Warning: Permanently added '10.128.0.33' (ED25519) to the list of known hosts. 2025/11/13 08:29:19 parsed 1 programs [ 53.288563][ T4188] cgroup: Unknown subsys name 'net' [ 53.426611][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 54.668062][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 55.884571][ T1548] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.901996][ T1548] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.910385][ T1548] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 55.928216][ T1548] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.936460][ T1548] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.944892][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 57.879484][ T4253] chnl_net:caif_netlink_parms(): no params data found [ 57.930161][ T4253] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.938021][ T4253] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.945876][ T4253] device bridge_slave_0 entered promiscuous mode [ 57.955097][ T4253] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.962902][ T4253] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.970543][ T4253] device bridge_slave_1 entered promiscuous mode [ 57.997616][ T4253] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.014318][ T4253] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.046724][ T4253] team0: Port device team_slave_0 added [ 58.054736][ T4253] team0: Port device team_slave_1 added [ 58.074659][ T4253] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.081784][ T4253] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.107994][ T4253] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.120197][ T4253] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.127203][ T4253] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.153101][ T4253] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.179259][ T4253] device hsr_slave_0 entered promiscuous mode [ 58.186504][ T4253] device hsr_slave_1 entered promiscuous mode [ 58.427116][ T4253] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 58.437230][ T4253] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.446803][ T4253] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.455936][ T4253] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.478220][ T4253] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.485418][ T4253] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.493499][ T4253] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.500545][ T4253] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.535706][ T4253] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.549052][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.557427][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.565916][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 58.575845][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.584847][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.596509][ T4253] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.629019][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.638296][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.645498][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.656817][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.665478][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.672566][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.713580][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.723125][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.734833][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.768272][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.780248][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.791475][ T4253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.899124][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.907024][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.920405][ T4253] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.959245][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 58.968604][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 58.986292][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 58.994966][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.003816][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.012186][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.023768][ T4253] device veth0_vlan entered promiscuous mode [ 59.053095][ T4253] device veth1_vlan entered promiscuous mode [ 59.070747][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 59.078895][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 59.087908][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.097053][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.107472][ T4253] device veth0_macvtap entered promiscuous mode [ 59.119095][ T4253] device veth1_macvtap entered promiscuous mode [ 59.150787][ T4253] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.159309][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 59.168482][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 59.176953][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 59.185945][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.196824][ T4253] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.209842][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.220193][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.232809][ T4253] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.241880][ T4253] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.250552][ T4253] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.259679][ T4253] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2025/11/13 08:29:27 executed programs: 0 [ 59.831514][ T4301] chnl_net:caif_netlink_parms(): no params data found [ 59.897401][ T4301] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.904649][ T4301] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.913150][ T4301] device bridge_slave_0 entered promiscuous mode [ 59.921931][ T4301] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.929073][ T4301] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.938196][ T4301] device bridge_slave_1 entered promiscuous mode [ 59.964974][ T4301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.976393][ T4301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.012595][ T4301] team0: Port device team_slave_0 added [ 60.020462][ T4301] team0: Port device team_slave_1 added [ 60.045586][ T4301] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.052623][ T4301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.079252][ T4301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.091738][ T4301] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.098690][ T4301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.125050][ T4301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.166710][ T4301] device hsr_slave_0 entered promiscuous mode [ 60.176119][ T4301] device hsr_slave_1 entered promiscuous mode [ 60.183131][ T4301] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.190959][ T4301] Cannot create hsr debugfs directory [ 60.295439][ T4301] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.721912][ T1107] Bluetooth: hci0: command 0x0409 tx timeout [ 62.617441][ T4301] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.811561][ T1107] Bluetooth: hci0: command 0x041b tx timeout [ 64.066694][ T4301] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.137731][ T4301] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.230383][ T4301] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.239101][ T4301] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.248091][ T4301] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.257720][ T4301] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.306279][ T4301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.318330][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.326346][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.336755][ T4301] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.350471][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.359840][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.370055][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.377174][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.387786][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.397246][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.405960][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.414636][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.421749][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.439162][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.449923][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.463054][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.472814][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.481897][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.499704][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.508752][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.519348][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.528846][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.539366][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.548411][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.564831][ T4301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.638965][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.646536][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.658654][ T1548] device hsr_slave_0 left promiscuous mode [ 64.667062][ T1548] device hsr_slave_1 left promiscuous mode [ 64.673978][ T1548] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 64.681911][ T1548] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 64.689886][ T1548] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.697357][ T1548] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 64.704949][ T1548] device bridge_slave_1 left promiscuous mode [ 64.712088][ T1548] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.724720][ T1548] device bridge_slave_0 left promiscuous mode [ 64.730978][ T1548] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.747748][ T1548] device veth1_macvtap left promiscuous mode [ 64.754054][ T1548] device veth0_macvtap left promiscuous mode [ 64.760075][ T1548] device veth1_vlan left promiscuous mode [ 64.766225][ T1548] device veth0_vlan left promiscuous mode [ 64.889931][ T1548] team0 (unregistering): Port device team_slave_1 removed [ 64.904065][ T1548] team0 (unregistering): Port device team_slave_0 removed [ 64.915768][ T1548] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 64.930898][ T1548] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 64.979067][ T1548] bond0 (unregistering): Released all slaves [ 65.037897][ T4301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.058295][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.067169][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.089367][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.104418][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.114101][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.121994][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.130970][ T4301] device veth0_vlan entered promiscuous mode [ 65.144174][ T4301] device veth1_vlan entered promiscuous mode [ 65.175965][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.184752][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.192843][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.201654][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.211869][ T4301] device veth0_macvtap entered promiscuous mode [ 65.220024][ T4301] device veth1_macvtap entered promiscuous mode [ 65.238121][ T4301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.246162][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.254773][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.263705][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 65.272756][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.284365][ T4301] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.294778][ T4301] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.305149][ T4301] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.314038][ T4301] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.323246][ T4301] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.333660][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 65.342782][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.389762][ T4320] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.398590][ T4320] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.415978][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.432271][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.440255][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.450323][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.525057][ T4321] input: syz0 as /devices/virtual/input/input5 [ 65.593413][ T4315] [ 65.595758][ T4315] ====================================================== [ 65.602818][ T4315] WARNING: possible circular locking dependency detected [ 65.609844][ T4315] syzkaller #0 Not tainted [ 65.614246][ T4315] ------------------------------------------------------ [ 65.621250][ T4315] kworker/0:5/4315 is trying to acquire lock: [ 65.627299][ T4315] ffff888024abcc28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 65.638355][ T4315] [ 65.638355][ T4315] but task is already holding lock: [ 65.645712][ T4315] ffffffff8d4c0f28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x43/0x170 [ 65.654761][ T4315] [ 65.654761][ T4315] which lock already depends on the new lock. [ 65.654761][ T4315] [ 65.665156][ T4315] [ 65.665156][ T4315] the existing dependency chain (in reverse order) is: [ 65.674158][ T4315] [ 65.674158][ T4315] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 65.682146][ T4315] __mutex_lock_common+0x1eb/0x2390 [ 65.687866][ T4315] mutex_lock_nested+0x17/0x20 [ 65.693146][ T4315] rfkill_register+0x33/0x8a0 [ 65.698340][ T4315] hci_register_dev+0x452/0x970 [ 65.703706][ T4315] vhci_create_device+0x32c/0x5c0 [ 65.709244][ T4315] vhci_write+0x391/0x450 [ 65.714087][ T4315] vfs_write+0x712/0xd00 [ 65.718843][ T4315] ksys_write+0x14d/0x250 [ 65.723677][ T4315] do_syscall_64+0x4c/0xa0 [ 65.728600][ T4315] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.735007][ T4315] [ 65.735007][ T4315] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 65.742813][ T4315] __mutex_lock_common+0x1eb/0x2390 [ 65.748534][ T4315] mutex_lock_nested+0x17/0x20 [ 65.753818][ T4315] vhci_send_frame+0x88/0x100 [ 65.759020][ T4315] hci_send_frame+0x1a9/0x2e0 [ 65.764210][ T4315] hci_tx_work+0x9f9/0x1710 [ 65.769230][ T4315] process_one_work+0x863/0x1000 [ 65.774678][ T4315] worker_thread+0xaa8/0x12a0 [ 65.779866][ T4315] kthread+0x436/0x520 [ 65.784447][ T4315] ret_from_fork+0x1f/0x30 [ 65.789377][ T4315] [ 65.789377][ T4315] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 65.798564][ T4315] __flush_work+0xdd/0x1b0 [ 65.803485][ T4315] hci_dev_do_close+0x1e7/0x1030 [ 65.808923][ T4315] hci_unregister_dev+0x2d7/0x580 [ 65.814449][ T4315] vhci_release+0x73/0xc0 [ 65.819278][ T4315] __fput+0x234/0x930 [ 65.823765][ T4315] task_work_run+0x125/0x1a0 [ 65.828855][ T4315] do_exit+0x61e/0x20a0 [ 65.833510][ T4315] do_group_exit+0x12e/0x300 [ 65.838598][ T4315] get_signal+0x6ca/0x12c0 [ 65.843522][ T4315] arch_do_signal_or_restart+0xc1/0x1300 [ 65.849654][ T4315] exit_to_user_mode_loop+0x9e/0x130 [ 65.855439][ T4315] exit_to_user_mode_prepare+0xee/0x180 [ 65.861490][ T4315] syscall_exit_to_user_mode+0x16/0x40 [ 65.867448][ T4315] do_syscall_64+0x58/0xa0 [ 65.872362][ T4315] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.878754][ T4315] [ 65.878754][ T4315] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 65.886372][ T4315] __mutex_lock_common+0x1eb/0x2390 [ 65.892070][ T4315] mutex_lock_nested+0x17/0x20 [ 65.897332][ T4315] bg_scan_update+0x44/0x3b0 [ 65.902423][ T4315] process_one_work+0x863/0x1000 [ 65.907860][ T4315] worker_thread+0xaa8/0x12a0 [ 65.913036][ T4315] kthread+0x436/0x520 [ 65.917603][ T4315] ret_from_fork+0x1f/0x30 [ 65.922520][ T4315] [ 