[ 81.737545][ T3159] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.189' (ED25519) to the list of known hosts. 2026/02/21 20:47:05 parsed 1 programs [ 89.952474][ T4196] cgroup: Unknown subsys name 'net' [ 90.091850][ T4196] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.589402][ T4196] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 93.339408][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.350323][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.361933][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 93.385200][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.393614][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.402085][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 94.219614][ T4234] chnl_net:caif_netlink_parms(): no params data found [ 94.289625][ T4234] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.297758][ T4234] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.307050][ T4234] device bridge_slave_0 entered promiscuous mode [ 94.317479][ T4234] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.324728][ T4234] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.334294][ T4234] device bridge_slave_1 entered promiscuous mode [ 94.363558][ T4234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.377290][ T4234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.410562][ T4234] team0: Port device team_slave_0 added [ 94.419269][ T4234] team0: Port device team_slave_1 added [ 94.445849][ T4234] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.453883][ T4234] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.482918][ T4234] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.499050][ T4234] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.506193][ T4234] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.534890][ T4234] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.584951][ T4234] device hsr_slave_0 entered promiscuous mode [ 94.593817][ T4234] device hsr_slave_1 entered promiscuous mode [ 94.745741][ T4234] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.761597][ T4234] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.772815][ T4234] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.785486][ T4234] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.875730][ T4234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.895454][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 94.911040][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.924558][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.936662][ T4234] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.958567][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.968582][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.978646][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.986240][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.996854][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 95.010254][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 95.018909][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.026346][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.038645][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.051778][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 95.063587][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 95.080615][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 95.100397][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 95.109368][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 95.120927][ T4234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 95.230444][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 95.239884][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 95.256525][ T4234] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.289471][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 95.321973][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 95.341842][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 95.354236][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 95.370236][ T4234] device veth0_vlan entered promiscuous mode [ 95.391308][ T4234] device veth1_vlan entered promiscuous mode [ 95.445334][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 95.455642][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 95.467464][ T4234] device veth0_macvtap entered promiscuous mode [ 95.478351][ T4234] device veth1_macvtap entered promiscuous mode [ 95.493020][ T4234] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.502399][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 95.510982][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 95.520597][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 95.530840][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 95.543772][ T4234] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.552024][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 95.561381][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 95.572903][ T4234] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.582707][ T4234] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.591776][ T4234] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.600915][ T4234] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2026/02/21 20:47:14 