Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:15095' (ECDSA) to the list of known hosts. 2025/01/18 17:10:01 fuzzer started 2025/01/18 17:10:02 dialing manager at localhost:44245 syzkaller login: [ 60.993012] cgroup: Unknown subsys name 'net' [ 61.078697] cgroup: Unknown subsys name 'cpuset' [ 61.111001] cgroup: Unknown subsys name 'rlimit' [ 68.755594] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 78.838038] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/18 17:10:20 syscalls: 2217 2025/01/18 17:10:20 code coverage: enabled 2025/01/18 17:10:20 comparison tracing: enabled 2025/01/18 17:10:20 extra coverage: enabled 2025/01/18 17:10:20 setuid sandbox: enabled 2025/01/18 17:10:20 namespace sandbox: enabled 2025/01/18 17:10:20 Android sandbox: enabled 2025/01/18 17:10:20 fault injection: enabled 2025/01/18 17:10:20 leak checking: enabled 2025/01/18 17:10:20 net packet injection: enabled 2025/01/18 17:10:20 net device setup: enabled 2025/01/18 17:10:20 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/18 17:10:20 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/18 17:10:20 USB emulation: enabled 2025/01/18 17:10:20 hci packet injection: enabled 2025/01/18 17:10:20 wifi device emulation: enabled 2025/01/18 17:10:20 802.15.4 emulation: enabled 2025/01/18 17:10:20 fetching corpus: 0, signal 0/2000 (executing program) 2025/01/18 17:10:20 fetching corpus: 50, signal 26713/29700 (executing program) 2025/01/18 17:10:20 fetching corpus: 100, signal 36125/40130 (executing program) 2025/01/18 17:10:20 fetching corpus: 150, signal 44336/49030 (executing program) 2025/01/18 17:10:21 fetching corpus: 200, signal 50318/55639 (executing program) 2025/01/18 17:10:21 fetching corpus: 250, signal 57361/62937 (executing program) 2025/01/18 17:10:21 fetching corpus: 300, signal 61195/67150 (executing program) 2025/01/18 17:10:21 fetching corpus: 350, signal 64783/71089 (executing program) 2025/01/18 17:10:21 fetching corpus: 400, signal 68584/75044 (executing program) 2025/01/18 17:10:21 fetching corpus: 450, signal 72331/78816 (executing program) 2025/01/18 17:10:21 fetching corpus: 500, signal 75269/81833 (executing program) 2025/01/18 17:10:21 fetching corpus: 550, signal 78712/85104 (executing program) 2025/01/18 17:10:22 fetching corpus: 600, signal 81861/88007 (executing program) 2025/01/18 17:10:22 fetching corpus: 650, signal 83725/89827 (executing program) 2025/01/18 17:10:22 fetching corpus: 700, signal 85747/91703 (executing program) 2025/01/18 17:10:22 fetching corpus: 750, signal 87265/93181 (executing program) 2025/01/18 17:10:22 fetching corpus: 800, signal 89786/95244 (executing program) 2025/01/18 17:10:22 fetching corpus: 850, signal 91590/96815 (executing program) 2025/01/18 17:10:22 fetching corpus: 900, signal 94225/98781 (executing program) 2025/01/18 17:10:23 fetching corpus: 950, signal 95525/99829 (executing program) 2025/01/18 17:10:23 fetching corpus: 1000, signal 97260/101057 (executing program) 2025/01/18 17:10:23 fetching corpus: 1050, signal 98353/101844 (executing program) 2025/01/18 17:10:23 fetching corpus: 1100, signal 99675/102730 (executing program) 2025/01/18 17:10:23 fetching corpus: 1150, signal 101144/103684 (executing program) 2025/01/18 17:10:23 fetching corpus: 1200, signal 103514/105060 (executing program) 2025/01/18 17:10:23 fetching corpus: 1250, signal 104553/105643 (executing program) 2025/01/18 17:10:23 fetching corpus: 1266, signal 104934/105851 (executing program) 2025/01/18 17:10:23 fetching corpus: 1266, signal 104934/105887 (executing program) 2025/01/18 17:10:23 fetching corpus: 1266, signal 104934/105913 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/105947 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/105977 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106006 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106030 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106061 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106095 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106129 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106158 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106187 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106228 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106253 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106291 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106322 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106361 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106386 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106418 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106452 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106482 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106514 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106550 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106580 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106605 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106626 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106659 