Warning: Permanently added '10.128.0.82' (ED25519) to the list of known hosts. 2024/11/02 17:27:12 ignoring optional flag "sandboxArg"="0" 2024/11/02 17:27:12 parsed 1 programs [ 64.437934][ T4174] cgroup: Unknown subsys name 'net' [ 64.593541][ T4174] cgroup: Unknown subsys name 'rlimit' [ 66.039303][ T4174] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 68.061655][ T4208] chnl_net:caif_netlink_parms(): no params data found [ 68.129143][ T4208] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.136843][ T4208] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.145156][ T4208] device bridge_slave_0 entered promiscuous mode [ 68.155598][ T4208] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.162909][ T4208] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.171146][ T4208] device bridge_slave_1 entered promiscuous mode [ 68.201738][ T4208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.215012][ T4208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.255295][ T4208] team0: Port device team_slave_0 added [ 68.263988][ T4208] team0: Port device team_slave_1 added [ 68.293827][ T4208] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.302557][ T4208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.330439][ T4208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.344275][ T4208] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.352868][ T4208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.380886][ T4208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.423987][ T4208] device hsr_slave_0 entered promiscuous mode [ 68.431043][ T4208] device hsr_slave_1 entered promiscuous mode [ 68.575461][ T4208] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 68.591339][ T4208] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 68.602588][ T4208] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 68.613552][ T4208] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 68.648908][ T4208] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.656144][ T4208] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.664427][ T4208] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.671592][ T4208] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.746287][ T4208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.768896][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.780324][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.788575][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.804630][ T4208] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.831540][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.841047][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.848177][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.860956][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.870806][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.877922][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.893510][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.903188][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.916842][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.931708][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.946333][ T4208] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 68.961132][ T4208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 68.969800][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 68.979541][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.072677][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 69.082377][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 69.099622][ T4208] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.125248][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 69.135064][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 69.166859][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 69.175546][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 69.191765][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 69.200768][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 69.222902][ T4208] device veth0_vlan entered promiscuous mode [ 69.246227][ T4208] device veth1_vlan entered promiscuous mode [ 69.271276][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 69.279544][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 69.287936][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 69.296466][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 69.307096][ T4208] device veth0_macvtap entered promiscuous mode [ 69.317996][ T4208] device veth1_macvtap entered promiscuous mode [ 69.333518][ T4208] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.341879][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 69.350296][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 69.359864][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 69.369154][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 69.380907][ T4208] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.389280][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 69.397977][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 69.409497][ T4208] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.419493][ T4208] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.428776][ T4208] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.437871][ T4208] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.525138][ T4208] syz-executor (4208) used greatest stack depth: 18840 bytes left [ 69.613774][ T4230] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.630202][ T4230] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.641617][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.653108][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.662213][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.679472][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2024/11/02 17:27:21 executed programs: 0 [ 70.893238][ T4261] chnl_net:caif_netlink_parms(): no params data found [ 70.961127][ T4261] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.971354][ T4261] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.980151][ T4261] device bridge_slave_0 entered promiscuous mode [ 70.990813][ T4261] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.000374][ T4261] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.008844][ T4261] device bridge_slave_1 entered promiscuous mode [ 71.042688][ T4261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.054715][ T4261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.087751][ T4261] team0: Port device team_slave_0 added [ 71.095670][ T4261] team0: Port device team_slave_1 added [ 71.122730][ T4261] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.130513][ T4261] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.159724][ T4261] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.172410][ T4261] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.181888][ T4261] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.210647][ T4261] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.253927][ T4261] device hsr_slave_0 entered promiscuous mode [ 71.264232][ T4261] device hsr_slave_1 entered promiscuous mode [ 71.271296][ T4261] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.280917][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.287694][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.305012][ T4261] Cannot create hsr debugfs directory [ 71.402499][ T4261] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.798849][ T4268] Bluetooth: hci0: command 0x0409 tx timeout [ 74.465638][ T4261] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.522615][ T4261] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.573074][ T4261] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.877265][ T4214] Bluetooth: hci0: command 0x041b tx timeout [ 74.884863][ T4261] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.894456][ T4261] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.904872][ T4261] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.930422][ T4261] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.000327][ T4261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.012586][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 75.020675][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.032958][ T4261] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.061200][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.071733][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.080466][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.087556][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.098530][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 75.109365][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.119232][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.127790][ T4230] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.134844][ T4230] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.156510][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 75.165540][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 75.189300][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 75.199064][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.208287][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.222764][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 75.231539][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.240391][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 75.250950][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.265849][ T4261] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.278185][ T4261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.286273][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 75.295733][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.310854][ T1235] device hsr_slave_0 left promiscuous mode [ 75.318028][ T1235] device hsr_slave_1 left promiscuous mode [ 75.324905][ T1235] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 75.332632][ T1235] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 75.341421][ T1235] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 75.349177][ T1235] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 75.356793][ T1235] device bridge_slave_1 left promiscuous mode [ 75.364174][ T1235] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.378720][ T1235] device bridge_slave_0 left promiscuous mode [ 75.384907][ T1235] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.404551][ T1235] device veth1_macvtap left promiscuous mode [ 75.410912][ T1235] device veth0_macvtap left promiscuous mode [ 75.416944][ T1235] device veth1_vlan left promiscuous mode [ 75.423504][ T1235] device veth0_vlan left promiscuous mode [ 75.582718][ T1235] team0 (unregistering): Port device team_slave_1 removed [ 75.598719][ T1235] team0 (unregistering): Port device team_slave_0 removed [ 75.611333][ T1235] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 75.625735][ T1235] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 75.682675][ T1235] bond0 (unregistering): Released all slaves [ 75.811431][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.819129][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.830762][ T4261] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.851916][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 