Warning: Permanently added '10.128.0.20' (ED25519) to the list of known hosts. 2024/10/12 18:21:13 ignoring optional flag "sandboxArg"="0" 2024/10/12 18:21:14 parsed 1 programs syzkaller login: [ 56.526275][ T3567] cgroup: Unknown subsys name 'net' [ 56.659411][ T3567] cgroup: Unknown subsys name 'rlimit' [ 58.030519][ T3567] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 59.560413][ T3594] chnl_net:caif_netlink_parms(): no params data found [ 59.612494][ T3594] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.620403][ T3594] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.628457][ T3594] device bridge_slave_0 entered promiscuous mode [ 59.637370][ T3594] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.644563][ T3594] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.652358][ T3594] device bridge_slave_1 entered promiscuous mode [ 59.676313][ T3594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.687400][ T3594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.712718][ T3594] team0: Port device team_slave_0 added [ 59.719644][ T3594] team0: Port device team_slave_1 added [ 59.738574][ T3594] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.745742][ T3594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.771661][ T3594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.784504][ T3594] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.791440][ T3594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.817565][ T3594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.852841][ T3594] device hsr_slave_0 entered promiscuous mode [ 59.859554][ T3594] device hsr_slave_1 entered promiscuous mode [ 59.988036][ T3594] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.002865][ T3594] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.014349][ T3594] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.024349][ T3594] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.057308][ T3594] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.064577][ T3594] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.072305][ T3594] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.079412][ T3594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.149368][ T3594] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.164251][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.178154][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.187043][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.195920][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 60.210452][ T3594] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.222688][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.231230][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.238355][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.254372][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.264064][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.271168][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.294256][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.304857][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.327290][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.343442][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.352480][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.364702][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.462246][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 60.471174][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 60.487596][ T3594] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.508190][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 60.532162][ T3594] device veth0_vlan entered promiscuous mode [ 60.540827][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 60.550584][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 60.561323][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 60.575578][ T3594] device veth1_vlan entered promiscuous mode [ 60.598358][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 60.607479][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 60.620157][ T3594] device veth0_macvtap entered promiscuous mode [ 60.631289][ T3594] device veth1_macvtap entered promiscuous mode [ 60.650725][ T3594] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.659656][ T3601] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 60.668480][ T3601] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 60.676975][ T3601] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 60.686559][ T3601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 60.699379][ T3594] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.708605][ T3601] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 60.717891][ T3601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 60.729885][ T3594] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.739927][ T3594] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.749345][ T3594] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.759790][ T3594] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.903642][ T3594] syz-executor (3594) used greatest stack depth: 19128 bytes left [ 61.298089][ T154] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.363295][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.372847][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.384808][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.400693][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.408941][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.417694][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2024/10/12 