Warning: Permanently added '[localhost]:63574' (ECDSA) to the list of known hosts. 2025/01/23 07:35:41 fuzzer started 2025/01/23 07:35:41 dialing manager at localhost:38529 syzkaller login: [ 68.889728] cgroup: Unknown subsys name 'net' [ 68.986265] cgroup: Unknown subsys name 'cpuset' [ 69.017253] cgroup: Unknown subsys name 'rlimit' [ 74.674636] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/23 07:35:59 syscalls: 202 2025/01/23 07:35:59 code coverage: enabled 2025/01/23 07:35:59 comparison tracing: enabled 2025/01/23 07:35:59 extra coverage: enabled 2025/01/23 07:35:59 setuid sandbox: enabled 2025/01/23 07:35:59 namespace sandbox: enabled 2025/01/23 07:35:59 Android sandbox: enabled 2025/01/23 07:35:59 fault injection: enabled 2025/01/23 07:35:59 leak checking: enabled 2025/01/23 07:35:59 net packet injection: enabled 2025/01/23 07:35:59 net device setup: enabled 2025/01/23 07:35:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/23 07:35:59 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/23 07:35:59 USB emulation: enabled 2025/01/23 07:35:59 hci packet injection: enabled 2025/01/23 07:35:59 wifi device emulation: enabled 2025/01/23 07:35:59 802.15.4 emulation: enabled 2025/01/23 07:35:59 fetching corpus: 0, signal 0/0 (executing program) 2025/01/23 07:36:02 starting 8 fuzzer processes 07:36:02 executing program 0: r0 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x20001, 0x0) r2 = ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x6c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r0}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r1}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r2}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000080}, 0x20000000) ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) r5 = ioctl$NS_GET_PARENT(r1, 0xb702, 0x0) r6 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000001c0)='ns/pid\x00') sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, 0x0, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r4}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r5}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r6}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r0}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4000) sendmsg$IEEE802154_LIST_PHY(r3, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbfc, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x40) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000400), r3) sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r7, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x34, r8, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x9}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x2}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x90) ioctl$NS_GET_USERNS(r6, 0xb701, 0x0) r9 = ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) ioctl$NS_GET_OWNER_UID(r9, 0xb704, &(0x7f0000000500)) sendmsg$NL802154_CMD_GET_INTERFACE(r7, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x6c, r8, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x6c}, 0x1, 0x0, 0x0, 0x46040}, 0x6f4da9b0f0cfa479) syz_open_procfs$namespace(0x0, &(0x7f0000000680)='ns/pid\x00') sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x4c, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0x44080) 07:36:02 executing program 1: setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000000)={0x9, 0x8000, 0x9, 0x1, 0x8000}, 0x14) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x40208d0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x100, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, 0x0, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x80}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8004}, 0x18001) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r1, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x8000) r2 = memfd_secret(0x0) ioctl$MON_IOCX_GETX(r2, 0x4018920a, &(0x7f0000000480)={&(0x7f00000003c0), &(0x7f0000000400)=""/121, 0x79}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000500), r2) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000540)={{{@in=@broadcast, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private2}, 0x0, @in6=@private2}}, &(0x7f0000000640)=0xe8) sendmsg$BATADV_CMD_TP_METER(r2, &(0x7f0000000740)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x64, r3, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8e0}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1ff}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x48ad}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x100}]}, 0x64}, 0x1, 0x0, 0x0, 0x8004}, 0x24004000) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000780), r5) sendmsg$BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x5c, r3, 0x20, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xfe}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7ff}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x2b}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7ff}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) r6 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000940), r5) sendmsg$NET_DM_CMD_START(r5, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x14, r6, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x8800) ptrace$peekuser(0x3, 0x0, 0x10001) sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x60, r3, 0x800, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xe92}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x31}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x3}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x4001) write$char_usb(r0, &(0x7f0000000b80)="e567a5f3de6b4f1749ecf0995c04e83c4e3dbdb32236478aa2cc6ef224284ffaa145dd6f592274e1c101a75c12c55194e8c544d36d1c8121292824bc9804e361a8420f68d218113027d3ff1cf8ba372566f89650407475cca2227268bedb42e554dc3b4d9e140642ae530d76ce4ad3ff63271003e0717e1e4a7e0b2a78a5b4a49952f4402aebc064aa1481fdb7083e0296d4ef67719362b98ac54aef5e76dc4ae05584b78f9e1567127e11342e2782920d11fdf0f9733d7a2c1836b998d6f56a", 0xc0) ioctl$CDROMREADCOOKED(r2, 0x5315, &(0x7f0000000c40)) 07:36:02 executing program 2: ioctl$CDROM_GET_MCN(0xffffffffffffffff, 0x5311, &(0x7f0000000000)) ioctl$CDROM_GET_MCN(0xffffffffffffffff, 0x5311, &(0x7f0000000040)) ioctl$CDROMVOLREAD(0xffffffffffffffff, 