Warning: Permanently added '10.128.0.33' (ED25519) to the list of known hosts. 2026/04/26 17:10:01 parsed 1 programs [ 60.470661][ T4188] cgroup: Unknown subsys name 'net' [ 60.603557][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 62.056486][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 64.135420][ T1557] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.151609][ T1557] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.170605][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 64.187062][ T1557] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.195736][ T1557] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.203921][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.204118][ T4249] chnl_net:caif_netlink_parms(): no params data found [ 65.260658][ T4249] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.267823][ T4249] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.276086][ T4249] device bridge_slave_0 entered promiscuous mode [ 65.284915][ T4249] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.292229][ T4249] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.300403][ T4249] device bridge_slave_1 entered promiscuous mode [ 65.320259][ T4249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.334057][ T4249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.361781][ T4249] team0: Port device team_slave_0 added [ 65.369708][ T4249] team0: Port device team_slave_1 added [ 65.389639][ T4249] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.396606][ T4249] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.422575][ T4249] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.435093][ T4249] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.442121][ T4249] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.473769][ T4249] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.562364][ T4249] device hsr_slave_0 entered promiscuous mode [ 65.570999][ T4249] device hsr_slave_1 entered promiscuous mode [ 65.691145][ T4249] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.701085][ T4249] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.710603][ T4249] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.719697][ T4249] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.741024][ T4249] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.748216][ T4249] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.755814][ T4249] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.762930][ T4249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.802705][ T4249] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.817337][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.825960][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.833974][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.845805][ T4249] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.857817][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.866383][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.873482][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.884681][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.893631][ T1557] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.900734][ T1557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.917051][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.925734][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.937240][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.950832][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.961521][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.971997][ T4249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.072838][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.080470][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.096025][ T4249] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.135329][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.153298][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.161653][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.173133][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.181755][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.189643][ T4249] device veth0_vlan entered promiscuous mode [ 66.222177][ T4249] device veth1_vlan entered promiscuous mode [ 66.240285][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.248886][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.256835][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.265922][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.278583][ T4249] device veth0_macvtap entered promiscuous mode [ 66.287407][ T4249] device veth1_macvtap entered promiscuous mode [ 66.323817][ T4249] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.332394][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.340412][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.348647][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.357225][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.369293][ T4249] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.376585][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.385193][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.399704][ T4249] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.410431][ T4249] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.419865][ T4249] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.428921][ T4249] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.542830][ T4249] syz-executor (4249) used greatest stack depth: 20272 bytes left 2026/04/26 17:10:10 executed programs: 0 [ 67.270564][ T4295] chnl_net:caif_netlink_parms(): no params data found [ 67.334547][ T4295] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.343025][ T4295] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.352445][ T4295] device bridge_slave_0 entered promiscuous mode [ 67.361836][ T4295] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.370119][ T4295] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.378573][ T4295] device bridge_slave_1 entered promiscuous mode [ 67.408748][ T4295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.423139][ T4295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.451865][ T4295] team0: Port device team_slave_0 added [ 67.467573][ T4295] team0: Port device team_slave_1 added [ 67.489345][ T4295] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.496729][ T4295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.525990][ T4295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.538424][ T4295] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.545379][ T4295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.577642][ T4295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.621576][ T4295] device hsr_slave_0 entered promiscuous mode [ 67.628743][ T4295] device hsr_slave_1 entered promiscuous mode [ 67.635343][ T4295] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.645690][ T4295] Cannot create hsr debugfs directory [ 67.745906][ T4295] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.229025][ T13] Bluetooth: hci0: command 0x0409 tx timeout [ 70.535622][ T4295] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.141290][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.147901][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.298218][ T4221] Bluetooth: hci0: command 0x041b tx timeout [ 71.373173][ T4295] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.435620][ T4295] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.554916][ T4295] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.566112][ T4295] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.575974][ T4295] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.590290][ T4295] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.644357][ T4295] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.656122][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.664212][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.683665][ T4295] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.693374][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.702617][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.711817][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.718931][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.726666][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.745422][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.754019][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.763859][ T1557] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.770969][ T1557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.783557][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 71.794208][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 71.815098][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.823879][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.832925][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.842737][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.852130][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.870634][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 71.879204][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.889880][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 71.898583][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.909654][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 71.923069][ T144] device hsr_slave_0 left promiscuous mode [ 71.930049][ T144] device hsr_slave_1 left promiscuous mode [ 71.936342][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 71.944094][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 71.953079][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 71.960633][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 71.968310][ T144] device bridge_slave_1 left promiscuous mode [ 71.974952][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.987370][ T144] device bridge_slave_0 left promiscuous mode [ 71.994272][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.011258][ T144] device veth1_macvtap left promiscuous mode [ 72.017529][ T144] device veth0_macvtap left promiscuous mode [ 72.024167][ T144] device veth1_vlan left promiscuous mode [ 72.030152][ T144] device veth0_vlan left promiscuous mode [ 72.171667][ T144] team0 (unregistering): Port device team_slave_1 removed [ 72.185127][ T144] team0 (unregistering): Port device team_slave_0 removed [ 72.197663][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 72.211769][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 72.267544][ T144] bond0 (unregistering): Released all slaves [ 72.397785][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.405339][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.421496][ T4295] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.443880][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 72.452624][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 