Warning: Permanently added '[localhost]:16053' (ECDSA) to the list of known hosts. 2025/01/21 16:57:43 fuzzer started 2025/01/21 16:57:43 dialing manager at localhost:44689 syzkaller login: [ 70.034476] cgroup: Unknown subsys name 'net' [ 70.155424] cgroup: Unknown subsys name 'cpuset' [ 70.192753] cgroup: Unknown subsys name 'rlimit' [ 75.441833] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 85.751357] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/21 16:57:59 syscalls: 2217 2025/01/21 16:57:59 code coverage: enabled 2025/01/21 16:57:59 comparison tracing: enabled 2025/01/21 16:57:59 extra coverage: enabled 2025/01/21 16:57:59 setuid sandbox: enabled 2025/01/21 16:57:59 namespace sandbox: enabled 2025/01/21 16:57:59 Android sandbox: enabled 2025/01/21 16:57:59 fault injection: enabled 2025/01/21 16:57:59 leak checking: enabled 2025/01/21 16:57:59 net packet injection: enabled 2025/01/21 16:57:59 net device setup: enabled 2025/01/21 16:57:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/21 16:57:59 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/21 16:57:59 USB emulation: enabled 2025/01/21 16:57:59 hci packet injection: enabled 2025/01/21 16:57:59 wifi device emulation: enabled 2025/01/21 16:57:59 802.15.4 emulation: enabled 2025/01/21 16:57:59 fetching corpus: 0, signal 0/0 (executing program) 2025/01/21 16:57:59 fetching corpus: 0, signal 0/0 (executing program) 2025/01/21 16:58:02 starting 8 fuzzer processes 16:58:02 executing program 0: pselect6(0x40, &(0x7f00000004c0)={0x1}, &(0x7f0000000500)={0x7}, &(0x7f0000000540), 0x0, 0x0) 16:58:02 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000012c0)={0x1, &(0x7f0000001280)=[{0x0, 0x1, 0x1, 0x6ff6b960}]}) 16:58:02 executing program 2: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f00000003c0)) clone3(&(0x7f0000000780)={0x1000000, &(0x7f0000000540), 0x0, &(0x7f00000005c0), {0x32}, &(0x7f0000000600)=""/158, 0x9e, 0x0, 0x0}, 0x58) accept$inet6(0xffffffffffffffff, &(0x7f0000000840)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000880)=0x1c) 16:58:02 executing program 3: syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) 16:58:02 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) [ 88.844074] audit: type=1400 audit(1737478682.623:7): avc: denied { execmem } for pid=274 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 16:58:02 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 16:58:02 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}}, 0x0) 16:58:02 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 90.245656] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.247590] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.249570] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.253721] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.255775] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 90.257559] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.305134] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.309553] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.311576] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.318178] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.322479] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 90.326563] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.374156] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.390690] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.400743] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.410321] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.412190] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.414591] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.417716] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.431601] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 90.433726] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.443114] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 90.443904] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.448110] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.450236] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 90.451690] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.455599] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.456453] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.460228] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 90.472006] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 90.477044] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 90.486952] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 90.498811] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 90.500400] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 90.501867] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 90.503153] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 90.504704] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.508883] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 90.511594] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 90.512766] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 