Warning: Permanently added '10.128.0.226' (ED25519) to the list of known hosts. 2025/06/13 11:10:08 ignoring optional flag "sandboxArg"="0" 2025/06/13 11:10:09 parsed 1 programs [ 85.831196][ T4182] cgroup: Unknown subsys name 'net' [ 85.945790][ T4182] cgroup: Unknown subsys name 'rlimit' [ 86.749455][ T23] cfg80211: failed to load regulatory.db [ 87.468902][ T4182] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 88.853234][ T3089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.872797][ T3089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.889757][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 88.909502][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.917463][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.926002][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 90.039555][ T4218] chnl_net:caif_netlink_parms(): no params data found [ 90.115423][ T4218] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.124541][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.132963][ T4218] device bridge_slave_0 entered promiscuous mode [ 90.144338][ T4218] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.151559][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.161421][ T4218] device bridge_slave_1 entered promiscuous mode [ 90.192646][ T4218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.204507][ T4218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.238835][ T4218] team0: Port device team_slave_0 added [ 90.248515][ T4218] team0: Port device team_slave_1 added [ 90.274711][ T4218] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.283280][ T4218] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.310599][ T4218] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.324069][ T4218] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.332444][ T4218] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.359939][ T4218] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.402122][ T4218] device hsr_slave_0 entered promiscuous mode [ 90.410672][ T4218] device hsr_slave_1 entered promiscuous mode [ 90.555107][ T4218] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.567333][ T4218] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.578394][ T4218] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.588668][ T4218] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.621491][ T4218] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.628793][ T4218] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.636966][ T4218] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.644154][ T4218] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.711661][ T4218] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.731362][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.741021][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.751487][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.766804][ T4218] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.780597][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 90.789708][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.796800][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.821571][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 90.832689][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.839841][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.850073][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 90.859539][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 90.872859][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 90.884107][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 90.900536][ T4218] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 90.912873][ T4218] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.924681][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 90.935926][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 90.945834][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 90.955777][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 90.964451][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 91.093441][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 91.101163][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 91.115468][ T4218] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.136195][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 91.145165][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 91.169264][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 91.178605][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 91.193830][ T4218] device veth0_vlan entered promiscuous mode [ 91.206372][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 91.216523][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 91.228761][ T4218] device veth1_vlan entered promiscuous mode [ 91.255565][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 91.265490][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 91.274369][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 91.284040][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 91.305725][ T4218] device veth0_macvtap entered promiscuous mode [ 91.321128][ T4218] device veth1_macvtap entered promiscuous mode [ 91.343566][ T4218] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.351514][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 91.359971][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 91.368168][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 91.376802][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 91.389781][ T4218] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.398196][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 91.407475][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 91.420852][ T4218] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.429859][ T4218] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.439348][ T4218] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.448455][ T4218] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2025/06/13 11:10:18 executed programs: 0 [ 93.089938][ T4267] chnl_net:caif_netlink_parms(): no params data found [ 93.152596][ T4267] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.159816][ T4267] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.168279][ T4267] device bridge_slave_0 entered promiscuous mode [ 93.177004][ T4267] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.184667][ T4267] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.192925][ T4267] device bridge_slave_1 entered promiscuous mode [ 93.221846][ T4267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.244622][ T4267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.275362][ T4267] team0: Port device team_slave_0 added [ 93.284650][ T4267] team0: Port device team_slave_1 added [ 93.312819][ T4267] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.319899][ T4267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.346693][ T4267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.359550][ T4267] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.366522][ T4267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.393947][ T4267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.437029][ T4267] device hsr_slave_0 entered promiscuous mode [ 93.444857][ T4267] device hsr_slave_1 entered promiscuous mode [ 93.454370][ T4267] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.462751][ T4267] Cannot create hsr debugfs directory [ 93.557889][ T4267] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.988618][ T4239] Bluetooth: hci0: command 0x0409 tx timeout [ 96.664653][ T4267] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.712410][ T4267] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.765101][ T4267] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.850260][ T4267] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.860662][ T4267] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.870460][ T4267] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.879647][ T4267] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.952058][ T4267] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.985801][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 96.995188][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.006210][ T4267] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.036235][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.045234][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.054641][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.061769][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.071782][ T4232] Bluetooth: hci0: command 0x041b tx timeout [ 97.078323][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 97.086533][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.095375][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.104007][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.111092][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.119553][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 97.139210][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 97.152835][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 97.162702][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.171967][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 97.197758][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.206496][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.219389][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 97.228916][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 97.263215][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 97.272714][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 97.282037][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 97.400447][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 97.408082][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 97.422005][ T4267] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.456330][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 97.465329][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 97.485163][ T1212] device hsr_slave_0 left promiscuous mode [ 97.491860][ T1212] device hsr_slave_1 left promiscuous mode [ 97.500651][ T1212] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.508255][ T1212] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 97.516329][ T1212] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.524423][ T1212] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 97.532505][ T1212] device bridge_slave_1 left promiscuous mode [ 97.539799][ T1212] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.554713][ T1212] device bridge_slave_0 left promiscuous mode [ 97.562176][ T1212] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.579652][ T1212] device veth1_macvtap left promiscuous mode [ 97.586029][ T1212] device veth0_macvtap left promiscuous mode [ 97.592966][ T1212] device veth1_vlan left promiscuous mode [ 97.599275][ T1212] device veth0_vlan left promiscuous mode [ 97.770349][ T1212] team0 (unregistering): Port device team_slave_1 removed [ 97.783751][ T1212] team0 (unregistering): Port