Warning: Permanently added '10.128.0.209' (ED25519) to the list of known hosts. 2025/11/01 06:05:46 parsed 1 programs [ 53.159112][ T4188] cgroup: Unknown subsys name 'net' [ 53.298876][ T4188] cgroup: Unknown subsys name 'rlimit' [ 54.541878][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 55.757463][ T4195] chnl_net:caif_netlink_parms(): no params data found [ 55.795248][ T4195] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.802680][ T4195] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.810765][ T4195] device bridge_slave_0 entered promiscuous mode [ 55.819744][ T4195] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.826908][ T4195] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.834920][ T4195] device bridge_slave_1 entered promiscuous mode [ 55.853957][ T4195] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.865011][ T4195] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.884824][ T4195] team0: Port device team_slave_0 added [ 55.892271][ T4195] team0: Port device team_slave_1 added [ 55.908010][ T4195] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.915050][ T4195] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.941012][ T4195] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.953271][ T4195] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.960383][ T4195] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.986319][ T4195] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.013073][ T4195] device hsr_slave_0 entered promiscuous mode [ 56.020168][ T4195] device hsr_slave_1 entered promiscuous mode [ 56.096779][ T4195] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.106900][ T4195] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.116096][ T4195] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.125116][ T4195] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.147836][ T4195] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.154968][ T4195] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.162646][ T4195] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.169726][ T4195] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.205564][ T4195] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.217767][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.227875][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.236548][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.244281][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.256253][ T4195] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.267605][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.276524][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.283616][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.305001][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.313699][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.320765][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.329262][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.337882][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.346337][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.354538][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.366378][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.376877][ T4195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.446825][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.454575][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.467070][ T4195] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.481986][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.499890][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.509325][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.517521][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.527492][ T4195] device veth0_vlan entered promiscuous mode [ 56.538513][ T4195] device veth1_vlan entered promiscuous mode [ 56.559284][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 56.567235][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 56.576903][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.589566][ T4195] device veth0_macvtap entered promiscuous mode [ 56.599335][ T4195] device veth1_macvtap entered promiscuous mode [ 56.618380][ T4195] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.626389][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.635668][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.647255][ T4195] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.655015][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.666503][ T4195] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.675442][ T4195] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.684462][ T4195] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.693153][ T4195] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.824562][ T154] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.007500][ T1519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.020434][ T1519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.031308][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.041688][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.049941][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.058667][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 59.548877][ T154] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.698022][ T154] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.749329][ T154] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/11/01 06:05:57 executed programs: 0 [ 62.544269][ T154] device hsr_slave_0 left promiscuous mode [ 62.550831][ T154] device hsr_slave_1 left promiscuous mode [ 62.558763][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 62.566853][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 62.576454][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 62.584368][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 62.591935][ T154] device bridge_slave_1 left promiscuous mode [ 62.599052][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.610756][ T154] device bridge_slave_0 left promiscuous mode [ 62.618005][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.634495][ T154] device veth1_macvtap left promiscuous mode [ 62.640629][ T154] device veth0_macvtap left promiscuous mode [ 62.647039][ T154] device veth1_vlan left promiscuous mode [ 62.652888][ T154] device veth0_vlan left promiscuous mode [ 62.771039][ T154] team0 (unregistering): Port device team_slave_1 removed [ 62.785233][ T154] team0 (unregistering): Port device team_slave_0 removed [ 62.798406][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 62.811305][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 62.857269][ T154] bond0 (unregistering): Released all slaves [ 63.034646][ T4311] chnl_net:caif_netlink_parms(): no params data found [ 63.116643][ T4311] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.124503][ T4311] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.132482][ T4311] device bridge_slave_0 entered promiscuous mode [ 63.140817][ T4311] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.148000][ T4311] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.156075][ T4311] device bridge_slave_1 entered promiscuous mode [ 63.180813][ T4311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.192266][ T4311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.220283][ T4311] team0: Port device team_slave_0 added [ 63.228116][ T4311] team0: Port device team_slave_1 added [ 63.264588][ T4311] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.271544][ T4311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.315674][ T4311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.343274][ T4311] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.350542][ T4311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.379734][ T4311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.437202][ T4311] device hsr_slave_0 entered promiscuous mode [ 63.444240][ T4311] device hsr_slave_1 entered promiscuous mode [ 64.015609][ T4311] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.027179][ T4311] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.046386][ T4311] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.066947][ T4311] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.195490][ T4311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.210378][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.221063][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.232506][ T4311] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.244492][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.255283][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.264016][ T1182] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.271079][ T1182] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.294431][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.302646][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.311724][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.321509][ T1182] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.328620][ T1182] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.339995][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.353077][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.376258][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.385783][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.394657][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.403782][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.416439][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.427018][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.439871][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.454397][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.469346][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.480488][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.584183][ T13] Bluetooth: hci0: command 0x0409 tx timeout [ 64.669219][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.685209][ T1182] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.698628][ T4311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.720587][ T1519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.731431][ T1519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.752790][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.765007][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.776361][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.784840][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.793600][ T4311] device