0x5313, &(0x7f0000000080)) ioctl$CDROMRESET(0xffffffffffffffff, 0x5312) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0) ioctl$CDROM_GET_MCN(r0, 0x5311, &(0x7f0000000100)) ioctl$DVD_WRITE_STRUCT(r0, 0x5390, &(0x7f0000000140)=@physical={0x0, 0x1, [{0x0, 0x4, 0x7, 0x2, 0x5, 0x0, 0x1, 0x5, 0x5, 0x1, 0x3ff, 0x467, 0x3ff}, {0xf, 0xe, 0x9, 0x9, 0x1, 0x0, 0x2, 0x7, 0xb, 0x1, 0x1ff, 0x6, 0x7f}, {0x6, 0x7, 0x0, 0x7, 0x0, 0x0, 0x1, 0x4, 0x2, 0x1, 0xfff, 0x4, 0x80000000}, {0x9, 0x5, 0x1, 0x7, 0x3, 0x0, 0x3, 0x8, 0xb, 0x0, 0x5, 0xffffffff, 0x1}]}) ioctl$CDROMSTART(r0, 0x5308) ioctl$CDROM_CLEAR_OPTIONS(0xffffffffffffffff, 0x5321, 0x10) openat$hpet(0xffffffffffffff9c, &(0x7f0000000980), 0x20000, 0x0) r1 = ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000009c0), 0x2, 0x0) ioctl$NS_GET_PARENT(r2, 0xb702, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000a00)={{0x81, 0x9}, 0x0, 0x40, 0x7, {0x8, 0x9}, 0x3f, 0xfff}) ioctl$CDROMSTART(r2, 0x5308) syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000a80)) ioctl$CDROMREADAUDIO(0xffffffffffffffff, 0x530e, &(0x7f0000000b00)={@msf={0x6, 0x0, 0x1}, 0x1, 0x23, &(0x7f0000000ac0)=""/35}) ioctl$CDROMPLAYMSF(r0, 0x5303, &(0x7f0000000b40)={0x6, 0xe0, 0x6, 0x7, 0x40, 0x40}) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000b80)={0x0, 0x9000000, 0xd7, 0x0, 0xfff}, 0x14) 07:36:02 executing program 3: ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000000)={'ip6tnl0\x00'}) syz_extract_tcp_res(&(0x7f0000000040), 0xfffffffd, 0x8) r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x30800, 0x0) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f00000000c0)=""/251) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x1) ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2) ioctl$CDROMREADTOCHDR(r0, 0x5305, &(0x7f00000001c0)={0x1, 0x90}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4102010}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r2, 0x400, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY={0x8}]}, 0x1c}}, 0x8001) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LIST_PHY(r3, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000890}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000440)={'vlan0\x00'}) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x1) r4 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000480), 0x30941, 0x0) ioctl$TUNGETFILTER(r4, 0x801054db, &(0x7f00000004c0)=""/246) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000600)={0x0, 0x3, [@multicast, @multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}]}) [ 89.018166] audit: type=1400 audit(1737617762.182:7): avc: denied { execmem } for pid=279 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 07:36:02 executing program 4: eventfd2(0x4, 0x80000) r0 = socket(0x2b, 0x2, 0xffffe46a) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x20, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000100)={0xfffff000, 0x3f, 0x4, 0x9, 0x1}, 0x14) r1 = memfd_secret(0x80000) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x122080}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x2}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x5}, 0x1) getsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000240), &(0x7f0000000280)=0x8) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x88000, 0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r1) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000440)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x60, r3, 0x14, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x9}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x81}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x9}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x40000) eventfd(0x7ff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00'}) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000500), r1) sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x3c, r4, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x4}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7fff}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x252a}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xdaa1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f00000006c0)={&(0x7f0000000600), 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x3c, r4, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x4400000}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000740), 0x104840, 0x0) sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000000880)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000840)={&(0x7f0000000780)={0x84, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7ae}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x80000000}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0x8, 0x1, r0}, {0x8, 0x1, r2}, {0x8, 0x1, r6}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x100}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xffffffff}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x14d}]}, 0x84}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000008c0), 0x22002) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r7, 0xc0305302, &(0x7f0000000900)={0x3, 0x9, 0x7, 0x2, 0x6, 0x7}) 07:36:02 executing program 5: getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000000), &(0x7f0000000040)=0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080), 0x10) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, 0x0, 0x24000) r1 = socket(0x11, 0x1, 0x200) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1) sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x9f020427e9214920}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x54, r3, 0x10, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x3800}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x2}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x4}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x54}}, 0x20004810) socket(0x9, 0xa, 0x3) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x280480, 0x0) bind$bt_l2cap(r4, &(0x7f0000000280)={0x1f, 0x3ff, @none, 0x7fff, 0x2}, 0xe) getsockopt$inet_tcp_int(r1, 0x6, 0x1e, &(0x7f00000002c0), &(0x7f0000000300)=0x4) r5 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000340), 