Warning: Permanently added '10.128.0.20' (ED25519) to the list of known hosts. 2026/04/06 14:18:59 parsed 1 programs [ 64.014315][ T4188] cgroup: Unknown subsys name 'net' [ 64.148277][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 65.404533][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 67.472740][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.489632][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.509524][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.526391][ T1309] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.543974][ T1309] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.551502][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.129476][ T4238] chnl_net:caif_netlink_parms(): no params data found [ 68.189028][ T4238] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.196867][ T4238] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.205174][ T4238] device bridge_slave_0 entered promiscuous mode [ 68.214788][ T4238] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.221904][ T4238] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.230488][ T4238] device bridge_slave_1 entered promiscuous mode [ 68.255138][ T4238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.266665][ T4238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.293245][ T4238] team0: Port device team_slave_0 added [ 68.301399][ T4238] team0: Port device team_slave_1 added [ 68.322433][ T4238] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.329540][ T4238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.355847][ T4238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.368830][ T4238] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.376071][ T4238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.403967][ T4238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.439918][ T4238] device hsr_slave_0 entered promiscuous mode [ 68.446926][ T4238] device hsr_slave_1 entered promiscuous mode [ 68.574176][ T4238] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 68.587730][ T4238] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 68.596717][ T4238] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 68.605856][ T4238] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 68.629486][ T4238] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.636699][ T4238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.644549][ T4238] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.651586][ T4238] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.727388][ T4238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.748585][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.776479][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.789321][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.807220][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 68.839668][ T4238] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.853398][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.862055][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.869156][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.881320][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.890384][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.897495][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.915892][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.926231][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.935310][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.948178][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.959150][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.970206][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.041576][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 69.049406][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 69.061893][ T4238] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.079210][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 69.096572][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 69.105412][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 69.115318][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 69.123765][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 69.133145][ T4238] device veth0_vlan entered promiscuous mode [ 69.143006][ T4238] device veth1_vlan entered promiscuous mode [ 69.178749][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 69.187032][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 69.195143][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 69.203777][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 69.215102][ T4238] device veth0_macvtap entered promiscuous mode [ 69.225621][ T4238] device veth1_macvtap entered promiscuous mode [ 69.256626][ T4238] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.265286][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 69.274094][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 69.282009][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 69.291729][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 69.304465][ T4238] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.314909][ T4238] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.324081][ T4238] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.333488][ T4238] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.342192][ T4238] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.352500][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 