Warning: Permanently added '[localhost]:18160' (ECDSA) to the list of known hosts. 2025/01/17 16:47:16 fuzzer started 2025/01/17 16:47:16 dialing manager at localhost:44245 syzkaller login: [ 77.770484] cgroup: Unknown subsys name 'net' [ 77.901915] cgroup: Unknown subsys name 'cpuset' [ 77.935676] cgroup: Unknown subsys name 'rlimit' [ 82.467951] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/17 16:47:32 syscalls: 2217 2025/01/17 16:47:32 code coverage: enabled 2025/01/17 16:47:32 comparison tracing: enabled 2025/01/17 16:47:32 extra coverage: enabled 2025/01/17 16:47:32 setuid sandbox: enabled 2025/01/17 16:47:32 namespace sandbox: enabled 2025/01/17 16:47:32 Android sandbox: enabled 2025/01/17 16:47:32 fault injection: enabled 2025/01/17 16:47:32 leak checking: enabled 2025/01/17 16:47:32 net packet injection: enabled 2025/01/17 16:47:32 net device setup: enabled 2025/01/17 16:47:32 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/17 16:47:32 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/17 16:47:32 USB emulation: enabled 2025/01/17 16:47:32 hci packet injection: enabled 2025/01/17 16:47:32 wifi device emulation: enabled 2025/01/17 16:47:32 802.15.4 emulation: enabled 2025/01/17 16:47:32 fetching corpus: 0, signal 0/0 (executing program) 2025/01/17 16:47:32 fetching corpus: 0, signal 0/0 (executing program) 2025/01/17 16:47:35 starting 8 fuzzer processes 16:47:35 executing program 0: ioperm(0x0, 0x6, 0x7fff) syz_io_uring_setup(0x0, &(0x7f0000000100), &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000001440), &(0x7f0000000040)) 16:47:35 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000001540)={0x28, 0x1, 0x4, 0x101, 0x0, 0x0, {}, [@NFULA_CFG_MODE={0xa, 0x2, {0x0, 0x2}}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x28}}, 0x0) getpriority(0x1, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2001, 0x0) write$rfkill(r1, 0x0, 0x72) fcntl$setown(r0, 0x8, 0x0) [ 96.354874] audit: type=1400 audit(1737132455.375:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 16:47:35 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000040), 0x4) sendmmsg$inet6(r1, &(0x7f0000002880), 0x4000101, 0x1c) 16:47:35 executing program 3: r0 = fsopen(&(0x7f00000001c0)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000009c0)='\x00\x01\x00\x00\x00\x00\x00\x00\x00\x90', 0x0, 0x0) 16:47:35 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind(r0, &(0x7f0000000100)=@generic={0x0, "6d3fe1d6687c35e1a7bddeff926d95eb33a38f19a215abe8d3983e27ce06eb513d2078169ca97fa2c6d2df565f2094fa5a1eceb7bf8c993679dd08244894c81c7602dc555d3ad75153bd49558b8d1bb02d673c40eee54e06bf7e9f6916c5979152d8c5c0effa418b07cfbe91fba3fa23822b5bc41b9d2689c51f9f61451e"}, 0x80) 16:47:35 executing program 5: syz_emit_vhci(&(0x7f0000000200)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@none, "71b906", 0x1}}}, 0xd) 16:47:35 executing program 6: prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) syz_open_procfs(0x0, 0x0) 16:47:35 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)={0x20, 0x6d, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd=r0}, @typed={0x8, 0x0, 0x0, 0x0, @pid=0xffffffffffffffff}]}, 0x20}], 0x1}, 0x0) [ 97.741202] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.745909] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.759870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.770114] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.776575] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 97.780629] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.845071] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.850310] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.856217] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.878145] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.881332] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 97.888111] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.931382] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.937249] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 97.939443] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 97.941958] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 97.946649] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.950782] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 97.973003] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 97.983468] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.991507] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 97.995036] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 97.999593] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 98.002328] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 98.004084] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 98.005076] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 98.008629] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 98.011492] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 98.016381] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 98.017403] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 98.025661] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 98.031537] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 