Warning: Permanently added '10.128.0.237' (ED25519) to the list of known hosts. 2024/10/27 01:55:57 ignoring optional flag "sandboxArg"="0" 2024/10/27 01:55:57 parsed 1 programs [ 53.573901][ T4165] cgroup: Unknown subsys name 'net' [ 53.686985][ T4165] cgroup: Unknown subsys name 'rlimit' [ 54.883507][ T4165] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 56.032747][ T4178] chnl_net:caif_netlink_parms(): no params data found [ 56.073579][ T4178] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.080952][ T4178] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.089592][ T4178] device bridge_slave_0 entered promiscuous mode [ 56.099970][ T4178] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.107178][ T4178] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.114745][ T4178] device bridge_slave_1 entered promiscuous mode [ 56.133447][ T4178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.146533][ T4178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.167019][ T4178] team0: Port device team_slave_0 added [ 56.173853][ T4178] team0: Port device team_slave_1 added [ 56.189868][ T4178] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.196913][ T4178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.222918][ T4178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.235364][ T4178] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.242427][ T4178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.268315][ T4178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.296187][ T4178] device hsr_slave_0 entered promiscuous mode [ 56.302943][ T4178] device hsr_slave_1 entered promiscuous mode [ 56.380406][ T4178] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.390109][ T4178] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.398878][ T4178] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.408264][ T4178] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.429653][ T4178] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.436784][ T4178] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.444547][ T4178] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.451635][ T4178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.491104][ T4178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.502986][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.514085][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.521826][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.530084][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.543846][ T4178] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.557326][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.565885][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.572986][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.583689][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.592089][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.599176][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.620175][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.632790][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.640933][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.652699][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.677137][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.689578][ T4178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.776462][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.784445][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.799301][ T4178] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.822289][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.842993][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.852101][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.860508][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.870316][ T4178] device veth0_vlan entered promiscuous mode [ 56.883866][ T4178] device veth1_vlan entered promiscuous mode [ 56.908927][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 56.918269][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 56.927245][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.937931][ T4178] device veth0_macvtap entered promiscuous mode [ 56.947904][ T4178] device veth1_macvtap entered promiscuous mode [ 56.968017][ T4178] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.976101][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.985902][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.997594][ T4178] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.008029][ T4178] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.017598][ T4178] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.028285][ T4178] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.037226][ T4178] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.049682][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.945211][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.959641][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.969919][ T4190] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.978460][ T4190] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.988588][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.996852][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.014677][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.697916][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.726767][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.768742][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2024/10/27 