Warning: Permanently added '10.128.1.59' (ED25519) to the list of known hosts. 2026/04/29 19:56:42 parsed 1 programs [ 65.067587][ T4188] cgroup: Unknown subsys name 'net' [ 65.193751][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.716622][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 68.554367][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.563033][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.577513][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.595714][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.604189][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.615580][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.724953][ T4233] chnl_net:caif_netlink_parms(): no params data found [ 69.796116][ T4233] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.805509][ T4233] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.813980][ T4233] device bridge_slave_0 entered promiscuous mode [ 69.825501][ T4233] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.832993][ T4233] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.843187][ T4233] device bridge_slave_1 entered promiscuous mode [ 69.875349][ T4233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.888111][ T4233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.921643][ T4233] team0: Port device team_slave_0 added [ 69.931327][ T4233] team0: Port device team_slave_1 added [ 69.956842][ T4233] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.965731][ T4233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.993827][ T4233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.007039][ T4233] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.015502][ T4233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.043844][ T4233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.086209][ T4233] device hsr_slave_0 entered promiscuous mode [ 70.094648][ T4233] device hsr_slave_1 entered promiscuous mode [ 70.233337][ T4233] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.250683][ T4233] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.262439][ T4233] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.276366][ T4233] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.330102][ T4233] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.341165][ T4233] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.354518][ T4233] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.361939][ T4233] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.459654][ T4233] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.473852][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.484039][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.493153][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.501974][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 70.516315][ T4233] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.528013][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.536821][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.544126][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.556469][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.565389][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.572745][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.594086][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.603349][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 70.616773][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.629983][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.641819][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 70.653070][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 70.746151][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 70.754648][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 70.767258][ T4233] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.802664][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 70.812165][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 70.834767][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 70.844837][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 70.855478][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 70.865085][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 70.875974][ T4233] device veth0_vlan entered promiscuous mode [ 70.903943][ T4233] device veth1_vlan entered promiscuous mode [ 70.922524][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 70.931060][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 70.939661][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 70.949193][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 70.977977][ T4233] device veth0_macvtap entered promiscuous mode [ 70.987197][ T4233] device veth1_macvtap entered promiscuous mode [ 71.006804][ T4233] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.015965][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 71.024574][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 71.033535][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 71.042627][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 71.054929][ T4233] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.080037][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 71.089346][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 71.100665][ T4233] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.109983][ T4233] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.119510][ T4233] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.129308][ T4233] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.239049][ T4233] syz-executor (4233) used greatest stack depth: 20120 bytes left [ 71.611710][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.618802][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 2026/04/29 19:56:52 executed programs: 0 [ 73.080321][ T4280] chnl_net:caif_netlink_parms(): no params data found [ 73.142280][ T4280] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.149709][ T4280] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.158408][ T4280] device bridge_slave_0 entered promiscuous mode [ 73.168755][ T4280] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.176222][ T4280] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.184827][ T4280] device bridge_slave_1 entered promiscuous mode [ 73.206742][ T4280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.218960][ T4280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.250089][ T4280] team0: Port device team_slave_0 added [ 73.260935][ T4280] team0: Port device team_slave_1 added [ 73.282578][ T4280] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.291528][ T4280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.320445][ T4280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.339190][ T4280] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.346217][ T4280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.374492][ T4280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.409476][ T4280] device hsr_slave_0 entered promiscuous mode [ 73.416696][ T4280] device hsr_slave_1 entered promiscuous mode [ 73.424401][ T4280] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.433229][ T4280] Cannot create hsr debugfs directory [ 73.455116][ T3016] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.968630][ T1325] Bluetooth: hci0: command 0x0409 tx timeout [ 76.744760][ T3016] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.793790][ T3016] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.863674][ T3016] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.062363][ T1111] Bluetooth: hci0: command 0x041b tx timeout [ 77.784704][ T4280] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.794419][ T4280] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.804245][ T4280] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.814598][ T4280] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.871843][ T4280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.897428][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.905453][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.915850][ T4280] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.925590][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.936635][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.945612][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.952822][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.962489][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.995085][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.004565][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.013411][ T155] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.020547][ T155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.031218][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.043115][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.074789][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.083877][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.093003][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.121082][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.130118][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.141763][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.150517][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.182889][ T4280] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.194698][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.203230][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.211912][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.238947][ T3016] device hsr_slave_0 left promiscuous mode [ 78.246651][ T3016] device hsr_slave_1 left promiscuous mode [ 78.254128][ T3016] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 78.262235][ T3016] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 78.274806][ T3016] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 78.282802][ T3016] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 78.291215][ T3016] device bridge_slave_1 left promiscuous mode [ 78.299672][ T3016] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.314040][ T3016] device bridge_slave_0 left promiscuous mode [ 78.322233][ T3016] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.339506][ T3016] device veth1_macvtap left promiscuous mode [ 78.345888][ T3016] device veth0_macvtap left promiscuous mode [ 78.352275][ T3016] device veth1_vlan left promiscuous mode [ 78.359124][ T3016] device veth0_vlan left promiscuous mode [ 78.520482][ T3016] team0 (unregistering): Port device team_slave_1 removed [ 78.533024][ T3016] team0 (unregistering): Port device team_slave_0 removed [ 78.547048][ T3016] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 78.562525][ T3016] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 78.617367][ T3016] bond0 (unregistering): Released all slaves [ 