90.516390] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 90.521760] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 90.521980] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 90.523768] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 90.525205] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.554864] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 90.605848] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 90.613632] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 92.337614] Bluetooth: hci0: command tx timeout [ 92.400745] Bluetooth: hci1: command tx timeout [ 92.529458] Bluetooth: hci2: command tx timeout [ 92.592895] Bluetooth: hci3: command tx timeout [ 92.593172] Bluetooth: hci7: command tx timeout [ 92.656351] Bluetooth: hci4: command tx timeout [ 92.656370] Bluetooth: hci5: command tx timeout [ 92.720360] Bluetooth: hci6: command tx timeout [ 94.384396] Bluetooth: hci0: command tx timeout [ 94.449303] Bluetooth: hci1: command tx timeout [ 94.576424] Bluetooth: hci2: command tx timeout [ 94.640339] Bluetooth: hci7: command tx timeout [ 94.640417] Bluetooth: hci3: command tx timeout [ 94.704346] Bluetooth: hci4: command tx timeout [ 94.704368] Bluetooth: hci5: command tx timeout [ 94.769312] Bluetooth: hci6: command tx timeout [ 96.432328] Bluetooth: hci0: command tx timeout [ 96.497310] Bluetooth: hci1: command tx timeout [ 96.626311] Bluetooth: hci2: command tx timeout [ 96.689381] Bluetooth: hci3: command tx timeout [ 96.689407] Bluetooth: hci7: command tx timeout [ 96.752664] Bluetooth: hci5: command tx timeout [ 96.752704] Bluetooth: hci4: command tx timeout [ 96.817284] Bluetooth: hci6: command tx timeout [ 98.482343] Bluetooth: hci0: command tx timeout [ 98.545478] Bluetooth: hci1: command tx timeout [ 98.674365] Bluetooth: hci2: command tx timeout [ 98.736466] Bluetooth: hci3: command tx timeout [ 98.736551] Bluetooth: hci7: command tx timeout [ 98.801382] Bluetooth: hci5: command tx timeout [ 98.801476] Bluetooth: hci4: command tx timeout [ 98.864350] Bluetooth: hci6: command tx timeout [ 152.382209] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 152.385104] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 152.387404] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 152.390656] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 152.393028] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 152.394754] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 152.585021] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 152.586652] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 152.588614] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 152.592104] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 152.595530] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 152.597331] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 152.666338] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 152.667653] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 152.668423] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 152.675704] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 152.675825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 152.676281] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 152.677338] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 152.684574] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 152.691549] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 152.693931] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 152.708763] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 152.709609] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 152.713122] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 152.714373] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 152.714762] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 152.715213] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 152.715761] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 152.718547] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 152.719086] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 152.722476] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 152.723653] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 152.723804] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 152.728616] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 152.728962] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 152.729474] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 152.733907] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 152.736800] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 152.740491] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 152.741567] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 152.753450] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 152.754430] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 152.759484] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 152.760939] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 152.763786] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 