executed programs: 0 [ 97.349465][ T4291] chnl_net:caif_netlink_parms(): no params data found [ 97.429227][ T4291] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.436815][ T4291] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.445038][ T4291] device bridge_slave_0 entered promiscuous mode [ 97.458409][ T4291] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.465742][ T4291] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.477268][ T4291] device bridge_slave_1 entered promiscuous mode [ 97.503939][ T4291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.517236][ T4291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.546650][ T4291] team0: Port device team_slave_0 added [ 97.555176][ T4291] team0: Port device team_slave_1 added [ 97.580545][ T4291] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.587644][ T4291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.615272][ T4291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.630903][ T4291] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.638137][ T4291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.665359][ T4291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.705717][ T4291] device hsr_slave_0 entered promiscuous mode [ 97.712838][ T4291] device hsr_slave_1 entered promiscuous mode [ 97.721881][ T4291] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.730068][ T4291] Cannot create hsr debugfs directory [ 97.831943][ T4291] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.267094][ T4255] Bluetooth: hci0: command 0x0409 tx timeout [ 100.453841][ T4291] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.500831][ T4291] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.554755][ T4291] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.672708][ T4291] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.698747][ T4291] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.708669][ T4291] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.718961][ T4291] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.772056][ T4291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.786494][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 100.794668][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.805508][ T4291] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.829049][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 100.838495][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 100.847328][ T1248] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.854486][ T1248] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.865234][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 100.874565][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 100.884243][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 100.895814][ T1248] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.902953][ T1248] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.917581][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 100.927506][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 100.942311][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 100.952969][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 100.962310][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 100.991529][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.000726][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.011971][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 101.020899][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 101.035048][ T4291] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 101.047915][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 101.057249][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 101.065762][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 101.188985][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 101.197419][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 101.230674][ T4291] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.248021][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 101.258126][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 101.278667][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 101.287480][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 101.295910][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 101.304429][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 101.315242][ T4291] device veth0_vlan entered promiscuous mode [ 101.327067][ T155] device hsr_slave_0 left promiscuous mode [ 101.333959][ T155] device hsr_slave_1 left promiscuous mode [ 101.340305][ T4255] Bluetooth: hci0: command 0x041b tx timeout [ 101.349271][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 101.357134][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 101.365267][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.373633][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.381908][ T155] device bridge_slave_1 left promiscuous mode [ 101.389454][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.401869][ T155] device bridge_slave_0 left promiscuous mode [ 101.408385][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.425249][ T155] device veth1_macvtap left promiscuous mode [ 101.432902][ T155] device veth0_macvtap left promiscuous