01:56:09 executed programs: 0 [ 63.601555][ T4278] chnl_net:caif_netlink_parms(): no params data found [ 63.687753][ T4278] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.696058][ T4278] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.705463][ T4278] device bridge_slave_0 entered promiscuous mode [ 63.717224][ T4278] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.725500][ T4278] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.735055][ T4278] device bridge_slave_1 entered promiscuous mode [ 63.783567][ T4278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.796542][ T4278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.848333][ T4278] team0: Port device team_slave_0 added [ 63.857272][ T4278] team0: Port device team_slave_1 added [ 63.887050][ T4278] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.894050][ T4278] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.920234][ T4278] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.932409][ T4278] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.939346][ T4278] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.965600][ T4278] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.005133][ T4278] device hsr_slave_0 entered promiscuous mode [ 64.011593][ T4278] device hsr_slave_1 entered promiscuous mode [ 64.018498][ T4278] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.026662][ T4278] Cannot create hsr debugfs directory [ 64.067701][ T9] device hsr_slave_0 left promiscuous mode [ 64.074164][ T9] device hsr_slave_1 left promiscuous mode [ 64.080463][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 64.087945][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 64.095980][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.103499][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 64.110961][ T9] device bridge_slave_1 left promiscuous mode [ 64.117896][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.130059][ T9] device bridge_slave_0 left promiscuous mode [ 64.137080][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.152659][ T9] device veth1_macvtap left promiscuous mode [ 64.158766][ T9] device veth0_macvtap left promiscuous mode [ 64.164950][ T9] device veth1_vlan left promiscuous mode [ 64.170759][ T9] device veth0_vlan left promiscuous mode [ 64.296829][ T9] team0 (unregistering): Port device team_slave_1 removed [ 64.307900][ T9] team0 (unregistering): Port device team_slave_0 removed [ 64.320320][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 64.334435][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 64.377655][ T9] bond0 (unregistering): Released all slaves [ 64.975748][ T4278] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.995850][ T4278] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.012633][ T4278] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.027065][ T4278] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.115334][ T4278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.130452][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.142765][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.162758][ T4278] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.175649][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.192748][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.213109][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.220432][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.239469][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.265840][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.280745][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.305877][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.312986][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.352552][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.361616][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.371098][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.381307][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.390434][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.399628][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.415592][ T4278] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 65.426126][ T4278] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.438966][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.448169][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.457477][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.467478][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 65.476771][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.493130][ T13] Bluetooth: hci0: command 0x0409 tx timeout [ 65.505114][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.652604][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.662783][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.684832][ T4278] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.715819][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.732737][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.765612][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.782838][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.799674][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.823155][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.832726][ T4278] device veth0_vlan entered promiscuous mode [ 65.851281][ T4278] device veth1_vlan entered promiscuous mode [ 65.891401][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.908459][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.918389][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.943252][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.959291][ T4278] device veth0_macvtap entered promiscuous mode [ 65.974784][ T4278] device veth1_macvtap entered promiscuous mode [ 66.014288][ T4278] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.021605][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.030730][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.053367][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.072439][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.097091][ T4278] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.106165][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.115496][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.134687][ T4278] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.152186][ T4278] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.161937][ T4278] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.179957][ T4278] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.275868][ T410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.292720][ T410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.315639][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.332907][ T410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.340842][ T410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.375018][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.494985][ T4390] [ 66.497335][ T4390] ====================================================== [ 66.504342][ T4390] WARNING: possible circular locking dependency detected [ 66.511348][ T4390] 5.15.169-syzkaller #0 Not tainted [ 66.516522][ T4390] ------------------------------------------------------ [ 66.523510][ T4390] syz.0.15/4390 is trying to acquire lock: [ 66.529285][ T4390] ffff888074548c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 66.540367][ T4390] [ 66.540367][ T4390] but task is already holding lock: [ 66.547714][ T4390] ffffffff8dcbe2e8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 66.557340][ T4390] [ 66.557340][ T4390] which lock already depends on the new lock. [ 66.557340][ T4390] [ 66.567718][ T4390] [ 66.567718][ T4390] the existing dependency chain (in reverse order) is: [ 66.576704][ T4390] [ 66.576704][ T4390] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 66.584668][ T4390] lock_acquire+0x1db/0x4f0 [ 66.589669][ T4390] __mutex_lock_common+0x1da/0x25a0 [ 66.595376][ T4390] mutex_lock_nested+0x17/0x20 [ 66.600649][ T4390] rfkill_register+0x30/0x880 [ 66.605825][ T4390] hci_register_dev+0x4dd/0xa50 [ 66.611177][ T4390] vhci_create_device+0x310/0x590 [ 66.616700][ T4390] vhci_write+0x382/0x430 [ 66.621528][ T4390] vfs_write+0xacd/0xe50 [ 66.626272][ T4390] ksys_write+0x1a2/0x2c0 [ 66.631104][ T4390] do_syscall_64+0x3b/0xb0 [ 66.636021][ T4390] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.642425][ T4390] [ 66.642425][ T4390] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 66.650218][ T4390] lock_acquire+0x1db/0x4f0 [ 66.655222][ T4390] __mutex_lock_common+0x1da/0x25a0 [ 66.660918][ T4390] mutex_lock_nested+0x17/0x20 [ 66.666178][ T4390] vhci_send_frame+0x8a/0xf0 [ 66.671264][ T4390] hci_send_frame+0x1af/0x2f0 [ 66.676439][ T4390] hci_tx_work+0xb2e/0x1a30 [ 66.681436][ T4390] process_one_work+0x8a1/0x10c0 [ 66.686873][ T4390] worker_thread+0xaca/0x1280 [ 66.692047][ T4390] kthread+0x3f6/0x4f0 [ 66.696612][ T4390] ret_from_fork+0x1f/0x30 [ 66.701528][ T4390] [ 66.701528][ T4390] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 66.710705][ T4390] lock_acquire+0x1db/0x4f0 [ 66.715706][ T4390] __flush_work+0xeb/0x1a0 [ 66.720626][ T4390] hci_dev_do_close+0x20a/0x1070 [ 66.726063][ T4390] hci_unregister_dev+0x2d7/0x580 [ 66.731585][ T4390] vhci_release+0x73/0xc0 [ 66.736421][ T4390] __fput+0x3fe/0x8e0 [ 66.740903][ T4390] task_work_run+0x129/0x1a0 [ 66.745991][ T4390] do_exit+0x6a3/0x2480 [ 66.750643][ T4390] do_group_exit+0x144/0x310 [ 66.755727][ T4390] get_signal+0xc66/0x14e0 [ 66.760638][ T4390] arch_do_signal_or_restart+0xc3/0x1890 [ 66.766767][ T4390] exit_to_user_mode_loop+0x97/0x130 [ 66.772547][ T4390] exit_to_user_mode_prepare+0xb1/0x140 [ 66.778588][ T4390] syscall_exit_to_user_mode+0x5d/0x240 [ 66.784629][ T4390] do_syscall_64+0x47/0xb0 [ 66.789540][ T4390] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.795929][ T4390] [ 66.795929][ T4390] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 66.803553][ T4390] lock_acquire+0x1db/0x4f0 [ 66.808553][ T4390] __mutex_lock_common+0x1da/0x25a0 [ 66.814248][ T4390] mutex_lock_nested+0x17/0x20 [ 66.819510][ T4390] bg_scan_update+0xa1/0x4a0 [ 66.824595][ T4390] process_one_work+0x8a1/0x10c0 [ 66.830029][ T4390] worker_thread+0xaca/0x1280 [ 66.835209][ T4390] kthread+0x3f6/0x4f0 [ 66.839780][ T4390] ret_from_fork+0x1f/0x30 [ 66.844714][ T4390] [ 66.844714][ T4390] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 66.854509][ T4390] validate_chain+0x1649/0x5930 [ 66.859868][ T4390] __lock_acquire+0x1295/0x1ff0 [ 66.865218][ T4390] lock_acquire+0x1db/0x4f0 [ 66.870221][ T4390] __flush_work+0xeb/0x1a0 [ 66.875138][ T4390] __cancel_work_timer+0x519/0x6a0 [ 66.880747][ T4390] hci_request_cancel_all+0xcb/0x300 [ 66.886530][ T4390] hci_dev_do_close+0x51/0x1070 [ 66.891879][ T4390] hci_rfkill_set_block+0x114/0x1a0 [ 66.897573][ T4390] rfkill_set_block+0x1e7/0x430 [ 66.902921][ T4390] rfkill_fop_write+0x5b7/0x790 [ 66.908269][ T4390] vfs_write+0x30c/0xe50 [ 66.913008][ T4390] ksys_write+0x1a2/0x2c0 [ 66.917834][ T4390] do_syscall_64+0x3b/0xb0 [ 66.922747][ T4390] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.929139][ T4390] [ 66.929139][ T4390] other info that might help us debug this: [ 66.929139][ T4390] [ 66.939339][ T4390] Chain exists of: [ 66.939339][ T4390] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 66.939339][ T4390] [ 66.955034][ T4390] Possible unsafe locking scenario: [ 66.955034][ T4390] [ 66.962458][ T4390] CPU0 CPU1 [ 66.967799][ T4390] ---- ---- [ 66.973140][ T4390] lock(rfkill_global_mutex); [ 66.977877][ T4390] lock(&data->open_mutex); [ 66.984958][ T4390] lock(rfkill_global_mutex); [ 66.992215][ T4390] lock((work_completion)(&hdev->bg_scan_update)); [ 66.998777][ T4390] [ 66.998777][ T4390] *** DEADLOCK *** [ 66.998777][ T4390] [ 67.006917][ T4390] 1 lock held by syz.0.15/4390: [ 67.011743][ T4390] #0: ffffffff8dcbe2e8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 67.021813][ T4390] [ 67.021813][ T4390] stack backtrace: [ 67.027681][ T4390] CPU: 0 PID: 4390 Comm: syz.0.15 Not tainted 5.15.169-syzkaller #0 [ 67.035635][ T4390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 67.045673][ T4390] Call Trace: [ 67.048935][ T4390] [ 67.051847][ T4390] dump_stack_lvl+0x1e3/0x2d0 [ 67.056508][ T4390] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 67.062125][ T4390] ? print_circular_bug+0x12b/0x1a0 [ 67.067307][ T4390] check_noncircular+0x2f8/0x3b0 [ 67.072223][ T4390] ? add_chain_block+0x850/0x850 [ 67.077137][ T4390] ? lockdep_lock+0x11f/0x2a0 [ 67.081798][ T4390] validate_chain+0x1649/0x5930 [ 67.086630][ T4390] ? __lock_acquire+0x1295/0x1ff0 [ 67.091639][ T4390] ? reacquire_held_locks+0x660/0x660 [ 67.097004][ T4390] ? mark_lock+0x98/0x340 [ 67.101322][ T4390] ? look_up_lock_class+0x77/0x120 [ 67.106419][ T4390] ? register_lock_class+0x100/0x9a0 [ 67.111685][ T4390] ? mark_lock+0x98/0x340 [ 67.115995][ T4390] ? is_dynamic_key+0x1f0/0x1f0 [ 67.120826][ T4390] ? __lock_acquire+0x1295/0x1ff0 [ 67.125827][ T4390] ? mark_lock+0x98/0x340 [ 67.130137][ T4390] __lock_acquire+0x1295/0x1ff0 [ 67.134969][ T4390] lock_acquire+0x1db/0x4f0 [ 67.139452][ T4390] ? __flush_work+0xcf/0x1a0 [ 67.144019][ T4390] ? rcu_lock_release+0x5/0x20 [ 67.148766][ T4390] ? read_lock_is_recursive+0x10/0x10 [ 67.154117][ T4390] ? start_flush_work+0x776/0x820 [ 67.159118][ T4390] __flush_work+0xeb/0x1a0 [ 67.163518][ T4390] ? __flush_work+0xcf/0x1a0 [ 67.168085][ T4390] ? flush_work+0x20/0x20 [ 67.172394][ T4390] ? print_irqtrace_events+0x210/0x210 [ 67.177826][ T4390] ? lock_timer_base+0x260/0x260 [ 67.182742][ T4390] ? __cancel_work_timer+0x467/0x6a0 [ 67.188004][ T4390] __cancel_work_timer+0x519/0x6a0 [ 67.193100][ T4390] ? cancel_work_sync+0x20/0x20 [ 67.197926][ T4390] ? lockdep_hardirqs_on+0x94/0x130 [ 67.203104][ T4390] ? __cancel_work+0x2ef/0x380 [ 67.207846][ T4390] ? cancel_work+0x20/0x20 [ 67.212238][ T4390] ? print_irqtrace_events+0x210/0x210 [ 67.217673][ T4390] hci_request_cancel_all+0xcb/0x300 [ 67.222936][ T4390] hci_dev_do_close+0x51/0x1070 [ 67.227770][ T4390] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 67.233641][ T4390] ? _raw_spin_unlock+0x40/0x40 [ 67.238479][ T4390] ? kmem_cache_alloc_trace+0x143/0x290 [ 67.244002][ T4390] hci_rfkill_set_block+0x114/0x1a0 [ 67.249180][ T4390] ? rcu_lock_release+0x20/0x20 [ 67.254007][ T4390] rfkill_set_block+0x1e7/0x430 [ 67.258842][ T4390] rfkill_fop_write+0x5b7/0x790 [ 67.263667][ T4390] ? mark_lock+0x98/0x340 [ 67.267977][ T4390] ? rfkill_fop_read+0x470/0x470 [ 67.272891][ T4390] ? fsnotify_perm+0x64/0x590 [ 67.277558][ T4390] ? security_file_permission+0x75/0xa0 [ 67.283077][ T4390] ? rfkill_fop_read+0x470/0x470 [ 67.287991][ T4390] vfs_write+0x30c/0xe50 [ 67.292217][ T4390] ? file_end_write+0x250/0x250 [ 67.297046][ T4390] ? read_lock_is_recursive+0x10/0x10 [ 67.302393][ T4390] ? __context_tracking_exit+0x4c/0x80 [ 67.307853][ T4390] ? __lock_acquire+0x1ff0/0x1ff0 [ 67.312855][ T4390] ? __fdget_pos+0x1e9/0x380 [ 67.317427][ T4390] ksys_write+0x1a2/0x2c0 [ 67.321732][ T4390] ? print_irqtrace_events+0x210/0x210 [ 67.327167][ T4390] ? __ia32_sys_read+0x80/0x80 [ 67.331907][ T4390] ? syscall_enter_from_user_mode+0x2e/0x240 [ 67.337866][ T4390] ? lockdep_hardirqs_on+0x94/0x130 [ 67.343040][ T4390] ? syscall_enter_from_user_mode+0x2e/0x240 [ 67.348997][ T4390] do_syscall_64+0x3b/0xb0 [ 67.353394][ T4390] ? clear_bhb_loop+0x15/0x70 [ 67.358047][ T4390] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.363918][ T4390] RIP: 0033:0x7f0d88b17719 [ 67.368321][ T4390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.387902][ T4390] RSP: 002b:00007ffd1b8c8718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 67.396291][ T4390] RAX: ffffffffffffffda RBX: 00007f0d88ccef80 RCX: 00007f0d88b17719 [ 67.404240][ T4390] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003 [ 67.412188][ T4390] RBP: 00007f0d88b8a32e R08: 0000000000000000 R09: 0000000000000000 [ 67.420136][ T4390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.428088][ T4390] R13: 00007f0d88ccef80 R14: 00007f0d88ccef80 R15: 00000000000014d7 [ 67.436050][ T4390]