Warning: Permanently added '10.128.1.93' (ED25519) to the list of known hosts.
2024/04/29 18:28:35 ignoring optional flag "sandboxArg"="0"
2024/04/29 18:28:36 parsed 1 programs
2024/04/29 18:28:36 executed programs: 0
[   47.661311][ T1971] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   47.682804][ T1310] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   47.690327][ T1310] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   47.697748][ T1310] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   47.705526][ T1310] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   47.713072][ T1310] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   47.720651][ T1310] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   47.800900][ T1976] chnl_net:caif_netlink_parms(): no params data found
[   48.447124][ T1976] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.880111][ T1976] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.790425][ T1462] Bluetooth: hci0: command tx timeout
[   50.468427][ T2378] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   50.474664][ T2378] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[   50.484683][ T2378] 
[   50.487174][ T2378] ======================================================
[   50.494168][ T2378] WARNING: possible circular locking dependency detected
[   50.501241][ T2378] 6.9.0-rc4-syzkaller #0 Not tainted
[   50.506491][ T2378] ------------------------------------------------------
[   50.513489][ T2378] syz-executor.0/2378 is trying to acquire lock:
[   50.519827][ T2378] ffff888104ba88d0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0x64/0x4e0
[   50.530832][ T2378] 
[   50.530832][ T2378] but task is already holding lock:
[   50.538265][ T2378] ffff888104ba9060 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x1e/0x60
[   50.548223][ T2378] 
[   50.548223][ T2378] which lock already depends on the new lock.
[   50.548223][ T2378] 
[   50.559136][ T2378] 
[   50.559136][ T2378] the existing dependency chain (in reverse order) is:
[   50.568409][ T2378] 
[   50.568409][ T2378] -> #1 (&hdev->req_lock){+.+.}-{3:3}:
[   50.576295][ T2378]        __mutex_lock+0x99/0x9a0
[   50.581571][ T2378]        hci_cmd_sync_work+0xa9/0x190
[   50.587007][ T2378]        process_scheduled_works+0x2a3/0x5b0
[   50.593129][ T2378]        worker_thread+0x23e/0x300
[   50.598380][ T2378]        kthread+0xea/0x100
[   50.602942][ T2378]        ret_from_fork+0x32/0x40
[   50.607847][ T2378]        ret_from_fork_asm+0x1a/0x30
[   50.613185][ T2378] 
[   50.613185][ T2378] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}:
[   50.622955][ T2378]        __lock_acquire+0x11fe/0x2490
[   50.628468][ T2378]        lock_acquire+0xeb/0x270
[   50.633420][ T2378]        __flush_work+0x393/0x4e0
[   50.638605][ T2378]        __cancel_work_sync+0xfa/0x230
[   50.644051][ T2378]        hci_cmd_sync_clear+0x1e/0xd0
[   50.649401][ T2378]        hci_dev_close_sync+0x43f/0x630
[   50.654931][ T2378]        hci_dev_do_close+0x26/0x60
[   50.660113][ T2378]        hci_rfkill_set_block+0xd6/0x130
[   50.665714][ T2378]        rfkill_set_block+0x89/0x140
[   50.670970][ T2378]        rfkill_fop_write+0x190/0x1e0
[   50.676305][ T2378]        vfs_writev+0x2c7/0x3d0
[   50.681477][ T2378]        do_writev+0x70/0x110
[   50.686128][ T2378]        do_syscall_64+0xa2/0x1b0
[   50.691205][ T2378]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.697592][ T2378] 
