Warning: Permanently added '10.128.0.15' (ED25519) to the list of known hosts.
1970/01/01 00:00:42 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:00:43 parsed 1 programs
[   46.236336][ T4031] cgroup: Unknown subsys name 'net'
[   46.485262][ T4031] cgroup: Unknown subsys name 'rlimit'
[   46.825616][ T4031] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   61.733584][ T4062] chnl_net:caif_netlink_parms(): no params data found
[   61.774986][ T4062] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.777003][ T4062] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.779864][ T4062] device bridge_slave_0 entered promiscuous mode
[   61.784268][ T4062] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.786265][ T4062] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.788872][ T4062] device bridge_slave_1 entered promiscuous mode
[   61.805821][ T4062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.811064][ T4062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.828627][ T4062] team0: Port device team_slave_0 added
[   61.833010][ T4062] team0: Port device team_slave_1 added
[   61.845746][ T4062] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.847668][ T4062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.855069][ T4062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.859943][ T4062] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.861805][ T4062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.868567][ T4062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.932510][ T4062] device hsr_slave_0 entered promiscuous mode
[   61.969908][ T4062] device hsr_slave_1 entered promiscuous mode
[   62.136450][ T4062] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   62.183783][ T4062] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   62.231899][ T4062] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   62.282900][ T4062] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   62.338643][ T4062] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.340756][ T4062] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.343127][ T4062] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.345044][ T4062] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.392884][ T4062] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.400539][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.404446][  T148] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.408317][  T148] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.412574][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   62.422069][ T4062] 8021q: adding VLAN 0 to HW filter on device team0
[   62.432451][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.435500][  T148] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.437413][  T148] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.440174][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.442734][  T148] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.444655][  T148] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.463396][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   62.466715][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   62.471229][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   62.480046][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.483015][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   62.487685][ T4062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   62.569265][ T4062] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.573240][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   62.575383][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   62.588920][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   62.605543][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   62.608751][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   62.613212][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   62.618952][ T4062] device veth0_vlan entered promiscuous mode
[   62.627039][ T4062] device veth1_vlan entered promiscuous mode
[   62.645452][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   62.648021][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   62.651795][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   62.656843][ T4062] device veth0_macvtap entered promiscuous mode
[   62.663125][ T4062] device veth1_macvtap entered promiscuous mode
