Warning: Permanently added '10.128.0.89' (ED25519) to the list of known hosts.
1970/01/01 00:00:42 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:00:43 parsed 1 programs
[   46.196402][ T4029] cgroup: Unknown subsys name 'net'
[   46.447505][ T4029] cgroup: Unknown subsys name 'rlimit'
[   46.783013][ T4029] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   53.641532][  T435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   53.643858][  T435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   53.650573][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   53.663585][  T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   53.665783][  T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   53.668467][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   54.319300][ T4082] chnl_net:caif_netlink_parms(): no params data found
[   54.360692][ T4082] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.364013][ T4082] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.366859][ T4082] device bridge_slave_0 entered promiscuous mode
[   54.371214][ T4082] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.373734][ T4082] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.376362][ T4082] device bridge_slave_1 entered promiscuous mode
[   54.393647][ T4082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.398982][ T4082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.414511][ T4082] team0: Port device team_slave_0 added
[   54.418018][ T4082] team0: Port device team_slave_1 added
[   54.431194][ T4082] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.433376][ T4082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.440244][ T4082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.446047][ T4082] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.447935][ T4082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.455400][ T4082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.513577][ T4082] device hsr_slave_0 entered promiscuous mode
[   54.562890][ T4082] device hsr_slave_1 entered promiscuous mode
[   54.701093][ T4082] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   54.754255][ T4082] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   54.794534][ T4082] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   54.854706][ T4082] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.953795][ T4082] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.960925][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   54.965232][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.970546][ T4082] 8021q: adding VLAN 0 to HW filter on device team0
[   54.976506][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   54.979247][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.984344][  T435] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.986409][  T435] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.989146][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   55.004651][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   55.007661][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   55.010203][  T435] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.012182][  T435] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.014912][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   55.017786][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   55.020607][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   55.023952][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   55.026705][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   55.049934][ T4082] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   55.053943][ T4082] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.058297][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   55.062144][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   55.064825][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   55.067760][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.071087][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   55.074665][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.081031][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   55.162196][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   55.164489][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   55.170482][ T4082] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.185534][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   55.188493][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   55.202588][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   55.205260][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   55.209028][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   55.211522][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   55.215456][ T4082] device veth0_vlan entered promiscuous mode
[   55.223443][ T4082] device veth1_vlan entered promiscuous mode
