[   52.939478][  T980] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.961708][  T980] device veth1_macvtap left promiscuous mode
[   52.968222][  T980] device veth0_macvtap left promiscuous mode
[   52.975403][  T980] device veth1_vlan left promiscuous mode
[   52.982103][  T980] device veth0_vlan left promiscuous mode
[   53.164378][  T980] team0 (unregistering): Port device team_slave_1 removed
[   53.178157][  T980] team0 (unregistering): Port device team_slave_0 removed
[   53.190968][  T980] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   53.206430][  T980] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   53.253689][  T980] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.0.199' (ECDSA) to the list of known hosts.
[   70.795182][ T4075] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   70.804340][ T4075] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   70.814683][ T4075] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   70.818082][ T4076] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   70.822611][ T4075] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   70.837454][ T4075] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   70.837751][ T4076] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   70.845438][ T4075] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   70.854861][ T4076] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   70.859899][ T4075] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   70.866194][ T4076] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   70.873695][ T4075] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   70.880090][ T4076] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   70.888426][ T4075] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   70.894377][ T4076] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   70.901143][ T4075] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   70.915043][ T4076] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   70.915626][ T4075] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   70.930312][ T4076] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   70.931095][ T4078] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   70.938209][ T4075] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   70.944505][ T4078] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   70.953312][ T4079] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   70.958744][ T4078] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   70.966335][ T4079] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   70.972309][ T4078] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   70.980106][ T4079] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   70.986497][ T4078] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   71.000364][ T4064] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   71.000563][ T4078] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   71.007414][ T4075] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   71.015160][ T4078] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   71.029193][ T4075] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   71.029613][ T4078] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   71.036315][ T4064] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   71.043536][ T4078] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   71.439543][ T4082] 
[   71.441898][ T4082] ======================================================
[   71.448912][ T4082] WARNING: possible circular locking dependency detected
[   71.455926][ T4082] 5.18.0-rc1-next-20220411-syzkaller-dirty #0 Not tainted
[   71.463030][ T4082] ------------------------------------------------------
[   71.470045][ T4082] syz-executor129/4082 is trying to acquire lock:
[   71.476460][ T4082] ffff88807c11d130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0x131/0x2c0
[   71.486920][ T4082] 
[   71.486920][ T4082] but task is already holding lock:
[   71.494284][ T4082] ffffffff8d777e08 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xda/0x260
[   71.503887][ T4082] 
[   71.503887][ T4082] which lock already depends on the new lock.
[   71.503887][ T4082] 
[   71.514421][ T4082] 
[   71.514421][ T4082] the existing dependency chain (in reverse order) is:
[   71.523445][ T4082] 
[   71.523445][ T4082] -> #2 (hci_cb_list_lock){+.+.}-{3:3}:
[   71.531190][ T4082]        __mutex_lock+0x12f/0x1350
[   71.536337][ T4082]        hci_connect_cfm+0x26/0x140
[   71.541543][ T4082]        le_conn_complete_evt.part.0+0x145e/0x17e0
[   71.548040][ T4082]        hci_le_conn_complete_evt+0x2fd/0x390
[   71.554099][ T4082]        hci_le_meta_evt+0x2bd/0x520
[   71.559385][ T4082]        hci_event_packet+0x5da/0xf60
[   71.564749][ T4082]        hci_rx_work+0x522/0xd60
[   71.569689][ T4082]        process_one_work+0x996/0x1610
[   71.575145][ T4082]        worker_thread+0x665/0x1080
[   71.580360][ T4082]        kthread+0x2e9/0x3a0
[   71.584943][ T4082]        ret_from_fork+0x1f/0x30
[   71.589878][ T4082] 
[   71.589878][ T4082] -> #1 (&hdev->lock){+.+.}-{3:3}:
[   71.597167][ T4082]        __mutex_lock+0x12f/0x1350
[   71.602278][ T4082]        sco_sock_connect+0x1eb/0xa80
[   71.607641][ T4082]        __sys_connect_file+0x14f/0x190
[   71.613181][ T4082]        __sys_connect+0x161/0x190
[   71.618282][ T4082]        __x64_sys_connect+0x6f/0xb0
[   71.623561][ T4082]        do_syscall_64+0x35/0xb0
[   71.628498][ T4082]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   71.634909][ T4082] 
