Warning: Permanently added '10.128.0.41' (ED25519) to the list of known hosts. 2026/01/13 08:52:30 parsed 1 programs [ 72.431138][ T4187] cgroup: Unknown subsys name 'net' [ 72.568022][ T4187] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.083329][ T4187] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 77.130007][ T162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.150719][ T162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.175267][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.186784][ T162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.195291][ T162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.204287][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.879691][ T4255] chnl_net:caif_netlink_parms(): no params data found [ 77.985200][ T4255] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.993891][ T4255] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.002222][ T4255] device bridge_slave_0 entered promiscuous mode [ 78.012145][ T4255] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.019297][ T4255] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.027576][ T4255] device bridge_slave_1 entered promiscuous mode [ 78.050641][ T4255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.062984][ T4255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.112261][ T4255] team0: Port device team_slave_0 added [ 78.119672][ T4255] team0: Port device team_slave_1 added [ 78.139522][ T4255] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.146583][ T4255] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.173464][ T4255] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.186494][ T4255] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.194000][ T4255] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.220460][ T4255] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.275602][ T4255] device hsr_slave_0 entered promiscuous mode [ 78.283126][ T4255] device hsr_slave_1 entered promiscuous mode [ 78.430021][ T4255] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.441724][ T4255] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.451684][ T4255] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.461477][ T4255] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.541471][ T4255] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.586232][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.596040][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.607984][ T4255] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.619566][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 78.628599][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.638548][ T162] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.645966][ T162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.665647][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 78.674319][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.683844][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.693826][ T162] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.701048][ T162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.709942][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.718846][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.758197][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.767052][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.779634][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.794708][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.826082][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.837496][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.956473][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.964146][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.977385][ T4255] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.003292][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.034730][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.044434][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.052973][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.073352][ T4255] device veth0_vlan entered promiscuous mode [ 79.085828][ T4255] device veth1_vlan entered promiscuous mode [ 79.106796][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 79.116612][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.128166][ T4255] device veth0_macvtap entered promiscuous mode [ 79.177060][ T4255] device veth1_macvtap entered promiscuous mode [ 79.194417][ T4255] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.202830][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 79.211031][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 79.220010][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 79.229425][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 79.242818][ T4255] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.255202][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 79.265136][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.276580][ T4255] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.285852][ T4255] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.294642][ T4255] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.304074][ T4255] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.413361][ T4255] syz-executor (4255) used greatest stack depth: 21120 bytes left 2026/01/13 08:52:40 executed