Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts. 2025/12/31 14:24:18 parsed 1 programs syzkaller login: [ 72.119476][ T4189] cgroup: Unknown subsys name 'net' [ 72.249493][ T4189] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.713295][ T4189] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 76.715822][ T4235] chnl_net:caif_netlink_parms(): no params data found [ 76.785772][ T4235] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.793579][ T4235] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.801870][ T4235] device bridge_slave_0 entered promiscuous mode [ 76.813439][ T4235] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.820591][ T4235] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.830160][ T4235] device bridge_slave_1 entered promiscuous mode [ 76.861426][ T4235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.873275][ T4235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.903833][ T4235] team0: Port device team_slave_0 added [ 76.911815][ T4235] team0: Port device team_slave_1 added [ 76.937640][ T4235] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.944720][ T4235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.970977][ T4235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.984370][ T4235] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.991357][ T4235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.017360][ T4235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.057995][ T4235] device hsr_slave_0 entered promiscuous mode [ 77.065140][ T4235] device hsr_slave_1 entered promiscuous mode [ 77.190987][ T4235] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.202771][ T4235] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.213276][ T4235] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.224486][ T4235] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.256932][ T4235] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.264287][ T4235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.271938][ T4235] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.279194][ T4235] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.335868][ T4235] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.351641][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.366795][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.376442][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.392264][ T4235] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.406085][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.415118][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.422184][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.434820][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.443504][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.450584][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.475106][ T1681] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.485724][ T1681] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.516340][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.525261][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.542349][ T4235] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.565368][ T4235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.595323][ T1681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.715028][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.722546][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.737247][ T4235] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.753808][ T1681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 77.763064][ T1681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.781962][ T1681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 77.790646][ T1681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.800186][ T1681] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.808986][ T1681] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.821307][ T4235] device veth0_vlan entered promiscuous mode [ 77.832985][ T4235] device veth1_vlan entered promiscuous mode [ 77.854200][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.862427][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 77.871393][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.880341][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.891145][ T4235] device veth0_macvtap entered promiscuous mode [ 77.901234][ T4235] device veth1_macvtap entered promiscuous mode [ 77.935878][ T4235] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.944887][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 77.953872][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 77.961795][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 77.971429][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.983112][ T4235] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.991563][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.000475][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.012026][ T4235] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.021481][ T4235] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.030855][ T4235] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.040106][ T4235] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.620879][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.630256][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.658672][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.682728][ T1681] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.690734][ T1681] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.699849][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/12/31 14:24:28 executed programs: 0 [ 79.731465][ T4287] chnl_net:caif_netlink_parms(): no params data found [ 79.799203][ T4287] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.807712][ T4287] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.817302][ T4287] device bridge_slave_0 entered promiscuous mode [ 79.827244][ T4287] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.835590][ T4287] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.849924][ T4287] device bridge_slave_1 entered promiscuous mode [ 79.885766][ T4287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.905455][ T4287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.952604][ T4287] team0: Port device team_slave_0 added [ 79.966617][ T4287] team0: Port device team_slave_1 added [ 79.987735][ T4287] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.995022][ T4287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.021370][ T4287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.036181][ T4287] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.043200][ T4287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.070677][ T4287] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.115919][ T4287] device hsr_slave_0 entered promiscuous mode [ 80.122861][ T4287] device hsr_slave_1 entered promiscuous mode [ 80.130046][ T4287] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.140558][ T4287] Cannot create hsr debugfs directory [ 80.228161][ T4287] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.613800][ T4301] Bluetooth: hci0: command 0x0409 tx timeout [ 82.810287][ T4287] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.890834][ T4287] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.951065][ T4287] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.080790][ T4287] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.092060][ T4287] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.101124][ T4287] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.110444][ T4287] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.180807][ T4287] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.215842][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 83.224189][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.235297][ T4287] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.245771][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.256781][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.266108][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.273225][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.296174][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 83.304265][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.312858][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.321442][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.328561][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.338764][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 83.348571][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 83.357865][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 83.367666][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 83.376684][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 83.385857][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.401243][ T4287] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 83.412293][ T4287] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.424428][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 83.432391][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 83.442715][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.451983][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 83.460747][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 83.471477][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 83.589561][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 83.597157][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 83.611573][ T4287] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.642546][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 83.651704][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 83.684213][ T4301] Bluetooth: hci0: command 0x041b tx timeout [ 83.699576][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 83.708162][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 83.717712][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 83.726708][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 83.736971][ T4287] device veth0_vlan entered promiscuous mode [ 83.749667][ T4287] device veth1_vlan entered promiscuous mode [ 83.789152][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 83.798139][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 83.807942][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 83.816560][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 83.828430][ T4287] device veth0_macvtap entered promiscuous mode [ 83.841284][ T4287] device veth1_macvtap entered promiscuous mode [ 83.862819][ T144] device hsr_slave_0 left promiscuous mode [ 83.870186][ T144] device hsr_slave_1 left promiscuous mode [ 83.878343][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 83.886075][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 83.894510][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 83.901936][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 