[   19.111629][ T3696] 8021q: adding VLAN 0 to HW filter on device bond0
[   19.115402][ T3696] eql: remember to turn off Van-Jacobson compression on your slave devices
[   19.165654][  T371] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   19.169895][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
syzkaller login: [   69.616218][ T1535] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.173' (ED25519) to the list of known hosts.
1970/01/01 00:01:29 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:01:30 parsed 1 programs
[   93.149817][ T4048] cgroup: Unknown subsys name 'net'
[   93.429148][ T4048] cgroup: Unknown subsys name 'rlimit'
[   93.761941][ T4048] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[  101.060297][  T371] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.062899][  T371] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.068685][  T643] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  101.089622][  T643] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.092165][  T643] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.095197][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  102.202895][ T4108] chnl_net:caif_netlink_parms(): no params data found
[  102.242653][ T4108] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.244880][ T4108] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.247483][ T4108] device bridge_slave_0 entered promiscuous mode
[  102.252068][ T4108] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.254540][ T4108] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.257041][ T4108] device bridge_slave_1 entered promiscuous mode
[  102.274744][ T4108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.279216][ T4108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.294758][ T4108] team0: Port device team_slave_0 added
[  102.298935][ T4108] team0: Port device team_slave_1 added
[  102.312178][ T4108] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.314135][ T4108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.320990][ T4108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.326393][ T4108] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.328254][ T4108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.335754][ T4108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.395090][ T4108] device hsr_slave_0 entered promiscuous mode
[  102.434589][ T4108] device hsr_slave_1 entered promiscuous mode
[  102.560850][ T4108] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.606644][ T4108] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.634949][ T4108] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.688205][ T4108] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.743840][ T4108] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.746069][ T4108] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.748656][ T4108] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.750592][ T4108] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.791356][  T148] ODEBUG: Out of memory. ODEBUG disabled
[  102.801892][ T4108] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.809799][  T643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  102.814793][  T643] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.817490][  T643] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.825779][ T4108] 8021q: adding VLAN 0 to HW filter on device team0
[  102.832202][  T643] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  102.836625][  T643] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.838703][  T643] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.846146][  T643] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  102.848808][  T643] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.850732][  T643] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.868073][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  102.871033][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  102.878677][  T643] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  102.884351][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  102.889604][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  102.895444][ T4108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  102.979817][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  102.982007][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  103.024129][ T4108] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.041723][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  103.068017][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  103.071493][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  103.074306][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  103.083663][ T4108] device veth0_vlan entered promiscuous mode
[  103.089598][ T4108] device veth1_vlan entered promiscuous mode
[  103.104959][  T643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  103.107984][  T643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  103.112039][ T4108] device veth0_macvtap entered promiscuous mode
[  103.118067][ T4108] device veth1_macvtap entered promiscuous mode
