Warning: Permanently added '10.128.0.161' (ED25519) to the list of known hosts. 2025/11/07 19:29:57 parsed 1 programs [ 53.840309][ T4188] cgroup: Unknown subsys name 'net' [ 53.977531][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 55.214484][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 56.685421][ T472] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.704178][ T472] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.710767][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.720126][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.730586][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 56.739225][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.854450][ T4277] chnl_net:caif_netlink_parms(): no params data found [ 58.891830][ T4277] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.899514][ T4277] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.907405][ T4277] device bridge_slave_0 entered promiscuous mode [ 58.916254][ T4277] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.923407][ T4277] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.931073][ T4277] device bridge_slave_1 entered promiscuous mode [ 58.950022][ T4277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.960729][ T4277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.981691][ T4277] team0: Port device team_slave_0 added [ 58.989537][ T4277] team0: Port device team_slave_1 added [ 59.005392][ T4277] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.012335][ T4277] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.038371][ T4277] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.050499][ T4277] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.057503][ T4277] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.083580][ T4277] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.110052][ T4277] device hsr_slave_0 entered promiscuous mode [ 59.117362][ T4277] device hsr_slave_1 entered promiscuous mode [ 59.202147][ T4277] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.212855][ T4277] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.238443][ T4277] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.247197][ T4277] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.286582][ T4277] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.293752][ T4277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.301482][ T4277] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.308654][ T4277] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.364662][ T4277] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.376229][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.386613][ T1275] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.397301][ T1275] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.405273][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 59.442551][ T4277] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.453023][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.461537][ T1275] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.468620][ T1275] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.482318][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.491257][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.498342][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.527490][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.537244][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.548475][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.560686][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.589402][ T4277] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.601536][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.609707][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.707749][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.715414][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.730407][ T4277] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.762828][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.781323][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.790050][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.798455][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.809215][ T4277] device veth0_vlan entered promiscuous mode [ 59.835937][ T4277] device veth1_vlan entered promiscuous mode [ 59.844757][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 59.864308][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.874897][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.885478][ T4277] device veth0_macvtap entered promiscuous mode [ 59.914048][ T4277] device veth1_macvtap entered promiscuous mode [ 59.927211][ T4277] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.935836][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 59.944443][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 59.952373][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 59.961729][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.978205][ T4277] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.987081][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.996361][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 60.025987][ T4277] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.035498][ T4277] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.044393][ T4277] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.054104][ T4277] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.182956][ T4277] syz-executor (4277) used greatest stack depth: 20320 bytes left 2025/11/07 19:30:05 executed programs: 0 [ 60.731455][ T4301] chnl_net:caif_netlink_parms(): no params data found [ 60.793797][ T4301] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.800950][ T4301] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.811398][ T4301] device bridge_slave_0 entered promiscuous mode [ 60.820218][ T4301] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.829595][ T4301] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.837717][ T4301] device bridge_slave_1 entered promiscuous mode [ 60.870731][ T4301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.882228][ T4301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.915246][ T4301] team0: Port device team_slave_0 added [ 60.930504][ T4301] team0: Port device team_slave_1 added [ 60.961365][ T4301] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.968455][ T4301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.994391][ T4301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.007540][ T4301] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.014654][ T4301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.041125][ T4301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.076813][ T4301] device hsr_slave_0 entered promiscuous mode [ 61.084814][ T4301] device hsr_slave_1 entered promiscuous mode [ 61.091260][ T4301] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.099279][ T4301] Cannot create hsr debugfs directory [ 61.184316][ T4301] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.683101][ T1108] Bluetooth: hci0: command 0x0409 tx timeout [ 63.777821][ T4301] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.763015][ T4271] Bluetooth: hci0: command 0x041b tx timeout [ 65.186946][ T4301] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.238246][ T4301] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.439595][ T4301] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.448613][ T4301] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.457351][ T4301] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.476090][ T4301] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.518969][ T4301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.530260][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.538388][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.548376][ T4301] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.566085][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.574685][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.583596][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.590663][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.598966][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.609423][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.618902][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.627262][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.634335][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.654091][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.663004][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.671507][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.680295][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.689970][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.698726][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.707397][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.717802][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.726409][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.739743][ T154] device hsr_slave_0 left promiscuous mode [ 65.746217][ T154] device hsr_slave_1 left promiscuous mode [ 65.752753][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.760166][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 65.768874][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.777015][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 65.784759][ T154] device bridge_slave_1 left promiscuous mode [ 65.791528][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.807021][ T154] device bridge_slave_0 left promiscuous mode [ 65.813639][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.828431][ T154] device veth1_macvtap left promiscuous mode [ 65.834839][ T154] device veth0_macvtap left promiscuous mode [ 65.840853][ T154] device veth1_vlan left promiscuous mode [ 65.847356][ T154] device veth0_vlan left promiscuous mode [ 65.965574][ T154] team0 (unregistering): Port device team_slave_1 removed [ 65.980012][ T154] team0 (unregistering): Port device team_slave_0 removed [ 65.993238][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 66.005900][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 66.055649][ T154] bond0 (unregistering): Released all slaves [ 66.122952][ T4301] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.134991][ T4301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.147281][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.156211][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.243686][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.255945][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.267195][ T4301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.283608][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.292296][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.324476][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.333083][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.341806][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.350546][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.360094][ T4301] device veth0_vlan entered promiscuous mode [ 66.376665][ T4301] device veth1_vlan entered promiscuous mode [ 66.392188][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.401174][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.409591][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.419147][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.429137][ T4301] device veth0_macvtap entered promiscuous mode [ 66.441137][ T4301] device veth1_macvtap entered promiscuous mode [ 66.457413][ T4301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.465825][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.475993][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.484564][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.494554][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.505776][ T4301] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.524012][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.532975][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.543370][ T4301] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.552073][ T4301] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.562860][ T4301] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.571573][ T4301] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.625678][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.651941][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.652810][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.660779][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.679232][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.692093][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.791060][ T4319] [ 66.793418][ T4319] ====================================================== [ 66.800428][ T4319] WARNING: possible circular locking dependency detected [ 66.807445][ T4319] syzkaller #0 Not tainted [ 66.811851][ T4319] ------------------------------------------------------ [ 66.818855][ T4319] syz.0.17/4319 is trying to acquire lock: [ 66.824645][ T4319] ffff88807863cc28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 66.835844][ T4319] [ 66.835844][ T4319] but task is already holding lock: [ 66.842756][ T4290] Bluetooth: hci0: command 0x040f tx timeout [ 66.843204][ T4319] ffffffff8d4c0f28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 66.858813][ T4319] [ 66.858813][ T4319] which lock already depends on the new lock. [ 66.858813][ T4319] [ 66.869220][ T4319] [ 66.869220][ T4319] the existing dependency chain (in reverse order) is: [ 66.878248][ T4319] [ 66.878248][ T4319] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 66.886259][ T4319] __mutex_lock_common+0x1eb/0x2390 [ 66.892001][ T4319] mutex_lock_nested+0x17/0x20 [ 66.897288][ T4319] rfkill_register+0x33/0x8a0 [ 66.902489][ T4319] hci_register_dev+0x452/0x970 [ 66.907851][ T4319] vhci_create_device+0x32c/0x5c0 [ 66.913384][ T4319] vhci_write+0x391/0x450 [ 66.918219][ T4319] vfs_write+0x712/0xd00 [ 66.922983][ T4319] ksys_write+0x14d/0x250 [ 66.927914][ T4319] do_syscall_64+0x4c/0xa0 [ 66.932848][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.939265][ T4319] [ 66.939265][ T4319] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 66.947074][ T4319] __mutex_lock_common+0x1eb/0x2390 [ 66.952790][ T4319] mutex_lock_nested+0x17/0x20 [ 66.958070][ T4319] vhci_send_frame+0x88/0x100 [ 66.963258][ T4319] hci_send_frame+0x1a9/0x2e0 [ 66.968454][ T4319] hci_tx_work+0x9f9/0x1710 [ 66.973475][ T4319] process_one_work+0x863/0x1000 [ 66.978928][ T4319] worker_thread+0xaa8/0x12a0 [ 66.984109][ T4319] kthread+0x436/0x520 [ 66.988686][ T4319] ret_from_fork+0x1f/0x30 [ 66.993614][ T4319] [ 66.993614][ T4319] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 67.002919][ T4319] __flush_work+0xdd/0x1b0 [ 67.007835][ T4319] hci_dev_do_close+0x1e7/0x1030 [ 67.013272][ T4319] hci_unregister_dev+0x2d7/0x580 [ 67.018793][ T4319] vhci_release+0x73/0xc0 [ 67.023618][ T4319] __fput+0x234/0x930 [ 67.028099][ T4319] task_work_run+0x125/0x1a0 [ 67.033184][ T4319] do_exit+0x61e/0x20a0 [ 67.037851][ T4319] do_group_exit+0x12e/0x300 [ 67.042939][ T4319] get_signal+0x6ca/0x12c0 [ 67.047853][ T4319] arch_do_signal_or_restart+0xc1/0x1300 [ 67.053982][ T4319] exit_to_user_mode_loop+0x9e/0x130 [ 67.059765][ T4319] exit_to_user_mode_prepare+0xee/0x180 [ 67.065809][ T4319] syscall_exit_to_user_mode+0x16/0x40 [ 67.071767][ T4319] do_syscall_64+0x58/0xa0 [ 67.076680][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.083072][ T4319] [ 67.083072][ T4319] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 67.090688][ T4319] __mutex_lock_common+0x1eb/0x2390 [ 67.096382][ T4319] mutex_lock_nested+0x17/0x20 [ 67.101644][ T4319] bg_scan_update+0x44/0x3b0 [ 67.106734][ T4319] process_one_work+0x863/0x1000 [ 67.112169][ T4319] worker_thread+0xaa8/0x12a0 [ 67.117343][ T4319] kthread+0x436/0x520 [ 67.121904][ T4319] ret_from_fork+0x1f/0x30 [ 67.126818][ T4319] [ 67.126818][ T4319] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 67.136605][ T4319] __lock_acquire+0x2c33/0x7c60 [ 67.141952][ T4319] lock_acquire+0x197/0x3f0 [ 67.146953][ T4319] __flush_work+0xdd/0x1b0 [ 67.152042][ T4319] __cancel_work_timer+0x3ac/0x520 [ 