0x20101, 0x0) ioctl$CDROMSTOP(r5, 0x5307) ioctl$CDROMSTOP(r5, 0x5307) r6 = socket(0xb, 0xa, 0x85) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r6, 0x6, 0x15, &(0x7f0000000380)=0x1, 0x4) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, &(0x7f00000003c0)) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000440), 0x800, 0x0) setsockopt$inet_tcp_TLS_RX(r5, 0x6, 0x2, &(0x7f0000000480)=@ccm_128={{0x303}, "c92f2967151b9d54", "d9dcc8bb3eca78b8694906e519ec1b14", "c60e8b91", "0bcd7d89ff3c4194"}, 0x28) 07:36:02 executing program 6: r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/98, 0x62, 0x0, &(0x7f00000000c0)=""/100, 0x64}, &(0x7f0000000180)=0x40) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x141400, 0x0) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200), 0x10) write$char_usb(r0, &(0x7f0000000240)="ba7dd3207b473015726ca97fc489c3b979144af7eab4d5e221208394949423c225080f3b93e206e508b243636767e1efa95160e2351d908303e33fcbc62801f32673b2e43d0a8cfd8fce636eaac3bd9e753cbb5004eedf582d07f383c6", 0x5d) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x80000, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000300), 0x4) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x44, 0x0, 0x0, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x100020}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000480), 0x200000, 0x0) r4 = memfd_secret(0x80000) ioctl$DVD_WRITE_STRUCT(r4, 0x5390, &(0x7f00000004c0)=@bca={0x3, 0xbc, "d2580e3737a0032c5dee4327499c7e027641fc79b45d492c27637d2e9d5f2ad0ede6f162ccd8b6ca16ba2cc45a9dad7af4ba0d49f0cffaac84ca51a6b943272d2786afdb1de4ec2a28f91d1016ae964ed0df7944b6c5fcc4eef41a8d7650b6c27386abbcd840b55400adc9726c87e20a53c6212be404dd1a954bfd134c384b9c0400f99fa711fe135449868e9832f152fafd47831bf9dad2cbf7fa28c30fb2e45d334ffcc336350d27927f5e9153c0731498e98a934783f5fd43fa9b"}) openat$hpet(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000d40), r3) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000dc0), r4) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000e80)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x80001449}, 0xc, &(0x7f0000000e40)={&(0x7f0000000e00)={0x2c, r6, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x40}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xfffffff9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) ptrace$cont(0x18, 0x0, 0x6, 0x46) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r4, 0xc0305302, &(0x7f0000000ec0)={0x1ccd696a, 0x3, 0xa2d, 0x3f, 0x81, 0x80000001}) sendmsg$BATADV_CMD_GET_GATEWAYS(r2, &(0x7f0000001000)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f40)={0x54, r6, 0x10, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8000}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x0) ioctl$CDROMPLAYMSF(0xffffffffffffffff, 0x5303, &(0x7f0000001040)={0x9, 0x3, 0x38, 0x6, 0x80, 0x7}) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r2, &(0x7f0000001140)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001100)={&(0x7f00000010c0)={0x1c, r5, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40010}, 0x4000) 07:36:02 executing program 7: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x9, @none, 0x7, 0x1}, 0xe) getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040), 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080), &(0x7f00000000c0)=0x14) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e22, 0x2, @mcast1, 0x7}}, 0x0, 0x0, 0x2e, 0x0, "aa86e96f082a58d6ff389b987774f5913df6d154e69e601046726fc75179e04783e0ddf2b140013bae1bc4370f18095504779da997f0dadf69eefab3f078fe38b193adbcb98e2b059a42a1b6556509b4"}, 0xd8) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x10000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000240)={0x7fff, 0x0, 0x10001}) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5336, &(0x7f00000002c0)={0x2, 0x1, 0x0, 'queue1\x00', 0x8}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r3, 0x20, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x3}]}, 0x1c}}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4) r4 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000540), 0x400001, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r4, 0x541b, &(0x7f0000000580)) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f00000005c0), 0x80642, 0x0) bind$bt_l2cap(r5, &(0x7f0000000600)={0x1f, 0x9, @none, 0x8000, 0x2}, 0xe) bind$bt_l2cap(r0, &(0x7f0000000640)={0x1f, 0x8, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9, 0x2}, 0xe) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000680), 0x40, 0x0) setsockopt$inet_tcp_TLS_RX(r6, 0x6, 0x2, &(0x7f00000006c0)=@ccm_128={{0x303}, "5a5a6da147e73fd1", "995ac5f4ac9f41fb475435608fc45ccf", "aaab0cc7", "285d0abe228007b3"}, 0x28) sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x64, r3, 0x4223c0f72d9f32e5, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xba}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x13b2}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfffffffe}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x401}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7}]}, 0x64}, 0x1, 0x0, 0x0, 0xe800}, 0x0) [ 90.693537] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.697238] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.700319] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.710493] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.715148] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 90.719111] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.752499] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.755341] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.756618] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.761084] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.764832] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 90.765829] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.815781] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.816452] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.817798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.818925] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.821089] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.824379] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.825241] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.829208] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 