Warning: Permanently added '10.128.1.4' (ED25519) to the list of known hosts.
2026/04/11 10:13:24 parsed 1 programs
[   56.647137][ T4187] cgroup: Unknown subsys name 'net'
[   56.779986][ T4187] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   57.995421][ T4187] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   59.854817][ T1441] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.862857][ T1441] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.876137][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   59.901376][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.910563][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.918468][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   61.319497][ T4271] chnl_net:caif_netlink_parms(): no params data found
[   61.359553][ T4271] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.367638][ T4271] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.376925][ T4271] device bridge_slave_0 entered promiscuous mode
[   61.386165][ T4271] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.393437][ T4271] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.401831][ T4271] device bridge_slave_1 entered promiscuous mode
[   61.420657][ T4271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.431666][ T4271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.452214][ T4271] team0: Port device team_slave_0 added
[   61.460158][ T4271] team0: Port device team_slave_1 added
[   61.476183][ T4271] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.483142][ T4271] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.509507][ T4271] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.521799][ T4271] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.529069][ T4271] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.555801][ T4271] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.599675][ T4271] device hsr_slave_0 entered promiscuous mode
[   61.606586][ T4271] device hsr_slave_1 entered promiscuous mode
[   61.723380][ T4271] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   61.733570][ T4271] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   61.758734][ T4271] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   61.768706][ T4271] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   61.790100][ T4271] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.797643][ T4271] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.805784][ T4271] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.813069][ T4271] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.868637][  T153] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.878727][  T153] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.913663][ T4271] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.926691][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   61.938251][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.951850][ T4271] 8021q: adding VLAN 0 to HW filter on device team0
[   61.978363][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   61.987247][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   61.996666][  T153] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.003814][  T153] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.026284][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.035721][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.044654][  T153] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.051898][  T153] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.060765][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   62.069844][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   62.078640][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   62.087791][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   62.097149][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   62.106173][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   62.114635][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   62.130861][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   62.140149][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.150236][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   62.160122][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   62.171949][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   62.272105][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   62.280067][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   62.292859][ T4271] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.329945][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   62.340116][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   62.358229][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   62.367704][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   62.383393][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   62.391499][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   62.402382][ T4271] device veth0_vlan entered promiscuous mode
[   62.438466][ T4271] device veth1_vlan entered promiscuous mode
[   62.457703][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   62.466247][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   62.474320][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   62.486027][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   62.496603][ T4271] device veth0_macvtap entered promiscuous mode
[   62.506332][ T4271] device veth1_macvtap entered promiscuous mode
[   62.548924][ T4271] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.557839][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   62.566448][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   62.574464][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   62.583709][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   62.596971][ T4271] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.605376][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   62.614307][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   62.626732][ T4271] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.636750][ T4271] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.646038][ T4271] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.655130][ T4271] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/04/11 10:13:32 executed programs: 0
