Warning: Permanently added '[localhost]:44295' (ECDSA) to the list of known hosts. 2025/01/18 07:40:36 fuzzer started 2025/01/18 07:40:36 dialing manager at localhost:44245 syzkaller login: [ 63.082859] cgroup: Unknown subsys name 'net' [ 63.146609] cgroup: Unknown subsys name 'cpuset' [ 63.158006] cgroup: Unknown subsys name 'rlimit' [ 69.244618] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 78.587792] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/18 07:40:52 syscalls: 2217 2025/01/18 07:40:52 code coverage: enabled 2025/01/18 07:40:52 comparison tracing: enabled 2025/01/18 07:40:52 extra coverage: enabled 2025/01/18 07:40:52 setuid sandbox: enabled 2025/01/18 07:40:52 namespace sandbox: enabled 2025/01/18 07:40:52 Android sandbox: enabled 2025/01/18 07:40:52 fault injection: enabled 2025/01/18 07:40:52 leak checking: enabled 2025/01/18 07:40:52 net packet injection: enabled 2025/01/18 07:40:52 net device setup: enabled 2025/01/18 07:40:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/18 07:40:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/18 07:40:52 USB emulation: enabled 2025/01/18 07:40:52 hci packet injection: enabled 2025/01/18 07:40:52 wifi device emulation: enabled 2025/01/18 07:40:52 802.15.4 emulation: enabled 2025/01/18 07:40:52 fetching corpus: 0, signal 0/2000 (executing program) 2025/01/18 07:40:53 fetching corpus: 50, signal 26350/29031 (executing program) 2025/01/18 07:40:53 fetching corpus: 100, signal 35813/39114 (executing program) 2025/01/18 07:40:53 fetching corpus: 150, signal 43191/46921 (executing program) 2025/01/18 07:40:53 fetching corpus: 200, signal 48752/52697 (executing program) 2025/01/18 07:40:53 fetching corpus: 250, signal 55538/59283 (executing program) 2025/01/18 07:40:54 fetching corpus: 300, signal 59586/63230 (executing program) 2025/01/18 07:40:54 fetching corpus: 350, signal 64555/67772 (executing program) 2025/01/18 07:40:54 fetching corpus: 400, signal 70468/72784 (executing program) 2025/01/18 07:40:54 fetching corpus: 450, signal 74231/75896 (executing program) 2025/01/18 07:40:54 fetching corpus: 500, signal 78195/78935 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/79632 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/79674 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/79718 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/79759 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/79798 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/79844 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/79892 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/79939 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/79973 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80021 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80071 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80116 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80164 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80210 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80256 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80311 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80366 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80419 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80466 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80524 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80567 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80610 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80654 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80710 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80752 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80805 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80847 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80899 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80946 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80964 (executing program) 2025/01/18 07:40:55 fetching corpus: 529, signal 79062/80964 (executing program) 2025/01/18 07:40:59 starting 8 fuzzer processes 07:40:59 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, 0x0, 0x0) 07:40:59 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x163008, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x2088024, &(0x7f00000000c0)) 07:40:59 executing program 2: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x2a0822, &(0x7f0000000180)={[{@nr_inodes={'nr_inodes', 0x3d, [0x31]}}]}) 07:40:59 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000340)={'syztnl1\x00', 0x0}) io_setup(0x0, 0x0) [ 85.700387] audit: type=1400 audit(1737186059.294:7): avc: denied { execmem } for pid=276 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 07:40:59 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x5422, 0x0) 07:40:59 executing program 5: setrlimit(0x9, &(0x7f0000000000)) io_setup(0x0, 0x0) setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, 0x0, 0xe) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSRS485(0xffffffffffffffff, 0x542f, 0x0) io_setup(0x80, &(0x7f0000000040)) 07:40:59 executing program 6: r0 = inotify_init1(0x0) r1 = dup2(r0, r0) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000100)) 07:40:59 executing program 7: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) perf_event_open(&(0x7f0000000000)={0x5c6b1b859b10c2ac, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r2, 0x0) fsopen(0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) [ 87.058619] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.062300] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.065198] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.071304] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.076301] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 