Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:53441' (ECDSA) to the list of known hosts. 2025/01/19 19:48:11 fuzzer started 2025/01/19 19:48:12 dialing manager at localhost:44245 syzkaller login: [ 63.658434] cgroup: Unknown subsys name 'net' [ 63.762709] cgroup: Unknown subsys name 'cpuset' [ 63.789846] cgroup: Unknown subsys name 'rlimit' [ 69.973309] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/19 19:48:30 syscalls: 205 2025/01/19 19:48:30 code coverage: enabled 2025/01/19 19:48:30 comparison tracing: enabled 2025/01/19 19:48:30 extra coverage: enabled 2025/01/19 19:48:30 setuid sandbox: enabled 2025/01/19 19:48:30 namespace sandbox: enabled 2025/01/19 19:48:30 Android sandbox: enabled 2025/01/19 19:48:30 fault injection: enabled 2025/01/19 19:48:30 leak checking: enabled 2025/01/19 19:48:30 net packet injection: enabled 2025/01/19 19:48:30 net device setup: enabled 2025/01/19 19:48:30 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/19 19:48:30 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/19 19:48:30 USB emulation: enabled 2025/01/19 19:48:30 hci packet injection: enabled 2025/01/19 19:48:30 wifi device emulation: enabled 2025/01/19 19:48:30 802.15.4 emulation: enabled 2025/01/19 19:48:30 fetching corpus: 0, signal 0/0 (executing program) 2025/01/19 19:48:32 starting 8 fuzzer processes 19:48:32 executing program 0: r0 = fork() rt_tgsigqueueinfo(0xffffffffffffffff, r0, 0x1d, &(0x7f0000000000)={0x22, 0x7f, 0x8}) r1 = fork() r2 = pidfd_open(r1, 0x0) r3 = fork() capset(&(0x7f0000000080)={0x19980330, r3}, &(0x7f00000000c0)={0x4513, 0x5, 0xcf71, 0x401, 0x6}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = fork() ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, 0x0, 0x4, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_PID={0x8, 0x1c, r5}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4040001) ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005) r7 = fork() rt_tgsigqueueinfo(r7, r0, 0x40, &(0x7f0000000240)={0x7, 0x1, 0x1f}) ioprio_get$pid(0x1, r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) rt_tgsigqueueinfo(r7, r0, 0x36, &(0x7f0000000300)={0x27, 0x4166, 0x7}) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r2, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x24, r8, 0x800, 0x70bd29, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000041}, 0x8000) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f00000004c0)={0x20, 0x36, 0x4, 0x14, 0x8, 0x2, 0x0, 0x4}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000500)={'\x00', 0x8, 0x0, 0x8, 0x81, 0x5, r1}) 19:48:32 executing program 1: sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x800, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400c0}, 0x24000044) r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, r0, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x400}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x655}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}]}, 0x4c}}, 0x20000804) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000280)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0xee00}}, './file0\x00'}) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, r4, 0x10, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x24}}, 0x4800) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x54, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x8}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x44}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}]}]}, 0x54}}, 0x800) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000540)={{0x1, 0x1, 0x18, r1, {r2, r3}}, './file0\x00'}) r7 = syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), r1) sendmsg$BATADV_CMD_GET_ORIGINATORS(r5, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x3c, r7, 0x10, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80840}, 0x41) syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), r1) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000740), r5) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, r8, 