Warning: Permanently added '10.128.0.230' (ED25519) to the list of known hosts. 2025/06/05 08:33:58 ignoring optional flag "sandboxArg"="0" 2025/06/05 08:33:59 parsed 1 programs [ 53.646184][ T4174] cgroup: Unknown subsys name 'net' [ 53.782545][ T4174] cgroup: Unknown subsys name 'rlimit' [ 54.951718][ T4174] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 56.373829][ T4190] chnl_net:caif_netlink_parms(): no params data found [ 56.408177][ T4190] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.415822][ T4190] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.424271][ T4190] device bridge_slave_0 entered promiscuous mode [ 56.434474][ T4190] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.441800][ T4190] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.449435][ T4190] device bridge_slave_1 entered promiscuous mode [ 56.467359][ T4190] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.478369][ T4190] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.499346][ T4190] team0: Port device team_slave_0 added [ 56.506154][ T4190] team0: Port device team_slave_1 added [ 56.521976][ T4190] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.528984][ T4190] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.555519][ T4190] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.569820][ T4190] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.576771][ T4190] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.602784][ T4190] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.627001][ T4190] device hsr_slave_0 entered promiscuous mode [ 56.634018][ T4190] device hsr_slave_1 entered promiscuous mode [ 56.705298][ T4190] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.714812][ T4190] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.723669][ T4190] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.732601][ T4190] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.754048][ T4190] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.761186][ T4190] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.768954][ T4190] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.776001][ T4190] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.812556][ T4190] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.829526][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.841746][ T1421] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.850441][ T1421] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.861431][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.875794][ T4190] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.888157][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.896655][ T1421] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.903788][ T1421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.929395][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.940333][ T1195] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.947411][ T1195] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.957128][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.969344][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.000715][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.010239][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.020586][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.033242][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.170709][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 57.180344][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 57.194806][ T4190] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.220452][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.244686][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.254459][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.264827][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.275882][ T4190] device veth0_vlan entered promiscuous mode [ 57.291354][ T4190] device veth1_vlan entered promiscuous mode [ 57.320844][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 57.331156][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 57.341085][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.353258][ T4190] device veth0_macvtap entered promiscuous mode [ 57.364005][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.374764][ T4190] device veth1_macvtap entered promiscuous mode [ 57.399245][ T4190] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.407063][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.418764][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.431647][ T4190] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.439461][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.449239][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.461158][ T4190] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.481111][ T4190] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.490177][ T4190] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.499108][ T4190] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.723664][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.737964][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.746858][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.771630][ T1421] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.779634][ T1421] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.790672][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.133818][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/06/05 