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106667 (executing program) 2025/01/18 17:10:24 fetching corpus: 1266, signal 104934/106667 (executing program) 2025/01/18 17:10:28 starting 8 fuzzer processes 17:10:28 executing program 0: mlock2(&(0x7f0000fef000/0x1000)=nil, 0x1000, 0x0) mlock(&(0x7f0000ffb000/0x1000)=nil, 0x1000) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x10) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ff7000/0x1000)=nil) 17:10:28 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000080)={0x200017e}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) 17:10:28 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xe042, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40286608, &(0x7f0000000080)=0x40000000000019) 17:10:28 executing program 3: clone3(&(0x7f0000000600)={0x1082840, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 87.030163] audit: type=1400 audit(1737220228.405:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 17:10:28 executing program 4: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x44b43, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x80081270, &(0x7f00000015c0)) 17:10:28 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req={0x8000, 0x1, 0x1200000}, 0x10) 17:10:28 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8992, &(0x7f0000000040)={'wlan1\x00', @ifru_map}) 17:10:28 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x8, &(0x7f0000000240)) io_setup(0x1, &(0x7f0000000380)) finit_module(0xffffffffffffffff, 0x0, 0x0) r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLK\xa4g?K)\xa0\xf0\x9b8Y\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x05\x00\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\xff#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x80L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x04\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\x01\x00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xee\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\x01\x01\x00\x00\x00\x00\x00\x00\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/\\\x01\xe2\xba\x0e\xe3\xf95\x1d\x10\xa7\x97\xbf\x8e\xac\x81\xc9\x13\x8e\xb3\xf3\xb5d\xa1\xcf\x1d\x92\x9b\x9b\xa7\x12F\xa0\xe0\xff\x1a\x8e\xe2ae^=\n\xe1\xa6\xb8\xe9v\x8f2\xf4\xac\xe5\xdf\xffi`Mo\x1e\x1cMN<\x1b\xd8\xfe\xd6P\xcdQ\x83\xfa\xe7\x1d\xd5\x01n\xa7~\x8b\x90/62\xff;.S\xf7\x0flwa\x16\xf0\xf2(\x96V,\xd7s\xaaOE\xd3H\xfd`}\xd8\xbc\x9a\xca\xe3\n\xd7fCe\xd8\xbb\xdao\xb0\x85\xcc\xedv\x94\xb5\xc4\xb6[>\xb9,\xfch_-s\x94,F\x15\xd8m5>\x94\x84\xf5\x00\xc3\xf6m\xc7B\t{\xe0d\xc65(\x18\x9c\xad\x13b6\xca\x16\x95\xcb^zF\xd0\x1a\x8dP\x94\x19\xa4\xbfr=\xb6\xae', 0x7) ftruncate(r0, 0x2000000) finit_module(r0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x40000, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) io_pgetevents(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 88.495318] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.496263] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.498222] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.501093] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.503258] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 88.504464] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.571630] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.576579] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.580976] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.590761] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.597961] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.599832] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 88.601362] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.601712] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.617081] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.626605] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.633816] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 88.636390] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 88.640456] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 88.645487] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.659380] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.662483] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.675306] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 88.676501] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.678625] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 88.678823] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.681054] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.682188] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 88.683161] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 88.685077] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 88.685581] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.689338] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.692776] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.707578] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.711982] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 88.721647] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.745778] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 