0x8, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000c091}, 0x480c) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000880)={{0x1, 0x1, 0x18, r1, {r6, 0xee01}}, './file0\x00'}) syz_genetlink_get_family_id$SEG6(&(0x7f0000000840), r9) ioctl$RTC_PIE_ON(r1, 0x7005) r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000900), r9) sendmsg$BATADV_CMD_SET_VLAN(r5, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x1c, r10, 0x420, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x204}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4000080) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000a00)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x4, 0x0, 0x0, 0x0, 0x12345}, 0x6) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000000ac0)={'syztnl2\x00', &(0x7f0000000a40)={'ip6tnl0\x00', 0x0, 0x2f, 0xc8, 0x67, 0x1, 0x13, @local, @dev={0xfe, 0x80, '\x00', 0xe}, 0x1, 0x7800, 0x40, 0x1000}}) 19:48:32 executing program 2: times(&(0x7f0000000000)) prctl$PR_SVE_SET_VL(0x32, 0xfcd0) r0 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc1}, &(0x7f00000000c0)={0x0, "0875d46aeae2c77094fa6ea62328bf455b2a5a6d544fa582f6925702e570b8e7a587adb0155fd81c0f06e286a35082cc19966410b506be96e41ef21215b779b7", 0x3f}, 0x48, 0x0) keyctl$read(0xb, r0, &(0x7f0000000140)=""/131, 0x83) times(&(0x7f0000000200)) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) prctl$PR_SVE_SET_VL(0x32, 0x362aa) keyctl$read(0xb, 0x0, &(0x7f00000002c0)=""/205, 0xcd) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid_for_children\x00') r1 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "a3bee8750569ca5bc3934517626f3483f816f0b665887f56664adf3cd995835edede4d4d341e6e9138f730929c2e28fc123b232ec8f1d665604d92bcee5e3ea3", 0x1d}, 0x48, r0) r2 = add_key$fscrypt_v1(&(0x7f0000000500), &(0x7f0000000540)={'fscrypt:', @desc2}, &(0x7f0000000580)={0x0, "7c1bd75acb13fd80d66c1e65da2321e0a1c7713f7b1fa97e7df1062667e48113e964a7a66f788f6429888970dbec8e7ee4f383da088ab2ba281cc34389aeaf46", 0x3}, 0x48, r0) keyctl$unlink(0x9, r1, r2) r3 = add_key(&(0x7f0000000700)='logon\x00', &(0x7f0000000740)={'syz', 0x3}, 0x0, 0x0, r0) add_key$fscrypt_v1(&(0x7f0000000600), &(0x7f0000000640)={'fscrypt:', @desc2}, &(0x7f0000000680)={0x0, "ca22e8ecc822e4f2b534729de87bf23edf5769dc703da1bf678ebc36c7c3372892a8876dee5e74f770685c2ba4a80fd89db30080545eb06829b75dd8fb3efaae", 0x2d}, 0x48, r3) r4 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000780), 0x2, 0x0) write$cgroup_netprio_ifpriomap(r4, &(0x7f00000007c0)={'veth1_macvtap', 0x32, 0x38}, 0x10) r5 = request_key(&(0x7f0000000800)='keyring\x00', &(0x7f0000000840)={'syz', 0x0}, &(0x7f0000000880)=',\x00', r2) keyctl$describe(0x6, r5, &(0x7f00000008c0)=""/246, 0xf6) keyctl$read(0xb, r5, &(0x7f00000009c0)=""/245, 0xf5) keyctl$revoke(0x3, r2) 19:48:32 executing program 3: syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000100)={0x14, &(0x7f0000000000)={0x40, 0x21, 0xad, {0xad, 0x23, "b632526be2983c28895b2b914f085a7d2b507cc0f6d4a8ccdba2cd95c059299c82bbcc49d73536fa1b583b7b7469cacb0589d72d5830a908c8be535913edfc3ab1823730c5f80af8345acd8993d02ea0cd655ddcdddc28e24310861f218653155f164343558f56cf05cbd19b9f1ca3d36ff333797d8355e9e09e8e0abd03232cd6abe9b3bb3ffeb71d54fa4b0722f65875dc2fe2821d273e23febe5b01511953c652504f6d989a65dacd09"}}, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000200)={0x1c, &(0x7f0000000140)={0x40, 0x18, 0xd, "548a622d6deb7b8faa1db9980e"}, &(0x7f0000000180)={0x0, 0xa, 0x1, 0x1}, &(0x7f00000001c0)={0x0, 0x8, 0x1}}) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000340)={0x14, &(0x7f0000000240)={0x20, 0xf, 0xae, {0xae, 0x4, "324d343a3c4f4225e1bf958a297989dfa5b09a483cb97f61294cf61b8137e872e30de7e3e133f34fcb3d61c50edead7927a3a1588c5bc6bf7b4b1a544b7e67d7ac1159a325832a100d4dd3becaec0479fa8aa1c3210f52e9c2272b3929fcd45975860ebd83886e3eb58f3245e88082bc479569bd5af6b1697495174d9dbd288c114be69fdd88f585c91651325c785590332bb518ab275fae88d99e9bb71fe585b4db3e4c9d7094d98b7b00d0"}}, &(0x7f0000000300)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000440)={0x1c, &(0x7f0000000380)={0x20, 0xa, 