Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:56264' (ECDSA) to the list of known hosts. 2025/01/18 15:03:56 fuzzer started 2025/01/18 15:03:56 dialing manager at localhost:44245 syzkaller login: [ 64.136925] cgroup: Unknown subsys name 'net' [ 64.227475] cgroup: Unknown subsys name 'cpuset' [ 64.256482] cgroup: Unknown subsys name 'rlimit' [ 70.164145] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/18 15:04:14 syscalls: 2217 2025/01/18 15:04:14 code coverage: enabled 2025/01/18 15:04:14 comparison tracing: enabled 2025/01/18 15:04:14 extra coverage: enabled 2025/01/18 15:04:14 setuid sandbox: enabled 2025/01/18 15:04:14 namespace sandbox: enabled 2025/01/18 15:04:14 Android sandbox: enabled 2025/01/18 15:04:14 fault injection: enabled 2025/01/18 15:04:14 leak checking: enabled 2025/01/18 15:04:14 net packet injection: enabled 2025/01/18 15:04:14 net device setup: enabled 2025/01/18 15:04:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/18 15:04:14 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/18 15:04:14 USB emulation: enabled 2025/01/18 15:04:14 hci packet injection: enabled 2025/01/18 15:04:14 wifi device emulation: enabled 2025/01/18 15:04:14 802.15.4 emulation: enabled 2025/01/18 15:04:14 fetching corpus: 0, signal 0/2000 (executing program) 2025/01/18 15:04:14 fetching corpus: 50, signal 31475/34271 (executing program) 2025/01/18 15:04:14 fetching corpus: 100, signal 39511/43267 (executing program) 2025/01/18 15:04:14 fetching corpus: 150, signal 45708/50257 (executing program) 2025/01/18 15:04:15 fetching corpus: 200, signal 50698/55972 (executing program) 2025/01/18 15:04:15 fetching corpus: 250, signal 56904/62488 (executing program) 2025/01/18 15:04:15 fetching corpus: 300, signal 60239/66300 (executing program) 2025/01/18 15:04:15 fetching corpus: 350, signal 66257/72293 (executing program) 2025/01/18 15:04:15 fetching corpus: 400, signal 69289/75553 (executing program) 2025/01/18 15:04:16 fetching corpus: 450, signal 72193/78613 (executing program) 2025/01/18 15:04:16 fetching corpus: 500, signal 75043/81523 (executing program) 2025/01/18 15:04:16 fetching corpus: 550, signal 78791/85022 (executing program) 2025/01/18 15:04:16 fetching corpus: 600, signal 81401/87488 (executing program) 2025/01/18 15:04:16 fetching corpus: 650, signal 83560/89561 (executing program) 2025/01/18 15:04:16 fetching corpus: 700, signal 87018/92508 (executing program) 2025/01/18 15:04:17 fetching corpus: 750, signal 88347/93811 (executing program) 2025/01/18 15:04:17 fetching corpus: 800, signal 90358/95538 (executing program) 2025/01/18 15:04:17 fetching corpus: 850, signal 91785/96792 (executing program) 2025/01/18 15:04:17 fetching corpus: 900, signal 94057/98514 (executing program) 2025/01/18 15:04:17 fetching corpus: 950, signal 95660/99778 (executing program) 2025/01/18 15:04:17 fetching corpus: 1000, signal 97837/101270 (executing program) 2025/01/18 15:04:18 fetching corpus: 1050, signal 98913/102085 (executing program) 2025/01/18 15:04:18 fetching corpus: 1100, signal 100489/103139 (executing program) 2025/01/18 15:04:18 fetching corpus: 1150, signal 101575/103840 (executing program) 2025/01/18 15:04:18 fetching corpus: 1200, signal 102997/104677 (executing program) 2025/01/18 15:04:18 fetching corpus: 1250, signal 104388/105473 (executing program) 2025/01/18 15:04:18 fetching corpus: 1264, signal 104923/105784 (executing program) 2025/01/18 15:04:18 fetching corpus: 1264, signal 104923/105821 (executing program) 2025/01/18 15:04:18 fetching corpus: 1264, signal 104923/105845 (executing program) 2025/01/18 15:04:18 fetching corpus: 1264, signal 104923/105876 (executing program) 2025/01/18 15:04:18 fetching corpus: 1264, signal 104923/105903 (executing program) 2025/01/18 15:04:18 fetching corpus: 1264, signal 104923/105930 (executing program) 2025/01/18 15:04:18 fetching corpus: 1264, signal 104923/105977 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106003 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106033 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106074 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106110 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106141 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106171 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106203 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106234 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106268 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106299 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106339 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106381 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106421 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106456 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106483 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106519 