Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:23950' (ECDSA) to the list of known hosts. 2025/01/18 13:49:08 fuzzer started 2025/01/18 13:49:08 dialing manager at localhost:44245 syzkaller login: [ 61.523841] cgroup: Unknown subsys name 'net' [ 61.621327] cgroup: Unknown subsys name 'cpuset' [ 61.647422] cgroup: Unknown subsys name 'rlimit' [ 66.668256] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/18 13:49:25 syscalls: 2217 2025/01/18 13:49:25 code coverage: enabled 2025/01/18 13:49:25 comparison tracing: enabled 2025/01/18 13:49:25 extra coverage: enabled 2025/01/18 13:49:25 setuid sandbox: enabled 2025/01/18 13:49:25 namespace sandbox: enabled 2025/01/18 13:49:25 Android sandbox: enabled 2025/01/18 13:49:25 fault injection: enabled 2025/01/18 13:49:25 leak checking: enabled 2025/01/18 13:49:25 net packet injection: enabled 2025/01/18 13:49:25 net device setup: enabled 2025/01/18 13:49:25 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/18 13:49:25 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/18 13:49:25 USB emulation: enabled 2025/01/18 13:49:25 hci packet injection: enabled 2025/01/18 13:49:25 wifi device emulation: enabled 2025/01/18 13:49:25 802.15.4 emulation: enabled 2025/01/18 13:49:25 fetching corpus: 0, signal 0/2000 (executing program) 2025/01/18 13:49:25 fetching corpus: 50, signal 23324/26422 (executing program) 2025/01/18 13:49:25 fetching corpus: 100, signal 38120/41903 (executing program) 2025/01/18 13:49:25 fetching corpus: 150, signal 42877/47572 (executing program) 2025/01/18 13:49:26 fetching corpus: 200, signal 49656/54952 (executing program) 2025/01/18 13:49:26 fetching corpus: 250, signal 55842/61510 (executing program) 2025/01/18 13:49:26 fetching corpus: 300, signal 60962/66929 (executing program) 2025/01/18 13:49:26 fetching corpus: 350, signal 64248/70614 (executing program) 2025/01/18 13:49:26 fetching corpus: 400, signal 68587/75013 (executing program) 2025/01/18 13:49:26 fetching corpus: 450, signal 72097/78553 (executing program) 2025/01/18 13:49:27 fetching corpus: 500, signal 75107/81583 (executing program) 2025/01/18 13:49:27 fetching corpus: 550, signal 78007/84459 (executing program) 2025/01/18 13:49:27 fetching corpus: 600, signal 81111/87318 (executing program) 2025/01/18 13:49:27 fetching corpus: 650, signal 83061/89250 (executing program) 2025/01/18 13:49:27 fetching corpus: 700, signal 84617/90816 (executing program) 2025/01/18 13:49:28 fetching corpus: 750, signal 87175/93029 (executing program) 2025/01/18 13:49:28 fetching corpus: 800, signal 88908/94546 (executing program) 2025/01/18 13:49:28 fetching corpus: 850, signal 91201/96368 (executing program) 2025/01/18 13:49:28 fetching corpus: 900, signal 93474/98126 (executing program) 2025/01/18 13:49:28 fetching corpus: 950, signal 94752/99195 (executing program) 2025/01/18 13:49:28 fetching corpus: 1000, signal 96264/100334 (executing program) 2025/01/18 13:49:29 fetching corpus: 1050, signal 97805/101439 (executing program) 2025/01/18 13:49:29 fetching corpus: 1100, signal 99374/102492 (executing program) 2025/01/18 13:49:29 fetching corpus: 1150, signal 100561/103299 (executing program) 2025/01/18 13:49:29 fetching corpus: 1200, signal 102985/104698 (executing program) 2025/01/18 13:49:29 fetching corpus: 1250, signal 103859/105213 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/105808 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/105844 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/105876 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/105905 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/105936 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/105977 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106017 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106068 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106105 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106133 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106157 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106184 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106232 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106262 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106285 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106313 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106339 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106368 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106399 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106421 (executing program) 2025/01/18 13:49:29 fetching corpus: 1264, signal 104923/106451 (executing program) 2025/01/18 13:49:30 fetching corpus: 1264, signal 104923/106486 (executing program) 2025/01/18 13:49:30 fetching corpus: 1264, signal 104923/106521 (executing program) 2025/01/18 13:49:30 fetching corpus: 1264, signal 104923/106556 (executing program) 2025/01/18 13:49:30 fetching corpus: 1264, signal 104923/106586 (executing program) 2025/01/18 13:49:30 fetching corpus: 1264, signal 104923/106611 (executing program) 2025/01/18 13:49:30 fetching corpus: 1264, signal 104923/106640 (executing program) 2025/01/18 13:49:30 fetching corpus: 1264, signal 104923/106655 (executing program) 2025/01/18 13:49:30 fetching corpus: 1264, signal 104923/106655 (executing program) 2025/01/18 13:49:34 starting 8 fuzzer processes 13:49:34 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000000)='securityfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000002200)=""/4101, 0x45) getdents64(r0, &(0x7f0000000140)=""/122, 0x7a) 13:49:34 executing program 1: r0 = getpid() r1 = perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x2403, 0x0) 13:49:34 executing program 2: r0 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x4001813, r2, 0x0) r3 = perf_event_open(&(0x7f0000002040)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x11, r3, 0x0) 13:49:34 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00') pread64(r0, &(0x7f00000000c0)=""/225, 0xe1, 0x81) [ 86.668153] audit: type=1400 audit(1737208174.121:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 13:49:34 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) sendfile(r0, r0, 0x0, 0x3ffffe00) 13:49:34 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 13:49:34 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_RESIZE(r0, 0x560e, &(0x7f0000000040)={0x0, 0x7}) 13:49:34 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x864}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syncfs(r0) [ 87.979198] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.986459] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.988463] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.992940] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.996653] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 87.998719] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.109881] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.113544] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.116330] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.119732] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.121816] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 88.122714] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.301420] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.311213] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.316376] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.328522] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.331462] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 88.340569] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.373461] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.373607] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.388111] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.390251] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.392548] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.403658] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.405979] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.412655] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 88.420308] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.423208] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.434164] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 88.444261] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 88.468561] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 88.471309] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.483320] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 88.494402] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 88.498620] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 88.501174] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 88.504182] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 88.508720] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 88.516598] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 88.523179] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 88.528245] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 88.537924] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 88.553148] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 88.556008] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 88.569095] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 88.576206] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 88.598071] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 88.600269] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 90.070324] Bluetooth: hci0: command tx timeout [ 90.196853] Bluetooth: hci1: command tx timeout [ 90.389125] Bluetooth: hci2: command tx timeout [ 90.517826] Bluetooth: hci4: command tx timeout [ 90.581087] Bluetooth: hci3: command tx timeout [ 90.644923] Bluetooth: hci7: command tx timeout [ 90.645685] Bluetooth: hci5: command tx timeout [ 90.710819] Bluetooth: hci6: command tx timeout [ 92.119914] Bluetooth: hci0: command tx timeout [ 92.245831] Bluetooth: hci1: command tx timeout [ 92.439894] Bluetooth: hci2: command tx timeout [ 92.564937] Bluetooth: hci4: command tx timeout [ 92.628901] Bluetooth: hci3: command tx timeout [ 92.692867] Bluetooth: hci5: command tx timeout [ 92.692888] Bluetooth: hci7: command tx timeout [ 92.757966] Bluetooth: hci6: command tx timeout [ 94.165813] Bluetooth: hci0: command tx timeout [ 94.293910] Bluetooth: hci1: command tx timeout [ 94.487384] Bluetooth: hci2: command tx timeout [ 94.613870] Bluetooth: hci4: command tx timeout [ 94.679819] Bluetooth: hci3: command tx timeout [ 94.740942] Bluetooth: hci7: command tx timeout [ 94.742114] Bluetooth: hci5: command tx timeout [ 94.806959] Bluetooth: hci6: command tx timeout [ 96.213869] Bluetooth: hci0: command tx timeout [ 96.341840] Bluetooth: hci1: command tx timeout [ 96.534507] Bluetooth: hci2: command tx timeout [ 96.662873] Bluetooth: hci4: command tx timeout [ 96.724829] Bluetooth: hci3: command tx timeout [ 96.789858] Bluetooth: hci5: command tx timeout [ 96.790466] Bluetooth: hci7: command tx timeout [ 96.853877] Bluetooth: hci6: command tx timeout [ 150.711540] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 150.716069] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 150.717423] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 150.724575] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 150.729597] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 150.732216] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 150.754374] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 150.759682] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 150.774050] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 150.775352] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 150.777115] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 150.777446] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 150.790083] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 150.792413] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 150.792845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 150.794255] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 150.798122] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 150.804126] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 150.835325] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 150.860306] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 150.864351] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 150.881446] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 150.889379] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 150.891239] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 150.959296] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 150.966413] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 150.969115] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 150.981182] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 150.984029] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 150.985503] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 151.041198] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 151.043220] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 151.064263] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 151.070256] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 151.087236] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 151.096481] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 151.103113] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 151.120287] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 151.130064] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 151.148654] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 151.162450] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 151.163213] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 151.174191] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 151.174443] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 151.184629] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 151.184953] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 151.221350] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 151.234214] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 152.790234] Bluetooth: hci0: command tx timeout [ 152.853144] Bluetooth: hci2: command tx timeout [ 152.853241] Bluetooth: hci1: command tx timeout [ 152.981044] Bluetooth: hci3: command tx timeout [ 153.109017] Bluetooth: hci4: command tx timeout [ 153.236966] Bluetooth: hci6: command tx timeout [ 153.300939] Bluetooth: hci7: command tx timeout [ 153.302448] Bluetooth: hci5: command tx timeout [ 154.836873] Bluetooth: hci0: command tx timeout [ 154.902869] Bluetooth: hci1: command tx timeout [ 154.902892] Bluetooth: hci2: command tx timeout [ 155.028862] Bluetooth: hci3: command tx timeout [ 155.157784] Bluetooth: hci4: command tx timeout [ 155.284877] Bluetooth: hci6: command tx timeout [ 155.349833] Bluetooth: hci5: command tx timeout [ 155.349927] Bluetooth: hci7: command tx timeout [ 156.884834] Bluetooth: hci0: command tx timeout [ 156.948817] Bluetooth: hci2: command tx timeout [ 156.948871] Bluetooth: hci1: command tx timeout [ 157.076878] Bluetooth: hci3: command tx timeout [ 157.204860] Bluetooth: hci4: command tx timeout [ 157.334806] Bluetooth: hci6: command tx timeout [ 157.396907] Bluetooth: hci7: command tx timeout [ 157.396971] Bluetooth: hci5: command tx timeout [ 158.933904] Bluetooth: hci0: command tx timeout [ 158.996866] Bluetooth: hci1: command tx timeout [ 158.996976] Bluetooth: hci2: command tx timeout [ 159.125811] Bluetooth: hci3: command tx timeout [ 159.252820] Bluetooth: hci4: command tx timeout [ 159.380885] Bluetooth: hci6: command tx timeout [ 159.444875] Bluetooth: hci5: command tx timeout [ 159.444961] Bluetooth: hci7: command tx timeout [ 210.874051] [ 210.874491] ====================================================== [ 210.875682] WARNING: possible circular locking dependency detected [ 210.876855] 6.13.0-rc7-next-20250117 #1 Not tainted [ 210.882170] ------------------------------------------------------ [ 210.883598] kworker/u8:0/11 is trying to acquire lock: [ 210.884805] ffffffff8621b968 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.887203] [ 210.887203] but task is already holding lock: [ 210.888535] ffff888039268768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 210.890853] [ 210.890853] which lock already depends on the new lock. [ 210.890853] [ 210.892699] [ 210.892699] the existing dependency chain (in reverse order) is: [ 210.894378] [ 210.894378] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 210.895979] __mutex_lock+0x13d/0xb50 [ 210.897077] wiphy_register+0x1b2e/0x25d0 [ 210.898252] ieee80211_register_hw+0x23a4/0x3d60 [ 210.899587] mac80211_hwsim_new_radio+0x2759/0x4d50 [ 210.900971] init_mac80211_hwsim+0x389/0x870 [ 210.902249] do_one_initcall+0xf9/0x640 [ 210.903423] kernel_init_freeable+0x53d/0x7a0 [ 210.904671] kernel_init+0x1e/0x2d0 [ 210.905726] ret_from_fork+0x48/0x80 [ 210.906796] ret_from_fork_asm+0x1a/0x30 [ 210.908031] [ 210.908031] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 210.909497] __lock_acquire+0x29fd/0x4580 [ 210.910802] lock_acquire+0x19b/0x520 [ 210.911929] __mutex_lock+0x13d/0xb50 [ 210.913053] unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.914564] unregister_netdevice_queue+0x224/0x2e0 [ 210.915943] _cfg80211_unregister_wdev+0x57b/0x700 [ 210.917312] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 210.918652] ieee80211_unregister_hw+0x55/0x3a0 [ 210.919938] hwsim_exit_net+0x3a0/0x730 [ 210.921059] ops_exit_list+0xb3/0x180 [ 210.922139] cleanup_net+0x546/0xad0 [ 210.923228] process_one_work+0x8ee/0x1a10 [ 210.924454] worker_thread+0x674/0xe70 [ 210.925617] kthread+0x3ab/0x720 [ 210.926654] ret_from_fork+0x48/0x80 [ 210.927727] ret_from_fork_asm+0x1a/0x30 [ 210.928936] [ 210.928936] other info that might help us debug this: [ 210.928936] [ 210.930814] Possible unsafe locking scenario: [ 210.930814] [ 210.932212] CPU0 CPU1 [ 210.933315] ---- ---- [ 210.934405] lock(&rdev->wiphy.mtx); [ 210.935408] lock(rtnl_mutex); [ 210.936832] lock(&rdev->wiphy.mtx); [ 210.938366] lock(rtnl_mutex); [ 210.939298] [ 210.939298] *** DEADLOCK *** [ 210.939298] [ 210.940746] 4 locks held by kworker/u8:0/11: [ 210.941802] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 210.944298] #1: ffff8880095dfd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 210.946735] #2: ffffffff8620f810 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 210.949010] #3: ffff888039268768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 210.951550] [ 210.951550] stack backtrace: [ 210.952607] CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-rc7-next-20250117 #1 [ 210.954587] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 210.956541] Workqueue: netns cleanup_net [ 210.957577] Call Trace: [ 210.958235] [ 210.958823] dump_stack_lvl+0xca/0x120 [ 210.959400] print_circular_bug+0x47b/0x750 [ 210.959847] check_noncircular+0x2e9/0x3c0 [ 210.960274] ? srso_return_thunk+0x5/0x5f [ 210.960736] ? __pfx_check_noncircular+0x10/0x10 [ 210.961220] ? hlock_class+0x4e/0x130 [ 210.961620] ? mark_lock+0xac/0xed0 [ 210.962009] ? __pfx___resched_curr+0x10/0x10 [ 210.962487] ? lockdep_lock+0xba/0x1b0 [ 210.962933] ? __pfx_lockdep_lock+0x10/0x10 [ 210.963412] __lock_acquire+0x29fd/0x4580 [ 210.963862] ? __pfx___lock_acquire+0x10/0x10 [ 210.964338] ? lock_release+0x20f/0x6f0 [ 210.964766] ? __pfx_lock_release+0x10/0x10 [ 210.965222] lock_acquire+0x19b/0x520 [ 210.965632] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.966230] ? __pfx_lock_acquire+0x10/0x10 [ 210.966687] ? srso_return_thunk+0x5/0x5f [ 210.967207] ? lock_release+0x20f/0x6f0 [ 210.967649] ? srso_return_thunk+0x5/0x5f [ 