Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:45339' (ECDSA) to the list of known hosts. 2025/01/28 16:09:05 fuzzer started 2025/01/28 16:09:05 dialing manager at localhost:40187 syzkaller login: [ 52.603763] cgroup: Unknown subsys name 'net' [ 52.718211] cgroup: Unknown subsys name 'cpuset' [ 52.754032] cgroup: Unknown subsys name 'rlimit' [ 58.067461] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/28 16:09:22 syscalls: 2217 2025/01/28 16:09:22 code coverage: enabled 2025/01/28 16:09:22 comparison tracing: enabled 2025/01/28 16:09:22 extra coverage: enabled 2025/01/28 16:09:22 setuid sandbox: enabled 2025/01/28 16:09:22 namespace sandbox: enabled 2025/01/28 16:09:22 Android sandbox: enabled 2025/01/28 16:09:22 fault injection: enabled 2025/01/28 16:09:22 leak checking: enabled 2025/01/28 16:09:22 net packet injection: enabled 2025/01/28 16:09:22 net device setup: enabled 2025/01/28 16:09:22 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/28 16:09:22 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/28 16:09:22 USB emulation: enabled 2025/01/28 16:09:22 hci packet injection: enabled 2025/01/28 16:09:22 wifi device emulation: enabled 2025/01/28 16:09:22 802.15.4 emulation: enabled 2025/01/28 16:09:22 fetching corpus: 0, signal 0/2000 (executing program) 2025/01/28 16:09:22 fetching corpus: 8, signal 4579/7461 (executing program) 2025/01/28 16:09:22 fetching corpus: 8, signal 4579/8884 (executing program) 2025/01/28 16:09:22 fetching corpus: 8, signal 4579/10356 (executing program) 2025/01/28 16:09:22 fetching corpus: 8, signal 4579/11776 (executing program) 2025/01/28 16:09:22 fetching corpus: 8, signal 4579/13206 (executing program) 2025/01/28 16:09:22 fetching corpus: 8, signal 4579/14643 (executing program) 2025/01/28 16:09:22 fetching corpus: 8, signal 4579/16036 (executing program) 2025/01/28 16:09:22 fetching corpus: 8, signal 4579/16116 (executing program) 2025/01/28 16:09:22 fetching corpus: 8, signal 4579/16116 (executing program) 2025/01/28 16:09:26 starting 8 fuzzer processes 16:09:26 executing program 0: fsmount(0xffffffffffffffff, 0x0, 0x3157908cda13f49) 16:09:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x3c, 0x0, &(0x7f0000000140)=0x47) 16:09:26 executing program 2: openat$pidfd(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpid() clone3(&(0x7f0000000540)={0x4000300, 0x0, 0x0, 0x0, {}, &(0x7f0000000400)=""/9, 0x9, 0x0, &(0x7f0000000500)=[r0], 0x1}, 0x58) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001c80), 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000004700), 0x450a01, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 73.493611] audit: type=1400 audit(1738080566.707:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 16:09:26 executing program 3: write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_mount_image$nfs(&(0x7f0000000400), &(0x7f0000000440)='./file0\x00', 0x0, 0x1, &(0x7f0000000700)=[{&(0x7f0000000480)="a3", 0x1}], 0x0, &(0x7f0000000780)) utimes(&(0x7f0000000840)='./file0\x00', &(0x7f0000000880)={{}, {0x0, 0x2710}}) 16:09:26 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000001500)={0x1, &(0x7f00000014c0)=[{}]}) 16:09:26 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) connect$netlink(r0, &(0x7f0000000080)=@unspec, 0xc) 16:09:26 executing program 6: openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x140, 0x0) 16:09:26 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x0, 0x0}) [ 74.896762] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.901006] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.905782] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.916811] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.922100] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 74.924538] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.959077] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.965545] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.967788] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.979462] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.982981] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 74.985026] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.023193] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.036734] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.049733] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.066274] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.072198] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 75.075762] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.080010] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 