[   50.697592][ T2378] other info that might help us debug this:
[   50.697592][ T2378] 
[   50.707789][ T2378]  Possible unsafe locking scenario:
[   50.707789][ T2378] 
[   50.715813][ T2378]        CPU0                    CPU1
[   50.721147][ T2378]        ----                    ----
[   50.726488][ T2378]   lock(&hdev->req_lock);
[   50.730879][ T2378]                                lock((work_completion)(&hdev->cmd_sync_work));
[   50.740034][ T2378]                                lock(&hdev->req_lock);
[   50.747080][ T2378]   lock((work_completion)(&hdev->cmd_sync_work));
[   50.753543][ T2378] 
[   50.753543][ T2378]  *** DEADLOCK ***
[   50.753543][ T2378] 
[   50.761921][ T2378] 3 locks held by syz-executor.0/2378:
[   50.767352][ T2378]  #0: ffffffff83d84ec0 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0xad/0x1e0
[   50.777324][ T2378]  #1: ffff888104ba9060 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x1e/0x60
[   50.786989][ T2378]  #2: ffffffff83b7ed10 (rcu_read_lock){....}-{1:2}, at: __flush_work+0x64/0x4e0
[   50.796100][ T2378] 
[   50.796100][ T2378] stack backtrace:
[   50.802059][ T2378] CPU: 1 PID: 2378 Comm: syz-executor.0 Not tainted 6.9.0-rc4-syzkaller #0
[   50.811481][ T2378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   50.821851][ T2378] Call Trace:
[   50.825281][ T2378]  <TASK>
[   50.828357][ T2378]  dump_stack_lvl+0xa3/0x100
[   50.833200][ T2378]  check_noncircular+0x119/0x140
[   50.838200][ T2378]  __lock_acquire+0x11fe/0x2490
[   50.843115][ T2378]  ? debug_object_activate+0x56/0x220
[   50.848626][ T2378]  ? debug_object_activate+0x56/0x220
[   50.854149][ T2378]  ? __flush_work+0x64/0x4e0
[   50.858800][ T2378]  lock_acquire+0xeb/0x270
[   50.863183][ T2378]  ? __flush_work+0x64/0x4e0
[   50.867826][ T2378]  ? _raw_spin_unlock_irq+0x23/0x50
[   50.873077][ T2378]  ? __flush_work+0x64/0x4e0
[   50.877648][ T2378]  __flush_work+0x393/0x4e0
[   50.882130][ T2378]  ? __flush_work+0x64/0x4e0
[   50.887049][ T2378]  ? __flush_work+0x64/0x4e0
[   50.891877][ T2378]  ? __pfx_wq_barrier_func+0x10/0x10
[   50.897153][ T2378]  __cancel_work_sync+0xfa/0x230
[   50.902242][ T2378]  hci_cmd_sync_clear+0x1e/0xd0
[   50.907159][ T2378]  hci_dev_close_sync+0x43f/0x630
[   50.912160][ T2378]  hci_dev_do_close+0x26/0x60
[   50.917241][ T2378]  hci_rfkill_set_block+0xd6/0x130
[   50.922326][ T2378]  rfkill_set_block+0x89/0x140
[   50.927149][ T2378]  rfkill_fop_write+0x190/0x1e0
[   50.932067][ T2378]  vfs_writev+0x2c7/0x3d0
[   50.936542][ T2378]  do_writev+0x70/0x110
[   50.940751][ T2378]  do_syscall_64+0xa2/0x1b0
[   50.945311][ T2378]  ? clear_bhb_loop+0x55/0xb0
[   50.950127][ T2378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.956250][ T2378] RIP: 0033:0x7f217a47dea9
[   50.960636][ T2378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   50.980297][ T2378] RSP: 002b:00007f217b2100c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   50.988674][ T2378] RAX: ffffffffffffffda RBX: 00007f217a5abf80 RCX: 00007f217a47dea9
[   50.996699][ T2378] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000003
[   51.004997][ T2378] RBP: 00007f217a4ca4a4 R08: 0000000000000000 R09: 0000000000000000
[   51.013031][ T2378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   51.021055][ T2378] R13: 0000000000000006 R14: 00007f217a5abf80 R15: 00007ffc7e2d2ab8
[   51.029090][ T2378]  </TASK>
[   51.870105][ T1310] Bluetooth: hci0: command 0x041b tx timeout