Warning: Permanently added '10.128.1.189' (ED25519) to the list of known hosts. 2025/10/13 00:48:15 parsed 1 programs [ 73.050036][ T4188] cgroup: Unknown subsys name 'net' [ 73.199513][ T4188] cgroup: Unknown subsys name 'rlimit' [ 74.780142][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 77.431202][ T4232] chnl_net:caif_netlink_parms(): no params data found [ 77.500700][ T4232] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.509682][ T4232] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.519094][ T4232] device bridge_slave_0 entered promiscuous mode [ 77.530363][ T4232] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.538216][ T4232] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.547890][ T4232] device bridge_slave_1 entered promiscuous mode [ 77.580803][ T4232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.593565][ T4232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.629081][ T4232] team0: Port device team_slave_0 added [ 77.637832][ T4232] team0: Port device team_slave_1 added [ 77.665282][ T4232] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.673142][ T4232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.702004][ T4232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.715852][ T4232] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.724665][ T4232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.754553][ T4232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.799327][ T4232] device hsr_slave_0 entered promiscuous mode [ 77.808533][ T4232] device hsr_slave_1 entered promiscuous mode [ 77.962971][ T4232] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.976840][ T4232] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.989266][ T4232] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.999694][ T4232] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.034957][ T4232] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.042499][ T4232] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.050829][ T4232] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.058507][ T4232] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.124219][ T4232] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.139965][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.155769][ T156] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.167307][ T156] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.184209][ T4232] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.197424][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.207418][ T156] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.214664][ T156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.227742][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.238347][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.247022][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.269036][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.284993][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.295289][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.305775][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.325825][ T4232] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 78.336909][ T4232] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.355096][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.373550][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.394278][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.403276][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.418375][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.535793][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.544537][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.558435][ T4232] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.576732][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 78.586796][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.608386][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.618465][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.628313][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.636915][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.647849][ T4232] device veth0_vlan entered promiscuous mode [ 78.661217][ T4232] device veth1_vlan entered promiscuous mode [ 78.683664][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.692663][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 78.701378][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 78.711300][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.723310][ T4232] device veth0_macvtap entered promiscuous mode [ 78.749534][ T4232] device veth1_macvtap entered promiscuous mode [ 78.765564][ T4232] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.780328][ T4232] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.789064][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 78.798966][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 78.808030][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.817862][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.828049][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.837321][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.866886][ T4232] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.878250][ T4232] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.887694][ T4232] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.896801][ T4232] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.333386][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.342555][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.380847][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.390727][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.399734][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.410071][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/10/13 00:48:25 executed programs: 0 [ 81.172444][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.289900][ T4294] chnl_net:caif_netlink_parms(): no params data found [ 81.340454][ T4294] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.348887][ T4294] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.357390][ T4294] device bridge_slave_0 entered promiscuous mode [ 81.367884][ T4294] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.376019][ T4294] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.384362][ T4294] device bridge_slave_1 entered promiscuous mode [ 81.407874][ T4294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.419910][ T4294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.445585][ T4294] team0: Port device team_slave_0 added [ 81.454780][ T4294] team0: Port device team_slave_1 added [ 81.477846][ T4294] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.486289][ T4294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.515311][ T4294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.528965][ T4294] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.537719][ T4294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.565527][ T4294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.598782][ T4294] device hsr_slave_0 entered promiscuous mode [ 81.606745][ T4294] device hsr_slave_1 entered promiscuous mode [ 81.614843][ T4294] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.623777][ T4294] Cannot create hsr debugfs directory [ 83.242788][ T4271] Bluetooth: hci0: command 0x0409 tx timeout [ 83.972024][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.029077][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.100020][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.012036][ T4294] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.022557][ T4294] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.034394][ T4294] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.063396][ T4294] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.143189][ T4294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.162573][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 85.170817][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.182886][ T4294] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.208735][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 85.218007][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 85.226940][ T156] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.234328][ T156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.244322][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.256224][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 85.266309][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 85.275392][ T156] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.282953][ T156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.294903][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.322166][ T4244] Bluetooth: hci0: command 0x041b tx timeout [ 85.343735][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.354076][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 85.365487][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 85.379190][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 85.390280][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 85.404115][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 85.440336][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 85.450757][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.465339][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 85.475844][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.487667][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.635461][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.643570][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.657946][ T4294] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.679844][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 85.689198][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 85.723356][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 85.733983][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.754731][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 85.762930][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.772800][ T4294] device veth0_vlan entered promiscuous mode [ 85.784718][ T4294] device veth1_vlan entered promiscuous mode [ 85.810044][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 85.819941][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 85.828781][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 85.837957][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 85.852199][ T4294] device veth0_macvtap entered promiscuous mode [ 85.867953][ T9] device hsr_slave_0 left promiscuous mode [ 85.875080][ T9] device hsr_slave_1 left promiscuous mode [ 85.883980][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.891885][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 85.901409][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.909053][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 85.917233][ T9] device bridge_slave_1 left promiscuous mode [ 85.924884][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.939291][ T9] device bridge_slave_0 left promiscuous mode [ 85.947388][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.966159][ T9] device veth1_macvtap left promiscuous mode [ 85.972622][ T9] device veth0_macvtap left promiscuous mode [ 85.978964][ T9] device veth1_vlan left promiscuous mode [ 85.986477][ T9] device veth0_vlan left promiscuous mode [ 86.163651][ T9] team0 (unregistering): Port device team_slave_1 removed [ 86.183208][ T9] team0 (unregistering): Port device team_slave_0 removed [ 86.197432][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 86.213461][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 86.277512][ T9] bond0 (unregistering): Released all slaves [ 86.374196][ T4294] device veth1_macvtap entered promiscuous mode [ 86.386422][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 86.396546][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 86.412305][ T4294] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.419815][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 86.428839][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 86.440812][ T4294] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.454997][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 86.464957][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 86.482716][ T4294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.491480][ T4294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.501429][ T4294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.513502][ T4294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.565809][ T4245] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.584367][ T4245] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.616737][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 86.627468][ T156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.635965][ T156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.665271][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.768429][ T4350] [ 86.770821][ T4350] ====================================================== [ 86.778217][ T4350] WARNING: possible circular locking dependency detected [ 86.785707][ T4350] syzkaller #0 Not tainted [ 86.790328][ T4350] ------------------------------------------------------ [ 86.797848][ T4350] syz.0.17/4350 is trying to acquire lock: [ 86.803860][ T4350] ffff888076c68c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 86.815223][ T4350] [ 86.815223][ T4350] but task is already holding lock: [ 86.822861][ T4350] ffffffff8d4c0768 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 86.832951][ T4350] [ 86.832951][ T4350] which lock already depends on the new lock. [ 86.832951][ T4350] [ 86.842218][ T1325] cfg80211: failed to load regulatory.db [ 86.843823][ T4350] [ 86.843823][ T4350] the existing dependency chain (in reverse order) is: [ 86.843830][ T4350] [ 86.843830][ T4350] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 86.866961][ T4350] __mutex_lock_common+0x1eb/0x2390 [ 86.872813][ T4350] mutex_lock_nested+0x17/0x20 [ 86.878236][ T4350] rfkill_register+0x33/0x8a0 [ 86.883679][ T4350] hci_register_dev+0x452/0x970 [ 86.889262][ T4350] vhci_create_device+0x32c/0x5c0 [ 86.894942][ T4350] vhci_write+0x391/0x450 [ 86.900029][ T4350] vfs_write+0x712/0xd00 [ 86.905183][ T4350] ksys_write+0x14d/0x250 [ 86.910237][ T4350] do_syscall_64+0x4c/0xa0 [ 86.915737][ T4350] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.922814][ T4350] [ 86.922814][ T4350] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 86.930679][ T4350] __mutex_lock_common+0x1eb/0x2390 [ 86.936855][ T4350] mutex_lock_nested+0x17/0x20 [ 86.942457][ T4350] vhci_send_frame+0x88/0x100 [ 86.947766][ T4350] hci_send_frame+0x1a9/0x2e0 [ 86.952978][ T4350] hci_tx_work+0x9f9/0x1710 [ 86.958116][ T4350] process_one_work+0x863/0x1000 [ 86.964134][ T4350] worker_thread+0xaa8/0x12a0 [ 86.969517][ T4350] kthread+0x436/0x520 [ 86.974267][ T4350] ret_from_fork+0x1f/0x30 [ 86.979389][ T4350] [ 86.979389][ T4350] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 86.989082][ T4350] __flush_work+0xdd/0x1b0 [ 86.994462][ T4350] hci_dev_do_close+0x1e7/0x1030 [ 87.000140][ T4350] hci_unregister_dev+0x2d7/0x580 [ 87.005967][ T4350] vhci_release+0x73/0xc0 [ 87.010860][ T4350] __fput+0x234/0x930 [ 87.015501][ T4350] task_work_run+0x125/0x1a0 [ 87.021028][ T4350] do_exit+0x61e/0x20a0 [ 87.026148][ T4350] do_group_exit+0x12e/0x300 [ 87.031393][ T4350] get_signal+0x6ca/0x12c0 [ 87.036904][ T4350] arch_do_signal_or_restart+0xc1/0x1300 [ 87.043353][ T4350] exit_to_user_mode_loop+0x9e/0x130 [ 87.049513][ T4350] exit_to_user_mode_prepare+0xee/0x180 [ 87.055702][ T4350] syscall_exit_to_user_mode+0x16/0x40 [ 87.061998][ T4350] do_syscall_64+0x58/0xa0 [ 87.067139][ T4350] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.073679][ T4350] [ 87.073679][ T4350] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 87.083319][ T4350] __mutex_lock_common+0x1eb/0x2390 [ 87.089677][ T4350] mutex_lock_nested+0x17/0x20 [ 87.095243][ T4350] bg_scan_update+0x44/0x3b0 [ 87.100911][ T4350] process_one_work+0x863/0x1000 [ 87.107112][ T4350] worker_thread+0xaa8/0x12a0 [ 87.112654][ T4350] kthread+0x436/0x520 [ 87.117499][ T4350] ret_from_fork+0x1f/0x30 [ 87.122582][ T4350] [ 87.122582][ T4350] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 87.133132][ T4350] __lock_acquire+0x2c33/0x7c60 [ 87.138734][ T4350] lock_acquire+0x197/0x3f0 [ 87.143935][ T4350] __flush_work+0xdd/0x1b0 [ 87.149042][ T4350] __cancel_work_timer+0x3ac/0x520 [ 87.154883][ T4350] hci_request_cancel_all+0xcc/0x300 [ 87.160860][ T4350] hci_dev_do_close+0x4e/0x1030 [ 87.166273][ T4350] hci_rfkill_set_block+0x10a/0x190 [ 87.172280][ T4350] rfkill_set_block+0x1c6/0x420 [ 87.177815][ T4350] rfkill_fop_write+0x458/0x560 [ 87.183664][ T4350] vfs_write+0x300/0xd00 [ 87.188901][ T4350] ksys_write+0x14d/0x250 [ 87.193830][ T4350] do_syscall_64+0x4c/0xa0 [ 87.198978][ T4350] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.205626][ T4350] [ 87.205626][ T4350] other info that might help us debug this: [ 87.205626][ T4350] [ 87.215971][ T4350] Chain exists of: [ 87.215971][ T4350] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 87.215971][ T4350] [ 87.232364][ T4350] Possible unsafe locking scenario: [ 87.232364][ T4350] [ 87.241521][ T4350] CPU0 CPU1 [ 87.247477][ T4350] ---- ---- [ 87.253065][ T4350] lock(rfkill_global_mutex); [ 87.258037][ T4350] lock(&data->open_mutex); [ 87.265538][ T4350] lock(rfkill_global_mutex); [ 87.273057][ T4350] lock((work_completion)(&hdev->bg_scan_update)); [ 87.280408][ T4350] [ 87.280408][ T4350] *** DEADLOCK *** [ 87.280408][ T4350] [ 87.289503][ T4350] 1 lock held by syz.0.17/4350: [ 87.294482][ T4350] #0: ffffffff8d4c0768 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 87.305181][ T4350] [ 87.305181][ T4350] stack backtrace: [ 87.311512][ T4350] CPU: 1 PID: 4350 Comm: syz.0.17 Not tainted syzkaller #0 [ 87.319966][ T4350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 87.330709][ T4350] Call Trace: [ 87.334372][ T4350] [ 87.337447][ T4350] dump_stack_lvl+0x168/0x230 [ 87.342740][ T4350] ? load_image+0x3b0/0x3b0 [ 87.348052][ T4350] ? show_regs_print_info+0x20/0x20 [ 87.354417][ T4350] ? print_circular_bug+0x12b/0x1a0 [ 87.360625][ T4350] check_noncircular+0x274/0x310 [ 87.366279][ T4350] ? add_chain_block+0x940/0x940 [ 87.371715][ T4350] ? lockdep_lock+0xdc/0x1e0 [ 87.376534][ T4350] ? __lock_acquire+0x12d9/0x7c60 [ 87.381701][ T4350] ? lockdep_lock+0x1e0/0x1e0 [ 87.386863][ T4350] ? mark_lock+0x94/0x320 [ 87.391843][ T4350] ? _find_first_zero_bit+0xce/0xf0 [ 87.397329][ T4350] __lock_acquire+0x2c33/0x7c60 [ 87.403149][ T4350] ? verify_lock_unused+0x140/0x140 [ 87.408593][ T4350] ? verify_lock_unused+0x140/0x140 [ 87.414101][ T4350] lock_acquire+0x197/0x3f0 [ 87.418985][ T4350] ? __flush_work+0xc1/0x1b0 [ 87.423612][ T4350] ? __lock_acquire+0x7c60/0x7c60 [ 87.429207][ T4350] ? read_lock_is_recursive+0x10/0x10 [ 87.434626][ T4350] ? start_flush_work+0x776/0x820 [ 87.440050][ T4350] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 87.446938][ T4350] ? _raw_spin_unlock+0x40/0x40 [ 87.451936][ T4350] __flush_work+0xdd/0x1b0 [ 87.456593][ T4350] ? __flush_work+0xc1/0x1b0 [ 87.461715][ T4350] ? flush_work+0x20/0x20 [ 87.466167][ T4350] ? try_to_grab_pending+0xf3/0x7e0 [ 87.471952][ T4350] ? lockdep_hardirqs_off+0x70/0x100 [ 87.477550][ T4350] ? mark_lock+0x94/0x320 [ 87.482084][ T4350] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 87.488220][ T4350] ? lock_chain_count+0x20/0x20 [ 87.493149][ T4350] ? mark_lock+0x94/0x320 [ 87.497902][ T4350] ? __cancel_work_timer+0x331/0x520 [ 87.503993][ T4350] __cancel_work_timer+0x3ac/0x520 [ 87.509239][ T4350] ? cancel_work_sync+0x20/0x20 [ 87.514240][ T4350] ? __cancel_work+0x1f4/0x2d0 [ 87.519389][ T4350] ? lockdep_hardirqs_on+0x94/0x140 [ 87.524882][ T4350] ? __cancel_work+0x26f/0x2d0 [ 87.529891][ T4350] ? cancel_work+0x20/0x20 [ 87.534344][ T4350] ? lock_chain_count+0x20/0x20 [ 87.539498][ T4350] hci_request_cancel_all+0xcc/0x300 [ 87.545286][ T4350] hci_dev_do_close+0x4e/0x1030 [ 87.550179][ T4350] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 87.556202][ T4350] ? _raw_spin_unlock+0x40/0x40 [ 87.561176][ T4350] hci_rfkill_set_block+0x10a/0x190 [ 87.566423][ T4350] ? rcu_lock_release+0x20/0x20 [ 87.571486][ T4350] rfkill_set_block+0x1c6/0x420 [ 87.576838][ T4350] rfkill_fop_write+0x458/0x560 [ 87.581906][ T4350] ? verify_lock_unused+0x140/0x140 [ 87.587251][ T4350] ? rfkill_fop_read+0x4b0/0x4b0 [ 87.592232][ T4350] ? common_file_perm+0x140/0x1c0 [ 87.597411][ T4350] ? fsnotify_perm+0x5d/0x560 [ 87.602482][ T4350] ? security_file_permission+0x75/0xa0 [ 87.608449][ T4350] ? rfkill_fop_read+0x4b0/0x4b0 [ 87.613671][ T4350] vfs_write+0x300/0xd00 [ 87.617953][ T4350] ? file_end_write+0x250/0x250 [ 87.623299][ T4350] ? __context_tracking_exit+0x4c/0x80 [ 87.628987][ T4350] ? __lock_acquire+0x7c60/0x7c60 [ 87.634140][ T4350] ? __fdget_pos+0x1e2/0x370 [ 87.638953][ T4350] ksys_write+0x14d/0x250 [ 87.643379][ T4350] ? __ia32_sys_read+0x80/0x80 [ 87.648644][ T4350] ? lockdep_hardirqs_on+0x94/0x140 [ 87.653965][ T4350] do_syscall_64+0x4c/0xa0 [ 87.658421][ T4350] ? clear_bhb_loop+0x30/0x80 [ 87.663632][ T4350] ? clear_bhb_loop+0x30/0x80 [ 87.668728][ T4350] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.674774][ T4350] RIP: 0033:0x7fbd85880ec9 [ 87.679328][ T4350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.700701][ T4350] RSP: 002b:00007ffde5647488 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 87.710043][ T4350] RAX: ffffffffffffffda RBX: 00007fbd85ad7fa0 RCX: 00007fbd85880ec9 [ 87.718335][ T4350] RDX: 0000000000000008 RSI: 0000200000000040 RDI: 0000000000000003 [ 87.734418][ T4350] RBP: 00007fbd85903f91 R08: 0000000000000000 R09: 0000000000000000 [ 87.744019][ T4350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.752926][ T4350] R13: 00007fbd85ad7fa0 R14: 00007fbd85ad7fa0 R15: 0000000000000003 [ 87.761488][ T4350] [ 87.775057][ T4244] Bluetooth: hci0: command 0x040f tx timeout