Warning: Permanently added '10.128.0.3' (ED25519) to the list of known hosts. 1970/01/01 00:00:44 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:44 parsed 1 programs syzkaller login: [ 47.643368][ T4022] cgroup: Unknown subsys name 'net' [ 47.892737][ T4022] cgroup: Unknown subsys name 'rlimit' [ 48.195158][ T4022] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 62.744652][ T1601] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.746843][ T1601] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.754605][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 62.763649][ T1601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.765716][ T1601] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.769421][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 63.399282][ T4087] chnl_net:caif_netlink_parms(): no params data found [ 63.442384][ T4087] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.444306][ T4087] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.446893][ T4087] device bridge_slave_0 entered promiscuous mode [ 63.451842][ T4087] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.453764][ T4087] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.456319][ T4087] device bridge_slave_1 entered promiscuous mode [ 63.475214][ T4087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.481062][ T4087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.500517][ T4087] team0: Port device team_slave_0 added [ 63.503979][ T4087] team0: Port device team_slave_1 added [ 63.519153][ T4087] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.521068][ T4087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.528667][ T4087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.533228][ T4087] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.535056][ T4087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.543059][ T4087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.600654][ T4087] device hsr_slave_0 entered promiscuous mode [ 63.638705][ T4087] device hsr_slave_1 entered promiscuous mode [ 63.764328][ T4087] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.810381][ T4087] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.869675][ T4087] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.909966][ T4087] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.986014][ T4087] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.988056][ T4087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.990393][ T4087] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.992354][ T4087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.037737][ T4087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.045072][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.050678][ T1601] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.053540][ T1601] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.056606][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 64.064372][ T4087] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.070687][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.073172][ T1601] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.074899][ T1601] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.082401][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.084923][ T136] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.086734][ T136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.100205][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.102939][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.110460][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.116127][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.123819][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.128768][ T4087] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.156872][ T513] ODEBUG: Out of memory. ODEBUG disabled [ 64.198036][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.199996][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.205524][ T4087] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.218437][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.231331][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.234230][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.236559][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.243925][ T4087] device veth0_vlan entered promiscuous mode [ 64.250786][ T4087] device veth1_vlan entered promiscuous mode [ 64.263279][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.265689][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.270640][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.274984][ T4087] device veth0_macvtap entered promiscuous mode [ 64.286594][ T4087] device veth1_macvtap entered promiscuous mode [ 64.303540][ T4087] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.307329][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.352999][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.361276][ T4087] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.363957][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.368394][ T4087] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.370647][ T4087] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.372671][ T4087] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.374918][ T4087] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:04 executed programs: 0 [ 64.551218][ T4115] chnl_net:caif_netlink_parms(): no params data found [ 64.609833][ T4115] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.611613][ T4115] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.614130][ T4115] device bridge_slave_0 entered promiscuous mode [ 64.619527][ T4115] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.621438][ T4115] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.623743][ T4115] device bridge_slave_1 entered promiscuous mode [ 64.637771][ T4115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.641798][ T4115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.655395][ T4115] team0: Port device team_slave_0 added [ 64.658885][ T4115] team0: Port device team_slave_1 added [ 64.671130][ T4115] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.673016][ T4115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.679692][ T4115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.683688][ T4115] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.685480][ T4115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.692258][ T4115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.749130][ T4115] device hsr_slave_0 entered promiscuous mode [ 64.787443][ T4115] device hsr_slave_1 entered promiscuous mode [ 64.847229][ T4115] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.849382][ T4115] Cannot create hsr debugfs directory [ 64.899464][ T4115] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.517924][ T3604] Bluetooth: hci0: command 0x0409 tx timeout [ 67.383423][ T4115] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.587167][ T13] Bluetooth: hci0: command 0x041b tx timeout [ 69.629941][ T25] cfg80211: failed to load regulatory.db [ 69.630598][ T2055] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.633336][ T2055] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.223612][ T4115] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.513030][ T4115] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.667182][ T1533] Bluetooth: hci0: command 0x040f tx timeout [ 70.725707][ T4115] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.781747][ T4115] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.821648][ T4115] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.888793][ T4115] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.982389][ T4115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.990601][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.992934][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.000967][ T4115] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.005494][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.009289][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.011979][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.013826][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.032086][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.034580][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.038760][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.041125][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.042938][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.045035][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 71.051832][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 71.054614][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.059368][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.062118][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.064713][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.072709][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.075189][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 71.078185][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.083680][ T4115] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.086878][ T4115] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 71.092192][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 71.094669][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.152911][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 71.155013][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 71.161834][ T4115] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.172800][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 71.175445][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 71.188606][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 71.191530][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 71.195041][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 71.197752][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 71.201092][ T4115] device veth0_vlan entered promiscuous mode [ 71.210454][ T4115] device veth1_vlan entered promiscuous mode [ 71.223956][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 71.226352][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 71.231872][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 71.234910][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 71.240047][ T4115] device veth0_macvtap entered promiscuous mode [ 71.244114][ T4115] device veth1_macvtap entered promiscuous mode [ 71.255983][ T4115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.259042][ T4115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.262444][ T4115] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.264682][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 71.267197][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 71.269668][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 71.272196][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 71.276640][ T4115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.280289][ T4115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.283878][ T4115] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.285975][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 71.290111][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 71.295014][ T4115] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.298104][ T4115] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.300338][ T4115] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.302433][ T4115] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.359779][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.362017][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.364571][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 71.383377][ T1601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.385378][ T1601] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.391684][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 71.480252][ T4127] [ 71.480820][ T4127] ====================================================== [ 71.482707][ T4127] WARNING: possible circular locking dependency detected [ 71.484518][ T4127] 5.15.167-syzkaller #0 Not tainted [ 71.485921][ T4127] ------------------------------------------------------ [ 71.487749][ T4127] syz.0.15/4127 is trying to acquire lock: [ 71.489310][ T4127] ffff0000db148c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xd0/0x1c0 [ 71.492265][ T4127] [ 71.492265][ T4127] but task is already holding lock: [ 71.494171][ T4127] ffff800016e75ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x250/0x750 [ 71.496720][ T4127] [ 71.496720][ T4127] which lock already depends on the new lock. [ 71.496720][ T4127] [ 71.499428][ T4127] [ 71.499428][ T4127] the existing dependency chain (in reverse order) is: [ 71.501743][ T4127] [ 71.501743][ T4127] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 71.503756][ T4127] __mutex_lock_common+0x194/0x2154 [ 71.505279][ T4127] mutex_lock_nested+0xa4/0xf8 [ 71.506767][ T4127] rfkill_register+0x44/0x7a4 [ 71.508125][ T4127] hci_register_dev+0x3e0/0x880 [ 71.509563][ T4127] vhci_create_device+0x2c4/0x568 [ 71.511015][ T4127] vhci_write+0x318/0x3b8 [ 71.512231][ T4127] vfs_write+0x884/0xb44 [ 71.513434][ T4127] ksys_write+0x15c/0x26c [ 71.514751][ T4127] __arm64_sys_write+0x7c/0x90 [ 71.516120][ T4127] invoke_syscall+0x98/0x2b8 [ 71.517418][ T4127] el0_svc_common+0x138/0x258 [ 71.518857][ T4127] do_el0_svc+0x58/0x14c [ 71.520021][ T4127] el0_svc+0x7c/0x1f0 [ 71.521185][ T4127] el0t_64_sync_handler+0x84/0xe4 [ 71.522592][ T4127] el0t_64_sync+0x1a0/0x1a4 [ 71.523918][ T4127] [ 71.523918][ T4127] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 71.525936][ T4127] __mutex_lock_common+0x194/0x2154 [ 71.527490][ T4127] mutex_lock_nested+0xa4/0xf8 [ 71.528902][ T4127] vhci_send_frame+0x8c/0x10c [ 71.530205][ T4127] hci_send_frame+0x194/0x2f0 [ 71.531540][ T4127] hci_tx_work+0x9ac/0x16cc [ 71.532824][ T4127] process_one_work+0x790/0x11b8 [ 71.534223][ T4127] worker_thread+0x910/0x1034 [ 71.535542][ T4127] kthread+0x37c/0x45c [ 71.536789][ T4127] ret_from_fork+0x10/0x20 [ 71.538082][ T4127] [ 71.538082][ T4127] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 71.540527][ T4127] __flush_work+0xf8/0x1c0 [ 71.541830][ T4127] flush_work+0x24/0x38 [ 71.543034][ T4127] hci_dev_do_close+0x16c/0x1060 [ 71.544472][ T4127] hci_unregister_dev+0x248/0x4d4 [ 71.545941][ T4127] vhci_release+0x74/0xc4 [ 71.547117][ T4127] __fput+0x1c4/0x800 [ 71.547948][ T4127] ____fput+0x20/0x30 [ 71.549139][ T4127] task_work_run+0x130/0x1e4 [ 71.550482][ T4127] do_exit+0x670/0x20bc [ 71.551712][ T4127] do_group_exit+0x110/0x268 [ 71.553075][ T4127] get_signal+0x634/0x1550 [ 71.554319][ T4127] do_notify_resume+0x3d0/0x32b8 [ 71.555707][ T4127] el0_svc+0xfc/0x1f0 [ 71.556903][ T4127] el0t_64_sync_handler+0x84/0xe4 [ 71.558373][ T4127] el0t_64_sync+0x1a0/0x1a4 [ 71.559723][ T4127] [ 71.559723][ T4127] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 71.561711][ T4127] __mutex_lock_common+0x194/0x2154 [ 71.563264][ T4127] mutex_lock_nested+0xa4/0xf8 [ 71.564651][ T4127] bg_scan_update+0x9c/0x470 [ 71.565990][ T4127] process_one_work+0x790/0x11b8 [ 71.567412][ T4127] worker_thread+0x910/0x1034 [ 71.568874][ T4127] kthread+0x37c/0x45c [ 71.570102][ T4127] ret_from_fork+0x10/0x20 [ 71.571430][ T4127] [ 71.571430][ T4127] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 71.574037][ T4127] __lock_acquire+0x32d4/0x7638 [ 71.575435][ T4127] lock_acquire+0x240/0x77c [ 71.576728][ T4127] __flush_work+0xf8/0x1c0 [ 71.578032][ T4127] __cancel_work_timer+0x3ec/0x548 [ 71.579548][ T4127] cancel_work_sync+0x24/0x38 [ 71.581011][ T4127] hci_request_cancel_all+0xcc/0x2d0 [ 71.582533][ T4127] hci_dev_do_close+0x54/0x1060 [ 71.584056][ T4127] hci_rfkill_set_block+0xdc/0x1d0 [ 71.585510][ T4127] rfkill_set_block+0x18c/0x37c [ 71.586845][ T4127] rfkill_fop_write+0x594/0x750 [ 71.588238][ T4127] vfs_write+0x280/0xb44 [ 71.589457][ T4127] ksys_write+0x15c/0x26c [ 71.590761][ T4127] __arm64_sys_write+0x7c/0x90 [ 71.592179][ T4127] invoke_syscall+0x98/0x2b8 [ 71.593562][ T4127] el0_svc_common+0x138/0x258 [ 71.595034][ T4127] do_el0_svc+0x58/0x14c [ 71.596239][ T4127] el0_svc+0x7c/0x1f0 [ 71.597463][ T4127] el0t_64_sync_handler+0x84/0xe4 [ 71.598999][ T4127] el0t_64_sync+0x1a0/0x1a4 [ 71.600400][ T4127] [ 71.600400][ T4127] other info that might help us debug this: [ 71.600400][ T4127] [ 71.603111][ T4127] Chain exists of: [ 71.603111][ T4127] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 71.603111][ T4127] [ 71.607220][ T4127] Possible unsafe locking scenario: [ 71.607220][ T4127] [ 71.609285][ T4127] CPU0 CPU1 [ 71.610751][ T4127] ---- ---- [ 71.611704][ T4127] lock(rfkill_global_mutex); [ 71.613040][ T4127] lock(&data->open_mutex); [ 71.614948][ T4127] lock(rfkill_global_mutex); [ 71.616878][ T4127] lock((work_completion)(&hdev->bg_scan_update)); [ 71.618615][ T4127] [ 71.618615][ T4127] *** DEADLOCK *** [ 71.618615][ T4127] [ 71.620795][ T4127] 1 lock held by syz.0.15/4127: [ 71.622097][ T4127] #0: ffff800016e75ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x250/0x750 [ 71.624851][ T4127] [ 71.624851][ T4127] stack backtrace: [ 71.626409][ T4127] CPU: 0 PID: 4127 Comm: syz.0.15 Not tainted 5.15.167-syzkaller #0 [ 71.628582][ T4127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 71.631335][ T4127] Call trace: [ 71.632189][ T4127] dump_backtrace+0x0/0x530 [ 71.633364][ T4127] show_stack+0x2c/0x3c [ 71.634530][ T4127] dump_stack_lvl+0x108/0x170 [ 71.635709][ T4127] dump_stack+0x1c/0x58 [ 71.636923][ T4127] print_circular_bug+0x150/0x1b8 [ 71.638266][ T4127] check_noncircular+0x2cc/0x378 [ 71.639578][ T4127] __lock_acquire+0x32d4/0x7638 [ 71.640921][ T4127] lock_acquire+0x240/0x77c [ 71.642118][ T4127] __flush_work+0xf8/0x1c0 [ 71.643243][ T4127] __cancel_work_timer+0x3ec/0x548 [ 71.644617][ T4127] cancel_work_sync+0x24/0x38 [ 71.645913][ T4127] hci_request_cancel_all+0xcc/0x2d0 [ 71.647284][ T4127] hci_dev_do_close+0x54/0x1060 [ 71.648417][ T4127] hci_rfkill_set_block+0xdc/0x1d0 [ 71.649706][ T4127] rfkill_set_block+0x18c/0x37c [ 71.650865][ T4127] rfkill_fop_write+0x594/0x750 [ 71.652114][ T4127] vfs_write+0x280/0xb44 [ 71.653291][ T4127] ksys_write+0x15c/0x26c [ 71.654307][ T4127] __arm64_sys_write+0x7c/0x90 [ 71.655496][ T4127] invoke_syscall+0x98/0x2b8 [ 71.656775][ T4127] el0_svc_common+0x138/0x258 [ 71.658043][ T4127] do_el0_svc+0x58/0x14c [ 71.659241][ T4127] el0_svc+0x7c/0x1f0 [ 71.660219][ T4127] el0t_64_sync_handler+0x84/0xe4 [ 71.661492][ T4127] el0t_64_sync+0x1a0/0x1a4