[   63.481710][ T4291] chnl_net:caif_netlink_parms(): no params data found
[   63.544281][ T4291] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.553669][ T4291] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.562673][ T4291] device bridge_slave_0 entered promiscuous mode
[   63.574783][ T4291] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.582604][ T4291] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.593243][ T4291] device bridge_slave_1 entered promiscuous mode
[   63.622779][ T4291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.634532][ T4291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.666183][ T4291] team0: Port device team_slave_0 added
[   63.676655][ T4291] team0: Port device team_slave_1 added
[   63.697558][ T4291] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.704746][ T4291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.730841][ T4291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.747471][ T4291] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.754755][ T4291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.781495][ T4291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.813796][ T4291] device hsr_slave_0 entered promiscuous mode
[   63.821487][ T4291] device hsr_slave_1 entered promiscuous mode
[   63.828883][ T4291] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   63.837795][ T4291] Cannot create hsr debugfs directory
[   63.930327][ T4291] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.416047][ T4300] Bluetooth: hci0: command 0x0409 tx timeout
[   66.471898][ T4291] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.400100][ T4291] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.473448][ T4291] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.495135][ T4266] Bluetooth: hci0: command 0x041b tx timeout
[   67.620795][ T4291] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.632423][ T4291] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.649444][ T4291] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.660263][ T4291] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.716459][ T4291] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.728971][  T155] device hsr_slave_0 left promiscuous mode
[   67.736761][  T155] device hsr_slave_1 left promiscuous mode
[   67.743451][  T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   67.751284][  T155] batman_adv: batadv0: Removing interface: batadv_slave_0
[   67.759633][  T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   67.767136][  T155] batman_adv: batadv0: Removing interface: batadv_slave_1
[   67.775197][  T155] device bridge_slave_1 left promiscuous mode
[   67.782355][  T155] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.797220][  T155] device bridge_slave_0 left promiscuous mode
[   67.803527][  T155] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.821824][  T155] device veth1_macvtap left promiscuous mode
[   67.828446][  T155] device veth0_macvtap left promiscuous mode
[   67.834678][  T155] device veth1_vlan left promiscuous mode
[   67.841650][  T155] device veth0_vlan left promiscuous mode
[   67.978857][  T155] team0 (unregistering): Port device team_slave_1 removed
[   67.992047][  T155] team0 (unregistering): Port device team_slave_0 removed
[   68.005945][  T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   68.020514][  T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   68.069550][  T155] bond0 (unregistering): Released all slaves
[   68.115223][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   68.123052][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   68.134282][ T4291] 8021q: adding VLAN 0 to HW filter on device team0
[   68.144262][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   68.153995][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.163200][  T153] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.170422][  T153] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.178436][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   68.191428][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   68.200114][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.208784][  T153] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.215886][  T153] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.229194][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   68.240756][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   68.266571][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   68.276541][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   68.285175][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   68.293762][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   68.302643][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   68.311416][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   68.323046][ T4291] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   68.335359][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   68.347948][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   68.356845][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   68.366492][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   68.447803][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   68.455494][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   68.468795][ T4291] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.484345][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   68.493138][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   68.519440][ T1441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   68.527874][ T1441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   68.538009][ T1441] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   68.546693][ T1441] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   68.556887][ T4291] device veth0_vlan entered promiscuous mode