18:21:22 executed programs: 0 [ 62.489274][ T3646] chnl_net:caif_netlink_parms(): no params data found [ 62.534659][ T3646] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.541755][ T3646] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.549764][ T3646] device bridge_slave_0 entered promiscuous mode [ 62.559181][ T3646] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.566767][ T3646] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.574737][ T3646] device bridge_slave_1 entered promiscuous mode [ 62.599797][ T3646] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.611552][ T3646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.636271][ T3646] team0: Port device team_slave_0 added [ 62.645928][ T3646] team0: Port device team_slave_1 added [ 62.664395][ T3646] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.671349][ T3646] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.698098][ T3646] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.710284][ T3646] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.717553][ T3646] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.743769][ T3646] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.774671][ T3646] device hsr_slave_0 entered promiscuous mode [ 62.781317][ T3646] device hsr_slave_1 entered promiscuous mode [ 62.788391][ T3646] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.796407][ T3646] Cannot create hsr debugfs directory [ 64.129369][ T154] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.483267][ T1074] Bluetooth: hci0: command 0x0409 tx timeout [ 66.138619][ T154] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.210867][ T154] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.553619][ T3572] Bluetooth: hci0: command 0x041b tx timeout [ 67.126283][ T3646] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 67.137354][ T3646] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 67.158489][ T3646] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 67.168155][ T3646] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 67.259415][ T3646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.301653][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.310396][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.320070][ T3646] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.330376][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 67.339533][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.348646][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.355744][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.365312][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 67.392884][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.401434][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.410236][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.417310][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.435979][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 67.444870][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 67.453911][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 67.462520][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.474350][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 67.483220][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.491606][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 67.503166][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 67.511488][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.539725][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 67.548352][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.558668][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 67.630982][ T154] device hsr_slave_0 left promiscuous mode [ 67.638281][ T154] device hsr_slave_1 left promiscuous mode [ 67.645901][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 67.653653][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 67.661597][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 67.669539][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 67.677870][ T154] device bridge_slave_1 left promiscuous mode [ 67.684899][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.697919][ T154] device bridge_slave_0 left promiscuous mode [ 67.704945][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.722237][ T154] device veth1_macvtap left promiscuous mode [ 67.728673][ T154] device veth0_macvtap left promiscuous mode [ 67.735151][ T154] device veth1_vlan left promiscuous mode [ 67.741010][ T154] device veth0_vlan left promiscuous mode [ 67.889860][ T154] team0 (unregistering): Port device team_slave_1 removed [ 67.901544][ T154] team0 (unregistering): Port device team_slave_0 removed [ 67.922823][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 67.937299][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 67.991278][ T154] bond0 (unregistering): Released all slaves [ 68.069395][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.077580][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.089450][ T3646] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.128546][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 68.137520][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 68.148542][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 68.156943][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 68.165828][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 68.174317][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 