Warning: Permanently added '10.128.1.188' (ED25519) to the list of known hosts.
1970/01/01 00:00:38 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:00:39 parsed 1 programs
syzkaller login: [   41.980526][ T4022] cgroup: Unknown subsys name 'net'
[   42.209746][ T4022] cgroup: Unknown subsys name 'rlimit'
[   42.534390][ T4022] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   44.533255][ T4049] chnl_net:caif_netlink_parms(): no params data found
[   44.573524][ T4049] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.575194][ T4049] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.577289][ T4049] device bridge_slave_0 entered promiscuous mode
[   44.580964][ T4049] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.582439][ T4049] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.585402][ T4049] device bridge_slave_1 entered promiscuous mode
[   44.599771][ T4049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   44.603247][ T4049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   44.621493][ T4049] team0: Port device team_slave_0 added
[   44.624581][ T4049] team0: Port device team_slave_1 added
[   44.636772][ T4049] batman_adv: batadv0: Adding interface: batadv_slave_0
[   44.638174][ T4049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   44.643082][ T4049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   44.647062][ T4049] batman_adv: batadv0: Adding interface: batadv_slave_1
[   44.648479][ T4049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   44.653589][ T4049] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   44.705536][ T4049] device hsr_slave_0 entered promiscuous mode
[   44.743751][ T4049] device hsr_slave_1 entered promiscuous mode
[   44.895878][ T4049] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   44.937442][ T4049] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   44.976797][ T4049] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   45.017486][ T4049] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   45.081076][ T4049] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.082778][ T4049] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.084632][ T4049] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.086069][ T4049] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.126491][ T4049] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.133195][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.137719][  T136] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.140287][  T136] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.142709][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   45.150948][ T4049] 8021q: adding VLAN 0 to HW filter on device team0
[   45.173868][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.176185][  T136] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.177813][  T136] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.179658][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.181542][  T136] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.182893][  T136] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.198244][ T4049] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   45.200272][ T4049] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   45.207330][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   45.210016][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   45.212268][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.225003][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.227145][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   45.228998][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   45.277142][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   45.278900][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   45.285061][ T4049] 8021q: adding VLAN 0 to HW filter on device batadv0
[   45.297194][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.308855][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.311549][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   45.315026][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   45.319038][ T4049] device veth0_vlan entered promiscuous mode
[   45.325646][ T4049] device veth1_vlan entered promiscuous mode
[   45.338359][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   45.340448][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   45.342531][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.346760][ T4049] device veth0_macvtap entered promiscuous mode
[   45.350242][ T4049] device veth1_macvtap entered promiscuous mode
[   45.360909][ T4049] batman_adv: batadv0: Interface activated: batadv_slave_0
[   45.362730][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.367004][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   45.372260][ T4049] batman_adv: batadv0: Interface activated: batadv_slave_1
[   45.375147][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.385894][ T4049] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   45.387751][ T4049] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   45.389385][ T4049] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   45.391036][ T4049] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   46.396188][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   46.635997][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.637832][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.640215][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   46.651403][ T1751] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.652995][ T1751] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.655511][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:00:46 executed programs: 0
[   46.896046][ T4102] chnl_net:caif_netlink_parms(): no params data found
[   46.928478][ T4102] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.930141][ T4102] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.932325][ T4102] device bridge_slave_0 entered promiscuous mode
[   46.936035][ T4102] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.937619][ T4102] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.939658][ T4102] device bridge_slave_1 entered promiscuous mode
[   46.953631][ T4102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.957177][ T4102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.971245][ T4102] team0: Port device team_slave_0 added
[   46.974965][ T4102] team0: Port device team_slave_1 added