[   71.634909][ T4082] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}:
[   71.644022][ T4082]        __lock_acquire+0x2abe/0x5660
[   71.649406][ T4082]        lock_acquire+0x1ab/0x570
[   71.654435][ T4082]        lock_sock_nested+0x36/0xf0
[   71.659643][ T4082]        sco_conn_del+0x131/0x2c0
[   71.664680][ T4082]        sco_disconn_cfm+0x71/0xb0
[   71.669791][ T4082]        hci_conn_hash_flush+0x127/0x260
[   71.675424][ T4082]        hci_dev_close_sync+0x567/0x1140
[   71.681057][ T4082]        hci_dev_do_close+0x32/0x70
[   71.686249][ T4082]        hci_rfkill_set_block+0x19c/0x1d0
[   71.691974][ T4082]        rfkill_set_block+0x1f9/0x540
[   71.697347][ T4082]        rfkill_fop_write+0x2c3/0x570
[   71.702713][ T4082]        vfs_write+0x269/0xac0
[   71.707480][ T4082]        ksys_write+0x1e8/0x250
[   71.712331][ T4082]        do_syscall_64+0x35/0xb0
[   71.717267][ T4082]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   71.723677][ T4082] 
[   71.723677][ T4082] other info that might help us debug this:
[   71.723677][ T4082] 
[   71.733889][ T4082] Chain exists of:
[   71.733889][ T4082]   sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock
[   71.733889][ T4082] 
[   71.748128][ T4082]  Possible unsafe locking scenario:
[   71.748128][ T4082] 
[   71.755560][ T4082]        CPU0                    CPU1
[   71.760906][ T4082]        ----                    ----
[   71.766253][ T4082]   lock(hci_cb_list_lock);
[   71.770751][ T4082]                                lock(&hdev->lock);
[   71.777355][ T4082]                                lock(hci_cb_list_lock);
[   71.784364][ T4082]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO);
[   71.790244][ T4082] 
[   71.790244][ T4082]  *** DEADLOCK ***
[   71.790244][ T4082] 
[   71.798374][ T4082] 4 locks held by syz-executor129/4082:
[   71.803904][ T4082]  #0: ffffffff8d9583a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x15c/0x570
[   71.814009][ T4082]  #1: ffff88801f891048 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x2a/0x70
[   71.823595][ T4082]  #2: ffff88801f890078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x26d/0x1140
[   71.833373][ T4082]  #3: ffffffff8d777e08 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xda/0x260
[   71.843400][ T4082] 
[   71.843400][ T4082] stack backtrace:
[   71.849275][ T4082] CPU: 1 PID: 4082 Comm: syz-executor129 Not tainted 5.18.0-rc1-next-20220411-syzkaller-dirty #0
[   71.859764][ T4082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.869807][ T4082] Call Trace:
[   71.873084][ T4082]  <TASK>
[   71.876024][ T4082]  dump_stack_lvl+0xcd/0x134
[   71.880629][ T4082]  check_noncircular+0x25f/0x2e0
[   71.885584][ T4082]  ? print_circular_bug+0x1e0/0x1e0
[   71.890798][ T4082]  ? find_held_lock+0x2d/0x110
[   71.895575][ T4082]  ? finish_task_switch.isra.0+0x314/0xb80
[   71.901396][ T4082]  ? lock_downgrade+0x6e0/0x6e0
[   71.906268][ T4082]  __lock_acquire+0x2abe/0x5660
[   71.911155][ T4082]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   71.917167][ T4082]  ? __schedule+0xaa2/0x4cc0
[   71.921768][ T4082]  ? lockdep_hardirqs_on+0x79/0x100
[   71.926961][ T4082]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[   71.933119][ T4082]  lock_acquire+0x1ab/0x570
[   71.937628][ T4082]  ? sco_conn_del+0x131/0x2c0
[   71.942301][ T4082]  ? lock_release+0x780/0x780
[   71.946982][ T4082]  ? preempt_schedule_thunk+0x16/0x18
[   71.952474][ T4082]  ? preempt_schedule_common+0x59/0xc0
[   71.957939][ T4082]  lock_sock_nested+0x36/0xf0
[   71.962625][ T4082]  ? sco_conn_del+0x131/0x2c0
[   71.967294][ T4082]  sco_conn_del+0x131/0x2c0
[   71.971805][ T4082]  ? sco_conn_del+0x2c0/0x2c0
[   71.976471][ T4082]  sco_disconn_cfm+0x71/0xb0
[   71.981055][ T4082]  hci_conn_hash_flush+0x127/0x260
[   71.986169][ T4082]  hci_dev_close_sync+0x567/0x1140
[   71.991296][ T4082]  ? hci_dev_open_sync+0x2160/0x2160
[   71.996584][ T4082]  ? hci_rfkill_set_block+0x34/0x1d0
[   72.001862][ T4082]  hci_dev_do_close+0x32/0x70
[   72.006531][ T4082]  hci_rfkill_set_block+0x19c/0x1d0
[   72.011720][ T4082]  ? hci_power_on+0x630/0x630
[   72.016388][ T4082]  rfkill_set_block+0x1f9/0x540
[   72.021251][ T4082]  rfkill_fop_write+0x2c3/0x570
[   72.026103][ T4082]  ? rfkill_sync_work+0xc0/0xc0
[   72.030952][ T4082]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   72.037200][ T4082]  ? security_file_permission+0xab/0xd0
[   72.042745][ T4082]  ? rfkill_sync_work+0xc0/0xc0
[   72.047591][ T4082]  vfs_write+0x269/0xac0
[   72.051833][ T4082]  ksys_write+0x1e8/0x250
[   72.056161][ T4082]  ? __ia32_sys_read+0xb0/0xb0
[   72.060930][ T4082]  ? syscall_enter_from_user_mode+0x21/0x70
[   72.066824][ T4082]  do_syscall_64+0x35/0xb0
[   72.071242][ T4082]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   72.077133][ T4082] RIP: 0033:0x7fab5d4df609
[   72.081544][ T4082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   72.101152][ T4082] RSP: 002b:00007fab5cc8e2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   72.109565][ T4082] RAX: ffffffffffffffda RBX: 00007fab5d5684c0 RCX: 00007fab5d4df609
[   72.117529][ T4082] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003
[   72.125489][ T4082] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   72.133449][ T4082] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeea3e1ffe
[   72.141411][ T4082] R13: 00007ffeea3e1fff R14: 00007fab5d5684c8 R15: 0000000000022000
[   72.149381][ T4082]  </TASK>
[   76.284181][   T26] cfg80211: failed to load regulatory.db