Warning: Permanently added '10.128.0.182' (ED25519) to the list of known hosts.
[   50.156005][ T3545] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   50.163673][ T3545] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   50.171770][ T3545] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   50.179514][ T3545] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   50.187339][ T3545] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   50.194675][ T3545] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
executing program
[   50.277206][ T3541] 
[   50.279564][ T3541] ======================================================
[   50.286578][ T3541] WARNING: possible circular locking dependency detected
[   50.293593][ T3541] 6.1.66-syzkaller #0 Not tainted
[   50.298613][ T3541] ------------------------------------------------------
[   50.305625][ T3541] syz-executor162/3541 is trying to acquire lock:
[   50.312033][ T3541] ffff88807d390dc0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: __flush_work+0xe5/0xad0
[   50.322488][ T3541] 
[   50.322488][ T3541] but task is already holding lock:
[   50.329848][ T3541] ffff88807d3910b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_rfkill_set_block+0x129/0x200
[   50.339528][ T3541] 
[   50.339528][ T3541] which lock already depends on the new lock.
[   50.339528][ T3541] 
[   50.349928][ T3541] 
[   50.349928][ T3541] the existing dependency chain (in reverse order) is:
[   50.358938][ T3541] 
[   50.358938][ T3541] -> #3 (&hdev->req_lock){+.+.}-{3:3}:
[   50.366589][ T3541]        lock_acquire+0x1f8/0x5a0
[   50.371624][ T3541]        __mutex_lock+0x132/0xd80
[   50.376673][ T3541]        hci_rfkill_set_block+0x129/0x200
[   50.382400][ T3541]        rfkill_set_block+0x1e7/0x430
[   50.387945][ T3541]        rfkill_fop_write+0x5b7/0x790
[   50.393327][ T3541]        vfs_write+0x2d9/0xba0
[   50.398103][ T3541]        ksys_write+0x19c/0x2c0
[   50.402964][ T3541]        do_syscall_64+0x3d/0xb0
[   50.407908][ T3541]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.414329][ T3541] 
[   50.414329][ T3541] -> #2 (rfkill_global_mutex){+.+.}-{3:3}:
[   50.422328][ T3541]        lock_acquire+0x1f8/0x5a0
[   50.427360][ T3541]        __mutex_lock+0x132/0xd80
[   50.432394][ T3541]        rfkill_register+0x30/0x880
[   50.437597][ T3541]        hci_register_dev+0x4df/0xa40
[   50.442978][ T3541]        vhci_create_device+0x3ba/0x6f0
[   50.448526][ T3541]        vhci_write+0x38b/0x440
[   50.453378][ T3541]        vfs_write+0x7ae/0xba0
[   50.458157][ T3541]        ksys_write+0x19c/0x2c0
[   50.463015][ T3541]        do_syscall_64+0x3d/0xb0
[   50.467963][ T3541]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.474387][ T3541] 
[   50.474387][ T3541] -> #1 (&data->open_mutex){+.+.}-{3:3}:
[   50.482212][ T3541]        lock_acquire+0x1f8/0x5a0
[   50.487247][ T3541]        __mutex_lock+0x132/0xd80
[   50.492276][ T3541]        vhci_send_frame+0x8a/0xf0
[   50.497392][ T3541]        hci_send_frame+0x1ef/0x370
[   50.502597][ T3541]        hci_tx_work+0xec8/0x1ec0
[   50.507626][ T3541]        process_one_work+0x8a9/0x11d0
[   50.513093][ T3541]        worker_thread+0xa47/0x1200
[   50.518306][ T3541]        kthread+0x28d/0x320
[   50.522904][ T3541]        ret_from_fork+0x1f/0x30
[   50.527852][ T3541] 
[   50.527852][ T3541] -> #0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}:
[   50.537071][ T3541]        validate_chain+0x1661/0x5950
[   50.542450][ T3541]        __lock_acquire+0x125b/0x1f80
[   50.547831][ T3541]        lock_acquire+0x1f8/0x5a0
[   50.552867][ T3541]        __flush_work+0xfe/0xad0
[   50.557808][ T3541]        hci_dev_close_sync+0x233/0xfc0
[   50.563358][ T3541]        hci_rfkill_set_block+0x131/0x200
[   50.569086][ T3541]        rfkill_set_block+0x1e7/0x430
[   50.574643][ T3541]        rfkill_fop_write+0x5b7/0x790
[   50.580021][ T3541]        vfs_write+0x2d9/0xba0
[   50.584966][ T3541]        ksys_write+0x19c/0x2c0
[   50.589828][ T3541]        do_syscall_64+0x3d/0xb0
[   50.594771][ T3541]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.601206][ T3541] 
[   50.601206][ T3541] other info that might help us debug this:
[   50.601206][ T3541] 
[   50.611432][ T3541] Chain exists of:
[   50.611432][ T3541]   (work_completion)(&hdev->tx_work) --> rfkill_global_mutex --> &hdev->req_lock