88.748092] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 88.750998] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 88.757428] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 88.761232] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 88.765372] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 88.770828] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 88.772386] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 88.784408] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 88.808488] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 88.813636] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 88.818396] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 90.592484] Bluetooth: hci0: command tx timeout [ 90.656197] Bluetooth: hci1: command tx timeout [ 90.784269] Bluetooth: hci3: command tx timeout [ 90.784467] Bluetooth: hci5: command tx timeout [ 90.784584] Bluetooth: hci2: command tx timeout [ 90.848301] Bluetooth: hci7: command tx timeout [ 90.848927] Bluetooth: hci4: command tx timeout [ 90.912408] Bluetooth: hci6: command tx timeout [ 92.641187] Bluetooth: hci0: command tx timeout [ 92.704195] Bluetooth: hci1: command tx timeout [ 92.833301] Bluetooth: hci2: command tx timeout [ 92.833949] Bluetooth: hci5: command tx timeout [ 92.834570] Bluetooth: hci3: command tx timeout [ 92.896225] Bluetooth: hci7: command tx timeout [ 92.897249] Bluetooth: hci4: command tx timeout [ 92.960803] Bluetooth: hci6: command tx timeout [ 94.688992] Bluetooth: hci0: command tx timeout [ 94.752286] Bluetooth: hci1: command tx timeout [ 94.881037] Bluetooth: hci3: command tx timeout [ 94.881163] Bluetooth: hci5: command tx timeout [ 94.881260] Bluetooth: hci2: command tx timeout [ 94.944295] Bluetooth: hci4: command tx timeout [ 94.944494] Bluetooth: hci7: command tx timeout [ 95.008255] Bluetooth: hci6: command tx timeout [ 96.736534] Bluetooth: hci0: command tx timeout [ 96.800222] Bluetooth: hci1: command tx timeout [ 96.928940] Bluetooth: hci2: command tx timeout [ 96.929037] Bluetooth: hci5: command tx timeout [ 96.929429] Bluetooth: hci3: command tx timeout [ 96.992329] Bluetooth: hci7: command tx timeout [ 96.992383] Bluetooth: hci4: command tx timeout [ 97.057461] Bluetooth: hci6: command tx timeout [ 102.174619] modprobe (1026) used greatest stack depth: 24216 bytes left [ 148.576641] [ 148.576907] ====================================================== [ 148.577498] WARNING: possible circular locking dependency detected [ 148.578095] 6.13.0-rc7-next-20250117 #1 Not tainted [ 148.578584] ------------------------------------------------------ [ 148.579954] kworker/u8:0/11 is trying to acquire lock: [ 148.581111] ffffffff8621b968 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 148.583121] [ 148.583121] but task is already holding lock: [ 148.584824] ffff8880070a0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 148.586805] [ 148.586805] which lock already depends on the new lock. [ 148.586805] [ 148.587963] [ 148.587963] the existing dependency chain (in reverse order) is: [ 148.588675] [ 148.588675] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 148.589337] __mutex_lock+0x13d/0xb50 [ 148.589803] wiphy_register+0x1b2e/0x25d0 [ 148.590299] ieee80211_register_hw+0x23a4/0x3d60 [ 148.590842] mac80211_hwsim_new_radio+0x2759/0x4d50 [ 148.591407] init_mac80211_hwsim+0x389/0x870 [ 148.591926] do_one_initcall+0xf9/0x640 [ 148.592407] kernel_init_freeable+0x53d/0x7a0 [ 148.592927] kernel_init+0x1e/0x2d0 [ 148.593347] ret_from_fork+0x48/0x80 [ 148.593774] ret_from_fork_asm+0x1a/0x30 [ 148.594260] [ 148.594260] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 148.594879] __lock_acquire+0x29fd/0x4580 [ 148.595360] lock_acquire+0x19b/0x520 [ 148.595805] __mutex_lock+0x13d/0xb50 [ 148.596262] unregister_netdevice_many_notify+0x1612/0x1c80 [ 148.596873] unregister_netdevice_queue+0x224/0x2e0 [ 148.597419] _cfg80211_unregister_wdev+0x57b/0x700 [ 148.597969] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 148.598532] ieee80211_unregister_hw+0x55/0x3a0 [ 148.599050] hwsim_exit_net+0x3a0/0x730 [ 148.599511] ops_exit_list+0xb3/0x180 [ 148.599962] cleanup_net+0x546/0xad0 [ 148.600405] process_one_work+0x8ee/0x1a10 [ 148.600917] worker_thread+0x674/0xe70 [ 148.601397] kthread+0x3ab/0x720 [ 148.601821] ret_from_fork+0x48/0x80 [ 148.602246] ret_from_fork_asm+0x1a/0x30 [ 148.602739] [ 148.602739] other info that might help us debug this: [ 148.602739] [ 148.603494] Possible unsafe locking scenario: [ 148.603494] [ 148.604064] CPU0 CPU1 [ 148.604526] ---- ---- [ 148.604976] lock(&rdev->wiphy.mtx); [ 148.605374] lock(rtnl_mutex); [ 148.605955] lock(&rdev->wiphy.mtx); [ 148.606578] lock(rtnl_mutex); [ 148.606934] [ 148.606934] *** DEADLOCK *** [ 148.606934] [ 148.607499] 4 locks held by kworker/u8:0/11: [ 148.607933] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 148.608944] #1: ffff8880095dfd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 148.609917] #2: ffffffff8620f810 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 