[   46.987853][ T4102] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.989388][ T4102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.994584][ T4102] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.998962][ T4102] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.000392][ T4102] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.005774][ T4102] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.065273][ T4102] device hsr_slave_0 entered promiscuous mode
[   47.103811][ T4102] device hsr_slave_1 entered promiscuous mode
[   47.143699][ T4102] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   47.145569][ T4102] Cannot create hsr debugfs directory
[   48.719303][    T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   48.904073][ T4094] Bluetooth: hci0: command 0x0409 tx timeout
[   50.983967][ T4080] Bluetooth: hci0: command 0x041b tx timeout
[   51.110002][    T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   51.170125][    T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.070377][ T4102] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   52.127151][ T4102] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   52.165312][ T4102] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   52.215412][ T4102] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   52.309689][ T4102] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.316410][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   52.318620][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.323255][ T4102] 8021q: adding VLAN 0 to HW filter on device team0
[   52.328573][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   52.330842][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.332707][ T1751] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.334190][ T1751] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.336587][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   52.340731][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   52.342859][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   52.345458][ T1751] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.346917][ T1751] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.351761][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   52.356651][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   52.361378][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   52.368322][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   52.370639][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   52.402071][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   52.404755][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   52.409371][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   52.411572][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   52.416577][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   52.418753][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   52.422465][ T4102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   52.486981][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   52.488846][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   52.494595][ T4102] 8021q: adding VLAN 0 to HW filter on device batadv0
[   52.506777][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   52.509056][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   52.519774][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   52.522073][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   52.526307][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   52.528473][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   52.532161][ T4102] device veth0_vlan entered promiscuous mode
[   52.538749][ T4102] device veth1_vlan entered promiscuous mode
[   52.552505][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   52.555782][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   52.557956][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   52.560385][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   52.565925][ T4102] device veth0_macvtap entered promiscuous mode
[   52.570521][ T4102] device veth1_macvtap entered promiscuous mode
[   52.581532][ T4102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   52.584038][ T4102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   52.586915][ T4102] batman_adv: batadv0: Interface activated: batadv_slave_0
[   52.588858][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   52.591071][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   52.594201][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   52.596741][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   52.600749][ T4102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   52.603065][ T4102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   52.607643][ T4102] batman_adv: batadv0: Interface activated: batadv_slave_1
[   52.609480][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   52.611830][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   52.618471][ T4102] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   52.620364][ T4102] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   52.622168][ T4102] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   52.624450][ T4102] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   52.660094][ T1751] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   52.662001][ T1751] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   52.671340][ T1751] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   52.677642][ T1751] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   52.679464][ T1751] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   52.682122][  T294] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   52.744406][ T4151] 
[   52.745074][ T4151] ======================================================
[   52.746630][ T4151] WARNING: possible circular locking dependency detected
[   52.748156][ T4151] 5.15.173-syzkaller #0 Not tainted
[   52.749214][ T4151] ------------------------------------------------------
[   52.750667][ T4151] syz.0.15/4151 is trying to acquire lock:
[   52.751910][ T4151] ffff0000d5bb8c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xd0/0x1c0
[   52.754323][ T4151] 
[   52.754323][ T4151] but task is already holding lock:
[   52.755908][ T4151] ffff800016f25fe8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x250/0x750
[   52.757937][ T4151] 
[   52.757937][ T4151] which lock already depends on the new lock.
