[   76.075521][  T897] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.81' (ECDSA) to the list of known hosts.
2022/12/28 00:01:05 ignoring optional flag "sandboxArg"="0"
2022/12/28 00:01:05 parsed 1 programs
2022/12/28 00:01:05 executed programs: 0
[   82.073471][ T5069] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   84.163694][ T4388] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.171522][ T4388] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.179905][ T4388] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.187703][ T4388] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.196173][ T4388] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   84.203673][ T4388] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.276942][ T5530] chnl_net:caif_netlink_parms(): no params data found
[   84.314895][ T5530] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.322076][ T5530] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.330349][ T5530] device bridge_slave_0 entered promiscuous mode
[   84.339406][ T5530] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.346658][ T5530] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.355305][ T5530] device bridge_slave_1 entered promiscuous mode
[   84.375511][ T5530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.386779][ T5530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.408529][ T5530] team0: Port device team_slave_0 added
[   84.416573][ T5530] team0: Port device team_slave_1 added
[   84.434000][ T5530] batman_adv: batadv0: Adding interface: batadv_slave_0
[   84.441073][ T5530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.467216][ T5530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   84.480338][ T5530] batman_adv: batadv0: Adding interface: batadv_slave_1
[   84.487466][ T5530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.514722][ T5530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   84.539082][ T5530] device hsr_slave_0 entered promiscuous mode
[   84.547227][ T5530] device hsr_slave_1 entered promiscuous mode
[   84.602692][ T5530] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.610084][ T5530] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.617563][ T5530] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.624745][ T5530] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.662062][ T5530] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.676162][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   84.685482][   T26] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.693997][   T26] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.702115][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   84.715287][ T5530] 8021q: adding VLAN 0 to HW filter on device team0
[   84.725439][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   84.734646][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.741729][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.765948][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   84.774942][   T22] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.781993][   T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.790729][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   84.801743][ T5530] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   84.815141][ T5530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   84.823623][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   84.831560][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   84.849814][ T5530] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.857738][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   84.865736][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   85.169423][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   85.186684][ T5530] device veth0_vlan entered promiscuous mode
[   85.193765][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   85.202136][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   85.210472][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   85.222958][ T5530] device veth1_vlan entered promiscuous mode
[   85.240474][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   85.249822][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   85.258590][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   85.270032][ T5530] device veth0_macvtap entered promiscuous mode
[   85.279929][ T5530] device veth1_macvtap entered promiscuous mode
[   85.292931][ T5530] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.300954][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   85.310370][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   85.322172][ T5530] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.330972][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   85.339554][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   85.392981][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.401060][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.413037][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   85.424851][   T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.432891][   T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.441866][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   86.244330][ T4388] Bluetooth: hci0: command 0x0409 tx timeout
[   86.303169][ T5551] 
[   86.305537][ T5551] ======================================================
[   86.312549][ T5551] WARNING: possible circular locking dependency detected
[   86.319671][ T5551] 6.1.0-syzkaller-12784-gc183e6c3ec34 #0 Not tainted
[   86.326521][ T5551] ------------------------------------------------------
[   86.333616][ T5551] syz-executor.0/5551 is trying to acquire lock:
[   86.340109][ T5551] ffff88807ef98130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x6d/0x3a0
[   86.352045][ T5551] 
[   86.352045][ T5551] but task is already holding lock:
[   86.359395][ T5551] ffff88807849f528 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x15d/0x890
[   86.368448][ T5551] 
[   86.368448][ T5551] which lock already depends on the new lock.
