084] 
[   66.712627][ T4084] other info that might help us debug this:
[   66.712627][ T4084] 
[   66.722848][ T4084] Chain exists of:
[   66.722848][ T4084]   sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock
[   66.722848][ T4084] 
[   66.737171][ T4084]  Possible unsafe locking scenario:
[   66.737171][ T4084] 
[   66.744612][ T4084]        CPU0                    CPU1
[   66.750148][ T4084]        ----                    ----
[   66.755511][ T4084]   lock(hci_cb_list_lock);
[   66.760011][ T4084]                                lock(&hdev->lock);
[   66.766678][ T4084]                                lock(hci_cb_list_lock);
[   66.773690][ T4084]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO);
[   66.779574][ T4084] 
[   66.779574][ T4084]  *** DEADLOCK ***
[   66.779574][ T4084] 
[   66.787711][ T4084] 4 locks held by syz-executor539/4084:
[   66.793852][ T4084]  #0: ffffffff8c858928 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x119/0x470
[   66.803925][ T4084]  #1: ffff88807e135048 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x1b/0x60
[   66.813566][ T4084]  #2: ffff88807e134078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x1f0/0xef0
[   66.823119][ T4084]  #3: ffffffff8c68dee8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb9/0x210
[   66.833102][ T4084] 
[   66.833102][ T4084] stack backtrace:
[   66.838985][ T4084] CPU: 0 PID: 4084 Comm: syz-executor539 Not tainted 5.18.0-rc1-syzkaller #0
[   66.847733][ T4084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.857811][ T4084] Call Trace:
[   66.861089][ T4084]  <TASK>
[   66.864022][ T4084]  dump_stack_lvl+0x57/0x7d
[   66.868532][ T4084]  check_noncircular+0x25f/0x2e0
[   66.873468][ T4084]  ? print_circular_bug+0x1e0/0x1e0
[   66.878658][ T4084]  ? filter_irq_stacks+0x90/0x90
[   66.883599][ T4084]  ? save_trace+0x42/0x9f0
[   66.888011][ T4084]  ? add_lock_to_list.constprop.0+0x185/0x370
[   66.894085][ T4084]  __lock_acquire+0x2a44/0x5660
[   66.898935][ T4084]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   66.904917][ T4084]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   66.910896][ T4084]  ? lock_release+0x720/0x720
[   66.915576][ T4084]  lock_acquire+0x1ab/0x510
[   66.920074][ T4084]  ? sco_conn_del+0xd4/0x210
[   66.924660][ T4084]  ? lock_release+0x720/0x720
[   66.929339][ T4084]  ? sco_conn_del+0xca/0x210
[   66.933923][ T4084]  ? lock_downgrade+0x6e0/0x6e0
[   66.938781][ T4084]  ? do_raw_spin_lock+0x120/0x2a0
[   66.943806][ T4084]  ? rwlock_bug.part.0+0x90/0x90
[   66.948742][ T4084]  lock_sock_nested+0x2b/0xd0
[   66.953410][ T4084]  ? sco_conn_del+0xd4/0x210
[   66.958087][ T4084]  sco_conn_del+0xd4/0x210
[   66.962500][ T4084]  hci_conn_hash_flush+0xfb/0x210
[   66.967528][ T4084]  hci_dev_close_sync+0x462/0xef0
[   66.972890][ T4084]  ? hci_dev_open_sync+0x1a20/0x1a20
[   66.978165][ T4084]  ? mark_held_locks+0x9f/0xe0
[   66.983179][ T4084]  hci_dev_do_close+0x23/0x60
[   66.987843][ T4084]  ? hci_power_on+0x4c0/0x4c0
[   66.992515][ T4084]  hci_rfkill_set_block+0x111/0x140
[   66.997701][ T4084]  rfkill_set_block+0x191/0x440
[   67.002569][ T4084]  rfkill_fop_write+0x233/0x470
[   67.007426][ T4084]  ? rfkill_sync_work+0xc0/0xc0
[   67.012452][ T4084]  ? apparmor_file_permission+0x138/0x450
[   67.018168][ T4084]  vfs_write+0x1b7/0x8f0
[   67.022492][ T4084]  ksys_write+0x16b/0x1c0
[   67.026813][ T4084]  ? __ia32_sys_read+0xa0/0xa0
[   67.031575][ T4084]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   67.037568][ T4084]  ? syscall_enter_from_user_mode+0x21/0x70
[   67.043490][ T4084]  do_syscall_64+0x35/0xb0
[   67.048074][ T4084]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   67.053966][ T4084] RIP: 0033:0x7fc27cdae609
[   67.058371][ T4084] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   67.078063][ T4084] RSP: 002b:00007fc27c55d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   67.086573][ T4084] RAX: ffffffffffffffda RBX: 00007fc27ce374c0 RCX: 00007fc27cdae609
[   67.094540][ T4084] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003
[   67.102598][ T4084] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   67.110567][ T4084] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe70663b1e
[   67.118531][ T4084] R13: 00007ffe70663b1f R14: 00007fc27ce374c8 R15: 0000000000022000
[   67.126500][ T4084]  </TASK>
[   68.070068][ T3597] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   71.180303][   T14] cfg80211: failed to load regulatory.db