[   62.676542][ T4062] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.678724][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   62.684812][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   62.692353][ T4062] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.694780][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   62.701482][ T4062] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.703886][ T4062] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.706199][ T4062] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.708537][ T4062] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.876903][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.879153][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.883239][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   62.904795][  T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.907161][  T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.911737][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   63.352975][  T136] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:01:04 executed programs: 0
[   64.402617][ T4117] chnl_net:caif_netlink_parms(): no params data found
[   64.438755][ T4117] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.441195][ T4117] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.443757][ T4117] device bridge_slave_0 entered promiscuous mode
[   64.447461][ T4117] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.449352][ T4117] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.452544][ T4117] device bridge_slave_1 entered promiscuous mode
[   64.471087][ T4117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.475721][ T4117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.491124][ T4117] team0: Port device team_slave_0 added
[   64.496181][ T4117] team0: Port device team_slave_1 added
[   64.510028][ T4117] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.511938][ T4117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.518744][ T4117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.523606][ T4117] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.525479][ T4117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.532854][ T4117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.601861][ T4117] device hsr_slave_0 entered promiscuous mode
[   64.649806][ T4117] device hsr_slave_1 entered promiscuous mode
[   64.699604][ T4117] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   64.701853][ T4117] Cannot create hsr debugfs directory
[   65.606935][  T136] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.340404][   T13] Bluetooth: hci0: command 0x0409 tx timeout
[   67.857255][  T136] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.918254][  T136] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.419577][ T4068] Bluetooth: hci0: command 0x041b tx timeout
[   68.917004][ T4117] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   68.942443][ T4117] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   69.006003][ T4117] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   69.042445][ T4117] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   69.125428][ T4117] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.132613][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   69.135199][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.143493][ T4117] 8021q: adding VLAN 0 to HW filter on device team0
[   69.147987][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   69.151462][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   69.153980][  T153] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.155901][  T153] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.158538][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   69.165164][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   69.168200][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   69.171298][  T153] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.173229][  T153] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.178294][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   69.184015][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   69.189392][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   69.193382][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   69.220095][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   69.222779][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   69.225777][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.231410][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.234068][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.238827][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.243305][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.247894][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   69.327099][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   69.329301][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   69.335762][ T4117] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.347973][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   69.351323][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   69.364368][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   69.367041][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   69.370360][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   69.372791][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   69.377502][ T4117] device veth0_vlan entered promiscuous mode