[   86.368448][ T5551] 
[   86.378846][ T5551] 
[   86.378846][ T5551] the existing dependency chain (in reverse order) is:
[   86.387860][ T5551] 
[   86.387860][ T5551] -> #2 (&d->lock){+.+.}-{3:3}:
[   86.395039][ T5551]        __mutex_lock+0x12f/0x1360
[   86.400183][ T5551]        __rfcomm_dlc_close+0x15d/0x890
[   86.405738][ T5551]        rfcomm_dlc_close+0x1e9/0x240
[   86.411105][ T5551]        __rfcomm_sock_close+0x13c/0x250
[   86.416839][ T5551]        rfcomm_sock_shutdown+0xd8/0x230
[   86.422476][ T5551]        rfcomm_sock_release+0x68/0x140
[   86.428026][ T5551]        __sock_release+0xcd/0x280
[   86.433151][ T5551]        sock_close+0x1c/0x20
[   86.437903][ T5551]        __fput+0x27c/0xa90
[   86.442489][ T5551]        task_work_run+0x16f/0x270
[   86.447602][ T5551]        get_signal+0x1c7/0x2450
[   86.452528][ T5551]        arch_do_signal_or_restart+0x79/0x5c0
[   86.458676][ T5551]        exit_to_user_mode_prepare+0x15f/0x250
[   86.464986][ T5551]        syscall_exit_to_user_mode+0x1d/0x50
[   86.471035][ T5551]        do_syscall_64+0x46/0xb0
[   86.476050][ T5551]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   86.482656][ T5551] 
[   86.482656][ T5551] -> #1 (rfcomm_mutex){+.+.}-{3:3}:
[   86.490552][ T5551]        __mutex_lock+0x12f/0x1360
[   86.495664][ T5551]        rfcomm_dlc_open+0x93/0xa80
[   86.500947][ T5551]        rfcomm_sock_connect+0x329/0x450
[   86.506667][ T5551]        __sys_connect_file+0x153/0x1a0
[   86.512232][ T5551]        __sys_connect+0x165/0x1a0
[   86.518309][ T5551]        __x64_sys_connect+0x73/0xb0
[   86.523767][ T5551]        do_syscall_64+0x39/0xb0
[   86.528708][ T5551]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   86.535239][ T5551] 
[   86.535239][ T5551] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}:
[   86.544845][ T5551]        __lock_acquire+0x2a43/0x56d0
[   86.550225][ T5551]        lock_acquire+0x1e3/0x630
[   86.555246][ T5551]        lock_sock_nested+0x3a/0xf0
[   86.560535][ T5551]        rfcomm_sk_state_change+0x6d/0x3a0
[   86.566425][ T5551]        __rfcomm_dlc_close+0x1b1/0x890
[   86.571959][ T5551]        rfcomm_dlc_close+0x1e9/0x240
[   86.577317][ T5551]        __rfcomm_sock_close+0x13c/0x250
[   86.583134][ T5551]        rfcomm_sock_shutdown+0xd8/0x230
[   86.588753][ T5551]        rfcomm_sock_release+0x68/0x140
[   86.594316][ T5551]        __sock_release+0xcd/0x280
[   86.599616][ T5551]        sock_close+0x1c/0x20
[   86.604469][ T5551]        __fput+0x27c/0xa90
[   86.609145][ T5551]        task_work_run+0x16f/0x270
[   86.614297][ T5551]        get_signal+0x1c7/0x2450
[   86.619233][ T5551]        arch_do_signal_or_restart+0x79/0x5c0
[   86.625657][ T5551]        exit_to_user_mode_prepare+0x15f/0x250
[   86.631897][ T5551]        syscall_exit_to_user_mode+0x1d/0x50
[   86.637862][ T5551]        do_syscall_64+0x46/0xb0
[   86.642883][ T5551]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   86.649301][ T5551] 
[   86.649301][ T5551] other info that might help us debug this:
[   86.649301][ T5551] 
[   86.660294][ T5551] Chain exists of:
[   86.660294][ T5551]   sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock
[   86.660294][ T5551] 
[   86.674538][ T5551]  Possible unsafe locking scenario:
[   86.674538][ T5551] 
[   86.681991][ T5551]        CPU0                    CPU1
[   86.687442][ T5551]        ----                    ----
[   86.692996][ T5551]   lock(&d->lock);
[   86.696866][ T5551]                                lock(rfcomm_mutex);
[   86.703571][ T5551]                                lock(&d->lock);
[   86.709970][ T5551]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM);
[   86.716287][ T5551] 
[   86.716287][ T5551]  *** DEADLOCK ***
[   86.716287][ T5551] 
[   86.724769][ T5551] 3 locks held by syz-executor.0/5551:
[   86.730299][ T5551]  #0: ffff8880767fe210 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   86.741002][ T5551]  #1: ffffffff8e3141c8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x33/0x240
