Warning: Permanently added '10.128.0.61' (ED25519) to the list of known hosts. 2025/02/22 17:16:55 ignoring optional flag "sandboxArg"="0" 2025/02/22 17:16:56 parsed 1 programs [ 62.820190][ T4170] cgroup: Unknown subsys name 'net' [ 62.930289][ T4170] cgroup: Unknown subsys name 'rlimit' [ 64.435866][ T4170] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 66.252432][ T4182] syz-executor (4182) used greatest stack depth: 19576 bytes left [ 67.385044][ T4214] chnl_net:caif_netlink_parms(): no params data found [ 67.449753][ T4214] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.457542][ T4214] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.465807][ T4214] device bridge_slave_0 entered promiscuous mode [ 67.475806][ T4214] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.482994][ T4214] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.491521][ T4214] device bridge_slave_1 entered promiscuous mode [ 67.519479][ T4214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.531679][ T4214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.562702][ T4214] team0: Port device team_slave_0 added [ 67.570784][ T4214] team0: Port device team_slave_1 added [ 67.595651][ T4214] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.602868][ T4214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.629024][ T4214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.642538][ T4214] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.649497][ T4214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.675422][ T4214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.715785][ T4214] device hsr_slave_0 entered promiscuous mode [ 67.722933][ T4214] device hsr_slave_1 entered promiscuous mode [ 67.852540][ T4214] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 67.865814][ T4214] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 67.876583][ T4214] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 67.887527][ T4214] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 67.912460][ T4214] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.919628][ T4214] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.927823][ T4214] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.934908][ T4214] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.029630][ T4214] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.048205][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.080568][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.095619][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.117717][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 68.149169][ T4214] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.160902][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.169819][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.176954][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.194275][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.203071][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.210133][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.225990][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.235759][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.248579][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.261631][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.274631][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.286056][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 68.362108][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.369619][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.383059][ T4214] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.402944][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 68.411804][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 68.430839][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 68.439774][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 68.449344][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 68.458140][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 68.467414][ T4214] device veth0_vlan entered promiscuous mode [ 68.497384][ T4214] device veth1_vlan entered promiscuous mode [ 68.516434][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 68.525340][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 68.533766][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 68.542688][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 68.573597][ T4214] device veth0_macvtap entered promiscuous mode [ 68.583658][ T4214] device veth1_macvtap entered promiscuous mode [ 68.599983][ T4214] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.607637][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 68.616210][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 68.624387][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 68.633208][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.644895][ T4214] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.654269][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 68.664298][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.675955][ T4214] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.685274][ T4214] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.694667][ T4214] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.703767][ T4214] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.830754][ T4214] syz-executor (4214) used greatest stack depth: 19480 bytes left [ 