0x15, "0a272390ac98f0c95f088228f10e933e4552bd7323"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0xff}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x20}}) r0 = add_key$fscrypt_v1(&(0x7f00000006c0), &(0x7f0000000700)={'fscrypt:', @desc1}, &(0x7f0000000740)={0x0, "71cede979d4d0089d76a5e4145dbb24b30c3f48a19fd25d2b8736ed08e386d72c12e355ff010b1ef5bcb191a5d2ae7cb72b4b716d6a6430129795cc036316aad", 0x28}, 0x48, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000680)=[{&(0x7f0000000480)="4911c026b63debd1b26f7d6f90fa3e91903e194fa26146d0c5d0665f8b6dff3bca87df6efe8dab9ea67e0d05ed927a47a4b8dfb5a44a046705e2bd2c6aae97c78e80c2e199a2881f91afe11022ab48ebde5925545d6ffe3b2fb1988592fe862581f521779142cd303a45500d924c7d86ce61b7165328b6646dd5be31df99fdac59fa2e0435", 0x85}, {&(0x7f0000000540)="363230cec7ad3fa1912072cb81100adde7d9e47217d72201e6348bebf66998ca59a70b40c9790bb05213ee87695794aecbafa01ee3762de886b531", 0x3b}, {&(0x7f0000000580)="e7a3d80def2c48d7211610bb41f8da04ef9c00f06e6aa85d496e47af4ae64f06d4bd1f0feae65b98870852d794d5a98c79efcfbf707e0120952b50035b4dc3df61fca9fffa1354417da26efdcdff256e5b3fcbfe77a066e86f1bc173c13777e084458f21d2b879de33518c1af47709646879a73bf17fb2c876cc4c08d153480ff059f267102b18e63e41e44718d11bfc6b71a0d51ef22ca757e55cf2d658773a0d24aaa6955eb37f257d7e1910c55d3a0a007e6f7f8d5dd4725f4564ece090dc", 0xc0}, {&(0x7f0000000640)="071dfaeb5ffb27f94f15b03b1e4906491d151202", 0x14}], 0x4, r0) r1 = add_key$keyring(&(0x7f0000000880), &(0x7f00000008c0)={'syz', 0x0}, 0x0, 0x0, r0) r2 = request_key(&(0x7f00000007c0)='dns_resolver\x00', &(0x7f0000000800)={'syz', 0x0}, &(0x7f0000000840)='\x00', r1) r3 = add_key$keyring(&(0x7f0000000900), &(0x7f0000000940)={'syz', 0x2}, 0x0, 0x0, r1) keyctl$KEYCTL_MOVE(0x1e, r2, r3, r1, 0x1) r4 = request_key(&(0x7f0000000a00)='.dead\x00', &(0x7f0000000a40)={'syz', 0x0}, &(0x7f0000000a80)='\\$\x00', r1) add_key(&(0x7f0000000980)='blacklist\x00', &(0x7f00000009c0)={'syz', 0x3}, 0x0, 0x0, r4) r5 = request_key(&(0x7f0000000ac0)='.dead\x00', &(0x7f0000000b00)={'syz', 0x2}, &(0x7f0000000b40)='\x00', r2) r6 = add_key$fscrypt_provisioning(&(0x7f0000000b80), &(0x7f0000000bc0)={'syz', 0x2}, &(0x7f0000000c00)={0x3, 0x0, @auto=[0x38, 0x3e]}, 0xa, r5) keyctl$get_keyring_id(0x0, r6, 0x0) r7 = add_key$fscrypt_provisioning(&(0x7f0000000c40), &(0x7f0000000c80)={'syz', 0x0}, &(0x7f0000000cc0)={0x3, 0x0, @c}, 0x29, r0) keyctl$instantiate(0xc, r7, &(0x7f0000000d00)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', '-+'}, 0x2c, r1) request_key(&(0x7f0000000d40)='id_legacy\x00', &(0x7f0000000d80)={'syz', 0x2}, &(0x7f0000000dc0)='abcdefghijklmnopqrstuvwxyz0123456', 0xfffffffffffffffb) setsockopt$WPAN_WANTLQI(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000e00), 0x4) r8 = request_key(&(0x7f0000000e40)='dns_resolver\x00', &(0x7f0000000e80)={'syz', 0x1}, &(0x7f0000000ec0)='[$^$\x00', r4) r9 = add_key$keyring(&(0x7f0000000f00), &(0x7f0000000f40)={'syz', 0x1}, 0x0, 0x0, r5) keyctl$unlink(0x9, r8, r9) [ 83.095569] audit: type=1400 audit(1737316112.286:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 19:48:32 executing program 4: mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@afid={'afid', 0x3d, 0x100}}, {@access_client}, {}, {@uname={'uname', 0x3d, '\\/3'}}, {@cachetag={'cachetag', 0x3d, '#&\\:}.}#%,'}}, {@version_L}]}}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000180)) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x0, 0x8, 0x70bd2d, 0x25dfdbff, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1a1}]}, 0x20}, 0x1, 0x0, 0x0, 0x804}, 0x2404c010) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x1141, 0x0) r3 = epoll_create1(0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000300)={{{@in=@private, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@empty}}, &(0x7f0000000400)=0xe8) getresgid(&(0x7f0000000440)=0x0, &(0x7f0000000480), &(0x7f00000004c0)=0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000500)={{0x1, 0x1, 0x18, r3, {r4, r5}}, './file0\x00'}) prctl$PR_SET_UNALIGN(0x6, 0x2) socketpair(0x1f, 0x0, 