Warning: Permanently added '10.128.1.61' (ED25519) to the list of known hosts. 2025/09/29 01:12:23 parsed 1 programs [ 72.227516][ T4189] cgroup: Unknown subsys name 'net' [ 72.367067][ T4189] cgroup: Unknown subsys name 'rlimit' [ 73.879072][ T4189] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 76.931596][ T4233] chnl_net:caif_netlink_parms(): no params data found [ 77.006316][ T4233] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.014577][ T4233] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.024411][ T4233] device bridge_slave_0 entered promiscuous mode [ 77.035259][ T4233] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.043881][ T4233] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.052484][ T4233] device bridge_slave_1 entered promiscuous mode [ 77.084403][ T4233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.097502][ T4233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.132130][ T4233] team0: Port device team_slave_0 added [ 77.141133][ T4233] team0: Port device team_slave_1 added [ 77.166551][ T4233] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.173821][ T4233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.200866][ T4233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.215692][ T4233] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.223113][ T4233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.250859][ T4233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.292393][ T4233] device hsr_slave_0 entered promiscuous mode [ 77.299777][ T4233] device hsr_slave_1 entered promiscuous mode [ 77.431871][ T4233] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.444365][ T4233] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.455024][ T4233] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.464119][ T4233] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.516545][ T4233] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.525401][ T4233] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.537728][ T4233] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.544980][ T4233] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.611602][ T4233] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.647931][ T4233] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.655255][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.679946][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.696504][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.711504][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 77.728341][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.737564][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.744726][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.764324][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.774336][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.781472][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.798192][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.807243][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.820892][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.835063][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.846826][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.858707][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.952588][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.960947][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.975682][ T4233] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.007628][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 78.018424][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.038198][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.047698][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.068547][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.076975][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.086165][ T4233] device veth0_vlan entered promiscuous mode [ 78.113355][ T4233] device veth1_vlan entered promiscuous mode [ 78.134219][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.143194][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 78.152609][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 78.161721][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.174051][ T4233] device veth0_macvtap entered promiscuous mode [ 78.199053][ T4233] device veth1_macvtap entered promiscuous mode [ 78.216287][ T4233] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.224980][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 78.234017][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 78.244216][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.253897][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.266506][ T4233] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.291328][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.301494][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.313123][ T4233] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.322735][ T4233] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.331639][ T4233] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.340617][ T4233] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.673516][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.683612][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.703625][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.736390][ T1277] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.745412][ T1277] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.756093][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/09/29 01:12:34 executed programs: 0 [ 80.361109][ T4295] chnl_net:caif_netlink_parms(): no params data found [ 80.418349][ T155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.444170][ T4295] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.452880][ T4295] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.461566][ T4295] device bridge_slave_0 entered promiscuous mode [ 80.471416][ T4295] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.478651][ T4295] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.487627][ T4295] device bridge_slave_1 entered promiscuous mode [ 80.511769][ T4295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.524118][ T4295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.548802][ T4295] team0: Port device team_slave_0 added [ 80.556813][ T4295] team0: Port device team_slave_1 added [ 80.575460][ T4295] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.582902][ T4295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.609349][ T4295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.621813][ T4295] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.629134][ T4295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.655982][ T4295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.687667][ T4295] device hsr_slave_0 entered promiscuous mode [ 80.694632][ T4295] device hsr_slave_1 entered promiscuous mode [ 80.701622][ T4295] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.710003][ T4295] Cannot create hsr debugfs directory [ 82.290355][ T4191] Bluetooth: hci0: command 0x0409 tx timeout [ 83.273715][ T155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.336235][ T155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.378825][ T155] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.306616][ T4295] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.323908][ T4295] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.370402][ T4256] Bluetooth: hci0: command 0x041b tx timeout [ 84.378461][ T4295] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.396541][ T4295] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.546917][ T4295] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.592207][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 84.601870][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.614964][ T4295] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.627568][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 84.637129][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 84.646071][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.653247][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.662963][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.695180][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 84.704775][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.713540][ T1277] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.720895][ T1277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.734292][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 84.743969][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 84.781198][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 84.792344][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.802982][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 84.812547][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.823073][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.832319][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 84.840981][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.854194][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 84.863281][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.892661][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.016972][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.024818][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.037205][ T4295] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.055829][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 85.065253][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 85.104258][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 85.113131][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.122522][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 85.131519][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.150972][ T4295] device veth0_vlan entered promiscuous mode [ 85.162916][ T4295] device veth1_vlan entered promiscuous mode [ 85.184030][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 85.192731][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 85.202643][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 85.212179][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 85.223189][ T4295] device veth0_macvtap entered promiscuous mode [ 85.245295][ T4295] device veth1_macvtap entered promiscuous mode [ 85.262758][ T155] device hsr_slave_0 left promiscuous mode [ 85.269988][ T155] device hsr_slave_1 left promiscuous mode [ 85.276590][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.284942][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 85.293857][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.301800][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 85.309802][ T155] device bridge_slave_1 left promiscuous mode [ 85.316803][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.333611][ T155] device bridge_slave_0 