152.765445] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 152.767479] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 154.416422] Bluetooth: hci0: command tx timeout [ 154.672392] Bluetooth: hci1: command tx timeout [ 154.801299] Bluetooth: hci7: command tx timeout [ 154.994527] Bluetooth: hci4: command tx timeout [ 154.994848] Bluetooth: hci3: command tx timeout [ 154.995006] Bluetooth: hci6: command tx timeout [ 154.995136] Bluetooth: hci5: command tx timeout [ 154.995303] Bluetooth: hci2: command tx timeout [ 156.465288] Bluetooth: hci0: command tx timeout [ 156.721890] Bluetooth: hci1: command tx timeout [ 156.848336] Bluetooth: hci7: command tx timeout [ 157.040356] Bluetooth: hci2: command tx timeout [ 157.040409] Bluetooth: hci5: command tx timeout [ 157.040478] Bluetooth: hci6: command tx timeout [ 157.040541] Bluetooth: hci3: command tx timeout [ 157.040600] Bluetooth: hci4: command tx timeout [ 158.512504] Bluetooth: hci0: command tx timeout [ 158.770423] Bluetooth: hci1: command tx timeout [ 158.897354] Bluetooth: hci7: command tx timeout [ 159.088437] Bluetooth: hci2: command tx timeout [ 159.089805] Bluetooth: hci4: command tx timeout [ 159.089845] Bluetooth: hci3: command tx timeout [ 159.089944] Bluetooth: hci6: command tx timeout [ 159.089953] Bluetooth: hci5: command tx timeout [ 160.561344] Bluetooth: hci0: command tx timeout [ 160.817750] Bluetooth: hci1: command tx timeout [ 160.944378] Bluetooth: hci7: command tx timeout [ 161.136459] Bluetooth: hci4: command tx timeout [ 161.137503] Bluetooth: hci2: command tx timeout [ 161.137670] Bluetooth: hci5: command tx timeout [ 161.137724] Bluetooth: hci6: command tx timeout [ 161.137773] Bluetooth: hci3: command tx timeout [ 212.907951] [ 212.908376] ====================================================== [ 212.909490] WARNING: possible circular locking dependency detected [ 212.910603] 6.13.0-next-20250121 #1 Not tainted [ 212.912109] ------------------------------------------------------ [ 212.914149] kworker/u8:1/65 is trying to acquire lock: [ 212.915780] ffffffff8621ece8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 212.922495] [ 212.922495] but task is already holding lock: [ 212.923588] ffff888036308768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 212.926186] [ 212.926186] which lock already depends on the new lock. [ 212.926186] [ 212.927662] [ 212.927662] the existing dependency chain (in reverse order) is: [ 212.929034] [ 212.929034] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 212.930345] __mutex_lock+0x13d/0xb50 [ 212.931275] wiphy_register+0x1b2e/0x25d0 [ 212.932332] ieee80211_register_hw+0x23a4/0x3d60 [ 212.933452] mac80211_hwsim_new_radio+0x2759/0x4d60 [ 212.934622] init_mac80211_hwsim+0x389/0x870 [ 212.935706] do_one_initcall+0xf9/0x640 [ 212.936724] kernel_init_freeable+0x53d/0x7a0 [ 212.939048] kernel_init+0x1e/0x2d0 [ 212.939947] ret_from_fork+0x48/0x80 [ 212.940849] ret_from_fork_asm+0x1a/0x30 [ 212.941863] [ 212.941863] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 212.943154] __lock_acquire+0x29fd/0x4580 [ 212.944347] lock_acquire+0x19b/0x520 [ 212.945315] __mutex_lock+0x13d/0xb50 [ 212.946289] unregister_netdevice_many_notify+0x1612/0x1c80 [ 212.947472] unregister_netdevice_queue+0x224/0x2e0 [ 212.948447] _cfg80211_unregister_wdev+0x57b/0x700 [ 212.949421] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 212.950533] ieee80211_unregister_hw+0x55/0x3a0 [ 212.951601] hwsim_exit_net+0x3a0/0x730 [ 212.952553] ops_exit_list+0xb3/0x180 [ 212.953464] cleanup_net+0x546/0xad0 [ 212.954359] process_one_work+0x8ee/0x1a10 [ 212.955324] worker_thread+0x674/0xe70 [ 212.956247] kthread+0x3ab/0x720 [ 212.957056] ret_from_fork+0x48/0x80 [ 212.957876] ret_from_fork_asm+0x1a/0x30 [ 212.958813] [ 212.958813] other info that might help us debug this: [ 212.958813] [ 212.960263] Possible unsafe locking scenario: [ 212.960263] [ 212.961402] CPU0 CPU1 [ 212.962308] ---- ---- [ 212.963215] lock(&rdev->wiphy.mtx); [ 212.964033] lock(rtnl_mutex); [ 212.965203] lock(&rdev->wiphy.mtx); [ 212.966451] lock(rtnl_mutex); [ 212.967175] [ 212.967175] *** DEADLOCK *** [ 212.967175] [ 212.968387] 4 locks held by kworker/u8:1/65: [ 212.969260] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 212.971308] #1: ffff88800f3e7d30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 212.973337] #2: ffffffff86212d10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 212.975331] #3: ffff888036308768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 212.977588] [ 212.977588] stack backtrace: [ 212.978526] CPU: 1 UID: 0 PID: 65 Comm: kworker/u8:1 Not tainted 6.13.0-next-20250121 #1 [ 212.980180] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 212.981826] Workqueue: netns cleanup_net [ 212.982714] Call Trace: [ 212.983257] [ 212.983747] dump_stack_lvl+0xca/0x120 [ 212.984663] print_circular_bug+0x47b/0x750 [ 212.985629] check_noncircular+0x2e9/0x3c0 [ 212.986556] ? __pfx_check_noncircular+0x10/0x10 [ 212.987586] ? hlock_class+0x4e/0x130 [ 212.988445] ? mark_lock+0xac/0xed0 [ 212.989229] ? srso_return_thunk+0x5/0x5f [ 212.990010] ? dl_scaled_delta_exec+0xd4/0x2c0 [ 212.990836] ? lockdep_lock+0xba/0x1b0 [ 212.991564] ? __pfx_lockdep_lock+0x10/0x10 [ 212.992382] __lock_acquire+0x29fd/0x4580 [ 212.993149] ? __pfx___lock_acquire+0x10/0x10 [ 212.993959] ? lock_release+0x20f/0x6f0 [ 212.994700] ? __pfx_lock_release+0x10/0x10 [ 212.995493] lock_acquire+0x19b/0x520 [ 212.996240] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 212.997285] ? __pfx_lock_acquire+0x10/0x10 [ 212.998096] ? srso_return_thunk+0x5/0x5f [ 212.998878] ? lock_release+0x20f/0x6f0 [ 212.999615] ? srso_return_thunk+0x5/0x5f [ 213.000414] ? lock_is_held_type+0x9e/0x120 [ 213.001227] ? srso_return_thunk+0x5/0x5f [ 213.002066] __mutex_lock+0x13d/0xb50 [ 213.002880] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 213.003998] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 213.005014] ? srso_return_thunk+0x5/0x5f [ 213.005885] ? synchronize_rcu_expedited+0x38a/0x420 [ 213.006809] ? __pfx___mutex_lock+0x10/0x10 [ 213.007612] ? __pfx_autoremove_wake_function+0x10/0x10 [ 213.008605] ? srso_return_thunk+0x5/0x5f [ 213.009385] ? kasan_quarantine_put+0x84/0x1e0 [ 213.010237] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 213.011046] ? srso_return_thunk+0x5/0x5f [ 213.011841] unregister_netdevice_many_notify+0x1612/0x1c80 [ 213.012833] ? __virt_addr_valid+0x2e8/0x5d0 [ 213.013645] ? __pfx_lock_release+0x10/0x10 [ 213.014413] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 213.015434] ? find_held_lock+0x2c/0x110 [ 213.016193] ? srso_return_thunk+0x5/0x5f [ 213.016957] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 213.017859] ? srso_return_thunk+0x5/0x5f [ 213.018641] ? lock_release+0x20f/0x6f0 [ 213.019385] ? __pfx_lock_release+0x10/0x10 [ 213.020354] ? srso_return_thunk+0x5/0x5f [ 213.021428] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 213.022481] ? srso_return_thunk+0x5/0x5f [ 213.023322] unregister_netdevice_queue+0x224/0x2e0 [ 213.024320] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 213.025373] ? up_write+0x195/0x520 [ 213.026144] _cfg80211_unregister_wdev+0x57b/0x700 [ 213.027132] ? srso_return_thunk+0x5/0x5f [ 213.028025] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 213.029015] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 213.030132] ? srso_return_thunk+0x5/0x5f [ 213.031047] ? srso_return_thunk+0x5/0x5f [ 213.031977] ? synchronize_rcu+0x1ff/0x260 [ 213.032886] ieee80211_unregister_hw+0x55/0x3a0 [ 213.033876] hwsim_exit_net+0x3a0/0x730 [ 213.034738] ? __pfx_hwsim_exit_net+0x10/0x10 [ 213.035693] ? srso_return_thunk+0x5/0x5f [ 213.036636] ? netdev_run_todo+0x788/0x1040 [ 213.037672] ? __pfx_hwsim_exit_net+0x10/0x10 [ 213.038805] ops_exit_list+0xb3/0x180 [ 213.039787] cleanup_net+0x546/0xad0 [ 213.040738] ? __pfx_cleanup_net+0x10/0x10 [ 213.041754] process_one_work+0x8ee/0x1a10 [ 213.042812] ? __pfx_lock_acquire+0x10/0x10 [ 213.043878] ? __pfx_process_one_work+0x10/0x10 [ 213.045027] ? srso_return_thunk+0x5/0x5f [ 213.046068] ? move_linked_works+0x172/0x270 [ 213.047216] ? srso_return_thunk+0x5/0x5f [ 213.048309] ? assign_work+0x196/0x240 [ 213.049331] worker_thread+0x674/0xe70 [ 213.050309] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 213.051514] ? srso_return_thunk+0x5/0x5f [ 213.052555] ? __pfx_worker_thread+0x10/0x10 [ 213.053634] kthread+0x3ab/0x720 [ 213.054545] ? __pfx_kthread+0x10/0x10 [ 213.055604] ? srso_return_thunk+0x5/0x5f [ 213.056751] ? finish_task_switch.isra.0+0x206/0x840 [ 213.058106] ? __pfx_kthread+0x10/0x10 [ 213.059200] ret_from_fork+0x48/0x80 [ 213.060059] ? __pfx_kthread+0x10/0x10 [ 213.061013] ret_from_fork_asm+0x1a/0x30 [ 213.062111] [ 214.459493] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 214.461498] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 214.462125] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 214.464132] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 214.466523] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 214.467250] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 214.582382] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 214.583836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 214.586958] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 214.591450] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 214.594748] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 214.596183] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 214.646623] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 214.657463] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 214.669462] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 214.671951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 214.679481] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 214.681496] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 214.711571] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 214.715478] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 214.728445] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 214.756753] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 