Warning: Permanently added '10.128.0.62' (ED25519) to the list of known hosts. 2026/04/08 12:11:54 parsed 1 programs [ 54.625199][ T4189] cgroup: Unknown subsys name 'net' [ 54.757274][ T4189] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 56.027357][ T4189] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 58.392434][ T4227] chnl_net:caif_netlink_parms(): no params data found [ 58.456007][ T4227] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.465177][ T4227] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.473675][ T4227] device bridge_slave_0 entered promiscuous mode [ 58.485630][ T4227] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.492923][ T4227] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.501186][ T4227] device bridge_slave_1 entered promiscuous mode [ 58.529092][ T4227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.544135][ T4227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.573393][ T4227] team0: Port device team_slave_0 added [ 58.581967][ T4227] team0: Port device team_slave_1 added [ 58.606681][ T4227] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.613923][ T4227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.642036][ T4227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.656344][ T4227] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.663590][ T4227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.691326][ T4227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.731258][ T4227] device hsr_slave_0 entered promiscuous mode [ 58.738468][ T4227] device hsr_slave_1 entered promiscuous mode [ 58.870184][ T4227] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 58.882463][ T4227] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.891929][ T4227] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.901569][ T4227] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.930006][ T4227] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.937892][ T4227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.946179][ T4227] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.953403][ T4227] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.014828][ T4227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.028562][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.039542][ T240] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.048517][ T240] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.063301][ T4227] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.083517][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.095851][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.103347][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.118464][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.131529][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.139036][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.176863][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.190255][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.204885][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.229445][ T4227] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.240771][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.251084][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.259110][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.335228][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.342965][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.356467][ T4227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.371830][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 59.381687][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.400168][ T4227] device veth0_vlan entered promiscuous mode [ 59.407694][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 59.416964][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.428228][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.436534][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.446885][ T4227] device veth1_vlan entered promiscuous mode [ 59.465061][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 59.474602][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 59.484315][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.493779][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.503554][ T4227] device veth0_macvtap entered promiscuous mode [ 59.513674][ T4227] device veth1_macvtap entered promiscuous mode [ 59.541665][ T4227] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.549858][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 59.558331][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 59.567499][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 59.576828][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.591610][ T4227] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.601215][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.610240][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.621115][ T4227] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.631425][ T4227] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.641297][ T4227] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.650422][ T4227] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.744721][ T4227] syz-executor (4227) used greatest stack depth: 20272 bytes left [ 60.451510][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.470447][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.481102][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 60.506275][ T4279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.516170][ T4279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.524299][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2026/04/08 12:12:02 executed programs: 0 [ 61.269923][ T4287] chnl_net:caif_netlink_parms(): no params data found [ 61.324300][ T4287] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.332454][ T4287] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.340505][ T4287] device bridge_slave_0 entered promiscuous mode [ 61.352818][ T4287] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.361071][ T4287] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.371772][ T4287] device bridge_slave_1 entered promiscuous mode [ 61.400988][ T4287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.418443][ T4287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.442396][ T4287] team0: Port device team_slave_0 added [ 61.450167][ T4287] team0: Port device team_slave_1 added [ 61.470675][ T4287] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.478549][ T4287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.506267][ T4287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.522857][ T4287] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.531096][ T4287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.560695][ T4287] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.595169][ T4287] device hsr_slave_0 entered promiscuous mode [ 61.603370][ T4287] device hsr_slave_1 entered promiscuous mode [ 61.610329][ T4287] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.622288][ T4287] Cannot create hsr debugfs directory [ 61.674999][ T145] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.153684][ T4246] Bluetooth: hci0: command 0x0409 tx timeout [ 65.180348][ T145] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.232421][ T4236] Bluetooth: hci0: command 0x041b tx timeout [ 65.241965][ T145] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.299702][ T145] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.217461][ T4287] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 66.228059][ T4287] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 66.237206][ T4287] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 66.246557][ T4287] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 66.306930][ T4287] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.319423][ T4279] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.327878][ T4279] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.353452][ T4287] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.363673][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 66.373019][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.381925][ T240] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.389050][ T240] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.397398][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.410527][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.419441][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.428277][ T240] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.435473][ T240] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.450012][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.461476][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.474630][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.484223][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.507508][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.517358][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 66.526374][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.539287][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.548698][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.560222][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.568903][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.597582][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.684429][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.693719][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.722405][ T4287] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.742271][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.754427][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.774875][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.783866][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.795182][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.803912][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.825498][ T4287] device veth0_vlan entered promiscuous mode [ 66.836668][ T4287] device veth1_vlan entered promiscuous mode [ 66.856622][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.865517][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.875562][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.885535][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.897410][ T4287] device veth0_macvtap entered promiscuous mode [ 66.908490][ T4287] device veth1_macvtap entered promiscuous mode [ 66.939545][ T4287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.951885][ T4287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.965213][ T4287] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.974351][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.984110][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.993440][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.003653][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.014182][ T4287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.025988][ T4287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.038996][ T4287] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.049905][ T4287] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.059940][ T4287] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.072710][ T4287] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.082508][ T4287] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.094894][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.104621][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.175250][ T4279] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.185082][ T4279] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.205880][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.227109][ T145] device hsr_slave_0 left promiscuous mode [ 67.234421][ T145] device hsr_slave_1 left promiscuous mode [ 67.241251][ T145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 67.250297][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 67.260802][ T145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 67.269041][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 67.277426][ T145] device bridge_slave_1 left promiscuous mode [ 67.284508][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.298328][ T145] device bridge_slave_0 left promiscuous mode [ 67.305715][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.314324][ T4314] Bluetooth: hci0: command 0x040f tx timeout [ 67.328884][ T145] device veth1_macvtap left promiscuous mode [ 67.335391][ T145] device veth0_macvtap left promiscuous mode [ 67.341923][ T145] device veth1_vlan left promiscuous mode [ 67.349562][ T145] device veth0_vlan left promiscuous mode [ 67.498470][ T145] team0 (unregistering): Port device team_slave_1 removed [ 67.511283][ T145] team0 (unregistering): Port device team_slave_0 removed [ 67.525370][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 67.539183][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 67.598017][ T145] bond0 (unregistering): Released all slaves [ 67.670852][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.679123][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.688036][ T240] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.806337][ T4357] [ 67.808780][ T4357] ====================================================== [ 67.816549][ T4357] WARNING: possible circular locking dependency detected [ 67.824422][ T4357] syzkaller #0 Not tainted [ 67.829643][ T4357] ------------------------------------------------------ [ 67.839083][ T4357] syz.0.17/4357 is trying to acquire lock: [ 67.845063][ T4357] ffff888028978c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xfa/0x210 [ 67.856816][ T4357] [ 67.856816][ T4357] but task is already holding lock: [ 67.864637][ T4357] ffffffff8d6c51a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x18b/0x560 [ 67.874713][ T4357] [ 67.874713][ T4357] which lock already depends on the new lock. [ 67.874713][ T4357] [ 67.886062][ T4357] [ 67.886062][ T4357] the existing dependency chain (in reverse order) is: [ 67.895871][ T4357] [ 67.895871][ T4357] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 67.905519][ T4357] __mutex_lock_common+0x1e3/0x2400 [ 67.911650][ T4357] mutex_lock_nested+0x17/0x20 [ 67.917831][ T4357] rfkill_register+0x33/0x8a0 [ 67.923228][ T4357] hci_register_dev+0x452/0x970 [ 67.928792][ T4357] vhci_create_device+0x32c/0x5c0 [ 67.934350][ T4357] vhci_write+0x391/0x450 [ 67.939477][ T4357] vfs_write+0x745/0xd60 [ 67.944250][ T4357] ksys_write+0x152/0x260 [ 67.949294][ T4357] do_syscall_64+0x4c/0xa0 [ 67.954241][ T4357] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.960866][ T4357] [ 67.960866][ T4357] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 67.969042][ T4357] __mutex_lock_common+0x1e3/0x2400 [ 67.974868][ T4357] mutex_lock_nested+0x17/0x20 [ 67.980260][ T4357] vhci_send_frame+0x88/0x100 [ 67.985490][ T4357] hci_send_frame+0x1a9/0x2e0 [ 67.990959][ T4357] hci_tx_work+0x9f9/0x1710 [ 67.996185][ T4357] process_one_work+0x85f/0x1010 [ 68.001740][ T4357] worker_thread+0xaa6/0x1290 [ 68.007188][ T4357] kthread+0x436/0x520 [ 68.011889][ T4357] ret_from_fork+0x1f/0x30 [ 68.017196][ T4357] [ 68.017196][ T4357] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 68.026985][ T4357] __flush_work+0x116/0x210 [ 68.032452][ T4357] hci_dev_do_close+0x1e7/0x1030 [ 68.039109][ T4357] hci_unregister_dev+0x2d7/0x580 [ 68.046123][ T4357] vhci_release+0x73/0xc0 [ 68.051544][ T4357] __fput+0x234/0x930 [ 68.056743][ T4357] task_work_run+0x125/0x1a0 [ 68.063016][ T4357] do_exit+0x626/0x20c0 [ 68.068573][ T4357] do_group_exit+0x12e/0x300 [ 68.074511][ T4357] get_signal+0x6ca/0x12c0 [ 68.079958][ T4357] arch_do_signal_or_restart+0xe7/0x12c0 [ 68.086310][ T4357] exit_to_user_mode_loop+0x9e/0x130 [ 68.092804][ T4357] exit_to_user_mode_prepare+0xee/0x180 [ 68.099175][ T4357] syscall_exit_to_user_mode+0x16/0x40 [ 68.105172][ T4357] do_syscall_64+0x58/0xa0 [ 68.110117][ T4357] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 68.116699][ T4357] [ 68.116699][ T4357] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 68.124539][ T4357] __mutex_lock_common+0x1e3/0x2400 [ 68.130504][ T4357] mutex_lock_nested+0x17/0x20 [ 68.136644][ T4357] bg_scan_update+0x44/0x3b0 [ 68.141983][ T4357] process_one_work+0x85f/0x1010 [ 68.147541][ T4357] worker_thread+0xaa6/0x1290 [ 68.152988][ T4357] kthread+0x436/0x520 [ 68.158335][ T4357] ret_from_fork+0x1f/0x30 [ 68.163438][ T4357] [ 68.163438][ T4357] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 