0x101, &(0x7f0000000540)={0xffffffffffffffff}) getsockopt$WPAN_WANTLQI(r9, 0x0, 0x3, &(0x7f0000000580), &(0x7f00000005c0)=0x4) pidfd_send_signal(r7, 0x32, &(0x7f0000000600)={0x1, 0x9, 0x3ff}, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r7, 0x80605414, &(0x7f0000000680)) setregid(r6, r8) epoll_create1(0x0) prctl$PR_SET_UNALIGN(0x6, 0x2) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000700)={'\x00', 0xbb01, 0x7, 0x5, 0x100000000, 0x7fffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x2c, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x81}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4c004) 19:48:32 executing program 5: msgrcv(0xffffffffffffffff, &(0x7f0000000000)={0x0, ""/208}, 0xd8, 0x2, 0x0) r0 = msgget(0x2, 0x68) fstat(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xffffffffffffffff, 0xee00}}, './file0\x00'}) r6 = fork() msgctl$IPC_SET(r0, 0x1, &(0x7f0000000200)={{0x1, r1, 0x0, r4, 0xee01, 0x2, 0x2}, 0x0, 0x0, 0x9, 0x1, 0x4, 0x5, 0x10000, 0x69, 0x8, 0x1, r6, 0xffffffffffffffff}) r7 = msgget(0x3, 0x600) getgroups(0x7, &(0x7f0000000280)=[r5, r5, r2, r2, r2, r2, r2]) fstat(r3, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) r10 = fork() msgctl$IPC_SET(r7, 0x1, &(0x7f00000003c0)={{0x2, r4, r8, r9, r5, 0x3b, 0xa31e}, 0x0, 0x0, 0xffffffff, 0x0, 0xff, 0x8ff, 0x83ff95b, 0x40, 0x2, 0xffff, r6, r10}) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) socketpair(0x26, 0x5, 0x4, &(0x7f0000000440)={0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_vcan(r11, 0x8933, &(0x7f0000000480)={'vxcan0\x00'}) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000500), r11) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r12, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x54, r13, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_ADDR={0x18, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}]}, @MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x80}]}]}, 0x54}}, 0x4000) msgget$private(0x0, 0x8) r14 = syz_genetlink_get_family_id$batadv(&(0x7f0000000680), r11) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r12, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x60400600}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x34, r14, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x48004}, 0x20000050) 19:48:32 executing program 6: getrandom(&(0x7f0000000000)=""/92, 0x5c, 0x1) sysfs$2(0x2, 0x1, &(0x7f0000000080)=""/24) r0 = epoll_create1(0x80000) sysfs$2(0x2, 0xffffffffffff8001, &(0x7f00000000c0)=""/14) msgrcv(0xffffffffffffffff, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x2, 0x2800) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000300)={0x24, &(0x7f0000000140)={0x20, 0xa, 0x78, {0x78, 0xe, "3c77930fba42bf074fdd07e6540d28b5f6db35900331b21b0be8174ec9abc923b6510474c95c887959ad8343759a19c81a5895e10fc7e3833462d255571acde93f9886726a03f6d02bf814090a0256092414e6c97602ac2901310e65be8fb307cfa3e383d20d854849db0e5b8803f005fc7014a1ad63"}}, &(0x7f00000001c0)={0x0, 0x3, 0xae, @string={0xae, 0x3, "d07662fba45670d052aa8df61ce32fc0df59bbd5c43a6003c6e06e2f6bc18b4ad1a5bdfe9995a14ddd2ddfa940f2b61f182a65b24076a9994271cb9f4966d11cf215f5c3349a89f3ae916f88d384603dcd6edc057ed2944a071968af84e717b220024fd80859b989699eb87eea1a2cf4096dbba29f54cd6365f8013dc3b951419241d6bfbefc981d400c9abb66573751adc71f18fa21f4b683575779c51613d1193d1e40e5fc50b41f86567e"}}, &(0x7f0000000280)={0x0, 0x22, 0x13, {[@global=@item_012={0x2, 0x1, 0x2, "8989"}, @main=@item_4={0x3, 0x0, 0x9, "14e48a74"}, @local=@item_4={0x3, 0x2, 0x7, "4feee5b3"}, @main=@item_012={0x2, 0x0, 0xc, "19b5"}, @global=@item_012={0x2, 0x1, 0x0, "ef0a"}]}}, &(0x7f00000002c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x6, 0x20, 0x1, {0x22, 0x1bb}}}}, &(0x7f0000000540)={0x2c, &(0x7f0000000340)={0x20, 0x7, 0x39, "7da33c958b9db03c690ee341b44ba5509486669efe36355c155a1b3af147ea4b5479f66c5fc511c130b846956678bb267065fab573e8b7859b"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x3}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000400)={0x20, 0x1, 