90.831125] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.835858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.854114] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 90.855961] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.910369] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 90.912497] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 90.919157] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 90.919862] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.920458] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 90.921138] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 90.927113] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 90.927430] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.929891] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.936047] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 90.938066] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 90.940188] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.942052] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 90.943729] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 90.945189] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 90.947187] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 90.954324] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 90.965855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.975581] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 90.992115] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 90.995104] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 91.033412] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 91.035415] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 91.036731] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 92.782286] Bluetooth: hci0: command tx timeout [ 92.845861] Bluetooth: hci2: command tx timeout [ 92.846053] Bluetooth: hci1: command tx timeout [ 92.909772] Bluetooth: hci3: command tx timeout [ 93.037877] Bluetooth: hci4: command tx timeout [ 93.038889] Bluetooth: hci6: command tx timeout [ 93.101787] Bluetooth: hci5: command tx timeout [ 93.164925] Bluetooth: hci7: command tx timeout [ 94.829305] Bluetooth: hci0: command tx timeout [ 94.893971] Bluetooth: hci2: command tx timeout [ 94.894239] Bluetooth: hci1: command tx timeout [ 94.958760] Bluetooth: hci3: command tx timeout [ 95.084984] Bluetooth: hci6: command tx timeout [ 95.085198] Bluetooth: hci4: command tx timeout [ 95.150663] Bluetooth: hci5: command tx timeout [ 95.213899] Bluetooth: hci7: command tx timeout [ 96.877790] Bluetooth: hci0: command tx timeout [ 96.940722] Bluetooth: hci2: command tx timeout [ 96.940805] Bluetooth: hci1: command tx timeout [ 97.004848] Bluetooth: hci3: command tx timeout [ 97.133900] Bluetooth: hci4: command tx timeout [ 97.133988] Bluetooth: hci6: command tx timeout [ 97.196885] Bluetooth: hci5: command tx timeout [ 97.261736] Bluetooth: hci7: command tx timeout [ 98.925395] Bluetooth: hci0: command tx timeout [ 98.990858] Bluetooth: hci1: command tx timeout [ 98.990940] Bluetooth: hci2: command tx timeout [ 99.052957] Bluetooth: hci3: command tx timeout [ 99.182048] Bluetooth: hci6: command tx timeout [ 99.182132] Bluetooth: hci4: command tx timeout [ 99.245859] Bluetooth: hci5: command tx timeout [ 99.309210] Bluetooth: hci7: command tx timeout [ 153.212896] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 153.220586] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 153.222481] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 153.224093] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 153.225409] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 153.226296] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 153.233079] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 153.239338] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 153.241743] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 153.246184] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 153.249063] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 153.251206] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 153.269605] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 153.283258] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 153.294138] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 153.303953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 153.305822] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 153.307124] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 153.353567] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 153.359049] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 153.363996] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 153.373273] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 153.377311] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 153.384252] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 153.411414] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 153.422327] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 153.426053] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 153.460289] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 153.468976] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 153.475097] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 153.481103] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 153.513205] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 153.514446] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 153.521983] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 153.525593] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 153.527960] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 153.539239] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 153.542772] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 153.548065] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 153.554070] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 153.573958] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 153.585484] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 153.605954] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 