programs: 0 [ 79.978198][ T4301] chnl_net:caif_netlink_parms(): no params data found [ 80.043835][ T4301] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.051042][ T4301] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.060052][ T4301] device bridge_slave_0 entered promiscuous mode [ 80.071776][ T4301] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.078974][ T4301] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.089856][ T4301] device bridge_slave_1 entered promiscuous mode [ 80.124650][ T4301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.138995][ T4301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.173517][ T4301] team0: Port device team_slave_0 added [ 80.182874][ T4301] team0: Port device team_slave_1 added [ 80.214222][ T4301] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.221351][ T4301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.250942][ T4301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.276513][ T4301] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.286110][ T4301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.314917][ T4301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.365826][ T4301] device hsr_slave_0 entered promiscuous mode [ 80.372996][ T4301] device hsr_slave_1 entered promiscuous mode [ 80.379754][ T4301] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.390959][ T4301] Cannot create hsr debugfs directory [ 80.492651][ T4301] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.620776][ T9] ODEBUG: Out of memory. ODEBUG disabled [ 81.881294][ T4230] Bluetooth: hci0: command 0x0409 tx timeout [ 83.058717][ T4301] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.941775][ T4230] Bluetooth: hci0: command 0x041b tx timeout [ 84.217819][ T4301] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.289205][ T4301] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.405016][ T4301] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.424540][ T4301] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.434929][ T4301] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.445063][ T4301] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.513209][ T4301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.535260][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 84.543400][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.554424][ T4301] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.564941][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 84.574303][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 84.584691][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.592910][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.603741][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.624587][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 84.634157][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.643336][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.650634][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.659322][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 84.683391][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 84.697559][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 84.707265][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.726161][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.737062][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 84.746879][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.758892][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 84.768069][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.785788][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 84.796382][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.807168][ T4301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.829617][ T9] device hsr_slave_0 left promiscuous mode [ 84.836934][ T9] device hsr_slave_1 left promiscuous mode [ 84.846465][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.854410][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.866138][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 84.874210][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 84.885247][ T9] device bridge_slave_1 left promiscuous mode [ 84.893589][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.916689][ T9] device bridge_slave_0 left promiscuous mode [ 84.924230][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.943978][ T9] device veth1_macvtap left promiscuous mode [ 84.950891][ T9] device veth0_macvtap left promiscuous mode [ 84.957861][ T9] device veth1_vlan left promiscuous mode [ 84.964595][ T9] device veth0_vlan left promiscuous mode [ 85.116376][ T9] team0 (unregistering): Port device team_slave_1 removed [ 85.130628][ T9] team0 (unregistering): Port device team_slave_0 removed [ 85.145709][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 85.158855][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 85.215406][ T9] bond0 (unregistering): Released all slaves [ 85.368717][ T4301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.378144][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.386352][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.404119][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 85.414492][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 85.442906][ T4301] device veth0_vlan entered promiscuous mode [ 