98.032287] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 98.032430] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 98.032995] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 98.034370] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 98.035601] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 98.037067] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 98.041604] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 98.042439] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 98.045004] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 98.045461] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.057331] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 98.057667] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 98.075210] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 98.086959] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 98.091324] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 98.095969] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 99.820005] Bluetooth: hci0: command tx timeout [ 99.946852] Bluetooth: hci1: command tx timeout [ 100.075090] Bluetooth: hci2: command tx timeout [ 100.139136] Bluetooth: hci5: command tx timeout [ 100.139359] Bluetooth: hci6: command tx timeout [ 100.140258] Bluetooth: hci4: command tx timeout [ 100.203800] Bluetooth: hci7: command tx timeout [ 100.204039] Bluetooth: hci3: command tx timeout [ 101.867132] Bluetooth: hci0: command tx timeout [ 101.994848] Bluetooth: hci1: command tx timeout [ 102.123388] Bluetooth: hci2: command tx timeout [ 102.187287] Bluetooth: hci4: command tx timeout [ 102.187464] Bluetooth: hci6: command tx timeout [ 102.187568] Bluetooth: hci5: command tx timeout [ 102.250894] Bluetooth: hci3: command tx timeout [ 102.251072] Bluetooth: hci7: command tx timeout [ 103.915152] Bluetooth: hci0: command tx timeout [ 104.042818] Bluetooth: hci1: command tx timeout [ 104.170833] Bluetooth: hci2: command tx timeout [ 104.235031] Bluetooth: hci5: command tx timeout [ 104.235230] Bluetooth: hci6: command tx timeout [ 104.235413] Bluetooth: hci4: command tx timeout [ 104.299427] Bluetooth: hci7: command tx timeout [ 104.300669] Bluetooth: hci3: command tx timeout [ 105.962791] Bluetooth: hci0: command tx timeout [ 106.091742] Bluetooth: hci1: command tx timeout [ 106.218809] Bluetooth: hci2: command tx timeout [ 106.282795] Bluetooth: hci4: command tx timeout [ 106.283319] Bluetooth: hci6: command tx timeout [ 106.283952] Bluetooth: hci5: command tx timeout [ 106.346895] Bluetooth: hci3: command tx timeout [ 106.347693] Bluetooth: hci7: command tx timeout [ 160.318886] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 160.319927] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 160.320959] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 160.321349] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 160.321791] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 160.322166] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 160.325180] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 160.325553] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 160.328274] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 160.328920] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 160.329729] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 160.333110] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 160.504940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 160.507112] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 160.516794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 160.532523] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 160.536069] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 160.538106] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 160.569444] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 160.585065] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 160.592064] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 160.631541] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 160.648098] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 160.648307] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 160.657886] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 160.658445] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 160.665921] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 160.667618] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 160.668568] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 160.669086] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 160.767055] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 160.777102] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 160.820993] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 160.836045] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 160.847870] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 160.848395] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 160.849961] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 160.850885] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 160.851254] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 160.859207] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 