Warning: Permanently added '10.128.1.42' (ED25519) to the list of known hosts. 1970/01/01 00:00:41 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:42 parsed 1 programs [ 45.147825][ T4028] cgroup: Unknown subsys name 'net' [ 45.393944][ T4028] cgroup: Unknown subsys name 'rlimit' [ 45.798151][ T4028] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 54.141116][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.143326][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.146179][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 54.167277][ T520] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.169621][ T520] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.172554][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 54.322838][ T4081] chnl_net:caif_netlink_parms(): no params data found [ 54.362064][ T4081] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.364115][ T4081] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.366633][ T4081] device bridge_slave_0 entered promiscuous mode [ 54.374501][ T4081] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.376499][ T4081] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.379513][ T4081] device bridge_slave_1 entered promiscuous mode [ 54.395823][ T4081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.400442][ T4081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.417272][ T4081] team0: Port device team_slave_0 added [ 54.420968][ T4081] team0: Port device team_slave_1 added [ 54.434899][ T4081] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.436858][ T4081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.443944][ T4081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.449344][ T4081] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.451205][ T4081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.459502][ T4081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.570288][ T4081] device hsr_slave_0 entered promiscuous mode [ 54.607990][ T4081] device hsr_slave_1 entered promiscuous mode [ 54.766004][ T4081] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.830693][ T4081] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.869958][ T4081] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.910069][ T4081] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.028577][ T4081] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.037103][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.042341][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.049226][ T4081] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.054275][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.057140][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.066460][ T153] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.068650][ T153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.088791][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.091527][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.094134][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.096916][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.098970][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.103111][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.106096][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.109409][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.112752][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.115446][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.125459][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.128741][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.136785][ T4081] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.139808][ T4081] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.143633][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.146328][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.153820][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.156484][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.160075][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.240672][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 55.242792][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 55.250438][ T4081] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.265463][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.282210][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.285235][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.289014][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.294161][ T4081] device veth0_vlan entered promiscuous mode [ 55.302095][ T4081] device veth1_vlan entered promiscuous mode [ 55.320820][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 55.323540][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 55.326515][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.333066][ T4081] device veth0_macvtap entered promiscuous mode [ 55.338086][ T4081] device veth1_macvtap entered promiscuous mode [ 55.361273][ T4081] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.365786][ T4081] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.369966][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 55.372728][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.375434][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.378455][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.381297][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.385927][ T4081] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.396837][ T4081] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.400243][ T4081] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.402568][ T4081] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:56 executed programs: 0 [ 56.600831][ T4127] chnl_net:caif_netlink_parms(): no params data found [ 56.635608][ T4127] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.638053][ T4127] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.640550][ T4127] device bridge_slave_0 entered promiscuous mode [ 56.644245][ T4127] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.646193][ T4127] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.649242][ T4127] device bridge_slave_1 entered promiscuous mode [ 56.667041][ T4127] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.674811][ T4127] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.694686][ T4127] team0: Port device team_slave_0 added [ 56.701215][ T4127] team0: Port device team_slave_1 added [ 56.715902][ T4127] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.718279][ T4127] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.725144][ T4127] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.729817][ T4127] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.731743][ T4127] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.738993][ T4127] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.799760][ T4127] device hsr_slave_0 entered promiscuous mode [ 56.838106][ T4127] device hsr_slave_1 entered promiscuous mode [ 56.877806][ T4127] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.880102][ T4127] Cannot create hsr debugfs directory [ 56.962378][ T4127] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.588239][ T4104] Bluetooth: hci0: command 0x0409 tx timeout [ 59.640675][ T4127] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.464665][ T4127] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.518633][ T4127] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.667736][ T4104] Bluetooth: hci0: command 0x041b tx timeout [ 60.672492][ T4127] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.694963][ T4127] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.730049][ T4127] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.770315][ T4127] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.856127][ T4127] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.864392][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.866971][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.873661][ T4127] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.879349][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.882091][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.884709][ T561] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.886644][ T561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.892186][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.897927][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.900635][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.903199][ T561] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.905122][ T561] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.948644][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.951589][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.957592][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.960690][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.963650][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.970835][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.973806][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.980728][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.983570][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.989013][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.991720][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.996219][ T4127] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.075723][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 61.078473][ T561] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 61.084937][ T4127] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.100687][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 61.103740][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 61.115779][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 61.118997][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 61.121777][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 61.124454][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 61.131276][ T4127] device veth0_vlan entered promiscuous mode [ 61.138266][ T4127] device veth1_vlan entered promiscuous mode [ 61.154247][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 61.156974][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 61.161140][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 61.163868][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 61.168643][ T4127] device veth0_macvtap entered promiscuous mode [ 61.174251][ T4127] device veth1_macvtap entered promiscuous mode [ 61.185529][ T4127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.189136][ T4127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.192878][ T4127] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.195338][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 61.201932][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 61.204585][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 61.207376][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 61.213918][ T4127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.216752][ T4127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.221774][ T4127] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.224002][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 61.226800][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 61.232097][ T4127] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.234467][ T4127] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.236840][ T4127] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.240237][ T4127] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.281678][ T520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.283846][ T520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.286778][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.303122][ T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.305350][ T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.308976][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.417501][ T4143] [ 61.418264][ T4143] ====================================================== [ 61.420229][ T4143] WARNING: possible circular locking dependency detected [ 61.422156][ T4143] 5.15.185-syzkaller #0 Not tainted [ 61.423558][ T4143] ------------------------------------------------------ [ 61.425458][ T4143] syz.0.16/4143 is trying to acquire lock: [ 61.427039][ T4143] ffff0000db940c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xcc/0x1bc [ 61.430095][ T4143] [ 61.430095][ T4143] but task is already holding lock: [ 61.432186][ T4143] ffff800016507d48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x238/0x5cc [ 61.434890][ T4143] [ 61.434890][ T4143] which lock already depends on the new lock. [ 61.434890][ T4143] [ 61.437744][ T4143] [ 61.437744][ T4143] the existing dependency chain (in reverse order) is: [ 61.440177][ T4143] [ 61.440177][ T4143] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 61.442343][ T4143] __mutex_lock_common+0x194/0x1edc [ 61.443899][ T4143] mutex_lock_nested+0xac/0x11c [ 61.445375][ T4143] rfkill_register+0x44/0x77c [ 61.446808][ T4143] hci_register_dev+0x3d8/0x854 [ 61.448305][ T4143] vhci_create_device+0x2bc/0x564 [ 61.449833][ T4143] vhci_write+0x30c/0x3ac [ 61.451169][ T4143] vfs_write+0x7c8/0xa2c [ 61.452440][ T4143] ksys_write+0x120/0x210 [ 61.453768][ T4143] __arm64_sys_write+0x7c/0x90 [ 61.455206][ T4143] invoke_syscall+0x98/0x2b8 [ 61.456610][ T4143] el0_svc_common+0x138/0x258 [ 61.458107][ T4143] do_el0_svc+0x58/0x14c [ 61.459370][ T4143] el0_svc+0x78/0x1e0 [ 61.460559][ T4143] el0t_64_sync_handler+0xcc/0xe4 [ 61.462076][ T4143] el0t_64_sync+0x1a0/0x1a4 [ 61.463467][ T4143] [ 61.463467][ T4143] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 61.465613][ T4143] __mutex_lock_common+0x194/0x1edc [ 61.467243][ T4143] mutex_lock_nested+0xac/0x11c [ 61.468742][ T4143] vhci_send_frame+0x88/0x118 [ 61.470166][ T4143] hci_send_frame+0x194/0x2f0 [ 61.471578][ T4143] hci_tx_work+0x7e4/0x1394 [ 61.473017][ T4143] process_one_work+0x79c/0x1140 [ 61.474489][ T4143] worker_thread+0x8f4/0x101c [ 61.475918][ T4143] kthread+0x374/0x454 [ 61.477175][ T4143] ret_from_fork+0x10/0x20 [ 61.478495][ T4143] [ 61.478495][ T4143] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 61.481058][ T4143] __flush_work+0xf4/0x1bc [ 61.482392][ T4143] flush_work+0x24/0x38 [ 61.483683][ T4143] hci_dev_do_close+0x164/0x105c [ 61.485163][ T4143] hci_unregister_dev+0x23c/0x4c0 [ 61.486661][ T4143] vhci_release+0x74/0xc4 [ 61.487948][ T4143] __fput+0x1c0/0x7f8 [ 61.489177][ T4143] ____fput+0x20/0x30 [ 61.490444][ T4143] task_work_run+0x12c/0x1e0 [ 61.491826][ T4143] do_exit+0x67c/0x1f58 [ 61.493135][ T4143] do_group_exit+0x100/0x268 [ 61.494509][ T4143] get_signal+0x73c/0x1340 [ 61.495860][ T4143] do_notify_resume+0x35c/0x3128 [ 61.497375][ T4143] el0_svc+0xf0/0x1e0 [ 61.498616][ T4143] el0t_64_sync_handler+0xcc/0xe4 [ 61.500141][ T4143] el0t_64_sync+0x1a0/0x1a4 [ 61.501546][ T4143] [ 61.501546][ T4143] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 61.503701][ T4143] __mutex_lock_common+0x194/0x1edc [ 61.505340][ T4143] mutex_lock_nested+0xac/0x11c [ 61.506792][ T4143] bg_scan_update+0x48/0x3d0 [ 61.508191][ T4143] process_one_work+0x79c/0x1140 [ 61.509690][ T4143] worker_thread+0x8f4/0x101c [ 61.511175][ T4143] kthread+0x374/0x454 [ 61.512498][ T4143] ret_from_fork+0x10/0x20 [ 61.513837][ T4143] [ 61.513837][ T4143] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 61.516565][ T4143] __lock_acquire+0x2928/0x651c [ 61.518074][ T4143] lock_acquire+0x1f4/0x620 [ 61.519423][ T4143] __flush_work+0xf4/0x1bc [ 61.520743][ T4143] __cancel_work_timer+0x2ec/0x448 [ 61.522265][ T4143] cancel_work_sync+0x24/0x38 [ 61.523624][ T4143] hci_request_cancel_all+0xbc/0x2d0 [ 61.525201][ T4143] hci_dev_do_close+0x54/0x105c [ 61.526671][ T4143] hci_rfkill_set_block+0xdc/0x1d0 [ 61.528202][ T4143] rfkill_set_block+0x18c/0x374 [ 61.529637][ T4143] rfkill_fop_write+0x4a4/0x5cc [ 61.531070][ T4143] vfs_write+0x280/0xa2c [ 61.532332][ T4143] ksys_write+0x120/0x210 [ 61.533624][ T4143] __arm64_sys_write+0x7c/0x90 [ 61.535066][ T4143] invoke_syscall+0x98/0x2b8 [ 61.536426][ T4143] el0_svc_common+0x138/0x258 [ 61.537812][ T4143] do_el0_svc+0x58/0x14c [ 61.539143][ T4143] el0_svc+0x78/0x1e0 [ 61.540347][ T4143] el0t_64_sync_handler+0xcc/0xe4 [ 61.541817][ T4143] el0t_64_sync+0x1a0/0x1a4 [ 61.543218][ T4143] [ 61.543218][ T4143] other info that might help us debug this: [ 61.543218][ T4143] [ 61.546154][ T4143] Chain exists of: [ 61.546154][ T4143] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 61.546154][ T4143] [ 61.550346][ T4143] Possible unsafe locking scenario: [ 61.550346][ T4143] [ 61.552326][ T4143] CPU0 CPU1 [ 61.553790][ T4143] ---- ---- [ 61.555212][ T4143] lock(rfkill_global_mutex); [ 61.556501][ T4143] lock(&data->open_mutex); [ 61.558388][ T4143] lock(rfkill_global_mutex); [ 61.560332][ T4143] lock((work_completion)(&hdev->bg_scan_update)); [ 61.562106][ T4143] [ 61.562106][ T4143] *** DEADLOCK *** [ 61.562106][ T4143] [ 61.564310][ T4143] 1 lock held by syz.0.16/4143: [ 61.565614][ T4143] #0: ffff800016507d48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x238/0x5cc [ 61.568354][ T4143] [ 61.568354][ T4143] stack backtrace: [ 61.569947][ T4143] CPU: 1 PID: 4143 Comm: syz.0.16 Not tainted 5.15.185-syzkaller #0 [ 61.572060][ T4143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 61.574796][ T4143] Call trace: [ 61.575681][ T4143] dump_backtrace+0x0/0x43c [ 61.576906][ T4143] show_stack+0x2c/0x3c [ 61.578067][ T4143] __dump_stack+0x30/0x40 [ 61.579212][ T4143] dump_stack_lvl+0xf8/0x160 [ 61.580465][ T4143] dump_stack+0x1c/0x5c [ 61.581618][ T4143] print_circular_bug+0x148/0x1b0 [ 61.582986][ T4143] check_noncircular+0x240/0x2d4 [ 61.584333][ T4143] __lock_acquire+0x2928/0x651c [ 61.585626][ T4143] lock_acquire+0x1f4/0x620 [ 61.586864][ T4143] __flush_work+0xf4/0x1bc [ 61.588094][ T4143] __cancel_work_timer+0x2ec/0x448 [ 61.589515][ T4143] cancel_work_sync+0x24/0x38 [ 61.590762][ T4143] hci_request_cancel_all+0xbc/0x2d0 [ 61.592185][ T4143] hci_dev_do_close+0x54/0x105c [ 61.593493][ T4143] hci_rfkill_set_block+0xdc/0x1d0 [ 61.594874][ T4143] rfkill_set_block+0x18c/0x374 [ 61.596243][ T4143] rfkill_fop_write+0x4a4/0x5cc [ 61.597540][ T4143] vfs_write+0x280/0xa2c [ 61.598696][ T4143] ksys_write+0x120/0x210 [ 61.599840][ T4143] __arm64_sys_write+0x7c/0x90 [ 61.601104][ T4143] invoke_syscall+0x98/0x2b8 [ 61.602345][ T4143] el0_svc_common+0x138/0x258 [ 61.603609][ T4143] do_el0_svc+0x58/0x14c [ 61.604718][ T4143] el0_svc+0x78/0x1e0 [ 61.605750][ T4143] el0t_64_sync_handler+0xcc/0xe4 [ 61.607101][ T4143] el0t_64_sync+0x1a0/0x1a4