[   52.757937][ T4151] 
[   52.760046][ T4151] 
[   52.760046][ T4151] the existing dependency chain (in reverse order) is:
[   52.761903][ T4151] 
[   52.761903][ T4151] -> #4 (rfkill_global_mutex){+.+.}-{3:3}:
[   52.763548][ T4151]        __mutex_lock_common+0x194/0x2154
[   52.764789][ T4151]        mutex_lock_nested+0xa4/0xf8
[   52.765861][ T4151]        rfkill_register+0x44/0x7a4
[   52.766968][ T4151]        hci_register_dev+0x3e0/0x880
[   52.768111][ T4151]        vhci_create_device+0x2c4/0x568
[   52.769255][ T4151]        vhci_write+0x318/0x3b8
[   52.770314][ T4151]        vfs_write+0x884/0xb44
[   52.771325][ T4151]        ksys_write+0x15c/0x26c
[   52.772400][ T4151]        __arm64_sys_write+0x7c/0x90
[   52.773574][ T4151]        invoke_syscall+0x98/0x2b8
[   52.774731][ T4151]        el0_svc_common+0x138/0x258
[   52.775858][ T4151]        do_el0_svc+0x58/0x14c
[   52.776839][ T4151]        el0_svc+0x7c/0x1f0
[   52.777801][ T4151]        el0t_64_sync_handler+0x84/0xe4
[   52.778954][ T4151]        el0t_64_sync+0x1a0/0x1a4
[   52.780022][ T4151] 
[   52.780022][ T4151] -> #3 (&data->open_mutex){+.+.}-{3:3}:
[   52.781663][ T4151]        __mutex_lock_common+0x194/0x2154
[   52.782982][ T4151]        mutex_lock_nested+0xa4/0xf8
[   52.784340][ T4151]        vhci_send_frame+0x8c/0x10c
[   52.785666][ T4151]        hci_send_frame+0x194/0x2f0
[   52.786820][ T4151]        hci_tx_work+0x9ac/0x16cc
[   52.787938][ T4151]        process_one_work+0x790/0x11b8
[   52.789159][ T4151]        worker_thread+0x910/0x1034
[   52.790572][ T4151]        kthread+0x37c/0x45c
[   52.791481][ T4151]        ret_from_fork+0x10/0x20
[   52.792656][ T4151] 
[   52.792656][ T4151] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}:
[   52.794823][ T4151]        __flush_work+0xf8/0x1c0
[   52.795932][ T4151]        flush_work+0x24/0x38
[   52.796939][ T4151]        hci_dev_do_close+0x16c/0x1060
[   52.798167][ T4151]        hci_unregister_dev+0x248/0x4d4
[   52.799466][ T4151]        vhci_release+0x74/0xc4
[   52.800499][ T4151]        __fput+0x1c4/0x800
[   52.801470][ T4151]        ____fput+0x20/0x30
[   52.802675][ T4151]        task_work_run+0x130/0x1e4
[   52.803849][ T4151]        do_exit+0x670/0x20bc
[   52.804816][ T4151]        do_group_exit+0x110/0x268
[   52.805923][ T4151]        get_signal+0x634/0x1550
[   52.806977][ T4151]        do_notify_resume+0x3d0/0x32b8
[   52.808116][ T4151]        el0_svc+0xfc/0x1f0
[   52.809111][ T4151]        el0t_64_sync_handler+0x84/0xe4
[   52.810309][ T4151]        el0t_64_sync+0x1a0/0x1a4
[   52.811390][ T4151] 
[   52.811390][ T4151] -> #1 (&hdev->req_lock){+.+.}-{3:3}:
[   52.813075][ T4151]        __mutex_lock_common+0x194/0x2154
[   52.814249][ T4151]        mutex_lock_nested+0xa4/0xf8
[   52.815372][ T4151]        bg_scan_update+0x9c/0x470
[   52.816539][ T4151]        process_one_work+0x790/0x11b8
[   52.817770][ T4151]        worker_thread+0x910/0x1034
[   52.818849][ T4151]        kthread+0x37c/0x45c
[   52.819926][ T4151]        ret_from_fork+0x10/0x20
[   52.821123][ T4151] 
[   52.821123][ T4151] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}:
[   52.823328][ T4151]        __lock_acquire+0x32d4/0x7638
[   52.824502][ T4151]        lock_acquire+0x240/0x77c
[   52.825594][ T4151]        __flush_work+0xf8/0x1c0
[   52.826692][ T4151]        __cancel_work_timer+0x3ec/0x548