153.607233] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 153.643567] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 153.644981] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 153.674106] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 153.679235] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 155.309731] Bluetooth: hci1: command tx timeout [ 155.373690] Bluetooth: hci2: command tx timeout [ 155.374069] Bluetooth: hci0: command tx timeout [ 155.437726] Bluetooth: hci3: command tx timeout [ 155.500728] Bluetooth: hci4: command tx timeout [ 155.628792] Bluetooth: hci5: command tx timeout [ 155.694175] Bluetooth: hci6: command tx timeout [ 155.821949] Bluetooth: hci7: command tx timeout [ 157.357856] Bluetooth: hci1: command tx timeout [ 157.421718] Bluetooth: hci0: command tx timeout [ 157.421834] Bluetooth: hci2: command tx timeout [ 157.485772] Bluetooth: hci3: command tx timeout [ 157.549833] Bluetooth: hci4: command tx timeout [ 157.676771] Bluetooth: hci5: command tx timeout [ 157.740716] Bluetooth: hci6: command tx timeout [ 157.868849] Bluetooth: hci7: command tx timeout [ 159.404788] Bluetooth: hci1: command tx timeout [ 159.468868] Bluetooth: hci0: command tx timeout [ 159.468928] Bluetooth: hci2: command tx timeout [ 159.533017] Bluetooth: hci3: command tx timeout [ 159.596807] Bluetooth: hci4: command tx timeout [ 159.724829] Bluetooth: hci5: command tx timeout [ 159.788959] Bluetooth: hci6: command tx timeout [ 159.916807] Bluetooth: hci7: command tx timeout [ 161.452766] Bluetooth: hci1: command tx timeout [ 161.516810] Bluetooth: hci0: command tx timeout [ 161.518018] Bluetooth: hci2: command tx timeout [ 161.580978] Bluetooth: hci3: command tx timeout [ 161.644732] Bluetooth: hci4: command tx timeout [ 161.773715] Bluetooth: hci5: command tx timeout [ 161.836914] Bluetooth: hci6: command tx timeout [ 161.964784] Bluetooth: hci7: command tx timeout [ 215.168578] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 215.171706] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 215.180530] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 215.193494] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 215.212479] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 215.217833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 215.358135] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 215.360488] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 215.384083] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 215.400293] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 215.402205] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 215.404149] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 215.430845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 215.440448] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 215.442027] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 215.459195] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 215.465863] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 215.468020] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 215.545217] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 215.556106] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 215.564000] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 215.583504] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 215.598864] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 215.609980] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 215.610200] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 215.630099] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 215.643229] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 215.667041] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 215.682269] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 215.687543] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 215.750820] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 215.759337] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 215.775050] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 215.776823] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 215.795125] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 215.798199] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 215.803891] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 215.804252] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 215.805114] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 215.836476] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 215.854962] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 215.860910] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 215.888451] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 215.899793] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 215.940738] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 215.966068] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 215.994029] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 215.996394] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 217.260763] Bluetooth: hci0: command tx timeout [ 217.452734] Bluetooth: hci1: command tx timeout [ 217.516819] Bluetooth: hci2: command tx timeout [ 217.772707] Bluetooth: hci3: command tx timeout [ 217.836691] Bluetooth: hci4: command tx timeout [ 217.901684] Bluetooth: hci5: command tx timeout [ 217.902023] Bluetooth: hci6: command tx timeout [ 218.093097] Bluetooth: hci7: command tx timeout [ 219.308877] Bluetooth: hci0: command tx timeout [ 219.501644] Bluetooth: hci1: command tx timeout [ 219.564769] Bluetooth: hci2: command tx timeout [ 219.820705] Bluetooth: hci3: command tx timeout [ 219.884767] Bluetooth: hci4: command tx timeout [ 219.948715] Bluetooth: hci6: command tx timeout [ 219.948800] Bluetooth: hci5: command tx timeout [ 220.140802] Bluetooth: hci7: command tx timeout [ 221.356764] Bluetooth: hci0: command tx timeout [ 221.548725] Bluetooth: hci1: command tx timeout [ 221.612962] Bluetooth: hci2: command tx timeout [ 221.868959] Bluetooth: hci3: command tx timeout [ 221.932889] Bluetooth: hci4: command tx timeout [ 221.996823] Bluetooth: hci5: command tx timeout [ 221.996913] Bluetooth: hci6: command tx timeout [ 222.188728] Bluetooth: hci7: command tx