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106557 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106584 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106617 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106644 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106655 (executing program) 2025/01/18 15:04:19 fetching corpus: 1264, signal 104923/106655 (executing program) 2025/01/18 15:04:23 starting 8 fuzzer processes 15:04:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x1000000) 15:04:23 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/timers\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000002240)=""/4109, 0x100d}], 0x1, 0x0, 0x0) 15:04:23 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x15f) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x78) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) 15:04:23 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000180), &(0x7f0000000140)='./file0\x00', 0x0, 0x24, 0x0, 0x2a0822, &(0x7f0000000000)={[{@nr_inodes={'nr_inodes', 0x3d, [0xc538a3d6ea95e67d]}}]}) 15:04:23 executing program 4: syslog(0x3, 0x0, 0x0) syslog(0x4, 0x0, 0x0) syslog(0x4, &(0x7f00000015c0)=""/102400, 0x19000) syslog(0x9, &(0x7f0000000080)=""/84, 0x54) syslog(0x3, &(0x7f0000000100)=""/48, 0x30) syslog(0x9, 0x0, 0x0) syslog(0x2, &(0x7f0000001400)=""/193, 0xc1) syslog(0x0, 0x0, 0x0) syslog(0x3, &(0x7f0000000040), 0x0) [ 91.154183] audit: type=1400 audit(1737212663.943:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 15:04:23 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSWINSZ(r0, 0x5414, 0x0) 15:04:24 executing program 7: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x4000920) creat(&(0x7f00000001c0)='./file0/file0\x00', 0x0) r1 = inotify_init() inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0xe042, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40286608, 0x0) inotify_add_watch(r1, &(0x7f0000000140)='./file0/file0\x00', 0x4000000) creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) 15:04:24 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) ioctl$sock_SIOCINQ(r0, 0x5317, 0x0) [ 92.693497] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.694373] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.699838] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.701973] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.702906] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.705907] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.711539] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.713831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.720505] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 92.721228] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 92.723722] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.729121] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.745597] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 92.750229] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 92.751220] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 92.755584] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 92.755885] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 92.764950] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.766341] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 92.772922] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 92.778516] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 92.778646] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 92.783030] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 92.786530] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 92.788197] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 92.790814] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 92.791821] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 92.794760] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 92.800592] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.802592] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 92.813179] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 92.818828] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 92.820608] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 92.822342] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 92.830332] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 92.839625] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 92.844097] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 92.860903] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 92.861651] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 92.864054] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 92.865233] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 92.866681] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 92.922206] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 92.932741] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 