Warning: Permanently added '10.128.1.132' (ED25519) to the list of known hosts.
executing program
[   44.042437][ T3967] input: syz1 as /devices/virtual/input/input2
[   44.087576][ T3770] 
[   44.088177][ T3770] ======================================================
[   44.089603][ T3770] WARNING: possible circular locking dependency detected
[   44.090987][ T3770] 5.15.148-syzkaller #0 Not tainted
[   44.092046][ T3770] ------------------------------------------------------
[   44.093492][ T3770] kworker/1:3/3770 is trying to acquire lock:
[   44.094729][ T3770] ffff0000dce24c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xd0/0x1c0
[   44.097053][ T3770] 
[   44.097053][ T3770] but task is already holding lock:
[   44.098764][ T3770] ffff800016c8dc28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x58/0x158
[   44.100694][ T3770] 
[   44.100694][ T3770] which lock already depends on the new lock.
[   44.100694][ T3770] 
[   44.102841][ T3770] 
[   44.102841][ T3770] the existing dependency chain (in reverse order) is:
[   44.104703][ T3770] 
[   44.104703][ T3770] -> #4 (rfkill_global_mutex){+.+.}-{3:3}:
[   44.106301][ T3770]        __mutex_lock_common+0x194/0x2154
[   44.107464][ T3770]        mutex_lock_nested+0xa4/0xf8
[   44.108627][ T3770]        rfkill_register+0x44/0x7a4
[   44.109702][ T3770]        hci_register_dev+0x3e0/0x880
[   44.110813][ T3770]        vhci_create_device+0x2c4/0x568
[   44.111897][ T3770]        vhci_write+0x318/0x3b8
[   44.112945][ T3770]        vfs_write+0x87c/0xb3c
[   44.113933][ T3770]        ksys_write+0x15c/0x26c
[   44.114911][ T3770]        __arm64_sys_write+0x7c/0x90
[   44.116016][ T3770]        invoke_syscall+0x98/0x2b8
[   44.117058][ T3770]        el0_svc_common+0x138/0x258
[   44.118160][ T3770]        do_el0_svc+0x58/0x14c
[   44.119133][ T3770]        el0_svc+0x7c/0x1f0
[   44.120063][ T3770]        el0t_64_sync_handler+0x84/0xe4
[   44.121169][ T3770]        el0t_64_sync+0x1a0/0x1a4
[   44.122177][ T3770] 
[   44.122177][ T3770] -> #3 (&data->open_mutex){+.+.}-{3:3}:
[   44.123747][ T3770]        __mutex_lock_common+0x194/0x2154
[   44.124926][ T3770]        mutex_lock_nested+0xa4/0xf8
[   44.126006][ T3770]        vhci_send_frame+0x8c/0x10c
[   44.127087][ T3770]        hci_send_frame+0x194/0x2f0
[   44.128056][ T3770]        hci_tx_work+0x8d8/0x157c
[   44.129097][ T3770]        process_one_work+0x790/0x11b8
[   44.130256][ T3770]        worker_thread+0x910/0x1034
[   44.131279][ T3770]        kthread+0x37c/0x45c
[   44.132263][ T3770]        ret_from_fork+0x10/0x20
[   44.133259][ T3770] 
[   44.133259][ T3770] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}:
[   44.135074][ T3770]        __flush_work+0xf8/0x1c0
[   44.136099][ T3770]        flush_work+0x24/0x38
[   44.137091][ T3770]        hci_dev_do_close+0x16c/0x1060
[   44.138170][ T3770]        hci_unregister_dev+0x228/0x4b4
[   44.139135][ T3770]        vhci_release+0x74/0xc4
[   44.139971][ T3770]        __fput+0x30c/0x7f0
[   44.140759][ T3770]        ____fput+0x20/0x30
[   44.141606][ T3770]        task_work_run+0x130/0x1e4
[   44.142574][ T3770]        do_exit+0x670/0x20bc
[   44.143559][ T3770]        do_group_exit+0x110/0x268
[   44.144614][ T3770]        __wake_up_parent+0x0/0x60
[   44.145669][ T3770]        invoke_syscall+0x98/0x2b8
[   44.146744][ T3770]        el0_svc_common+0x138/0x258
[   44.147788][ T3770]        do_el0_svc+0x58/0x14c
[   44.148703][ T3770]        el0_svc+0x7c/0x1f0
[   44.149704][ T3770]        el0t_64_sync_handler+0x84/0xe4
[   44.150785][ T3770]        el0t_64_sync+0x1a0/0x1a4
[   44.151759][ T3770] 
[   44.151759][ T3770] -> #1 (&hdev->req_lock){+.+.}-{3:3}:
[   44.153310][ T3770]        __mutex_lock_common+0x194/0x2154
[   44.154415][ T3770]        mutex_lock_nested+0xa4/0xf8
