Warning: Permanently added '10.128.0.32' (ED25519) to the list of known hosts. 2025/10/13 01:09:18 parsed 1 programs [ 74.139090][ T4191] cgroup: Unknown subsys name 'net' [ 74.303646][ T4191] cgroup: Unknown subsys name 'rlimit' [ 76.018103][ T4191] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 78.718765][ T4228] chnl_net:caif_netlink_parms(): no params data found [ 78.803772][ T4228] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.814102][ T4228] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.824062][ T4228] device bridge_slave_0 entered promiscuous mode [ 78.837793][ T4228] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.848261][ T4228] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.858858][ T4228] device bridge_slave_1 entered promiscuous mode [ 78.893264][ T4228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.910684][ T4228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.947986][ T4228] team0: Port device team_slave_0 added [ 78.958090][ T4228] team0: Port device team_slave_1 added [ 78.990287][ T4228] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.998165][ T4228] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.029265][ T4228] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.043706][ T4228] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.052304][ T4228] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.081243][ T4228] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.128529][ T4228] device hsr_slave_0 entered promiscuous mode [ 79.138325][ T4228] device hsr_slave_1 entered promiscuous mode [ 79.296138][ T4228] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.310405][ T4228] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.323610][ T4228] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.337343][ T4228] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.382331][ T4228] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.390182][ T4228] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.399774][ T4228] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.407752][ T4228] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.478367][ T4228] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.494354][ T1470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.508063][ T1470] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.520032][ T1470] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.530998][ T1470] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 79.546962][ T4228] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.563936][ T1470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.584438][ T1470] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.592409][ T1470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.631655][ T1470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.648247][ T1470] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.655852][ T1470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.675422][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 79.685724][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 79.709914][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 79.725679][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.744922][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.753998][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 79.765527][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.777536][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 79.790141][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.805766][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 79.815833][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.828832][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.930976][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.939788][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 79.955798][ T4228] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.990899][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 80.003322][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 80.025378][ T4228] device veth0_vlan entered promiscuous mode [ 80.035464][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 80.045191][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 80.055730][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 80.065145][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 80.080022][ T4228] device veth1_vlan entered promiscuous mode [ 80.114723][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 80.124434][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 80.133334][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 80.143157][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 80.158192][ T4228] device veth0_macvtap entered promiscuous mode [ 80.179479][ T4228] device veth1_macvtap entered promiscuous mode [ 80.196672][ T4228] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.204636][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 80.213866][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 80.223273][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 80.235503][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 80.251037][ T4228] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.275474][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 80.286970][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 80.299832][ T4228] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.309749][ T4228] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.321340][ T4228] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.332284][ T4228] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.934043][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.956200][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.970560][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.978273][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 81.986133][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.002611][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 82.530240][ T154] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/10/13 01:09:29 executed programs: 0 [ 82.777359][ T4294] chnl_net:caif_netlink_parms(): no params data found [ 82.826764][ T4294] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.836561][ T4294] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.845410][ T4294] device bridge_slave_0 entered promiscuous mode [ 82.855611][ T4294] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.864259][ T4294] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.874166][ T4294] device bridge_slave_1 entered promiscuous mode [ 82.899155][ T4294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.912722][ T4294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.943330][ T4294] team0: Port device team_slave_0 added [ 82.952525][ T4294] team0: Port device team_slave_1 added [ 82.979292][ T4294] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.987966][ T4294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.017713][ T4294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.031480][ T4294] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.040031][ T4294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.068941][ T4294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.104605][ T4294] device hsr_slave_0 entered promiscuous mode [ 83.114512][ T4294] device hsr_slave_1 entered promiscuous mode [ 83.124427][ T4294] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.134692][ T4294] Cannot create hsr debugfs directory [ 84.717149][ T1110] Bluetooth: hci0: command 0x0409 tx timeout [ 85.513110][ T154] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.583842][ T154] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.654836][ T154] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.483081][ T4294] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.495250][ T4294] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.507739][ T4294] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.520041][ T4294] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.625211][ T4294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.640488][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.648939][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.660779][ T4294] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.690510][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.700015][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.710599][ T4287] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.719291][ T4287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.729708][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 86.751941][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.763207][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.773740][ T1235] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.783734][ T1235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.793714][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 86.810092][ T7] cfg80211: failed to load regulatory.db [ 86.816015][ T4317] Bluetooth: hci0: command 0x041b tx timeout [ 86.886226][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 86.899886][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 86.917695][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.929726][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.940970][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.952389][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 86.969993][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 86.981187][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 86.995795][ T4294] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.011448][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 87.021845][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 87.034393][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 87.235908][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 87.247639][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 87.263328][ T4294] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.315491][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 87.327461][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 87.382846][ T4294] device veth0_vlan entered promiscuous mode [ 87.393283][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 87.405259][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 87.427540][ T4294] device veth1_vlan entered promiscuous mode [ 87.434794][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 87.443123][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 87.452713][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 87.494434][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 87.505080][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 87.515375][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 87.529483][ T4294] device veth0_macvtap entered promiscuous mode [ 87.545527][ T4294] device veth1_macvtap entered promiscuous mode [ 87.574086][ T4294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.585649][ T4294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.598799][ T4294] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.609890][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 87.618924][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 