92.937566] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 92.943832] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 92.956046] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 92.957992] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 94.769878] Bluetooth: hci0: command tx timeout [ 94.834762] Bluetooth: hci1: command tx timeout [ 94.897594] Bluetooth: hci5: command tx timeout [ 94.898174] Bluetooth: hci6: command tx timeout [ 94.898341] Bluetooth: hci2: command tx timeout [ 94.898505] Bluetooth: hci3: command tx timeout [ 94.898634] Bluetooth: hci4: command tx timeout [ 95.025506] Bluetooth: hci7: command tx timeout [ 96.817720] Bluetooth: hci0: command tx timeout [ 96.881750] Bluetooth: hci1: command tx timeout [ 96.945776] Bluetooth: hci4: command tx timeout [ 96.945921] Bluetooth: hci3: command tx timeout [ 96.946077] Bluetooth: hci2: command tx timeout [ 96.946190] Bluetooth: hci6: command tx timeout [ 96.946301] Bluetooth: hci5: command tx timeout [ 97.073728] Bluetooth: hci7: command tx timeout [ 98.866506] Bluetooth: hci0: command tx timeout [ 98.929485] Bluetooth: hci1: command tx timeout [ 98.995521] Bluetooth: hci5: command tx timeout [ 98.995700] Bluetooth: hci6: command tx timeout [ 98.995781] Bluetooth: hci2: command tx timeout [ 98.995831] Bluetooth: hci3: command tx timeout [ 98.995878] Bluetooth: hci4: command tx timeout [ 99.122423] Bluetooth: hci7: command tx timeout [ 100.913535] Bluetooth: hci0: command tx timeout [ 100.977465] Bluetooth: hci1: command tx timeout [ 101.041519] Bluetooth: hci4: command tx timeout [ 101.041611] Bluetooth: hci3: command tx timeout [ 101.041661] Bluetooth: hci2: command tx timeout [ 101.041709] Bluetooth: hci6: command tx timeout [ 101.041757] Bluetooth: hci5: command tx timeout [ 101.169603] Bluetooth: hci7: command tx timeout [ 155.386793] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 155.393517] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 155.399802] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 155.411294] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 155.419508] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 155.425895] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 155.510765] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 155.511464] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 155.513297] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 155.517950] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 155.520243] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 155.521645] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 155.584226] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 155.589859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 155.594294] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 155.598888] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 155.600945] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 155.604034] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 155.607041] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 155.607951] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 155.615298] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 155.619049] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 155.619810] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 155.623099] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 155.623555] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 155.635998] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 155.636784] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 155.644424] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 155.653835] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 155.661508] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 155.664961] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 155.665762] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 155.672648] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 155.673198] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 155.679847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 155.683082] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 155.701505] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 155.709660] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 155.721611] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 155.736904] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 155.737892] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 155.738524] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 155.833308] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 155.834537] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 155.835017] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 155.836706] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 155.837574] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 