Warning: Permanently added '10.128.0.6' (ED25519) to the list of known hosts. 2025/09/28 21:23:39 parsed 1 programs [ 71.770287][ T4188] cgroup: Unknown subsys name 'net' [ 71.909357][ T4188] cgroup: Unknown subsys name 'rlimit' [ 73.427434][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 75.500130][ T4216] chnl_net:caif_netlink_parms(): no params data found [ 75.570446][ T4216] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.578639][ T4216] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.587811][ T4216] device bridge_slave_0 entered promiscuous mode [ 75.598890][ T4216] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.606784][ T4216] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.615853][ T4216] device bridge_slave_1 entered promiscuous mode [ 75.647959][ T4216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.660192][ T4216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.691953][ T4216] team0: Port device team_slave_0 added [ 75.700695][ T4216] team0: Port device team_slave_1 added [ 75.726355][ T4216] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.733469][ T4216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.764003][ T4216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.777788][ T4216] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.784994][ T4216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.811730][ T4216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.853433][ T4216] device hsr_slave_0 entered promiscuous mode [ 75.860985][ T4216] device hsr_slave_1 entered promiscuous mode [ 76.009188][ T4216] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.023312][ T4216] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.041146][ T4216] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.053459][ T4216] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.140496][ T4216] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.157075][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.168738][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.180272][ T4216] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.195333][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.206283][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.215976][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.223720][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.237478][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.249546][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.261227][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.270388][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.277626][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.306871][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 76.316809][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 76.327539][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 76.340032][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.351687][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 76.361664][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.380347][ T4216] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 76.393506][ T4216] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.406846][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.416247][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 76.425817][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.435482][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 76.445043][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.456275][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.584423][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.594399][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.610318][ T4216] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.636072][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.646616][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.670692][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.681632][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.694225][ T4216] device veth0_vlan entered promiscuous mode [ 76.703934][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.713878][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.728609][ T4216] device veth1_vlan entered promiscuous mode [ 76.754469][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 76.764599][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 76.773410][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.782101][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.797112][ T4216] device veth0_macvtap entered promiscuous mode [ 76.809770][ T4216] device veth1_macvtap entered promiscuous mode [ 76.839530][ T4216] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.847311][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.858639][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.867991][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.877700][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.890792][ T4216] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.899474][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.908545][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.920427][ T4216] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.930467][ T4216] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.940534][ T4216] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.950077][ T4216] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.107516][ T4216] syz-executor (4216) used greatest stack depth: 20448 bytes left [ 