left promiscuous mode [ 85.340497][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.360524][ T155] device veth1_macvtap left promiscuous mode [ 85.367573][ T155] device veth0_macvtap left promiscuous mode [ 85.375314][ T155] device veth1_vlan left promiscuous mode [ 85.382276][ T155] device veth0_vlan left promiscuous mode [ 85.563096][ T155] team0 (unregistering): Port device team_slave_1 removed [ 85.576745][ T155] team0 (unregistering): Port device team_slave_0 removed [ 85.591882][ T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 85.606538][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 85.668829][ T155] bond0 (unregistering): Released all slaves [ 85.740740][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 85.748914][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 85.763945][ T4295] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.772740][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 85.781943][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.797540][ T4295] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.814955][ T4295] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.824709][ T4295] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.833788][ T4295] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.842916][ T4295] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.855135][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 85.865127][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 85.943548][ T1277] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.954728][ T1277] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.964603][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 85.997471][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.009278][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.020807][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.130085][ T4372] [ 86.133148][ T4372] ====================================================== [ 86.140530][ T4372] WARNING: possible circular locking dependency detected [ 86.147675][ T4372] syzkaller #0 Not tainted [ 86.152123][ T4372] ------------------------------------------------------ [ 86.159557][ T4372] syz.0.17/4372 is trying to acquire lock: [ 86.165485][ T4372] ffff888074d64c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 86.176747][ T4372] [ 86.176747][ T4372] but task is already holding lock: [ 86.184399][ T4372] ffffffff8d4c0468 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 86.194408][ T4372] [ 86.194408][ T4372] which lock already depends on the new lock. [ 86.194408][ T4372] [ 86.204928][ T4372] [ 86.204928][ T4372] the existing dependency chain (in reverse order) is: [ 86.214072][ T4372] [ 86.214072][ T4372] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 86.222178][ T4372] __mutex_lock_common+0x1eb/0x2390 [ 86.227934][ T4372] mutex_lock_nested+0x17/0x20 [ 86.233383][ T4372] rfkill_register+0x33/0x8a0 [ 86.238713][ T4372] hci_register_dev+0x452/0x970 [ 86.244141][ T4372] vhci_create_device+0x32c/0x5c0 [ 86.249757][ T4372] vhci_write+0x391/0x450 [ 86.254693][ T4372] vfs_write+0x712/0xd00 [ 86.259752][ T4372] ksys_write+0x14d/0x250 [ 86.264839][ T4372] do_syscall_64+0x4c/0xa0 [ 86.269814][ T4372] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.276264][ T4372] [ 86.276264][ T4372] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 86.284252][ T4372] __mutex_lock_common+0x1eb/0x2390 [ 86.290360][ T4372] mutex_lock_nested+0x17/0x20 [ 86.295996][ T4372] vhci_send_frame+0x88/0x100 [ 86.301560][ T4372] hci_send_frame+0x1a9/0x2e0 [ 86.307032][ T4372] hci_tx_work+0x9f9/0x1710 [ 86.312217][ T4372] process_one_work+0x863/0x1000 [ 86.317944][ T4372] worker_thread+0xaa8/0x12a0 [ 86.323379][ T4372] kthread+0x436/0x520 [ 86.328197][ T4372] ret_from_fork+0x1f/0x30 [ 86.333435][ T4372] [ 86.333435][ T4372] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 86.342773][ T4372] __flush_work+0xdd/0x1b0 [ 86.347969][ T4372] hci_dev_do_close+0x1e7/0x1030 [ 86.353552][ T4372] hci_unregister_dev+0x2d7/0x580 [ 86.359307][ T4372] vhci_release+0x73/0xc0 [ 86.364269][ T4372] __fput+0x234/0x930 [ 86.368894][ T4372] task_work_run+0x125/0x1a0 [ 86.374151][ T4372] do_exit+0x61e/0x20a0 [ 86.379041][ T4372] do_group_exit+0x12e/0x300 [ 86.384275][ T4372] get_signal+0x6ca/0x12c0 [ 86.389346][ T4372] arch_do_signal_or_restart+0xc1/0x1300 [ 86.395825][ T4372] exit_to_user_mode_loop+0x9e/0x130 [ 86.401978][ T4372] exit_to_user_mode_prepare+0xee/0x180 [ 86.408101][ T4372] syscall_exit_to_user_mode+0x16/0x40 [ 86.414222][ T4372] do_syscall_64+0x58/0xa0 [ 86.419277][ T4372] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.426201][ T4372] [ 86.426201][ T4372] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 86.433900][ T4372] __mutex_lock_common+0x1eb/0x2390 [ 86.439700][ T4372] mutex_lock_nested+0x17/0x20 [ 86.445133][ T4372] bg_scan_update+0x44/0x3b0 [ 86.450451][ T4372] process_one_work+0x863/0x1000 [ 86.456268][ T4372] worker_thread+0xaa8/0x12a0 [ 86.461511][ T4372] kthread+0x436/0x520 [ 86.466242][ T4372] ret_from_fork+0x1f/0x30 [ 86.471861][ T4372] [ 86.471861][ T4372] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 86.481943][ T4372] __lock_acquire+0x2c33/0x7c60 [ 86.487548][ T4372] lock_acquire+0x197/0x3f0 [ 86.489512][ T4255] Bluetooth: hci0: command 0x040f tx timeout [ 86.492786][ T4372] __flush_work+0xdd/0x1b0 [ 86.503721][ T4372] __cancel_work_timer+0x3ac/0x520 [ 86.509583][ T4372] hci_request_cancel_all+0xcc/0x300 [ 86.515667][ T4372] hci_dev_do_close+0x4e/0x1030 [ 86.521251][ T4372] hci_rfkill_set_block+0x10a/0x190 [ 86.527016][ T4372] rfkill_set_block+0x1c6/0x420 [ 86.532425][ T4372] rfkill_fop_write+0x458/0x560 [ 86.538079][ T4372] vfs_write+0x300/0xd00 [ 86.543070][ T4372] ksys_write+0x14d/0x250 [ 86.548057][ T4372] do_syscall_64+0x4c/0xa0 [ 86.553284][ T4372] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.559835][ T4372] [ 86.559835][ T4372] other info that might help us debug this: [ 86.559835][ T4372] [ 86.570273][ T4372] Chain exists of: [ 86.570273][ T4372] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 86.570273][ T4372] [ 86.586131][ T4372] Possible unsafe locking scenario: [ 86.586131][ T4372] [ 86.593792][ T4372] CPU0 CPU1 [ 86.599182][ T4372] ---- ---- [ 86.604600][ T4372] lock(rfkill_global_mutex); [ 86.609395][ T4372] lock(&data->open_mutex); [ 86.616535][ T4372] lock(rfkill_global_mutex); [ 86.623850][ T4372] lock((work_completion)(&hdev->bg_scan_update)); [ 86.630535][ T4372] [ 86.630535][ T4372] *** DEADLOCK *** [ 86.630535][ T4372] [ 86.638754][ T4372] 1 lock held by syz.0.17/4372: [ 86.643627][ T4372] #0: ffffffff8d4c0468 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 86.653770][ T4372] [ 86.653770][ T4372] stack backtrace: [ 86.659868][ T4372] CPU: 1 PID: 4372 Comm: syz.0.17 Not tainted syzkaller #0 [ 86.667281][ T4372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 86.677754][ T4372] Call Trace: [ 86.681151][ T4372] [ 86.684106][ T4372] dump_stack_lvl+0x168/0x230 [ 86.688914][ T4372] ? load_image+0x3b0/0x3b0 [ 86.693464][ T4372] ? show_regs_print_info+0x20/0x20 [ 86.698714][ T4372] ? print_circular_bug+0x12b/0x1a0 [ 86.703950][ T4372] check_noncircular+0x274/0x310 [ 86.709579][ T4372] ? add_chain_block+0x940/0x940 [ 86.714888][ T4372] ? lockdep_lock+0xdc/0x1e0 [ 86.719824][ T4372] ? __lock_acquire+0x12d9/0x7c60 [ 86.724977][ T4372] ? lockdep_lock+0x1e0/0x1e0 [ 86.729692][ T4372] ? mark_lock+0x94/0x320 [ 86.734348][ T4372] __lock_acquire+0x2c33/0x7c60 [ 86.739241][ T4372] ? verify_lock_unused+0x140/0x140 [ 86.744883][ T4372] ? verify_lock_unused+0x140/0x140 [ 86.750252][ T4372] lock_acquire+0x197/0x3f0 [ 86.754815][ T4372] ? __flush_work+0xc1/0x1b0 [ 86.759635][ T4372] ? __lock_acquire+0x7c60/0x7c60 [ 86.764848][ T4372] ? read_lock_is_recursive+0x10/0x10 [ 86.770617][ T4372] ? start_flush_work+0x776/0x820 [ 86.775774][ T4372] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 86.781892][ T4372] ? _raw_spin_unlock+0x40/0x40 [ 86.787002][ T4372] __flush_work+0xdd/0x1b0 [ 86.791874][ T4372] ? __flush_work+0xc1/0x1b0 [ 86.796610][ T4372] ? flush_work+0x20/0x20 [ 86.801322][ T4372] ? try_to_grab_pending+0xf3/0x7e0 [ 86.806875][ T4372] ? lockdep_hardirqs_off+0x70/0x100 [ 86.812290][ T4372] ? mark_lock+0x94/0x320 [ 86.817212][ T4372] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 86.823803][ T4372] ? lock_chain_count+0x20/0x20 [ 86.829076][ T4372] ? mark_lock+0x94/0x320 [ 86.833579][ T4372] ? __cancel_work_timer+0x331/0x520 [ 86.839117][ T4372] __cancel_work_timer+0x3ac/0x520 [ 86.844454][ T4372] ? cancel_work_sync+0x20/0x20 [ 86.849907][ T4372] ? __cancel_work+0x1f4/0x2d0 [ 86.854984][ T4372] ? lockdep_hardirqs_on+0x94/0x140 [ 86.860583][ T4372] ? __cancel_work+0x26f/0x2d0 [ 86.865385][ T4372] ? cancel_work+0x20/0x20 [ 86.870032][ T4372] ? lock_chain_count+0x20/0x20 [ 86.875346][ T4372] hci_request_cancel_all+0xcc/0x300 [ 86.880815][ T4372] hci_dev_do_close+0x4e/0x1030 [ 86.887792][ T4372] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 86.894345][ T4372] ? _raw_spin_unlock+0x40/0x40 [ 86.899506][ T4372] hci_rfkill_set_block+0x10a/0x190 [ 86.905833][ T4372] ? rcu_lock_release+0x20/0x20 [ 86.912731][ T4372] rfkill_set_block+0x1c6/0x420 [ 86.918163][ T4372] rfkill_fop_write+0x458/0x560 [ 86.923065][ T4372] ? verify_lock_unused+0x140/0x140 [ 86.928510][ T4372] ? rfkill_fop_read+0x4b0/0x4b0 [ 86.933598][ T4372] ? common_file_perm+0xc0/0x1c0 [ 86.938671][ T4372] ? fsnotify_perm+0x5d/0x560 [ 86.943735][ T4372] ? security_file_permission+0x75/0xa0 [ 86.949335][ T4372] ? rfkill_fop_read+0x4b0/0x4b0 [ 86.954480][ T4372] vfs_write+0x300/0xd00 [ 86.959174][ T4372] ? file_end_write+0x250/0x250 [ 86.964068][ T4372] ? __context_tracking_exit+0x4c/0x80 [ 86.969670][ T4372] ? __lock_acquire+0x7c60/0x7c60 [ 86.975295][ T4372] ? __fdget_pos+0x1e2/0x370 [ 86.979923][ T4372] ksys_write+0x14d/0x250 [ 86.984295][ T4372] ? __ia32_sys_read+0x80/0x80 [ 86.989137][ T4372] ? lockdep_hardirqs_on+0x94/0x140 [ 86.994500][ T4372] do_syscall_64+0x4c/0xa0 [ 86.998968][ T4372] ? clear_bhb_loop+0x30/0x80 [ 87.003807][ T4372] ? clear_bhb_loop+0x30/0x80 [ 87.009312][ T4372] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.016165][ T4372] RIP: 0033:0x7feef23fdec9 [ 87.021202][ T4372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.041925][ T4372] RSP: 002b:00007fffcce064b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 87.050460][ T4372] RAX: ffffffffffffffda RBX: 00007feef2654fa0 RCX: 00007feef23fdec9 [ 87.058739][ T4372] RDX: 0000000000000008 RSI: 0000200000000040 RDI: 0000000000000003 [ 87.066985][ T4372] RBP: 00007feef2480f91 R08: 0000000000000000 R09: 0000000000000000 [ 87.075295][ T4372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.083426][ T4372] R13: 00007feef2654fa0 R14: 00007feef2654fa0 R15: 0000000000000003 [ 87.091533][ T4372] [ 87.169825][ T1108] cfg80211: failed to load regulatory.db