timeout [ 223.404682] Bluetooth: hci0: command tx timeout [ 223.597702] Bluetooth: hci1: command tx timeout [ 223.660686] Bluetooth: hci2: command tx timeout [ 223.916683] Bluetooth: hci3: command tx timeout [ 223.981650] Bluetooth: hci4: command tx timeout [ 224.044769] Bluetooth: hci6: command tx timeout [ 224.044995] Bluetooth: hci5: command tx timeout [ 224.236858] Bluetooth: hci7: command tx timeout [ 275.549912] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 277.500362] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 277.504183] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 277.505238] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 277.512715] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 277.517093] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 277.520186] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 277.566344] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 277.574199] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 277.579143] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 277.587904] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 277.595065] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 277.597324] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 277.629065] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 277.634989] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 277.640440] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 277.649355] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 277.656238] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 277.662306] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 277.698047] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 277.706125] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 277.709309] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 277.719230] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 277.725940] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 277.729326] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 277.732308] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 277.747804] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 277.752569] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 277.770176] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 277.775724] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 277.781915] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 278.085395] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 278.093395] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 278.113035] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 278.118991] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 278.123459] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 278.125830] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 278.132132] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 278.140931] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 278.154759] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 278.159115] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 278.163724] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 278.163953] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 278.169028] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 278.169864] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 278.173396] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 278.179830] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 278.219888] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 278.232041] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 279.596737] Bluetooth: hci0: command tx timeout [ 279.660700] Bluetooth: hci1: command tx timeout [ 279.725681] Bluetooth: hci2: command tx timeout [ 279.789335] Bluetooth: hci3: command tx timeout [ 279.853673] Bluetooth: hci4: command tx timeout [ 280.236903] Bluetooth: hci7: command tx timeout [ 280.237932] Bluetooth: hci5: command tx timeout [ 280.300737] Bluetooth: hci6: command tx timeout [ 281.644976] Bluetooth: hci0: command tx timeout [ 281.708816] Bluetooth: hci1: command tx timeout [ 281.772732] Bluetooth: hci2: command tx timeout [ 281.836860] Bluetooth: hci3: command tx timeout [ 281.902006] Bluetooth: hci4: command tx timeout [ 282.284749] Bluetooth: hci7: command tx timeout [ 282.285363] Bluetooth: hci5: command tx timeout [ 282.348896] Bluetooth: hci6: command tx timeout [ 283.693243] Bluetooth: hci0: command tx timeout [ 283.757772] Bluetooth: hci1: command tx timeout [ 283.820720] Bluetooth: hci2: command tx timeout [ 283.884682] Bluetooth: hci3: command tx timeout [ 283.948985] Bluetooth: hci4: command tx timeout [ 284.332853] Bluetooth: hci5: command tx timeout [ 284.333285] Bluetooth: hci7: command tx timeout [ 284.396721] Bluetooth: hci6: command tx timeout [ 285.740694] Bluetooth: hci0: command tx timeout [ 285.804733] Bluetooth: hci1: command tx timeout [ 285.868705] Bluetooth: hci2: command tx timeout [ 285.933640] Bluetooth: hci3: command tx timeout [ 285.997050] Bluetooth: hci4: command tx timeout [ 286.380679] Bluetooth: hci7: command tx timeout [ 286.381269] Bluetooth: hci5: command tx timeout [ 286.444667] Bluetooth: hci6: command tx timeout [ 335.966903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.967026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.439690] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.439775] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 337.969068] [ 337.969378] ====================================================== [ 337.970106] WARNING: possible circular locking dependency detected [ 337.970850] 6.13.0-next-20250122 #1 Not tainted [ 337.971409] ------------------------------------------------------ [ 337.976922] kworker/u8:2/13747 is trying to acquire lock: [ 337.977570] ffffffff8621ece8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 337.978827] [ 337.978827] but task is already holding lock: [ 337.979527] ffff88802acb8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 337.980718] [ 337.980718] which lock already depends on the new lock. [ 337.980718] [ 337.981655] [ 337.981655] the existing dependency chain (in reverse order) is: [ 337.982529] [ 337.982529] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 