[   69.384301][ T4117] device veth1_vlan entered promiscuous mode
[   69.401447][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   69.404097][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   69.406659][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   69.409357][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   69.415754][ T4117] device veth0_macvtap entered promiscuous mode
[   69.420553][ T4117] device veth1_macvtap entered promiscuous mode
[   69.429720][ T4117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   69.432721][ T4117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.436376][ T4117] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.438443][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   69.441378][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   69.443868][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   69.446482][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   69.473067][ T4117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   69.475957][ T4117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.479568][ T4117] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.481681][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   69.484429][  T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   69.488965][ T4117] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.492516][ T4117] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.494834][ T4117] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.497162][ T4117] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.563824][  T409] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.566040][  T409] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.568928][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.583803][  T409] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.585984][  T409] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.588907][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.621752][ T2056] ieee802154 phy0 wpan0: encryption failed: -22
[   69.623631][ T2056] ieee802154 phy1 wpan1: encryption failed: -22
[   69.636006][ T4170] 
[   69.636657][ T4170] ======================================================
[   69.638493][ T4170] WARNING: possible circular locking dependency detected
[   69.640357][ T4170] 5.15.184-syzkaller #0 Not tainted
[   69.641778][ T4170] ------------------------------------------------------
[   69.643690][ T4170] syz.0.16/4170 is trying to acquire lock:
[   69.645253][ T4170] ffff0000cba50c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xcc/0x1bc
[   69.648318][ T4170] 
[   69.648318][ T4170] but task is already holding lock:
[   69.650345][ T4170] ffff8000164f7788 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x238/0x5cc
[   69.653005][ T4170] 
[   69.653005][ T4170] which lock already depends on the new lock.
[   69.653005][ T4170] 
[   69.655861][ T4170] 
[   69.655861][ T4170] the existing dependency chain (in reverse order) is:
[   69.658326][ T4170] 
[   69.658326][ T4170] -> #4 (rfkill_global_mutex){+.+.}-{3:3}:
[   69.660494][ T4170]        __mutex_lock_common+0x194/0x1edc
[   69.662036][ T4170]        mutex_lock_nested+0xac/0x11c
[   69.663481][ T4170]        rfkill_register+0x44/0x77c
[   69.664892][ T4170]        hci_register_dev+0x3d8/0x854
[   69.666353][ T4170]        vhci_create_device+0x2bc/0x564
[   69.667921][ T4170]        vhci_write+0x30c/0x3ac
[   69.669231][ T4170]        vfs_write+0x7c8/0xa2c
[   69.670604][ T4170]        ksys_write+0x120/0x210
[   69.671963][ T4170]        __arm64_sys_write+0x7c/0x90
[   69.673447][ T4170]        invoke_syscall+0x98/0x2b8
[   69.674857][ T4170]        el0_svc_common+0x138/0x258
[   69.676251][ T4170]        do_el0_svc+0x58/0x14c
[   69.677577][ T4170]        el0_svc+0x78/0x1e0
[   69.678804][ T4170]        el0t_64_sync_handler+0xcc/0xe4
[   69.680355][ T4170]        el0t_64_sync+0x1a0/0x1a4
[   69.681707][ T4170] 
[   69.681707][ T4170] -> #3 (&data->open_mutex){+.+.}-{3:3}:
[   69.683950][ T4170]        __mutex_lock_common+0x194/0x1edc
[   69.685519][ T4170]        mutex_lock_nested+0xac/0x11c
[   69.687009][ T4170]        vhci_send_frame+0x88/0x118
[   69.688480][ T4170]        hci_send_frame+0x194/0x2f0
[   69.689920][ T4170]        hci_tx_work+0x7e4/0x1394
[   69.691361][ T4170]        process_one_work+0x79c/0x1140
[   69.692869][ T4170]        worker_thread+0x8f4/0x101c
[   69.694285][ T4170]        kthread+0x374/0x454
[   69.695508][ T4170]        ret_from_fork+0x10/0x20
[   69.696886][ T4170] 
[   69.696886][ T4170] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}:
[   69.699389][ T4170]        __flush_work+0xf4/0x1bc
[   69.700805][ T4170]        flush_work+0x24/0x38
[   69.702061][ T4170]        hci_dev_do_close+0x164/0x105c