[   55.239275][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   55.243137][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   55.245735][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   55.251667][ T4082] device veth0_macvtap entered promiscuous mode
[   55.256077][ T4082] device veth1_macvtap entered promiscuous mode
[   55.279395][ T4082] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.284999][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   55.289692][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   55.293169][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   55.297172][ T4082] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.303092][ T4082] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.305597][ T4082] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.307844][ T4082] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.310292][ T4082] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.318714][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   55.322328][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
1970/01/01 00:00:56 executed programs: 0
[   56.158950][ T4125] chnl_net:caif_netlink_parms(): no params data found
[   56.195323][ T4125] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.197365][ T4125] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.200036][ T4125] device bridge_slave_0 entered promiscuous mode
[   56.204083][ T4125] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.206123][ T4125] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.208597][ T4125] device bridge_slave_1 entered promiscuous mode
[   56.225637][ T4125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.230070][ T4125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.244986][ T4125] team0: Port device team_slave_0 added
[   56.248228][ T4125] team0: Port device team_slave_1 added
[   56.262364][ T4125] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.264293][ T4125] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.271432][ T4125] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.276218][ T4125] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.278082][ T4125] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.285421][ T4125] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.363402][ T4125] device hsr_slave_0 entered promiscuous mode
[   56.401791][ T4125] device hsr_slave_1 entered promiscuous mode
[   56.461542][ T4125] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   56.463758][ T4125] Cannot create hsr debugfs directory
[   56.552628][ T4125] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.102104][ T4101] Bluetooth: hci0: command 0x0409 tx timeout
[   59.060105][ T4125] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.181739][ T1534] Bluetooth: hci0: command 0x041b tx timeout
[   60.737669][ T4125] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.793973][ T4125] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.981162][ T4125] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   61.053503][ T4125] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   61.084438][ T4125] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   61.123746][ T4125] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   61.206692][ T4125] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.216962][ T1626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   61.219488][ T1626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.236377][ T4125] 8021q: adding VLAN 0 to HW filter on device team0
[   61.240969][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   61.244985][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   61.247588][  T148] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.249558][  T148] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.262320][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   61.264864][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   61.267621][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.270371][  T148] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.272335][  T148] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.277481][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   61.283168][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   61.291277][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   61.297095][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   61.307540][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   61.310677][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   61.316628][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   61.319349][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   61.323741][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.329721][ T4125] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   61.336408][ T4125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   61.339888][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   61.343751][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.425731][ T1626] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   61.427835][ T1626] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   61.436390][ T4125] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.454421][ T1626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   61.457143][ T1626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   61.473912][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   61.476661][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   61.480825][ T4125] device veth0_vlan entered promiscuous mode