75.866002][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 75.884009][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 75.892845][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.901875][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.911445][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.923380][ T4261] device veth0_vlan entered promiscuous mode [ 75.943590][ T4261] device veth1_vlan entered promiscuous mode [ 75.963256][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.971655][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.979863][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 75.988418][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.001822][ T4261] device veth0_macvtap entered promiscuous mode [ 76.012218][ T4261] device veth1_macvtap entered promiscuous mode [ 76.019773][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.028349][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.044090][ T4261] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.051849][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.061453][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.073852][ T4261] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.088201][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.096937][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.109655][ T4261] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.118749][ T4261] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.128827][ T4261] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.138220][ T4261] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.206591][ T4230] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.221361][ T4230] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.244232][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.261051][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.271054][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.281932][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.332783][ T4275] [ 76.335143][ T4275] ====================================================== [ 76.342160][ T4275] WARNING: possible circular locking dependency detected [ 76.349192][ T4275] 5.15.170-syzkaller #0 Not tainted [ 76.354389][ T4275] ------------------------------------------------------ [ 76.361644][ T4275] syz.0.15/4275 is trying to acquire lock: [ 76.367466][ T4275] ffff88807b7b0c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 76.378548][ T4275] [ 76.378548][ T4275] but task is already holding lock: [ 76.385915][ T4275] ffffffff8dcbe3a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 76.395600][ T4275] [ 76.395600][ T4275] which lock already depends on the new lock. [ 76.395600][ T4275] [ 76.406004][ T4275] [ 76.406004][ T4275] the existing dependency chain (in reverse order) is: [ 76.415015][ T4275] [ 76.415015][ T4275] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 76.423017][ T4275] lock_acquire+0x1db/0x4f0 [ 76.428043][ T4275] __mutex_lock_common+0x1da/0x25a0 [ 76.433768][ T4275] mutex_lock_nested+0x17/0x20 [ 76.439054][ T4275] rfkill_register+0x30/0x880 [ 76.444256][ T4275] hci_register_dev+0x4dd/0xa50 [ 76.449635][ T4275] vhci_create_device+0x310/0x590 [ 76.455185][ T4275] vhci_write+0x382/0x430 [ 76.460036][ T4275] vfs_write+0xacd/0xe50 [ 76.464805][ T4275] ksys_write+0x1a2/0x2c0 [ 76.469660][ T4275] do_syscall_64+0x3b/0xb0 [ 76.474599][ T4275] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.481019][ T4275] [ 76.481019][ T4275] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 76.488844][ T4275] lock_acquire+0x1db/0x4f0 [ 76.493874][ T4275] __mutex_lock_common+0x1da/0x25a0 [ 76.499599][ T4275] mutex_lock_nested+0x17/0x20 [ 76.504887][ T4275] vhci_send_frame+0x8a/0xf0 [ 76.510006][ T4275] hci_send_frame+0x1af/0x2f0 [ 76.515205][ T4275] hci_tx_work+0xb2e/0x1a30 [ 76.520229][ T4275] process_one_work+0x8a1/0x10c0 [ 76.525691][ T4275] worker_thread+0xaca/0x1280 [ 76.530889][ T4275] kthread+0x3f6/0x4f0 [ 76.535481][ T4275] ret_from_fork+0x1f/0x30 [ 76.540425][ T4275] [ 76.540425][ T4275] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 76.549641][ T4275] lock_acquire+0x1db/0x4f0 [ 76.554667][ T4275] __flush_work+0xeb/0x1a0 [ 76.559603][ T4275] hci_dev_do_close+0x20a/0x1070 [ 76.565065][ T4275] hci_unregister_dev+0x2d7/0x580 [ 76.570608][ T4275] vhci_release+0x73/0xc0 [ 76.575467][ T4275] __fput+0x3fe/0x8e0 [ 76.579992][ T4275] task_work_run+0x129/0x1a0 [ 76.585133][ T4275] do_exit+0x6a3/0x2480 [ 76.589832][ T4275] do_group_exit+0x144/0x310 [ 76.594962][ T4275] get_signal+0xc66/0x14e0 [ 76.599904][ T4275] arch_do_signal_or_restart+0xc3/0x1890 [ 76.606068][ T4275] exit_to_user_mode_loop+0x97/0x130 [ 76.611887][ T4275] exit_to_user_mode_prepare+0xb1/0x140 [ 76.617959][ T4275] syscall_exit_to_user_mode+0x5d/0x240 [ 76.624025][ T4275] do_syscall_64+0x47/0xb0 [ 76.628950][ T4275] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.635359][ T4275] [ 76.635359][ T4275] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 76.643004][ T4275] lock_acquire+0x1db/0x4f0 [ 76.648021][ T4275] __mutex_lock_common+0x1da/0x25a0 [ 76.653730][ T4275] mutex_lock_nested+0x17/0x20 [ 76.659005][ T4275] bg_scan_update+0xa1/0x4a0 [ 76.664107][ T4275] process_one_work+0x8a1/0x10c0 [ 76.669571][ T4275] worker_thread+0xaca/0x1280 [ 76.674756][ T4275] kthread+0x3f6/0x4f0 [ 76.679336][ T4275] ret_from_fork+0x1f/0x30 [ 76.684261][ T4275] [ 76.684261][ T4275] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 76.694067][ T4275] validate_chain+0x1649/0x5930 [ 76.699433][ T4275] __lock_acquire+0x1295/0x1ff0 [ 76.704792][ T4275] lock_acquire+0x1db/0x4f0 [ 76.709811][ T4275] __flush_work+0xeb/0x1a0 [ 76.714760][ T4275] __cancel_work_timer+0x519/0x6a0 [ 76.720384][ T4275] hci_request_cancel_all+0xcb/0x300 [ 76.726178][ T4275] hci_dev_do_close+0x51/0x1070 [ 76.731549][ T4275] hci_rfkill_set_block+0x114/0x1a0 [ 76.737276][ T4275] rfkill_set_block+0x1e7/0x430 [ 76.742644][ T4275] rfkill_fop_write+0x5b7/0x790 [ 76.748017][ T4275] vfs_write+0x30c/0xe50 [ 76.752783][ T4275] ksys_write+0x1a2/0x2c0 [ 76.757625][ T4275] do_syscall_64+0x3b/0xb0 [ 76.762554][ T4275] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.768963][ T4275] [ 76.768963][ T4275] other info that might help us debug this: [ 76.768963][ T4275] [ 76.779173][ T4275] Chain exists of: [ 76.779173][ T4275] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 76.779173][ T4275] [ 76.794891][ T4275] Possible unsafe locking scenario: [ 76.794891][ T4275] [ 76.802328][ T4275] CPU0 CPU1 [ 76.807677][ T4275] ---- ---- [ 76.813025][ T4275] lock(rfkill_global_mutex); [ 76.817777][ T4275] lock(&data->open_mutex); [ 76.824875][ T4275] lock(rfkill_global_mutex); [ 76.832143][ T4275] lock((work_completion)(&hdev->bg_scan_update)); [ 76.838718][ T4275] [ 76.838718][ T4275] *** DEADLOCK *** [ 76.838718][ T4275] [ 76.846843][ T4275] 1 lock held by syz.0.15/4275: [ 76.851678][ T4275] #0: ffffffff8dcbe3a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 76.861876][ T4275] [ 76.861876][ T4275] stack backtrace: [ 76.867772][ T4275] CPU: 0 PID: 4275 Comm: syz.0.15 Not tainted 5.15.170-syzkaller #0 [ 76.875742][ T4275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 76.885798][ T4275] Call Trace: [ 76.889075][ T4275] [ 76.892001][ T4275] dump_stack_lvl+0x1e3/0x2d0 [ 76.896676][ T4275] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 76.902302][ T4275] ? print_circular_bug+0x12b/0x1a0 [ 76.907495][ T4275] check_noncircular+0x2f8/0x3b0 [ 76.912425][ T4275] ? add_chain_block+0x850/0x850 [ 76.917352][ T4275] ? lockdep_lock+0x11f/0x2a0 [ 76.922026][ T4275] validate_chain+0x1649/0x5930 [ 76.926875][ T4275] ? validate_chain+0x112/0x5930 [ 76.931806][ T4275] ? reacquire_held_locks+0x660/0x660 [ 76.937287][ T4275] ? mark_lock+0x98/0x340 [ 76.941609][ T4275] ? look_up_lock_class+0x77/0x120 [ 76.946714][ T4275] ? register_lock_class+0x100/0x9a0 [ 76.951989][ T4275] ? mark_lock+0x98/0x340 [ 76.956318][ T4275] ? is_dynamic_key+0x1f0/0x1f0 [ 76.961181][ T4275] ? __lock_acquire+0x1295/0x1ff0 [ 76.966219][ T4275] ? mark_lock+0x98/0x340 [ 76.970550][ T4275] __lock_acquire+0x1295/0x1ff0 [ 76.975404][ T4275] lock_acquire+0x1db/0x4f0 [ 76.979899][ T4275] ? __flush_work+0xcf/0x1a0 [ 76.984484][ T4275] ? rcu_lock_release+0x5/0x20 [ 76.989242][ T4275] ? read_lock_is_recursive+0x10/0x10 [ 76.994615][ T4275] ? start_flush_work+0x776/0x820 [ 76.999634][ T4275] __flush_work+0xeb/0x1a0 [ 77.004040][ T4275] ? __flush_work+0xcf/0x1a0 [ 77.008627][ T4275] ? flush_work+0x20/0x20 [ 77.013042][ T4275] ? print_irqtrace_events+0x210/0x210 [ 77.018493][ T4275] ? lock_timer_base+0x260/0x260 [ 77.023429][ T4275] ? __cancel_work_timer+0x467/0x6a0 [ 77.028707][ T4275] __cancel_work_timer+0x519/0x6a0 [ 77.033817][ T4275] ? cancel_work_sync+0x20/0x20 [ 77.038658][ T4275] ? lockdep_hardirqs_on+0x94/0x130 [ 77.043852][ T4275] ? __cancel_work+0x2ef/0x380 [ 77.048617][ T4275] ? cancel_work+0x20/0x20 [ 77.053037][ T4275] ? print_irqtrace_events+0x210/0x210 [ 77.058493][ T4275] hci_request_cancel_all+0xcb/0x300 [ 77.063773][ T4275] hci_dev_do_close+0x51/0x1070 [ 77.068619][ T4275] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 77.074506][ T4275] ? _raw_spin_unlock+0x40/0x40 [ 77.079352][ T4275] hci_rfkill_set_block+0x114/0x1a0 [ 77.084553][ T4275] ? rcu_lock_release+0x20/0x20 [ 77.089394][ T4275] rfkill_set_block+0x1e7/0x430 [ 77.094239][ T4275] rfkill_fop_write+0x5b7/0x790 [ 77.099079][ T4275] ? mark_lock+0x98/0x340 [ 77.103401][ T4275] ? rfkill_fop_read+0x470/0x470 [ 77.108343][ T4275] ? fsnotify_perm+0x64/0x590 [ 77.113017][ T4275] ? security_file_permission+0x75/0xa0 [ 77.118556][ T4275] ? rfkill_fop_read+0x470/0x470 [ 77.123498][ T4275] vfs_write+0x30c/0xe50 [ 77.127739][ T4275] ? file_end_write+0x250/0x250 [ 77.132672][ T4275] ? read_lock_is_recursive+0x10/0x10 [ 77.138036][ T4275] ? __context_tracking_exit+0x4c/0x80 [ 77.143494][ T4275] ? __lock_acquire+0x1ff0/0x1ff0 [ 77.148527][ T4275] ? __fdget_pos+0x1e9/0x380 [ 77.153135][ T4275] ksys_write+0x1a2/0x2c0 [ 77.157457][ T4275] ? print_irqtrace_events+0x210/0x210 [ 77.162926][ T4275] ? __ia32_sys_read+0x80/0x80 [ 77.167681][ T4275] ? syscall_enter_from_user_mode+0x2e/0x240 [ 77.173655][ T4275] ? lockdep_hardirqs_on+0x94/0x130 [ 77.178848][ T4275] ? syscall_enter_from_user_mode+0x2e/0x240 [ 77.184828][ T4275] do_syscall_64+0x3b/0xb0 [ 77.189241][ T4275] ? clear_bhb_loop+0x15/0x70 [ 77.193946][ T4275] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 77.199832][ T4275] RIP: 0033:0x7fd83c02d719 [ 77.204254][ T4275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.223872][ T4275] RSP: 002b:00007ffe6fac81e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 77.232281][ T4275] RAX: ffffffffffffffda RBX: 00007fd83c1e4f80 RCX: 00007fd83c02d719 [ 77.240244][ T4275] RDX: 0000000000000008 RSI: 0000000020000300 RDI: 0000000000000003 [ 77.248210][ T4275] RBP: 00007fd83c0a032e R08: 0000000000000000 R09: 0000000000000000 [ 77.256262][ T4275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.264249][ T4275] R13: 00007fd83c1e4f80 R14: 00007fd83c1e4f80 R15: 00000000000014d7 [ 77.272225][ T4275] [ 77.278189][ T4214] Bluetooth: hci0: command 0x040f tx timeout