veth0_vlan entered promiscuous mode [ 64.807782][ T4311] device veth1_vlan entered promiscuous mode [ 64.828933][ T1519] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.839486][ T1519] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.860958][ T1519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.875861][ T1519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.888482][ T4311] device veth0_macvtap entered promiscuous mode [ 64.898898][ T4311] device veth1_macvtap entered promiscuous mode [ 64.917529][ T4311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.927315][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.936840][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.945192][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.954248][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.968718][ T4311] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.976970][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.986885][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.997356][ T4311] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.007469][ T4311] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.016339][ T4311] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.028739][ T4311] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.049871][ T154] ODEBUG: Out of memory. ODEBUG disabled [ 65.108962][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.133812][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.145223][ T1182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.153163][ T1182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.176336][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.190611][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.671193][ T4444] [ 65.673563][ T4444] ====================================================== [ 65.680575][ T4444] WARNING: possible circular locking dependency detected [ 65.687622][ T4444] syzkaller #0 Not tainted [ 65.692098][ T4444] ------------------------------------------------------ [ 65.699084][ T4444] syz.0.17/4444 is trying to acquire lock: [ 65.704881][ T4444] ffff888022cd8c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 65.715903][ T4444] [ 65.715903][ T4444] but task is already holding lock: [ 65.723245][ T4444] ffffffff8d4c0f28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 65.732991][ T4444] [ 65.732991][ T4444] which lock already depends on the new lock. [ 65.732991][ T4444] [ 65.743387][ T4444] [ 65.743387][ T4444] the existing dependency chain (in reverse order) is: [ 65.752398][ T4444] [ 65.752398][ T4444] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 65.760478][ T4444] __mutex_lock_common+0x1eb/0x2390 [ 65.766212][ T4444] mutex_lock_nested+0x17/0x20 [ 65.771503][ T4444] rfkill_register+0x33/0x8a0 [ 65.776710][ T4444] hci_register_dev+0x452/0x970 [ 65.782088][ T4444] vhci_create_device+0x32c/0x5c0 [ 65.787638][ T4444] vhci_write+0x391/0x450 [ 65.792494][ T4444] vfs_write+0x712/0xd00 [ 65.797261][ T4444] ksys_write+0x14d/0x250 [ 65.802110][ T4444] do_syscall_64+0x4c/0xa0 [ 65.807044][ T4444] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.813461][ T4444] [ 65.813461][ T4444] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 65.821279][ T4444] __mutex_lock_common+0x1eb/0x2390 [ 65.826998][ T4444] mutex_lock_nested+0x17/0x20 [ 65.832314][ T4444] vhci_send_frame+0x88/0x100 [ 65.837514][ T4444] hci_send_frame+0x1a9/0x2e0 [ 65.842713][ T4444] hci_tx_work+0x9f9/0x1710 [ 65.847747][ T4444] process_one_work+0x863/0x1000 [ 65.853208][ T4444] worker_thread+0xaa8/0x12a0 [ 65.858406][ T4444] kthread+0x436/0x520 [ 65.862988][ T4444] ret_from_fork+0x1f/0x30 [ 65.867921][ T4444] [ 65.867921][ T4444] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 65.877123][ T4444] __flush_work+0xdd/0x1b0 [ 65.882058][ T4444] hci_dev_do_close+0x1e7/0x1030 [ 65.887515][ T4444] hci_unregister_dev+0x2d7/0x580 [ 65.893065][ T4444] vhci_release+0x73/0xc0 [ 65.897912][ T4444] __fput+0x234/0x930 [ 65.902413][ T4444] task_work_run+0x125/0x1a0 [ 65.907531][ T4444] do_exit+0x61e/0x20a0 [ 65.912213][ T4444] do_group_exit+0x12e/0x300 [ 65.917383][ T4444] get_signal+0x6ca/0x12c0 [ 65.922320][ T4444] arch_do_signal_or_restart+0xc1/0x1300 [ 65.928474][ T4444] exit_to_user_mode_loop+0x9e/0x130 [ 65.934282][ T4444] exit_to_user_mode_prepare+0xee/0x180 [ 65.940353][ T4444] syscall_exit_to_user_mode+0x16/0x40 [ 65.946334][ T4444] do_syscall_64+0x58/0xa0 [ 65.951267][ T4444] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.957678][ T4444] [ 65.957678][ T4444] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 65.965316][ T4444] __mutex_lock_common+0x1eb/0x2390 [ 65.971037][ T4444] mutex_lock_nested+0x17/0x20 [ 65.976321][ T4444] bg_scan_update+0x44/0x3b0 [ 65.981432][ T4444] process_one_work+0x863/0x1000 [ 65.986892][ T4444] worker_thread+0xaa8/0x12a0 [ 65.992176][ T4444] kthread+0x436/0x520 [ 65.996775][ T4444] ret_from_fork+0x1f/0x30 [ 66.001711][ T4444] [ 66.001711][ T4444] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 66.011521][ T4444] __lock_acquire+0x2c33/0x7c60 [ 66.016897][ T4444] lock_acquire+0x197/0x3f0 [ 66.021923][ T4444] __flush_work+0xdd/0x1b0 [ 66.026859][ T4444] __cancel_work_timer+0x3ac/0x520 [ 66.032497][ T4444] hci_request_cancel_all+0xcc/0x300 [ 66.038305][ T4444] hci_dev_do_close+0x4e/0x1030 [ 66.043678][ T4444] hci_rfkill_set_block+0x10a/0x190 [ 66.049402][ T4444] rfkill_set_block+0x1c6/0x420 [ 66.054775][ T4444] rfkill_fop_write+0x458/0x560 [ 66.060146][ T4444] vfs_write+0x300/0xd00 [ 66.064919][ T4444] ksys_write+0x14d/0x250 [ 66.069775][ T4444] do_syscall_64+0x4c/0xa0 [ 66.074715][ T4444] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.081135][ T4444] [ 66.081135][ T4444] other info that might help us debug this: [ 66.081135][ T4444] [ 66.091365][ T4444] Chain exists of: [ 66.091365][ T4444] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 66.091365][ T4444] [ 66.107216][ T4444] Possible unsafe locking scenario: [ 66.107216][ T4444] [ 66.114663][ T4444] CPU0 CPU1 [ 66.120029][ T4444] ---- ---- [ 66.125385][ T4444] lock(rfkill_global_mutex); [ 66.130155][ T4444] lock(&data->open_mutex); [ 66.137264][ T4444] lock(rfkill_global_mutex); [ 66.144549][ T4444] lock((work_completion)(&hdev->bg_scan_update)); [ 66.151149][ T4444] [ 66.151149][ T4444] *** DEADLOCK *** [ 66.151149][ T4444] [ 66.159323][ T4444] 1 lock held by syz.0.17/4444: [ 66.164172][ T4444] #0: ffffffff8d4c0f28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 66.174274][ T4444] [ 66.174274][ T4444] stack backtrace: [ 66.180159][ T4444] CPU: 0 PID: 4444 Comm: syz.0.17 Not tainted syzkaller #0 [ 66.187351][ T4444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 66.197419][ T4444] Call Trace: [ 66.200700][ T4444] [ 66.203629][ T4444] dump_stack_lvl+0x168/0x230 [ 66.208324][ T4444] ? load_image+0x3b0/0x3b0 [ 66.212832][ T4444] ? show_regs_print_info+0x20/0x20 [ 66.218037][ T4444] ? print_circular_bug+0x12b/0x1a0 [ 66.223392][ T4444] check_noncircular+0x274/0x310 [ 66.228335][ T4444] ? add_chain_block+0x940/0x940 [ 66.233308][ T4444] ? lockdep_lock+0xdc/0x1e0 [ 66.237906][ T4444] ? __lock_acquire+0x12d9/0x7c60 [ 66.242935][ T4444] ? lockdep_lock+0x1e0/0x1e0 [ 66.247612][ T4444] ? mark_lock+0x94/0x320 [ 66.251946][ T4444] __lock_acquire+0x2c33/0x7c60 [ 66.256904][ T4444] ? rcu_lock_release+0x5/0x20 [ 66.261670][ T4444] ? verify_lock_unused+0x140/0x140 [ 66.266874][ T4444] lock_acquire+0x197/0x3f0 [ 66.271381][ T4444] ? __flush_work+0xc1/0x1b0 [ 66.276064][ T4444] ? __lock_acquire+0x7c60/0x7c60 [ 66.281115][ T4444] ? read_lock_is_recursive+0x10/0x10 [ 66.286553][ T4444] ? start_flush_work+0x776/0x820 [ 66.291589][ T4444] __flush_work+0xdd/0x1b0 [ 66.296004][ T4444] ? __flush_work+0xc1/0x1b0 [ 66.300591][ T4444] ? flush_work+0x20/0x20 [ 66.304928][ T4444] ? try_to_grab_pending+0xf3/0x7e0 [ 66.310141][ T4444] ? lockdep_hardirqs_off+0x70/0x100 [ 66.315427][ T4444] ? mark_lock+0x94/0x320 [ 66.319757][ T4444] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 66.325742][ T4444] ? lock_chain_count+0x20/0x20 [ 66.330593][ T4444] ? mark_lock+0x94/0x320 [ 66.334923][ T4444] ? __cancel_work_timer+0x331/0x520 [ 66.340210][ T4444] __cancel_work_timer+0x3ac/0x520 [ 66.345324][ T4444] ? cancel_work_sync+0x20/0x20 [ 66.350174][ T4444] ? __cancel_work+0x1f4/0x2d0 [ 66.354938][ T4444] ? lockdep_hardirqs_on+0x94/0x140 [ 66.360144][ T4444] ? __cancel_work+0x26f/0x2d0 [ 66.364911][ T4444] ? cancel_work+0x20/0x20 [ 66.369324][ T4444] ? lock_chain_count+0x20/0x20 [ 66.374178][ T4444] hci_request_cancel_all+0xcc/0x300 [ 66.379469][ T4444] hci_dev_do_close+0x4e/0x1030 [ 66.384319][ T4444] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 66.390214][ T4444] ? _raw_spin_unlock+0x40/0x40 [ 66.395067][ T4444] hci_rfkill_set_block+0x10a/0x190 [ 66.400273][ T4444] ? rcu_lock_release+0x20/0x20 [ 66.405174][ T4444] rfkill_set_block+0x1c6/0x420 [ 66.410033][ T4444] rfkill_fop_write+0x458/0x560 [ 66.414888][ T4444] ? verify_lock_unused+0x140/0x140 [ 66.420090][ T4444] ? rfkill_fop_read+0x4b0/0x4b0 [ 66.425036][ T4444] ? common_file_perm+0x130/0x1c0 [ 66.430063][ T4444] ? fsnotify_perm+0x5d/0x560 [ 66.434744][ T4444] ? security_file_permission+0x75/0xa0 [ 66.440289][ T4444] ? rfkill_fop_read+0x4b0/0x4b0 [ 66.445229][ T4444] vfs_write+0x300/0xd00 [ 66.449472][ T4444] ? file_end_write+0x250/0x250 [ 66.454331][ T4444] ? __context_tracking_exit+0x4c/0x80 [ 66.459796][ T4444] ? __lock_acquire+0x7c60/0x7c60 [ 66.464825][ T4444] ? __fdget_pos+0x1e2/0x370 [ 66.469414][ T4444] ksys_write+0x14d/0x250 [ 66.473741][ T4444] ? __ia32_sys_read+0x80/0x80 [ 66.478662][ T4444] ? lockdep_hardirqs_on+0x94/0x140 [ 66.483872][ T4444] do_syscall_64+0x4c/0xa0 [ 66.488290][ T4444] ? clear_bhb_loop+0x30/0x80 [ 66.492968][ T4444] ? clear_bhb_loop+0x30/0x80 [ 66.497650][ T4444] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.503559][ T4444] RIP: 0033:0x7f2d19a41fc9 [ 66.507977][ T4444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.528004][ T4444] RSP: 002b:00007ffcee3bbf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 66.536433][ T4444] RAX: ffffffffffffffda RBX: 00007f2d19c98fa0 RCX: 00007f2d19a41fc9 [ 66.544412][ T4444] RDX: 0000000000000008 RSI: 0000200000000300 RDI: 0000000000000003 [ 66.552395][ T4444] RBP: 00007f2d19ac4f91 R08: 0000000000000000 R09: 0000000000000000 [ 66.560378][ T4444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 66.568447][ T4444] R13: 00007f2d19c98fa0 R14: 00007f2d19c98fa0 R15: 0000000000000003 [ 66.576433][ T4444]