148.610828] #3: ffff8880070a0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 148.611867] [ 148.611867] stack backtrace: [ 148.612304] CPU: 1 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-rc7-next-20250117 #1 [ 148.613098] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 148.613863] Workqueue: netns cleanup_net [ 148.614282] Call Trace: [ 148.614543] [ 148.614776] dump_stack_lvl+0xca/0x120 [ 148.615190] print_circular_bug+0x47b/0x750 [ 148.615630] check_noncircular+0x2e9/0x3c0 [ 148.616060] ? __pfx_check_noncircular+0x10/0x10 [ 148.616534] ? hlock_class+0x4e/0x130 [ 148.616913] ? srso_return_thunk+0x5/0x5f [ 148.617347] ? mark_lock+0xac/0xed0 [ 148.617722] ? lockdep_lock+0xba/0x1b0 [ 148.618138] ? __pfx_lockdep_lock+0x10/0x10 [ 148.618597] __lock_acquire+0x29fd/0x4580 [ 148.619033] ? __pfx___lock_acquire+0x10/0x10 [ 148.619487] ? lock_release+0x20f/0x6f0 [ 148.619903] ? __pfx_lock_release+0x10/0x10 [ 148.620343] ? srso_return_thunk+0x5/0x5f [ 148.620782] lock_acquire+0x19b/0x520 [ 148.621183] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 148.621763] ? __pfx_lock_acquire+0x10/0x10 [ 148.622210] ? __pfx_lock_release+0x10/0x10 [ 148.622650] ? __pfx_try_to_wake_up+0x10/0x10 [ 148.623104] ? srso_return_thunk+0x5/0x5f [ 148.623533] ? lock_is_held_type+0x9e/0x120 [ 148.623982] ? srso_return_thunk+0x5/0x5f [ 148.624419] __mutex_lock+0x13d/0xb50 [ 148.624829] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 148.625401] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 148.625974] ? srso_return_thunk+0x5/0x5f [ 148.626405] ? synchronize_rcu_expedited+0x38a/0x420 [ 148.626914] ? __pfx___mutex_lock+0x10/0x10 [ 148.627360] ? srso_return_thunk+0x5/0x5f [ 148.627794] ? srso_return_thunk+0x5/0x5f [ 148.628228] ? kasan_quarantine_put+0x84/0x1e0 [ 148.628704] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 148.629161] ? srso_return_thunk+0x5/0x5f [ 148.629600] unregister_netdevice_many_notify+0x1612/0x1c80 [ 148.630162] ? __virt_addr_valid+0x2e8/0x5d0 [ 148.630624] ? __pfx_lock_release+0x10/0x10 [ 148.631071] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 148.631679] ? find_held_lock+0x2c/0x110 [ 148.632120] ? srso_return_thunk+0x5/0x5f [ 148.632561] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 148.633079] ? srso_return_thunk+0x5/0x5f [ 148.633515] ? lock_release+0x20f/0x6f0 [ 148.633927] ? __pfx_lock_release+0x10/0x10 [ 148.634368] ? srso_return_thunk+0x5/0x5f [ 148.634812] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 148.635339] ? srso_return_thunk+0x5/0x5f [ 148.635782] unregister_netdevice_queue+0x224/0x2e0 [ 148.636274] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 148.636813] ? up_write+0x195/0x520 [ 148.637204] _cfg80211_unregister_wdev+0x57b/0x700 [ 148.637702] ? srso_return_thunk+0x5/0x5f [ 148.638139] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 148.638642] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 148.639182] ? srso_return_thunk+0x5/0x5f [ 148.639617] ? srso_return_thunk+0x5/0x5f [ 148.640050] ? synchronize_rcu+0x1ff/0x260 [ 148.640481] ieee80211_unregister_hw+0x55/0x3a0 [ 148.640950] hwsim_exit_net+0x3a0/0x730 [ 148.641357] ? __pfx_hwsim_exit_net+0x10/0x10 [ 148.641810] ? srso_return_thunk+0x5/0x5f [ 148.642243] ? netdev_run_todo+0x788/0x1040 [ 148.642686] ? srso_return_thunk+0x5/0x5f [ 148.643126] ? __pfx_hwsim_exit_net+0x10/0x10 [ 148.643583] ops_exit_list+0xb3/0x180 [ 148.643974] cleanup_net+0x546/0xad0 [ 148.644358] ? __pfx_cleanup_net+0x10/0x10 [ 148.644795] process_one_work+0x8ee/0x1a10 [ 148.645246] ? __pfx_lock_acquire+0x10/0x10 [ 148.645683] ? __pfx_process_one_work+0x10/0x10 [ 148.646169] ? srso_return_thunk+0x5/0x5f [ 148.646612] ? move_linked_works+0x172/0x270 [ 148.647067] ? srso_return_thunk+0x5/0x5f [ 148.647509] ? assign_work+0x196/0x240 [ 148.647925] worker_thread+0x674/0xe70 [ 148.648342] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 148.648871] ? __pfx_worker_thread+0x10/0x10 [ 148.649337] kthread+0x3ab/0x720 [ 148.649703] ? __pfx_kthread+0x10/0x10 [ 148.650113] ? srso_return_thunk+0x5/0x5f [ 148.650549] ? finish_task_switch.isra.0+0x206/0x840 [ 148.651064] ? __pfx_kthread+0x10/0x10 [ 148.651479] ret_from_fork+0x48/0x80 [ 148.651851] ? __pfx_kthread+0x10/0x10 [ 148.652265] ret_from_fork_asm+0x1a/0x30 [ 148.652704] [ 150.895617] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 150.898671] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 150.904308] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 150.904805] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 150.908644] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 150.911187] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 150.917297] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 150.921370] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 150.924865] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 150.942219] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 150.946449] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 150.949150] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 