Warning: Permanently added '10.128.1.233' (ED25519) to the list of known hosts. 2025/11/01 13:33:35 parsed 1 programs [ 55.083896][ T4187] cgroup: Unknown subsys name 'net' [ 55.224025][ T4187] cgroup: Unknown subsys name 'rlimit' [ 56.513377][ T4187] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 58.610789][ T4214] chnl_net:caif_netlink_parms(): no params data found [ 58.672344][ T4214] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.680350][ T4214] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.688503][ T4214] device bridge_slave_0 entered promiscuous mode [ 58.698687][ T4214] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.705987][ T4214] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.714120][ T4214] device bridge_slave_1 entered promiscuous mode [ 58.743803][ T4214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.755319][ T4214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.787721][ T4214] team0: Port device team_slave_0 added [ 58.796016][ T4214] team0: Port device team_slave_1 added [ 58.823789][ T4214] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.831035][ T4214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.858726][ T4214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.872064][ T4214] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.880417][ T4214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.907859][ T4214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.948102][ T4214] device hsr_slave_0 entered promiscuous mode [ 58.955419][ T4214] device hsr_slave_1 entered promiscuous mode [ 59.091245][ T4214] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.109506][ T4214] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.120969][ T4214] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.133461][ T4214] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.166864][ T4214] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.174361][ T4214] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.182504][ T4214] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.189701][ T4214] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.249737][ T4214] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.265683][ T1267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.280804][ T1267] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.291783][ T1267] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.300972][ T1267] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 59.315876][ T4214] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.327734][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.336936][ T145] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.344039][ T145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.357407][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.366101][ T145] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.373329][ T145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.397055][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.406542][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.442351][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.455905][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.476862][ T4214] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.488804][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.501568][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.578930][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.586441][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.599362][ T4214] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.617773][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 59.626600][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.643969][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 59.652939][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.663273][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.671980][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.682645][ T4214] device veth0_vlan entered promiscuous mode [ 59.694473][ T4214] device veth1_vlan entered promiscuous mode [ 59.725939][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 59.734617][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 59.743393][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.753850][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.764804][ T4214] device veth0_macvtap entered promiscuous mode [ 59.785515][ T4214] device veth1_macvtap entered promiscuous mode [ 59.800079][ T4214] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.807877][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 59.817605][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 59.826526][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 59.835891][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.847073][ T4214] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.855640][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.864657][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.887045][ T4214] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.896403][ T4214] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.905254][ T4214] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.914033][ T4214] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.063731][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.074755][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.089212][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 