0xd6, "9646ddc0ff3990e449930134dbcd4485a317f54cbff3de8ee1bb3c98c459732f227015168c2f0e69b22ebcec2c089593bc620d0e5d885fac8466543d3927ba5d04aed2f38933d0b0a7fe28bb63d6c08535157037056419b79c69ad16f093e0ec586ce13e4f97a18360ebc6408edad23875d93f2a1d61c41e0351f7ea2dbf49f26a69eb084c527497ffedbadb04903a369bafe8845ab85f6da67dc244a9f6bcef9b27e57e56e95940f33caf62d715fc8ecdb533124650f3486d01b0965b97f95a6edc80973e7772a3df67602771f75ef2085736f823da"}, &(0x7f0000000500)={0x20, 0x3, 0x1, 0x20}}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_TEE={0x21, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x237, 0xa, 0x0, {0x0, 0x0, r0}}, 0x8) sysfs$2(0x2, 0x3, &(0x7f00000005c0)=""/4096) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000015c0), 0x800, 0x0) write$tun(r1, &(0x7f0000001600)={@val={0x0, 0x6000}, @void, @mpls={[{0xff059}, {0x78}, {0x0, 0x0, 0x1}, {0xdaec}, {0x7fff}, {0x200, 0x0, 0x1}, {0x16}, {0x6, 0x0, 0x1}, {0x7, 0x0, 0x1}, {0x8}], @ipv4=@generic={{0xa, 0x4, 0x0, 0x1, 0x10b, 0x66, 0x0, 0x7f, 0x32, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x1b}, {[@end, @ra={0x94, 0x4}, @rr={0x7, 0xb, 0xf8, [@empty, @loopback]}, @noop]}}, "0ea8192e8837a17795c0e1e2aee9ddee23ab36e0235b8ac4aa0fabaab52717a1e4104d713345a22ece83dd833762155b77153d281d4e40ea39387a27abcf0a43f9e7465707206266758d26041523e8a35cfc8c8d70c69aad49918cea3a4bc6ce371bf7b7643908daf350ba71401df67012444b62c98448b7a5ea5edae3e92890dc0e9dde8c7136687105bed219a571d339dd0596baf04e8c3eb43fd966de9649906b42c7e25ddb068a0633b2ddd59517b3cc550cf7f2c217fd6ef2cd47be070b4c7213e71b3ba921430ef8b6611c29fd648d8a4951d487468aa3ca55375464decd98da"}}}, 0x137) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000001740), 0x230102, 0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000017c0), r1) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r1, 0x89fa, &(0x7f0000001880)={'sit0\x00', &(0x7f0000001800)={'syztnl2\x00', 0x0, 0x4, 0xad, 0x3f, 0xc6, 0xb0, @mcast2, @local, 0x8000, 0x10, 0x5, 0x8001}}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000018c0)={'batadv_slave_0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r2, &(0x7f00000019c0)={&(0x7f0000001780), 0xc, &(0x7f0000001980)={&(0x7f0000001900)={0x54, r3, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfffffffd}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3ff}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7ff}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x4000813) syz_genetlink_get_family_id$mptcp(&(0x7f0000001a00), r2) r6 = eventfd2(0x811, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000001a40)) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001b40)={&(0x7f0000001a80)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001b00)={&(0x7f0000001ac0)={0x20, 0x0, 0x8, 0x70bd27, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x9}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x4040) syz_io_uring_submit(0x0, 0x0, &(0x7f0000001b80)=@IORING_OP_POLL_ADD={0x6, 0x1, 0x0, @fd=r6, 0x0, 0x0, 0x0, {0x500}}, 0x9) 19:48:32 executing program 7: ioprio_get$pid(0x0, 0x0) r0 = fork() setpgid(0xffffffffffffffff, r0) ptrace$peekuser(0x3, r0, 0xe198) rt_sigqueueinfo(r0, 0xb, &(0x7f0000000000)={0x8, 0xfffffffd, 0x7}) pidfd_open(r0, 0x0) r1 = pidfd_open(r0, 0x0) process_mrelease(r1, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x4e7a7e47f974a67e, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, 0x0, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_SOCKETS={0x14, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8, 0x1, r2}]}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}]}, 0x40}, 0x1, 0x0, 0x0, 0x4048080}, 0x4044800) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r2) sendmsg$BATADV_CMD_GET_ORIGINATORS(r3, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r4, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x3}]}, 0x1c}}, 0x40c4) r5 = fork() syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r3) r6 = syz_open_dev$loop(&(0x7f0000000340), 0x7, 0x80680) ioctl$LOOP_CHANGE_FD(r6, 0x4c06, r1) getegid() pidfd_send_signal(0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x2, 0x1, 0x7}, 