[   52.827871][ T4151]        cancel_work_sync+0x24/0x38
[   52.828988][ T4151]        hci_request_cancel_all+0xcc/0x2d0
[   52.830261][ T4151]        hci_dev_do_close+0x54/0x1060
[   52.831423][ T4151]        hci_rfkill_set_block+0xdc/0x1d0
[   52.832626][ T4151]        rfkill_set_block+0x18c/0x37c
[   52.833839][ T4151]        rfkill_fop_write+0x594/0x750
[   52.835000][ T4151]        vfs_write+0x280/0xb44
[   52.836014][ T4151]        ksys_write+0x15c/0x26c
[   52.837049][ T4151]        __arm64_sys_write+0x7c/0x90
[   52.838223][ T4151]        invoke_syscall+0x98/0x2b8
[   52.839277][ T4151]        el0_svc_common+0x138/0x258
[   52.840394][ T4151]        do_el0_svc+0x58/0x14c
[   52.841394][ T4151]        el0_svc+0x7c/0x1f0
[   52.842405][ T4151]        el0t_64_sync_handler+0x84/0xe4
[   52.843636][ T4151]        el0t_64_sync+0x1a0/0x1a4
[   52.844757][ T4151] 
[   52.844757][ T4151] other info that might help us debug this:
[   52.844757][ T4151] 
[   52.847193][ T4151] Chain exists of:
[   52.847193][ T4151]   (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex
[   52.847193][ T4151] 
[   52.850603][ T4151]  Possible unsafe locking scenario:
[   52.850603][ T4151] 
[   52.852286][ T4151]        CPU0                    CPU1
[   52.853495][ T4151]        ----                    ----
[   52.854707][ T4151]   lock(rfkill_global_mutex);
[   52.855844][ T4151]                                lock(&data->open_mutex);
[   52.857415][ T4151]                                lock(rfkill_global_mutex);
[   52.859075][ T4151]   lock((work_completion)(&hdev->bg_scan_update));
[   52.860689][ T4151] 
[   52.860689][ T4151]  *** DEADLOCK ***
[   52.860689][ T4151] 
[   52.862468][ T4151] 1 lock held by syz.0.15/4151:
[   52.863533][ T4151]  #0: ffff800016f25fe8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x250/0x750
[   52.865683][ T4151] 
[   52.865683][ T4151] stack backtrace:
[   52.866937][ T4151] CPU: 0 PID: 4151 Comm: syz.0.15 Not tainted 5.15.173-syzkaller #0
[   52.868685][ T4151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   52.870737][ T4151] Call trace:
[   52.871355][ T4151]  dump_backtrace+0x0/0x530
[   52.872366][ T4151]  show_stack+0x2c/0x3c
[   52.873285][ T4151]  dump_stack_lvl+0x108/0x170
[   52.874371][ T4151]  dump_stack+0x1c/0x58
[   52.875365][ T4151]  print_circular_bug+0x150/0x1b8
[   52.876487][ T4151]  check_noncircular+0x2cc/0x378
[   52.877677][ T4151]  __lock_acquire+0x32d4/0x7638
[   52.878774][ T4151]  lock_acquire+0x240/0x77c
[   52.879835][ T4151]  __flush_work+0xf8/0x1c0
[   52.880900][ T4151]  __cancel_work_timer+0x3ec/0x548
[   52.882077][ T4151]  cancel_work_sync+0x24/0x38
[   52.883155][ T4151]  hci_request_cancel_all+0xcc/0x2d0
[   52.884332][ T4151]  hci_dev_do_close+0x54/0x1060
[   52.885345][ T4151]  hci_rfkill_set_block+0xdc/0x1d0
[   52.886539][ T4151]  rfkill_set_block+0x18c/0x37c
[   52.887592][ T4151]  rfkill_fop_write+0x594/0x750
[   52.888641][ T4151]  vfs_write+0x280/0xb44
[   52.889490][ T4151]  ksys_write+0x15c/0x26c
[   52.890449][ T4151]  __arm64_sys_write+0x7c/0x90
[   52.891538][ T4151]  invoke_syscall+0x98/0x2b8
[   52.892506][ T4151]  el0_svc_common+0x138/0x258
[   52.893504][ T4151]  do_el0_svc+0x58/0x14c
[   52.894506][ T4151]  el0_svc+0x7c/0x1f0
[   52.895482][ T4151]  el0t_64_sync_handler+0x84/0xe4
[   52.896734][ T4151]  el0t_64_sync+0x1a0/0x1a4
[   53.063731][ T3604] Bluetooth: hci0: command 0x040f tx timeout