68.173729][ T4357] __lock_acquire+0x2c42/0x7d10 [ 68.179118][ T4357] lock_acquire+0x19e/0x400 [ 68.184252][ T4357] __flush_work+0x116/0x210 [ 68.189753][ T4357] __cancel_work_timer+0x3f4/0x560 [ 68.195402][ T4357] hci_request_cancel_all+0xcc/0x300 [ 68.201398][ T4357] hci_dev_do_close+0x4e/0x1030 [ 68.206878][ T4357] hci_rfkill_set_block+0x10a/0x190 [ 68.212721][ T4357] rfkill_set_block+0x1c6/0x420 [ 68.218266][ T4357] rfkill_fop_write+0x452/0x560 [ 68.223673][ T4357] vfs_write+0x30b/0xd60 [ 68.228478][ T4357] ksys_write+0x152/0x260 [ 68.233339][ T4357] do_syscall_64+0x4c/0xa0 [ 68.238426][ T4357] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 68.245054][ T4357] [ 68.245054][ T4357] other info that might help us debug this: [ 68.245054][ T4357] [ 68.255326][ T4357] Chain exists of: [ 68.255326][ T4357] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 68.255326][ T4357] [ 68.271150][ T4357] Possible unsafe locking scenario: [ 68.271150][ T4357] [ 68.278978][ T4357] CPU0 CPU1 [ 68.284344][ T4357] ---- ---- [ 68.290178][ T4357] lock(rfkill_global_mutex); [ 68.295257][ T4357] lock(&data->open_mutex); [ 68.302572][ T4357] lock(rfkill_global_mutex); [ 68.310680][ T4357] lock((work_completion)(&hdev->bg_scan_update)); [ 68.317365][ T4357] [ 68.317365][ T4357] *** DEADLOCK *** [ 68.317365][ T4357] [ 68.325631][ T4357] 1 lock held by syz.0.17/4357: [ 68.330569][ T4357] #0: ffffffff8d6c51a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x18b/0x560 [ 68.340896][ T4357] [ 68.340896][ T4357] stack backtrace: [ 68.346902][ T4357] CPU: 0 PID: 4357 Comm: syz.0.17 Not tainted syzkaller #0 [ 68.354454][ T4357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 68.364649][ T4357] Call Trace: [ 68.367940][ T4357] [ 68.371075][ T4357] dump_stack_lvl+0x188/0x250 [ 68.375953][ T4357] ? load_image+0x400/0x400 [ 68.381659][ T4357] ? show_regs_print_info+0x20/0x20 [ 68.387055][ T4357] ? print_circular_bug+0x12b/0x1a0 [ 68.392341][ T4357] check_noncircular+0x296/0x330 [ 68.397739][ T4357] ? look_up_lock_class+0x71/0x110 [ 68.403329][ T4357] ? add_chain_block+0x940/0x940 [ 68.408682][ T4357] ? lockdep_lock+0xf1/0x1f0 [ 68.413393][ T4357] ? __lock_acquire+0x12e8/0x7d10 [ 68.418787][ T4357] ? mark_lock+0x94/0x320 [ 68.423176][ T4357] ? _find_first_zero_bit+0xce/0xf0 [ 68.428569][ T4357] __lock_acquire+0x2c42/0x7d10 [ 68.433451][ T4357] ? verify_lock_unused+0x140/0x140 [ 68.438669][ T4357] ? verify_lock_unused+0x140/0x140 [ 68.443886][ T4357] ? mark_lock+0x94/0x320 [ 68.448736][ T4357] lock_acquire+0x19e/0x400 [ 68.453261][ T4357] ? __flush_work+0xfa/0x210 [ 68.458208][ T4357] ? __lock_acquire+0x7d10/0x7d10 [ 68.463249][ T4357] ? read_lock_is_recursive+0x10/0x10 [ 68.468901][ T4357] ? start_flush_work+0x776/0x820 [ 68.473939][ T4357] __flush_work+0x116/0x210 [ 68.478542][ T4357] ? __flush_work+0xfa/0x210 [ 68.483650][ T4357] ? flush_work+0x20/0x20 [ 68.488089][ T4357] ? try_to_grab_pending+0xfa/0x7f0 [ 68.493302][ T4357] ? mark_lock+0x94/0x320 [ 68.497646][ T4357] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 68.503912][ T4357] ? lock_chain_count+0x20/0x20 [ 68.508950][ T4357] ? mark_lock+0x94/0x320 [ 68.513296][ T4357] ? __cancel_work_timer+0x36a/0x560 [ 68.519002][ T4357] __cancel_work_timer+0x3f4/0x560 [ 68.524318][ T4357] ? cancel_work_sync+0x20/0x20 [ 68.529266][ T4357] ? __cancel_work+0x1f9/0x2e0 [ 68.534133][ T4357] ? lockdep_hardirqs_on+0x94/0x140 [ 68.539519][ T4357] ? __cancel_work+0x27b/0x2e0 [ 68.544302][ T4357] ? cancel_work+0x20/0x20 [ 68.549068][ T4357] ? lock_chain_count+0x20/0x20 [ 68.554017][ T4357] hci_request_cancel_all+0xcc/0x300 [ 68.559525][ T4357] hci_dev_do_close+0x4e/0x1030 [ 68.564547][ T4357] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 68.570505][ T4357] ? _raw_spin_unlock+0x40/0x40 [ 68.575542][ T4357] hci_rfkill_set_block+0x10a/0x190 [ 68.580959][ T4357] ? rcu_lock_release+0x20/0x20 [ 68.585850][ T4357] rfkill_set_block+0x1c6/0x420 [ 68.591088][ T4357] rfkill_fop_write+0x452/0x560 [ 68.596300][ T4357] ? rfkill_fop_read+0x4d0/0x4d0 [ 68.601336][ T4357] ? common_file_perm+0x110/0x1c0 [ 68.606385][ T4357] ? fsnotify_perm+0x5d/0x560 [ 68.611265][ T4357] ? security_file_permission+0x75/0xa0 [ 68.616825][ T4357] ? rfkill_fop_read+0x4d0/0x4d0 [ 68.621813][ T4357] vfs_write+0x30b/0xd60 [ 68.626084][ T4357] ? file_end_write+0x250/0x250 [ 68.631225][ T4357] ? __context_tracking_exit+0x4c/0x80 [ 68.636697][ T4357] ? __lock_acquire+0x7d10/0x7d10 [ 68.641776][ T4357] ? __fdget_pos+0x1e2/0x370 [ 68.646519][ T4357] ksys_write+0x152/0x260 [ 68.650868][ T4357] ? __ia32_sys_read+0x80/0x80 [ 68.655851][ T4357] ? lockdep_hardirqs_on+0x94/0x140 [ 68.661082][ T4357] do_syscall_64+0x4c/0xa0 [ 68.665613][ T4357] ? clear_bhb_loop+0x30/0x80 [ 68.670316][ T4357] ? clear_bhb_loop+0x30/0x80 [ 68.675008][ T4357] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 68.680928][ T4357] RIP: 0033:0x7fba41500819 [ 68.685349][ T4357] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 68.705332][ T4357] RSP: 002b:00007ffcf2524528 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 68.713845][ T4357] RAX: ffffffffffffffda RBX: 00007fba41779fa0 RCX: 00007fba41500819 [ 68.721832][ T4357] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: 0000000000000003 [ 68.730080][ T4357] RBP: 00007fba41596c91 R08: 0000000000000000 R09: 0000000000000000 [ 68.738060][ T4357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.746239][ T4357] R13: 00007fba41779fac R14: 00007fba41779fa0 R15: 00007fba41779fa0 [ 68.754884][ T4357]