75.082223] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.087645] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.093771] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.099739] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 75.105039] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 75.107098] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 75.111738] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 75.113981] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 75.115288] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 75.118502] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 75.120926] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 75.124892] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 75.131722] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 75.134395] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.136084] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 75.136900] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.138031] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 75.138860] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 75.141213] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 75.143291] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 75.180021] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 75.186481] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.198705] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 75.200494] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.201959] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 75.207551] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.243098] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 75.302155] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 75.307671] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.975656] Bluetooth: hci0: command tx timeout [ 77.039716] Bluetooth: hci1: command tx timeout [ 77.167512] Bluetooth: hci7: command tx timeout [ 77.168122] Bluetooth: hci6: command tx timeout [ 77.231441] Bluetooth: hci2: command tx timeout [ 77.295473] Bluetooth: hci5: command tx timeout [ 77.295513] Bluetooth: hci3: command tx timeout [ 77.359714] Bluetooth: hci4: command tx timeout [ 79.023396] Bluetooth: hci0: command tx timeout [ 79.087393] Bluetooth: hci1: command tx timeout [ 79.215416] Bluetooth: hci7: command tx timeout [ 79.215437] Bluetooth: hci6: command tx timeout [ 79.279600] Bluetooth: hci2: command tx timeout [ 79.344246] Bluetooth: hci3: command tx timeout [ 79.344753] Bluetooth: hci5: command tx timeout [ 79.408402] Bluetooth: hci4: command tx timeout [ 81.071437] Bluetooth: hci0: command tx timeout [ 81.135881] Bluetooth: hci1: command tx timeout [ 81.264488] Bluetooth: hci6: command tx timeout [ 81.264951] Bluetooth: hci7: command tx timeout [ 81.327419] Bluetooth: hci2: command tx timeout [ 81.391407] Bluetooth: hci5: command tx timeout [ 81.391854] Bluetooth: hci3: command tx timeout [ 81.455590] Bluetooth: hci4: command tx timeout [ 83.119411] Bluetooth: hci0: command tx timeout [ 83.185356] Bluetooth: hci1: command tx timeout [ 83.311591] Bluetooth: hci7: command tx timeout [ 83.312112] Bluetooth: hci6: command tx timeout [ 83.375496] Bluetooth: hci2: command tx timeout [ 83.441365] Bluetooth: hci3: command tx timeout [ 83.441406] Bluetooth: hci5: command tx timeout [ 83.503519] Bluetooth: hci4: command tx timeout [ 131.534217] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.535020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.609900] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.611003] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.917582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.918240] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.294210] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.294919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.552530] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.553213] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.864244] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.865964] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.113969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.114671] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 16:10:26 executing program 6: openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x140, 0x0) [ 133.354284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.354971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 16:10:26 executing program 6: openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x140, 0x0) 16:10:26 executing program 6: openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x140, 0x0) 16:10:27 executing program 6: openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) clone3(&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f0000000400)=""/9, 