[  103.130822][ T4108] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.133995][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  103.136444][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  103.138910][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  103.141890][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  103.149544][ T4108] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.153671][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  103.156665][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  103.159942][ T4108] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.162269][ T4108] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.165092][ T4108] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.167360][ T4108] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:01:43 executed programs: 0
[  103.636549][ T4140] chnl_net:caif_netlink_parms(): no params data found
[  103.667757][ T4140] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.669873][ T4140] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.672619][ T4140] device bridge_slave_0 entered promiscuous mode
[  103.676991][ T4140] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.678971][ T4140] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.681456][ T4140] device bridge_slave_1 entered promiscuous mode
[  103.697275][ T4140] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.701510][ T4140] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.716463][ T4140] team0: Port device team_slave_0 added
[  103.720181][ T4140] team0: Port device team_slave_1 added
[  103.732819][ T4140] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.734863][ T4140] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.741707][ T4140] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.746654][ T4140] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.748543][ T4140] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.755950][ T4140] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.814648][ T4140] device hsr_slave_0 entered promiscuous mode
[  103.863129][ T4140] device hsr_slave_1 entered promiscuous mode
[  103.902988][ T4140] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  103.905294][ T4140] Cannot create hsr debugfs directory
[  103.984333][ T4140] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.623533][   T21] Bluetooth: hci0: command 0x0409 tx timeout
[  106.469328][ T4140] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.693417][ T4128] Bluetooth: hci0: command 0x041b tx timeout
[  108.559005][ T4140] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.652393][ T4140] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.851273][ T4140] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  108.915735][ T4140] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  108.964627][ T4140] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  109.005186][ T4140] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  109.087193][ T4140] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.095705][ T1710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  109.098413][ T1710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  109.104979][ T4140] 8021q: adding VLAN 0 to HW filter on device team0
[  109.109880][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  109.114153][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  109.116862][  T371] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.118845][  T371] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.121998][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  109.127213][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  109.130051][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  109.132779][  T371] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.134724][  T371] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.141994][ T1710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  109.147050][  T643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  109.159011][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  109.163825][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  109.167964][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  109.170905][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  109.180332][ T4140] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  109.184298][ T4140] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  109.188394][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  109.191080][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  109.195328][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  109.198539][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  109.201214][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  109.209238][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  109.270168][ T1710] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  109.272341][ T1710] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  109.281329][ T4140] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.293556][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  109.299012][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  109.312682][ T1710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  109.315592][ T1710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  109.318435][ T1710] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  109.321739][ T1710] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  109.326720][ T4140] device veth0_vlan entered promiscuous mode
[  109.332560][ T4140] device veth1_vlan entered promiscuous mode
[  109.356733][ T4140] device veth0_macvtap entered promiscuous mode