85.456611][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 85.466434][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.478239][ T4301] device veth1_vlan entered promiscuous mode [ 85.486678][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 85.495811][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.504583][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 85.536099][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 85.546752][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 85.556073][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 85.568326][ T4301] device veth0_macvtap entered promiscuous mode [ 85.579060][ T4301] device veth1_macvtap entered promiscuous mode [ 85.595977][ T4301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.604003][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 85.612838][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 85.621796][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.640287][ T4301] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.648829][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 85.658887][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 85.669745][ T4301] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.679017][ T4301] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.688253][ T4301] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.697269][ T4301] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.772714][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.781012][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.805842][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 85.827834][ T4294] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.837830][ T4294] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.848087][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 85.984464][ T4319] [ 85.986858][ T4319] ====================================================== [ 85.993904][ T4319] WARNING: possible circular locking dependency detected [ 86.001229][ T4319] syzkaller #0 Not tainted [ 86.005668][ T4319] ------------------------------------------------------ [ 86.012708][ T4319] syz.0.17/4319 is trying to acquire lock: [ 86.018540][ T4319] ffff88802419cc28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 86.029735][ T4319] [ 86.029735][ T4319] but task is already holding lock: [ 86.037214][ T4319] ffffffff8d4ba7e8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 86.047016][ T4319] [ 86.047016][ T4319] which lock already depends on the new lock. [ 86.047016][ T4319] [ 86.058165][ T4319] [ 86.058165][ T4319] the existing dependency chain (in reverse order) is: [ 86.067307][ T4319] [ 86.067307][ T4319] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 86.075339][ T4319] __mutex_lock_common+0x1eb/0x2390 [ 86.081198][ T4319] mutex_lock_nested+0x17/0x20 [ 86.086512][ T4319] rfkill_register+0x33/0x8a0 [ 86.091734][ T4319] hci_register_dev+0x452/0x970 [ 86.097130][ T4319] vhci_create_device+0x32c/0x5c0 [ 86.102721][ T4319] vhci_write+0x391/0x450 [ 86.107604][ T4319] vfs_write+0x712/0xd00 [ 86.112635][ T4319] ksys_write+0x14d/0x250 [ 86.117566][ T4319] do_syscall_64+0x4c/0xa0 [ 86.122543][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.129006][ T4319] [ 86.129006][ T4319] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 86.136860][ T4319] __mutex_lock_common+0x1eb/0x2390 [ 86.142635][ T4319] mutex_lock_nested+0x17/0x20 [ 86.148044][ T4319] vhci_send_frame+0x88/0x100 [ 86.153310][ T4319] hci_send_frame+0x1a9/0x2e0 [ 86.158541][ T4319] hci_tx_work+0x9f9/0x1710 [ 86.163599][ T4319] process_one_work+0x863/0x1000 [ 86.169099][ T4319] worker_thread+0xaa8/0x12a0 [ 86.174427][ T4319] kthread+0x436/0x520 [ 86.179040][ T4319] ret_from_fork+0x1f/0x30 [ 86.184053][ T4319] [ 86.184053][ T4319] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 86.193472][ T4319] __flush_work+0xdd/0x1b0 [ 86.198445][ T4319] hci_dev_do_close+0x1e7/0x1030 [ 86.203932][ T4319] hci_unregister_dev+0x2d7/0x580 [ 86.209507][ T4319] vhci_release+0x73/0xc0 [ 86.214397][ T4319] __fput+0x234/0x930 [ 86.219018][ T4319] task_work_run+0x125/0x1a0 [ 86.224275][ T4319] do_exit+0x61e/0x20a0 [ 86.228992][ T4319] do_group_exit+0x12e/0x300 [ 86.234145][ T4319] get_signal+0x6ca/0x12c0 [ 86.239115][ T4319] arch_do_signal_or_restart+0xc1/0x1300 [ 86.245323][ T4319] exit_to_user_mode_loop+0x9e/0x130 [ 86.251257][ T4319] exit_to_user_mode_prepare+0xee/0x180 [ 86.257362][ T4319] syscall_exit_to_user_mode+0x16/0x40 [ 86.263391][ T4319] do_syscall_64+0x58/0xa0 [ 86.268371][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.274822][ T4319] [ 86.274822][ T4319] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 86.282505][ T4319] __mutex_lock_common+0x1eb/0x2390 [ 86.288264][ T4319] mutex_lock_nested+0x17/0x20 [ 86.293583][ T4319] bg_scan_update+0x44/0x3b0 [ 86.298735][ T4319] process_one_work+0x863/0x1000 [ 86.304233][ T4319] worker_thread+0xaa8/0x12a0 [ 86.309562][ T4319] kthread+0x436/0x520 [ 86.314185][ T4319] ret_from_fork+0x1f/0x30 [ 86.319161][ T4319] [ 86.319161][ T4319] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 86.329235][ T4319] __lock_acquire+0x2c33/0x7c60 [ 86.334854][ T4319] lock_acquire+0x197/0x3f0 [ 86.340186][ T4319] __flush_work+0xdd/0x1b0 [ 86.345164][ T4319] __cancel_work_timer+0x3ac/0x520 [ 86.350834][ T4319] hci_request_cancel_all+0xcc/0x300 [ 86.356684][ T4319] hci_dev_do_close+0x4e/0x1030 [ 86.362120][ T4319] hci_rfkill_set_block+0x10a/0x190 [ 86.367877][ T4319] rfkill_set_block+0x1c6/0x420 [ 86.373276][ T4319] rfkill_fop_write+0x458/0x560 [ 86.378689][ T4319] vfs_write+0x300/0xd00 [ 86.383493][ T4319] ksys_write+0x14d/0x250 [ 86.388371][ T4319] do_syscall_64+0x4c/0xa0 [ 86.393337][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.399877][ T4319] [ 86.399877][ T4319] other info that might help us debug this: [ 86.399877][ T4319] [ 86.410128][ T4319] Chain exists of: [ 86.410128][ T4319] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 86.410128][ T4319] [ 86.426018][ T4319] Possible unsafe locking scenario: [ 86.426018][ T4319] [ 86.433579][ T4319] CPU0 CPU1 [ 86.438967][ T4319] ---- ---- [ 86.444357][ T4319] lock(rfkill_global_mutex); [ 86.449244][ T4319] lock(&data->open_mutex); [ 86.456387][ T4319] lock(rfkill_global_mutex); [ 86.463697][ T4319] lock((work_completion)(&hdev->bg_scan_update)); [ 86.470317][ T4319] [ 86.470317][ T4319] *** DEADLOCK *** [ 86.470317][ T4319] [ 86.478483][ T4319] 1 lock held by syz.0.17/4319: [ 86.483415][ T4319] #0: ffffffff8d4ba7e8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 86.493569][ T4319] [ 86.493569][ T4319] stack backtrace: [ 86.499491][ T4319] CPU: 1 PID: 4319 Comm: syz.0.17 Not tainted syzkaller #0 [ 86.506721][ T4319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 86.516912][ T4319] Call Trace: [ 86.520223][ T4319] [ 86.523176][ T4319] dump_stack_lvl+0x168/0x230 [ 86.527886][ T4319] ? load_image+0x3b0/0x3b0 [ 86.532448][ T4319] ? show_regs_print_info+0x20/0x20 [ 86.537705][ T4319] ? print_circular_bug+0x12b/0x1a0 [ 86.542933][ T4319] check_noncircular+0x274/0x310 [ 86.547903][ T4319] ? add_chain_block+0x940/0x940 [ 86.552871][ T4319] ? lockdep_lock+0xdc/0x1e0 [ 86.557501][ T4319] ? __lock_acquire+0x12d9/0x7c60 [ 86.562566][ T4319] ? lockdep_lock+0x1e0/0x1e0 [ 86.567279][ T4319] ? mark_lock+0x94/0x320 [ 86.571865][ T4319] __lock_acquire+0x2c33/0x7c60 [ 86.576886][ T4319] ? rcu_lock_release+0x5/0x20 [ 86.581894][ T4319] ? verify_lock_unused+0x140/0x140 [ 86.587149][ T4319] lock_acquire+0x197/0x3f0 [ 86.591781][ T4319] ? __flush_work+0xc1/0x1b0 [ 86.596587][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 86.602235][ T4319] ? read_lock_is_recursive+0x10/0x10 [ 86.609174][ T4319] ? start_flush_work+0x776/0x820 [ 86.614816][ T4319] __flush_work+0xdd/0x1b0 [ 86.619303][ T4319] ? __flush_work+0xc1/0x1b0 [ 86.623945][ T4319] ? flush_work+0x20/0x20 [ 86.628310][ T4319] ? try_to_grab_pending+0xf3/0x7e0 [ 86.633626][ T4319] ? lockdep_hardirqs_off+0x70/0x100 [ 86.639062][ T4319] ? mark_lock+0x94/0x320 [ 86.643639][ T4319] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 86.650089][ T4319] ? lock_chain_count+0x20/0x20 [ 86.654991][ T4319] ? mark_lock+0x94/0x320 [ 86.659720][ T4319] ? __cancel_work_timer+0x331/0x520 [ 86.665055][ T4319] __cancel_work_timer+0x3ac/0x520 [ 86.670237][ T4319] ? cancel_work_sync+0x20/0x20 [ 86.675247][ T4319] ? __cancel_work+0x1f4/0x2d0 [ 86.680195][ T4319] ? lockdep_hardirqs_on+0x94/0x140 [ 86.685567][ T4319] ? __cancel_work+0x26f/0x2d0 [ 86.690379][ T4319] ? cancel_work+0x20/0x20 [ 86.695136][ T4319] ? lock_chain_count+0x20/0x20 [ 86.700177][ T4319] hci_request_cancel_all+0xcc/0x300 [ 86.705537][ T4319] hci_dev_do_close+0x4e/0x1030 [ 86.710964][ T4319] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 86.717012][ T4319] ? _raw_spin_unlock+0x40/0x40 [ 86.722204][ T4319] hci_rfkill_set_block+0x10a/0x190 [ 86.727586][ T4319] ? rcu_lock_release+0x20/0x20 [ 86.732785][ T4319] rfkill_set_block+0x1c6/0x420 [ 86.738026][ T4319] rfkill_fop_write+0x458/0x560 [ 86.743162][ T4319] ? verify_lock_unused+0x140/0x140 [ 86.748614][ T4319] ? rfkill_fop_read+0x4b0/0x4b0 [ 86.753599][ T4319] ? common_file_perm+0xc0/0x1c0 [ 86.758805][ T4319] ? fsnotify_perm+0x5d/0x560 [ 86.763547][ T4319] ? security_file_permission+0x75/0xa0 [ 86.769159][ T4319] ? rfkill_fop_read+0x4b0/0x4b0 [ 86.774247][ T4319] vfs_write+0x300/0xd00 [ 86.778645][ T4319] ? file_end_write+0x250/0x250 [ 86.783549][ T4319] ? __context_tracking_exit+0x4c/0x80 [ 86.789178][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 86.794258][ T4319] ? __fdget_pos+0x1e2/0x370 [ 86.798906][ T4319] ksys_write+0x14d/0x250 [ 86.803272][ T4319] ? __ia32_sys_read+0x80/0x80 [ 86.808093][ T4319] ? lockdep_hardirqs_on+0x94/0x140 [ 86.813379][ T4319] do_syscall_64+0x4c/0xa0 [ 86.818035][ T4319] ? clear_bhb_loop+0x30/0x80 [ 86.822770][ T4319] ? clear_bhb_loop+0x30/0x80 [ 86.827484][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.833548][ T4319] RIP: 0033:0x7f8c177d5749 [ 86.838046][ T4319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.844039][ T1108] cfg80211: failed to load regulatory.db [ 86.858201][ T4319] RSP: 002b:00007fff7112df98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 86.858246][ T4319] RAX: ffffffffffffffda RBX: 00007f8c17a2bfa0 RCX: 00007f8c177d5749 [ 86.858261][ T4319] RDX: 0000000000000008 RSI: 00002000000001c0 RDI: 0000000000000003 [ 86.889085][ T4319] RBP: 00007f8c17859f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.897114][ T4319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.905401][ T4319] R13: 00007f8c17a2bfa0 R14: 00007f8c17a2bfa0 R15: 0000000000000003 [ 86.913524][ T4319] [ 86.926025][ T23] Bluetooth: hci0: command 0x040f tx timeout