0x9, &(0x7f0000000440)=""/162, &(0x7f0000000500)=[0x0], 0x1}, 0x58) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000001c40)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x450a01, 0x0) 16:10:27 executing program 6: openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) clone3(&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f0000000400)=""/9, 0x9, &(0x7f0000000440)=""/162, &(0x7f0000000500)=[0x0], 0x1}, 0x58) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000001c40)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x450a01, 0x0) [ 134.139926] [ 134.140127] ====================================================== [ 134.140639] WARNING: possible circular locking dependency detected [ 134.141140] 6.13.0-next-20250128 #1 Not tainted [ 134.141539] ------------------------------------------------------ [ 134.145470] kworker/u8:0/11 is trying to acquire lock: [ 134.145904] ffffffff8621d9a8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 134.146772] [ 134.146772] but task is already holding lock: [ 134.147251] ffff888018f00768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 134.148081] [ 134.148081] which lock already depends on the new lock. [ 134.148081] [ 134.148735] [ 134.148735] the existing dependency chain (in reverse order) is: [ 134.149337] [ 134.149337] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 134.149911] __mutex_lock+0x13d/0xb50 [ 134.150313] wiphy_register+0x1b2e/0x25d0 [ 134.150739] ieee80211_register_hw+0x23a4/0x3d60 [ 134.151205] mac80211_hwsim_new_radio+0x2759/0x4d60 [ 134.151693] init_mac80211_hwsim+0x389/0x870 [ 134.152157] do_one_initcall+0xf9/0x640 [ 134.152578] kernel_init_freeable+0x53d/0x7a0 [ 134.153035] kernel_init+0x1e/0x2d0 [ 134.153401] ret_from_fork+0x48/0x80 [ 134.153770] ret_from_fork_asm+0x1a/0x30 [ 134.154190] [ 134.154190] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 134.154719] __lock_acquire+0x29fd/0x4580 [ 134.155136] lock_acquire+0x19b/0x520 [ 134.155525] __mutex_lock+0x13d/0xb50 [ 134.155931] unregister_netdevice_many_notify+0x1612/0x1c80 [ 134.156464] unregister_netdevice_queue+0x224/0x2e0 [ 134.156941] _cfg80211_unregister_wdev+0x57b/0x700 [ 134.157425] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 134.157901] ieee80211_unregister_hw+0x55/0x3a0 [ 134.158358] hwsim_exit_net+0x3a0/0x730 [ 134.158761] ops_exit_list+0xb3/0x180 [ 134.159149] cleanup_net+0x546/0xad0 [ 134.159530] process_one_work+0x8ee/0x1a10 [ 134.159977] worker_thread+0x674/0xe70 [ 134.160386] kthread+0x3ab/0x720 [ 134.160752] ret_from_fork+0x48/0x80 [ 134.161125] ret_from_fork_asm+0x1a/0x30 [ 134.161549] [ 134.161549] other info that might help us debug this: [ 134.161549] [ 134.162189] Possible unsafe locking scenario: [ 134.162189] [ 134.162679] CPU0 CPU1 [ 134.163069] ---- ---- [ 134.163459] lock(&rdev->wiphy.mtx); [ 134.163806] lock(rtnl_mutex); [ 134.164314] lock(&rdev->wiphy.mtx); [ 134.164851] lock(rtnl_mutex); [ 134.165158] [ 134.165158] *** DEADLOCK *** [ 134.165158] [ 134.165655] 4 locks held by kworker/u8:0/11: [ 134.166029] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 134.166890] #1: ffff8880095dfd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 134.167720] #2: ffffffff862119d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 134.168503] #3: ffff888018f00768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 134.169367] [ 134.169367] stack backtrace: [ 134.169741] CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-next-20250128 #1 [ 134.169778] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 134.169800] Workqueue: netns cleanup_net [ 134.169841] Call Trace: [ 134.169850] [ 134.169861] dump_stack_lvl+0xca/0x120 [ 134.169919] print_circular_bug+0x47b/0x750 [ 134.169965] check_noncircular+0x2e9/0x3c0 [ 134.170007] ? __pfx_check_noncircular+0x10/0x10 [ 134.170050] ? hlock_class+0x4e/0x130 [ 134.170079] ? srso_return_thunk+0x5/0x5f [ 134.170135] ? mark_lock+0xac/0xed0 [ 134.170178] ? lockdep_lock+0xba/0x1b0 [ 134.170235] ? __pfx_lockdep_lock+0x10/0x10 [ 134.170297] __lock_acquire+0x29fd/0x4580 [ 134.170355] ? __pfx___lock_acquire+0x10/0x10 [ 134.170398] ? lock_release+0x20f/0x6f0 [ 134.170441] ? __pfx_lock_release+0x10/0x10 [ 134.170484] ? srso_return_thunk+0x5/0x5f [ 134.170543] lock_acquire+0x19b/0x520 [ 134.170586] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 134.170635] ? __pfx_lock_acquire+0x10/0x10 [ 134.170680] ? __pfx_lock_release+0x10/0x10 [ 134.170722] ? __pfx_try_to_wake_up+0x10/0x10 [ 134.170766] ? srso_return_thunk+0x5/0x5f [ 134.170821] ? lock_is_held_type+0x9e/0x120 [ 134.170876] ? srso_return_thunk+0x5/0x5f [ 134.170935] __mutex_lock+0x13d/0xb50 [ 134.170987] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 