210.968096] ? lock_is_held_type+0x9e/0x120 [ 210.968557] ? srso_return_thunk+0x5/0x5f [ 210.968999] __mutex_lock+0x13d/0xb50 [ 210.969406] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.969988] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.970580] ? srso_return_thunk+0x5/0x5f [ 210.971039] ? synchronize_rcu_expedited+0x38a/0x420 [ 210.971558] ? __pfx___mutex_lock+0x10/0x10 [ 210.972015] ? __pfx_autoremove_wake_function+0x10/0x10 [ 210.972560] ? srso_return_thunk+0x5/0x5f [ 210.973011] ? kasan_quarantine_put+0x84/0x1e0 [ 210.973499] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 210.973962] ? srso_return_thunk+0x5/0x5f [ 210.974406] unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.974982] ? __virt_addr_valid+0x2e8/0x5d0 [ 210.975450] ? __pfx_lock_release+0x10/0x10 [ 210.975896] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 210.976493] ? find_held_lock+0x2c/0x110 [ 210.976938] ? srso_return_thunk+0x5/0x5f [ 210.977382] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 210.977901] ? srso_return_thunk+0x5/0x5f [ 210.978344] ? lock_release+0x20f/0x6f0 [ 210.978768] ? __pfx_lock_release+0x10/0x10 [ 210.979218] ? srso_return_thunk+0x5/0x5f [ 210.979658] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 210.980199] ? srso_return_thunk+0x5/0x5f [ 210.980647] unregister_netdevice_queue+0x224/0x2e0 [ 210.981157] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 210.981706] ? up_write+0x195/0x520 [ 210.982104] _cfg80211_unregister_wdev+0x57b/0x700 [ 210.982616] ? srso_return_thunk+0x5/0x5f [ 210.983080] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 210.983588] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 210.984142] ? srso_return_thunk+0x5/0x5f [ 210.984584] ? srso_return_thunk+0x5/0x5f [ 210.985022] ? synchronize_rcu+0x1ff/0x260 [ 210.985457] ieee80211_unregister_hw+0x55/0x3a0 [ 210.985946] hwsim_exit_net+0x3a0/0x730 [ 210.986371] ? __pfx_hwsim_exit_net+0x10/0x10 [ 210.986830] ? srso_return_thunk+0x5/0x5f [ 210.987271] ? netdev_run_todo+0x788/0x1040 [ 210.987716] ? __pfx_hwsim_exit_net+0x10/0x10 [ 210.988173] ops_exit_list+0xb3/0x180 [ 210.988565] cleanup_net+0x546/0xad0 [ 210.988953] ? __pfx_cleanup_net+0x10/0x10 [ 210.989393] process_one_work+0x8ee/0x1a10 [ 210.989865] ? __pfx_lock_acquire+0x10/0x10 [ 210.990312] ? __pfx_process_one_work+0x10/0x10 [ 210.990810] ? srso_return_thunk+0x5/0x5f [ 210.991266] ? move_linked_works+0x172/0x270 [ 210.991720] ? srso_return_thunk+0x5/0x5f [ 210.992158] ? assign_work+0x196/0x240 [ 210.992580] worker_thread+0x674/0xe70 [ 210.993002] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 210.993540] ? __pfx_worker_thread+0x10/0x10 [ 210.994020] kthread+0x3ab/0x720 [ 210.994394] ? __pfx_kthread+0x10/0x10 [ 210.994803] ? srso_return_thunk+0x5/0x5f [ 210.995251] ? finish_task_switch.isra.0+0x206/0x840 [ 210.995779] ? __pfx_kthread+0x10/0x10 [ 210.996197] ret_from_fork+0x48/0x80 [ 210.996577] ? __pfx_kthread+0x10/0x10 [ 210.997004] ret_from_fork_asm+0x1a/0x30 [ 210.997465] [ 212.259093] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 212.261090] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 212.263041] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 212.271348] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 212.273632] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 212.274342] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 212.380062] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 212.382234] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 212.385164] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 212.393386] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 212.393815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 212.404222] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 212.405810] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 212.407368] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 212.409134] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 212.410193] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 212.411246] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 212.414817] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 212.450618] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 212.458007] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 212.462583] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 212.473541] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 212.478027] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 212.480171] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 212.519249] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 212.525889] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 212.526621] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 212.564165] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 212.564807] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 212.567993] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 