mode [ 101.439283][ T155] device veth1_vlan left promiscuous mode [ 101.445354][ T155] device veth0_vlan left promiscuous mode [ 101.602617][ T155] team0 (unregistering): Port device team_slave_1 removed [ 101.615029][ T155] team0 (unregistering): Port device team_slave_0 removed [ 101.630564][ T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.647629][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 101.703856][ T155] bond0 (unregistering): Released all slaves [ 101.745782][ T4291] device veth1_vlan entered promiscuous mode [ 101.767921][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 101.776652][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 101.784846][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 101.794535][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 101.805472][ T4291] device veth0_macvtap entered promiscuous mode [ 101.815070][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 101.836271][ T4291] device veth1_macvtap entered promiscuous mode [ 101.863580][ T4291] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.871343][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 101.879976][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 101.892545][ T4291] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.902417][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 101.911653][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 101.922605][ T4291] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.932082][ T4291] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.941362][ T4291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.950824][ T4291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.015080][ T1248] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.025277][ T1248] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.033256][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 102.052411][ T1248] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.061495][ T1248] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.070057][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 102.124113][ T4309] input: syz1 as /devices/virtual/input/input5 [ 102.230276][ T1109] [ 102.232656][ T1109] ====================================================== [ 102.240114][ T1109] WARNING: possible circular locking dependency detected [ 102.247163][ T1109] syzkaller #0 Not tainted [ 102.251962][ T1109] ------------------------------------------------------ [ 102.258992][ T1109] kworker/0:3/1109 is trying to acquire lock: [ 102.265216][ T1109] ffff888027e70c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xfa/0x210 [ 102.276301][ T1109] [ 102.276301][ T1109] but task is already holding lock: [ 102.284156][ T1109] ffffffff8d6c4b48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x43/0x170 [ 102.293546][ T1109] [ 102.293546][ T1109] which lock already depends on the new lock. [ 102.293546][ T1109] [ 102.304313][ T1109] [ 102.304313][ T1109] the existing dependency chain (in reverse order) is: [ 102.313428][ T1109] [ 102.313428][ T1109] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 102.321420][ T1109] __mutex_lock_common+0x1e3/0x2400 [ 102.327238][ T1109] mutex_lock_nested+0x17/0x20 [ 102.332609][ T1109] rfkill_register+0x33/0x8a0 [ 102.337808][ T1109] hci_register_dev+0x452/0x970 [ 102.343271][ T1109] vhci_create_device+0x32c/0x5c0 [ 102.348812][ T1109] vhci_write+0x391/0x450 [ 102.353762][ T1109] vfs_write+0x745/0xd60 [ 102.358566][ T1109] ksys_write+0x152/0x260 [ 102.363416][ T1109] do_syscall_64+0x4c/0xa0 [ 102.368373][ T1109] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 102.374782][ T1109] [ 102.374782][ T1109] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 102.382598][ T1109] __mutex_lock_common+0x1e3/0x2400 [ 102.388414][ T1109] mutex_lock_nested+0x17/0x20 [ 102.393925][ T1109] vhci_send_frame+0x88/0x100 [ 102.399324][ T1109] hci_send_frame+0x1a9/0x2e0 [ 102.404633][ T1109] hci_tx_work+0x9f9/0x1710 [ 102.409688][ T1109] process_one_work+0x85f/0x1010 [ 102.415336][ T1109] worker_thread+0xaa6/0x1290 [ 102.420629][ T1109] kthread+0x436/0x520 [ 102.425395][ T1109] ret_from_fork+0x1f/0x30 [ 102.430540][ T1109] [ 102.430540][ T1109] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 102.439920][ T1109] __flush_work+0x116/0x210 [ 102.445126][ T1109] hci_dev_do_close+0x1e7/0x1030 [ 102.450753][ T1109] hci_unregister_dev+0x2d7/0x580 [ 102.456493][ T1109] vhci_release+0x73/0xc0 [ 102.461455][ T1109] __fput+0x234/0x930 [ 102.466071][ T1109] task_work_run+0x125/0x1a0 [ 102.471325][ T1109] do_exit+0x626/0x20c0 [ 102.476190][ T1109] do_group_exit+0x12e/0x300 [ 102.481305][ T1109] get_signal+0x6ca/0x12c0 [ 102.486237][ T1109] arch_do_signal_or_restart+0xe7/0x12c0 [ 102.492582][ T1109] exit_to_user_mode_loop+0x9e/0x130 [ 102.498587][ T1109] exit_to_user_mode_prepare+0xee/0x180 [ 102.504831][ T1109] syscall_exit_to_user_mode+0x16/0x40 [ 102.511020][ T1109] do_syscall_64+0x58/0xa0 [ 102.516204][ T1109] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 102.522975][ T1109] [ 102.522975][ T1109] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 102.530722][ T1109] __mutex_lock_common+0x1e3/0x2400 [ 102.536557][ T1109] mutex_lock_nested+0x17/0x20 [ 102.542119][ T1109] bg_scan_update+0x44/0x3b0 [ 102.547685][ T1109] process_one_work+0x85f/0x1010 [ 102.553249][ T1109] worker_thread+0xaa6/0x1290 [ 102.558531][ T1109] kthread+0x436/0x520 [ 102.563300][ T1109] ret_from_fork+0x1f/0x30 [ 102.568524][ T1109] [ 102.568524][ T1109] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 102.578451][ T1109] __lock_acquire+0x2c42/0x7d10 [ 102.583863][ T1109] lock_acquire+0x19e/0x400 [ 102.588885][ T1109] __flush_work+0x116/0x210 [ 102.593913][ T1109] __cancel_work_timer+0x3f4/0x560 [ 102.599634][ T1109] hci_request_cancel_all+0xcc/0x300 [ 102.605435][ T1109] hci_dev_do_close+0x4e/0x1030 [ 102.610980][ T1109] hci_rfkill_set_block+0x10a/0x190 [ 102.616796][ T1109] rfkill_set_block+0x1c6/0x420 [ 102.622344][ T1109] rfkill_epo+0x75/0x170 [ 102.627194][ T1109] rfkill_op_handler+0x76/0x220 [ 102.632566][ T1109] process_one_work+0x85f/0x1010 [ 102.638150][ T1109] worker_thread+0xaa6/0x1290 [ 102.643375][ T1109] kthread+0x436/0x520 [ 102.648083][ T1109] ret_from_fork+0x1f/0x30 [ 102.653413][ T1109] [ 102.653413][ T1109] other info that might help us debug this: [ 102.653413][ T1109] [ 102.663745][ T1109] Chain exists of: [ 102.663745][ T1109] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 102.663745][ T1109] [ 102.680134][ T1109] Possible unsafe locking scenario: [ 102.680134][ T1109] [ 102.687891][ T1109] CPU0 CPU1 [ 102.693518][ T1109] ---- ---- [ 102.700012][ T1109] lock(rfkill_global_mutex); [ 102.704952][ T1109] lock(&data->open_mutex); [ 102.712057][ T1109] lock(rfkill_global_mutex); [ 102.719442][ T1109] lock((work_completion)(&hdev->bg_scan_update)); [ 102.726129][ T1109] [ 102.726129][ T1109] *** DEADLOCK *** [ 102.726129][ T1109] [ 102.734353][ T1109] 3 locks held by kworker/0:3/1109: [ 102.739645][ T1109] #0: ffff888016c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 102.751045][ T1109] #1: ffffc900048b7d00 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 102.762394][ T1109] #2: ffffffff8d6c4b48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x43/0x170 [ 102.772137][ T1109] [ 102.772137][ T1109] stack backtrace: [ 102.778035][ T1109] CPU: 0 PID: 1109 Comm: kworker/0:3 Not tainted syzkaller #0 [ 102.785612][ T1109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 102.795783][ T1109] Workqueue: events rfkill_op_handler [ 102.801199][ T1109] Call Trace: [ 102.804589][ T1109] [ 102.807606][ T1109] dump_stack_lvl+0x188/0x250 [ 102.812291][ T1109] ? load_image+0x400/0x400 [ 102.816838][ T1109] ? show_regs_print_info+0x20/0x20 [ 102.822126][ T1109] ? print_circular_bug+0x12b/0x1a0 [ 102.827329][ T1109] check_noncircular+0x296/0x330 [ 102.832453][ T1109] ? look_up_lock_class+0x71/0x110 [ 102.837620][ T1109] ? add_chain_block+0x940/0x940 [ 102.842954][ T1109] ? lockdep_lock+0xf1/0x1f0 [ 102.847737][ T1109] ? __lock_acquire+0x12e8/0x7d10 [ 102.852790][ T1109] ? mark_lock+0x94/0x320 [ 102.857296][ T1109] __lock_acquire+0x2c42/0x7d10 [ 102.862244][ T1109] ? verify_lock_unused+0x140/0x140 [ 102.867641][ T1109] lock_acquire+0x19e/0x400 [ 102.872765][ T1109] ? __flush_work+0xfa/0x210 [ 102.877391][ T1109] ? __lock_acquire+0x7d10/0x7d10 [ 102.882437][ T1109] ? read_lock_is_recursive+0x10/0x10 [ 102.887956][ T1109] ? start_flush_work+0x776/0x820 [ 102.893160][ T1109] __flush_work+0x116/0x210 [ 102.897670][ T1109] ? __flush_work+0xfa/0x210 [ 102.902467][ T1109] ? flush_work+0x20/0x20 [ 102.906918][ T1109] ? try_to_grab_pending+0xfa/0x7f0 [ 102.912231][ T1109] ? mark_lock+0x94/0x320 [ 102.916759][ T1109] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 102.922750][ T1109] ? lock_chain_count+0x20/0x20 [ 102.927797][ T1109] ? mark_lock+0x94/0x320 [ 102.932266][ T1109] ? __cancel_work_timer+0x36a/0x560 [ 102.937766][ T1109] __cancel_work_timer+0x3f4/0x560 [ 102.942904][ T1109] ? cancel_work_sync+0x20/0x20 [ 102.947957][ T1109] ? __cancel_work+0x1f9/0x2e0 [ 102.952924][ T1109] ? lockdep_hardirqs_on+0x94/0x140 [ 102.958297][ T1109] ? __cancel_work+0x27b/0x2e0 [ 102.963332][ T1109] ? cancel_work+0x20/0x20 [ 102.967859][ T1109] hci_request_cancel_all+0xcc/0x300 [ 102.973285][ T1109] hci_dev_do_close+0x4e/0x1030 [ 102.978335][ T1109] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 102.984225][ T1109] ? _raw_spin_unlock+0x40/0x40 [ 102.989245][ T1109] ? kobject_uevent_env+0x371/0x890 [ 102.994450][ T1109] hci_rfkill_set_block+0x10a/0x190 [ 102.999853][ T1109] ? rcu_lock_release+0x20/0x20 [ 103.004922][ T1109] rfkill_set_block+0x1c6/0x420 [ 103.009873][ T1109] rfkill_epo+0x75/0x170 [ 103.014120][ T1109] rfkill_op_handler+0x76/0x220 [ 103.019061][ T1109] process_one_work+0x85f/0x1010 [ 103.024205][ T1109] ? worker_detach_from_pool+0x240/0x240 [ 103.030131][ T1109] ? lockdep_hardirqs_off+0x70/0x100 [ 103.035442][ T1109] ? _raw_spin_lock_irq+0xb7/0xf0 [ 103.040880][ T1109] ? _raw_spin_lock_irqsave+0x100/0x100 [ 103.046544][ T1109] ? wq_worker_running+0x97/0x170 [ 103.051604][ T1109] worker_thread+0xaa6/0x1290 [ 103.056457][ T1109] ? lockdep_hardirqs_on+0x94/0x140 [ 103.061655][ T1109] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 103.067639][ T1109] kthread+0x436/0x520 [ 103.071712][ T1109] ? rcu_lock_release+0x20/0x20 [ 103.076655][ T1109] ? kthread_blkcg+0xd0/0xd0 [ 103.081331][ T1109] ret_from_fork+0x1f/0x30 [ 103.086033][ T1109]