[   50.611432][ T3541] 
[   50.626386][ T3541]  Possible unsafe locking scenario:
[   50.626386][ T3541] 
[   50.633828][ T3541]        CPU0                    CPU1
[   50.639193][ T3541]        ----                    ----
[   50.644555][ T3541]   lock(&hdev->req_lock);
[   50.648979][ T3541]                                lock(rfkill_global_mutex);
[   50.656266][ T3541]                                lock(&hdev->req_lock);
[   50.663204][ T3541]   lock((work_completion)(&hdev->tx_work));
[   50.669186][ T3541] 
[   50.669186][ T3541]  *** DEADLOCK ***
[   50.669186][ T3541] 
[   50.677328][ T3541] 2 locks held by syz-executor162/3541:
[   50.682869][ T3541]  #0: ffffffff8e544aa8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790
[   50.692987][ T3541]  #1: ffff88807d3910b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_rfkill_set_block+0x129/0x200
[   50.703105][ T3541] 
[   50.703105][ T3541] stack backtrace:
[   50.709001][ T3541] CPU: 1 PID: 3541 Comm: syz-executor162 Not tainted 6.1.66-syzkaller #0
[   50.717413][ T3541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   50.727466][ T3541] Call Trace:
[   50.730749][ T3541]  <TASK>
[   50.733679][ T3541]  dump_stack_lvl+0x1e3/0x2cb
[   50.738370][ T3541]  ? nf_tcp_handle_invalid+0x642/0x642
[   50.743842][ T3541]  ? print_circular_bug+0x12b/0x1a0
[   50.749050][ T3541]  check_noncircular+0x2fa/0x3b0
[   50.754001][ T3541]  ? add_chain_block+0x850/0x850
[   50.758950][ T3541]  ? lockdep_lock+0x11f/0x2a0
[   50.763636][ T3541]  ? arch_stack_walk+0xf3/0x140
[   50.768492][ T3541]  ? _find_first_zero_bit+0xd0/0x100
[   50.773787][ T3541]  validate_chain+0x1661/0x5950
[   50.778655][ T3541]  ? lockdep_unlock+0x165/0x300
[   50.783514][ T3541]  ? reacquire_held_locks+0x660/0x660
[   50.788893][ T3541]  ? add_lock_to_list+0x1de/0x2e0
[   50.793930][ T3541]  ? validate_chain+0x13ce/0x5950
[   50.798966][ T3541]  ? look_up_lock_class+0x77/0x140
[   50.804081][ T3541]  ? register_lock_class+0x100/0x990
[   50.809379][ T3541]  ? is_dynamic_key+0x260/0x260
[   50.814241][ T3541]  ? mark_lock+0x9a/0x340
[   50.818583][ T3541]  __lock_acquire+0x125b/0x1f80
[   50.823450][ T3541]  lock_acquire+0x1f8/0x5a0
[   50.827960][ T3541]  ? __flush_work+0xe5/0xad0
[   50.832559][ T3541]  ? read_lock_is_recursive+0x10/0x10
[   50.837942][ T3541]  ? mark_lock+0x9a/0x340
[   50.842281][ T3541]  ? __lock_acquire+0x125b/0x1f80
[   50.847318][ T3541]  ? __flush_work+0xe5/0xad0
[   50.851912][ T3541]  __flush_work+0xfe/0xad0
[   50.856328][ T3541]  ? __flush_work+0xe5/0xad0
[   50.860932][ T3541]  ? flush_work+0x20/0x20
[   50.865279][ T3541]  ? led_trigger_event+0x24/0x1d0
[   50.870318][ T3541]  hci_dev_close_sync+0x233/0xfc0
[   50.875351][ T3541]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   50.881259][ T3541]  hci_rfkill_set_block+0x131/0x200
[   50.886471][ T3541]  ? hci_req_cmd_complete+0x910/0x910
[   50.891853][ T3541]  rfkill_set_block+0x1e7/0x430
[   50.896713][ T3541]  rfkill_fop_write+0x5b7/0x790
[   50.901579][ T3541]  ? rfkill_fop_read+0x470/0x470
[   50.906534][ T3541]  ? fsnotify_perm+0x67/0x590
[   50.911224][ T3541]  ? bpf_lsm_file_permission+0x5/0x10
[   50.916613][ T3541]  ? rfkill_fop_read+0x470/0x470
[   50.921560][ T3541]  vfs_write+0x2d9/0xba0
[   50.925825][ T3541]  ? do_sys_openat2+0x42b/0x500
[   50.930686][ T3541]  ? file_end_write+0x250/0x250
[   50.935547][ T3541]  ? do_sys_openat2+0x42b/0x500
[   50.940428][ T3541]  ? do_sys_open+0x220/0x220
[   50.945034][ T3541]  ? __fdget_pos+0x1db/0x360
[   50.949633][ T3541]  ksys_write+0x19c/0x2c0
[   50.953975][ T3541]  ? print_irqtrace_events+0x210/0x210
[   50.959444][ T3541]  ? __ia32_sys_read+0x80/0x80
[   50.964219][ T3541]  ? syscall_enter_from_user_mode+0x2e/0x220
[   50.970204][ T3541]  ? lockdep_hardirqs_on+0x94/0x130
[   50.975408][ T3541]  ? syscall_enter_from_user_mode+0x2e/0x220
[   50.981392][ T3541]  do_syscall_64+0x3d/0xb0
[   50.985819][ T3541]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.991720][ T3541] RIP: 0033:0x7f61a9bcc4b9
[   50.996144][ T3541] Code: 48 83 c4 28 c3 e8 e7 18 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   51.015752][ T3541] RSP: 002b:00007fffa363e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   51.024173][ T3541] RAX: ffffffffffffffda RBX: 00007f61a9c23043 RCX: 000