78.721563][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.729844][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.744277][ T4280] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.770914][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 78.782940][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.802854][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.811450][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.821690][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.829858][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.839594][ T4280] device veth0_vlan entered promiscuous mode [ 78.854235][ T4280] device veth1_vlan entered promiscuous mode [ 78.879762][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.889458][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 78.898487][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 78.907187][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.921553][ T4280] device veth0_macvtap entered promiscuous mode [ 78.932564][ T4280] device veth1_macvtap entered promiscuous mode [ 78.951277][ T4280] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.959454][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.969026][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.987950][ T4280] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.995728][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 79.004913][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.015923][ T4280] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.025664][ T4280] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.035096][ T4280] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.044501][ T4280] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.121907][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.131943][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.138238][ T13] Bluetooth: hci0: command 0x040f tx timeout [ 79.148502][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.173208][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.181925][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.191614][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.311162][ T4336] [ 79.313561][ T4336] ====================================================== [ 79.320701][ T4336] WARNING: possible circular locking dependency detected [ 79.327833][ T4336] syzkaller #0 Not tainted [ 79.332275][ T4336] ------------------------------------------------------ [ 79.339399][ T4336] syz.0.17/4336 is trying to acquire lock: [ 79.345335][ T4336] ffff88802ae70c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xfa/0x210 [ 79.356550][ T4336] [ 79.356550][ T4336] but task is already holding lock: [ 79.364027][ T4336] ffffffff8d6c5de8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x18b/0x560 [ 79.373743][ T4336] [ 79.373743][ T4336] which lock already depends on the new lock. [ 79.373743][ T4336] [ 79.384424][ T4336] [ 79.384424][ T4336] the existing dependency chain (in reverse order) is: [ 79.393508][ T4336] [ 79.393508][ T4336] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 79.401555][ T4336] __mutex_lock_common+0x1e3/0x2400 [ 79.407408][ T4336] mutex_lock_nested+0x17/0x20 [ 79.413035][ T4336] rfkill_register+0x33/0x980 [ 79.418277][ T4336] hci_register_dev+0x452/0x970 [ 79.423808][ T4336] vhci_create_device+0x32c/0x5c0 [ 79.429573][ T4336] vhci_write+0x391/0x450 [ 79.434749][ T4336] vfs_write+0x745/0xd60 [ 79.439554][ T4336] ksys_write+0x152/0x260 [ 79.444444][ T4336] do_syscall_64+0x4c/0xa0 [ 79.449523][ T4336] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 79.456145][ T4336] [ 79.456145][ T4336] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 79.464310][ T4336] __mutex_lock_common+0x1e3/0x2400 [ 79.470135][ T4336] mutex_lock_nested+0x17/0x20 [ 79.475725][ T4336] vhci_send_frame+0x88/0x100 [ 79.480964][ T4336] hci_send_frame+0x1a9/0x2e0 [ 79.486196][ T4336] hci_tx_work+0x9f9/0x1710 [ 79.491385][ T4336] process_one_work+0x85f/0x1010 [ 79.496960][ T4336] worker_thread+0xaa6/0x1290 [ 79.502193][ T4336] kthread+0x436/0x520 [ 79.506817][ T4336] ret_from_fork+0x1f/0x30 [ 79.511802][ T4336] [ 79.511802][ T4336] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 79.521219][ T4336] __flush_work+0x116/0x210 [ 79.526272][ T4336] hci_dev_do_close+0x1e7/0x1030 [ 79.531868][ T4336] hci_unregister_dev+0x2d7/0x580 [ 79.537451][ T4336] vhci_release+0x73/0xc0 [ 79.542333][ T4336] __fput+0x234/0x930 [ 79.546867][ T4336] task_work_run+0x125/0x1a0 [ 79.552101][ T4336] do_exit+0x626/0x20c0 [ 79.556822][ T4336] do_group_exit+0x12e/0x300 [ 79.562044][ T4336] get_signal+0x6ca/0x12c0 [ 79.567112][ T4336] arch_do_signal_or_restart+0xe7/0x12c0 [ 79.573299][ T4336] exit_to_user_mode_loop+0x9e/0x130 [ 79.579214][ T4336] exit_to_user_mode_prepare+0xee/0x180 [ 79.585305][ T4336] syscall_exit_to_user_mode+0x16/0x40 [ 79.591326][ T4336] do_syscall_64+0x58/0xa0 [ 79.596406][ T4336] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 79.602931][ T4336] [ 79.602931][ T4336] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 79.610618][ T4336] __mutex_lock_common+0x1e3/0x2400 [ 79.616476][ T4336] mutex_lock_nested+0x17/0x20 [ 79.621799][ T4336] bg_scan_update+0x44/0x3b0 [ 79.627039][ T4336] process_one_work+0x85f/0x1010 [ 79.632617][ T4336] worker_thread+0xaa6/0x1290 [ 79.637919][ T4336] kthread+0x436/0x520 [ 79.642524][ T4336] ret_from_fork+0x1f/0x30 [ 79.647477][ T4336] [ 79.647477][ T4336] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 