212.600328] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 212.600868] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 212.602161] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 212.608407] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 212.615574] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 212.624208] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 212.718659] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 212.723324] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 212.732010] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 212.740983] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 212.748958] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 212.748973] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 212.750437] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 212.751430] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 212.753910] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 212.755574] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 212.778311] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 212.779919] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 214.293002] Bluetooth: hci0: command tx timeout [ 214.484877] Bluetooth: hci2: command tx timeout [ 214.485029] Bluetooth: hci1: command tx timeout [ 214.548906] Bluetooth: hci3: command tx timeout [ 214.613024] Bluetooth: hci4: command tx timeout [ 214.677358] Bluetooth: hci5: command tx timeout [ 214.805108] Bluetooth: hci7: command tx timeout [ 214.869019] Bluetooth: hci6: command tx timeout [ 216.340795] Bluetooth: hci0: command tx timeout [ 216.533941] Bluetooth: hci2: command tx timeout [ 216.534178] Bluetooth: hci1: command tx timeout [ 216.596799] Bluetooth: hci3: command tx timeout [ 216.661579] Bluetooth: hci4: command tx timeout [ 216.725421] Bluetooth: hci5: command tx timeout [ 216.852900] Bluetooth: hci7: command tx timeout [ 216.916945] Bluetooth: hci6: command tx timeout [ 218.389061] Bluetooth: hci0: command tx timeout [ 218.581230] Bluetooth: hci1: command tx timeout [ 218.581399] Bluetooth: hci2: command tx timeout [ 218.644836] Bluetooth: hci3: command tx timeout [ 218.709428] Bluetooth: hci4: command tx timeout [ 218.772936] Bluetooth: hci5: command tx timeout [ 218.900796] Bluetooth: hci7: command tx timeout [ 218.965700] Bluetooth: hci6: command tx timeout [ 220.437147] Bluetooth: hci0: command tx timeout [ 220.628927] Bluetooth: hci2: command tx timeout [ 220.630482] Bluetooth: hci1: command tx timeout [ 220.693146] Bluetooth: hci3: command tx timeout [ 220.756794] Bluetooth: hci4: command tx timeout [ 220.822058] Bluetooth: hci5: command tx timeout VM DIAGNOSIS: 13:51:38 Registers: info registers vcpu 0 RAX=0000000000000078 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283cdc5 RDI=ffffffff886930a0 RBP=ffffffff88693060 RSP=ffff8880095debb8 R8 =0000000000000001 R9 =ffffed10012bbd67 R10=0000000000000078 R11=0000000033312e36 R12=0000000000000078 R13=0000000000000001 R14=ffff888008fea01d R15=ffff8880095deeb8 RIP=ffffffff8283ce1d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fdf433ba040 CR3=0000000015a7c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000c000324280000000c000303920 XMM02=000000c000303a40000000c0003241e0 XMM03=000000c000303c80000000c000324230 XMM04=000000c000086090000000c000086060 XMM05=000000c0000860f0000000c0000860c0 XMM06=000000c000086150000000c000086120 XMM07=000000c000085760000000c00005b4d0 XMM08=000000c00005a3c0000000c000087050 XMM09=000000c000087080000000c00005b650 XMM10=000000c0000870e0000000c0000870b0 XMM11=000000c000087140000000c000087110 XMM12=000000c000106f20000000c000087170 XMM13=000000c000086660000000c000086630 XMM14=000000c0000866c0000000c000086690 XMM15=000000c0000a1080000000c0000866f0 info registers vcpu 1 RAX=0000000000000001 RBX=ffff88800f44e400 RCX=ffffffff81429a4a RDX=ffffed1001e89c81 RSI=0000000000000008 RDI=ffff88800f44e400 RBP=0000000000200000 RSP=ffff88800bb4fdb8 R8 =0000000000000000 R9 =ffffed1001e89c80 R10=ffff88800f44e407 R11=0000000000000001 R12=ffffffff85a6dff9 R13=ffff888008c50378 R14=ffff88800f1d1bc0 R15=0000000000000086 RIP=ffffffff81429a4a RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe2600000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055c4d50b4518 CR3=0000000015a7c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=6b7a79732f3134383936363435377269 XMM02=2f313438393636343537726964747365 XMM03=31343031464a2e72656c6c616b7a7973 XMM04=00000000000000003fd3333333333333 XMM05=000000c00085b590000000c00085b530 XMM06=000000c00082d140000000c00082d100 XMM07=000000c00085b5f0000000c00085b5c0 XMM08=000000c00035b940000000c00035b680 XMM09=000000c00035bfc0000000c00035bb80 XMM10=000000c0005843c0000000c0005841c0 XMM11=000000c000428cf0000000c000428c90 XMM12=000000c000428d50000000c000428d20 XMM13=000000c000086660000000c000086630 XMM14=000000c0000866c0000000c000086690 XMM15=000000c0000a1080000000c0000866f0