77.305000][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.316288][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.334047][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.354176][ T1279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.363778][ T1279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.375390][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.287901][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/09/28 21:23:50 executed programs: 0 [ 79.701694][ T4284] chnl_net:caif_netlink_parms(): no params data found [ 79.747372][ T4284] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.755335][ T4284] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.764633][ T4284] device bridge_slave_0 entered promiscuous mode [ 79.774289][ T4284] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.781582][ T4284] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.790129][ T4284] device bridge_slave_1 entered promiscuous mode [ 79.814483][ T4284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.826312][ T4284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.852866][ T4284] team0: Port device team_slave_0 added [ 79.860822][ T4284] team0: Port device team_slave_1 added [ 79.882990][ T4284] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.890226][ T4284] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.916916][ T4284] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.930111][ T4284] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.938531][ T4284] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.965495][ T4284] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.997735][ T4284] device hsr_slave_0 entered promiscuous mode [ 80.004775][ T4284] device hsr_slave_1 entered promiscuous mode [ 80.011571][ T4284] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.020440][ T4284] Cannot create hsr debugfs directory [ 81.623425][ T23] Bluetooth: hci0: command 0x0409 tx timeout [ 82.190816][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.239392][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.321250][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.102480][ T4284] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.112127][ T4284] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.122370][ T4284] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.131943][ T4284] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.225214][ T4284] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.264652][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 83.273019][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.284821][ T4284] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.295991][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.305322][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.315551][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.323169][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.332121][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 83.373682][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.383226][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.392392][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.399962][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.416974][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 83.456697][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 83.470985][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 83.480856][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 83.491981][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 83.511066][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 83.520908][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.530503][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 83.540700][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.558509][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 83.567546][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 83.578500][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 83.692912][ T4236] Bluetooth: hci0: command 0x041b tx timeout [ 83.708684][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 83.717748][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 83.733399][ T4284] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.787381][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 83.799656][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 83.821259][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 83.832292][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 83.845212][ T4284] device veth0_vlan entered promiscuous mode [ 83.853388][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 83.864268][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 83.877610][ T4284] device veth1_vlan entered promiscuous mode [ 83.921196][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 83.931040][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 83.942847][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 83.953832][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 83.968811][ T4284] device veth0_macvtap entered promiscuous mode [ 83.999493][ T4284] device veth1_macvtap entered promiscuous mode [ 84.015758][ T4284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.030463][ T4284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.044834][ T4284] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.056313][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 84.066713][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 84.075402][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 84.085013][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.097333][ T4284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.108573][ T4284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.120522][ T4284] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.129696][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 84.138821][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.150769][ T4284] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.160805][ T4284] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.170965][ T4284] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.180652][ T4284] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.269412][ T1430] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.295623][ T1430] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.317923][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 84.335433][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.344974][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.357786][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 84.385246][ T9] device hsr_slave_0 left promiscuous mode [ 84.394698][ T9] device hsr_slave_1 left promiscuous mode [ 84.404790][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.415213][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.431740][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 84.440804][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 84.454110][ T9] device bridge_slave_1 left promiscuous mode [ 84.462382][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.479278][ T9] device bridge_slave_0 left promiscuous mode [ 84.487161][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.509530][ T9] device veth1_macvtap left promiscuous mode [ 84.518220][ T9] device veth0_macvtap left promiscuous mode [ 84.526718][ T9] device veth1_vlan left promiscuous mode [ 84.535469][ T9] device veth0_vlan left promiscuous mode [ 84.746547][ T9] team0 (unregistering): Port device team_slave_1 removed [ 84.762536][ T9] team0 (unregistering): Port device team_slave_0 removed [ 84.780724][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 84.801855][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 84.876968][ T9] bond0 (unregistering): Released all slaves [ 85.009851][ T4350] [ 85.013415][ T4350] ====================================================== [ 85.021302][ T4350] WARNING: possible circular locking dependency detected [ 85.028818][ T4350] syzkaller #0 Not tainted [ 85.033742][ T4350] ------------------------------------------------------ [ 85.041684][ T4350] syz.0.17/4350 is trying to acquire lock: [ 85.047701][ T4350] ffff8880243b8c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 85.059171][ T4350] [ 85.059171][ T4350] but task is already holding lock: [ 85.066674][ T4350] ffffffff8d4c0468 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 85.076714][ T4350] [ 85.076714][ T4350] which lock already depends on the new lock. [ 85.076714][ T4350] [ 85.088765][ T4350] [ 85.088765][ T4350] the existing dependency chain (in reverse order) is: [ 85.099667][ T4350] [ 85.099667][ T4350] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 85.107692][ T4350] __mutex_lock_common+0x1eb/0x2390 [ 85.113534][ T4350] mutex_lock_nested+0x17/0x20 [ 85.118859][ T4350] rfkill_register+0x33/0x8a0 [ 85.124277][ T4350] hci_register_dev+0x452/0x970 [ 85.129927][ T4350] vhci_create_device+0x32c/0x5c0 [ 85.135814][ T4350] vhci_write+0x391/0x450 [ 85.141318][ T4350] vfs_write+0x712/0xd00 [ 85.146377][ T4350] ksys_write+0x14d/0x250 [ 85.151441][ T4350] do_syscall_64+0x4c/0xa0 [ 85.156834][ T4350] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.164078][ T4350] [ 85.164078][ T4350] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 85.172378][ T4350] __mutex_lock_common+0x1eb/0x2390 [ 85.178310][ T4350] mutex_lock_nested+0x17/0x20 [ 85.183861][ T4350] vhci_send_frame+0x88/0x100 [ 85.189177][ T4350] hci_send_frame+0x1a9/0x2e0 [ 85.194873][ T4350] hci_tx_work+0x9f9/0x1710 [ 85.200190][ T4350] process_one_work+0x863/0x1000 [ 85.205915][ T4350] worker_thread+0xaa8/0x12a0 [ 85.211332][ T4350] kthread+0x436/0x520 [ 85.216049][ T4350] ret_from_fork+0x1f/0x30 [ 85.221555][ T4350] [ 85.221555][ T4350] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 85.231342][ T4350] __flush_work+0xdd/0x1b0 [ 85.236441][ T4350] hci_dev_do_close+0x1e7/0x1030 [ 85.242040][ T4350] hci_unregister_dev+0x2d7/0x580 [ 85.247627][ T4350] vhci_release+0x73/0xc0 [ 85.252516][ T4350] __fput+0x234/0x930 [ 85.257277][ T4350] task_work_run+0x125/0x1a0 [ 85.262509][ T4350] do_exit+0x61e/0x20a0 [ 85.267235][ T4350] do_group_exit+0x12e/0x300 [ 85.272656][ T4350] get_signal+0x6ca/0x12c0 [ 85.277805][ T4350] arch_do_signal_or_restart+0xc1/0x1300 [ 85.284006][ T4350] exit_to_user_mode_loop+0x9e/0x130 [ 85.290218][ T4350] exit_to_user_mode_prepare+0xee/0x180 [ 85.296678][ T4350] syscall_exit_to_user_mode+0x16/0x40 [ 85.302904][ T4350] do_syscall_64+0x58/0xa0 [ 85.308160][ T4350] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.314911][ T4350] [ 85.314911][ T4350] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 85.322677][ T4350] __mutex_lock_common+0x1eb/0x2390 [ 85.328679][ T4350] mutex_lock_nested+0x17/0x20 [ 85.334189][ T4350] bg_scan_update+0x44/0x3b0 [ 85.339431][ T4350] process_one_work+0x863/0x1000 [ 85.345053][ T4350] worker_thread+0xaa8/0x12a0 [ 85.350310][ T4350] kthread+0x436/0x520 [ 85.355147][ T4350] ret_from_fork+0x1f/0x30 [ 85.360306][ T4350] [ 85.360306][ T4350] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 85.370902][ T4350] __lock_acquire+0x2c33/0x7c60 [ 85.376422][ T4350] lock_acquire+0x197/0x3f0 [ 85.381485][ T4350] __flush_work+0xdd/0x1b0 [ 85.386563][ T4350] __cancel_work_timer+0x3ac/0x520 [ 85.392337][ T4350] hci_request_cancel_all+0xcc/0x300 [ 85.398327][ T4350] hci_dev_do_close+0x4e/0x1030 [ 85.403908][ T4350] hci_rfkill_set_block+0x10a/0x190 [ 85.409661][ T4350] rfkill_set_block+0x1c6/0x420 [ 85.415620][ T4350] rfkill_fop_write+0x458/0x560 [ 85.421549][ T4350] vfs_write+0x300/0xd00 [ 85.427091][ T4350] ksys_write+0x14d/0x250 [ 85.432439][ T4350] do_syscall_64+0x4c/0xa0 [ 85.437884][ T4350] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.444598][ T4350] [ 85.444598][ T4350] other info that might help us debug this: [ 85.444598][ T4350] [ 85.456865][ T4350] Chain exists of: [ 85.456865][ T4350] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 85.456865][ T4350] [ 85.474529][ T4350] Possible unsafe locking scenario: [ 85.474529][ T4350] [ 85.482038][ T4350] CPU0 CPU1 [ 85.487866][ T4350] ---- ---- [ 85.493521][ T4350] lock(rfkill_global_mutex); [ 85.499194][ T4350] lock(&data->open_mutex); [ 85.507369][ T4350] lock(rfkill_global_mutex); [ 85.515159][ T4350] lock((work_completion)(&hdev->bg_scan_update)); [ 85.522063][ T4350] [ 85.522063][ T4350] *** DEADLOCK *** [ 85.522063][ T4350] [ 85.530806][ T4350] 1 lock held by syz.0.17/4350: [ 85.535684][ T4350] #0: ffffffff8d4c0468 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 85.546165][ T4350] [ 85.546165][ T4350] stack backtrace: [ 85.552446][ T4350] CPU: 1 PID: 4350 Comm: syz.0.17 Not tainted syzkaller #0 [ 85.559766][ T4350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 85.570228][ T4350] Call Trace: [ 85.574186][ T4350] [ 85.577239][ T4350] dump_stack_lvl+0x168/0x230 [ 85.581957][ T4350] ? load_image+0x3b0/0x3b0 [ 85.586505][ T4350] ? show_regs_print_info+0x20/0x20 [ 85.591834][ T4350] ? print_circular_bug+0x12b/0x1a0 [ 85.597402][ T4350] check_noncircular+0x274/0x310 [ 85.602820][ T4350] ? add_chain_block+0x940/0x940 [ 85.608128][ T4350] ? lockdep_lock+0xdc/0x1e0 [ 85.613594][ T4350] ? __lock_acquire+0x12d9/0x7c60 [ 85.618925][ T4350] ? lockdep_lock+0x1e0/0x1e0 [ 85.624714][ T4350] ? mark_lock+0x94/0x320 [ 85.629519][ T4350] __lock_acquire+0x2c33/0x7c60 [ 85.634815][ T4350] ? verify_lock_unused+0x140/0x140 [ 85.641196][ T4350] ? verify_lock_unused+0x140/0x140 [ 85.646707][ T4350] lock_acquire+0x197/0x3f0 [ 85.651877][ T4350] ? __flush_work+0xc1/0x1b0 [ 85.656910][ T4350] ? __lock_acquire+0x7c60/0x7c60 [ 85.662164][ T4350] ? read_lock_is_recursive+0x10/0x10 [ 85.667599][ T4350] ? start_flush_work+0x776/0x820 [ 85.673302][ T4350] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 85.679395][ T4350] ? _raw_spin_unlock+0x40/0x40 [ 85.684294][ T4350] __flush_work+0xdd/0x1b0 [ 85.689130][ T4350] ? __flush_work+0xc1/0x1b0 [ 85.694216][ T4350] ? flush_work+0x20/0x20 [ 85.698591][ T4350] ? try_to_grab_pending+0xf3/0x7e0 [ 85.704694][ T4350] ? lockdep_hardirqs_off+0x70/0x100 [ 85.710194][ T4350] ? mark_lock+0x94/0x320 [ 85.715603][ T4350] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 85.721803][ T4350] ? lock_chain_count+0x20/0x20 [ 85.726696][ T4350] ? mark_lock+0x94/0x320 [ 85.731329][ T4350] ? __cancel_work_timer+0x331/0x520 [ 85.736966][ T4350] __cancel_work_timer+0x3ac/0x520 [ 85.743232][ T4350] ? cancel_work_sync+0x20/0x20 [ 85.748396][ T4350] ? __cancel_work+0x1f4/0x2d0 [ 85.753287][ T4350] ? lockdep_hardirqs_on+0x94/0x140 [ 85.758984][ T4350] ? __cancel_work+0x26f/0x2d0 [ 85.764219][ T4350] ? cancel_work+0x20/0x20 [ 85.769230][ T4350] ? lock_chain_count+0x20/0x20 [ 85.772842][ T4236] Bluetooth: hci0: command 0x040f tx timeout [ 85.774518][ T4350] hci_request_cancel_all+0xcc/0x300 [ 85.787345][ T4350] hci_dev_do_close+0x4e/0x1030 [ 85.792677][ T4350] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 85.798979][ T4350] ? _raw_spin_unlock+0x40/0x40 [ 85.804832][ T4350] hci_rfkill_set_block+0x10a/0x190 [ 85.810155][ T4350] ? rcu_lock_release+0x20/0x20 [ 85.815064][ T4350] rfkill_set_block+0x1c6/0x420 [ 85.820278][ T4350] rfkill_fop_write+0x458/0x560 [ 85.825451][ T4350] ? verify_lock_unused+0x140/0x140 [ 85.830875][ T4350] ? rfkill_fop_read+0x4b0/0x4b0 [ 85.835954][ T4350] ? common_file_perm+0xc0/0x1c0 [ 85.841418][ T4350] ? fsnotify_perm+0x5d/0x560 [ 85.846244][ T4350] ? security_file_permission+0x75/0xa0 [ 85.852968][ T4350] ? rfkill_fop_read+0x4b0/0x4b0 [ 85.858674][ T4350] vfs_write+0x300/0xd00 [ 85.863664][ T4350] ? file_end_write+0x250/0x250 [ 85.868569][ T4350] ? __context_tracking_exit+0x4c/0x80 [ 85.874329][ T4350] ? __lock_acquire+0x7c60/0x7c60 [ 85.879484][ T4350] ? __fdget_pos+0x1e2/0x370 [ 85.884338][ T4350] ksys_write+0x14d/0x250 [ 85.888726][ T4350] ? __ia32_sys_read+0x80/0x80 [ 85.894017][ T4350] ? lockdep_hardirqs_on+0x94/0x140 [ 85.900063][ T4350] do_syscall_64+0x4c/0xa0 [ 85.905558][ T4350] ? clear_bhb_loop+0x30/0x80 [ 85.910976][ T4350] ? clear_bhb_loop+0x30/0x80 [ 85.915966][ T4350] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.922977][ T4350] RIP: 0033:0x7fac570b3ec9 [ 85.927699][ T4350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.948325][ T4350] RSP: 002b:00007ffd5a2cd2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.957659][ T4350] RAX: ffffffffffffffda RBX: 00007fac5730afa0 RCX: 00007fac570b3ec9 [ 85.966100][ T4350] RDX: 0000000000000008 RSI: 0000200000000040 RDI: 0000000000000003 [ 85.974326][ T4350] RBP: 00007fac57136f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.983205][ T4350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.991780][ T4350] R13: 00007fac5730afa0 R14: 00007fac5730afa0 R15: 0000000000000003 [ 86.000446][ T4350]