69.361511][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/04/06 14:19:08 executed programs: 0 [ 70.802595][ T4289] chnl_net:caif_netlink_parms(): no params data found [ 70.862786][ T4289] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.872268][ T4289] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.880330][ T4289] device bridge_slave_0 entered promiscuous mode [ 70.891373][ T4289] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.898617][ T4289] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.909175][ T4289] device bridge_slave_1 entered promiscuous mode [ 70.934394][ T4289] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.945807][ T4289] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.973923][ T4289] team0: Port device team_slave_0 added [ 70.981584][ T4289] team0: Port device team_slave_1 added [ 71.009452][ T4289] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.016697][ T4289] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.042772][ T4289] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.054796][ T4289] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.061740][ T4289] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.087948][ T4289] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.132693][ T4289] device hsr_slave_0 entered promiscuous mode [ 71.139875][ T4289] device hsr_slave_1 entered promiscuous mode [ 71.149902][ T4289] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.158174][ T4289] Cannot create hsr debugfs directory [ 71.232435][ T4289] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.243723][ T1433] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.250174][ T1433] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.743903][ T4256] Bluetooth: hci0: command 0x0409 tx timeout [ 74.444114][ T4289] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.487117][ T4289] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.539876][ T4289] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.634056][ T4289] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.642917][ T4289] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.652357][ T4289] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.661436][ T4289] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.708354][ T4289] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.730547][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.738517][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.748368][ T4289] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.758132][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.767101][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.775858][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.782931][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.793403][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.804725][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.814859][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.823386][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.823700][ T13] Bluetooth: hci0: command 0x041b tx timeout [ 74.830440][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.860651][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.872043][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.884046][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 74.892699][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.902198][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 74.927830][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 74.936831][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.947185][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.956841][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.981330][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.989950][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.000905][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.079770][ T448] device hsr_slave_0 left promiscuous mode [ 75.086548][ T448] device hsr_slave_1 left promiscuous mode [ 75.093959][ T448] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 75.101374][ T448] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 75.109738][ T448] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 75.117323][ T448] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 75.125196][ T448] device bridge_slave_1 left promiscuous mode [ 75.132096][ T448] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.146506][ T448] device bridge_slave_0 left promiscuous mode [ 75.152657][ T448] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.169547][ T448] device veth1_macvtap left promiscuous mode [ 75.175842][ T448] device veth0_macvtap left promiscuous mode [ 75.181849][ T448] device veth1_vlan left promiscuous mode [ 75.188428][ T448] device veth0_vlan left promiscuous mode [ 75.321082][ T448] team0 (unregistering): Port device team_slave_1 removed [ 75.333931][ T448] team0 (unregistering): Port device team_slave_0 removed [ 75.345732][ T448] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 75.360095][ T448] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 75.408352][ T448] bond0 (unregistering): Released all slaves [ 75.451886][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.459432][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.477973][ T4289] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.492508][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 75.501775][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 75.521398][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 75.532026][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.543291][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.550999][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.559928][ T4289] device veth0_vlan entered promiscuous mode [ 75.570201][ T4289] device veth1_vlan entered promiscuous mode [ 75.588145][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.597637][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.608221][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 75.617191][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.627126][ T4289] device veth0_macvtap entered promiscuous mode [ 75.637484][ T4289] device veth1_macvtap entered promiscuous mode [ 75.652910][ T4289] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.661798][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 75.670442][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 75.679701][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 75.688175][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.699105][ T4289] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.711099][ T4289] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.721101][ T4289] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.729879][ T4289] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.739021][ T4289] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.749479][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.758464][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.819807][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.831230][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.852064][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.867376][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.875890][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.884414][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.977556][ T4303] [ 75.979915][ T4303] ====================================================== [ 75.986922][ T4303] WARNING: possible circular locking dependency detected [ 75.994016][ T4303] syzkaller #0 Not tainted [ 75.998446][ T4303] ------------------------------------------------------ [ 76.005454][ T4303] syz.0.17/4303 is trying to acquire lock: [ 76.011251][ T4303] ffff88801f3b8c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xfa/0x210 [ 76.022314][ T4303] [ 76.022314][ T4303] but task is already holding lock: [ 76.029670][ T4303] ffffffff8d6c51a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x18b/0x560 [ 76.039330][ T4303] [ 76.039330][ T4303] which lock already depends on the new lock. [ 76.039330][ T4303] [ 76.049724][ T4303] [ 76.049724][ T4303] the existing dependency chain (in reverse order) is: [ 76.058820][ T4303] [ 76.058820][ T4303] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 76.066812][ T4303] __mutex_lock_common+0x1e3/0x2400 [ 76.072620][ T4303] mutex_lock_nested+0x17/0x20 [ 76.077899][ T4303] rfkill_register+0x33/0x8a0 [ 76.083183][ T4303] hci_register_dev+0x452/0x970 [ 76.088551][ T4303] vhci_create_device+0x32c/0x5c0 [ 76.094091][ T4303] vhci_write+0x391/0x450 [ 76.098936][ T4303] vfs_write+0x745/0xd60 [ 76.103691][ T4303] ksys_write+0x152/0x260 [ 76.108534][ T4303] do_syscall_64+0x4c/0xa0 [ 76.113464][ T4303] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.119886][ T4303] [ 76.119886][ T4303] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 76.127708][ T4303] __mutex_lock_common+0x1e3/0x2400 [ 76.133432][ T4303] mutex_lock_nested+0x17/0x20 [ 76.138719][ T4303] vhci_send_frame+0x88/0x100 [ 76.143915][ T4303] hci_send_frame+0x1a9/0x2e0 [ 76.149115][ T4303] hci_tx_work+0x9f9/0x1710 [ 76.154140][ T4303] process_one_work+0x85f/0x1010 [ 76.159598][ T4303] worker_thread+0xaa6/0x1290 [ 76.164790][ T4303] kthread+0x436/0x520 [ 76.169374][ T4303] ret_from_fork+0x1f/0x30 [ 76.174307][ T4303] [ 76.174307][ T4303] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 76.183525][ T4303] __flush_work+0x116/0x210 [ 76.188549][ T4303] hci_dev_do_close+0x1e7/0x1030 [ 76.194006][ T4303] hci_unregister_dev+0x2d7/0x580 [ 76.199538][ T4303] vhci_release+0x73/0xc0 [ 76.204374][ T4303] __fput+0x234/0x930 [ 76.208888][ T4303] task_work_run+0x125/0x1a0 [ 76.213981][ T4303] do_exit+0x626/0x20c0 [ 76.218639][ T4303] do_group_exit+0x12e/0x300 [ 76.223731][ T4303] get_signal+0x6ca/0x12c0 [ 76.228650][ T4303] arch_do_signal_or_restart+0xe7/0x12c0 [ 76.234789][ T4303] exit_to_user_mode_loop+0x9e/0x130 [ 76.240580][ T4303] exit_to_user_mode_prepare+0xee/0x180 [ 76.246628][ T4303] syscall_exit_to_user_mode+0x16/0x40 [ 76.252592][ T4303] do_syscall_64+0x58/0xa0 [ 76.257510][ T4303] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.263905][ T4303] [ 76.263905][ T4303] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 76.271527][ T4303] __mutex_lock_common+0x1e3/0x2400 [ 76.277236][ T4303] mutex_lock_nested+0x17/0x20 [ 76.282508][ T4303] bg_scan_update+0x44/0x3b0 [ 76.287607][ T4303] process_one_work+0x85f/0x1010 [ 76.293094][ T4303] worker_thread+0xaa6/0x1290 [ 76.298272][ T4303] kthread+0x436/0x520 [ 76.302987][ T4303] ret_from_fork+0x1f/0x30 [ 76.307920][ T4303] [ 76.307920][ T4303] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 76.317744][ T4303] __lock_acquire+0x2c42/0x7d10 [ 76.323110][ T4303] lock_acquire+0x19e/0x400 [ 76.328121][ T4303] __flush_work+0x116/0x210 [ 76.333127][ T4303] __cancel_work_timer+0x3f4/0x560 [ 76.338742][ T4303] hci_request_cancel_all+0xcc/0x300 [ 76.344527][ T4303] hci_dev_do_close+0x4e/0x1030 [ 76.349881][ T4303] hci_rfkill_set_block+0x10a/0x190 [ 76.355585][ T4303] rfkill_set_block+0x1c6/0x420 [ 76.360943][ T4303] rfkill_fop_write+0x452/0x560 [ 76.366297][ T4303] do_iter_write+0x3e4/0x7b0 [ 76.371386][ T4303] do_writev+0x281/0x480 [ 76.376131][ T4303] do_syscall_64+0x4c/0xa0 [ 76.381051][ T4303] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.387447][ T4303] [ 76.387447][ T4303] other info that might help us debug this: [ 76.387447][ T4303] [ 76.397650][ T4303] Chain exists of: [ 76.397650][ T4303] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 76.397650][ T4303] [ 76.413354][ T4303] Possible unsafe locking scenario: [ 76.413354][ T4303] [ 76.420780][ T4303] CPU0 CPU1 [ 76.426127][ T4303] ---- ---- [ 76.431471][ T4303] lock(rfkill_global_mutex); [ 76.436240][ T4303] lock(&data->open_mutex); [ 76.443330][ T4303] lock(rfkill_global_mutex); [ 76.450592][ T4303] lock((work_completion)(&hdev->bg_scan_update)); [ 76.457157][ T4303] [ 76.457157][ T4303] *** DEADLOCK *** [ 76.457157][ T4303] [ 76.465365][ T4303] 1 lock held by syz.0.17/4303: [ 76.470191][ T4303] #0: ffffffff8d6c51a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x18b/0x560 [ 76.480264][ T4303] [ 76.480264][ T4303] stack backtrace: [ 76.486146][ T4303] CPU: 1 PID: 4303 Comm: syz.0.17 Not tainted syzkaller #0 [ 76.493325][ T4303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 76.503368][ T4303] Call Trace: [ 76.506634][ T4303] [ 76.509547][ T4303] dump_stack_lvl+0x188/0x250 [ 76.514208][ T4303] ? load_image+0x400/0x400 [ 76.518692][ T4303] ? show_regs_print_info+0x20/0x20 [ 76.523876][ T4303] ? print_circular_bug+0x12b/0x1a0 [ 76.529059][ T4303] check_noncircular+0x296/0x330 [ 76.533978][ T4303] ? look_up_lock_class+0x71/0x110 [ 76.539072][ T4303] ? add_chain_block+0x940/0x940 [ 76.543993][ T4303] ? lockdep_lock+0xf1/0x1f0 [ 76.548568][ T4303] ? __lock_acquire+0x12e8/0x7d10 [ 76.553577][ T4303] ? mark_lock+0x94/0x320 [ 76.557888][ T4303] __lock_acquire+0x2c42/0x7d10 [ 76.562740][ T4303] ? verify_lock_unused+0x140/0x140 [ 76.567938][ T4303] ? verify_lock_unused+0x140/0x140 [ 76.573128][ T4303] ? mark_lock+0x94/0x320 [ 76.577451][ T4303] lock_acquire+0x19e/0x400 [ 76.581949][ T4303] ? __flush_work+0xfa/0x210 [ 76.586525][ T4303] ? __lock_acquire+0x7d10/0x7d10 [ 76.591540][ T4303] ? read_lock_is_recursive+0x10/0x10 [ 76.596904][ T4303] ? start_flush_work+0x776/0x820 [ 76.601928][ T4303] __flush_work+0x116/0x210 [ 76.606414][ T4303] ? __flush_work+0xfa/0x210 [ 76.610983][ T4303] ? flush_work+0x20/0x20 [ 76.615290][ T4303] ? try_to_grab_pending+0xfa/0x7f0 [ 76.620469][ T4303] ? mark_lock+0x94/0x320 [ 76.624785][ T4303] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 76.630756][ T4303] ? lock_chain_count+0x20/0x20 [ 76.635595][ T4303] ? mark_lock+0x94/0x320 [ 76.639906][ T4303] ? __cancel_work_timer+0x36a/0x560 [ 76.645176][ T4303] __cancel_work_timer+0x3f4/0x560 [ 76.650272][ T4303] ? cancel_work_sync+0x20/0x20 [ 76.655118][ T4303] ? __cancel_work+0x1f9/0x2e0 [ 76.659861][ T4303] ? lockdep_hardirqs_on+0x94/0x140 [ 76.665049][ T4303] ? __cancel_work+0x27b/0x2e0 [ 76.669800][ T4303] ? cancel_work+0x20/0x20 [ 76.674197][ T4303] ? lock_chain_count+0x20/0x20 [ 76.679035][ T4303] hci_request_cancel_all+0xcc/0x300 [ 76.684305][ T4303] hci_dev_do_close+0x4e/0x1030 [ 76.689139][ T4303] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 76.695012][ T4303] ? _raw_spin_unlock+0x40/0x40 [ 76.699843][ T4303] hci_rfkill_set_block+0x10a/0x190 [ 76.705031][ T4303] ? rcu_lock_release+0x20/0x20 [ 76.709866][ T4303] rfkill_set_block+0x1c6/0x420 [ 76.714703][ T4303] rfkill_fop_write+0x452/0x560 [ 76.719535][ T4303] ? _copy_from_user+0x111/0x170 [ 76.724455][ T4303] ? rfkill_fop_read+0x4d0/0x4d0 [ 76.729382][ T4303] ? common_file_perm+0x171/0x1c0 [ 76.734391][ T4303] ? fsnotify_perm+0x5d/0x560 [ 76.739051][ T4303] ? security_file_permission+0x75/0xa0 [ 76.744579][ T4303] do_iter_write+0x3e4/0x7b0 [ 76.749242][ T4303] do_writev+0x281/0x480 [ 76.753471][ T4303] ? do_readv+0x460/0x460 [ 76.757873][ T4303] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 76.763844][ T4303] ? lock_chain_count+0x20/0x20 [ 76.768678][ T4303] ? vtime_user_exit+0x2c8/0x3e0 [ 76.773601][ T4303] ? lockdep_hardirqs_on+0x94/0x140 [ 76.778781][ T4303] do_syscall_64+0x4c/0xa0 [ 76.783180][ T4303] ? clear_bhb_loop+0x30/0x80 [ 76.787845][ T4303] ? clear_bhb_loop+0x30/0x80 [ 76.792504][ T4303] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.798385][ T4303] RIP: 0033:0x7fc6a5362819 [ 76.802787][ T4303] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 76.822374][ T4303] RSP: 002b:00007ffdd1858238 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 76.830773][ T4303] RAX: ffffffffffffffda RBX: 00007fc6a55dbfa0 RCX: 00007fc6a5362819 [ 76.838726][ T4303] RDX: 0000000000000001 RSI: 0000200000001280 RDI: 0000000000000003 [ 76.846678][ T4303] RBP: 00007fc6a53f8c91 R08: 0000000000000000 R09: 0000000000000000 [ 76.854630][ T4303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.862581][ T4303] R13: 00007fc6a55dbfac R14: 00007fc6a55dbfa0 R15: 00007fc6a55dbfa0 [ 76.870538][ T4303]