[   44.155486][ T3770]        bg_scan_update+0x9c/0x470
[   44.156583][ T3770]        process_one_work+0x790/0x11b8
[   44.157641][ T3770]        worker_thread+0x910/0x1034
[   44.158663][ T3770]        kthread+0x37c/0x45c
[   44.159637][ T3770]        ret_from_fork+0x10/0x20
[   44.160619][ T3770] 
[   44.160619][ T3770] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}:
[   44.162698][ T3770]        __lock_acquire+0x32d4/0x7638
[   44.163793][ T3770]        lock_acquire+0x240/0x77c
[   44.164776][ T3770]        __flush_work+0xf8/0x1c0
[   44.165776][ T3770]        __cancel_work_timer+0x3ec/0x548
[   44.166959][ T3770]        cancel_work_sync+0x24/0x38
[   44.168001][ T3770]        hci_request_cancel_all+0xcc/0x2d0
[   44.169159][ T3770]        hci_dev_do_close+0x54/0x1060
[   44.170237][ T3770]        hci_rfkill_set_block+0xdc/0x1d0
[   44.171383][ T3770]        rfkill_set_block+0x18c/0x37c
[   44.172501][ T3770]        rfkill_epo+0x8c/0x158
[   44.173496][ T3770]        rfkill_op_handler+0x170/0x288
[   44.174614][ T3770]        process_one_work+0x790/0x11b8
[   44.175684][ T3770]        worker_thread+0x910/0x1034
[   44.176728][ T3770]        kthread+0x37c/0x45c
[   44.177680][ T3770]        ret_from_fork+0x10/0x20
[   44.178679][ T3770] 
[   44.178679][ T3770] other info that might help us debug this:
[   44.178679][ T3770] 
[   44.180771][ T3770] Chain exists of:
[   44.180771][ T3770]   (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex
[   44.180771][ T3770] 
[   44.183942][ T3770]  Possible unsafe locking scenario:
[   44.183942][ T3770] 
[   44.185430][ T3770]        CPU0                    CPU1
[   44.186470][ T3770]        ----                    ----
[   44.187513][ T3770]   lock(rfkill_global_mutex);
[   44.188450][ T3770]                                lock(&data->open_mutex);
[   44.189841][ T3770]                                lock(rfkill_global_mutex);
[   44.191309][ T3770]   lock((work_completion)(&hdev->bg_scan_update));
[   44.192634][ T3770] 
[   44.192634][ T3770]  *** DEADLOCK ***
[   44.192634][ T3770] 
[   44.194303][ T3770] 3 locks held by kworker/1:3/3770:
[   44.195342][ T3770]  #0: ffff0000c0020d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8
[   44.197506][ T3770]  #1: ffff80001c8d7c00 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8
[   44.199624][ T3770]  #2: ffff800016c8dc28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x58/0x158
[   44.201616][ T3770] 
[   44.201616][ T3770] stack backtrace:
[   44.202844][ T3770] CPU: 1 PID: 3770 Comm: kworker/1:3 Not tainted 5.15.148-syzkaller #0
[   44.204557][ T3770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   44.206617][ T3770] Workqueue: events rfkill_op_handler
[   44.207657][ T3770] Call trace:
[   44.208296][ T3770]  dump_backtrace+0x0/0x530
[   44.209218][ T3770]  show_stack+0x2c/0x3c
[   44.210078][ T3770]  dump_stack_lvl+0x108/0x170
[   44.210991][ T3770]  dump_stack+0x1c/0x58
[   44.211798][ T3770]  print_circular_bug+0x150/0x1b8
[   44.212836][ T3770]  check_noncircular+0x2cc/0x378
[   44.213819][ T3770]  __lock_acquire+0x32d4/0x7638
[   44.214804][ T3770]  lock_acquire+0x240/0x77c
[   44.215703][ T3770]  __flush_work+0xf8/0x1c0
[   44.216598][ T3770]  __cancel_work_timer+0x3ec/0x548
[   44.217651][ T3770]  cancel_work_sync+0x24/0x38
[   44.218554][ T3770]  hci_request_cancel_all+0xcc/0x2d0
[   44.219608][ T3770]  hci_dev_do_close+0x54/0x1060
[   44.220553][ T3770]  hci_rfkill_set_block+0xdc/0x1d0
[   44.221598][ T3770]  rfkill_set_block+0x18c/0x37c
[   44.222548][ T3770]  rfkill_epo+0x8c/0x158
[   44.223419][ T3770]  rfkill_op_handler+0x170/0x288
[   44.224419][ T3770]  process_one_work+0x790/0x11b8
[   44.225455][ T3770]  worker_thread+0x910/0x1034
[   44.226402][ T3770]  kthread+0x37c/0x45c
[   44.227245][ T3770]  ret_from_fork+0x10/0x20