79.657324][ T4336] __lock_acquire+0x2c42/0x7d10 [ 79.662726][ T4336] lock_acquire+0x19e/0x400 [ 79.667940][ T4336] __flush_work+0x116/0x210 [ 79.673081][ T4336] __cancel_work_timer+0x3f4/0x560 [ 79.679124][ T4336] hci_request_cancel_all+0xcc/0x300 [ 79.684962][ T4336] hci_dev_do_close+0x4e/0x1030 [ 79.690358][ T4336] hci_rfkill_set_block+0x10a/0x190 [ 79.696106][ T4336] rfkill_set_block+0x1c9/0x3d0 [ 79.701592][ T4336] rfkill_fop_write+0x452/0x560 [ 79.707021][ T4336] vfs_write+0x30b/0xd60 [ 79.711804][ T4336] ksys_write+0x152/0x260 [ 79.716682][ T4336] do_syscall_64+0x4c/0xa0 [ 79.721659][ T4336] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 79.728106][ T4336] [ 79.728106][ T4336] other info that might help us debug this: [ 79.728106][ T4336] [ 79.738438][ T4336] Chain exists of: [ 79.738438][ T4336] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 79.738438][ T4336] [ 79.754202][ T4336] Possible unsafe locking scenario: [ 79.754202][ T4336] [ 79.761686][ T4336] CPU0 CPU1 [ 79.767097][ T4336] ---- ---- [ 79.772498][ T4336] lock(rfkill_global_mutex); [ 79.777385][ T4336] lock(&data->open_mutex); [ 79.784684][ T4336] lock(rfkill_global_mutex); [ 79.792092][ T4336] lock((work_completion)(&hdev->bg_scan_update)); [ 79.798829][ T4336] [ 79.798829][ T4336] *** DEADLOCK *** [ 79.798829][ T4336] [ 79.807084][ T4336] 1 lock held by syz.0.17/4336: [ 79.811967][ T4336] #0: ffffffff8d6c5de8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x18b/0x560 [ 79.822106][ T4336] [ 79.822106][ T4336] stack backtrace: [ 79.828024][ T4336] CPU: 1 PID: 4336 Comm: syz.0.17 Not tainted syzkaller #0 [ 79.835243][ T4336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 79.845609][ T4336] Call Trace: [ 79.849649][ T4336] [ 79.852780][ T4336] dump_stack_lvl+0x188/0x250 [ 79.857466][ T4336] ? load_image+0x400/0x400 [ 79.862020][ T4336] ? show_regs_print_info+0x20/0x20 [ 79.867323][ T4336] ? print_circular_bug+0x12b/0x1a0 [ 79.872523][ T4336] check_noncircular+0x296/0x330 [ 79.877548][ T4336] ? look_up_lock_class+0x71/0x110 [ 79.882828][ T4336] ? add_chain_block+0x940/0x940 [ 79.887955][ T4336] ? lockdep_lock+0xf1/0x1f0 [ 79.893205][ T4336] ? __lock_acquire+0x12e8/0x7d10 [ 79.898335][ T4336] ? mark_lock+0x94/0x320 [ 79.902786][ T4336] __lock_acquire+0x2c42/0x7d10 [ 79.907736][ T4336] ? verify_lock_unused+0x140/0x140 [ 79.912954][ T4336] ? verify_lock_unused+0x140/0x140 [ 79.918245][ T4336] ? mark_lock+0x94/0x320 [ 79.922757][ T4336] lock_acquire+0x19e/0x400 [ 79.927366][ T4336] ? __flush_work+0xfa/0x210 [ 79.931977][ T4336] ? __lock_acquire+0x7d10/0x7d10 [ 79.937015][ T4336] ? read_lock_is_recursive+0x10/0x10 [ 79.942418][ T4336] ? start_flush_work+0x776/0x820 [ 79.947455][ T4336] __flush_work+0x116/0x210 [ 79.952045][ T4336] ? __flush_work+0xfa/0x210 [ 79.956723][ T4336] ? flush_work+0x20/0x20 [ 79.961051][ T4336] ? try_to_grab_pending+0xfa/0x7f0 [ 79.966526][ T4336] ? mark_lock+0x94/0x320 [ 79.970945][ T4336] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 79.977242][ T4336] ? lock_chain_count+0x20/0x20 [ 79.982193][ T4336] ? mark_lock+0x94/0x320 [ 79.986700][ T4336] ? __cancel_work_timer+0x36a/0x560 [ 79.992087][ T4336] __cancel_work_timer+0x3f4/0x560 [ 79.997214][ T4336] ? cancel_work_sync+0x20/0x20 [ 80.002246][ T4336] ? __cancel_work+0x1f9/0x2e0 [ 80.007008][ T4336] ? lockdep_hardirqs_on+0x94/0x140 [ 80.012208][ T4336] ? __cancel_work+0x27b/0x2e0 [ 80.017592][ T4336] ? cancel_work+0x20/0x20 [ 80.022102][ T4336] ? lock_chain_count+0x20/0x20 [ 80.027081][ T4336] hci_request_cancel_all+0xcc/0x300 [ 80.032379][ T4336] hci_dev_do_close+0x4e/0x1030 [ 80.037232][ T4336] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 80.043151][ T4336] ? _raw_spin_unlock+0x40/0x40 [ 80.048352][ T4336] hci_rfkill_set_block+0x10a/0x190 [ 80.053551][ T4336] ? rcu_lock_release+0x20/0x20 [ 80.058491][ T4336] rfkill_set_block+0x1c9/0x3d0 [ 80.063523][ T4336] rfkill_fop_write+0x452/0x560 [ 80.068389][ T4336] ? rfkill_fop_read+0x520/0x520 [ 80.073391][ T4336] ? common_file_perm+0x140/0x1c0 [ 80.078860][ T4336] ? fsnotify_perm+0x5d/0x560 [ 80.083544][ T4336] ? security_file_permission+0x75/0xa0 [ 80.089102][ T4336] ? rfkill_fop_read+0x520/0x520 [ 80.094045][ T4336] vfs_write+0x30b/0xd60 [ 80.098292][ T4336] ? file_end_write+0x250/0x250 [ 80.103148][ T4336] ? __context_tracking_exit+0x4c/0x80 [ 80.108611][ T4336] ? __lock_acquire+0x7d10/0x7d10 [ 80.113727][ T4336] ? __fdget_pos+0x1e2/0x370 [ 80.118319][ T4336] ksys_write+0x152/0x260 [ 80.122650][ T4336] ? __ia32_sys_read+0x80/0x80 [ 80.127439][ T4336] ? lockdep_hardirqs_on+0x94/0x140 [ 80.132651][ T4336] do_syscall_64+0x4c/0xa0 [ 80.137077][ T4336] ? clear_bhb_loop+0x30/0x80 [ 80.141773][ T4336] ? clear_bhb_loop+0x30/0x80 [ 80.146583][ T4336] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 80.152586][ T4336] RIP: 0033:0x7fbb48a7ddd9 [ 80.157104][ T4336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 80.177141][ T4336] RSP: 002b:00007ffcb9a47bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 80.185621][ T4336] RAX: ffffffffffffffda RBX: 00007fbb48cf6fa0 RCX: 00007fbb48a7ddd9 [ 80.193600][ T4336] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 80.201707][ T4336] RBP: 00007fbb48b13d69 R08: 0000000000000000 R09: 0000000000000000 [ 80.209900][ T4336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 80.217976][ T4336] R13: 00007fbb48cf6fac R14: 00007fbb48cf6fa0 R15: 00007fbb48cf6fa0 [ 80.225956][ T4336]