155.838030] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 157.490507] Bluetooth: hci0: command tx timeout [ 157.554428] Bluetooth: hci1: command tx timeout [ 157.745609] Bluetooth: hci2: command tx timeout [ 157.746151] Bluetooth: hci5: command tx timeout [ 157.746272] Bluetooth: hci3: command tx timeout [ 157.809723] Bluetooth: hci6: command tx timeout [ 157.810096] Bluetooth: hci4: command tx timeout [ 157.873516] Bluetooth: hci7: command tx timeout [ 159.537595] Bluetooth: hci0: command tx timeout [ 159.601702] Bluetooth: hci1: command tx timeout [ 159.794264] Bluetooth: hci3: command tx timeout [ 159.794621] Bluetooth: hci5: command tx timeout [ 159.794706] Bluetooth: hci2: command tx timeout [ 159.857462] Bluetooth: hci6: command tx timeout [ 159.857549] Bluetooth: hci4: command tx timeout [ 159.921647] Bluetooth: hci7: command tx timeout [ 161.587482] Bluetooth: hci0: command tx timeout [ 161.649560] Bluetooth: hci1: command tx timeout [ 161.841511] Bluetooth: hci2: command tx timeout [ 161.841623] Bluetooth: hci5: command tx timeout [ 161.841725] Bluetooth: hci3: command tx timeout [ 161.905457] Bluetooth: hci4: command tx timeout [ 161.905557] Bluetooth: hci6: command tx timeout [ 161.969453] Bluetooth: hci7: command tx timeout [ 163.633597] Bluetooth: hci0: command tx timeout [ 163.698043] Bluetooth: hci1: command tx timeout [ 163.889524] Bluetooth: hci3: command tx timeout [ 163.889634] Bluetooth: hci5: command tx timeout [ 163.889687] Bluetooth: hci2: command tx timeout [ 163.955520] Bluetooth: hci4: command tx timeout [ 163.955950] Bluetooth: hci6: command tx timeout [ 164.017462] Bluetooth: hci7: command tx timeout [ 216.402585] [ 216.402990] ====================================================== [ 216.404122] WARNING: possible circular locking dependency detected [ 216.405219] 6.13.0-rc7-next-20250117 #1 Not tainted [ 216.406614] ------------------------------------------------------ [ 216.409223] kworker/u8:1/66 is trying to acquire lock: [ 216.412065] ffffffff8621b968 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 216.415003] [ 216.415003] but task is already holding lock: [ 216.416001] ffff888030230768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 216.417716] [ 216.417716] which lock already depends on the new lock. [ 216.417716] [ 216.419066] [ 216.419066] the existing dependency chain (in reverse order) is: [ 216.420349] [ 216.420349] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 216.421551] __mutex_lock+0x13d/0xb50 [ 216.422374] wiphy_register+0x1b2e/0x25d0 [ 216.423253] ieee80211_register_hw+0x23a4/0x3d60 [ 216.424219] mac80211_hwsim_new_radio+0x2759/0x4d50 [ 216.425202] init_mac80211_hwsim+0x389/0x870 [ 216.426120] do_one_initcall+0xf9/0x640 [ 216.426962] kernel_init_freeable+0x53d/0x7a0 [ 216.427880] kernel_init+0x1e/0x2d0 [ 216.428634] ret_from_fork+0x48/0x80 [ 216.429384] ret_from_fork_asm+0x1a/0x30 [ 216.430238] [ 216.430238] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 216.431340] __lock_acquire+0x29fd/0x4580 [ 216.432234] lock_acquire+0x19b/0x520 [ 216.433035] __mutex_lock+0x13d/0xb50 [ 216.433855] unregister_netdevice_many_notify+0x1612/0x1c80 [ 216.434938] unregister_netdevice_queue+0x224/0x2e0 [ 216.435917] _cfg80211_unregister_wdev+0x57b/0x700 [ 216.436926] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 216.437896] ieee80211_unregister_hw+0x55/0x3a0 [ 216.438839] hwsim_exit_net+0x3a0/0x730 [ 216.439693] ops_exit_list+0xb3/0x180 [ 216.440505] cleanup_net+0x546/0xad0 [ 216.441316] process_one_work+0x8ee/0x1a10 [ 216.442209] worker_thread+0x674/0xe70 [ 216.443077] kthread+0x3ab/0x720 [ 216.443834] ret_from_fork+0x48/0x80 [ 216.444630] ret_from_fork_asm+0x1a/0x30 [ 216.445521] [ 216.445521] other info that might help us debug this: [ 216.445521] [ 216.446898] Possible unsafe locking scenario: [ 216.446898] [ 216.447925] CPU0 CPU1 [ 216.448780] ---- ---- [ 216.449564] lock(&rdev->wiphy.mtx); [ 216.450269] lock(rtnl_mutex); [ 216.451285] lock(&rdev->wiphy.mtx); [ 216.452425] lock(rtnl_mutex); [ 216.453078] [ 216.453078] *** DEADLOCK *** [ 216.453078] [ 216.454116] 4 locks held by kworker/u8:1/66: [ 216.454919] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 216.456745] #1: ffff88800ba2fd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 216.458502] #2: ffffffff8620f810 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 216.460178] #3: ffff888030230768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 216.462017] [ 216.462017] stack backtrace: [ 216.462802] CPU: 1 UID: 0 PID: 66 Comm: kworker/u8:1 Not tainted 6.13.0-rc7-next-20250117 #1 [ 216.464342] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 216.465788] Workqueue: netns cleanup_net [ 216.466550] Call Trace: [ 216.467018] [ 216.467432] dump_stack_lvl+0xca/0x120 [ 216.468176] print_circular_bug+0x47b/0x750 [ 216.468938] check_noncircular+0x2e9/0x3c0 [ 216.469690] ? __pfx_check_noncircular+0x10/0x10 [ 216.470513] ? hlock_class+0x4e/0x130 [ 216.471171] ? mark_lock+0xac/0xed0 [ 216.471823] ? srso_return_thunk+0x5/0x5f [ 216.472600] ? dl_scaled_delta_exec+0xd4/0x2c0 [ 216.473405] ? lockdep_lock+0xba/0x1b0 [ 216.474132] ? __pfx_lockdep_lock+0x10/0x10 [ 216.474953] __lock_acquire+0x29fd/0x4580 [ 216.475753] ? __pfx___lock_acquire+0x10/0x10 [ 216.476676] ? lock_release+0x20f/0x6f0 [ 216.477630] ? __pfx_lock_release+0x10/0x10 [ 216.478538] lock_acquire+0x19b/0x520 [ 216.479258] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 216.480341] ? __pfx_lock_acquire+0x10/0x10 [ 216.481198] ? srso_return_thunk+0x5/0x5f [ 216.481969] ? lock_release+0x20f/0x6f0 [ 216.482729] ? srso_return_thunk+0x5/0x5f [ 216.483515] ? lock_is_held_type+0x9e/0x120 [ 216.484345] ? srso_return_thunk+0x5/0x5f [ 216.485142] __mutex_lock+0x13d/0xb50 [ 216.485876] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 216.486922] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 216.487966] ? srso_return_thunk+0x5/0x5f [ 216.488774] ? synchronize_rcu_expedited+0x38a/0x420 [ 216.489690] ? __pfx___mutex_lock+0x10/0x10 [ 216.490506] ? __pfx_autoremove_wake_function+0x10/0x10 [ 216.491488] ? srso_return_thunk+0x5/0x5f [ 216.492291] ? kasan_quarantine_put+0x84/0x1e0 [ 216.493188] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 216.494013] ? srso_return_thunk+0x5/0x5f [ 216.494805] unregister_netdevice_many_notify+0x1612/0x1c80 [ 216.495820] ? __virt_addr_valid+0x2e8/0x5d0 [ 216.496672] ? __pfx_lock_release+0x10/0x10 [ 216.497481] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 216.498598] ? find_held_lock+0x2c/0x110 [ 216.499420] ? srso_return_thunk+0x5/0x5f [ 216.500260] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 216.501214] ? srso_return_thunk+0x5/0x5f [ 216.502034] ? lock_release+0x20f/0x6f0 [ 216.502764] ? __pfx_lock_release+0x10/0x10 [ 216.503578] ? srso_return_thunk+0x5/0x5f [ 216.504413] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 216.505394] ? srso_return_thunk+0x5/0x5f [ 216.506241] unregister_netdevice_queue+0x224/0x2e0 [ 216.507187] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 216.508179] ? up_write+0x195/0x520 [ 216.508867] _cfg80211_unregister_wdev+0x57b/0x700 [ 216.509746] ? srso_return_thunk+0x5/0x5f [ 216.510512] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 216.511416] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 216.512393] ? srso_return_thunk+0x5/0x5f [ 216.513156] ? srso_return_thunk+0x5/0x5f [ 216.513931] ? synchronize_rcu+0x1ff/0x260 [ 216.514705] ieee80211_unregister_hw+0x55/0x3a0 [ 216.515579] hwsim_exit_net+0x3a0/0x730 [ 216.516328] ? __pfx_hwsim_exit_net+0x10/0x10 [ 216.517130] ? srso_return_thunk+0x5/0x5f [ 216.517889] ? netdev_run_todo+0x788/0x1040 [ 216.518659] ? srso_return_thunk+0x5/0x5f [ 216.519446] ? __pfx_hwsim_exit_net+0x10/0x10 [ 216.520279] ops_exit_list+0xb3/0x180 [ 216.520981] cleanup_net+0x546/0xad0 [ 216.521670] ? __pfx_cleanup_net+0x10/0x10 [ 216.522474] process_one_work+0x8ee/0x1a10 [ 216.523289] ? __pfx_lock_acquire+0x10/0x10 [ 216.524060] ? __pfx_process_one_work+0x10/0x10 [ 216.524926] ? srso_return_thunk+0x5/0x5f [ 216.525696] ? move_linked_works+0x172/0x270 [ 216.526482] ? srso_return_thunk+0x5/0x5f [ 216.527247] ? assign_work+0x196/0x240 [ 216.527992] worker_thread+0x674/0xe70 [ 216.528767] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 216.529706] ? srso_return_thunk+0x5/0x5f [ 216.530475] ? __pfx_worker_thread+0x10/0x10 [ 216.531315] kthread+0x3ab/0x720 [ 216.531977] ? __pfx_kthread+0x10/0x10 [ 216.532711] ? srso_return_thunk+0x5/0x5f [ 216.533478] ? finish_task_switch.isra.0+0x206/0x840 [ 216.534378] ? __pfx_kthread+0x10/0x10 [ 216.535102] ret_from_fork+0x48/0x80 [ 216.535755] ? __pfx_kthread+0x10/0x10 [ 216.536477] ret_from_fork_asm+0x1a/0x30 [ 216.537245] [ 217.852657] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 217.856744] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 217.862786] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 217.868632] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 217.875719] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 217.876657] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 218.179229] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 218.183701] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 218.186596] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 218.191713] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 218.198503] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 218.198749] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 218.201935] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 218.207646] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 218.209797] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 218.218915] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 218.226206] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 