device team_slave_0 removed [ 97.802491][ T1212] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 97.816138][ T1212] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 97.874451][ T1212] bond0 (unregistering): Released all slaves [ 97.944009][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 97.952294][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 97.962096][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 97.971621][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 97.981748][ T4267] device veth0_vlan entered promiscuous mode [ 98.003386][ T4267] device veth1_vlan entered promiscuous mode [ 98.030711][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 98.039522][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 98.050739][ T4267] device veth0_macvtap entered promiscuous mode [ 98.062092][ T4267] device veth1_macvtap entered promiscuous mode [ 98.080785][ T4267] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.089088][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 98.097179][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 98.105305][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 98.114148][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 98.130319][ T4267] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.138673][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 98.153470][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 98.164718][ T4267] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.174578][ T4267] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.183388][ T4267] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.192661][ T4267] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.246460][ T3089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.255140][ T3089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.270665][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 98.295156][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.304005][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.313024][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 98.427635][ T4279] [ 98.430027][ T4279] ====================================================== [ 98.437054][ T4279] WARNING: possible circular locking dependency detected [ 98.444095][ T4279] 5.15.185-syzkaller #0 Not tainted [ 98.449299][ T4279] ------------------------------------------------------ [ 98.456327][ T4279] syz.0.16/4279 is trying to acquire lock: [ 98.462137][ T4279] ffff888024f40c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 98.473225][ T4279] [ 98.473225][ T4279] but task is already holding lock: [ 98.480599][ T4279] ffffffff8d4b2748 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 98.490283][ T4279] [ 98.490283][ T4279] which lock already depends on the new lock. [ 98.490283][ T4279] [ 98.500690][ T4279] [ 98.500690][ T4279] the existing dependency chain (in reverse order) is: [ 98.509717][ T4279] [ 98.509717][ T4279] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 98.517732][ T4279] __mutex_lock_common+0x1eb/0x2390 [ 98.523469][ T4279] mutex_lock_nested+0x17/0x20 [ 98.528772][ T4279] rfkill_register+0x33/0x8a0 [ 98.533986][ T4279] hci_register_dev+0x452/0x970 [ 98.539371][ T4279] vhci_create_device+0x32c/0x5c0 [ 98.544930][ T4279] vhci_write+0x391/0x450 [ 98.549796][ T4279] vfs_write+0x712/0xd00 [ 98.554574][ T4279] ksys_write+0x14d/0x250 [ 98.559440][ T4279] do_syscall_64+0x4c/0xa0 [ 98.564396][ T4279] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 98.570845][ T4279] [ 98.570845][ T4279] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 98.578694][ T4279] __mutex_lock_common+0x1eb/0x2390 [ 98.584431][ T4279] mutex_lock_nested+0x17/0x20 [ 98.589730][ T4279] vhci_send_frame+0x88/0x100 [ 98.594942][ T4279] hci_send_frame+0x1a9/0x2e0 [ 98.600157][ T4279] hci_tx_work+0x9f9/0x1710 [ 98.605205][ T4279] process_one_work+0x863/0x1000 [ 98.610691][ T4279] worker_thread+0xaa8/0x12a0 [ 98.615909][ T4279] kthread+0x436/0x520 [ 98.620518][ T4279] ret_from_fork+0x1f/0x30 [ 98.625488][ T4279] [ 98.625488][ T4279] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 98.634736][ T4279] __flush_work+0xdd/0x1b0 [ 98.639700][ T4279] hci_dev_do_close+0x1e7/0x1030 [ 98.645179][ T4279] hci_unregister_dev+0x2d7/0x580 [ 98.650745][ T4279] vhci_release+0x73/0xc0 [ 98.655609][ T4279] __fput+0x234/0x930 [ 98.660121][ T4279] task_work_run+0x125/0x1a0 [ 98.665243][ T4279] do_exit+0x616/0x20a0 [ 98.669931][ T4279] do_group_exit+0x12e/0x300 [ 98.675052][ T4279] get_signal+0x6ca/0x12c0 [ 98.679996][ T4279] arch_do_signal_or_restart+0xc1/0x1300 [ 98.686162][ T4279] exit_to_user_mode_loop+0x9e/0x130 [ 98.692006][ T4279] exit_to_user_mode_prepare+0xb1/0x140 [ 98.698092][ T4279] syscall_exit_to_user_mode+0x16/0x40 [ 98.704105][ T4279] do_syscall_64+0x58/0xa0 [ 98.709056][ T4279] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 98.715481][ T4279] [ 98.715481][ T4279] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 98.723152][ T4279] __mutex_lock_common+0x1eb/0x2390 [ 98.728887][ T4279] mutex_lock_nested+0x17/0x20 [ 98.734186][ T4279] bg_scan_update+0x44/0x3b0 [ 98.739308][ T4279] process_one_work+0x863/0x1000 [ 98.744777][ T4279] worker_thread+0xaa8/0x12a0 [ 98.749988][ T4279] kthread+0x436/0x520 [ 98.754594][ T4279] ret_from_fork+0x1f/0x30 [ 98.759540][ T4279] [ 98.759540][ T4279] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 98.769378][ T4279] __lock_acquire+0x2c33/0x7c60 [ 98.774775][ T4279] lock_acquire+0x197/0x3f0 [ 98.779826][ T4279] __flush_work+0xdd/0x1b0 [ 