87.077955] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.143407] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.146277] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.148480] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.152605] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.154809] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.158308] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 87.163216] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.173387] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 87.177223] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.181188] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.183206] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 87.190081] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.201907] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.203603] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.215545] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.216732] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.221009] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.223465] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.227763] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 87.229143] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 87.229138] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.236896] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.239204] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 87.239796] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 87.249325] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 87.252119] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 87.257232] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 87.260218] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.262297] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.268262] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 87.270819] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.276034] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 87.289775] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 87.290340] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 87.298441] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 87.304470] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 87.305712] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.307815] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 87.311365] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 87.320346] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 87.334262] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 87.337581] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 89.149529] Bluetooth: hci0: command tx timeout [ 89.213404] Bluetooth: hci1: command tx timeout [ 89.277316] Bluetooth: hci2: command tx timeout [ 89.341104] Bluetooth: hci7: command tx timeout [ 89.341143] Bluetooth: hci3: command tx timeout [ 89.341464] Bluetooth: hci5: command tx timeout [ 89.405075] Bluetooth: hci4: command tx timeout [ 89.405283] Bluetooth: hci6: command tx timeout [ 91.199155] Bluetooth: hci0: command tx timeout [ 91.262181] Bluetooth: hci1: command tx timeout [ 91.328016] Bluetooth: hci2: command tx timeout [ 91.389354] Bluetooth: hci3: command tx timeout [ 91.391076] Bluetooth: hci5: command tx timeout [ 91.391396] Bluetooth: hci7: command tx timeout [ 91.453068] Bluetooth: hci6: command tx timeout [ 91.453180] Bluetooth: hci4: command tx timeout [ 93.245159] Bluetooth: hci0: command tx timeout [ 93.311046] Bluetooth: hci1: command tx timeout [ 93.373157] Bluetooth: hci2: command tx timeout [ 93.437100] Bluetooth: hci7: command tx timeout [ 93.437716] Bluetooth: hci5: command tx timeout [ 93.438304] Bluetooth: hci3: command tx timeout [ 93.501232] Bluetooth: hci4: command tx timeout [ 93.502226] Bluetooth: hci6: command tx timeout [ 95.294030] Bluetooth: hci0: command tx timeout [ 95.357166] Bluetooth: hci1: command tx timeout [ 95.421999] Bluetooth: hci2: command tx timeout [ 95.485256] Bluetooth: hci3: command tx timeout [ 95.485348] Bluetooth: hci5: command tx timeout [ 95.485433] Bluetooth: hci7: command tx timeout [ 95.549093] Bluetooth: hci6: command tx timeout [ 95.549184] Bluetooth: hci4: command tx timeout [ 150.097340] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 150.101047] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 150.104693] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 150.106580] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 150.108640] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 150.110392] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 150.117046] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 150.122750] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 150.126479] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 150.129574] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 150.138581] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 150.140290] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 150.236868] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 150.242796] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 150.253396] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 150.257091] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 150.257598] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 150.263225] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 150.273245] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 