08:34:07 executed programs: 0 [ 59.713364][ T4254] chnl_net:caif_netlink_parms(): no params data found [ 59.745309][ T4254] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.752578][ T4254] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.760876][ T4254] device bridge_slave_0 entered promiscuous mode [ 59.769636][ T4254] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.776744][ T4254] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.784818][ T4254] device bridge_slave_1 entered promiscuous mode [ 59.805938][ T4254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.817164][ T4254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.837571][ T4254] team0: Port device team_slave_0 added [ 59.844614][ T4254] team0: Port device team_slave_1 added [ 59.859924][ T4254] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.866877][ T4254] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.893256][ T4254] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.904799][ T4254] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.911784][ T4254] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.938062][ T4254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.973598][ T4254] device hsr_slave_0 entered promiscuous mode [ 59.980603][ T4254] device hsr_slave_1 entered promiscuous mode [ 59.987201][ T4254] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.995069][ T4254] Cannot create hsr debugfs directory [ 60.843571][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.709019][ T2377] Bluetooth: hci0: command 0x0409 tx timeout [ 62.781711][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.836121][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.707016][ T4254] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.722569][ T4254] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.732125][ T4254] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.740722][ T4254] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.788098][ T21] Bluetooth: hci0: command 0x041b tx timeout [ 63.804562][ T4254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.825496][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.834253][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.845977][ T9] device hsr_slave_0 left promiscuous mode [ 63.853109][ T9] device hsr_slave_1 left promiscuous mode [ 63.859963][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 63.867377][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 63.876593][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 63.884360][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 63.892307][ T9] device bridge_slave_1 left promiscuous mode [ 63.900734][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.912493][ T9] device bridge_slave_0 left promiscuous mode [ 63.920064][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.933942][ T9] device veth1_macvtap left promiscuous mode [ 63.940420][ T9] device veth0_macvtap left promiscuous mode [ 63.946424][ T9] device veth1_vlan left promiscuous mode [ 63.952453][ T9] device veth0_vlan left promiscuous mode [ 64.062040][ T9] team0 (unregistering): Port device team_slave_1 removed [ 64.072953][ T9] team0 (unregistering): Port device team_slave_0 removed [ 64.084186][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 64.096116][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 64.144109][ T9] bond0 (unregistering): Released all slaves [ 64.194056][ T4254] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.203403][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.212428][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.221074][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.228178][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.237996][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.250688][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.259772][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.269291][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.276351][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.286723][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.311545][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.320167][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.329406][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.337875][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.346259][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.355960][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.369025][ T4254] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 64.379706][ T4254] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.391269][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.401070][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.410127][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.424255][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.432730][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.512318][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.519842][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.532176][ T4254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.545702][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.554735][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.572153][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.580761][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.592058][ T4254] device veth0_vlan entered promiscuous mode [ 64.599617][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.608508][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.619772][ T4254] device veth1_vlan entered promiscuous mode [ 64.634881][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.643333][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.652310][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.660871][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.673538][ T4254] device veth0_macvtap entered promiscuous mode [ 64.684767][ T4254] device veth1_macvtap entered promiscuous mode [ 64.704831][ T4254] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.714382][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.725244][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.733460][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.743423][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.769100][ T4254] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.778436][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.789321][ T1421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.799356][ T4254] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.808297][ T4254] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.817011][ T4254] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.826083][ T4254] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.897475][ T1421] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.918754][ T1421] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.927887][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 64.951596][ T1421] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.960241][ T1421] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.971087][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.082665][ T4302] [ 65.085037][ T4302] ====================================================== [ 65.092083][ T4302] WARNING: possible circular locking dependency detected [ 65.099113][ T4302] 5.15.185-syzkaller #0 Not tainted [ 65.104318][ T4302] ------------------------------------------------------ [ 65.111346][ T4302] syz.0.16/4302 is trying to acquire lock: [ 65.117168][ T4302] ffff8880236dcc28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 65.128228][ T4302] [ 65.128228][ T4302] but task is already holding lock: [ 65.135606][ T4302] ffffffff8d4b2748 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 65.145279][ T4302] [ 65.145279][ T4302] which lock already depends on the new lock. [ 65.145279][ T4302] [ 65.155687][ T4302] [ 65.155687][ T4302] the existing dependency chain (in reverse order) is: [ 65.164718][ T4302] [ 65.164718][ T4302] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 65.177517][ T4302] __mutex_lock_common+0x1eb/0x2390 [ 65.183275][ T4302] mutex_lock_nested+0x17/0x20 [ 65.188583][ T4302] rfkill_register+0x33/0x8a0 [ 65.193798][ T4302] hci_register_dev+0x452/0x970 [ 65.199202][ T4302] vhci_create_device+0x32c/0x5c0 [ 65.204773][ T4302] vhci_write+0x391/0x450 [ 65.209652][ T4302] vfs_write+0x712/0xd00 [ 65.214433][ T4302] ksys_write+0x14d/0x250 [ 65.219301][ T4302] do_syscall_64+0x4c/0xa0 [ 65.224277][ T4302] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.230730][ T4302] [ 65.230730][ T4302] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 65.238573][ T4302] __mutex_lock_common+0x1eb/0x2390 [ 65.244316][ T4302] mutex_lock_nested+0x17/0x20 [ 65.249627][ T4302] vhci_send_frame+0x88/0x100 [ 65.254868][ T4302] hci_send_frame+0x1a9/0x2e0 [ 65.260114][ T4302] hci_tx_work+0x9f9/0x1710 [ 65.265180][ T4302] process_one_work+0x863/0x1000 [ 65.270656][ T4302] worker_thread+0xaa8/0x12a0 [ 65.275871][ T4302] kthread+0x436/0x520 [ 65.280479][ T4302] ret_from_fork+0x1f/0x30 [ 65.285436][ T4302] [ 65.285436][ T4302] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 65.294672][ T4302] __flush_work+0xdd/0x1b0 [ 65.299697][ T4302] hci_dev_do_close+0x1e7/0x1030 [ 65.305161][ T4302] hci_unregister_dev+0x2d7/0x580 [ 65.310707][ T4302] vhci_release+0x73/0xc0 [ 65.315573][ T4302] __fput+0x234/0x930 [ 65.320095][ T4302] task_work_run+0x125/0x1a0 [ 65.325212][ T4302] do_exit+0x616/0x20a0 [ 65.329908][ T4302] do_group_exit+0x12e/0x300 [ 65.335015][ T4302] get_signal+0x6ca/0x12c0 [ 65.339942][ T4302] arch_do_signal_or_restart+0xc1/0x1300 [ 65.346090][ T4302] exit_to_user_mode_loop+0x9e/0x130 [ 65.351892][ T4302] exit_to_user_mode_prepare+0xb1/0x140 [ 65.357956][ T4302] syscall_exit_to_user_mode+0x16/0x40 [ 65.363935][ T4302] do_syscall_64+0x58/0xa0 [ 65.368863][ T4302] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.375272][ T4302] [ 65.375272][ T4302] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 65.382916][ T4302] __mutex_lock_common+0x1eb/0x2390 [ 65.388626][ T4302] mutex_lock_nested+0x17/0x20 [ 65.393914][ T4302] bg_scan_update+0x44/0x3b0 [ 65.399149][ T4302] process_one_work+0x863/0x1000 [ 65.404620][ T4302] worker_thread+0xaa8/0x12a0 [ 65.409830][ T4302] kthread+0x436/0x520 [ 65.414435][ T4302] ret_from_fork+0x1f/0x30 [ 65.419377][ T4302] [ 65.419377][ T4302] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 65.429190][ T4302] __lock_acquire+0x2c33/0x7c60 [ 65.434555][ T4302] lock_acquire+0x197/0x3f0 [ 65.439572][ T4302] __flush_work+0xdd/0x1b0 [ 65.444501][ T4302] __cancel_work_timer+0x3ac/0x520 [ 65.450207][ T4302] hci_request_cancel_all+0xcc/0x300 [ 65.456007][ T4302] hci_dev_do_close+0x4e/0x1030 [ 65.461378][ T4302] hci_rfkill_set_block+0x10a/0x190 [ 65.467101][ T4302] rfkill_set_block+0x1c6/0x420 [ 65.472464][ T4302] rfkill_fop_write+0x458/0x560 [ 65.477825][ T4302] vfs_write+0x300/0xd00 [ 65.482585][ T4302] ksys_write+0x14d/0x250 [ 65.487427][ T4302] do_syscall_64+0x4c/0xa0 [ 65.492352][ T4302] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.498765][ T4302] [ 65.498765][ T4302] other info that might help us debug this: [ 65.498765][ T4302] [ 65.509124][ T4302] Chain exists of: [ 65.509124][ T4302] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 65.509124][ T4302] [ 65.524949][ T4302] Possible unsafe locking scenario: [ 65.524949][ T4302] [ 65.532398][ T4302] CPU0 CPU1 [ 65.537838][ T4302] ---- ---- [ 65.543190][ T4302] lock(rfkill_global_mutex); [ 65.548121][ T4302] lock(&data->open_mutex); [ 65.555219][ T4302] lock(rfkill_global_mutex); [ 65.562488][ T4302] lock((work_completion)(&hdev->bg_scan_update)); [ 65.569063][ T4302] [ 65.569063][ T4302] *** DEADLOCK *** [ 65.569063][ T4302] [ 65.577196][ T4302] 1 lock held by syz.0.16/4302: [ 65.582042][ T4302] #0: ffffffff8d4b2748 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 65.592127][ T4302] [ 65.592127][ T4302] stack backtrace: [ 65.598004][ T4302] CPU: 1 PID: 4302 Comm: syz.0.16 Not tainted 5.15.185-syzkaller #0 [ 65.605977][ T4302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 65.616111][ T4302] Call Trace: [ 65.619398][ T4302] [ 65.622321][ T4302] dump_stack_lvl+0x168/0x230 [ 65.626997][ T4302] ? load_image+0x3b0/0x3b0 [ 65.631504][ T4302] ? show_regs_print_info+0x20/0x20 [ 65.636713][ T4302] ? print_circular_bug+0x12b/0x1a0 [ 65.641910][ T4302] check_noncircular+0x274/0x310 [ 65.647031][ T4302] ? add_chain_block+0x940/0x940 [ 65.651963][ T4302] ? lockdep_lock+0xdc/0x1e0 [ 65.656561][ T4302] ? __lock_acquire+0x12d9/0x7c60 [ 65.661603][ T4302] ? lockdep_lock+0x1e0/0x1e0 [ 65.666288][ T4302] ? mark_lock+0x94/0x320 [ 65.670616][ T4302] __lock_acquire+0x2c33/0x7c60 [ 65.675467][ T4302] ? verify_lock_unused+0x140/0x140 [ 65.680658][ T4302] ? verify_lock_unused+0x140/0x140 [ 65.685861][ T4302] lock_acquire+0x197/0x3f0 [ 65.690361][ T4302] ? __flush_work+0xc1/0x1b0 [ 65.694945][ T4302] ? __lock_acquire+0x7c60/0x7c60 [ 65.699964][ T4302] ? read_lock_is_recursive+0x10/0x10 [ 65.705330][ T4302] ? start_flush_work+0x776/0x820 [ 65.710353][ T4302] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 65.716242][ T4302] ? _raw_spin_unlock+0x40/0x40 [ 65.721086][ T4302] __flush_work+0xdd/0x1b0 [ 65.725509][ T4302] ? __flush_work+0xc1/0x1b0 [ 65.730177][ T4302] ? flush_work+0x20/0x20 [ 65.734494][ T4302] ? try_to_grab_pending+0xf3/0x7e0 [ 65.739691][ T4302] ? lockdep_hardirqs_off+0x70/0x100 [ 65.744979][ T4302] ? mark_lock+0x94/0x320 [ 65.749303][ T4302] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 65.755311][ T4302] ? lock_chain_count+0x20/0x20 [ 65.760156][ T4302] ? mark_lock+0x94/0x320 [ 65.764477][ T4302] ? __cancel_work_timer+0x331/0x520 [ 65.769754][ T4302] __cancel_work_timer+0x3ac/0x520 [ 65.774857][ T4302] ? cancel_work_sync+0x20/0x20 [ 65.779709][ T4302] ? __cancel_work+0x1f4/0x2d0 [ 65.784465][ T4302] ? lockdep_hardirqs_on+0x94/0x140 [ 65.789657][ T4302] ? __cancel_work+0x26f/0x2d0 [ 65.794419][ T4302] ? cancel_work+0x20/0x20 [ 65.798827][ T4302] ? lock_chain_count+0x20/0x20 [ 65.803673][ T4302] hci_request_cancel_all+0xcc/0x300 [ 65.808957][ T4302] hci_dev_do_close+0x4e/0x1030 [ 65.813801][ T4302] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 65.819688][ T4302] ? _raw_spin_unlock+0x40/0x40 [ 65.824534][ T4302] hci_rfkill_set_block+0x10a/0x190 [ 65.829721][ T4302] ? rcu_lock_release+0x20/0x20 [ 65.834562][ T4302] rfkill_set_block+0x1c6/0x420 [ 65.839405][ T4302] rfkill_fop_write+0x458/0x560 [ 65.844249][ T4302] ? verify_lock_unused+0x140/0x140 [ 65.849721][ T4302] ? rfkill_fop_read+0x4b0/0x4b0 [ 65.854661][ T4302] ? common_file_perm+0x160/0x1c0 [ 65.859679][ T4302] ? fsnotify_perm+0x5d/0x560 [ 65.864351][ T4302] ? security_file_permission+0x75/0xa0 [ 65.869903][ T4302] ? rfkill_fop_read+0x4b0/0x4b0 [ 65.874829][ T4302] vfs_write+0x300/0xd00 [ 65.879065][ T4302] ? file_end_write+0x250/0x250 [ 65.883907][ T4302] ? __context_tracking_exit+0x4c/0x80 [ 65.889361][ T4302] ? __lock_acquire+0x7c60/0x7c60 [ 65.894383][ T4302] ? __fdget_pos+0x1e2/0x370 [ 65.898967][ T4302] ksys_write+0x14d/0x250 [ 65.903287][ T4302] ? __ia32_sys_read+0x80/0x80 [ 65.908065][ T4302] ? lockdep_hardirqs_on+0x94/0x140 [ 65.913258][ T4302] do_syscall_64+0x4c/0xa0 [ 65.917667][ T4302] ? clear_bhb_loop+0x30/0x80 [ 65.922339][ T4302] ? clear_bhb_loop+0x30/0x80 [ 65.927006][ T4302] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.932894][ T4302] RIP: 0033:0x7fc2bf5f4929 [ 65.937304][ T4302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.956905][ T4302] RSP: 002b:00007ffdcfc34fc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 65.965313][ T4302] RAX: ffffffffffffffda RBX: 00007fc2bf81bfa0 RCX: 00007fc2bf5f4929 [ 65.973282][ T4302] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000003 [ 65.981247][ T4302] RBP: 00007fc2bf676b39 R08: 0000000000000000 R09: 0000000000000000 [ 65.989210][ T4302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 65.997270][ T4302] R13: 00007fc2bf81bfa0 R14: 00007fc2bf81bfa0 R15: 0000000000000003 [ 66.005238][ T4302] [ 66.016066][ T21] Bluetooth: hci0: command 0x040f tx timeout