67.157647][ T4319] hci_request_cancel_all+0xcc/0x300 [ 67.163429][ T4319] hci_dev_do_close+0x4e/0x1030 [ 67.168774][ T4319] hci_rfkill_set_block+0x10a/0x190 [ 67.174470][ T4319] rfkill_set_block+0x1c6/0x420 [ 67.179816][ T4319] rfkill_fop_write+0x458/0x560 [ 67.185160][ T4319] vfs_write+0x300/0xd00 [ 67.189901][ T4319] ksys_write+0x14d/0x250 [ 67.194724][ T4319] do_syscall_64+0x4c/0xa0 [ 67.199637][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.206040][ T4319] [ 67.206040][ T4319] other info that might help us debug this: [ 67.206040][ T4319] [ 67.216239][ T4319] Chain exists of: [ 67.216239][ T4319] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 67.216239][ T4319] [ 67.231936][ T4319] Possible unsafe locking scenario: [ 67.231936][ T4319] [ 67.239365][ T4319] CPU0 CPU1 [ 67.244705][ T4319] ---- ---- [ 67.250044][ T4319] lock(rfkill_global_mutex); [ 67.254783][ T4319] lock(&data->open_mutex); [ 67.261866][ T4319] lock(rfkill_global_mutex); [ 67.269122][ T4319] lock((work_completion)(&hdev->bg_scan_update)); [ 67.275683][ T4319] [ 67.275683][ T4319] *** DEADLOCK *** [ 67.275683][ T4319] [ 67.283798][ T4319] 1 lock held by syz.0.17/4319: [ 67.288622][ T4319] #0: ffffffff8d4c0f28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 67.298689][ T4319] [ 67.298689][ T4319] stack backtrace: [ 67.304563][ T4319] CPU: 1 PID: 4319 Comm: syz.0.17 Not tainted syzkaller #0 [ 67.311733][ T4319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 67.321798][ T4319] Call Trace: [ 67.325059][ T4319] [ 67.327970][ T4319] dump_stack_lvl+0x168/0x230 [ 67.332628][ T4319] ? load_image+0x3b0/0x3b0 [ 67.337111][ T4319] ? show_regs_print_info+0x20/0x20 [ 67.342289][ T4319] ? print_circular_bug+0x12b/0x1a0 [ 67.347462][ T4319] check_noncircular+0x274/0x310 [ 67.352378][ T4319] ? add_chain_block+0x940/0x940 [ 67.357293][ T4319] ? lockdep_lock+0xdc/0x1e0 [ 67.361870][ T4319] ? __lock_acquire+0x12d9/0x7c60 [ 67.366882][ T4319] ? lockdep_lock+0x1e0/0x1e0 [ 67.371539][ T4319] ? mark_lock+0x94/0x320 [ 67.375847][ T4319] __lock_acquire+0x2c33/0x7c60 [ 67.380680][ T4319] ? verify_lock_unused+0x140/0x140 [ 67.385856][ T4319] ? verify_lock_unused+0x140/0x140 [ 67.391037][ T4319] lock_acquire+0x197/0x3f0 [ 67.395518][ T4319] ? __flush_work+0xc1/0x1b0 [ 67.400094][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 67.405098][ T4319] ? read_lock_is_recursive+0x10/0x10 [ 67.410450][ T4319] ? start_flush_work+0x776/0x820 [ 67.415450][ T4319] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 67.421319][ T4319] ? _raw_spin_unlock+0x40/0x40 [ 67.426146][ T4319] __flush_work+0xdd/0x1b0 [ 67.430541][ T4319] ? __flush_work+0xc1/0x1b0 [ 67.435120][ T4319] ? flush_work+0x20/0x20 [ 67.439503][ T4319] ? try_to_grab_pending+0xf3/0x7e0 [ 67.444692][ T4319] ? lockdep_hardirqs_off+0x70/0x100 [ 67.449962][ T4319] ? mark_lock+0x94/0x320 [ 67.454278][ T4319] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 67.460245][ T4319] ? lock_chain_count+0x20/0x20 [ 67.465078][ T4319] ? mark_lock+0x94/0x320 [ 67.469387][ T4319] ? __cancel_work_timer+0x331/0x520 [ 67.474652][ T4319] __cancel_work_timer+0x3ac/0x520 [ 67.479743][ T4319] ? cancel_work_sync+0x20/0x20 [ 67.484570][ T4319] ? __cancel_work+0x1f4/0x2d0 [ 67.489310][ T4319] ? lockdep_hardirqs_on+0x94/0x140 [ 67.494487][ T4319] ? __cancel_work+0x26f/0x2d0 [ 67.499228][ T4319] ? cancel_work+0x20/0x20 [ 67.503624][ T4319] ? lock_chain_count+0x20/0x20 [ 67.508455][ T4319] hci_request_cancel_all+0xcc/0x300 [ 67.513720][ T4319] hci_dev_do_close+0x4e/0x1030 [ 67.518549][ T4319] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 67.524419][ T4319] ? _raw_spin_unlock+0x40/0x40 [ 67.529248][ T4319] hci_rfkill_set_block+0x10a/0x190 [ 67.534427][ T4319] ? rcu_lock_release+0x20/0x20 [ 67.539254][ T4319] rfkill_set_block+0x1c6/0x420 [ 67.544085][ T4319] rfkill_fop_write+0x458/0x560 [ 67.548917][ T4319] ? verify_lock_unused+0x140/0x140 [ 67.554097][ T4319] ? rfkill_fop_read+0x4b0/0x4b0 [ 67.559025][ T4319] ? common_file_perm+0x130/0x1c0 [ 67.564030][ T4319] ? fsnotify_perm+0x5d/0x560 [ 67.568684][ T4319] ? security_file_permission+0x75/0xa0 [ 67.574205][ T4319] ? rfkill_fop_read+0x4b0/0x4b0 [ 67.579118][ T4319] vfs_write+0x300/0xd00 [ 67.583355][ T4319] ? file_end_write+0x250/0x250 [ 67.588180][ T4319] ? __context_tracking_exit+0x4c/0x80 [ 67.593624][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 67.598628][ T4319] ? __fdget_pos+0x1e2/0x370 [ 67.603194][ T4319] ksys_write+0x14d/0x250 [ 67.607504][ T4319] ? __ia32_sys_read+0x80/0x80 [ 67.612245][ T4319] ? lockdep_hardirqs_on+0x94/0x140 [ 67.617421][ T4319] do_syscall_64+0x4c/0xa0 [ 67.621814][ T4319] ? clear_bhb_loop+0x30/0x80 [ 67.626481][ T4319] ? clear_bhb_loop+0x30/0x80 [ 67.631251][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.637149][ T4319] RIP: 0033:0x7f26601f66c9 [ 67.641551][ T4319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.661139][ T4319] RSP: 002b:00007fff6ec2d2d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 67.669536][ T4319] RAX: ffffffffffffffda RBX: 00007f266044cfa0 RCX: 00007f26601f66c9 [ 67.677495][ T4319] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: 0000000000000003 [ 67.685441][ T4319] RBP: 00007f2660278f91 R08: 0000000000000000 R09: 0000000000000000 [ 67.693388][ T4319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.701338][ T4319] R13: 00007f266044cfa0 R14: 00007f266044cfa0 R15: 0000000000000003 [ 67.709289][ T4319]