Warning: Permanently added '[localhost]:37300' (ECDSA) to the list of known hosts. 2025/01/28 16:06:38 fuzzer started 2025/01/28 16:06:39 dialing manager at localhost:40187 syzkaller login: [ 62.274761] cgroup: Unknown subsys name 'net' [ 62.415937] cgroup: Unknown subsys name 'cpuset' [ 62.472102] cgroup: Unknown subsys name 'rlimit' [ 79.477647] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/28 16:06:57 syscalls: 2217 2025/01/28 16:06:57 code coverage: enabled 2025/01/28 16:06:57 comparison tracing: enabled 2025/01/28 16:06:57 extra coverage: enabled 2025/01/28 16:06:57 setuid sandbox: enabled 2025/01/28 16:06:57 namespace sandbox: enabled 2025/01/28 16:06:57 Android sandbox: enabled 2025/01/28 16:06:57 fault injection: enabled 2025/01/28 16:06:57 leak checking: enabled 2025/01/28 16:06:57 net packet injection: enabled 2025/01/28 16:06:57 net device setup: enabled 2025/01/28 16:06:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/28 16:06:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/28 16:06:57 USB emulation: enabled 2025/01/28 16:06:57 hci packet injection: enabled 2025/01/28 16:06:57 wifi device emulation: enabled 2025/01/28 16:06:57 802.15.4 emulation: enabled 2025/01/28 16:06:57 fetching corpus: 0, signal 0/2000 (executing program) 2025/01/28 16:06:57 fetching corpus: 7, signal 4535/7379 (executing program) 2025/01/28 16:06:57 fetching corpus: 7, signal 4535/8786 (executing program) 2025/01/28 16:06:57 fetching corpus: 7, signal 4535/10213 (executing program) 2025/01/28 16:06:57 fetching corpus: 7, signal 4535/11645 (executing program) 2025/01/28 16:06:57 fetching corpus: 7, signal 4535/13088 (executing program) 2025/01/28 16:06:57 fetching corpus: 7, signal 4535/14547 (executing program) 2025/01/28 16:06:57 fetching corpus: 7, signal 4535/15986 (executing program) 2025/01/28 16:06:57 fetching corpus: 7, signal 4535/15986 (executing program) 2025/01/28 16:07:01 starting 8 fuzzer processes 16:07:01 executing program 0: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 16:07:01 executing program 1: syz_mount_image$nfs(0x0, 0x0, 0x0, 0x3, &(0x7f0000000700)=[{&(0x7f0000000480)="a3", 0x1}, {&(0x7f0000000540)="bd", 0x1}, {&(0x7f0000000640)='\t', 0x1}], 0x0, 0x0) 16:07:01 executing program 2: syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x4200) 16:07:01 executing program 3: r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmctl$IPC_RMID(r0, 0x0) [ 83.908786] audit: type=1400 audit(1738080421.317:7): avc: denied { execmem } for pid=269 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 16:07:01 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000180)=0x400, 0x4) 16:07:01 executing program 5: utimes(0x0, &(0x7f0000000880)={{}, {0x0, 0x2710}}) 16:07:01 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366cd155d00080101000240002000f801002000400000000000000000008000"/64, 0x40}, {&(0x7f0000010100)="f8ffff00f0ffffffff07800009a000ffffff00"/32, 0x20, 0x800}, {&(0x7f0000010200)="f8ffff00f0ffffffff07800009a000ffffff00"/32, 0x20, 0x1000}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e880325132510000e880325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100011e970325132510000e970325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200011e970325132510000e970325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200011e970325132510000e970325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200011e970325132510000e97032510b0064000000", 0x120, 0x1800}, {&(0x7f0000010500)="2e20202020202020202020100011e970325132510000e97032510300000000002e2e202020202020202020100011e970325132510000e970325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200011e970325132510000e970325104001a040000", 0x80, 0x2800}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x3000}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0x3800}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x6800}], 0x0, &(0x7f0000010d00)) 16:07:01 executing program 7: pread64(0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffff5b3) [ 85.231110] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.233376] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.235198] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.238854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.241664] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.243138] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.300456] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.315916] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.322495] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.327388] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.329127] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.330925] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.336024] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.343743] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.345894] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.351833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.357774] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.359002] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.360241] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.363071] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.368632] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 