[   68.568365][ T4291] device veth1_vlan entered promiscuous mode
[   68.588786][ T1441] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   68.598851][ T1441] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   68.607982][ T1441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   68.624435][ T1441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   68.635693][ T4291] device veth0_macvtap entered promiscuous mode
[   68.648417][ T4291] device veth1_macvtap entered promiscuous mode
[   68.665864][ T4291] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.673333][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   68.682733][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   68.691354][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   68.700371][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   68.713275][ T4291] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.722598][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   68.731668][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.744062][ T4291] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.753571][ T4291] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.764043][ T4291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.773494][ T4291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.842159][  T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.859882][  T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.868165][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   68.889616][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.898328][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.909715][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.021586][ T4307] 
[   69.024074][ T4307] ======================================================
[   69.032021][ T4307] WARNING: possible circular locking dependency detected
[   69.039066][ T4307] syzkaller #0 Not tainted
[   69.043485][ T4307] ------------------------------------------------------
[   69.050564][ T4307] syz.0.17/4307 is trying to acquire lock:
[   69.056579][ T4307] ffff888029c94c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xfa/0x210
[   69.067682][ T4307] 
[   69.067682][ T4307] but task is already holding lock:
[   69.075055][ T4307] ffffffff8d6c51a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x18b/0x560
[   69.084950][ T4307] 
[   69.084950][ T4307] which lock already depends on the new lock.
[   69.084950][ T4307] 
[   69.095365][ T4307] 
[   69.095365][ T4307] the existing dependency chain (in reverse order) is:
[   69.104473][ T4307] 
[   69.104473][ T4307] -> #4 (rfkill_global_mutex){+.+.}-{3:3}:
[   69.112496][ T4307]        __mutex_lock_common+0x1e3/0x2400
[   69.118234][ T4307]        mutex_lock_nested+0x17/0x20
[   69.123536][ T4307]        rfkill_register+0x33/0x8a0
[   69.128828][ T4307]        hci_register_dev+0x452/0x970
[   69.134214][ T4307]        vhci_create_device+0x32c/0x5c0
[   69.139762][ T4307]        vhci_write+0x391/0x450
[   69.144617][ T4307]        vfs_write+0x745/0xd60
[   69.149375][ T4307]        ksys_write+0x152/0x260
[   69.154315][ T4307]        do_syscall_64+0x4c/0xa0
[   69.159440][ T4307]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   69.166165][ T4307] 
[   69.166165][ T4307] -> #3 (&data->open_mutex){+.+.}-{3:3}:
[   69.174022][ T4307]        __mutex_lock_common+0x1e3/0x2400
[   69.179749][ T4307]        mutex_lock_nested+0x17/0x20
[   69.185136][ T4307]        vhci_send_frame+0x88/0x100
[   69.190326][ T4307]        hci_send_frame+0x1a9/0x2e0
[   69.195769][ T4307]        hci_tx_work+0x9f9/0x1710
[   69.200841][ T4307]        process_one_work+0x85f/0x1010
[   69.206295][ T4307]        worker_thread+0xaa6/0x1290
[   69.211719][ T4307]        kthread+0x436/0x520
[   69.216420][ T4307]        ret_from_fork+0x1f/0x30
[   69.221705][ T4307] 
[   69.221705][ T4307] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}:
[   69.231000][ T4307]        __flush_work+0x116/0x210
[   69.236041][ T4307]        hci_dev_do_close+0x1e7/0x1030
[   69.241486][ T4307]        hci_unregister_dev+0x2d7/0x580
[   69.247018][ T4307]        vhci_release+0x73/0xc0
[   69.251853][ T4307]        __fput+0x234/0x930
[   69.256450][ T4307]        task_work_run+0x125/0x1a0
[   69.261675][ T4307]        do_exit+0x626/0x20c0
[   69.266361][ T4307]        do_group_exit+0x12e/0x300
[   69.271466][ T4307]        get_signal+0x6ca/0x12c0
[   69.276405][ T4307]        arch_do_signal_or_restart+0xe7/0x12c0
[   69.282612][ T4307]        exit_to_user_mode_loop+0x9e/0x130
[   69.288510][ T4307]        exit_to_user_mode_prepare+0xee/0x180
[   69.294754][ T4307]        syscall_exit_to_user_mode+0x16/0x40
[   69.300727][ T4307]        do_syscall_64+0x58/0xa0
[   69.305654][ T4307]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   69.312071][ T4307] 
[   69.312071][ T4307] -> #1 (&hdev->req_lock){+.+.}-{3:3}:
[   69.319716][ T4307]        __mutex_lock_common+0x1e3/0x2400
[   69.325518][ T4307]        mutex_lock_nested+0x17/0x20
[   69.330784][ T4307]        bg_scan_update+0x44/0x3b0
[   69.335880][ T4307]        process_one_work+0x85f/0x1010
[   69.341320][ T4307]        worker_thread+0xaa6/0x1290
[   69.346506][ T4307]        kthread+0x436/0x520
[   69.351098][ T4307]        ret_from_fork+0x1f/0x30
[   69.356039][ T4307] 
[   69.356039][ T4307] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}:
[   69.365846][ T4307]        __lock_acquire+0x2c42/0x7d10
[   69.371222][ T4307]        lock_acquire+0x19e/0x400