150.961450] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 150.973161] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 150.975163] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 150.979688] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 150.994314] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 150.994796] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 150.995005] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 150.998318] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 151.002444] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 151.002681] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 151.009251] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 151.009529] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 151.010856] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 151.014742] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 151.018112] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 151.020360] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 151.022887] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 151.023407] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 151.024620] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 151.031301] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 151.052360] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 151.072583] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 151.082881] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 151.083825] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 151.089273] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 151.093484] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 151.096283] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 151.099350] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 151.106326] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 151.111064] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 151.115389] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 151.119328] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 151.123392] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 151.124724] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 151.130997] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 151.132276] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 152.992305] Bluetooth: hci1: command tx timeout [ 152.992589] Bluetooth: hci0: command tx timeout [ 153.056263] Bluetooth: hci3: command tx timeout [ 153.056428] Bluetooth: hci2: command tx timeout [ 153.057735] Bluetooth: hci4: command tx timeout [ 153.120155] Bluetooth: hci5: command tx timeout [ 153.186163] Bluetooth: hci7: command tx timeout [ 153.186246] Bluetooth: hci6: command tx timeout [ 155.040200] Bluetooth: hci0: command tx timeout [ 155.040774] Bluetooth: hci1: command tx timeout [ 155.104500] Bluetooth: hci3: command tx timeout [ 155.105047] Bluetooth: hci4: command tx timeout [ 155.105154] Bluetooth: hci2: command tx timeout [ 155.169319] Bluetooth: hci5: command tx timeout [ 155.232239] Bluetooth: hci6: command tx timeout [ 155.232311] Bluetooth: hci7: command tx timeout [ 157.088195] Bluetooth: hci1: command tx timeout [ 157.089170] Bluetooth: hci0: command tx timeout [ 157.153702] Bluetooth: hci2: command tx timeout [ 157.153998] Bluetooth: hci4: command tx timeout [ 157.154708] Bluetooth: hci3: command tx timeout [ 157.217132] Bluetooth: hci5: command tx timeout [ 157.280200] Bluetooth: hci7: command tx timeout [ 157.280560] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 17:11:30 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88807d368898 RCX=ffffffff81429a4a RDX=1ffff11001d5eb80 RSI=0000000000000008 RDI=ffff88800eaf5c00 RBP=0000000000000000 RSP=ffff88800f16fdc8 R8 =0000000000000000 R9 =ffffed1001d5eb80 R10=ffff88800eaf5c07 R11=0000000000000000 R12=ffff88807d368ff9 R13=ffffffff8864ed98 R14=ffff88800eb3d340 R15=0000000000000086 RIP=ffffffff81ab7800 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000c00034f000 CR3=000000001a6e8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000004183bda200000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff8283cd30 RDI=ffffffff886930a0 RBP=ffffffff88693060 RSP=ffff8880095debc0 R8 =0000000000000001 R9 =ffffed10012bbd67 R10=0000000000000001 R11=6f6c206863696877 R12=ffffffff886930b0 R13=ffff8880095deeb8 R14=ffffffff88693320 R15=0000000000000000 RIP=ffffffff8283cd85 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f21410a8ba0 CR3=000000001a6e8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000c000056410000000c000056190 XMM02=000000000000000040d5e40000000000 XMM03=000000c0004f0300000000c0004f0100 XMM04=000000c0004f0e00000000c0004f03c0 XMM05=000000c0004f12c0000000c0004f1080 XMM06=000000c0004f1b40000000c0004f17c0 XMM07=000000c000506080000000c0004f1e80 XMM08=000000c00058f7c0000000c00058f600 XMM09=000000c00058fc40000000c00058fa00 XMM10=000000c0004f0100000000c00058ff00 XMM11=000000c0004f03c0000000c0004f0300 XMM12=000000c0004f1080000000c0004f0e00 XMM13=000000c0004f17c0000000c0004f12c0 XMM14=000000c0004f1e80000000c0004f1b40 XMM15=000000c000506100000000c000506080