68.184328][ T3646] device veth0_vlan entered promiscuous mode [ 68.197956][ T3646] device veth1_vlan entered promiscuous mode [ 68.221105][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 68.229346][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 68.237783][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 68.246351][ T1136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 68.258468][ T3646] device veth0_macvtap entered promiscuous mode [ 68.268263][ T3646] device veth1_macvtap entered promiscuous mode [ 68.285098][ T3646] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.292377][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 68.300849][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 68.309038][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 68.319556][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.330791][ T3646] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.340388][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 68.349400][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.360205][ T3646] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.369499][ T3646] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.378570][ T3646] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.387498][ T3646] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.452800][ T3601] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.460961][ T3601] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.478068][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.502390][ T3601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.512918][ T3601] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.522197][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.633101][ T1074] Bluetooth: hci0: command 0x040f tx timeout [ 68.718102][ T3727] [ 68.720454][ T3727] ====================================================== [ 68.727473][ T3727] WARNING: possible circular locking dependency detected [ 68.734578][ T3727] 5.15.167-syzkaller #0 Not tainted [ 68.739783][ T3727] ------------------------------------------------------ [ 68.746799][ T3727] syz.0.15/3727 is trying to acquire lock: [ 68.752603][ T3727] ffff8880236a0c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 68.763695][ T3727] [ 68.763695][ T3727] but task is already holding lock: [ 68.771057][ T3727] ffffffff8dcbde48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 68.780736][ T3727] [ 68.780736][ T3727] which lock already depends on the new lock. [ 68.780736][ T3727] [ 68.791156][ T3727] [ 68.791156][ T3727] the existing dependency chain (in reverse order) is: [ 68.800170][ T3727] [ 68.800170][ T3727] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 68.808181][ T3727] lock_acquire+0x1db/0x4f0 [ 68.813225][ T3727] __mutex_lock_common+0x1da/0x25a0 [ 68.818979][ T3727] mutex_lock_nested+0x17/0x20 [ 68.824293][ T3727] rfkill_register+0x30/0x880 [ 68.829500][ T3727] hci_register_dev+0x4dd/0xa50 [ 68.834883][ T3727] vhci_create_device+0x310/0x590 [ 68.840442][ T3727] vhci_write+0x382/0x430 [ 68.845320][ T3727] vfs_write+0xacd/0xe50 [ 68.850126][ T3727] ksys_write+0x1a2/0x2c0 [ 68.854986][ T3727] do_syscall_64+0x3b/0xb0 [ 68.859932][ T3727] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 68.866356][ T3727] [ 68.866356][ T3727] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 68.874162][ T3727] lock_acquire+0x1db/0x4f0 [ 68.879188][ T3727] __mutex_lock_common+0x1da/0x25a0 [ 68.884907][ T3727] mutex_lock_nested+0x17/0x20 [ 68.890193][ T3727] vhci_send_frame+0x8a/0xf0 [ 68.895308][ T3727] hci_send_frame+0x1af/0x2f0 [ 68.900509][ T3727] hci_tx_work+0xb2e/0x1a30 [ 68.905540][ T3727] process_one_work+0x8a1/0x10c0 [ 68.911003][ T3727] worker_thread+0xaca/0x1280 [ 68.916200][ T3727] kthread+0x3f6/0x4f0 [ 68.920790][ T3727] ret_from_fork+0x1f/0x30 [ 68.925728][ T3727] [ 68.925728][ T3727] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 68.934941][ T3727] lock_acquire+0x1db/0x4f0 [ 68.939967][ T3727] __flush_work+0xeb/0x1a0 [ 68.944904][ T3727] hci_dev_do_close+0x20a/0x1070 [ 68.950369][ T3727] hci_unregister_dev+0x2d7/0x580 [ 68.955916][ T3727] vhci_release+0x73/0xc0 [ 68.960859][ T3727] __fput+0x3fe/0x8e0 [ 68.965363][ T3727] task_work_run+0x129/0x1a0 [ 68.970479][ T3727] do_exit+0x6a3/0x2480 [ 68.975162][ T3727] do_group_exit+0x144/0x310 [ 68.980273][ T3727] get_signal+0xc66/0x14e0 [ 68.985207][ T3727] arch_do_signal_or_restart+0xc3/0x1890 [ 68.991364][ T3727] exit_to_user_mode_loop+0x97/0x130 [ 68.997167][ T3727] exit_to_user_mode_prepare+0xb1/0x140 [ 69.003235][ T3727] syscall_exit_to_user_mode+0x5d/0x240 [ 69.009310][ T3727] do_syscall_64+0x47/0xb0 [ 69.014291][ T3727] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 69.020938][ T3727] [ 69.020938][ T3727] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 69.028591][ T3727] lock_acquire+0x1db/0x4f0 [ 69.033621][ T3727] __mutex_lock_common+0x1da/0x25a0 [ 69.039347][ T3727] mutex_lock_nested+0x17/0x20 [ 69.044629][ T3727] bg_scan_update+0xa1/0x4a0 [ 69.049855][ T3727] process_one_work+0x8a1/0x10c0 [ 69.055324][ T3727] worker_thread+0xaca/0x1280 [ 69.060531][ T3727] kthread+0x3f6/0x4f0 [ 69.065135][ T3727] ret_from_fork+0x1f/0x30 [ 69.070080][ T3727] [ 69.070080][ T3727] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 69.079902][ T3727] validate_chain+0x1649/0x5930 [ 69.085279][ T3727] __lock_acquire+0x1295/0x1ff0 [ 69.090649][ T3727] lock_acquire+0x1db/0x4f0 [ 69.095673][ T3727] __flush_work+0xeb/0x1a0 [ 