87.629020][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 87.639296][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 87.653619][ T4294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.666906][ T4294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.681605][ T4294] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.696342][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 87.710428][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 87.727341][ T154] device hsr_slave_0 left promiscuous mode [ 87.740062][ T154] device hsr_slave_1 left promiscuous mode [ 87.749927][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 87.759691][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 87.775407][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 87.787140][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 87.797271][ T154] device bridge_slave_1 left promiscuous mode [ 87.808442][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.824726][ T154] device bridge_slave_0 left promiscuous mode [ 87.834443][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.856899][ T154] device veth1_macvtap left promiscuous mode [ 87.864468][ T154] device veth0_macvtap left promiscuous mode [ 87.871411][ T154] device veth1_vlan left promiscuous mode [ 87.879092][ T154] device veth0_vlan left promiscuous mode [ 88.075619][ T154] team0 (unregistering): Port device team_slave_1 removed [ 88.091537][ T154] team0 (unregistering): Port device team_slave_0 removed [ 88.109234][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 88.126131][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 88.198154][ T154] bond0 (unregistering): Released all slaves [ 88.272455][ T4294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.283745][ T4294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.294897][ T4294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.304890][ T4294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.409216][ T1235] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.421215][ T1235] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.434170][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 88.454864][ T1235] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.464066][ T1235] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.502507][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 88.627517][ T4348] [ 88.630003][ T4348] ====================================================== [ 88.638321][ T4348] WARNING: possible circular locking dependency detected [ 88.645586][ T4348] syzkaller #0 Not tainted [ 88.650373][ T4348] ------------------------------------------------------ [ 88.658375][ T4348] syz.0.17/4348 is trying to acquire lock: [ 88.665141][ T4348] ffff88802639cc28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 88.677843][ T4348] [ 88.677843][ T4348] but task is already holding lock: [ 88.686033][ T4348] ffffffff8d4c0768 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 88.697385][ T4348] [ 88.697385][ T4348] which lock already depends on the new lock. [ 88.697385][ T4348] [ 88.709319][ T4348] [ 88.709319][ T4348] the existing dependency chain (in reverse order) is: [ 88.720378][ T4348] [ 88.720378][ T4348] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 88.729987][ T4348] __mutex_lock_common+0x1eb/0x2390 [ 88.736965][ T4348] mutex_lock_nested+0x17/0x20 [ 88.743747][ T4348] rfkill_register+0x33/0x8a0 [ 88.750294][ T4348] hci_register_dev+0x452/0x970 [ 88.756921][ T4348] vhci_create_device+0x32c/0x5c0 [ 88.763804][ T4348] vhci_write+0x391/0x450 [ 88.769695][ T4348] vfs_write+0x712/0xd00 [ 88.776487][ T4348] ksys_write+0x14d/0x250 [ 88.786665][ T4348] do_syscall_64+0x4c/0xa0 [ 88.794492][ T4348] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.803221][ T4348] [ 88.803221][ T4348] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 88.812093][ T4348] __mutex_lock_common+0x1eb/0x2390 [ 88.819053][ T4348] mutex_lock_nested+0x17/0x20 [ 88.829777][ T4348] vhci_send_frame+0x88/0x100 [ 88.835784][ T4348] hci_send_frame+0x1a9/0x2e0 [ 88.842355][ T4348] hci_tx_work+0x9f9/0x1710 [ 88.848778][ T4348] process_one_work+0x863/0x1000 [ 88.855631][ T4348] worker_thread+0xaa8/0x12a0 [ 88.861303][ T4348] kthread+0x436/0x520 [ 88.867371][ T4348] ret_from_fork+0x1f/0x30 [ 88.873301][ T4348] [ 88.873301][ T4348] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 88.885427][ T4348] __flush_work+0xdd/0x1b0 [ 88.887112][ T4316] Bluetooth: hci0: command 0x040f tx timeout [ 88.890917][ T4348] hci_dev_do_close+0x1e7/0x1030 [ 88.903984][ T4348] hci_unregister_dev+0x2d7/0x580 [ 88.910757][ T4348] vhci_release+0x73/0xc0 [ 88.916156][ T4348] __fput+0x234/0x930 [ 88.921159][ T4348] task_work_run+0x125/0x1a0 [ 88.926876][ T4348] do_exit+0x61e/0x20a0 [ 88.932716][ T4348] do_group_exit+0x12e/0x300 [ 88.938754][ T4348] get_signal+0x6ca/0x12c0 [ 88.944604][ T4348] arch_do_signal_or_restart+0xc1/0x1300 [ 88.951127][ T4348] exit_to_user_mode_loop+0x9e/0x130 [ 88.960625][ T4348] exit_to_user_mode_prepare+0xee/0x180 [ 88.969719][ T4348] syscall_exit_to_user_mode+0x16/0x40 [ 88.976436][ T4348] do_syscall_64+0x58/0xa0 [ 88.982061][ T4348] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.988707][ T4348] [ 88.988707][ T4348] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 88.997375][ T4348] __mutex_lock_common+0x1eb/0x2390 [ 89.003504][ T4348] mutex_lock_nested+0x17/0x20 [ 89.009315][ T4348] bg_scan_update+0x44/0x3b0 [ 89.014697][ T4348] process_one_work+0x863/0x1000 [ 89.020692][ T4348] worker_thread+0xaa8/0x12a0 [ 89.026286][ T4348] kthread+0x436/0x520 [ 89.031202][ T4348] ret_from_fork+0x1f/0x30 [ 89.036761][ T4348] [ 89.036761][ T4348] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 89.047837][ T4348] __lock_acquire+0x2c33/0x7c60 [ 89.054225][ T4348] lock_acquire+0x197/0x3f0 [ 89.059678][ T4348] __flush_work+0xdd/0x1b0 [ 89.065598][ T4348] __cancel_work_timer+0x3ac/0x520 [ 89.072023][ T4348] hci_request_cancel_all+0xcc/0x300 [ 89.079151][ T4348] hci_dev_do_close+0x4e/0x1030 [ 89.084777][ T4348] hci_rfkill_set_block+0x10a/0x190 [ 89.091268][ T4348] rfkill_set_block+0x1c6/0x420 [ 89.098161][ T4348] rfkill_fop_write+0x458/0x560 [ 89.104678][ T4348] do_iter_write+0x3e4/0x7b0 [ 89.110175][ T4348] do_writev+0x254/0x410 [ 89.115161][ T4348] do_syscall_64+0x4c/0xa0 [ 89.120901][ T4348] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.128593][ T4348] [ 89.128593][ T4348] other info that might help us debug this: [ 89.128593][ T4348] [ 89.142472][ T4348] Chain exists of: [ 89.142472][ T4348] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 89.142472][ T4348] [ 89.160729][ T4348] Possible unsafe locking scenario: [ 89.160729][ T4348] [ 89.170085][ T4348] CPU0 CPU1 [ 89.179652][ T4348] ---- ---- [ 89.186677][ T4348] lock(rfkill_global_mutex); [ 89.192171][ T4348] lock(&data->open_mutex); [ 89.201151][ T4348] lock(rfkill_global_mutex); [ 89.209552][ T4348] lock((work_completion)(&hdev->bg_scan_update)); [ 89.216979][ T4348] [ 89.216979][ T4348] *** DEADLOCK *** [ 89.216979][ T4348] [ 89.225861][ T4348] 1 lock held by syz.0.17/4348: [ 89.232217][ T4348] #0: ffffffff8d4c0768 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 89.243130][ T4348] [ 89.243130][ T4348] stack backtrace: [ 89.249269][ T4348] CPU: 0 PID: 4348 Comm: syz.0.17 Not tainted syzkaller #0 [ 89.257290][ T4348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 89.268735][ T4348] Call Trace: [ 89.272383][ T4348] [ 89.276037][ T4348] dump_stack_lvl+0x168/0x230 [ 89.281197][ T4348] ? load_image+0x3b0/0x3b0 [ 89.285923][ T4348] ? show_regs_print_info+0x20/0x20 [ 89.291670][ T4348] ? print_circular_bug+0x12b/0x1a0 [ 89.297099][ T4348] check_noncircular+0x274/0x310 [ 89.302367][ T4348] ? add_chain_block+0x940/0x940 [ 89.307540][ T4348] ? lockdep_lock+0xdc/0x1e0 [ 89.313122][ T4348] ? __lock_acquire+0x12d9/0x7c60 [ 89.318414][ T4348] ? lockdep_lock+0x1e0/0x1e0 [ 89.323414][ T4348] ? mark_lock+0x94/0x320 [ 89.327965][ T4348] ? _find_first_zero_bit+0xce/0xf0 [ 89.333564][ T4348] __lock_acquire+0x2c33/0x7c60 [ 89.338834][ T4348] ? verify_lock_unused+0x140/0x140 [ 89.344258][ T4348] ? verify_lock_unused+0x140/0x140 [ 89.349664][ T4348] lock_acquire+0x197/0x3f0 [ 89.354466][ T4348] ? __flush_work+0xc1/0x1b0 [ 89.359226][ T4348] ? __lock_acquire+0x7c60/0x7c60 [ 89.364643][ T4348] ? read_lock_is_recursive+0x10/0x10 [ 89.370175][ T4348] ? start_flush_work+0x776/0x820 [ 89.375414][ T4348] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 89.381764][ T4348] ? _raw_spin_unlock+0x40/0x40 [ 89.387283][ T4348] __flush_work+0xdd/0x1b0 [ 89.392328][ T4348] ? __flush_work+0xc1/0x1b0 [ 89.398165][ T4348] ? flush_work+0x20/0x20 [ 89.403192][ T4348] ? try_to_grab_pending+0xf3/0x7e0 [ 89.408817][ T4348] ? lockdep_hardirqs_off+0x70/0x100 [ 89.414523][ T4348] ? mark_lock+0x94/0x320 [ 89.419422][ T4348] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 89.425912][ T4348] ? lock_chain_count+0x20/0x20 [ 89.431315][ T4348] ? mark_lock+0x94/0x320 [ 89.436496][ T4348] ? __cancel_work_timer+0x331/0x520 [ 89.442603][ T4348] __cancel_work_timer+0x3ac/0x520 [ 89.448280][ T4348] ? cancel_work_sync+0x20/0x20 [ 89.453864][ T4348] ? __cancel_work+0x1f4/0x2d0 [ 89.459045][ T4348] ? lockdep_hardirqs_on+0x94/0x140 [ 89.464591][ T4348] ? __cancel_work+0x26f/0x2d0 [ 89.469490][ T4348] ? cancel_work+0x20/0x20 [ 89.474482][ T4348] ? lock_chain_count+0x20/0x20 [ 89.479835][ T4348] hci_request_cancel_all+0xcc/0x300 [ 89.485173][ T4348] hci_dev_do_close+0x4e/0x1030 [ 89.490264][ T4348] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 89.496969][ T4348] ? _raw_spin_unlock+0x40/0x40 [ 89.502082][ T4348] hci_rfkill_set_block+0x10a/0x190 [ 89.508241][ T4348] ? rcu_lock_release+0x20/0x20 [ 89.513587][ T4348] rfkill_set_block+0x1c6/0x420 [ 89.519219][ T4348] rfkill_fop_write+0x458/0x560 [ 89.525125][ T4348] ? _copy_from_user+0x111/0x170 [ 89.530900][ T4348] ? rfkill_fop_read+0x4b0/0x4b0 [ 89.536226][ T4348] ? common_file_perm+0x171/0x1c0 [ 89.542651][ T4348] ? fsnotify_perm+0x5d/0x560 [ 89.548161][ T4348] ? security_file_permission+0x75/0xa0 [ 89.554013][ T4348] do_iter_write+0x3e4/0x7b0 [ 89.558912][ T4348] do_writev+0x254/0x410 [ 89.563471][ T4348] ? do_readv+0x3e0/0x3e0 [ 89.568590][ T4348] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 89.576044][ T4348] ? lock_chain_count+0x20/0x20 [ 89.581492][ T4348] ? vtime_user_exit+0x2dc/0x400 [ 89.587233][ T4348] ? lockdep_hardirqs_on+0x94/0x140 [ 89.593889][ T4348] do_syscall_64+0x4c/0xa0 [ 89.598891][ T4348] ? clear_bhb_loop+0x30/0x80 [ 89.604878][ T4348] ? clear_bhb_loop+0x30/0x80 [ 89.610170][ T4348] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.616299][ T4348] RIP: 0033:0x7fd028e98ec9 [ 89.621134][ T4348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.641983][ T4348] RSP: 002b:00007ffff6014e28 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 89.650887][ T4348] RAX: ffffffffffffffda RBX: 00007fd0290effa0 RCX: 00007fd028e98ec9 [ 89.659371][ T4348] RDX: 0000000000000002 RSI: 00002000000000c0 RDI: 0000000000000003 [ 89.667985][ T4348] RBP: 00007fd028f1bf91 R08: 0000000000000000 R09: 0000000000000000 [ 89.677626][ T4348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.686072][ T4348] R13: 00007fd0290effa0 R14: 00007fd0290effa0 R15: 0000000000000003 [ 89.695206][ T4348]