134.171032] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 134.171078] ? srso_return_thunk+0x5/0x5f [ 134.171133] ? synchronize_rcu_expedited+0x38a/0x420 [ 134.171177] ? __pfx___mutex_lock+0x10/0x10 [ 134.171231] ? srso_return_thunk+0x5/0x5f [ 134.171288] ? srso_return_thunk+0x5/0x5f [ 134.171343] ? kasan_quarantine_put+0x84/0x1e0 [ 134.171404] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 134.171439] ? srso_return_thunk+0x5/0x5f [ 134.171498] unregister_netdevice_many_notify+0x1612/0x1c80 [ 134.171543] ? __virt_addr_valid+0x2e8/0x5d0 [ 134.171596] ? __pfx_lock_release+0x10/0x10 [ 134.171641] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 134.171686] ? find_held_lock+0x2c/0x110 [ 134.171744] ? srso_return_thunk+0x5/0x5f [ 134.171801] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 134.171862] ? srso_return_thunk+0x5/0x5f [ 134.171925] ? lock_release+0x20f/0x6f0 [ 134.171969] ? __pfx_lock_release+0x10/0x10 [ 134.172012] ? srso_return_thunk+0x5/0x5f [ 134.172067] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 134.172114] ? srso_return_thunk+0x5/0x5f [ 134.172174] unregister_netdevice_queue+0x224/0x2e0 [ 134.172218] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 134.172261] ? up_write+0x195/0x520 [ 134.172316] _cfg80211_unregister_wdev+0x57b/0x700 [ 134.172368] ? srso_return_thunk+0x5/0x5f [ 134.172427] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 134.172465] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 134.172504] ? srso_return_thunk+0x5/0x5f [ 134.172559] ? srso_return_thunk+0x5/0x5f [ 134.172614] ? synchronize_rcu+0x1ff/0x260 [ 134.172657] ieee80211_unregister_hw+0x55/0x3a0 [ 134.172701] hwsim_exit_net+0x3a0/0x730 [ 134.172743] ? __pfx_hwsim_exit_net+0x10/0x10 [ 134.172783] ? srso_return_thunk+0x5/0x5f [ 134.172838] ? netdev_run_todo+0x788/0x1040 [ 134.172887] ? __pfx_hwsim_exit_net+0x10/0x10 [ 134.172930] ops_exit_list+0xb3/0x180 [ 134.172972] cleanup_net+0x546/0xad0 [ 134.173016] ? __pfx_cleanup_net+0x10/0x10 [ 134.173069] process_one_work+0x8ee/0x1a10 [ 134.173134] ? __pfx_lock_acquire+0x10/0x10 [ 134.173179] ? __pfx_process_one_work+0x10/0x10 [ 134.173237] ? srso_return_thunk+0x5/0x5f [ 134.173292] ? move_linked_works+0x172/0x270 [ 134.173336] ? srso_return_thunk+0x5/0x5f [ 134.173391] ? assign_work+0x196/0x240 [ 134.173449] worker_thread+0x674/0xe70 [ 134.173506] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 134.173558] ? __pfx_worker_thread+0x10/0x10 [ 134.173617] kthread+0x3ab/0x720 [ 134.173669] ? __pfx_kthread+0x10/0x10 [ 134.173720] ? srso_return_thunk+0x5/0x5f [ 134.173775] ? finish_task_switch.isra.0+0x206/0x840 [ 134.173826] ? __pfx_kthread+0x10/0x10 [ 134.173880] ret_from_fork+0x48/0x80 [ 134.173911] ? __pfx_kthread+0x10/0x10 [ 134.173963] ret_from_fork_asm+0x1a/0x30 [ 134.174029] 16:10:27 executing program 6: openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) clone3(&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f0000000400)=""/9, 0x9, &(0x7f0000000440)=""/162, &(0x7f0000000500)=[0x0], 0x1}, 0x58) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000001c40)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x450a01, 0x0) 16:10:27 executing program 6: openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) clone3(&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f0000000400)=""/9, 0x9, &(0x7f0000000440)=""/162, &(0x7f0000000500)=[0x0], 0x1}, 0x58) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000001c40)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x450a01, 0x0) 16:10:28 executing program 6: openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) clone3(&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f0000000400)=""/9, 0x9, &(0x7f0000000440)=""/162, &(0x7f0000000500)=[0x0], 0x1}, 0x58) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000001c40)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x450a01, 0x0) [ 136.952249] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 136.957618] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 136.959664] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 136.963648] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 136.970078] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 136.973096] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 137.048877] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 137.051134] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 137.053787] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 137.059717] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 137.063004] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 137.065640] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 