60.106465][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.115791][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.135463][ T1267] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.837368][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/11/01 13:33:44 executed programs: 0 [ 62.091509][ T4287] chnl_net:caif_netlink_parms(): no params data found [ 62.128090][ T4287] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.135491][ T4287] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.143393][ T4287] device bridge_slave_0 entered promiscuous mode [ 62.152307][ T4287] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.159731][ T4287] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.167744][ T4287] device bridge_slave_1 entered promiscuous mode [ 62.188739][ T4287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.200391][ T4287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.221679][ T4287] team0: Port device team_slave_0 added [ 62.229027][ T4287] team0: Port device team_slave_1 added [ 62.245240][ T4287] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.252240][ T4287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.278590][ T4287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.291133][ T4287] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.298105][ T4287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.324414][ T4287] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.351068][ T4287] device hsr_slave_0 entered promiscuous mode [ 62.358704][ T4287] device hsr_slave_1 entered promiscuous mode [ 62.365264][ T4287] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.373599][ T4287] Cannot create hsr debugfs directory [ 64.029176][ T4235] Bluetooth: hci0: command 0x0409 tx timeout [ 64.595680][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.663374][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.715638][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.587390][ T4287] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.602150][ T4287] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.611252][ T4287] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.623236][ T4287] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.713676][ T4287] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.726639][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.735065][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.745632][ T4287] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.760008][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.769592][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.777953][ T4244] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.785054][ T4244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.793424][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.818650][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.828288][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.838011][ T4244] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.845199][ T4244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.860702][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.869821][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.878550][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.887426][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.896353][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.909141][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.918245][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.929935][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.939386][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.970329][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 65.979029][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.990197][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.093844][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.102728][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.108580][ T4232] Bluetooth: hci0: command 0x041b tx timeout [ 66.115863][ T4287] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.149159][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.157970][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.194921][ T1267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.203949][ T1267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.213605][ T1267] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.221817][ T1267] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.231626][ T4287] device veth0_vlan entered promiscuous mode [ 66.251580][ T4287] device veth1_vlan entered promiscuous mode [ 66.282682][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.290949][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.300338][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.309090][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.319696][ T4287] device veth0_macvtap entered promiscuous mode [ 66.333898][ T4287] device veth1_macvtap entered promiscuous mode [ 66.347565][ T9] device hsr_slave_0 left promiscuous mode [ 66.354369][ T9] device hsr_slave_1 left promiscuous mode [ 66.361817][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 66.369317][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 66.377356][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 66.385131][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 66.393191][ T9] device bridge_slave_1 left promiscuous mode [ 