85.370083] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.371733] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.373868] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 85.375269] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.376846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.378470] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.380054] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.381430] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 85.385358] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.387735] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.388256] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 85.390851] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 85.392046] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.401313] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 85.402431] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 85.407609] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 85.416655] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 85.420405] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 85.441894] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 85.442639] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 85.445910] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 85.461601] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 85.463093] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 85.464066] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 85.464943] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 85.470354] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 85.471422] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.315940] Bluetooth: hci0: command tx timeout [ 87.443696] Bluetooth: hci4: command tx timeout [ 87.443798] Bluetooth: hci2: command tx timeout [ 87.444496] Bluetooth: hci3: command tx timeout [ 87.507687] Bluetooth: hci5: command tx timeout [ 87.507715] Bluetooth: hci7: command tx timeout [ 87.508440] Bluetooth: hci1: command tx timeout [ 87.509145] Bluetooth: hci6: command tx timeout [ 89.362752] Bluetooth: hci0: command tx timeout [ 89.492634] Bluetooth: hci3: command tx timeout [ 89.493130] Bluetooth: hci2: command tx timeout [ 89.493166] Bluetooth: hci4: command tx timeout [ 89.555326] Bluetooth: hci1: command tx timeout [ 89.555358] Bluetooth: hci6: command tx timeout [ 89.555863] Bluetooth: hci7: command tx timeout [ 89.556225] Bluetooth: hci5: command tx timeout [ 91.410626] Bluetooth: hci0: command tx timeout [ 91.540757] Bluetooth: hci4: command tx timeout [ 91.541230] Bluetooth: hci3: command tx timeout [ 91.541732] Bluetooth: hci2: command tx timeout [ 91.603733] Bluetooth: hci7: command tx timeout [ 91.604176] Bluetooth: hci1: command tx timeout [ 91.604996] Bluetooth: hci6: command tx timeout [ 91.605422] Bluetooth: hci5: command tx timeout [ 93.458600] Bluetooth: hci0: command tx timeout [ 93.588590] Bluetooth: hci2: command tx timeout [ 93.589062] Bluetooth: hci3: command tx timeout [ 93.589484] Bluetooth: hci4: command tx timeout [ 93.651945] Bluetooth: hci5: command tx timeout [ 93.652385] Bluetooth: hci6: command tx timeout [ 93.653356] Bluetooth: hci1: command tx timeout [ 93.653882] Bluetooth: hci7: command tx timeout [ 141.582138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.583480] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.886283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.887001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.516155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.516866] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.862796] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.863454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.172189] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.172897] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.501086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.501989] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 16:08:00 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000180)=0x400, 0x4) 16:08:01 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000180)=0x400, 0x4) [ 143.743852] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.744534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 16:08:01 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000180)=0x400, 0x4) [ 143.965000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.965698] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 16:08:01 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000180)=0x400, 0x4) 16:08:01 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000180)=0x400, 0x4) [ 144.425782] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.426452] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 16:08:01 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000180)=0x400, 0x4) [ 144.717933] [ 144.718138] ====================================================== [ 144.718660] WARNING: possible circular locking dependency detected [ 144.719185] 6.13.0-next-20250128 #1 Not tainted [ 144.719580] ------------------------------------------------------ [ 144.721351] kworker/u8:0/11 is trying to acquire lock: [ 144.722419] ffffffff8621d9a8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 144.724781] [ 144.724781] but task is already holding lock: [ 