68.923364][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.933142][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.944338][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.964532][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.972784][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.983164][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/02/22 17:17:06 executed programs: 0 [ 70.485169][ T4262] chnl_net:caif_netlink_parms(): no params data found [ 70.544969][ T4262] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.552330][ T4262] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.569492][ T4262] device bridge_slave_0 entered promiscuous mode [ 70.578139][ T4262] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.585871][ T4262] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.595025][ T4262] device bridge_slave_1 entered promiscuous mode [ 70.620333][ T4262] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.632013][ T4262] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.669922][ T4262] team0: Port device team_slave_0 added [ 70.678190][ T4262] team0: Port device team_slave_1 added [ 70.708324][ T4262] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.715468][ T4262] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.745582][ T4262] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.758470][ T4262] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.766994][ T4262] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.793685][ T4262] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.832382][ T4262] device hsr_slave_0 entered promiscuous mode [ 70.839384][ T4262] device hsr_slave_1 entered promiscuous mode [ 70.846353][ T4262] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.854321][ T4262] Cannot create hsr debugfs directory [ 70.941299][ T4262] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.133493][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.140035][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.401292][ T4275] Bluetooth: hci0: command 0x0409 tx timeout [ 73.877805][ T4262] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.936357][ T4262] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.008179][ T4262] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.098867][ T4262] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.111476][ T4262] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.122682][ T4262] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.137572][ T4262] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.206632][ T4262] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.219356][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.227818][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.256227][ T4262] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.266227][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.276079][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.284754][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.291836][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.299932][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.328812][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.339669][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.348226][ T1265] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.355294][ T1265] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.365420][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.390965][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.403116][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 74.412635][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.421321][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 74.433895][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 74.443179][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.454501][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.462914][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.481193][ T4232] Bluetooth: hci0: command 0x041b tx timeout [ 74.492814][ T4262] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 74.504058][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 74.512856][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.522417][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.629682][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 74.638230][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 74.650317][ T4262] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.668065][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 74.678391][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.710737][ T144] device hsr_slave_0 left promiscuous mode [ 74.717112][ T144] device hsr_slave_1 left promiscuous mode [ 74.726944][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 74.734758][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 74.744255][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 74.752271][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 74.760047][ T144] device bridge_slave_1 left promiscuous mode [ 74.767219][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.780057][ T144] device bridge_slave_0 left promiscuous mode [ 74.787442][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.805390][ T144] device veth1_macvtap left promiscuous mode [ 74.811733][ T144] device veth0_macvtap left promiscuous mode [ 74.817799][ T144] device veth1_vlan left promiscuous mode [ 74.824345][ T144] device veth0_vlan left promiscuous mode [ 74.989148][ T144] team0 (unregistering): Port device team_slave_1 removed [ 75.006051][ T144] team0 (unregistering): Port device team_slave_0 removed [ 75.018961][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 75.033359][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 