66.400510][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.413593][ T9] device bridge_slave_0 left promiscuous mode [ 66.420183][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.437765][ T9] device veth1_macvtap left promiscuous mode [ 66.444907][ T9] device veth0_macvtap left promiscuous mode [ 66.451082][ T9] device veth1_vlan left promiscuous mode [ 66.457252][ T9] device veth0_vlan left promiscuous mode [ 66.597161][ T9] team0 (unregistering): Port device team_slave_1 removed [ 66.610251][ T9] team0 (unregistering): Port device team_slave_0 removed [ 66.625531][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 66.639657][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 66.691636][ T9] bond0 (unregistering): Released all slaves [ 66.746980][ T4287] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.757199][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.765616][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.773902][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.783202][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.794417][ T4287] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.804031][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.812864][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.824315][ T4287] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.833422][ T4287] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.842857][ T4287] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.851952][ T4287] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.923558][ T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.934332][ T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.947557][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.960224][ T4244] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.968998][ T4244] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.977712][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.112880][ T4363] [ 67.115454][ T4363] ====================================================== [ 67.122476][ T4363] WARNING: possible circular locking dependency detected [ 67.129493][ T4363] syzkaller #0 Not tainted [ 67.133956][ T4363] ------------------------------------------------------ [ 67.141037][ T4363] syz.0.17/4363 is trying to acquire lock: [ 67.146819][ T4363] ffff888025588c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 67.158389][ T4363] [ 67.158389][ T4363] but task is already holding lock: [ 67.166047][ T4363] ffffffff8d4c0f28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 67.176077][ T4363] [ 67.176077][ T4363] which lock already depends on the new lock. [ 67.176077][ T4363] [ 67.186833][ T4363] [ 67.186833][ T4363] the existing dependency chain (in reverse order) is: [ 67.195913][ T4363] [ 67.195913][ T4363] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 67.203969][ T4363] __mutex_lock_common+0x1eb/0x2390 [ 67.209675][ T4363] mutex_lock_nested+0x17/0x20 [ 67.215314][ T4363] rfkill_register+0x33/0x8a0 [ 67.220497][ T4363] hci_register_dev+0x452/0x970 [ 67.225853][ T4363] vhci_create_device+0x32c/0x5c0 [ 67.231377][ T4363] vhci_write+0x391/0x450 [ 67.236206][ T4363] vfs_write+0x712/0xd00 [ 67.240947][ T4363] ksys_write+0x14d/0x250 [ 67.245782][ T4363] do_syscall_64+0x4c/0xa0 [ 67.250707][ T4363] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.257127][ T4363] [ 67.257127][ T4363] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 67.264943][ T4363] __mutex_lock_common+0x1eb/0x2390 [ 67.270660][ T4363] mutex_lock_nested+0x17/0x20 [ 67.275952][ T4363] vhci_send_frame+0x88/0x100 [ 67.281230][ T4363] hci_send_frame+0x1a9/0x2e0 [ 67.286565][ T4363] hci_tx_work+0x9f9/0x1710 [ 67.291590][ T4363] process_one_work+0x863/0x1000 [ 67.297029][ T4363] worker_thread+0xaa8/0x12a0 [ 67.302203][ T4363] kthread+0x436/0x520 [ 67.306771][ T4363] ret_from_fork+0x1f/0x30 [ 67.311689][ T4363] [ 67.311689][ T4363] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 67.320905][ T4363] __flush_work+0xdd/0x1b0 [ 67.325910][ T4363] hci_dev_do_close+0x1e7/0x1030 [ 67.331348][ T4363] hci_unregister_dev+0x2d7/0x580 [ 67.336876][ T4363] vhci_release+0x73/0xc0 [ 67.341707][ T4363] __fput+0x234/0x930 [ 67.346281][ T4363] task_work_run+0x125/0x1a0 [ 67.351371][ T4363] do_exit+0x61e/0x20a0 [ 67.356050][ T4363] do_group_exit+0x12e/0x300 [ 67.361229][ T4363] get_signal+0x6ca/0x12c0 [ 67.366171][ T4363] arch_do_signal_or_restart+0xc1/0x1300 [ 67.372673][ T4363] exit_to_user_mode_loop+0x9e/0x130 [ 67.378459][ T4363] exit_to_user_mode_prepare+0xee/0x180 [ 67.384509][ T4363] syscall_exit_to_user_mode+0x16/0x40 [ 67.390472][ T4363] do_syscall_64+0x58/0xa0 [ 67.395391][ T4363] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.401879][ T4363] [ 67.401879][ T4363] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 67.410105][ T4363] __mutex_lock_common+0x1eb/0x2390 [ 67.415809][ T4363] mutex_lock_nested+0x17/0x20 [ 67.421162][ T4363] bg_scan_update+0x44/0x3b0 [ 67.426254][ T4363] process_one_work+0x863/0x1000 [ 67.431869][ T4363] worker_thread+0xaa8/0x12a0 [ 67.437148][ T4363] kthread+0x436/0x520 [ 67.441826][ T4363] ret_from_fork+0x1f/0x30 [ 67.446862][ T4363] [ 67.446862][ T4363] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 67.457757][ T4363] __lock_acquire+0x2c33/0x7c60 [ 67.463216][ T4363] lock_acquire+0x197/0x3f0 [ 67.468228][ T4363] __flush_work+0xdd/0x1b0 [ 67.473676][ T4363] __cancel_work_timer+0x3ac/0x520 [ 67.479597][ T4363] hci_request_cancel_all+0xcc/0x300 [ 67.485479][ T4363] hci_dev_do_close+0x4e/0x1030 [ 67.491098][ T4363] hci_rfkill_set_block+0x10a/0x190 [ 67.496959][ T4363] rfkill_set_block+0x1c6/0x420 [ 67.502592][ T4363] rfkill_fop_write+0x458/0x560 [ 67.507952][ T4363] vfs_write+0x300/0xd00 [ 67.512717][ T4363] ksys_write+0x14d/0x250 [ 67.517549][ T4363] do_syscall_64+0x4c/0xa0 [ 67.522471][ T4363] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.528870][ T4363] [ 67.528870][ T4363] other info that might help us debug this: [ 67.528870][ T4363] [ 67.539192][ T4363] Chain exists of: [ 67.539192][ T4363] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 67.539192][ T4363] [ 67.554918][ T4363] Possible unsafe locking scenario: [ 67.554918][ T4363] [ 67.563130][ T4363] CPU0 CPU1 [ 67.568581][ T4363] ---- ---- [ 67.574345][ T4363] lock(rfkill_global_mutex); [ 67.579094][ T4363] lock(&data->open_mutex); [ 67.586208][ T4363] lock(rfkill_global_mutex); [ 67.593485][ T4363] lock((work_completion)(&hdev->bg_scan_update)); [ 67.600055][ T4363] [ 67.600055][ T4363] *** DEADLOCK *** [ 67.600055][ T4363] [ 67.608285][ T4363] 1 lock held by syz.0.17/4363: [ 67.613236][ T4363] #0: ffffffff8d4c0f28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 67.623414][ T4363] [ 67.623414][ T4363] stack backtrace: [ 67.629306][ T4363] CPU: 1 PID: 4363 Comm: syz.0.17 Not tainted syzkaller #0 [ 67.636710][ T4363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 67.646895][ T4363] Call Trace: [ 67.650160][ T4363] [ 67.653074][ T4363] dump_stack_lvl+0x168/0x230 [ 67.658033][ T4363] ? load_image+0x3b0/0x3b0 [ 67.662550][ T4363] ? show_regs_print_info+0x20/0x20 [ 67.667849][ T4363] ? print_circular_bug+0x12b/0x1a0 [ 67.673233][ T4363] check_noncircular+0x274/0x310 [ 67.678245][ T4363] ? add_chain_block+0x940/0x940 [ 67.683250][ T4363] ? lockdep_lock+0xdc/0x1e0 [ 67.687831][ T4363] ? __lock_acquire+0x12d9/0x7c60 [ 67.692842][ T4363] ? lockdep_lock+0x1e0/0x1e0 [ 67.697606][ T4363] ? mark_lock+0x94/0x320 [ 67.701934][ T4363] ? _find_first_zero_bit+0xce/0xf0 [ 67.707128][ T4363] __lock_acquire+0x2c33/0x7c60 [ 67.712073][ T4363] ? verify_lock_unused+0x140/0x140 [ 67.717261][ T4363] ? verify_lock_unused+0x140/0x140 [ 67.722475][ T4363] lock_acquire+0x197/0x3f0 [ 67.727011][ T4363] ? __flush_work+0xc1/0x1b0 [ 67.732008][ T4363] ? __lock_acquire+0x7c60/0x7c60 [ 67.737298][ T4363] ? read_lock_is_recursive+0x10/0x10 [ 67.742875][ T4363] ? start_flush_work+0x776/0x820 [ 67.747909][ T4363] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 67.754325][ T4363] ? _raw_spin_unlock+0x40/0x40 [ 67.759569][ T4363] __flush_work+0xdd/0x1b0 [ 67.763978][ T4363] ? __flush_work+0xc1/0x1b0 [ 67.768648][ T4363] ? flush_work+0x20/0x20 [ 67.773233][ T4363] ? try_to_grab_pending+0xf3/0x7e0 [ 67.778782][ T4363] ? lockdep_hardirqs_off+0x70/0x100 [ 67.784058][ T4363] ? mark_lock+0x94/0x320 [ 67.788387][ T4363] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 67.794389][ T4363] ? lock_chain_count+0x20/0x20 [ 67.799246][ T4363] ? mark_lock+0x94/0x320 [ 67.803611][ T4363] ? __cancel_work_timer+0x331/0x520 [ 67.808879][ T4363] __cancel_work_timer+0x3ac/0x520 [ 67.813977][ T4363] ? cancel_work_sync+0x20/0x20 [ 67.818897][ T4363] ? __cancel_work+0x1f4/0x2d0 [ 67.823652][ T4363] ? lockdep_hardirqs_on+0x94/0x140 [ 67.828845][ T4363] ? __cancel_work+0x26f/0x2d0 [ 67.833632][ T4363] ? cancel_work+0x20/0x20 [ 67.838033][ T4363] ? lock_chain_count+0x20/0x20 [ 67.842880][ T4363] hci_request_cancel_all+0xcc/0x300 [ 67.848154][ T4363] hci_dev_do_close+0x4e/0x1030 [ 67.852990][ T4363] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 67.858877][ T4363] ? _raw_spin_unlock+0x40/0x40 [ 67.863743][ T4363] hci_rfkill_set_block+0x10a/0x190 [ 67.868953][ T4363] ? rcu_lock_release+0x20/0x20 [ 67.873790][ T4363] rfkill_set_block+0x1c6/0x420 [ 67.878733][ T4363] rfkill_fop_write+0x458/0x560 [ 67.883700][ T4363] ? verify_lock_unused+0x140/0x140 [ 67.888899][ T4363] ? rfkill_fop_read+0x4b0/0x4b0 [ 67.893839][ T4363] ? common_file_perm+0x130/0x1c0 [ 67.898852][ T4363] ? fsnotify_perm+0x5d/0x560 [ 67.903515][ T4363] ? security_file_permission+0x75/0xa0 [ 67.909045][ T4363] ? rfkill_fop_read+0x4b0/0x4b0 [ 67.913972][ T4363] vfs_write+0x300/0xd00 [ 67.918215][ T4363] ? file_end_write+0x250/0x250 [ 67.923068][ T4363] ? __context_tracking_exit+0x4c/0x80 [ 67.928608][ T4363] ? __lock_acquire+0x7c60/0x7c60 [ 67.933810][ T4363] ? __fdget_pos+0x1e2/0x370 [ 67.938394][ T4363] ksys_write+0x14d/0x250 [ 67.942711][ T4363] ? __ia32_sys_read+0x80/0x80 [ 67.947463][ T4363] ? lockdep_hardirqs_on+0x94/0x140 [ 67.952651][ T4363] do_syscall_64+0x4c/0xa0 [ 67.957082][ T4363] ? clear_bhb_loop+0x30/0x80 [ 67.961742][ T4363] ? clear_bhb_loop+0x30/0x80 [ 67.966402][ T4363] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.972382][ T4363] RIP: 0033:0x7fd9011b0fc9 [ 67.976783][ T4363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.996475][ T4363] RSP: 002b:00007ffd204fb538 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 68.004873][ T4363] RAX: ffffffffffffffda RBX: 00007fd901407fa0 RCX: 00007fd9011b0fc9 [ 68.012829][ T4363] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000003 [ 68.020821][ T4363] RBP: 00007fd901233f91 R08: 0000000000000000 R09: 0000000000000000 [ 68.028858][ T4363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.037088][ T4363] R13: 00007fd901407fa0 R14: 00007fd901407fa0 R15: 0000000000000003 [ 68.045062][ T4363]