337.983252] __mutex_lock+0x13d/0xb50 [ 337.983715] wiphy_register+0x1b2e/0x25d0 [ 337.984214] ieee80211_register_hw+0x23a4/0x3d60 [ 337.984752] mac80211_hwsim_new_radio+0x2759/0x4d60 [ 337.985318] init_mac80211_hwsim+0x389/0x870 [ 337.985845] do_one_initcall+0xf9/0x640 [ 337.986327] kernel_init_freeable+0x53d/0x7a0 [ 337.986909] kernel_init+0x1e/0x2d0 [ 337.987355] ret_from_fork+0x48/0x80 [ 337.987791] ret_from_fork_asm+0x1a/0x30 [ 337.988270] [ 337.988270] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 337.988878] __lock_acquire+0x29fd/0x4580 [ 337.989356] lock_acquire+0x19b/0x520 [ 337.989808] __mutex_lock+0x13d/0xb50 [ 337.990267] unregister_netdevice_many_notify+0x1612/0x1c80 [ 337.990899] unregister_netdevice_queue+0x224/0x2e0 [ 337.991457] _cfg80211_unregister_wdev+0x57b/0x700 [ 337.992016] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 337.992571] ieee80211_unregister_hw+0x55/0x3a0 [ 337.993105] hwsim_exit_net+0x3a0/0x730 [ 337.993570] ops_exit_list+0xb3/0x180 [ 337.994015] cleanup_net+0x546/0xad0 [ 337.994455] process_one_work+0x8ee/0x1a10 [ 337.994967] worker_thread+0x674/0xe70 [ 337.995436] kthread+0x3ab/0x720 [ 337.995851] ret_from_fork+0x48/0x80 [ 337.996276] ret_from_fork_asm+0x1a/0x30 [ 337.996754] [ 337.996754] other info that might help us debug this: [ 337.996754] [ 337.997498] Possible unsafe locking scenario: [ 337.997498] [ 337.998058] CPU0 CPU1 [ 337.998513] ---- ---- [ 337.998959] lock(&rdev->wiphy.mtx); [ 337.999357] lock(rtnl_mutex); [ 337.999924] lock(&rdev->wiphy.mtx); [ 338.000532] lock(rtnl_mutex); [ 338.000883] [ 338.000883] *** DEADLOCK *** [ 338.000883] [ 338.001445] 4 locks held by kworker/u8:2/13747: [ 338.001900] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 338.002913] #1: ffff8880265b7d30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 338.003883] #2: ffffffff86212d10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 338.004784] #3: ffff88802acb8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 338.005803] [ 338.005803] stack backtrace: [ 338.006235] CPU: 0 UID: 0 PID: 13747 Comm: kworker/u8:2 Not tainted 6.13.0-next-20250122 #1 [ 338.007025] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 338.007796] Workqueue: netns cleanup_net [ 338.008208] Call Trace: [ 338.008460] [ 338.008687] dump_stack_lvl+0xca/0x120 [ 338.009111] print_circular_bug+0x47b/0x750 [ 338.009557] check_noncircular+0x2e9/0x3c0 [ 338.009985] ? lock_repin_lock+0x207/0x320 [ 338.010445] ? __pfx_check_noncircular+0x10/0x10 [ 338.011095] ? hlock_class+0x4e/0x130 [ 338.011613] ? mark_lock+0xac/0xed0 [ 338.012120] ? __pfx_lock_repin_lock+0x10/0x10 [ 338.012780] ? lockdep_lock+0xba/0x1b0 [ 338.013350] ? __pfx_lockdep_lock+0x10/0x10 [ 338.013967] __lock_acquire+0x29fd/0x4580 [ 338.014555] ? __pfx___lock_acquire+0x10/0x10 [ 338.015181] ? lock_release+0x20f/0x6f0 [ 338.015745] ? __pfx_lock_release+0x10/0x10 [ 338.016346] lock_acquire+0x19b/0x520 [ 338.016881] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 338.017666] ? __pfx_lock_acquire+0x10/0x10 [ 338.018258] ? srso_return_thunk+0x5/0x5f [ 338.018855] ? lock_release+0x20f/0x6f0 [ 338.019406] ? srso_return_thunk+0x5/0x5f [ 338.019996] ? lock_is_held_type+0x9e/0x120 [ 338.020608] ? srso_return_thunk+0x5/0x5f [ 338.021208] __mutex_lock+0x13d/0xb50 [ 338.021756] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 338.022546] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 338.023337] ? srso_return_thunk+0x5/0x5f [ 338.023811] ? synchronize_rcu_expedited+0x38a/0x420 [ 338.024319] ? __pfx___mutex_lock+0x10/0x10 [ 338.024768] ? __pfx_autoremove_wake_function+0x10/0x10 [ 338.025308] ? srso_return_thunk+0x5/0x5f [ 338.025742] ? kasan_quarantine_put+0x84/0x1e0 [ 338.026230] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 338.026694] ? srso_return_thunk+0x5/0x5f [ 338.027139] unregister_netdevice_many_notify+0x1612/0x1c80 [ 338.027701] ? __virt_addr_valid+0x2e8/0x5d0 [ 338.028161] ? __pfx_lock_release+0x10/0x10 [ 338.028601] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 338.029192] ? find_held_lock+0x2c/0x110 [ 338.029619] ? srso_return_thunk+0x5/0x5f [ 338.030052] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 338.030556] ? srso_return_thunk+0x5/0x5f [ 338.030995] ? lock_release+0x20f/0x6f0 [ 338.031398] ? __pfx_lock_release+0x10/0x10 [ 338.031831] ? srso_return_thunk+0x5/0x5f [ 338.032260] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 338.032781] ? srso_return_thunk+0x5/0x5f [ 338.033214] unregister_netdevice_queue+0x224/0x2e0 [ 338.033707] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 338.034243] ? up_write+0x195/0x520 [ 338.034632] _cfg80211_unregister_wdev+0x57b/0x700 [ 338.035136] ? srso_return_thunk+0x5/0x5f [ 338.035573] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 338.036069] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 338.036613] ? srso_return_thunk+0x5/0x5f [ 338.037049] ? srso_return_thunk+0x5/0x5f [ 338.037485] ? synchronize_rcu+0x1ff/0x260 [ 338.037916] ieee80211_unregister_hw+0x55/0x3a0 [ 338.038390] hwsim_exit_net+0x3a0/0x730 [ 338.038810] ? __pfx_hwsim_exit_net+0x10/0x10 [ 338.039265] ? srso_return_thunk+0x5/0x5f [ 338.039697] ? netdev_run_todo+0x788/0x1040 [ 338.040134] ? srso_return_thunk+0x5/0x5f [ 338.040569] ? __pfx_hwsim_exit_net+0x10/0x10 [ 338.041017] ops_exit_list+0xb3/0x180 [ 338.041407] cleanup_net+0x546/0xad0 [ 338.041788] ? __pfx_cleanup_net+0x10/0x10 [ 338.042229] process_one_work+0x8ee/0x1a10 [ 338.042685] ? __pfx_lock_acquire+0x10/0x10 [ 338.043125] ? __pfx_process_one_work+0x10/0x10 [ 338.043608] ? srso_return_thunk+0x5/0x5f [ 338.044038] ? move_linked_works+0x172/0x270 [ 338.044482] ? srso_return_thunk+0x5/0x5f [ 338.044912] ? assign_work+0x196/0x240 [ 338.045322] worker_thread+0x674/0xe70 [ 338.045735] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 338.046261] ? srso_return_thunk+0x5/0x5f [ 338.046704] ? __pfx_worker_thread+0x10/0x10 [ 338.047166] kthread+0x3ab/0x720 [ 338.047529] ? __pfx_kthread+0x10/0x10 [ 338.047934] ? srso_return_thunk+0x5/0x5f [ 338.048372] ? finish_task_switch.isra.0+0x206/0x840 [ 338.048893] ? __pfx_kthread+0x10/0x10 [ 338.049304] ret_from_fork+0x48/0x80 [ 338.049677] ? __pfx_kthread+0x10/0x10 [ 338.050087] ret_from_fork_asm+0x1a/0x30 [ 338.050525] [ 339.700471] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 339.703004] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 339.705085] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 339.709355] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 339.713502] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 339.716899] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 339.829776] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 339.831170] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 339.832838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 339.835209] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 339.836481] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 339.839411] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 339.840781] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 339.842009] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 339.843363] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 339.848199] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 339.849996] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 339.851420] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 339.896066] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 339.902019] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 339.903101] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 339.916854] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 339.925856] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 339.932468] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 339.940980] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 339.943821] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 339.943904] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 339.945906] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 339.949631] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 339.952845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 339.987946] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 339.993891] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 339.998171] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 339.999045] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 340.002735] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 340.005383] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 340.008162] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 340.010937] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 340.011955] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 340.025254] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 340.029189] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 340.034185] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 340.035379] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 340.135738] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 340.152408] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 340.184093] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 340.217912] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 340.219003] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 341.741633] Bluetooth: hci0: command tx timeout [ 341.869793] Bluetooth: hci2: command tx timeout [ 341.870379] Bluetooth: hci1: command tx timeout [ 341.997966] Bluetooth: hci4: command tx timeout [ 342.060772] Bluetooth: hci5: command tx timeout [ 342.061680] Bluetooth: hci3: command tx timeout [ 342.124817] Bluetooth: hci6: command tx timeout [ 342.317979] Bluetooth: hci7: command tx timeout [ 343.790622] Bluetooth: hci0: command tx timeout [ 343.916726] Bluetooth: hci1: command tx timeout [ 343.917364] Bluetooth: hci2: command tx timeout [ 344.045000] Bluetooth: hci4: command tx timeout [ 344.108946] Bluetooth: hci3: command tx timeout [ 344.109805] Bluetooth: hci5: command tx timeout [ 344.172662] Bluetooth: hci6: command tx timeout [ 344.364620] Bluetooth: hci7: command tx timeout [ 345.836677] Bluetooth: hci0: command tx timeout [ 345.965496] Bluetooth: hci2: command tx timeout [ 345.966340] Bluetooth: hci1: command tx timeout [ 346.092644] Bluetooth: hci4: command tx timeout [ 346.156703] Bluetooth: hci5: command tx timeout [ 346.157293] Bluetooth: hci3: command tx timeout [ 346.221610] Bluetooth: hci6: command tx timeout [ 346.412645] Bluetooth: hci7: command tx timeout [ 347.884697] Bluetooth: hci0: command tx timeout VM DIAGNOSIS: 07:40:11 Registers: info registers vcpu 0 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283e865 RDI=ffffffff886990a0 RBP=ffffffff88699060 RSP=ffff8880265b6bb8 R8 =0000000000000001 R9 =ffffed1004cb6d67 R10=000000000000002d R11=2d2d2d2d2d2d2d2d R12=000000000000002d R13=0000000000000001 R14=ffff888008fea021 R15=ffff8880265b6eb8 RIP=ffffffff8283e8bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007feae2cb7560 CR3=000000000bc34000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffff0000ff000000 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=00000001ffffffff00005593b43fbd00 XMM05=00005593b43fbd2000005593b43b5ed0 XMM06=00000000000000000000000300000004 XMM07=00000000000000000000000000000000 XMM08=00000000000000310000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000002000000000000000200000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffff88806cf00000 RBX=0000000000000001 RCX=ffffffff84a8e9d7 RDX=ffffed100d9e6c4b RSI=0000000000000004 RDI=ffffffff814b1bba RBP=dffffc0000000000 RSP=ffff8880096a7e68 R8 =0000000000000000 R9 =ffffed100d9e6c4a R10=ffff88806cf36253 R11=1ffff1100d9e7850 R12=ffffffff864057d0 R13=1ffff110012d4fd2 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff84a8f97e RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe4300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055c3acaf6a30 CR3=000000000bc34000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=6576652d7372656b726f772d6c6c696b XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=00000001ffffffff00005593b43fbd00 XMM05=00005593b43fbd2000005593b43b5ed0 XMM06=00000000000000000000000300000004 XMM07=00000000000000000000000000000000 XMM08=00000000000000310000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000002000000000000000200000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000