160.863399] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 160.864677] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 160.873830] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 160.874896] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 160.875277] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 160.889453] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 160.897023] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 160.913021] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 162.349254] Bluetooth: hci0: command tx timeout [ 162.411430] Bluetooth: hci1: command tx timeout [ 162.603428] Bluetooth: hci2: command tx timeout [ 162.731795] Bluetooth: hci3: command tx timeout [ 162.794854] Bluetooth: hci4: command tx timeout [ 162.922916] Bluetooth: hci5: command tx timeout [ 162.922932] Bluetooth: hci6: command tx timeout [ 163.115951] Bluetooth: hci7: command tx timeout [ 164.394836] Bluetooth: hci0: command tx timeout [ 164.459322] Bluetooth: hci1: command tx timeout [ 164.652729] Bluetooth: hci2: command tx timeout [ 164.778978] Bluetooth: hci3: command tx timeout [ 164.842777] Bluetooth: hci4: command tx timeout [ 164.972747] Bluetooth: hci5: command tx timeout [ 164.972840] Bluetooth: hci6: command tx timeout [ 165.162800] Bluetooth: hci7: command tx timeout [ 166.443759] Bluetooth: hci0: command tx timeout [ 166.506782] Bluetooth: hci1: command tx timeout [ 166.699802] Bluetooth: hci2: command tx timeout [ 166.827738] Bluetooth: hci3: command tx timeout [ 166.890765] Bluetooth: hci4: command tx timeout [ 167.018818] Bluetooth: hci5: command tx timeout [ 167.021718] Bluetooth: hci6: command tx timeout [ 167.212572] Bluetooth: hci7: command tx timeout [ 168.490851] Bluetooth: hci0: command tx timeout [ 168.555736] Bluetooth: hci1: command tx timeout [ 168.747788] Bluetooth: hci2: command tx timeout [ 168.875920] Bluetooth: hci3: command tx timeout [ 168.940731] Bluetooth: hci4: command tx timeout [ 169.067816] Bluetooth: hci6: command tx timeout [ 169.068306] Bluetooth: hci5: command tx timeout [ 169.259762] Bluetooth: hci7: command tx timeout [ 219.023303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.023429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.383717] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.383793] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.362385] [ 220.362638] ====================================================== [ 220.363224] WARNING: possible circular locking dependency detected [ 220.363812] 6.13.0-rc7-next-20250117 #1 Not tainted [ 220.364294] ------------------------------------------------------ [ 220.365544] kworker/u8:1/67 is trying to acquire lock: [ 220.366701] ffffffff8621b968 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 220.368576] [ 220.368576] but task is already holding lock: [ 220.370064] ffff88801b4b8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 220.371873] [ 220.371873] which lock already depends on the new lock. [ 220.371873] [ 220.373570] [ 220.373570] the existing dependency chain (in reverse order) is: [ 220.374287] [ 220.374287] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 220.374953] __mutex_lock+0x13d/0xb50 [ 220.375415] wiphy_register+0x1b2e/0x25d0 [ 220.375911] ieee80211_register_hw+0x23a4/0x3d60 [ 220.376452] mac80211_hwsim_new_radio+0x2759/0x4d50 [ 220.377014] init_mac80211_hwsim+0x389/0x870 [ 220.377531] do_one_initcall+0xf9/0x640 [ 220.378005] kernel_init_freeable+0x53d/0x7a0 [ 220.378527] kernel_init+0x1e/0x2d0 [ 220.378943] ret_from_fork+0x48/0x80 [ 220.379369] ret_from_fork_asm+0x1a/0x30 [ 220.379849] [ 220.379849] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 220.380453] __lock_acquire+0x29fd/0x4580 [ 220.380933] lock_acquire+0x19b/0x520 [ 220.381371] __mutex_lock+0x13d/0xb50 [ 220.381818] unregister_netdevice_many_notify+0x1612/0x1c80 [ 220.382428] unregister_netdevice_queue+0x224/0x2e0 [ 220.382973] _cfg80211_unregister_wdev+0x57b/0x700 [ 220.383522] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 220.384062] ieee80211_unregister_hw+0x55/0x3a0 [ 220.384586] hwsim_exit_net+0x3a0/0x730 [ 220.385063] ops_exit_list+0xb3/0x180 [ 220.385523] cleanup_net+0x546/0xad0 [ 220.385967] process_one_work+0x8ee/0x1a10 [ 220.386483] worker_thread+0x674/0xe70 [ 220.386960] kthread+0x3ab/0x720 [ 220.387387] ret_from_fork+0x48/0x80 [ 220.387811] ret_from_fork_asm+0x1a/0x30 [ 220.388289] [ 220.388289] other info that might help us debug this: [ 220.388289] [ 220.389034] Possible unsafe locking scenario: [ 220.389034] [ 220.389606] CPU0 CPU1 [ 220.390059] ---- ---- [ 220.390518] lock(&rdev->wiphy.mtx); [ 220.390921] lock(rtnl_mutex); [ 220.391483] lock(&rdev->wiphy.mtx); [ 220.392127] lock(rtnl_mutex); [ 220.392489] [ 220.392489] *** DEADLOCK *** [ 220.392489] [ 220.393074] 4 locks held by kworker/u8:1/67: [ 220.393504] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 220.394508] #1: ffff88800ebd7d30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 220.395480] #2: ffffffff8620f810 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 220.396392] #3: ffff88801b4b8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 220.397413] [ 220.397413] stack backtrace: [ 220.397846] CPU: 1 