218.229919] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 218.244555] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 218.255530] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 218.281625] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 218.288709] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 218.298116] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 218.302687] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 218.306976] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 218.320412] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 218.321860] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 218.323137] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 218.327296] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 218.329852] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 218.331230] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 218.376035] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 218.380956] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 218.417641] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 218.418115] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 218.425664] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 218.432017] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 218.438687] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 218.440973] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 218.445169] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 218.447106] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 218.450730] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 218.558594] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 218.560120] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 218.560993] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 218.566505] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 218.570707] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 218.573692] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 219.889757] Bluetooth: hci0: command tx timeout [ 220.274457] Bluetooth: hci1: command tx timeout [ 220.274541] Bluetooth: hci2: command tx timeout [ 220.401447] Bluetooth: hci3: command tx timeout [ 220.465789] Bluetooth: hci5: command tx timeout [ 220.530423] Bluetooth: hci6: command tx timeout [ 220.530504] Bluetooth: hci4: command tx timeout [ 220.850521] Bluetooth: hci7: command tx timeout [ 221.938396] Bluetooth: hci0: command tx timeout [ 222.322424] Bluetooth: hci1: command tx timeout [ 222.322513] Bluetooth: hci2: command tx timeout [ 222.449448] Bluetooth: hci3: command tx timeout [ 222.514432] Bluetooth: hci5: command tx timeout [ 222.577483] Bluetooth: hci4: command tx timeout [ 222.577692] Bluetooth: hci6: command tx timeout [ 222.897632] Bluetooth: hci7: command tx timeout [ 223.986423] Bluetooth: hci0: command tx timeout [ 224.369479] Bluetooth: hci2: command tx timeout [ 224.370063] Bluetooth: hci1: command tx timeout [ 224.498401] Bluetooth: hci3: command tx timeout [ 224.562296] Bluetooth: hci5: command tx timeout [ 224.626392] Bluetooth: hci6: command tx timeout [ 224.626459] Bluetooth: hci4: command tx timeout [ 224.946401] Bluetooth: hci7: command tx timeout [ 226.034420] Bluetooth: hci0: command tx timeout VM DIAGNOSIS: 15:06:29 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=1ffff11001e03f98 RCX=ffffffff81502cd7 RDX=0000000000000000 RSI=0000000000000008 RDI=ffffffff864021d0 RBP=0000000000000001 RSP=ffff88800f01fca8 R8 =0000000000000000 R9 =fffffbfff0c8043a R10=ffffffff864021d7 R11=ffff88800f0104b8 R12=0000000000000000 R13=0000000000000000 R14=ffff888009c664b8 R15=0000000000000001 RIP=ffffffff81502cdb RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000557944183010 CR3=000000000beca000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=000000c0004ebac0000000c000a28c80 XMM04=000000c0006a9e80000000c0006a9c80 XMM05=000000c000742120000000c0007420c0 XMM06=000000c000a135a0000000c000a13560 XMM07=000000c000a136a0000000c000a13600 XMM08=000000c0007d2840000000c0008e2dc0 XMM09=000000c000829a00000000c000741ac0 XMM10=000000c000a29e00000000c00057ffc0 XMM11=000000c0007382c0000000c000738000 XMM12=000000c000739040000000c000738e40 XMM13=000000c000739840000000c000739680 XMM14=000000c0007c68c0000000c0007c6080 XMM15=000000c0007ea720000000c0009e6a20 info registers vcpu 1 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283cdc5 RDI=ffffffff886930a0 RBP=ffffffff88693060 RSP=ffff88800ba2eb28 R8 =0000000000000001 R9 =ffffed1001745d55 R10=0000000000000066 R11=6666666666666666 R12=0000000000000066 R13=0000000000000001 R14=ffff888008fea015 R15=ffff88800ba2ee28 RIP=ffffffff8283ce1d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f707d2ae270 CR3=000000000beca000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000004183fc5400000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000