[   86.750745][ T5551]  #2: ffff88807849f528 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x15d/0x890
[   86.760214][ T5551] 
[   86.760214][ T5551] stack backtrace:
[   86.766187][ T5551] CPU: 0 PID: 5551 Comm: syz-executor.0 Not tainted 6.1.0-syzkaller-12784-gc183e6c3ec34 #0
[   86.776331][ T5551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   86.786773][ T5551] Call Trace:
[   86.790054][ T5551]  <TASK>
[   86.793077][ T5551]  dump_stack_lvl+0xd1/0x138
[   86.798106][ T5551]  check_noncircular+0x25f/0x2e0
[   86.803395][ T5551]  ? __lock_acquire+0x2567/0x56d0
[   86.808442][ T5551]  ? print_circular_bug+0x1e0/0x1e0
[   86.813732][ T5551]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   86.819807][ T5551]  __lock_acquire+0x2a43/0x56d0
[   86.824824][ T5551]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   86.830822][ T5551]  lock_acquire+0x1e3/0x630
[   86.835404][ T5551]  ? rfcomm_sk_state_change+0x6d/0x3a0
[   86.841138][ T5551]  ? lock_release+0x810/0x810
[   86.845833][ T5551]  ? __rfcomm_dlc_close+0x15d/0x890
[   86.851133][ T5551]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[   86.857014][ T5551]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   86.862665][ T5551]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[   86.868473][ T5551]  ? __timer_delete+0xe8/0x1b0
[   86.873333][ T5551]  lock_sock_nested+0x3a/0xf0
[   86.878127][ T5551]  ? rfcomm_sk_state_change+0x6d/0x3a0
[   86.883763][ T5551]  rfcomm_sk_state_change+0x6d/0x3a0
[   86.889219][ T5551]  __rfcomm_dlc_close+0x1b1/0x890
[   86.894238][ T5551]  rfcomm_dlc_close+0x1e9/0x240
[   86.899104][ T5551]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   86.905263][ T5551]  __rfcomm_sock_close+0x13c/0x250
[   86.910363][ T5551]  ? lockdep_hardirqs_on+0x7d/0x100
[   86.915558][ T5551]  rfcomm_sock_shutdown+0xd8/0x230
[   86.920740][ T5551]  rfcomm_sock_release+0x68/0x140
[   86.925750][ T5551]  __sock_release+0xcd/0x280
[   86.930418][ T5551]  sock_close+0x1c/0x20
[   86.934574][ T5551]  __fput+0x27c/0xa90
[   86.938642][ T5551]  ? __sock_release+0x280/0x280
[   86.943573][ T5551]  task_work_run+0x16f/0x270
[   86.948184][ T5551]  ? task_work_cancel+0x30/0x30
[   86.953035][ T5551]  ? rfcomm_sock_connect+0x159/0x450
[   86.958573][ T5551]  get_signal+0x1c7/0x2450
[   86.963068][ T5551]  ? task_work_func_match+0x40/0x40
[   86.968358][ T5551]  ? exit_signals+0x8b0/0x8b0
[   86.973104][ T5551]  ? rfcomm_sock_connect+0x15e/0x450
[   86.978554][ T5551]  arch_do_signal_or_restart+0x79/0x5c0
[   86.984113][ T5551]  ? get_sigframe_size+0x10/0x10
[   86.989124][ T5551]  exit_to_user_mode_prepare+0x15f/0x250
[   86.994761][ T5551]  syscall_exit_to_user_mode+0x1d/0x50
[   87.000211][ T5551]  do_syscall_64+0x46/0xb0
[   87.004795][ T5551]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   87.010765][ T5551] RIP: 0033:0x4665f9
[   87.014735][ T5551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   87.034749][ T5551] RSP: 002b:00007f648c8cf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   87.043236][ T5551] RAX: fffffffffffffffc RBX: 000000000056bf80 RCX: 00000000004665f9
2022/12/28 00:01:14 executed programs: 1
[   87.051482][ T5551] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004
[   87.059461][ T5551] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
[   87.067503][ T5551] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
[   87.075547][ T5551] R13: 00007ffd75574c3f R14: 00007f648c8cf300 R15: 0000000000022000
[   87.083679][ T5551]  </TASK>
[   88.323554][ T4388] Bluetooth: hci0: command 0x041b tx timeout
[   90.393488][ T4388] Bluetooth: hci0: command 0x040f tx timeout
2022/12/28 00:01:19 executed programs: 7
[   92.473371][ T4388] Bluetooth: hci0: command 0x0419 tx timeout
[   94.553351][ T4388] Bluetooth: hci0: command 0x0405 tx timeout