144.726008] ffff888016498768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 144.727763] [ 144.727763] which lock already depends on the new lock. [ 144.727763] [ 144.728431] [ 144.728431] the existing dependency chain (in reverse order) is: [ 144.729050] [ 144.729050] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 144.729628] __mutex_lock+0x13d/0xb50 [ 144.730037] wiphy_register+0x1b2e/0x25d0 [ 144.730474] ieee80211_register_hw+0x23a4/0x3d60 [ 144.730948] mac80211_hwsim_new_radio+0x2759/0x4d60 [ 144.731445] init_mac80211_hwsim+0x389/0x870 [ 144.731908] do_one_initcall+0xf9/0x640 [ 144.732335] kernel_init_freeable+0x53d/0x7a0 [ 144.732798] kernel_init+0x1e/0x2d0 [ 144.733171] ret_from_fork+0x48/0x80 [ 144.733557] ret_from_fork_asm+0x1a/0x30 [ 144.733989] [ 144.733989] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 144.734519] __lock_acquire+0x29fd/0x4580 [ 144.734945] lock_acquire+0x19b/0x520 [ 144.735341] __mutex_lock+0x13d/0xb50 [ 144.735751] unregister_netdevice_many_notify+0x1612/0x1c80 [ 144.736293] unregister_netdevice_queue+0x224/0x2e0 [ 144.736778] _cfg80211_unregister_wdev+0x57b/0x700 [ 144.737277] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 144.737764] ieee80211_unregister_hw+0x55/0x3a0 [ 144.738223] hwsim_exit_net+0x3a0/0x730 [ 144.738646] ops_exit_list+0xb3/0x180 [ 144.739039] cleanup_net+0x546/0xad0 [ 144.739428] process_one_work+0x8ee/0x1a10 [ 144.739876] worker_thread+0x674/0xe70 [ 144.740298] kthread+0x3ab/0x720 [ 144.740671] ret_from_fork+0x48/0x80 [ 144.741050] ret_from_fork_asm+0x1a/0x30 [ 144.741489] [ 144.741489] other info that might help us debug this: [ 144.741489] [ 144.742146] Possible unsafe locking scenario: [ 144.742146] [ 144.742649] CPU0 CPU1 [ 144.743041] ---- ---- [ 144.743433] lock(&rdev->wiphy.mtx); [ 144.743782] lock(rtnl_mutex); [ 144.744281] lock(&rdev->wiphy.mtx); [ 144.744825] lock(rtnl_mutex); [ 144.745132] [ 144.745132] *** DEADLOCK *** [ 144.745132] [ 144.745638] 4 locks held by kworker/u8:0/11: [ 144.746022] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 144.746904] #1: ffff8880095dfd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 144.747742] #2: ffffffff862119d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 144.748518] #3: ffff888016498768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 144.749397] [ 144.749397] stack backtrace: [ 144.749777] CPU: 1 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-next-20250128 #1 [ 144.749814] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 144.749836] Workqueue: netns cleanup_net [ 144.749877] Call Trace: [ 144.749887] [ 144.749898] dump_stack_lvl+0xca/0x120 [ 144.749957] print_circular_bug+0x47b/0x750 [ 144.750003] check_noncircular+0x2e9/0x3c0 [ 144.750046] ? __pfx_check_noncircular+0x10/0x10 [ 144.750090] ? srso_return_thunk+0x5/0x5f [ 144.750146] ? find_held_lock+0x2c/0x110 [ 144.750206] ? lockdep_lock+0xba/0x1b0 [ 144.750263] ? __pfx_lockdep_lock+0x10/0x10 [ 144.750325] __lock_acquire+0x29fd/0x4580 [ 144.750379] ? __pfx___lock_acquire+0x10/0x10 [ 144.750423] ? __pfx_try_to_wake_up+0x10/0x10 [ 144.750472] lock_acquire+0x19b/0x520 [ 144.750515] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 144.750564] ? __pfx_lock_acquire+0x10/0x10 [ 144.750609] ? srso_return_thunk+0x5/0x5f [ 144.750664] ? lock_release+0x20f/0x6f0 [ 144.750708] ? srso_return_thunk+0x5/0x5f [ 144.750764] ? lock_is_held_type+0x9e/0x120 [ 144.750819] ? srso_return_thunk+0x5/0x5f [ 144.750878] __mutex_lock+0x13d/0xb50 [ 144.750931] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 144.750976] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 144.751023] ? srso_return_thunk+0x5/0x5f [ 144.751078] ? synchronize_rcu_expedited+0x38a/0x420 [ 144.751123] ? __pfx___mutex_lock+0x10/0x10 [ 144.751177] ? __pfx_autoremove_wake_function+0x10/0x10 [ 144.751233] ? srso_return_thunk+0x5/0x5f [ 144.751288] ? kasan_quarantine_put+0x84/0x1e0 [ 144.751349] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 144.751385] ? srso_return_thunk+0x5/0x5f [ 144.751444] unregister_netdevice_many_notify+0x1612/0x1c80 [ 144.751490] ? __virt_addr_valid+0x2e8/0x5d0 [ 144.751544] ? __pfx_lock_release+0x10/0x10 [ 144.751588] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 144.751635] ? find_held_lock+0x2c/0x110 [ 144.751693] ? srso_return_thunk+0x5/0x5f [ 144.751750] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 144.751812] ? srso_return_thunk+0x5/0x5f [ 144.751867] ? lock_release+0x20f/0x6f0 [ 144.751912] ? __pfx_lock_release+0x10/0x10 [ 144.751955] ? srso_return_thunk+0x5/0x5f [ 144.752010] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 144.752058] ? srso_return_thunk+0x5/0x5f [ 144.752119] unregister_netdevice_queue+0x224/0x2e0 [ 144.752163] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 144.752207] ? up_write+0x195/0x520 [ 144.752262] _cfg80211_unregister_wdev+0x57b/0x700 [ 144.752314] ? srso_return_thunk+0x5/0x5f [ 144.752374] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 144.752413] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 144.752452] ? srso_return_thunk+0x5/0x5f [ 144.752507] ? srso_return_thunk+0x5/0x5f [ 144.752563] ? synchronize_rcu+0x1ff/0x260 [ 144.752606] ieee80211_unregister_hw+0x55/0x3a0 [ 144.752651] hwsim_exit_net+0x3a0/0x730 [ 144.752693] ? __pfx_hwsim_exit_net+0x10/0x10 [ 144.752733] ? srso_return_thunk+0x5/0x5f [ 144.752789] ? netdev_run_todo+0x788/0x1040 [ 144.752838] ? __pfx_hwsim_exit_net+0x10/0x10 [ 144.752881] ops_exit_list+0xb3/0x180 [ 144.752923] cleanup_net+0x546/0xad0 [ 144.752968] ? __pfx_cleanup_net+0x10/0x10 [ 144.753022] process_one_work+0x8ee/0x1a10 [ 144.753087] ? __pfx_lock_acquire+0x10/0x10 [ 144.753132] ? __pfx_process_one_work+0x10/0x10 [ 144.753198] ? srso_return_thunk+0x5/0x5f [ 144.753253] ? move_linked_works+0x172/0x270 [ 144.753298] ? srso_return_thunk+0x5/0x5f [ 144.753354] ? assign_work+0x196/0x240 [ 144.753411] worker_thread+0x674/0xe70 [ 144.753470] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 144.753522] ? __pfx_worker_thread+0x10/0x10 [ 144.753582] kthread+0x3ab/0x720 [ 144.753634] ? __pfx_kthread+0x10/0x10 [ 144.753686] ? srso_return_thunk+0x5/0x5f [ 144.753741] ? finish_task_switch.isra.0+0x206/0x840 [ 144.753792] ? __pfx_kthread+0x10/0x10 [ 144.753847] ret_from_fork+0x48/0x80 [ 144.753878] ? __pfx_kthread+0x10/0x10 [ 144.753930] ret_from_fork_asm+0x1a/0x30 [ 144.753997] [ 144.837612] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht' 16:08:02 executing program 4: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) splice(r0, &(0x7f0000000240), r1, &(0x7f0000000280), 0x101, 0x0) 16:08:02 executing program 4: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) splice(r0, &(0x7f0000000240), r1, &(0x7f0000000280), 0x101, 0x0) [ 147.100909] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 147.103882] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 147.106358] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 147.109847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 147.113445] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 147.115336] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 147.228942] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 147.233305] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 147.238142] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 147.243749] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 147.246615] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 147.252686] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 147.299403] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 147.305996] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 147.309804] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 147.315460] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 147.331076] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 147.333154] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 147.366899] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 147.385039] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 147.391007] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 147.410996] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 147.423126] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 147.426950] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 149.138722] Bluetooth: hci1: command tx timeout [ 149.330761] Bluetooth: hci3: command tx timeout [ 149.394761] Bluetooth: hci4: command tx timeout [ 149.522725] Bluetooth: hci5: command tx timeout [ 151.186625] Bluetooth: hci1: command tx timeout [ 151.378664] Bluetooth: hci3: command tx timeout [ 151.442662] Bluetooth: hci4: command tx timeout [ 151.570680] Bluetooth: hci5: command tx timeout [ 153.234611] Bluetooth: hci1: command tx timeout [ 153.426665] Bluetooth: hci3: command tx timeout [ 153.490669] Bluetooth: hci4: command tx timeout [ 153.618665] Bluetooth: hci5: command tx timeout VM DIAGNOSIS: 16:08:02 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=dffffc0000000000 RCX=ffffffff81a0eb7a RDX=ffff888034ad9bc0 RSI=ffffffff81a0eb88 RDI=0000000000000004 RBP=0000000000000200 RSP=ffff888037a2fa08 R8 =0000000000000000 R9 =ffffed100d9c8298 R10=000000000000005b R11=00000000000007e0 R12=0000000000000000 R13=000000000000005b R14=ffff88800e569e2c R15=ffff88800e569e00 RIP=ffffffff8171a408 RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005600d5c09498 CR3=0000000016160000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00005574d898933000005574d89a5c20 XMM06=00005574d89a5a100000000000000000 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000200000000000000020000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000007b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283f415 RDI=ffffffff886970a0 RBP=ffffffff88697060 RSP=ffff8880095dec90 R8 =0000000000000000 R9 =ffffed100176d046 R10=000000000000007b R11=3038383866666666 R12=000000000000007b R13=0000000000000010 R14=ffffffff88697060 R15=ffffffff8283f400 RIP=ffffffff8283f46d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f0130927000 CR3=000000001ab46000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000c000054930000000c000054750 XMM02=000000c0001586e0000000c0000662d0 XMM03=000000c000066190000000c000297fb0 XMM04=000000c000148090000000c000148060 XMM05=000000c0001480f0000000c0001480c0 XMM06=000000c000148150000000c000148120 XMM07=000000c000147760000000c00008f4d0 XMM08=000000c0001484b0000000c000148480 XMM09=000000c000148510000000c0001484e0 XMM10=000000c000148540000000c00008f530 XMM11=000000c0001485a0000000c000148570 XMM12=000000c000148600000000c0001485d0 XMM13=000000c000148660000000c000148630 XMM14=000000c0001486c0000000c000148690 XMM15=000000c0000e9080000000c0001486f0