98.784785][ T4279] __cancel_work_timer+0x3ac/0x520 [ 98.790430][ T4279] hci_request_cancel_all+0xcc/0x300 [ 98.796261][ T4279] hci_dev_do_close+0x4e/0x1030 [ 98.801656][ T4279] hci_rfkill_set_block+0x10a/0x190 [ 98.807392][ T4279] rfkill_set_block+0x1c6/0x420 [ 98.812780][ T4279] rfkill_fop_write+0x458/0x560 [ 98.818179][ T4279] do_iter_write+0x3e4/0x7b0 [ 98.823306][ T4279] do_writev+0x254/0x410 [ 98.828084][ T4279] do_syscall_64+0x4c/0xa0 [ 98.833023][ T4279] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 98.839442][ T4279] [ 98.839442][ T4279] other info that might help us debug this: [ 98.839442][ T4279] [ 98.849665][ T4279] Chain exists of: [ 98.849665][ T4279] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 98.849665][ T4279] [ 98.865390][ T4279] Possible unsafe locking scenario: [ 98.865390][ T4279] [ 98.872837][ T4279] CPU0 CPU1 [ 98.878201][ T4279] ---- ---- [ 98.883565][ T4279] lock(rfkill_global_mutex); [ 98.888331][ T4279] lock(&data->open_mutex); [ 98.895441][ T4279] lock(rfkill_global_mutex); [ 98.902724][ T4279] lock((work_completion)(&hdev->bg_scan_update)); [ 98.909311][ T4279] [ 98.909311][ T4279] *** DEADLOCK *** [ 98.909311][ T4279] [ 98.917452][ T4279] 1 lock held by syz.0.16/4279: [ 98.922301][ T4279] #0: ffffffff8d4b2748 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 98.932403][ T4279] [ 98.932403][ T4279] stack backtrace: [ 98.938308][ T4279] CPU: 0 PID: 4279 Comm: syz.0.16 Not tainted 5.15.185-syzkaller #0 [ 98.946289][ T4279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 98.956363][ T4279] Call Trace: [ 98.959649][ T4279] [ 98.962580][ T4279] dump_stack_lvl+0x168/0x230 [ 98.967287][ T4279] ? load_image+0x3b0/0x3b0 [ 98.971795][ T4279] ? show_regs_print_info+0x20/0x20 [ 98.977001][ T4279] ? print_circular_bug+0x12b/0x1a0 [ 98.982204][ T4279] check_noncircular+0x274/0x310 [ 98.987149][ T4279] ? add_chain_block+0x940/0x940 [ 98.992090][ T4279] ? lockdep_lock+0xdc/0x1e0 [ 98.996690][ T4279] ? __lock_acquire+0x12d9/0x7c60 [ 99.001723][ T4279] ? mark_lock+0x94/0x320 [ 99.006059][ T4279] __lock_acquire+0x2c33/0x7c60 [ 99.010921][ T4279] ? mark_lock+0x94/0x320 [ 99.015253][ T4279] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 99.021264][ T4279] ? verify_lock_unused+0x140/0x140 [ 99.026470][ T4279] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 99.032115][ T4279] lock_acquire+0x197/0x3f0 [ 99.036625][ T4279] ? __flush_work+0xc1/0x1b0 [ 99.041221][ T4279] ? __lock_acquire+0x7c60/0x7c60 [ 99.046250][ T4279] ? read_lock_is_recursive+0x10/0x10 [ 99.051634][ T4279] ? start_flush_work+0x776/0x820 [ 99.056670][ T4279] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 99.062570][ T4279] ? _raw_spin_unlock+0x40/0x40 [ 99.067430][ T4279] __flush_work+0xdd/0x1b0 [ 99.071849][ T4279] ? __flush_work+0xc1/0x1b0 [ 99.076440][ T4279] ? flush_work+0x20/0x20 [ 99.080774][ T4279] ? try_to_grab_pending+0xf3/0x7e0 [ 99.086000][ T4279] ? lockdep_hardirqs_off+0x70/0x100 [ 99.091292][ T4279] ? mark_lock+0x94/0x320 [ 99.095629][ T4279] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 99.101617][ T4279] ? lock_chain_count+0x20/0x20 [ 99.106471][ T4279] ? mark_lock+0x94/0x320 [ 99.110816][ T4279] ? __cancel_work_timer+0x331/0x520 [ 99.116305][ T4279] __cancel_work_timer+0x3ac/0x520 [ 99.121435][ T4279] ? cancel_work_sync+0x20/0x20 [ 99.126304][ T4279] ? __cancel_work+0x1f4/0x2d0 [ 99.131071][ T4279] ? lockdep_hardirqs_on+0x94/0x140 [ 99.136282][ T4279] ? __cancel_work+0x26f/0x2d0 [ 99.141055][ T4279] ? cancel_work+0x20/0x20 [ 99.145779][ T4279] ? lock_chain_count+0x20/0x20 [ 99.150651][ T4279] hci_request_cancel_all+0xcc/0x300 [ 99.155955][ T4279] hci_dev_do_close+0x4e/0x1030 [ 99.160823][ T4279] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 99.166723][ T4279] ? _raw_spin_unlock+0x40/0x40 [ 99.171581][ T4279] hci_rfkill_set_block+0x10a/0x190 [ 99.176781][ T4279] ? rcu_lock_release+0x20/0x20 [ 99.181634][ T4279] rfkill_set_block+0x1c6/0x420 [ 99.186494][ T4279] rfkill_fop_write+0x458/0x560 [ 99.191349][ T4279] ? _copy_from_user+0x111/0x170 [ 99.196309][ T4279] ? rfkill_fop_read+0x4b0/0x4b0 [ 99.201253][ T4279] ? common_file_perm+0x171/0x1c0 [ 99.206283][ T4279] ? fsnotify_perm+0x5d/0x560 [ 99.210966][ T4279] ? security_file_permission+0x75/0xa0 [ 99.216522][ T4279] do_iter_write+0x3e4/0x7b0 [ 99.221131][ T4279] do_writev+0x254/0x410 [ 99.225381][ T4279] ? do_readv+0x3e0/0x3e0 [ 99.229726][ T4279] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 99.235716][ T4279] ? lock_chain_count+0x20/0x20 [ 99.240573][ T4279] ? vtime_user_exit+0x2dc/0x400 [ 99.245520][ T4279] ? lockdep_hardirqs_on+0x94/0x140 [ 99.250732][ T4279] do_syscall_64+0x4c/0xa0 [ 99.255151][ T4279] ? clear_bhb_loop+0x30/0x80 [ 99.259832][ T4279] ? clear_bhb_loop+0x30/0x80 [ 99.264513][ T4279] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 99.270427][ T4279] RIP: 0033:0x7f7f909ab929 [ 99.274853][ T4279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.294464][ T4279] RSP: 002b:00007ffe7402c608 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 99.302889][ T4279] RAX: ffffffffffffffda RBX: 00007f7f90bd2fa0 RCX: 00007f7f909ab929 [ 99.310875][ T4279] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000003 [ 99.318857][ T4279] RBP: 00007f7f90a2db39 R08: 0000000000000000 R09: 0000000000000000 [ 99.326838][ T4279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.334809][ T4279] R13: 00007f7f90bd2fa0 R14: 00007f7f90bd2fa0 R15: 0000000000000003 [ 99.342797][ T4279] [ 99.350553][ T4232] Bluetooth: hci0: command 0x040f tx timeout