150.305215] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 150.309330] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 150.310487] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 150.314618] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 150.320890] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 150.322622] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 150.330059] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 150.351122] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 150.355864] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 150.360777] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 150.373798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 150.388826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 150.391401] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 150.393284] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 150.397555] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 150.399426] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 150.399730] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 150.411689] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 150.413745] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 150.414777] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 150.422146] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 150.423212] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 150.430163] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 150.433657] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 150.440568] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 150.441152] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 150.441592] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 150.442707] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 150.444273] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 152.190225] Bluetooth: hci1: command tx timeout [ 152.191228] Bluetooth: hci0: command tx timeout [ 152.509042] Bluetooth: hci6: command tx timeout [ 152.573165] Bluetooth: hci7: command tx timeout [ 152.573583] Bluetooth: hci2: command tx timeout [ 152.573704] Bluetooth: hci3: command tx timeout [ 152.573819] Bluetooth: hci5: command tx timeout [ 152.573995] Bluetooth: hci4: command tx timeout [ 154.237141] Bluetooth: hci0: command tx timeout [ 154.238443] Bluetooth: hci1: command tx timeout [ 154.557132] Bluetooth: hci6: command tx timeout [ 154.622315] Bluetooth: hci4: command tx timeout [ 154.622366] Bluetooth: hci5: command tx timeout [ 154.622490] Bluetooth: hci3: command tx timeout [ 154.622595] Bluetooth: hci2: command tx timeout [ 154.622667] Bluetooth: hci7: command tx timeout [ 156.285233] Bluetooth: hci0: command tx timeout [ 156.286133] Bluetooth: hci1: command tx timeout [ 156.606060] Bluetooth: hci6: command tx timeout [ 156.669094] Bluetooth: hci7: command tx timeout [ 156.669207] Bluetooth: hci2: command tx timeout [ 156.669301] Bluetooth: hci4: command tx timeout [ 156.669365] Bluetooth: hci5: command tx timeout [ 156.669427] Bluetooth: hci3: command tx timeout [ 158.333183] Bluetooth: hci0: command tx timeout [ 158.333854] Bluetooth: hci1: command tx timeout [ 158.653028] Bluetooth: hci6: command tx timeout [ 158.717118] Bluetooth: hci7: command tx timeout [ 158.717216] Bluetooth: hci3: command tx timeout [ 158.717306] Bluetooth: hci5: command tx timeout [ 158.717369] Bluetooth: hci4: command tx timeout [ 158.717430] Bluetooth: hci2: command tx timeout [ 210.541338] syz-executor.2 (3441) used greatest stack depth: 23584 bytes left [ 210.680522] [ 210.680776] ====================================================== [ 210.681378] WARNING: possible circular locking dependency detected [ 210.681956] 6.13.0-rc7-next-20250117 #1 Not tainted [ 210.682455] ------------------------------------------------------ [ 210.683746] kworker/u8:1/66 is trying to acquire lock: [ 210.684932] ffffffff8621b968 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.687109] [ 210.687109] but task is already holding lock: [ 210.688687] ffff8880151b8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 210.690710] [ 210.690710] which lock already depends on the new lock. [ 210.690710] [ 210.692147] [ 210.692147] the existing dependency chain (in reverse order) is: [ 210.692810] [ 210.692810] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 210.693444] __mutex_lock+0x13d/0xb50 [ 210.693881] wiphy_register+0x1b2e/0x25d0 [ 210.694371] ieee80211_register_hw+0x23a4/0x3d60 [ 210.694898] mac80211_hwsim_new_radio+0x2759/0x4d50 [ 210.695460] init_mac80211_hwsim+0x389/0x870 [ 210.695977] do_one_initcall+0xf9/0x640 [ 210.696459] kernel_init_freeable+0x53d/0x7a0 [ 210.696972] kernel_init+0x1e/0x2d0 [ 210.697390] ret_from_fork+0x48/0x80 [ 210.697812] ret_from_fork_asm+0x1a/0x30 [ 210.698309] [ 210.698309] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 210.698915] __lock_acquire+0x29fd/0x4580 [ 210.699401] lock_acquire+0x19b/0x520 [ 210.699839] __mutex_lock+0x13d/0xb50 [ 210.700294] unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.700896] unregister_netdevice_queue+0x224/0x2e0 [ 210.701437] _cfg80211_unregister_wdev+0x57b/0x700 [ 210.701981] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 210.702537] ieee80211_unregister_hw+0x55/0x3a0 [ 210.703053] hwsim_exit_net+0x3a0/0x730 [ 210.703487] ops_exit_list+0xb3/0x180 [ 210.703914] cleanup_net+0x546/0xad0 [ 210.704356] process_one_work+0x8ee/0x1a10 [ 210.704856] worker_thread+0x674/0xe70 [ 210.705324] kthread+0x3ab/0x720 [ 210.705722] ret_from_fork+0x48/0x80 [ 210.706140] ret_from_fork_asm+0x1a/0x30 [ 210.706602] [ 210.706602] other info that might help us debug this: [ 210.706602] [ 210.707317] Possible unsafe locking scenario: [ 210.707317] [ 210.707849] CPU0 CPU1 [ 210.708300] ---- ---- [ 210.708738] lock(&rdev->wiphy.mtx); [ 210.709139] lock(rtnl_mutex); [ 210.709701] lock(&rdev->wiphy.mtx); [ 210.710329] lock(rtnl_mutex); [ 210.710683] [ 210.710683] *** DEADLOCK *** [ 210.710683] [ 210.711252] 4 locks held by kworker/u8:1/66: [ 210.711662] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 210.712620] #1: ffff88800bbdfd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 210.713539] #2: ffffffff8620f810 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 210.714401] #3: ffff8880151b8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 210.715372] [ 210.715372] stack backtrace: [ 210.715789] CPU: 1 UID: 0 PID: 66 Comm: kworker/u8:1 Not tainted 6.13.0-rc7-next-20250117 #1 [ 210.716587] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 210.717326] Workqueue: netns cleanup_net [ 210.717715] Call Trace: [ 210.717969] [ 210.718211] dump_stack_lvl+0xca/0x120 [ 210.718601] print_circular_bug+0x47b/0x750 [ 210.719054] check_noncircular+0x2e9/0x3c0 [ 210.719477] ? __pfx_check_noncircular+0x10/0x10 [ 210.719947] ? hlock_class+0x4e/0x130 [ 210.720328] ? mark_lock+0xac/0xed0 [ 210.720699] ? srso_return_thunk+0x5/0x5f [ 210.721130] ? dl_scaled_delta_exec+0xd4/0x2c0 [ 210.721563] ? lockdep_lock+0xba/0x1b0 [ 210.721958] ? __pfx_lockdep_lock+0x10/0x10 [ 210.722405] __lock_acquire+0x29fd/0x4580 [ 210.722821] ? __pfx___lock_acquire+0x10/0x10 [ 210.723273] ? lock_release+0x20f/0x6f0 [ 210.723676] ? __pfx_lock_release+0x10/0x10 [ 210.724121] lock_acquire+0x19b/0x520 [ 210.724557] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.725211] ? __pfx_lock_acquire+0x10/0x10 [ 210.725710] ? srso_return_thunk+0x5/0x5f [ 210.726158] ? lock_release+0x20f/0x6f0 [ 210.726541] ? srso_return_thunk+0x5/0x5f [ 210.726946] ? lock_is_held_type+0x9e/0x120 [ 210.727381] ? srso_return_thunk+0x5/0x5f [ 210.727789] __mutex_lock+0x13d/0xb50 [ 210.728175] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.728711] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.729250] ? srso_return_thunk+0x5/0x5f [ 210.729653] ? synchronize_rcu_expedited+0x38a/0x420 [ 210.730137] ? __pfx___mutex_lock+0x10/0x10 [ 210.730575] ? __pfx_autoremove_wake_function+0x10/0x10 [ 210.731108] ? srso_return_thunk+0x5/0x5f [ 210.731531] ? kasan_quarantine_put+0x84/0x1e0 [ 210.732006] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 210.732455] ? srso_return_thunk+0x5/0x5f [ 210.732879] unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.733436] ? __virt_addr_valid+0x2e8/0x5d0 [ 210.733885] ? __pfx_lock_release+0x10/0x10 [ 210.734337] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 210.734914] ? find_held_lock+0x2c/0x110 [ 210.735343] ? srso_return_thunk+0x5/0x5f [ 210.735765] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 210.736246] ? srso_return_thunk+0x5/0x5f [ 210.736650] ? lock_release+0x20f/0x6f0 [ 210.737043] ? __pfx_lock_release+0x10/0x10 [ 210.737451] ? srso_return_thunk+0x5/0x5f [ 210.737854] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 210.738369] ? srso_return_thunk+0x5/0x5f [ 210.738779] unregister_netdevice_queue+0x224/0x2e0 [ 210.739250] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 210.739754] ? up_write+0x195/0x520 [ 210.740127] _cfg80211_unregister_wdev+0x57b/0x700 [ 210.740594] ? srso_return_thunk+0x5/0x5f [ 210.741019] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 210.741507] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 210.742044] ? srso_return_thunk+0x5/0x5f [ 210.742480] ? srso_return_thunk+0x5/0x5f [ 210.742902] ? synchronize_rcu+0x1ff/0x260 [ 210.743335] ieee80211_unregister_hw+0x55/0x3a0 [ 210.743804] hwsim_exit_net+0x3a0/0x730 [ 210.744205] ? __pfx_hwsim_exit_net+0x10/0x10 [ 210.744627] ? srso_return_thunk+0x5/0x5f [ 210.745049] ? netdev_run_todo+0x788/0x1040 [ 210.745483] ? __pfx_hwsim_exit_net+0x10/0x10 [ 210.745939] ops_exit_list+0xb3/0x180 [ 210.746347] cleanup_net+0x546/0xad0 [ 210.746730] ? __pfx_cleanup_net+0x10/0x10 [ 210.747153] process_one_work+0x8ee/0x1a10 [ 210.747577] ? __pfx_lock_acquire+0x10/0x10 [ 210.748009] ? __pfx_process_one_work+0x10/0x10 [ 210.748484] ? srso_return_thunk+0x5/0x5f [ 210.748908] ? move_linked_works+0x172/0x270 [ 210.749355] ? srso_return_thunk+0x5/0x5f [ 210.749761] ? assign_work+0x196/0x240 [ 210.750174] worker_thread+0x674/0xe70 [ 210.750572] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 210.751071] ? srso_return_thunk+0x5/0x5f [ 210.751474] ? __pfx_worker_thread+0x10/0x10 [ 210.751906] kthread+0x3ab/0x720 [ 210.752260] ? __pfx_kthread+0x10/0x10 [ 210.752643] ? srso_return_thunk+0x5/0x5f [ 210.753052] ? finish_task_switch.isra.0+0x206/0x840 [ 210.753530] ? __pfx_kthread+0x10/0x10 [ 210.753919] ret_from_fork+0x48/0x80 [ 210.754284] ? __pfx_kthread+0x10/0x10 [ 210.754670] ret_from_fork_asm+0x1a/0x30 [ 210.755086] [ 212.358262] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 212.358695] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 212.360536] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 212.361774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 212.365120] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 212.365538] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 212.427393] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 212.428699] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 212.430098] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 212.431008] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 