[   69.703554][ T4170]        hci_unregister_dev+0x23c/0x4c0
[   69.705099][ T4170]        vhci_release+0x74/0xc4
[   69.706407][ T4170]        __fput+0x1c0/0x7f8
[   69.707776][ T4170]        ____fput+0x20/0x30
[   69.709006][ T4170]        task_work_run+0x12c/0x1e0
[   69.710396][ T4170]        do_exit+0x67c/0x1f58
[   69.711648][ T4170]        do_group_exit+0x100/0x268
[   69.713065][ T4170]        get_signal+0x73c/0x1340
[   69.714423][ T4170]        do_notify_resume+0x35c/0x3128
[   69.715933][ T4170]        el0_svc+0xf0/0x1e0
[   69.717124][ T4170]        el0t_64_sync_handler+0xcc/0xe4
[   69.718581][ T4170]        el0t_64_sync+0x1a0/0x1a4
[   69.719916][ T4170] 
[   69.719916][ T4170] -> #1 (&hdev->req_lock){+.+.}-{3:3}:
[   69.722047][ T4170]        __mutex_lock_common+0x194/0x1edc
[   69.723606][ T4170]        mutex_lock_nested+0xac/0x11c
[   69.725002][ T4170]        bg_scan_update+0x48/0x3d0
[   69.726374][ T4170]        process_one_work+0x79c/0x1140
[   69.727847][ T4170]        worker_thread+0x8f4/0x101c
[   69.729195][ T4170]        kthread+0x374/0x454
[   69.730403][ T4170]        ret_from_fork+0x10/0x20
[   69.731763][ T4170] 
[   69.731763][ T4170] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}:
[   69.734531][ T4170]        __lock_acquire+0x2928/0x651c
[   69.735997][ T4170]        lock_acquire+0x1f4/0x620
[   69.737318][ T4170]        __flush_work+0xf4/0x1bc
[   69.738644][ T4170]        __cancel_work_timer+0x2ec/0x448
[   69.740106][ T4170]        cancel_work_sync+0x24/0x38
[   69.741608][ T4170]        hci_request_cancel_all+0xbc/0x2d0
[   69.743197][ T4170]        hci_dev_do_close+0x54/0x105c
[   69.744629][ T4170]        hci_rfkill_set_block+0xdc/0x1d0
[   69.746156][ T4170]        rfkill_set_block+0x18c/0x374
[   69.747626][ T4170]        rfkill_fop_write+0x4a4/0x5cc
[   69.749075][ T4170]        vfs_write+0x280/0xa2c
[   69.750341][ T4170]        ksys_write+0x120/0x210
[   69.751647][ T4170]        __arm64_sys_write+0x7c/0x90
[   69.753077][ T4170]        invoke_syscall+0x98/0x2b8
[   69.754456][ T4170]        el0_svc_common+0x138/0x258
[   69.755892][ T4170]        do_el0_svc+0x58/0x14c
[   69.757219][ T4170]        el0_svc+0x78/0x1e0
[   69.758439][ T4170]        el0t_64_sync_handler+0xcc/0xe4
[   69.759921][ T4170]        el0t_64_sync+0x1a0/0x1a4
[   69.761296][ T4170] 
[   69.761296][ T4170] other info that might help us debug this:
[   69.761296][ T4170] 
[   69.764004][ T4170] Chain exists of:
[   69.764004][ T4170]   (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex
[   69.764004][ T4170] 
[   69.768344][ T4170]  Possible unsafe locking scenario:
[   69.768344][ T4170] 
[   69.770365][ T4170]        CPU0                    CPU1
[   69.771793][ T4170]        ----                    ----
[   69.773178][ T4170]   lock(rfkill_global_mutex);
[   69.774464][ T4170]                                lock(&data->open_mutex);
[   69.776433][ T4170]                                lock(rfkill_global_mutex);
[   69.778390][ T4170]   lock((work_completion)(&hdev->bg_scan_update));
[   69.780088][ T4170] 
[   69.780088][ T4170]  *** DEADLOCK ***
[   69.780088][ T4170] 
[   69.782301][ T4170] 1 lock held by syz.0.16/4170:
[   69.783605][ T4170]  #0: ffff8000164f7788 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x238/0x5cc
[   69.786411][ T4170] 
[   69.786411][ T4170] stack backtrace:
[   69.787994][ T4170] CPU: 1 PID: 4170 Comm: syz.0.16 Not tainted 5.15.184-syzkaller #0
[   69.790149][ T4170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   69.792784][ T4170] Call trace:
[   69.793692][ T4170]  dump_backtrace+0x0/0x43c
[   69.794909][ T4170]  show_stack+0x2c/0x3c
[   69.796037][ T4170]  __dump_stack+0x30/0x40
[   69.797193][ T4170]  dump_stack_lvl+0xf8/0x160
[   69.798420][ T4170]  dump_stack+0x1c/0x5c
[   69.799507][ T4170]  print_circular_bug+0x148/0x1b0
[   69.800922][ T4170]  check_noncircular+0x240/0x2d4
[   69.802215][ T4170]  __lock_acquire+0x2928/0x651c
[   69.803552][ T4170]  lock_acquire+0x1f4/0x620
[   69.804766][ T4170]  __flush_work+0xf4/0x1bc
[   69.805930][ T4170]  __cancel_work_timer+0x2ec/0x448
[   69.807344][ T4170]  cancel_work_sync+0x24/0x38
[   69.808595][ T4170]  hci_request_cancel_all+0xbc/0x2d0
[   69.810065][ T4170]  hci_dev_do_close+0x54/0x105c
[   69.811359][ T4170]  hci_rfkill_set_block+0xdc/0x1d0
[   69.812750][ T4170]  rfkill_set_block+0x18c/0x374
[   69.814083][ T4170]  rfkill_fop_write+0x4a4/0x5cc
[   69.815386][ T4170]  vfs_write+0x280/0xa2c
[   69.816604][ T4170]  ksys_write+0x120/0x210
[   69.817785][ T4170]  __arm64_sys_write+0x7c/0x90
[   69.819100][ T4170]  invoke_syscall+0x98/0x2b8
[   69.820368][ T4170]  el0_svc_common+0x138/0x258
[   69.821620][ T4170]  do_el0_svc+0x58/0x14c
[   69.822755][ T4170]  el0_svc+0x78/0x1e0
[   69.823890][ T4170]  el0t_64_sync_handler+0xcc/0xe4
[   69.825202][ T4170]  el0t_64_sync+0x1a0/0x1a4