[   61.483805][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   61.486612][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   61.493934][ T4125] device veth1_vlan entered promiscuous mode
[   61.513060][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   61.515685][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   61.518194][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   61.520935][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   61.529012][ T4125] device veth0_macvtap entered promiscuous mode
[   61.533659][ T4125] device veth1_macvtap entered promiscuous mode
[   61.543940][ T4125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.546932][ T4125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.550818][ T4125] batman_adv: batadv0: Interface activated: batadv_slave_0
[   61.555798][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   61.558659][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   61.561140][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   61.565165][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   61.569680][ T4125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.573530][ T4125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.577095][ T4125] batman_adv: batadv0: Interface activated: batadv_slave_1
[   61.579482][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   61.582686][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   61.587440][ T4125] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.589863][ T4125] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.592672][ T4125] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.595045][ T4125] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.657768][  T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.660093][  T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.671071][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   61.679177][  T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.681810][  T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.684802][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   61.770693][ T4137] 
[   61.771402][ T4137] ======================================================
[   61.773324][ T4137] WARNING: possible circular locking dependency detected
[   61.775287][ T4137] 5.15.184-syzkaller #0 Not tainted
[   61.776680][ T4137] ------------------------------------------------------
[   61.778578][ T4137] syz.0.16/4137 is trying to acquire lock:
[   61.780099][ T4137] ffff0000dc03cc28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xcc/0x1bc
[   61.783121][ T4137] 
[   61.783121][ T4137] but task is already holding lock:
[   61.785149][ T4137] ffff8000164f7788 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x238/0x5cc
[   61.787755][ T4137] 
[   61.787755][ T4137] which lock already depends on the new lock.
[   61.787755][ T4137] 
[   61.790529][ T4137] 
[   61.790529][ T4137] the existing dependency chain (in reverse order) is:
[   61.792981][ T4137] 
[   61.792981][ T4137] -> #4 (rfkill_global_mutex){+.+.}-{3:3}:
[   61.795138][ T4137]        __mutex_lock_common+0x194/0x1edc
[   61.796703][ T4137]        mutex_lock_nested+0xac/0x11c
[   61.798180][ T4137]        rfkill_register+0x44/0x77c
[   61.799662][ T4137]        hci_register_dev+0x3d8/0x854
[   61.801089][ T4137]        vhci_create_device+0x2bc/0x564
[   61.802607][ T4137]        vhci_write+0x30c/0x3ac
[   61.803901][ T4137]        vfs_write+0x7c8/0xa2c
[   61.805129][ T4137]        ksys_write+0x120/0x210
[   61.806435][ T4137]        __arm64_sys_write+0x7c/0x90
[   61.807849][ T4137]        invoke_syscall+0x98/0x2b8
[   61.809245][ T4137]        el0_svc_common+0x138/0x258
[   61.810715][ T4137]        do_el0_svc+0x58/0x14c
[   61.812037][ T4137]        el0_svc+0x78/0x1e0
[   61.813208][ T4137]        el0t_64_sync_handler+0xcc/0xe4
[   61.814763][ T4137]        el0t_64_sync+0x1a0/0x1a4
[   61.816067][ T4137] 
[   61.816067][ T4137] -> #3 (&data->open_mutex){+.+.}-{3:3}:
[   61.818197][ T4137]        __mutex_lock_common+0x194/0x1edc
[   61.819694][ T4137]        mutex_lock_nested+0xac/0x11c
[   61.821178][ T4137]        vhci_send_frame+0x88/0x118
[   61.822636][ T4137]        hci_send_frame+0x194/0x2f0
[   61.824038][ T4137]        hci_tx_work+0x7e4/0x1394
[   61.825452][ T4137]        process_one_work+0x79c/0x1140
[   61.826868][ T4137]        worker_thread+0x8f4/0x101c
[   61.828353][ T4137]        kthread+0x374/0x454
[   61.829592][ T4137]        ret_from_fork+0x10/0x20
[   61.830925][ T4137] 
[   61.830925][ T4137] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}:
[   61.833451][ T4137]        __flush_work+0xf4/0x1bc
[   61.834824][ T4137]        flush_work+0x24/0x38
[   61.836096][ T4137]        hci_dev_do_close+0x164/0x105c
[   61.837664][ T4137]        hci_unregister_dev+0x23c/0x4c0
[   61.839105][ T4137]        vhci_release+0x74/0xc4
[   61.840494][ T4137]        __fput+0x1c0/0x7f8
[   61.841721][ T4137]        ____fput+0x20/0x30
[   61.843019][ T4137]        task_work_run+0x12c/0x1e0
[   61.844356][ T4137]        do_exit+0x67c/0x1f58
[   61.845644][ T4137]        do_group_exit+0x100/0x268
[   61.847022][ T4137]        get_signal+0x73c/0x1340
[   61.848317][ T4137]        do_notify_resume+0x35c/0x3128
[   61.849791][ T4137]        el0_svc+0xf0/0x1e0
[   61.851105][ T4137]        el0t_64_sync_handler+0xcc/0xe4
[   61.852606][ T4137]        el0t_64_sync+0x1a0/0x1a4
[   61.853938][ T4137] 
[   61.853938][ T4137] -> #1 (&hdev->req_lock){+.+.}-{3:3}:
[   61.855997][ T4137]        __mutex_lock_common+0x194/0x1edc
[   61.857577][ T4137]        mutex_lock_nested+0xac/0x11c
[   61.859033][ T4137]        bg_scan_update+0x48/0x3d0
[   61.860477][ T4137]        process_one_work+0x79c/0x1140
[   61.861967][ T4137]        worker_thread+0x8f4/0x101c
[   61.863379][ T4137]        kthread+0x374/0x454
[   61.864597][ T4137]        ret_from_fork+0x10/0x20
[   61.866003][ T4137] 
[   61.866003][ T4137] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}:
[   61.868744][ T4137]        __lock_acquire+0x2928/0x651c
[   61.870211][ T4137]        lock_acquire+0x1f4/0x620
[   61.871582][ T4137]        __flush_work+0xf4/0x1bc
[   61.872938][ T4137]        __cancel_work_timer+0x2ec/0x448
[   61.874438][ T4137]        cancel_work_sync+0x24/0x38
[   61.875838][ T4137]        hci_request_cancel_all+0xbc/0x2d0
[   61.877410][ T4137]        hci_dev_do_close+0x54/0x105c
[   61.878838][ T4137]        hci_rfkill_set_block+0xdc/0x1d0
[   61.880383][ T4137]        rfkill_set_block+0x18c/0x374
[   61.881901][ T4137]        rfkill_fop_write+0x4a4/0x5cc
[   61.883365][ T4137]        do_iter_write+0x348/0x670
[   61.884711][ T4137]        do_writev+0x1e0/0x380
[   61.885984][ T4137]        __arm64_sys_writev+0x80/0x94
[   61.887436][ T4137]        invoke_syscall+0x98/0x2b8
[   61.888855][ T4137]        el0_svc_common+0x138/0x258
[   61.890196][ T4137]        do_el0_svc+0x58/0x14c
[   61.891491][ T4137]        el0_svc+0x78/0x1e0
[   61.892670][ T4137]        el0t_64_sync_handler+0xcc/0xe4
[   61.894120][ T4137]        el0t_64_sync+0x1a0/0x1a4
[   61.895464][ T4137] 
[   61.895464][ T4137] other info that might help us debug this:
[   61.895464][ T4137] 
[   61.898199][ T4137] Chain exists of:
[   61.898199][ T4137]   (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex
[   61.898199][ T4137] 
[   61.902474][ T4137]  Possible unsafe locking scenario:
[   61.902474][ T4137] 
[   61.904506][ T4137]        CPU0                    CPU1
[   61.905944][ T4137]        ----                    ----
[   61.907386][ T4137]   lock(rfkill_global_mutex);
[   61.908684][ T4137]                                lock(&data->open_mutex);
[   61.910579][ T4137]                                lock(rfkill_global_mutex);
[   61.912577][ T4137]   lock((work_completion)(&hdev->bg_scan_update));
[   61.914390][ T4137] 
[   61.914390][ T4137]  *** DEADLOCK ***
[   61.914390][ T4137] 
[   61.916562][ T4137] 1 lock held by syz.0.16/4137:
[   61.917848][ T4137]  #0: ffff8000164f7788 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x238/0x5cc
[   61.920502][ T4137] 
[   61.920502][ T4137] stack backtrace:
[   61.922108][ T4137] CPU: 1 PID: 4137 Comm: syz.0.16 Not tainted 5.15.184-syzkaller #0
[   61.924204][ T4137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   61.926914][ T4137] Call trace:
[   61.927804][ T4137]  dump_backtrace+0x0/0x43c
[   61.929010][ T4137]  show_stack+0x2c/0x3c
[   61.930147][ T4137]  __dump_stack+0x30/0x40
[   61.931296][ T4137]  dump_stack_lvl+0xf8/0x160
[   61.932528][ T4137]  dump_stack+0x1c/0x5c
[   61.933628][ T4137]  print_circular_bug+0x148/0x1b0
[   61.934965][ T4137]  check_noncircular+0x240/0x2d4
[   61.936269][ T4137]  __lock_acquire+0x2928/0x651c
[   61.937608][ T4137]  lock_acquire+0x1f4/0x620
[   61.938795][ T4137]  __flush_work+0xf4/0x1bc
[   61.939986][ T4137]  __cancel_work_timer+0x2ec/0x448
[   61.941362][ T4137]  cancel_work_sync+0x24/0x38
[   61.942620][ T4137]  hci_request_cancel_all+0xbc/0x2d0
[   61.944019][ T4137]  hci_dev_do_close+0x54/0x105c
[   61.945365][ T4137]  hci_rfkill_set_block+0xdc/0x1d0
[   61.946763][ T4137]  rfkill_set_block+0x18c/0x374
[   61.948086][ T4137]  rfkill_fop_write+0x4a4/0x5cc
[   61.949380][ T4137]  do_iter_write+0x348/0x670
[   61.950671][ T4137]  do_writev+0x1e0/0x380
[   61.951854][ T4137]  __arm64_sys_writev+0x80/0x94
[   61.953195][ T4137]  invoke_syscall+0x98/0x2b8
[   61.954430][ T4137]  el0_svc_common+0x138/0x258
[   61.955721][ T4137]  do_el0_svc+0x58/0x14c
[   61.956882][ T4137]  el0_svc+0x78/0x1e0
[   61.958067][ T4137]  el0t_64_sync_handler+0xcc/0xe4
[   61.959418][ T4137]  el0t_64_sync+0x1a0/0x1a4