Warning: Permanently added '10.128.0.166' (ED25519) to the list of known hosts.
executing program
[   43.399954][ T4023] 
[   43.400571][ T4023] ======================================================
[   43.402314][ T4023] WARNING: possible circular locking dependency detected
[   43.404037][ T4023] 5.15.165-syzkaller #0 Not tainted
[   43.405323][ T4023] ------------------------------------------------------
[   43.407059][ T4023] syz-executor227/4023 is trying to acquire lock:
[   43.408688][ T4023] ffff0000dad60b98 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: __flush_work+0xd0/0x1c0
[   43.411423][ T4023] 
[   43.411423][ T4023] but task is already holding lock:
[   43.413311][ T4023] ffff0000dad60ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x64/0x1060
[   43.415691][ T4023] 
[   43.415691][ T4023] which lock already depends on the new lock.
[   43.415691][ T4023] 
[   43.418362][ T4023] 
[   43.418362][ T4023] the existing dependency chain (in reverse order) is:
[   43.420719][ T4023] 
[   43.420719][ T4023] -> #3 (&hdev->req_lock){+.+.}-{3:3}:
[   43.422668][ T4023]        __mutex_lock_common+0x194/0x2154
[   43.424130][ T4023]        mutex_lock_nested+0xa4/0xf8
[   43.425490][ T4023]        hci_dev_do_close+0x64/0x1060
[   43.426860][ T4023]        hci_rfkill_set_block+0xdc/0x1d0
[   43.428314][ T4023]        rfkill_set_block+0x18c/0x37c
[   43.429669][ T4023]        rfkill_fop_write+0x594/0x750
[   43.431056][ T4023]        vfs_write+0x280/0xb44
[   43.432303][ T4023]        ksys_write+0x15c/0x26c
[   43.433539][ T4023]        __arm64_sys_write+0x7c/0x90
[   43.434887][ T4023]        invoke_syscall+0x98/0x2b8
[   43.436184][ T4023]        el0_svc_common+0x138/0x258
[   43.437500][ T4023]        do_el0_svc+0x58/0x14c
[   43.438722][ T4023]        el0_svc+0x7c/0x1f0
[   43.439848][ T4023]        el0t_64_sync_handler+0x84/0xe4
[   43.441258][ T4023]        el0t_64_sync+0x1a0/0x1a4
[   43.442561][ T4023] 
[   43.442561][ T4023] -> #2 (rfkill_global_mutex){+.+.}-{3:3}:
[   43.444638][ T4023]        __mutex_lock_common+0x194/0x2154
[   43.446096][ T4023]        mutex_lock_nested+0xa4/0xf8
[   43.447444][ T4023]        rfkill_register+0x44/0x7a4
[   43.448766][ T4023]        hci_register_dev+0x3e0/0x880
[   43.450120][ T4023]        vhci_create_device+0x2c4/0x568
[   43.451559][ T4023]        vhci_write+0x318/0x3b8
[   43.452795][ T4023]        vfs_write+0x884/0xb44
[   43.454000][ T4023]        ksys_write+0x15c/0x26c
[   43.455255][ T4023]        __arm64_sys_write+0x7c/0x90
[   43.456595][ T4023]        invoke_syscall+0x98/0x2b8
[   43.457888][ T4023]        el0_svc_common+0x138/0x258
[   43.459198][ T4023]        do_el0_svc+0x58/0x14c
[   43.460403][ T4023]        el0_svc+0x7c/0x1f0
[   43.461537][ T4023]        el0t_64_sync_handler+0x84/0xe4
[   43.462929][ T4023]        el0t_64_sync+0x1a0/0x1a4
[   43.464219][ T4023] 
[   43.464219][ T4023] -> #1 (&data->open_mutex){+.+.}-{3:3}:
[   43.466198][ T4023]        __mutex_lock_common+0x194/0x2154
[   43.467649][ T4023]        mutex_lock_nested+0xa4/0xf8
[   43.468990][ T4023]        vhci_send_frame+0x8c/0x10c
[   43.470309][ T4023]        hci_send_frame+0x194/0x2f0
[   43.471665][ T4023]        hci_tx_work+0x8d8/0x157c
[   43.472956][ T4023]        process_one_work+0x790/0x11b8
[   43.474339][ T4023]        worker_thread+0x910/0x1034
[   43.475649][ T4023]        kthread+0x37c/0x45c
[   43.476796][ T4023]        ret_from_fork+0x10/0x20
[   43.478060][ T4023] 