137.103523] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 137.108199] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 137.110132] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 137.115601] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 137.118610] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 137.120623] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 137.170070] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 137.172935] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 137.175876] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 137.186587] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 137.189102] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 137.193910] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 137.231763] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 137.234998] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 137.245170] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 137.253593] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 137.257240] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 137.262465] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 137.311079] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 137.323764] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 137.331853] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 137.333769] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 137.339954] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 137.378680] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 137.389818] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 137.391469] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 137.393908] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 137.403626] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 137.405706] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 137.414711] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 138.991398] Bluetooth: hci0: command tx timeout [ 139.119927] Bluetooth: hci1: command tx timeout [ 139.183560] Bluetooth: hci3: command tx timeout [ 139.247371] Bluetooth: hci4: command tx timeout [ 139.503402] Bluetooth: hci5: command tx timeout [ 139.697331] Bluetooth: hci7: command tx timeout [ 139.888347] Bluetooth: hci6: command tx timeout [ 141.039472] Bluetooth: hci0: command tx timeout [ 141.167375] Bluetooth: hci1: command tx timeout [ 141.231505] Bluetooth: hci3: command tx timeout [ 141.295488] Bluetooth: hci4: command tx timeout [ 141.553524] Bluetooth: hci5: command tx timeout [ 141.743339] Bluetooth: hci7: command tx timeout [ 141.935421] Bluetooth: hci6: command tx timeout [ 143.087348] Bluetooth: hci0: command tx timeout [ 143.216408] Bluetooth: hci1: command tx timeout [ 143.279461] Bluetooth: hci3: command tx timeout [ 143.344454] Bluetooth: hci4: command tx timeout [ 143.600503] Bluetooth: hci5: command tx timeout [ 143.792355] Bluetooth: hci7: command tx timeout [ 143.984386] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 16:10:27 Registers: info registers vcpu 0 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283f415 RDI=ffffffff886970a0 RBP=ffffffff88697060 RSP=ffff8880095ded20 R8 =0000000000000000 R9 =ffffed1001d92046 R10=000000000000002d R11=2d2d2d2d2d2d2d2d R12=000000000000002d R13=0000000000000010 R14=ffffffff88697060 R15=ffffffff8283f400 RIP=ffffffff8283f46d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055c1d35ebe38 CR3=000000003a34c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=0000000000000001000055c177643150 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=000055c177692580000055c177648df0 XMM06=000055c1776053300000000000000000 XMM07=00000000000000000000000000000000 XMM08=20202020203a657a697320656c696600 XMM09=00000000000000000000000000000000 XMM10=00000000200020000000000020000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=fbffffffffffffbf RBX=0000000000000008 RCX=ffffffff819b03be RDX=ffff888015b61bc0 RSI=ffffffff819b03c8 RDI=0000000000000007 RBP=0000000000000028 RSP=ffff888034ae7758 R8 =0000000000000000 R9 =fffff940001701b8 R10=0000000000000008 R11=0000000000000003 R12=ffffea0000b80dc0 R13=0000000000000000 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff819b03d2 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555633aa400 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff5c32183a4 CR3=0000000015f7e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=6e65706f0a3a36206d6172676f727020 XMM02=307830202c6339666666666666666666 XMM03=30303030303030663778302826283365 XMM04=246c74636f690a2938357830202c7d31 XMM05=3030303030663778302826202c323631 XMM06=3778302826202c397830202c392f2222 XMM07=2826202c7d7b202c307830202c307830 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000