75.089658][ T144] bond0 (unregistering): Released all slaves [ 75.165232][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 75.173517][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.183187][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.191450][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.206473][ T4262] device veth0_vlan entered promiscuous mode [ 75.221104][ T4262] device veth1_vlan entered promiscuous mode [ 75.228277][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.256013][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 75.264582][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.274978][ T4262] device veth0_macvtap entered promiscuous mode [ 75.285476][ T4262] device veth1_macvtap entered promiscuous mode [ 75.302986][ T4262] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.311736][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 75.326107][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 75.334932][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 75.343893][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.355173][ T4262] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.366209][ T4262] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.375287][ T4262] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.384174][ T4262] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.393583][ T4262] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.408151][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.417064][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.467042][ T1265] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.493934][ T1265] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.501646][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.505896][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.509597][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.525950][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.573411][ T4284] [ 75.575763][ T4284] ====================================================== [ 75.582772][ T4284] WARNING: possible circular locking dependency detected [ 75.589774][ T4284] 5.15.178-syzkaller #0 Not tainted [ 75.594953][ T4284] ------------------------------------------------------ [ 75.601951][ T4284] syz.0.16/4284 is trying to acquire lock: [ 75.607733][ T4284] ffff88807429cc28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 75.618774][ T4284] [ 75.618774][ T4284] but task is already holding lock: [ 75.626115][ T4284] ffffffff8ded0008 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 75.635751][ T4284] [ 75.635751][ T4284] which lock already depends on the new lock. [ 75.635751][ T4284] [ 75.646134][ T4284] [ 75.646134][ T4284] the existing dependency chain (in reverse order) is: [ 75.655314][ T4284] [ 75.655314][ T4284] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 75.663314][ T4284] lock_acquire+0x1db/0x4f0 [ 75.668327][ T4284] __mutex_lock_common+0x1da/0x25a0 [ 75.674051][ T4284] mutex_lock_nested+0x17/0x20 [ 75.679318][ T4284] rfkill_register+0x30/0x880 [ 75.684506][ T4284] hci_register_dev+0x4dd/0xa50 [ 75.689865][ T4284] vhci_create_device+0x310/0x590 [ 75.695397][ T4284] vhci_write+0x382/0x430 [ 75.700231][ T4284] vfs_write+0xacd/0xe50 [ 75.704995][ T4284] ksys_write+0x1a2/0x2c0 [ 75.709841][ T4284] do_syscall_64+0x3b/0xb0 [ 75.714759][ T4284] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 75.721159][ T4284] [ 75.721159][ T4284] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 75.729153][ T4284] lock_acquire+0x1db/0x4f0 [ 75.734170][ T4284] __mutex_lock_common+0x1da/0x25a0 [ 75.739892][ T4284] mutex_lock_nested+0x17/0x20 [ 75.745160][ T4284] vhci_send_frame+0x8a/0xf0 [ 75.750254][ T4284] hci_send_frame+0x1af/0x2f0 [ 75.755440][ T4284] hci_tx_work+0xb2e/0x1a30 [ 75.760463][ T4284] process_one_work+0x8a1/0x10c0 [ 75.765925][ T4284] worker_thread+0xaca/0x1280 [ 75.771129][ T4284] kthread+0x3f6/0x4f0 [ 75.775702][ T4284] ret_from_fork+0x1f/0x30 [ 75.780631][ T4284] [ 75.780631][ T4284] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 75.789844][ T4284] lock_acquire+0x1db/0x4f0 [ 75.794859][ T4284] __flush_work+0xeb/0x1a0 [ 75.799779][ T4284] hci_dev_do_close+0x20a/0x1070 [ 75.805223][ T4284] hci_unregister_dev+0x2d7/0x580 [ 75.810756][ T4284] vhci_release+0x73/0xc0 [ 75.815589][ T4284] __fput+0x3fe/0x8e0 [ 75.820073][ T4284] task_work_run+0x129/0x1a0 [ 75.825168][ T4284] do_exit+0x6a3/0x2480 [ 75.829831][ T4284] do_group_exit+0x144/0x310 [ 75.834931][ T4284] get_signal+0xc66/0x14e0 [ 75.839859][ T4284] arch_do_signal_or_restart+0xc3/0x1890 [ 75.846003][ T4284] exit_to_user_mode_loop+0x97/0x130 [ 75.851795][ T4284] exit_to_user_mode_prepare+0xb1/0x140 [ 75.857853][ T4284] syscall_exit_to_user_mode+0x5d/0x240 [ 75.863915][ T4284] do_syscall_64+0x47/0xb0 [ 75.868851][ T4284] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 75.875265][ T4284] [ 75.875265][ T4284] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 75.882914][ T4284] lock_acquire+0x1db/0x4f0 [ 75.887934][ T4284] __mutex_lock_common+0x1da/0x25a0 [ 75.893645][ T4284] mutex_lock_nested+0x17/0x20 [ 75.898920][ T4284] bg_scan_update+0xa1/0x4a0 [ 75.904059][ T4284] process_one_work+0x8a1/0x10c0 [ 75.909541][ T4284] worker_thread+0xaca/0x1280 [ 75.914734][ T4284] kthread+0x3f6/0x4f0 [ 75.919315][ T4284] ret_from_fork+0x1f/0x30 [ 75.924240][ T4284] [ 75.924240][ T4284] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 75.934044][ T4284] validate_chain+0x1649/0x5930 [ 75.939409][ T4284] __lock_acquire+0x1295/0x1ff0 [ 75.944765][ T4284] lock_acquire+0x1db/0x4f0 [ 75.949778][ T4284] __flush_work+0xeb/0x1a0 [ 75.954720][ T4284] __cancel_work_timer+0x519/0x6a0 [ 75.960333][ T4284] hci_request_cancel_all+0xcb/0x300 [ 75.966138][ T4284] hci_dev_do_close+0x51/0x1070 [ 75.971496][ T4284] hci_rfkill_set_block+0x114/0x1a0 [ 75.977224][ T4284] rfkill_set_block+0x1e7/0x430 [ 75.982586][ T4284] rfkill_fop_write+0x5b7/0x790 [ 75.987950][ T4284] vfs_write+0x30c/0xe50 [ 75.992700][ T4284] ksys_write+0x1a2/0x2c0 [ 75.997540][ T4284] do_syscall_64+0x3b/0xb0 [ 76.002465][ T4284] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.008883][ T4284] [ 76.008883][ T4284] other info that might help us debug this: [ 76.008883][ T4284] [ 76.019114][ T4284] Chain exists of: [ 76.019114][ T4284] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 76.019114][ T4284] [ 76.034826][ T4284] Possible unsafe locking scenario: [ 76.034826][ T4284] [ 76.042265][ T4284] CPU0 CPU1 [ 76.047614][ T4284] ---- ---- [ 76.052962][ T4284] lock(rfkill_global_mutex); [ 76.057715][ T4284] lock(&data->open_mutex); [ 76.064810][ T4284] lock(rfkill_global_mutex); [ 76.072165][ T4284] lock((work_completion)(&hdev->bg_scan_update)); [ 76.078844][ T4284] [ 76.078844][ T4284] *** DEADLOCK *** [ 76.078844][ T4284] [ 76.086971][ T4284] 1 lock held by syz.0.16/4284: [ 76.091808][ T4284] #0: ffffffff8ded0008 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 76.101977][ T4284] [ 76.101977][ T4284] stack backtrace: [ 76.107855][ T4284] CPU: 0 PID: 4284 Comm: syz.0.16 Not tainted 5.15.178-syzkaller #0 [ 76.115842][ T4284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 76.125906][ T4284] Call Trace: [ 76.129178][ T4284] [ 76.132118][ T4284] dump_stack_lvl+0x1e3/0x2d0 [ 76.136818][ T4284] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 76.142443][ T4284] ? print_circular_bug+0x12b/0x1a0 [ 76.147717][ T4284] check_noncircular+0x2f8/0x3b0 [ 76.152674][ T4284] ? add_chain_block+0x850/0x850 [ 76.157713][ T4284] ? lockdep_lock+0x11f/0x2a0 [ 76.162384][ T4284] validate_chain+0x1649/0x5930 [ 76.167232][ T4284] ? validate_chain+0x112/0x5930 [ 76.172156][ T4284] ? reacquire_held_locks+0x660/0x660 [ 76.177528][ T4284] ? mark_lock+0x98/0x340 [ 76.181844][ T4284] ? look_up_lock_class+0x77/0x120 [ 76.186947][ T4284] ? register_lock_class+0x100/0x9a0 [ 76.192224][ T4284] ? mark_lock+0x98/0x340 [ 76.196543][ T4284] ? is_dynamic_key+0x1f0/0x1f0 [ 76.201381][ T4284] ? __lock_acquire+0x1295/0x1ff0 [ 76.206392][ T4284] ? mark_lock+0x98/0x340 [ 76.210722][ T4284] __lock_acquire+0x1295/0x1ff0 [ 76.215560][ T4284] lock_acquire+0x1db/0x4f0 [ 76.220062][ T4284] ? __flush_work+0xcf/0x1a0 [ 76.224641][ T4284] ? rcu_lock_release+0x5/0x20 [ 76.229392][ T4284] ? read_lock_is_recursive+0x10/0x10 [ 76.234753][ T4284] ? start_flush_work+0x776/0x820 [ 76.239787][ T4284] __flush_work+0xeb/0x1a0 [ 76.244189][ T4284] ? __flush_work+0xcf/0x1a0 [ 76.248770][ T4284] ? flush_work+0x20/0x20 [ 76.253110][ T4284] ? print_irqtrace_events+0x210/0x210 [ 76.258556][ T4284] ? lock_timer_base+0x260/0x260 [ 76.263484][ T4284] ? __cancel_work_timer+0x467/0x6a0 [ 76.268754][ T4284] __cancel_work_timer+0x519/0x6a0 [ 76.273857][ T4284] ? cancel_work_sync+0x20/0x20 [ 76.278705][ T4284] ? lockdep_hardirqs_on+0x94/0x130 [ 76.283904][ T4284] ? __cancel_work+0x2ef/0x380 [ 76.288665][ T4284] ? cancel_work+0x20/0x20 [ 76.293092][ T4284] ? print_irqtrace_events+0x210/0x210 [ 76.298545][ T4284] hci_request_cancel_all+0xcb/0x300 [ 76.303823][ T4284] hci_dev_do_close+0x51/0x1070 [ 76.308669][ T4284] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 76.314562][ T4284] ? _raw_spin_unlock+0x40/0x40 [ 76.319417][ T4284] hci_rfkill_set_block+0x114/0x1a0 [ 76.324617][ T4284] ? rcu_lock_release+0x20/0x20 [ 76.329462][ T4284] rfkill_set_block+0x1e7/0x430 [ 76.334310][ T4284] rfkill_fop_write+0x5b7/0x790 [ 76.339171][ T4284] ? mark_lock+0x98/0x340 [ 76.343490][ T4284] ? rfkill_fop_read+0x470/0x470 [ 76.348412][ T4284] ? fsnotify_perm+0x64/0x590 [ 76.353077][ T4284] ? security_file_permission+0x75/0xa0 [ 76.358615][ T4284] ? rfkill_fop_read+0x470/0x470 [ 76.363553][ T4284] vfs_write+0x30c/0xe50 [ 76.367786][ T4284] ? file_end_write+0x250/0x250 [ 76.372621][ T4284] ? read_lock_is_recursive+0x10/0x10 [ 76.377989][ T4284] ? __context_tracking_exit+0x4c/0x80 [ 76.383434][ T4284] ? __lock_acquire+0x1ff0/0x1ff0 [ 76.388446][ T4284] ? __fdget_pos+0x1e9/0x380 [ 76.393050][ T4284] ksys_write+0x1a2/0x2c0 [ 76.397363][ T4284] ? print_irqtrace_events+0x210/0x210 [ 76.402811][ T4284] ? __ia32_sys_read+0x80/0x80 [ 76.407571][ T4284] ? syscall_enter_from_user_mode+0x2e/0x240 [ 76.413553][ T4284] ? lockdep_hardirqs_on+0x94/0x130 [ 76.418759][ T4284] ? syscall_enter_from_user_mode+0x2e/0x240 [ 76.424733][ T4284] do_syscall_64+0x3b/0xb0 [ 76.429253][ T4284] ? clear_bhb_loop+0x15/0x70 [ 76.433923][ T4284] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.439825][ T4284] RIP: 0033:0x7f6195db9169 [ 76.444225][ T4284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.463829][ T4284] RSP: 002b:00007ffc73830638 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 76.472244][ T4284] RAX: ffffffffffffffda RBX: 00007f6195fd1fa0 RCX: 00007f6195db9169 [ 76.480204][ T4284] RDX: 0000000000000008 RSI: 0000400000000100 RDI: 0000000000000003 [ 76.488196][ T4284] RBP: 00007f6195e3a2a0 R08: 0000000000000000 R09: 0000000000000000 [ 76.496157][ T4284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.504116][ T4284] R13: 00007f6195fd1fa0 R14: 00007f6195fd1fa0 R15: 0000000000000003 [ 76.512080][ T4284] [ 76.570475][ T4234] Bluetooth: hci0: command 0x040f tx timeout