83.909806][ T144] device bridge_slave_1 left promiscuous mode [ 83.916914][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.930091][ T144] device bridge_slave_0 left promiscuous mode [ 83.937944][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.955333][ T144] device veth1_macvtap left promiscuous mode [ 83.961559][ T144] device veth0_macvtap left promiscuous mode [ 83.967763][ T144] device veth1_vlan left promiscuous mode [ 83.974367][ T144] device veth0_vlan left promiscuous mode [ 84.146663][ T144] team0 (unregistering): Port device team_slave_1 removed [ 84.161503][ T144] team0 (unregistering): Port device team_slave_0 removed [ 84.176470][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 84.194807][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 84.253937][ T144] bond0 (unregistering): Released all slaves [ 84.323872][ T4287] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.332182][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 84.340514][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 84.348913][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 84.357698][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.370180][ T4287] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.379768][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 84.388711][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.399484][ T4287] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.409775][ T4287] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.418888][ T4287] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.427753][ T4287] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.502022][ T1681] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.520534][ T1681] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.532048][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 84.548614][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.565178][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.576144][ T1681] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 84.662803][ T4315] [ 84.665282][ T4315] ====================================================== [ 84.672319][ T4315] WARNING: possible circular locking dependency detected [ 84.679363][ T4315] syzkaller #0 Not tainted [ 84.683794][ T4315] ------------------------------------------------------ [ 84.690829][ T4315] syz.0.17/4315 is trying to acquire lock: [ 84.696656][ T4315] ffff888024c30c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 84.707756][ T4315] [ 84.707756][ T4315] but task is already holding lock: [ 84.715154][ T4315] ffffffff8d4ba7e8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 84.724858][ T4315] [ 84.724858][ T4315] which lock already depends on the new lock. [ 84.724858][ T4315] [ 84.735279][ T4315] [ 84.735279][ T4315] the existing dependency chain (in reverse order) is: [ 84.744313][ T4315] [ 84.744313][ T4315] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 84.752351][ T4315] __mutex_lock_common+0x1eb/0x2390 [ 84.758114][ T4315] mutex_lock_nested+0x17/0x20 [ 84.763432][ T4315] rfkill_register+0x33/0x8a0 [ 84.768687][ T4315] hci_register_dev+0x452/0x970 [ 84.774081][ T4315] vhci_create_device+0x32c/0x5c0 [ 84.779657][ T4315] vhci_write+0x391/0x450 [ 84.784543][ T4315] vfs_write+0x712/0xd00 [ 84.789339][ T4315] ksys_write+0x14d/0x250 [ 84.794220][ T4315] do_syscall_64+0x4c/0xa0 [ 84.799183][ T4315] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 84.805621][ T4315] [ 84.805621][ T4315] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 84.813473][ T4315] __mutex_lock_common+0x1eb/0x2390 [ 84.819228][ T4315] mutex_lock_nested+0x17/0x20 [ 84.824550][ T4315] vhci_send_frame+0x88/0x100 [ 84.829783][ T4315] hci_send_frame+0x1a9/0x2e0 [ 84.835011][ T4315] hci_tx_work+0x9f9/0x1710 [ 84.840066][ T4315] process_one_work+0x863/0x1000 [ 84.845597][ T4315] worker_thread+0xaa8/0x12a0 [ 84.850820][ T4315] kthread+0x436/0x520 [ 84.855430][ T4315] ret_from_fork+0x1f/0x30 [ 84.860400][ T4315] [ 84.860400][ T4315] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 84.869636][ T4315] __flush_work+0xdd/0x1b0 [ 84.874639][ T4315] hci_dev_do_close+0x1e7/0x1030 [ 84.880127][ T4315] hci_unregister_dev+0x2d7/0x580 [ 84.885706][ T4315] vhci_release+0x73/0xc0 [ 84.890582][ T4315] __fput+0x234/0x930 [ 84.895115][ T4315] task_work_run+0x125/0x1a0 [ 84.900271][ T4315] do_exit+0x61e/0x20a0 [ 84.904975][ T4315] do_group_exit+0x12e/0x300 [ 84.910130][ T4315] get_signal+0x6ca/0x12c0 [ 84.915101][ T4315] arch_do_signal_or_restart+0xc1/0x1300 [ 84.921315][ T4315] exit_to_user_mode_loop+0x9e/0x130 [ 84.927152][ T4315] exit_to_user_mode_prepare+0xee/0x180 [ 84.933258][ T4315] syscall_exit_to_user_mode+0x16/0x40 [ 84.939272][ T4315] do_syscall_64+0x58/0xa0 [ 84.944232][ T4315] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 84.950682][ T4315] [ 84.950682][ T4315] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 84.958359][ T4315] __mutex_lock_common+0x1eb/0x2390 [ 84.964345][ T4315] mutex_lock_nested+0x17/0x20 [ 84.969658][ T4315] bg_scan_update+0x44/0x3b0 [ 84.974802][ T4315] process_one_work+0x863/0x1000 [ 84.980283][ T4315] worker_thread+0xaa8/0x12a0 [ 84.985503][ T4315] kthread+0x436/0x520 [ 84.990118][ T4315] ret_from_fork+0x1f/0x30 [ 84.995084][ T4315] [ 84.995084][ T4315] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 85.004924][ T4315] __lock_acquire+0x2c33/0x7c60 [ 85.010327][ T4315] lock_acquire+0x197/0x3f0 [ 85.015385][ T4315] __flush_work+0xdd/0x1b0 [ 85.020353][ T4315] __cancel_work_timer+0x3ac/0x520 [ 85.026008][ T4315] hci_request_cancel_all+0xcc/0x300 [ 85.031842][ T4315] hci_dev_do_close+0x4e/0x1030 [ 85.037245][ T4315] hci_rfkill_set_block+0x10a/0x190 [ 85.042989][ T4315] rfkill_set_block+0x1c6/0x420 [ 85.048393][ T4315] rfkill_fop_write+0x458/0x560 [ 85.053788][ T4315] vfs_write+0x300/0xd00 [ 85.058590][ T4315] ksys_write+0x14d/0x250 [ 85.063470][ T4315] do_syscall_64+0x4c/0xa0 [ 85.068436][ T4315] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.074883][ T4315] [ 85.074883][ T4315] other info that might help us debug this: [ 85.074883][ T4315] [ 85.085135][ T4315] Chain exists of: [ 85.085135][ T4315] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 85.085135][ T4315] [ 85.100889][ T4315] Possible unsafe locking scenario: [ 85.100889][ T4315] [ 85.108364][ T4315] CPU0 CPU1 [ 85.113759][ T4315] ---- ---- [ 85.119145][ T4315] lock(rfkill_global_mutex); [ 85.123934][ T4315] lock(&data->open_mutex); [ 85.131069][ T4315] lock(rfkill_global_mutex); [ 85.138377][ T4315] lock((work_completion)(&hdev->bg_scan_update)); [ 85.144993][ T4315] [ 85.144993][ T4315] *** DEADLOCK *** [ 85.144993][ T4315] [ 85.153168][ T4315] 1 lock held by syz.0.17/4315: [ 85.158057][ T4315] #0: ffffffff8d4ba7e8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 85.168298][ T4315] [ 85.168298][ T4315] stack backtrace: [ 85.174208][ T4315] CPU: 1 PID: 4315 Comm: syz.0.17 Not tainted syzkaller #0 [ 85.181400][ T4315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 85.191471][ T4315] Call Trace: [ 85.194749][ T4315] [ 85.197676][ T4315] dump_stack_lvl+0x168/0x230 [ 85.202363][ T4315] ? load_image+0x3b0/0x3b0 [ 85.206861][ T4315] ? show_regs_print_info+0x20/0x20 [ 85.212057][ T4315] ? print_circular_bug+0x12b/0x1a0 [ 85.217269][ T4315] check_noncircular+0x274/0x310 [ 85.222235][ T4315] ? add_chain_block+0x940/0x940 [ 85.227206][ T4315] ? lockdep_lock+0xdc/0x1e0 [ 85.231823][ T4315] ? __lock_acquire+0x12d9/0x7c60 [ 85.236870][ T4315] ? lockdep_lock+0x1e0/0x1e0 [ 85.241583][ T4315] ? mark_lock+0x94/0x320 [ 85.245942][ T4315] __lock_acquire+0x2c33/0x7c60 [ 85.250821][ T4315] ? verify_lock_unused+0x140/0x140 [ 85.256052][ T4315] ? verify_lock_unused+0x140/0x140 [ 85.261283][ T4315] lock_acquire+0x197/0x3f0 [ 85.265817][ T4315] ? __flush_work+0xc1/0x1b0 [ 85.270437][ T4315] ? __lock_acquire+0x7c60/0x7c60 [ 85.275493][ T4315] ? read_lock_is_recursive+0x10/0x10 [ 85.280893][ T4315] ? start_flush_work+0x776/0x820 [ 85.285939][ T4315] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 85.291857][ T4315] ? _raw_spin_unlock+0x40/0x40 [ 85.296734][ T4315] __flush_work+0xdd/0x1b0 [ 85.301181][ T4315] ? __flush_work+0xc1/0x1b0 [ 85.305794][ T4315] ? flush_work+0x20/0x20 [ 85.310165][ T4315] ? try_to_grab_pending+0xf3/0x7e0 [ 85.315393][ T4315] ? lockdep_hardirqs_off+0x70/0x100 [ 85.320709][ T4315] ? mark_lock+0x94/0x320 [ 85.325077][ T4315] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 85.331092][ T4315] ? lock_chain_count+0x20/0x20 [ 85.335988][ T4315] ? mark_lock+0x94/0x320 [ 85.340358][ T4315] ? __cancel_work_timer+0x331/0x520 [ 85.345673][ T4315] __cancel_work_timer+0x3ac/0x520 [ 85.350825][ T4315] ? cancel_work_sync+0x20/0x20 [ 85.355700][ T4315] ? __cancel_work+0x1f4/0x2d0 [ 85.360497][ T4315] ? lockdep_hardirqs_on+0x94/0x140 [ 85.365735][ T4315] ? __cancel_work+0x26f/0x2d0 [ 85.370537][ T4315] ? cancel_work+0x20/0x20 [ 85.375000][ T4315] ? lock_chain_count+0x20/0x20 [ 85.379912][ T4315] hci_request_cancel_all+0xcc/0x300 [ 85.385237][ T4315] hci_dev_do_close+0x4e/0x1030 [ 85.390136][ T4315] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 85.396074][ T4315] ? _raw_spin_unlock+0x40/0x40 [ 85.400981][ T4315] hci_rfkill_set_block+0x10a/0x190 [ 85.406240][ T4315] ? rcu_lock_release+0x20/0x20 [ 85.411118][ T4315] rfkill_set_block+0x1c6/0x420 [ 85.416004][ T4315] rfkill_fop_write+0x458/0x560 [ 85.420895][ T4315] ? verify_lock_unused+0x140/0x140 [ 85.426123][ T4315] ? rfkill_fop_read+0x4b0/0x4b0 [ 85.431092][ T4315] ? common_file_perm+0xc0/0x1c0 [ 85.436172][ T4315] ? fsnotify_perm+0x5d/0x560 [ 85.440881][ T4315] ? security_file_permission+0x75/0xa0 [ 85.446462][ T4315] ? rfkill_fop_read+0x4b0/0x4b0 [ 85.451431][ T4315] vfs_write+0x300/0xd00 [ 85.455710][ T4315] ? file_end_write+0x250/0x250 [ 85.460590][ T4315] ? __context_tracking_exit+0x4c/0x80 [ 85.466098][ T4315] ? __lock_acquire+0x7c60/0x7c60 [ 85.471166][ T4315] ? __fdget_pos+0x1e2/0x370 [ 85.475802][ T4315] ksys_write+0x14d/0x250 [ 85.480185][ T4315] ? __ia32_sys_read+0x80/0x80 [ 85.485058][ T4315] ? lockdep_hardirqs_on+0x94/0x140 [ 85.490295][ T4315] do_syscall_64+0x4c/0xa0 [ 85.494751][ T4315] ? clear_bhb_loop+0x30/0x80 [ 85.499457][ T4315] ? clear_bhb_loop+0x30/0x80 [ 85.504173][ T4315] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.510136][ T4315] RIP: 0033:0x7eff1f303749 [ 85.514585][ T4315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.534489][ T4315] RSP: 002b:00007ffccc12fb88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.542943][ T4315] RAX: ffffffffffffffda RBX: 00007eff1f559fa0 RCX: 00007eff1f303749 [ 85.550973][ T4315] RDX: 0000000000000008 RSI: 0000200000000040 RDI: 0000000000000003 [ 85.558995][ T4315] RBP: 00007eff1f387f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.567017][ T4315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.575123][ T4315] R13: 00007eff1f559fa0 R14: 00007eff1f559fa0 R15: 0000000000000003 [ 85.583133][ T4315]