212.431765] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 212.434013] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 212.434868] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 212.438175] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 212.439564] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 212.441464] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 212.443483] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 212.455508] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 212.455524] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 212.459116] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 212.459880] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 212.460347] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 212.467190] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 212.467580] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 212.564171] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 212.568608] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 212.573385] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 212.609786] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 212.620011] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 212.626382] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 212.635345] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 212.655447] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 212.661192] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 212.694327] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 212.701193] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 212.701499] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 212.703000] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 212.709859] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 212.710120] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 212.712239] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 212.717099] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 212.752144] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 212.753124] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 212.786540] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 212.787774] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 212.791252] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 212.795838] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 212.803075] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 214.397960] Bluetooth: hci0: command tx timeout [ 214.462154] Bluetooth: hci2: command tx timeout [ 214.525007] Bluetooth: hci3: command tx timeout [ 214.588962] Bluetooth: hci1: command tx timeout [ 214.718106] Bluetooth: hci4: command tx timeout [ 214.780980] Bluetooth: hci5: command tx timeout [ 214.845983] Bluetooth: hci7: command tx timeout [ 214.909197] Bluetooth: hci6: command tx timeout [ 216.445108] Bluetooth: hci0: command tx timeout [ 216.510110] Bluetooth: hci2: command tx timeout [ 216.573995] Bluetooth: hci3: command tx timeout [ 216.638986] Bluetooth: hci1: command tx timeout [ 216.764988] Bluetooth: hci4: command tx timeout [ 216.830681] Bluetooth: hci5: command tx timeout [ 216.894558] Bluetooth: hci7: command tx timeout [ 216.958968] Bluetooth: hci6: command tx timeout [ 218.492979] Bluetooth: hci0: command tx timeout [ 218.558045] Bluetooth: hci2: command tx timeout [ 218.624008] Bluetooth: hci3: command tx timeout [ 218.685259] Bluetooth: hci1: command tx timeout [ 218.813098] Bluetooth: hci4: command tx timeout [ 218.877097] Bluetooth: hci5: command tx timeout [ 218.942887] Bluetooth: hci7: command tx timeout [ 219.004970] Bluetooth: hci6: command tx timeout [ 220.542063] Bluetooth: hci0: command tx timeout [ 220.606050] Bluetooth: hci2: command tx timeout [ 220.670031] Bluetooth: hci3: command tx timeout VM DIAGNOSIS: 07:43:04 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88800f1a8000 RCX=ffffffff81429a0f RDX=ffff88800f1a8000 RSI=ffffffff81429a18 RDI=0000000000000005 RBP=0000000000200000 RSP=ffff88800f1b7db0 R8 =0000000000000000 R9 =ffffed1001705380 R10=0000000000200000 R11=ffff88800f1a84b8 R12=ffff88806be38ff9 R13=ffffffff88618798 R14=ffff88800f1a8000 R15=0000000000000086 RIP=ffffffff8171a158 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa41de087f8 CR3=0000000036c28000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000005 XMM01=00000000ff0000000000000000000000 XMM02=77656e6d70720070756f72672e61746f XMM03=646e756f662b74736f6c002f2e2f002f XMM04=3020202020202020093a736567615062 XMM05=00000000000000000000000000000000 XMM06=2020092020202020093a0a4267203836 XMM07=00000000000000000000000000000000 XMM08=722f6c6c696b66722f6372732f2e2e00 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000000d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283cdc5 RDI=ffffffff886930a0 RBP=ffffffff88693060 RSP=ffff88800bbdebb8 R8 =0000000000000001 R9 =ffffed100177bd67 R10=0000000000000000 R11=6f6c206863696877 R12=000000000000000d R13=0000000000000001 R14=ffff888008fea00f R15=ffff88800bbdeeb8 RIP=ffffffff8283ce1d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007efdf0f83920 CR3=00000000133ac000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=33343a3730203831206e614a3e30333c XMM01=7661532f64616f4c2064657472617453 XMM02=6c694b20465220657661532f64616f4c XMM03=747379732034303a33343a3730203831 XMM04=6456774875434142334f726f59427469 XMM05=485320415352203a3268737320383639 XMM06=206d6f726620746f6f7220726f662079 XMM07=00000000000000000000000000000000 XMM08=3a677562656420676f6c737973720000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000