[  109.360688][ T4140] device veth1_macvtap entered promiscuous mode
[  109.364527][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  109.367222][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  109.369787][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  109.374937][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  109.377654][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  109.380703][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  109.391105][ T4140] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.402762][ T4140] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.407369][ T4140] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.409966][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  109.413396][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  109.418046][ T4140] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.421017][ T4140] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.434582][ T4140] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.436798][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  109.441999][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  109.447876][ T4140] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.450294][ T4140] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.452579][ T4140] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.462833][ T4140] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.504309][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.506596][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.511097][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  109.527661][  T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.530125][  T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.538086][ T1710] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:49 executed programs: 2
[  109.772949][ T4129] Bluetooth: hci0: command 0x040f tx timeout
[  109.870323][ T4152] 
[  109.871053][ T4152] ======================================================
[  109.872954][ T4152] WARNING: possible circular locking dependency detected
[  109.874814][ T4152] 5.15.178-syzkaller #0 Not tainted
[  109.876277][ T4152] ------------------------------------------------------
[  109.878483][ T4152] syz.0.16/4152 is trying to acquire lock:
[  109.880135][ T4152] ffff0000d6544c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xd0/0x1c0
[  109.883130][ T4152] 
[  109.883130][ T4152] but task is already holding lock:
[  109.885058][ T4152] ffff800016f39608 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x250/0x750
[  109.887664][ T4152] 
[  109.887664][ T4152] which lock already depends on the new lock.
[  109.887664][ T4152] 
[  109.890374][ T4152] 
[  109.890374][ T4152] the existing dependency chain (in reverse order) is:
[  109.892618][ T4152] 
[  109.892618][ T4152] -> #4 (rfkill_global_mutex){+.+.}-{3:3}:
[  109.894563][ T4152]        __mutex_lock_common+0x194/0x2154
[  109.896053][ T4152]        mutex_lock_nested+0xa4/0xf8
[  109.897383][ T4152]        rfkill_register+0x44/0x7a4
[  109.898791][ T4152]        hci_register_dev+0x3e0/0x880
[  109.900325][ T4152]        vhci_create_device+0x2c4/0x568
[  109.901841][ T4152]        vhci_write+0x318/0x3b8
[  109.903186][ T4152]        vfs_write+0x884/0xb44
[  109.904475][ T4152]        ksys_write+0x15c/0x26c
[  109.905787][ T4152]        __arm64_sys_write+0x7c/0x90
[  109.907237][ T4152]        invoke_syscall+0x98/0x2b8
[  109.908666][ T4152]        el0_svc_common+0x138/0x258
[  109.910041][ T4152]        do_el0_svc+0x58/0x14c
[  109.911239][ T4152]        el0_svc+0x7c/0x1f0
[  109.912416][ T4152]        el0t_64_sync_handler+0x84/0xe4
[  109.913903][ T4152]        el0t_64_sync+0x1a0/0x1a4
[  109.915290][ T4152] 
[  109.915290][ T4152] -> #3 (&data->open_mutex){+.+.}-{3:3}:
[  109.917407][ T4152]        __mutex_lock_common+0x194/0x2154
[  109.918922][ T4152]        mutex_lock_nested+0xa4/0xf8
[  109.920360][ T4152]        vhci_send_frame+0x8c/0x10c
[  109.921698][ T4152]        hci_send_frame+0x194/0x2f0
[  109.923066][ T4152]        hci_tx_work+0x9ac/0x16cc
[  109.924355][ T4152]        process_one_work+0x790/0x11b8
[  109.925842][ T4152]        worker_thread+0x910/0x1034
[  109.927232][ T4152]        kthread+0x37c/0x45c
[  109.928446][ T4152]        ret_from_fork+0x10/0x20
[  109.929748][ T4152] 
[  109.929748][ T4152] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}:
[  109.932180][ T4152]        __flush_work+0xf8/0x1c0
[  109.933531][ T4152]        flush_work+0x24/0x38
[  109.934761][ T4152]        hci_dev_do_close+0x16c/0x1060
[  109.936183][ T4152]        hci_unregister_dev+0x248/0x4d4
[  109.937606][ T4152]        vhci_release+0x74/0xc4
[  109.938905][ T4152]        __fput+0x1c4/0x800
[  109.940102][ T4152]        ____fput+0x20/0x30
[  109.941258][ T4152]        task_work_run+0x130/0x1e4
[  109.942589][ T4152]        do_exit+0x670/0x20bc
[  109.943874][ T4152]        do_group_exit+0x110/0x268
[  109.945254][ T4152]        get_signal+0x634/0x1550
[  109.946580][ T4152]        do_notify_resume+0x3d0/0x32b8
[  109.948075][ T4152]        el0_svc+0xfc/0x1f0
[  109.949288][ T4152]        el0t_64_sync_handler+0x84/0xe4
[  109.950750][ T4152]        el0t_64_sync+0x1a0/0x1a4
[  109.952075][ T4152] 
[  109.952075][ T4152] -> #1 (&hdev->req_lock){+.+.}-{3:3}:
[  109.954092][ T4152]        __mutex_lock_common+0x194/0x2154
[  109.955664][ T4152]        mutex_lock_nested+0xa4/0xf8