72.470175][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 72.478758][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 72.486956][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 72.494796][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 72.509269][ T4295] device veth0_vlan entered promiscuous mode [ 72.521430][ T4295] device veth1_vlan entered promiscuous mode [ 72.547345][ T4295] device veth0_macvtap entered promiscuous mode [ 72.555620][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 72.563614][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 72.572104][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 72.581800][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 72.590949][ T1557] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 72.601064][ T4295] device veth1_macvtap entered promiscuous mode [ 72.615900][ T4295] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.623303][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 72.631761][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 72.640368][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 72.658313][ T4295] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.668628][ T4295] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.677344][ T4295] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.686972][ T4295] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.696462][ T4295] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.707220][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 72.716875][ T1211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 72.772154][ T1557] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.786350][ T1557] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.794866][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 72.816720][ T1557] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.829585][ T1557] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.837899][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 72.960366][ T4309] [ 72.962758][ T4309] ====================================================== [ 72.969791][ T4309] WARNING: possible circular locking dependency detected [ 72.976834][ T4309] syzkaller #0 Not tainted [ 72.981251][ T4309] ------------------------------------------------------ [ 72.988282][ T4309] syz.0.17/4309 is trying to acquire lock: [ 72.994099][ T4309] ffff8880290b8c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xfa/0x210 [ 73.005179][ T4309] [ 73.005179][ T4309] but task is already holding lock: [ 73.012565][ T4309] ffffffff8d6c5de8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x18b/0x560 [ 73.022237][ T4309] [ 73.022237][ T4309] which lock already depends on the new lock. [ 73.022237][ T4309] [ 73.032651][ T4309] [ 73.032651][ T4309] the existing dependency chain (in reverse order) is: [ 73.041675][ T4309] [ 73.041675][ T4309] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 73.049682][ T4309] __mutex_lock_common+0x1e3/0x2400 [ 73.055462][ T4309] mutex_lock_nested+0x17/0x20 [ 73.060773][ T4309] rfkill_register+0x33/0x980 [ 73.065996][ T4309] hci_register_dev+0x452/0x970 [ 73.071394][ T4309] vhci_create_device+0x32c/0x5c0 [ 73.076972][ T4309] vhci_write+0x391/0x450 [ 73.081855][ T4309] vfs_write+0x745/0xd60 [ 73.086632][ T4309] ksys_write+0x152/0x260 [ 73.091502][ T4309] do_syscall_64+0x4c/0xa0 [ 73.096453][ T4309] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 73.102884][ T4309] [ 73.102884][ T4309] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 73.110722][ T4309] __mutex_lock_common+0x1e3/0x2400 [ 73.116456][ T4309] mutex_lock_nested+0x17/0x20 [ 73.121769][ T4309] vhci_send_frame+0x88/0x100 [ 73.126984][ T4309] hci_send_frame+0x1a9/0x2e0 [ 73.132198][ T4309] hci_tx_work+0x9f9/0x1710 [ 73.137260][ T4309] process_one_work+0x85f/0x1010 [ 73.142730][ T4309] worker_thread+0xaa6/0x1290 [ 73.147953][ T4309] kthread+0x436/0x520 [ 73.152554][ T4309] ret_from_fork+0x1f/0x30 [ 73.157525][ T4309] [ 73.157525][ T4309] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 73.166754][ T4309] __flush_work+0x116/0x210 [ 73.171792][ T4309] hci_dev_do_close+0x1e7/0x1030 [ 73.177279][ T4309] hci_unregister_dev+0x2d7/0x580 [ 73.182838][ T4309] vhci_release+0x73/0xc0 [ 73.187705][ T4309] __fput+0x234/0x930 [ 73.192228][ T4309] task_work_run+0x125/0x1a0 [ 73.197366][ T4309] do_exit+0x626/0x20c0 [ 73.202048][ T4309] do_group_exit+0x12e/0x300 [ 73.207170][ T4309] get_signal+0x6ca/0x12c0 [ 73.212116][ T4309] arch_do_signal_or_restart+0xe7/0x12c0 [ 73.218292][ T4309] exit_to_user_mode_loop+0x9e/0x130 [ 73.224115][ T4309] exit_to_user_mode_prepare+0xee/0x180 [ 73.230189][ T4309] syscall_exit_to_user_mode+0x16/0x40 [ 73.236184][ T4309] do_syscall_64+0x58/0xa0 [ 73.241134][ T4309] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 73.247573][ T4309] [ 73.247573][ T4309] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 73.255224][ T4309] __mutex_lock_common+0x1e3/0x2400 [ 73.260957][ T4309] mutex_lock_nested+0x17/0x20 [ 73.266256][ T4309] bg_scan_update+0x44/0x3b0 [ 73.271396][ T4309] process_one_work+0x85f/0x1010 [ 73.276865][ T4309] worker_thread+0xaa6/0x1290 [ 73.282076][ T4309] kthread+0x436/0x520 [ 73.286675][ T4309] ret_from_fork+0x1f/0x30 [ 73.291629][ T4309] [ 73.291629][ T4309] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 73.301454][ T4309] __lock_acquire+0x2c42/0x7d10 [ 73.306846][ T4309] lock_acquire+0x19e/0x400 [ 73.311894][ T4309] __flush_work+0x116/0x210 [ 73.316945][ T4309] __cancel_work_timer+0x3f4/0x560 [ 73.322590][ T4309] hci_request_cancel_all+0xcc/0x300 [ 73.328432][ T4309] hci_dev_do_close+0x4e/0x1030 [ 73.333820][ T4309] hci_rfkill_set_block+0x10a/0x190 [ 73.339553][ T4309] rfkill_set_block+0x1c9/0x3d0 [ 73.344940][ T4309] rfkill_fop_write+0x452/0x560 [ 73.350322][ T4309] vfs_write+0x30b/0xd60 [ 73.355094][ T4309] ksys_write+0x152/0x260 [ 73.359958][ T4309] do_syscall_64+0x4c/0xa0 [ 73.364912][ T4309] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 73.371344][ T4309] [ 73.371344][ T4309] other info that might help us debug this: [ 73.371344][ T4309] [ 73.379144][ T4221] Bluetooth: hci0: command 0x040f tx timeout [ 73.381579][ T4309] Chain exists of: [ 73.381579][ T4309] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 73.381579][ T4309] [ 73.403288][ T4309] Possible unsafe locking scenario: [ 73.403288][ T4309] [ 73.410748][ T4309] CPU0 CPU1 [ 73.416124][ T4309] ---- ---- [ 73.421499][ T4309] lock(rfkill_global_mutex); [ 73.426273][ T4309] lock(&data->open_mutex); [ 73.433391][ T4309] lock(rfkill_global_mutex); [ 73.440702][ T4309] lock((work_completion)(&hdev->bg_scan_update)); [ 73.447297][ T4309] [ 73.447297][ T4309] *** DEADLOCK *** [ 73.447297][ T4309] [ 73.455446][ T4309] 1 lock held by syz.0.17/4309: [ 73.460304][ T4309] #0: ffffffff8d6c5de8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x18b/0x560 [ 73.470412][ T4309] [ 73.470412][ T4309] stack backtrace: [ 73.476332][ T4309] CPU: 1 PID: 4309 Comm: syz.0.17 Not tainted syzkaller #0 [ 73.483542][ T4309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 73.493619][ T4309] Call Trace: [ 73.496914][ T4309] [ 73.499858][ T4309] dump_stack_lvl+0x188/0x250 [ 73.504566][ T4309] ? load_image+0x400/0x400 [ 73.509110][ T4309] ? show_regs_print_info+0x20/0x20 [ 73.514339][ T4309] ? print_circular_bug+0x12b/0x1a0 [ 73.519548][ T4309] check_noncircular+0x296/0x330 [ 73.524506][ T4309] ? look_up_lock_class+0x71/0x110 [ 73.529636][ T4309] ? add_chain_block+0x940/0x940 [ 73.534582][ T4309] ? lockdep_lock+0xf1/0x1f0 [ 73.539187][ T4309] ? __lock_acquire+0x12e8/0x7d10 [ 73.544228][ T4309] ? mark_lock+0x94/0x320 [ 73.548573][ T4309] __lock_acquire+0x2c42/0x7d10 [ 73.553458][ T4309] ? verify_lock_unused+0x140/0x140 [ 73.558681][ T4309] ? verify_lock_unused+0x140/0x140 [ 73.563903][ T4309] ? mark_lock+0x94/0x320 [ 73.568255][ T4309] lock_acquire+0x19e/0x400 [ 73.572777][ T4309] ? __flush_work+0xfa/0x210 [ 73.577389][ T4309] ? __lock_acquire+0x7d10/0x7d10 [ 73.582435][ T4309] ? read_lock_is_recursive+0x10/0x10 [ 73.587823][ T4309] ? start_flush_work+0x776/0x820 [ 73.592900][ T4309] __flush_work+0x116/0x210 [ 73.597415][ T4309] ? __flush_work+0xfa/0x210 [ 73.602036][ T4309] ? flush_work+0x20/0x20 [ 73.606386][ T4309] ? try_to_grab_pending+0xfa/0x7f0 [ 73.611604][ T4309] ? mark_lock+0x94/0x320 [ 73.615961][ T4309] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 73.621952][ T4309] ? lock_chain_count+0x20/0x20 [ 73.626820][ T4309] ? mark_lock+0x94/0x320 [ 73.631162][ T4309] ? __cancel_work_timer+0x36a/0x560 [ 73.636462][ T4309] __cancel_work_timer+0x3f4/0x560 [ 73.641589][ T4309] ? cancel_work_sync+0x20/0x20 [ 73.646456][ T4309] ? __cancel_work+0x1f9/0x2e0 [ 73.651238][ T4309] ? lockdep_hardirqs_on+0x94/0x140 [ 73.656455][ T4309] ? __cancel_work+0x27b/0x2e0 [ 73.661232][ T4309] ? cancel_work+0x20/0x20 [ 73.665665][ T4309] ? lock_chain_count+0x20/0x20 [ 73.670534][ T4309] hci_request_cancel_all+0xcc/0x300 [ 73.675848][ T4309] hci_dev_do_close+0x4e/0x1030 [ 73.680720][ T4309] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 73.686619][ T4309] ? _raw_spin_unlock+0x40/0x40 [ 73.691476][ T4309] hci_rfkill_set_block+0x10a/0x190 [ 73.696729][ T4309] ? rcu_lock_release+0x20/0x20 [ 73.701599][ T4309] rfkill_set_block+0x1c9/0x3d0 [ 73.706477][ T4309] rfkill_fop_write+0x452/0x560 [ 73.711347][ T4309] ? rfkill_fop_read+0x520/0x520 [ 73.716300][ T4309] ? common_file_perm+0x140/0x1c0 [ 73.721355][ T4309] ? fsnotify_perm+0x5d/0x560 [ 73.726050][ T4309] ? security_file_permission+0x75/0xa0 [ 73.731613][ T4309] ? rfkill_fop_read+0x520/0x520 [ 73.736576][ T4309] vfs_write+0x30b/0xd60 [ 73.740840][ T4309] ? file_end_write+0x250/0x250 [ 73.745707][ T4309] ? __context_tracking_exit+0x4c/0x80 [ 73.751193][ T4309] ? __lock_acquire+0x7d10/0x7d10 [ 73.756251][ T4309] ? __fdget_pos+0x1e2/0x370 [ 73.760856][ T4309] ksys_write+0x152/0x260 [ 73.765222][ T4309] ? __ia32_sys_read+0x80/0x80 [ 73.770000][ T4309] ? lockdep_hardirqs_on+0x94/0x140 [ 73.775220][ T4309] do_syscall_64+0x4c/0xa0 [ 73.779665][ T4309] ? clear_bhb_loop+0x30/0x80 [ 73.784361][ T4309] ? clear_bhb_loop+0x30/0x80 [ 73.789050][ T4309] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 73.794970][ T4309] RIP: 0033:0x7fcf2896add9 [ 73.799396][ T4309] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 73.819046][ T4309] RSP: 002b:00007ffec1e8a4b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 73.827480][ T4309] RAX: ffffffffffffffda RBX: 00007fcf28be3fa0 RCX: 00007fcf2896add9 [ 73.835470][ T4309] RDX: 0000000000000008 RSI: 0000200000000180 RDI: 0000000000000003 [ 73.843451][ T4309] RBP: 00007fcf28a00d69 R08: 0000000000000000 R09: 0000000000000000 [ 73.851431][ T4309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 73.859413][ T4309] R13: 00007fcf28be3fac R14: 00007fcf28be3fa0 R15: 00007fcf28be3fa0 [ 73.867406][ T4309]