65.922520][ T4315] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 65.932310][ T4315] __lock_acquire+0x2c33/0x7c60 [ 65.937659][ T4315] lock_acquire+0x197/0x3f0 [ 65.942659][ T4315] __flush_work+0xdd/0x1b0 [ 65.947573][ T4315] __cancel_work_timer+0x3ac/0x520 [ 65.953277][ T4315] hci_request_cancel_all+0xcc/0x300 [ 65.959088][ T4315] hci_dev_do_close+0x4e/0x1030 [ 65.964452][ T4315] hci_rfkill_set_block+0x10a/0x190 [ 65.970159][ T4315] rfkill_set_block+0x1c6/0x420 [ 65.975518][ T4315] rfkill_epo+0x75/0x170 [ 65.980263][ T4315] rfkill_op_handler+0x76/0x220 [ 65.985614][ T4315] process_one_work+0x863/0x1000 [ 65.991066][ T4315] worker_thread+0xaa8/0x12a0 [ 65.996243][ T4315] kthread+0x436/0x520 [ 66.000896][ T4315] ret_from_fork+0x1f/0x30 [ 66.005827][ T4315] [ 66.005827][ T4315] other info that might help us debug this: [ 66.005827][ T4315] [ 66.016461][ T4315] Chain exists of: [ 66.016461][ T4315] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 66.016461][ T4315] [ 66.032159][ T4315] Possible unsafe locking scenario: [ 66.032159][ T4315] [ 66.039581][ T4315] CPU0 CPU1 [ 66.044919][ T4315] ---- ---- [ 66.050257][ T4315] lock(rfkill_global_mutex); [ 66.054996][ T4315] lock(&data->open_mutex); [ 66.062080][ T4315] lock(rfkill_global_mutex); [ 66.069341][ T4315] lock((work_completion)(&hdev->bg_scan_update)); [ 66.075906][ T4315] [ 66.075906][ T4315] *** DEADLOCK *** [ 66.075906][ T4315] [ 66.084024][ T4315] 3 locks held by kworker/0:5/4315: [ 66.089203][ T4315] #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 [ 66.099534][ T4315] #1: ffffc900031efd00 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 [ 66.109945][ T4315] #2: ffffffff8d4c0f28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x43/0x170 [ 66.119400][ T4315] [ 66.119400][ T4315] stack backtrace: [ 66.125275][ T4315] CPU: 0 PID: 4315 Comm: kworker/0:5 Not tainted syzkaller #0 [ 66.132716][ T4315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 66.142772][ T4315] Workqueue: events rfkill_op_handler [ 66.148141][ T4315] Call Trace: [ 66.151401][ T4315] [ 66.154312][ T4315] dump_stack_lvl+0x168/0x230 [ 66.158972][ T4315] ? load_image+0x3b0/0x3b0 [ 66.163452][ T4315] ? show_regs_print_info+0x20/0x20 [ 66.168631][ T4315] ? print_circular_bug+0x12b/0x1a0 [ 66.173807][ T4315] check_noncircular+0x274/0x310 [ 66.178719][ T4315] ? add_chain_block+0x940/0x940 [ 66.183631][ T4315] ? lockdep_lock+0xdc/0x1e0 [ 66.188202][ T4315] ? __lock_acquire+0x12d9/0x7c60 [ 66.193228][ T4315] ? lockdep_lock+0x1e0/0x1e0 [ 66.197880][ T4315] ? mark_lock+0x94/0x320 [ 66.202188][ T4315] __lock_acquire+0x2c33/0x7c60 [ 66.207022][ T4315] ? verify_lock_unused+0x140/0x140 [ 66.212202][ T4315] ? verify_lock_unused+0x140/0x140 [ 66.217381][ T4315] ? ret_from_fork+0x1e/0x30 [ 66.221952][ T4315] lock_acquire+0x197/0x3f0 [ 66.226434][ T4315] ? __flush_work+0xc1/0x1b0 [ 66.231026][ T4315] ? __lock_acquire+0x7c60/0x7c60 [ 66.236042][ T4315] ? read_lock_is_recursive+0x10/0x10 [ 66.241394][ T4315] ? start_flush_work+0x776/0x820 [ 66.246409][ T4315] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 66.252284][ T4315] __flush_work+0xdd/0x1b0 [ 66.256682][ T4315] ? __flush_work+0xc1/0x1b0 [ 66.261251][ T4315] ? flush_work+0x20/0x20 [ 66.265557][ T4315] ? try_to_grab_pending+0xf3/0x7e0 [ 66.270735][ T4315] ? lockdep_hardirqs_off+0x70/0x100 [ 66.276002][ T4315] ? mark_lock+0x94/0x320 [ 66.280315][ T4315] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 66.286285][ T4315] ? lock_chain_count+0x20/0x20 [ 66.291125][ T4315] ? lockdep_hardirqs_off+0x70/0x100 [ 66.296388][ T4315] ? mark_lock+0x94/0x320 [ 66.300694][ T4315] ? __cancel_work_timer+0x331/0x520 [ 66.305963][ T4315] __cancel_work_timer+0x3ac/0x520 [ 66.311053][ T4315] ? cancel_work_sync+0x20/0x20 [ 66.315901][ T4315] ? __cancel_work+0x1f4/0x2d0 [ 66.320650][ T4315] ? lockdep_hardirqs_on+0x94/0x140 [ 66.325825][ T4315] ? __cancel_work+0x26f/0x2d0 [ 66.330567][ T4315] ? cancel_work+0x20/0x20 [ 66.334974][ T4315] hci_request_cancel_all+0xcc/0x300 [ 66.340260][ T4315] hci_dev_do_close+0x4e/0x1030 [ 66.345110][ T4315] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 66.350998][ T4315] ? _raw_spin_unlock+0x40/0x40 [ 66.355838][ T4315] ? kobject_uevent_env+0x371/0x890 [ 66.361023][ T4315] hci_rfkill_set_block+0x10a/0x190 [ 66.366208][ T4315] ? rcu_lock_release+0x20/0x20 [ 66.371039][ T4315] rfkill_set_block+0x1c6/0x420 [ 66.375872][ T4315] rfkill_epo+0x75/0x170 [ 66.380190][ T4315] rfkill_op_handler+0x76/0x220 [ 66.385022][ T4315] process_one_work+0x863/0x1000 [ 66.389954][ T4315] ? worker_detach_from_pool+0x240/0x240 [ 66.395580][ T4315] ? lockdep_hardirqs_off+0x70/0x100 [ 66.400854][ T4315] ? _raw_spin_lock_irq+0xab/0xe0 [ 66.405876][ T4315] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 66.411229][ T4315] ? wq_worker_running+0x97/0x170 [ 66.416235][ T4315] worker_thread+0xaa8/0x12a0 [ 66.420905][ T4315] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 66.426773][ T4315] ? lockdep_hardirqs_on+0x94/0x140 [ 66.431954][ T4315] ? lockdep_hardirqs_on+0x94/0x140 [ 66.437133][ T4315] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 66.443010][ T4315] kthread+0x436/0x520 [ 66.447061][ T4315] ? rcu_lock_release+0x20/0x20 [ 66.451891][ T4315] ? kthread_blkcg+0xd0/0xd0 [ 66.456467][ T4315] ret_from_fork+0x1f/0x30 [ 66.460872][ T4315] [ 66.512508][ T4211] Bluetooth: hci0: command 0x040f tx timeout