69.100615][ T3727] __cancel_work_timer+0x519/0x6a0 [ 69.106254][ T3727] hci_request_cancel_all+0xcb/0x300 [ 69.112071][ T3727] hci_dev_do_close+0x51/0x1070 [ 69.117458][ T3727] hci_rfkill_set_block+0x114/0x1a0 [ 69.123190][ T3727] rfkill_set_block+0x1e7/0x430 [ 69.128568][ T3727] rfkill_fop_write+0x5b7/0x790 [ 69.133948][ T3727] vfs_write+0x30c/0xe50 [ 69.138824][ T3727] ksys_write+0x1a2/0x2c0 [ 69.143679][ T3727] do_syscall_64+0x3b/0xb0 [ 69.148628][ T3727] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 69.155300][ T3727] [ 69.155300][ T3727] other info that might help us debug this: [ 69.155300][ T3727] [ 69.165531][ T3727] Chain exists of: [ 69.165531][ T3727] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 69.165531][ T3727] [ 69.181256][ T3727] Possible unsafe locking scenario: [ 69.181256][ T3727] [ 69.188864][ T3727] CPU0 CPU1 [ 69.194215][ T3727] ---- ---- [ 69.199573][ T3727] lock(rfkill_global_mutex); [ 69.204431][ T3727] lock(&data->open_mutex); [ 69.211535][ T3727] lock(rfkill_global_mutex); [ 69.218810][ T3727] lock((work_completion)(&hdev->bg_scan_update)); [ 69.225388][ T3727] [ 69.225388][ T3727] *** DEADLOCK *** [ 69.225388][ T3727] [ 69.233519][ T3727] 1 lock held by syz.0.15/3727: [ 69.238364][ T3727] #0: ffffffff8dcbde48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 69.248547][ T3727] [ 69.248547][ T3727] stack backtrace: [ 69.254434][ T3727] CPU: 0 PID: 3727 Comm: syz.0.15 Not tainted 5.15.167-syzkaller #0 [ 69.262406][ T3727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 69.272456][ T3727] Call Trace: [ 69.275726][ T3727] [ 69.278650][ T3727] dump_stack_lvl+0x1e3/0x2d0 [ 69.283321][ T3727] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 69.288954][ T3727] ? print_circular_bug+0x12b/0x1a0 [ 69.294146][ T3727] check_noncircular+0x2f8/0x3b0 [ 69.299090][ T3727] ? add_chain_block+0x850/0x850 [ 69.304027][ T3727] ? lockdep_lock+0x11f/0x2a0 [ 69.308719][ T3727] validate_chain+0x1649/0x5930 [ 69.313575][ T3727] ? __lock_acquire+0x1295/0x1ff0 [ 69.318594][ T3727] ? reacquire_held_locks+0x660/0x660 [ 69.323965][ T3727] ? mark_lock+0x98/0x340 [ 69.328293][ T3727] ? look_up_lock_class+0x77/0x120 [ 69.333408][ T3727] ? register_lock_class+0x100/0x9a0 [ 69.338691][ T3727] ? mark_lock+0x98/0x340 [ 69.343014][ T3727] ? is_dynamic_key+0x1f0/0x1f0 [ 69.347857][ T3727] ? __lock_acquire+0x1295/0x1ff0 [ 69.352883][ T3727] ? mark_lock+0x98/0x340 [ 69.357215][ T3727] __lock_acquire+0x1295/0x1ff0 [ 69.362073][ T3727] lock_acquire+0x1db/0x4f0 [ 69.366654][ T3727] ? __flush_work+0xcf/0x1a0 [ 69.371236][ T3727] ? rcu_lock_release+0x5/0x20 [ 69.375990][ T3727] ? read_lock_is_recursive+0x10/0x10 [ 69.381353][ T3727] ? start_flush_work+0x776/0x820 [ 69.386376][ T3727] __flush_work+0xeb/0x1a0 [ 69.390784][ T3727] ? __flush_work+0xcf/0x1a0 [ 69.395364][ T3727] ? flush_work+0x20/0x20 [ 69.399711][ T3727] ? print_irqtrace_events+0x210/0x210 [ 69.405158][ T3727] ? lock_timer_base+0x260/0x260 [ 69.410218][ T3727] ? __cancel_work_timer+0x467/0x6a0 [ 69.415512][ T3727] __cancel_work_timer+0x519/0x6a0 [ 69.420655][ T3727] ? cancel_work_sync+0x20/0x20 [ 69.425501][ T3727] ? lockdep_hardirqs_on+0x94/0x130 [ 69.430696][ T3727] ? __cancel_work+0x2ef/0x380 [ 69.435464][ T3727] ? cancel_work+0x20/0x20 [ 69.439868][ T3727] ? print_irqtrace_events+0x210/0x210 [ 69.445316][ T3727] hci_request_cancel_all+0xcb/0x300 [ 69.450596][ T3727] hci_dev_do_close+0x51/0x1070 [ 69.455439][ T3727] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 69.461337][ T3727] ? _raw_spin_unlock+0x40/0x40 [ 69.466178][ T3727] ? kmem_cache_alloc_trace+0x143/0x290 [ 69.471711][ T3727] hci_rfkill_set_block+0x114/0x1a0 [ 69.476915][ T3727] ? rcu_lock_release+0x20/0x20 [ 69.481754][ T3727] rfkill_set_block+0x1e7/0x430 [ 69.486610][ T3727] rfkill_fop_write+0x5b7/0x790 [ 69.491446][ T3727] ? mark_lock+0x98/0x340 [ 69.495765][ T3727] ? rfkill_fop_read+0x470/0x470 [ 69.500706][ T3727] ? fsnotify_perm+0x64/0x590 [ 69.505459][ T3727] ? security_file_permission+0x75/0xa0 [ 69.511011][ T3727] ? rfkill_fop_read+0x470/0x470 [ 69.515932][ T3727] vfs_write+0x30c/0xe50 [ 69.520164][ T3727] ? file_end_write+0x250/0x250 [ 69.525003][ T3727] ? read_lock_is_recursive+0x10/0x10 [ 69.530368][ T3727] ? __context_tracking_exit+0x4c/0x80 [ 69.535817][ T3727] ? __lock_acquire+0x1ff0/0x1ff0 [ 69.540825][ T3727] ? __fdget_pos+0x1e9/0x380 [ 69.545412][ T3727] ksys_write+0x1a2/0x2c0 [ 69.549738][ T3727] ? print_irqtrace_events+0x210/0x210 [ 69.555194][ T3727] ? __ia32_sys_read+0x80/0x80 [ 69.559945][ T3727] ? syscall_enter_from_user_mode+0x2e/0x240 [ 69.565930][ T3727] ? lockdep_hardirqs_on+0x94/0x130 [ 69.571112][ T3727] ? syscall_enter_from_user_mode+0x2e/0x240 [ 69.577086][ T3727] do_syscall_64+0x3b/0xb0 [ 69.581501][ T3727] ? clear_bhb_loop+0x15/0x70 [ 69.586171][ T3727] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 69.592053][ T3727] RIP: 0033:0x7f84c2f53ff9 [ 69.596454][ T3727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.616050][ T3727] RSP: 002b:00007fff09eb7788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 69.624447][ T3727] RAX: ffffffffffffffda RBX: 00007f84c310bf80 RCX: 00007f84c2f53ff9 [ 69.632405][ T3727] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003 [ 69.640358][ T3727] RBP: 00007f84c2fc6296 R08: 0000000000000000 R09: 0000000000000000 [ 69.648318][ T3727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.656283][ T3727] R13: 00007f84c310bf80 R14: 00007f84c310bf80 R15: 00000000000014d4 [ 69.664253][ T3727]