Warning: Permanently added '10.128.0.91' (ED25519) to the list of known hosts. 2025/08/24 08:48:09 parsed 1 programs [ 54.596802][ T4186] cgroup: Unknown subsys name 'net' [ 54.727476][ T4186] cgroup: Unknown subsys name 'rlimit' [ 55.908819][ T4186] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 57.438318][ T4199] syz-executor (4199) used greatest stack depth: 20992 bytes left [ 57.487615][ T4203] chnl_net:caif_netlink_parms(): no params data found [ 57.524622][ T4203] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.532179][ T4203] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.540096][ T4203] device bridge_slave_0 entered promiscuous mode [ 57.549990][ T4203] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.557592][ T4203] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.565281][ T4203] device bridge_slave_1 entered promiscuous mode [ 57.586648][ T4203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.597080][ T4203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.618977][ T4203] team0: Port device team_slave_0 added [ 57.625823][ T4203] team0: Port device team_slave_1 added [ 57.640642][ T4203] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.647870][ T4203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.674392][ T4203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.688621][ T4203] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.695956][ T4203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.721950][ T4203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.750574][ T4203] device hsr_slave_0 entered promiscuous mode [ 57.757371][ T4203] device hsr_slave_1 entered promiscuous mode [ 57.842663][ T4203] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 57.856494][ T4203] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.867837][ T4203] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.878105][ T4203] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 57.936255][ T4203] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.943592][ T4203] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.951506][ T4203] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.958910][ T4203] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.024237][ T4203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.041844][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.054451][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.064687][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.080256][ T4203] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.093094][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.103409][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.110499][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.124058][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.134322][ T473] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.141749][ T473] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.166590][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.176134][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.195642][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.205842][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.219634][ T4203] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 58.234253][ T4203] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.242717][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.386503][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.394698][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.409660][ T4203] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.432896][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 58.457731][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 58.469415][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 58.479297][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 58.489156][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 58.501834][ T4203] device veth0_vlan entered promiscuous mode [ 58.517461][ T4203] device veth1_vlan entered promiscuous mode [ 58.556001][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 58.566714][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 58.575457][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 58.586811][ T473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 58.598220][ T4203] device veth0_macvtap entered promiscuous mode [ 58.611511][ T4203] device veth1_macvtap entered promiscuous mode [ 58.630242][ T4203] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.639767][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 58.648274][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 58.656767][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 58.665536][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 58.678219][ T4203] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.686303][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 58.695405][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.708077][ T4203] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.718648][ T4203] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.728322][ T4203] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.737325][ T4203] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.841531][ T4203] syz-executor (4203) used greatest stack depth: 20864 bytes left [ 59.178197][ T154] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.309181][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.321111][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.337917][ T4217] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.338950][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 59.347928][ T4217] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.361895][ T4217] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/08/24 08:48:16 executed programs: 0 [ 60.635001][ T4281] chnl_net:caif_netlink_parms(): no params data found [ 60.670067][ T4281] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.677276][ T4281] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.685189][ T4281] device bridge_slave_0 entered promiscuous mode [ 60.693637][ T4281] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.700738][ T4281] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.708846][ T4281] device bridge_slave_1 entered promiscuous mode [ 60.725870][ T4281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.736952][ T4281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.758468][ T4281] team0: Port device team_slave_0 added [ 60.765467][ T4281] team0: Port device team_slave_1 added [ 60.781642][ T4281] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.788632][ T4281] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.814784][ T4281] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.827600][ T4281] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.835001][ T4281] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.861441][ T4281] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.887416][ T4281] device hsr_slave_0 entered promiscuous mode [ 60.894664][ T4281] device hsr_slave_1 entered promiscuous mode [ 60.901115][ T4281] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.908959][ T4281] Cannot create hsr debugfs directory [ 61.579779][ T154] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.603645][ T21] Bluetooth: hci0: command 0x0409 tx timeout [ 63.927376][ T154] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.980767][ T154] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.675381][ T1108] Bluetooth: hci0: command 0x041b tx timeout [ 64.858132][ T4281] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.889601][ T4281] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.902421][ T4281] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.916181][ T4281] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.038289][ T4281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.056257][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.067288][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.083624][ T4281] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.116849][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.126732][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.139266][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.146421][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.158195][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.168311][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.179625][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.186790][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.205860][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.214622][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.229910][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.240354][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.251998][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.261282][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.280939][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.290781][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.302196][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.312741][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.331778][ T154] device hsr_slave_0 left promiscuous mode [ 65.340595][ T154] device hsr_slave_1 left promiscuous mode [ 65.347131][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.354723][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 65.362560][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.370556][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 65.378155][ T154] device bridge_slave_1 left promiscuous mode [ 65.385154][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.397173][ T154] device bridge_slave_0 left promiscuous mode [ 65.403467][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.418288][ T154] device veth1_macvtap left promiscuous mode [ 65.424894][ T154] device veth0_macvtap left promiscuous mode [ 65.430930][ T154] device veth1_vlan left promiscuous mode [ 65.437259][ T154] device veth0_vlan left promiscuous mode [ 65.551803][ T154] team0 (unregistering): Port device team_slave_1 removed [ 65.566794][ T154] team0 (unregistering): Port device team_slave_0 removed [ 65.579817][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 65.591828][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 65.636154][ T154] bond0 (unregistering): Released all slaves [ 65.678892][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 65.687498][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.699895][ T4281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.789098][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.798024][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.817625][ T4281] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.841112][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.851608][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.866616][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.877258][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.886621][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.895120][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.905589][ T4281] device veth0_vlan entered promiscuous mode [ 65.917676][ T4281] device veth1_vlan entered promiscuous mode [ 65.947327][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.955625][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.964977][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.973720][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.986031][ T4281] device veth0_macvtap entered promiscuous mode [ 65.996134][ T4281] device veth1_macvtap entered promiscuous mode [ 66.010123][ T4281] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.017990][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.027139][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.035402][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.044469][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.063309][ T4281] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.070948][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.079832][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.091393][ T4281] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.103275][ T4281] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.112002][ T4281] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.120896][ T4281] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.175141][ T4223] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.194704][ T4223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.204741][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.215697][ T4223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.224262][ T4223] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.235895][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.391128][ T4376] [ 66.393502][ T4376] ====================================================== [ 66.400532][ T4376] WARNING: possible circular locking dependency detected [ 66.407564][ T4376] 5.15.189-syzkaller #0 Not tainted [ 66.412775][ T4376] ------------------------------------------------------ [ 66.419804][ T4376] syz.0.17/4376 is trying to acquire lock: [ 66.425637][ T4376] ffff8880741a0c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 66.436717][ T4376] [ 66.436717][ T4376] but task is already holding lock: [ 66.444094][ T4376] ffffffff8d4be228 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 66.453876][ T4376] [ 66.453876][ T4376] which lock already depends on the new lock. [ 66.453876][ T4376] [ 66.464393][ T4376] [ 66.464393][ T4376] the existing dependency chain (in reverse order) is: [ 66.473420][ T4376] [ 66.473420][ T4376] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 66.481440][ T4376] __mutex_lock_common+0x1eb/0x2390 [ 66.487187][ T4376] mutex_lock_nested+0x17/0x20 [ 66.492491][ T4376] rfkill_register+0x33/0x8a0 [ 66.497717][ T4376] hci_register_dev+0x452/0x970 [ 66.503296][ T4376] vhci_create_device+0x32c/0x5c0 [ 66.508847][ T4376] vhci_write+0x391/0x450 [ 66.513711][ T4376] vfs_write+0x712/0xd00 [ 66.518478][ T4376] ksys_write+0x14d/0x250 [ 66.523328][ T4376] do_syscall_64+0x4c/0xa0 [ 66.528284][ T4376] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.534705][ T4376] [ 66.534705][ T4376] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 66.542531][ T4376] __mutex_lock_common+0x1eb/0x2390 [ 66.548609][ T4376] mutex_lock_nested+0x17/0x20 [ 66.553908][ T4376] vhci_send_frame+0x88/0x100 [ 66.559114][ T4376] hci_send_frame+0x1a9/0x2e0 [ 66.564407][ T4376] hci_tx_work+0x9f9/0x1710 [ 66.569438][ T4376] process_one_work+0x863/0x1000 [ 66.574899][ T4376] worker_thread+0xaa8/0x12a0 [ 66.581683][ T4376] kthread+0x436/0x520 [ 66.586639][ T4376] ret_from_fork+0x1f/0x30 [ 66.591602][ T4376] [ 66.591602][ T4376] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 66.601011][ T4376] __flush_work+0xdd/0x1b0 [ 66.605968][ T4376] hci_dev_do_close+0x1e7/0x1030 [ 66.611432][ T4376] hci_unregister_dev+0x2d7/0x580 [ 66.616992][ T4376] vhci_release+0x73/0xc0 [ 66.621856][ T4376] __fput+0x234/0x930 [ 66.626362][ T4376] task_work_run+0x125/0x1a0 [ 66.631488][ T4376] do_exit+0x61e/0x20a0 [ 66.636179][ T4376] do_group_exit+0x12e/0x300 [ 66.641301][ T4376] get_signal+0x6ca/0x12c0 [ 66.646246][ T4376] arch_do_signal_or_restart+0xc1/0x1300 [ 66.652433][ T4376] exit_to_user_mode_loop+0x9e/0x130 [ 66.658257][ T4376] exit_to_user_mode_prepare+0xb1/0x140 [ 66.664341][ T4376] syscall_exit_to_user_mode+0x16/0x40 [ 66.670325][ T4376] do_syscall_64+0x58/0xa0 [ 66.675273][ T4376] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.681715][ T4376] [ 66.681715][ T4376] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 66.689377][ T4376] __mutex_lock_common+0x1eb/0x2390 [ 66.695096][ T4376] mutex_lock_nested+0x17/0x20 [ 66.700375][ T4376] bg_scan_update+0x44/0x3b0 [ 66.705498][ T4376] process_one_work+0x863/0x1000 [ 66.710950][ T4376] worker_thread+0xaa8/0x12a0 [ 66.716141][ T4376] kthread+0x436/0x520 [ 66.720935][ T4376] ret_from_fork+0x1f/0x30 [ 66.725884][ T4376] [ 66.725884][ T4376] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 66.735704][ T4376] __lock_acquire+0x2c33/0x7c60 [ 66.741213][ T4376] lock_acquire+0x197/0x3f0 [ 66.746499][ T4376] __flush_work+0xdd/0x1b0 [ 66.751437][ T4376] __cancel_work_timer+0x3ac/0x520 [ 66.757071][ T4376] hci_request_cancel_all+0xcc/0x300 [ 66.762882][ T4376] hci_dev_do_close+0x4e/0x1030 [ 66.768249][ T4376] hci_rfkill_set_block+0x10a/0x190 [ 66.773962][ T4376] rfkill_set_block+0x1c6/0x420 [ 66.779329][ T4376] rfkill_fop_write+0x458/0x560 [ 66.784691][ T4376] vfs_write+0x300/0xd00 [ 66.789444][ T4376] ksys_write+0x14d/0x250 [ 66.794286][ T4376] do_syscall_64+0x4c/0xa0 [ 66.799218][ T4376] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.805628][ T4376] [ 66.805628][ T4376] other info that might help us debug this: [ 66.805628][ T4376] [ 66.815858][ T4376] Chain exists of: [ 66.815858][ T4376] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 66.815858][ T4376] [ 66.831590][ T4376] Possible unsafe locking scenario: [ 66.831590][ T4376] [ 66.839041][ T4376] CPU0 CPU1 [ 66.844400][ T4376] ---- ---- [ 66.849752][ T4376] lock(rfkill_global_mutex); [ 66.854511][ T4376] lock(&data->open_mutex); [ 66.861613][ T4376] lock(rfkill_global_mutex); [ 66.868909][ T4376] lock((work_completion)(&hdev->bg_scan_update)); [ 66.875499][ T4376] [ 66.875499][ T4376] *** DEADLOCK *** [ 66.875499][ T4376] [ 66.883644][ T4376] 1 lock held by syz.0.17/4376: [ 66.888483][ T4376] #0: ffffffff8d4be228 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 66.898572][ T4376] [ 66.898572][ T4376] stack backtrace: [ 66.904447][ T4376] CPU: 0 PID: 4376 Comm: syz.0.17 Not tainted 5.15.189-syzkaller #0 [ 66.912434][ T4376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 66.922498][ T4376] Call Trace: [ 66.925776][ T4376] [ 66.928704][ T4376] dump_stack_lvl+0x168/0x230 [ 66.933379][ T4376] ? load_image+0x3b0/0x3b0 [ 66.937885][ T4376] ? show_regs_print_info+0x20/0x20 [ 66.943083][ T4376] ? print_circular_bug+0x12b/0x1a0 [ 66.948283][ T4376] check_noncircular+0x274/0x310 [ 66.953214][ T4376] ? add_chain_block+0x940/0x940 [ 66.958143][ T4376] ? lockdep_lock+0xdc/0x1e0 [ 66.962738][ T4376] ? __lock_acquire+0x12d9/0x7c60 [ 66.967844][ T4376] ? lockdep_lock+0x1e0/0x1e0 [ 66.972536][ T4376] ? mark_lock+0x94/0x320 [ 66.976858][ T4376] __lock_acquire+0x2c33/0x7c60 [ 66.981729][ T4376] ? verify_lock_unused+0x140/0x140 [ 66.986925][ T4376] ? verify_lock_unused+0x140/0x140 [ 66.992212][ T4376] lock_acquire+0x197/0x3f0 [ 66.996794][ T4376] ? __flush_work+0xc1/0x1b0 [ 67.001463][ T4376] ? __lock_acquire+0x7c60/0x7c60 [ 67.006500][ T4376] ? read_lock_is_recursive+0x10/0x10 [ 67.011876][ T4376] ? start_flush_work+0x776/0x820 [ 67.016891][ T4376] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 67.022783][ T4376] ? _raw_spin_unlock+0x40/0x40 [ 67.027805][ T4376] __flush_work+0xdd/0x1b0 [ 67.032215][ T4376] ? __flush_work+0xc1/0x1b0 [ 67.036795][ T4376] ? flush_work+0x20/0x20 [ 67.041119][ T4376] ? try_to_grab_pending+0xf3/0x7e0 [ 67.046307][ T4376] ? lockdep_hardirqs_off+0x70/0x100 [ 67.051680][ T4376] ? mark_lock+0x94/0x320 [ 67.056005][ T4376] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 67.061984][ T4376] ? lock_chain_count+0x20/0x20 [ 67.066826][ T4376] ? mark_lock+0x94/0x320 [ 67.071155][ T4376] ? __cancel_work_timer+0x331/0x520 [ 67.076527][ T4376] __cancel_work_timer+0x3ac/0x520 [ 67.081631][ T4376] ? cancel_work_sync+0x20/0x20 [ 67.086560][ T4376] ? __cancel_work+0x1f4/0x2d0 [ 67.091315][ T4376] ? lockdep_hardirqs_on+0x94/0x140 [ 67.096509][ T4376] ? __cancel_work+0x26f/0x2d0 [ 67.101266][ T4376] ? cancel_work+0x20/0x20 [ 67.105675][ T4376] ? lock_chain_count+0x20/0x20 [ 67.110519][ T4376] hci_request_cancel_all+0xcc/0x300 [ 67.115797][ T4376] hci_dev_do_close+0x4e/0x1030 [ 67.120640][ T4376] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 67.126529][ T4376] ? _raw_spin_unlock+0x40/0x40 [ 67.131377][ T4376] hci_rfkill_set_block+0x10a/0x190 [ 67.136571][ T4376] ? rcu_lock_release+0x20/0x20 [ 67.141411][ T4376] rfkill_set_block+0x1c6/0x420 [ 67.146255][ T4376] rfkill_fop_write+0x458/0x560 [ 67.151099][ T4376] ? verify_lock_unused+0x140/0x140 [ 67.156289][ T4376] ? rfkill_fop_read+0x4b0/0x4b0 [ 67.161233][ T4376] ? common_file_perm+0x150/0x1c0 [ 67.166260][ T4376] ? fsnotify_perm+0x5d/0x560 [ 67.171195][ T4376] ? security_file_permission+0x75/0xa0 [ 67.176734][ T4376] ? rfkill_fop_read+0x4b0/0x4b0 [ 67.181666][ T4376] vfs_write+0x300/0xd00 [ 67.185901][ T4376] ? file_end_write+0x250/0x250 [ 67.190744][ T4376] ? __context_tracking_exit+0x4c/0x80 [ 67.196200][ T4376] ? __lock_acquire+0x7c60/0x7c60 [ 67.201270][ T4376] ? __fdget_pos+0x1e2/0x370 [ 67.205859][ T4376] ksys_write+0x14d/0x250 [ 67.210197][ T4376] ? __ia32_sys_read+0x80/0x80 [ 67.216788][ T4376] ? lockdep_hardirqs_on+0x94/0x140 [ 67.222009][ T4376] do_syscall_64+0x4c/0xa0 [ 67.226568][ T4376] ? clear_bhb_loop+0x30/0x80 [ 67.231256][ T4376] ? clear_bhb_loop+0x30/0x80 [ 67.235928][ T4376] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.241825][ T4376] RIP: 0033:0x7fe136f8abe9 [ 67.246237][ T4376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.265926][ T4376] RSP: 002b:00007ffe9ce6e758 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 67.274338][ T4376] RAX: ffffffffffffffda RBX: 00007fe1371b1fa0 RCX: 00007fe136f8abe9 [ 67.282306][ T4376] RDX: 0000000000000008 RSI: 0000200000000040 RDI: 0000000000000003 [ 67.290280][ T4376] RBP: 00007fe13700de19 R08: 0000000000000000 R09: 0000000000000000 [ 67.298258][ T4376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.306224][ T4376] R13: 00007fe1371b1fa0 R14: 00007fe1371b1fa0 R15: 0000000000000003 [ 67.314369][ T4376] [ 67.334787][ T1108] Bluetooth: hci0: command 0x040f tx timeout