UID: 0 PID: 67 Comm: kworker/u8:1 Not tainted 6.13.0-rc7-next-20250117 #1 [ 220.398643] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 220.399426] Workqueue: netns cleanup_net [ 220.399835] Call Trace: [ 220.400084] [ 220.400307] dump_stack_lvl+0xca/0x120 [ 220.400719] print_circular_bug+0x47b/0x750 [ 220.401148] check_noncircular+0x2e9/0x3c0 [ 220.401567] ? __pfx_check_noncircular+0x10/0x10 [ 220.402035] ? hlock_class+0x4e/0x130 [ 220.402414] ? mark_lock+0xac/0xed0 [ 220.402783] ? srso_return_thunk+0x5/0x5f [ 220.403212] ? dl_scaled_delta_exec+0xd4/0x2c0 [ 220.403664] ? lockdep_lock+0xba/0x1b0 [ 220.404070] ? __pfx_lockdep_lock+0x10/0x10 [ 220.404520] __lock_acquire+0x29fd/0x4580 [ 220.404947] ? __pfx___lock_acquire+0x10/0x10 [ 220.405396] ? lock_release+0x20f/0x6f0 [ 220.405797] ? __pfx_lock_release+0x10/0x10 [ 220.406239] lock_acquire+0x19b/0x520 [ 220.406636] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 220.407227] ? __pfx_lock_acquire+0x10/0x10 [ 220.407665] ? srso_return_thunk+0x5/0x5f [ 220.408109] ? lock_release+0x20f/0x6f0 [ 220.408519] ? srso_return_thunk+0x5/0x5f [ 220.408965] ? lock_is_held_type+0x9e/0x120 [ 220.409414] ? srso_return_thunk+0x5/0x5f [ 220.409854] __mutex_lock+0x13d/0xb50 [ 220.410257] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 220.410844] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 220.411430] ? srso_return_thunk+0x5/0x5f [ 220.411865] ? synchronize_rcu_expedited+0x38a/0x420 [ 220.412390] ? __pfx___mutex_lock+0x10/0x10 [ 220.412841] ? __pfx_autoremove_wake_function+0x10/0x10 [ 220.413373] ? srso_return_thunk+0x5/0x5f [ 220.413800] ? kasan_quarantine_put+0x84/0x1e0 [ 220.414278] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 220.414722] ? srso_return_thunk+0x5/0x5f [ 220.415153] unregister_netdevice_many_notify+0x1612/0x1c80 [ 220.415717] ? __virt_addr_valid+0x2e8/0x5d0 [ 220.416180] ? __pfx_lock_release+0x10/0x10 [ 220.416625] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 220.417218] ? find_held_lock+0x2c/0x110 [ 220.417654] ? srso_return_thunk+0x5/0x5f [ 220.418098] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 220.418613] ? srso_return_thunk+0x5/0x5f [ 220.419048] ? lock_release+0x20f/0x6f0 [ 220.419457] ? __pfx_lock_release+0x10/0x10 [ 220.419905] ? srso_return_thunk+0x5/0x5f [ 220.420343] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 220.420869] ? srso_return_thunk+0x5/0x5f [ 220.421304] unregister_netdevice_queue+0x224/0x2e0 [ 220.421784] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 220.422333] ? up_write+0x195/0x520 [ 220.422732] _cfg80211_unregister_wdev+0x57b/0x700 [ 220.423230] ? srso_return_thunk+0x5/0x5f [ 220.423676] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 220.424184] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 220.424725] ? srso_return_thunk+0x5/0x5f [ 220.425160] ? srso_return_thunk+0x5/0x5f [ 220.425594] ? synchronize_rcu+0x1ff/0x260 [ 220.426020] ieee80211_unregister_hw+0x55/0x3a0 [ 220.426502] hwsim_exit_net+0x3a0/0x730 [ 220.426905] ? __pfx_hwsim_exit_net+0x10/0x10 [ 220.427370] ? srso_return_thunk+0x5/0x5f [ 220.427806] ? netdev_run_todo+0x788/0x1040 [ 220.428259] ? __pfx_hwsim_exit_net+0x10/0x10 [ 220.428712] ops_exit_list+0xb3/0x180 [ 220.429115] cleanup_net+0x546/0xad0 [ 220.429503] ? __pfx_cleanup_net+0x10/0x10 [ 220.429947] process_one_work+0x8ee/0x1a10 [ 220.430407] ? __pfx_lock_acquire+0x10/0x10 [ 220.430847] ? __pfx_process_one_work+0x10/0x10 [ 220.431335] ? srso_return_thunk+0x5/0x5f [ 220.431767] ? move_linked_works+0x172/0x270 [ 220.432225] ? srso_return_thunk+0x5/0x5f [ 220.432662] ? assign_work+0x196/0x240 [ 220.433070] worker_thread+0x674/0xe70 [ 220.433488] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 220.434020] ? srso_return_thunk+0x5/0x5f [ 220.434464] ? __pfx_worker_thread+0x10/0x10 [ 220.434927] kthread+0x3ab/0x720 [ 220.435284] ? __pfx_kthread+0x10/0x10 [ 220.435696] ? srso_return_thunk+0x5/0x5f [ 220.436130] ? finish_task_switch.isra.0+0x206/0x840 [ 220.436650] ? __pfx_kthread+0x10/0x10 [ 220.437064] ret_from_fork+0x48/0x80 [ 220.437447] ? __pfx_kthread+0x10/0x10 [ 220.437866] ret_from_fork_asm+0x1a/0x30 [ 220.438319] [ 222.196071] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 222.198493] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 222.203733] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 222.212989] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 222.219532] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 222.222575] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 222.391278] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 222.393990] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 222.395961] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 222.396165] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 222.399293] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 222.399364] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 222.399542] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 222.400540] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 222.402635] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 222.402957] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 