[   43.478060][ T4023] -> #0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}:
[   43.480452][ T4023]        __lock_acquire+0x32d4/0x7638
[   43.481804][ T4023]        lock_acquire+0x240/0x77c
[   43.483067][ T4023]        __flush_work+0xf8/0x1c0
[   43.484341][ T4023]        flush_work+0x24/0x38
[   43.485531][ T4023]        hci_dev_do_close+0x16c/0x1060
[   43.486886][ T4023]        hci_rfkill_set_block+0xdc/0x1d0
[   43.488281][ T4023]        rfkill_set_block+0x18c/0x37c
[   43.489678][ T4023]        rfkill_fop_write+0x594/0x750
[   43.491046][ T4023]        vfs_write+0x280/0xb44
[   43.492257][ T4023]        ksys_write+0x15c/0x26c
[   43.493475][ T4023]        __arm64_sys_write+0x7c/0x90
[   43.494793][ T4023]        invoke_syscall+0x98/0x2b8
[   43.496093][ T4023]        el0_svc_common+0x138/0x258
[   43.497405][ T4023]        do_el0_svc+0x58/0x14c
[   43.498603][ T4023]        el0_svc+0x7c/0x1f0
[   43.499769][ T4023]        el0t_64_sync_handler+0x84/0xe4
[   43.501219][ T4023]        el0t_64_sync+0x1a0/0x1a4
[   43.502475][ T4023] 
[   43.502475][ T4023] other info that might help us debug this:
[   43.502475][ T4023] 
[   43.505083][ T4023] Chain exists of:
[   43.505083][ T4023]   (work_completion)(&hdev->tx_work) --> rfkill_global_mutex --> &hdev->req_lock
[   43.505083][ T4023] 
[   43.508864][ T4023]  Possible unsafe locking scenario:
[   43.508864][ T4023] 
[   43.510763][ T4023]        CPU0                    CPU1
[   43.512113][ T4023]        ----                    ----
[   43.513510][ T4023]   lock(&hdev->req_lock);
[   43.514635][ T4023]                                lock(rfkill_global_mutex);
[   43.516511][ T4023]                                lock(&hdev->req_lock);
[   43.518293][ T4023]   lock((work_completion)(&hdev->tx_work));
[   43.519787][ T4023] 
[   43.519787][ T4023]  *** DEADLOCK ***
[   43.519787][ T4023] 
[   43.521864][ T4023] 2 locks held by syz-executor227/4023:
[   43.523291][ T4023]  #0: ffff800016e77d28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x250/0x750
[   43.525867][ T4023]  #1: ffff0000dad60ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x64/0x1060
[   43.528354][ T4023] 
[   43.528354][ T4023] stack backtrace:
[   43.529824][ T4023] CPU: 1 PID: 4023 Comm: syz-executor227 Not tainted 5.15.165-syzkaller #0
[   43.532032][ T4023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   43.534591][ T4023] Call trace:
[   43.535414][ T4023]  dump_backtrace+0x0/0x530
[   43.536539][ T4023]  show_stack+0x2c/0x3c
[   43.537625][ T4023]  dump_stack_lvl+0x108/0x170
[   43.538799][ T4023]  dump_stack+0x1c/0x58
[   43.539868][ T4023]  print_circular_bug+0x150/0x1b8
[   43.541148][ T4023]  check_noncircular+0x2cc/0x378
[   43.542423][ T4023]  __lock_acquire+0x32d4/0x7638
[   43.543655][ T4023]  lock_acquire+0x240/0x77c
[   43.544807][ T4023]  __flush_work+0xf8/0x1c0
[   43.545913][ T4023]  flush_work+0x24/0x38
[   43.546964][ T4023]  hci_dev_do_close+0x16c/0x1060
[   43.548228][ T4023]  hci_rfkill_set_block+0xdc/0x1d0
[   43.549533][ T4023]  rfkill_set_block+0x18c/0x37c
[   43.550772][ T4023]  rfkill_fop_write+0x594/0x750
[   43.552101][ T4023]  vfs_write+0x280/0xb44
[   43.553170][ T4023]  ksys_write+0x15c/0x26c
[   43.554260][ T4023]  __arm64_sys_write+0x7c/0x90
[   43.555451][ T4023]  invoke_syscall+0x98/0x2b8
[   43.556606][ T4023]  el0_svc_common+0x138/0x258
[   43.557810][ T4023]  do_el0_svc+0x58/0x14c
[   43.558916][ T4023]  el0_svc+0x7c/0x1f0
[   43.559932][ T4023]  el0t_64_sync_handler+0x84/0xe4
[   43.561223][ T4023]  el0t_64_sync+0x1a0/0x1a4