[  109.957133][ T4152]        bg_scan_update+0x9c/0x470
[  109.958438][ T4152]        process_one_work+0x790/0x11b8
[  109.959904][ T4152]        worker_thread+0x910/0x1034
[  109.961316][ T4152]        kthread+0x37c/0x45c
[  109.962480][ T4152]        ret_from_fork+0x10/0x20
[  109.963899][ T4152] 
[  109.963899][ T4152] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}:
[  109.966522][ T4152]        __lock_acquire+0x32d4/0x7638
[  109.967987][ T4152]        lock_acquire+0x240/0x77c
[  109.969319][ T4152]        __flush_work+0xf8/0x1c0
[  109.970654][ T4152]        __cancel_work_timer+0x3ec/0x548
[  109.972202][ T4152]        cancel_work_sync+0x24/0x38
[  109.973617][ T4152]        hci_request_cancel_all+0xcc/0x2d0
[  109.975155][ T4152]        hci_dev_do_close+0x54/0x1060
[  109.976576][ T4152]        hci_rfkill_set_block+0xdc/0x1d0
[  109.978087][ T4152]        rfkill_set_block+0x18c/0x37c
[  109.979530][ T4152]        rfkill_fop_write+0x594/0x750
[  109.980929][ T4152]        vfs_write+0x280/0xb44
[  109.982218][ T4152]        ksys_write+0x15c/0x26c
[  109.983536][ T4152]        __arm64_sys_write+0x7c/0x90
[  109.984928][ T4152]        invoke_syscall+0x98/0x2b8
[  109.986263][ T4152]        el0_svc_common+0x138/0x258
[  109.987621][ T4152]        do_el0_svc+0x58/0x14c
[  109.988890][ T4152]        el0_svc+0x7c/0x1f0
[  109.990096][ T4152]        el0t_64_sync_handler+0x84/0xe4
[  109.991655][ T4152]        el0t_64_sync+0x1a0/0x1a4
[  109.993077][ T4152] 
[  109.993077][ T4152] other info that might help us debug this:
[  109.993077][ T4152] 
[  109.995845][ T4152] Chain exists of:
[  109.995845][ T4152]   (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex
[  109.995845][ T4152] 
[  110.000196][ T4152]  Possible unsafe locking scenario:
[  110.000196][ T4152] 
[  110.002196][ T4152]        CPU0                    CPU1
[  110.003664][ T4152]        ----                    ----
[  110.005037][ T4152]   lock(rfkill_global_mutex);
[  110.006217][ T4152]                                lock(&data->open_mutex);
[  110.008148][ T4152]                                lock(rfkill_global_mutex);
[  110.010097][ T4152]   lock((work_completion)(&hdev->bg_scan_update));
[  110.011954][ T4152] 
[  110.011954][ T4152]  *** DEADLOCK ***
[  110.011954][ T4152] 
[  110.014063][ T4152] 1 lock held by syz.0.16/4152:
[  110.015311][ T4152]  #0: ffff800016f39608 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x250/0x750
[  110.018021][ T4152] 
[  110.018021][ T4152] stack backtrace:
[  110.019530][ T4152] CPU: 0 PID: 4152 Comm: syz.0.16 Not tainted 5.15.178-syzkaller #0
[  110.021637][ T4152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  110.024308][ T4152] Call trace:
[  110.025150][ T4152]  dump_backtrace+0x0/0x530
[  110.026331][ T4152]  show_stack+0x2c/0x3c
[  110.027420][ T4152]  dump_stack_lvl+0x108/0x170
[  110.028639][ T4152]  dump_stack+0x1c/0x58
[  110.029789][ T4152]  print_circular_bug+0x150/0x1b8
[  110.031134][ T4152]  check_noncircular+0x2cc/0x378
[  110.032495][ T4152]  __lock_acquire+0x32d4/0x7638
[  110.033797][ T4152]  lock_acquire+0x240/0x77c
[  110.035004][ T4152]  __flush_work+0xf8/0x1c0
[  110.036161][ T4152]  __cancel_work_timer+0x3ec/0x548
[  110.037613][ T4152]  cancel_work_sync+0x24/0x38
[  110.038833][ T4152]  hci_request_cancel_all+0xcc/0x2d0
[  110.040243][ T4152]  hci_dev_do_close+0x54/0x1060
[  110.041511][ T4152]  hci_rfkill_set_block+0xdc/0x1d0
[  110.042856][ T4152]  rfkill_set_block+0x18c/0x37c
[  110.044127][ T4152]  rfkill_fop_write+0x594/0x750
[  110.045422][ T4152]  vfs_write+0x280/0xb44
[  110.046502][ T4152]  ksys_write+0x15c/0x26c
[  110.047766][ T4152]  __arm64_sys_write+0x7c/0x90
[  110.049015][ T4152]  invoke_syscall+0x98/0x2b8
[  110.050205][ T4152]  el0_svc_common+0x138/0x258
[  110.051432][ T4152]  do_el0_svc+0x58/0x14c
[  110.052519][ T4152]  el0_svc+0x7c/0x1f0
[  110.053583][ T4152]  el0t_64_sync_handler+0x84/0xe4
[  110.055029][ T4152]  el0t_64_sync+0x1a0/0x1a4
[  111.237747][  T148] device hsr_slave_0 left promiscuous mode
[  111.253335][  T148] device hsr_slave_1 left promiscuous mode
[  111.362968][  T148] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  111.364960][  T148] batman_adv: batadv0: Removing interface: batadv_slave_0
[  111.367518][  T148] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  111.369411][  T148] batman_adv: batadv0: Removing interface: batadv_slave_1
[  111.371765][  T148] device bridge_slave_1 left promiscuous mode
[  111.373617][  T148] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.433516][  T148] device bridge_slave_0 left promiscuous mode
[  111.435322][  T148] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.563014][  T148] device veth1_macvtap left promiscuous mode
[  111.565087][  T148] device veth0_macvtap left promiscuous mode
[  111.566744][  T148] device veth1_vlan left promiscuous mode
[  111.568335][  T148] device veth0_vlan left promiscuous mode
[  111.691666][  T148] team0 (unregistering): Port device team_slave_1 removed
[  111.698497][  T148] team0 (unregistering): Port device team_slave_0 removed
[  111.704337][  T148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.727674][  T148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  111.846923][  T148] bond0 (unregistering): Released all slaves
1970/01/01 00:01:54 executed programs: 206
1970/01/01 00:01:59 executed programs: 503