214.803472] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 214.805521] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 214.820417] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 214.821069] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 214.821870] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 214.824108] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 214.825454] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 214.826470] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 214.871770] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 214.875332] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 214.891772] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 214.898753] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 214.901399] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 214.906744] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 214.914583] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 214.916603] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 214.917720] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 214.918933] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 214.921184] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 214.922858] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 214.923923] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 214.930792] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 214.959473] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 214.969972] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 214.976369] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 214.985679] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 216.497579] Bluetooth: hci0: command tx timeout [ 216.624248] Bluetooth: hci1: command tx timeout [ 216.752301] Bluetooth: hci2: command tx timeout [ 216.882590] Bluetooth: hci4: command tx timeout [ 216.882675] Bluetooth: hci3: command tx timeout [ 217.008315] Bluetooth: hci6: command tx timeout [ 217.073271] Bluetooth: hci5: command tx timeout [ 217.073346] Bluetooth: hci7: command tx timeout [ 218.545343] Bluetooth: hci0: command tx timeout [ 218.673246] Bluetooth: hci1: command tx timeout [ 218.800268] Bluetooth: hci2: command tx timeout [ 218.928367] Bluetooth: hci3: command tx timeout [ 218.928508] Bluetooth: hci4: command tx timeout [ 219.056405] Bluetooth: hci6: command tx timeout [ 219.120276] Bluetooth: hci7: command tx timeout [ 219.120345] Bluetooth: hci5: command tx timeout [ 220.593310] Bluetooth: hci0: command tx timeout [ 220.721266] Bluetooth: hci1: command tx timeout [ 220.848378] Bluetooth: hci2: command tx timeout [ 220.977389] Bluetooth: hci4: command tx timeout [ 220.977567] Bluetooth: hci3: command tx timeout [ 221.105372] Bluetooth: hci6: command tx timeout [ 221.168297] Bluetooth: hci7: command tx timeout [ 221.168375] Bluetooth: hci5: command tx timeout [ 222.641260] Bluetooth: hci0: command tx timeout [ 222.769377] Bluetooth: hci1: command tx timeout [ 222.896382] Bluetooth: hci2: command tx timeout VM DIAGNOSIS: 17:00:07 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=ffff88800f3ab780 RCX=ffffffff81429a0f RDX=1ffff11001e757bd RSI=ffffffff81429a18 RDI=ffff88800f3abde8 RBP=0000000000200000 RSP=ffff88800c16fdb8 R8 =0000000000000000 R9 =ffffed10017a7580 R10=0000000000200000 R11=ffff88800f3abc38 R12=ffffffff87c40ff9 R13=ffff888008c504a0 R14=ffff88800f3ab780 R15=0000000000000086 RIP=ffffffff81429a34 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f50db17ca58 CR3=000000000bad8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=cd4a88ca232fe0af4842a72ebcc3aa98 XMM02=a3797342f9eb3dd900000000000ff0f8 XMM03=68a8aee3740b9fad00000000000ff268 XMM04=b1407f573150f51900000000000ae988 XMM05=e9b59bbb24ffc187000000000013f870 XMM06=6098c19552daab490000000000115a20 XMM07=ea899072da79512f00000000000ff3c0 XMM08=d12871896912de2d00000000000ff148 XMM09=00000000000000000000000000000000 XMM10=00200000000000000020000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffffffff8558c036 RCX=ffffffff8166aa71 RDX=ffff88800f3a9bc0 RSI=ffffffff8166aa7f RDI=0000000000000001 RBP=0000000000000000 RSP=ffff88800f3e6690 R8 =ffff88800f3e6760 R9 =ffff88800f3e6880 R10=0000000000000000 R11=fffffffffffcba28 R12=0000000000000001 R13=ffff88800f3e6880 R14=0000000000000200 R15=dffffc0000000000 RIP=ffffffff8171a2f8 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000564eddb8a750 CR3=0000000014dc0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000c00024c750000000c00000c600 XMM02=000000c00024c780000000c00024cb70 XMM03=000000c00024d140000000c00024d110 XMM04=000000c00031c468000000c00031c458 XMM05=000000c00031c488000000c00031c478 XMM06=000000c00031c4c8000000c00031c4c0 XMM07=000000c00031c4e8000000c00044e060 XMM08=000000c00031c3f8000000c00031c3c8 XMM09=000000c00031c438000000c00031c418 XMM10=000000c00031c450000000c00031c448 XMM11=000000c00031c468000000c00031c458 XMM12=000000c00031c488000000c00031c478 XMM13=000000c00031c4c8000000c00031c4c0 XMM14=000000c00031c4e8000000c00044e060 XMM15=000000c00031c4f8000000c00031c4f0