[   69.376240][ T4307]        __flush_work+0x116/0x210
[   69.381266][ T4307]        __cancel_work_timer+0x3f4/0x560
[   69.386902][ T4307]        hci_request_cancel_all+0xcc/0x300
[   69.392703][ T4307]        hci_dev_do_close+0x4e/0x1030
[   69.398058][ T4307]        hci_rfkill_set_block+0x10a/0x190
[   69.403757][ T4307]        rfkill_set_block+0x1c6/0x420
[   69.409511][ T4307]        rfkill_fop_write+0x452/0x560
[   69.415076][ T4307]        vfs_write+0x30b/0xd60
[   69.419869][ T4307]        ksys_write+0x152/0x260
[   69.424709][ T4307]        do_syscall_64+0x4c/0xa0
[   69.429636][ T4307]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   69.436122][ T4307] 
[   69.436122][ T4307] other info that might help us debug this:
[   69.436122][ T4307] 
[   69.446643][ T4307] Chain exists of:
[   69.446643][ T4307]   (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex
[   69.446643][ T4307] 
[   69.462729][ T4307]  Possible unsafe locking scenario:
[   69.462729][ T4307] 
[   69.470173][ T4307]        CPU0                    CPU1
[   69.475532][ T4307]        ----                    ----
[   69.480882][ T4307]   lock(rfkill_global_mutex);
[   69.485722][ T4307]                                lock(&data->open_mutex);
[   69.492962][ T4307]                                lock(rfkill_global_mutex);
[   69.500228][ T4307]   lock((work_completion)(&hdev->bg_scan_update));
[   69.506801][ T4307] 
[   69.506801][ T4307]  *** DEADLOCK ***
[   69.506801][ T4307] 
[   69.515037][ T4307] 1 lock held by syz.0.17/4307:
[   69.519968][ T4307]  #0: ffffffff8d6c51a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x18b/0x560
[   69.530049][ T4307] 
[   69.530049][ T4307] stack backtrace:
[   69.535937][ T4307] CPU: 1 PID: 4307 Comm: syz.0.17 Not tainted syzkaller #0
[   69.543119][ T4307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   69.553249][ T4307] Call Trace:
[   69.556523][ T4307]  <TASK>
[   69.559451][ T4307]  dump_stack_lvl+0x188/0x250
[   69.564216][ T4307]  ? load_image+0x400/0x400
[   69.569045][ T4307]  ? show_regs_print_info+0x20/0x20
[   69.574230][ T4307]  ? print_circular_bug+0x12b/0x1a0
[   69.579420][ T4307]  check_noncircular+0x296/0x330
[   69.584338][ T4307]  ? look_up_lock_class+0x71/0x110
[   69.589443][ T4307]  ? add_chain_block+0x940/0x940
[   69.594508][ T4307]  ? lockdep_lock+0xf1/0x1f0
[   69.599119][ T4307]  ? __lock_acquire+0x12e8/0x7d10
[   69.604142][ T4307]  ? mark_lock+0x94/0x320
[   69.608462][ T4307]  __lock_acquire+0x2c42/0x7d10
[   69.613309][ T4307]  ? verify_lock_unused+0x140/0x140
[   69.618494][ T4307]  ? verify_lock_unused+0x140/0x140
[   69.623679][ T4307]  ? mark_lock+0x94/0x320
[   69.627991][ T4307]  lock_acquire+0x19e/0x400
[   69.632479][ T4307]  ? __flush_work+0xfa/0x210
[   69.637052][ T4307]  ? __lock_acquire+0x7d10/0x7d10
[   69.642061][ T4307]  ? read_lock_is_recursive+0x10/0x10
[   69.647414][ T4307]  ? start_flush_work+0x776/0x820
[   69.652420][ T4307]  __flush_work+0x116/0x210
[   69.656906][ T4307]  ? __flush_work+0xfa/0x210
[   69.661569][ T4307]  ? flush_work+0x20/0x20
[   69.665885][ T4307]  ? try_to_grab_pending+0xfa/0x7f0
[   69.671062][ T4307]  ? mark_lock+0x94/0x320
[   69.675459][ T4307]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[   69.681423][ T4307]  ? lock_chain_count+0x20/0x20
[   69.686254][ T4307]  ? mark_lock+0x94/0x320
[   69.690654][ T4307]  ? __cancel_work_timer+0x36a/0x560
[   69.695922][ T4307]  __cancel_work_timer+0x3f4/0x560
[   69.701013][ T4307]  ? cancel_work_sync+0x20/0x20
[   69.705934][ T4307]  ? __cancel_work+0x1f9/0x2e0
[   69.710784][ T4307]  ? lockdep_hardirqs_on+0x94/0x140
[   69.715973][ T4307]  ? __cancel_work+0x27b/0x2e0
[   69.720728][ T4307]  ? cancel_work+0x20/0x20
[   69.725127][ T4307]  ? lock_chain_count+0x20/0x20
[   69.730048][ T4307]  hci_request_cancel_all+0xcc/0x300
[   69.735333][ T4307]  hci_dev_do_close+0x4e/0x1030
[   69.740252][ T4307]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[   69.746130][ T4307]  ? _raw_spin_unlock+0x40/0x40
[   69.751064][ T4307]  hci_rfkill_set_block+0x10a/0x190
[   69.756272][ T4307]  ? rcu_lock_release+0x20/0x20
[   69.761134][ T4307]  rfkill_set_block+0x1c6/0x420
[   69.765978][ T4307]  rfkill_fop_write+0x452/0x560
[   69.770814][ T4307]  ? rfkill_fop_read+0x4d0/0x4d0
[   69.775735][ T4307]  ? common_file_perm+0x110/0x1c0
[   69.780745][ T4307]  ? fsnotify_perm+0x5d/0x560
[   69.785409][ T4307]  ? security_file_permission+0x75/0xa0
[   69.790938][ T4307]  ? rfkill_fop_read+0x4d0/0x4d0
[   69.795907][ T4307]  vfs_write+0x30b/0xd60
[   69.800166][ T4307]  ? file_end_write+0x250/0x250
[   69.804996][ T4307]  ? __context_tracking_exit+0x4c/0x80
[   69.810461][ T4307]  ? __lock_acquire+0x7d10/0x7d10
[   69.815468][ T4307]  ? __fdget_pos+0x1e2/0x370
[   69.820140][ T4307]  ksys_write+0x152/0x260
[   69.824475][ T4307]  ? __ia32_sys_read+0x80/0x80
[   69.829241][ T4307]  ? lockdep_hardirqs_on+0x94/0x140
[   69.834802][ T4307]  do_syscall_64+0x4c/0xa0
[   69.839307][ T4307]  ? clear_bhb_loop+0x30/0x80
[   69.844070][ T4307]  ? clear_bhb_loop+0x30/0x80
[   69.848825][ T4307]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   69.854937][ T4307] RIP: 0033:0x7ffae8622819
[   69.859364][ T4307] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   69.879047][ T4307] RSP: 002b:00007ffc5050bd48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   69.887549][ T4307] RAX: ffffffffffffffda RBX: 00007ffae889bfa0 RCX: 00007ffae8622819
[   69.895588][ T4307] RDX: 0000000000000008 RSI: 0000200000000040 RDI: 0000000000000003
[   69.903776][ T4307] RBP: 00007ffae86b8c91 R08: 0000000000000000 R09: 0000000000000000
[   69.912011][ T4307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.920067][ T4307] R13: 00007ffae889bfac R14: 00007ffae889bfa0 R15: 00007ffae889bfa0
[   69.928042][ T4307]  </TASK>
[   69.960077][ T4263] Bluetooth: hci0: command 0x040f tx timeout