222.405711] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 222.407056] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 222.407586] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 222.407941] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 222.409206] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 222.409584] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 222.411868] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 222.412609] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 222.465124] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 222.475599] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 222.493127] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 222.518427] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 222.541935] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 222.543733] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 222.602197] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 222.607946] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 222.609778] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 222.615058] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 222.620460] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 222.652225] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 222.652524] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 222.687210] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 222.698864] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 222.706870] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 222.745101] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 222.745120] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 222.773228] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 222.779253] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 222.801271] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 222.801453] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 222.808498] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 222.815849] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 224.300749] Bluetooth: hci0: command tx timeout [ 224.491851] Bluetooth: hci1: command tx timeout [ 224.491894] Bluetooth: hci3: command tx timeout [ 224.492026] Bluetooth: hci2: command tx timeout [ 224.620788] Bluetooth: hci4: command tx timeout [ 224.811741] Bluetooth: hci5: command tx timeout [ 224.876731] Bluetooth: hci7: command tx timeout [ 224.876815] Bluetooth: hci6: command tx timeout [ 226.346786] Bluetooth: hci0: command tx timeout [ 226.539003] Bluetooth: hci3: command tx timeout [ 226.539052] Bluetooth: hci2: command tx timeout [ 226.540442] Bluetooth: hci1: command tx timeout [ 226.666997] Bluetooth: hci4: command tx timeout [ 226.859748] Bluetooth: hci5: command tx timeout [ 226.923760] Bluetooth: hci6: command tx timeout [ 226.924244] Bluetooth: hci7: command tx timeout [ 228.395889] Bluetooth: hci0: command tx timeout [ 228.587064] Bluetooth: hci2: command tx timeout [ 228.587118] Bluetooth: hci1: command tx timeout [ 228.587137] Bluetooth: hci3: command tx timeout [ 228.716758] Bluetooth: hci4: command tx timeout [ 228.909230] Bluetooth: hci5: command tx timeout [ 228.971592] Bluetooth: hci7: command tx timeout [ 228.971627] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 16:49:39 Registers: info registers vcpu 0 RAX=ffff8880119bc2d0 RBX=ffff88800dfdd6f0 RCX=ffffffff81429a4a RDX=ffff88801142c8d8 RSI=0000000000000001 RDI=ffff888014e8f530 RBP=ffff888014e8f530 RSP=ffff88800ef1fda0 R8 =0000000000000000 R9 =ffffed1001d9ab00 R10=ffff88800ecd5807 R11=0000000000000532 R12=ffff8880119bdd20 R13=ffff88800dfdd6f0 R14=ffff88800ebc9bc0 R15=0000000000000086 RIP=ffffffff81aecee9 RFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd6b7a725c0 CR3=000000000b968000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000c000056190000000c0002a6150 XMM02=000000c0002a6210000000c00024dfb0 XMM03=000000c0002a6ba0000000c0000562d0 XMM04=000000c000086090000000c000086060 XMM05=000000c0000860f0000000c0000860c0 XMM06=000000c000086150000000c000086120 XMM07=000000c000085760000000c00005b4d0 XMM08=000000c0000864b0000000c000086480 XMM09=000000c000086510000000c0000864e0 XMM10=000000c000086540000000c00005b530 XMM11=000000c0000865a0000000c000086570 XMM12=000000c000086600000000c0000865d0 XMM13=000000c000086660000000c000086630 XMM14=000000c0000866c0000000c000086690 XMM15=000000c0000a1080000000c0000866f0 info registers vcpu 1 RAX=000000000000006c RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283cdc5 RDI=ffffffff886930a0 RBP=ffffffff88693060 RSP=ffff88800ebd6bb8 R8 =0000000000000001 R9 =ffffed1001d7ad67 R10=000000000000006c R11=6f6c206863696877 R12=000000000000006c R13=0000000000000001 R14=ffff888008fea046 R15=ffff88800ebd6eb8 RIP=ffffffff8283ce1d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000556d3effffb0 CR3=000000000733e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffff0000ff000000 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=0000556d3efe53600000000200000004 XMM07=00000000000000000000000000000000 XMM08=2f74656e2f73666e2f73662f7379732f XMM09=00000000000000000000000000000000 XMM10=00000000002000000000000000200000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000