0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x24, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_PID={0x8, 0x1c, r5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) [ 84.474101] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.479064] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.480978] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.484864] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.490124] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.491821] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.494316] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.495701] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 84.497158] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.509128] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.526727] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 84.527203] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.530414] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.531764] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.532710] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.554119] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.561830] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 84.563205] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.602887] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.605143] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.609159] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.615928] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.623877] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 84.625682] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.669632] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.672235] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 84.676448] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 84.683617] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 84.687945] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 84.688885] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 84.691752] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 84.694896] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 84.708300] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 84.714909] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 84.715208] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 84.733951] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.744476] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 84.751615] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 84.752208] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 84.766042] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 84.770955] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 84.779754] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 84.785237] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 84.788817] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 84.790097] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 84.792770] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 84.795826] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 84.803272] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 86.553014] Bluetooth: hci1: command tx timeout [ 86.553556] Bluetooth: hci0: command tx timeout [ 86.616542] Bluetooth: hci2: command tx timeout [ 86.680538] Bluetooth: hci3: command tx timeout [ 86.808485] Bluetooth: hci4: command tx timeout [ 86.808673] Bluetooth: hci5: command tx timeout [ 86.872476] Bluetooth: hci7: command tx timeout [ 86.872828] Bluetooth: hci6: command tx timeout [ 88.600532] Bluetooth: hci1: command tx timeout [ 88.600642] Bluetooth: hci0: command tx timeout [ 88.664768] Bluetooth: hci2: command tx timeout [ 88.728436] Bluetooth: hci3: command tx timeout [ 88.858433] Bluetooth: hci4: command tx timeout [ 88.858534] Bluetooth: hci5: command tx timeout [ 88.920578] Bluetooth: hci7: command tx timeout [ 88.920830] Bluetooth: hci6: command tx timeout [ 90.648467] Bluetooth: hci0: command tx timeout [ 90.648569] Bluetooth: hci1: command tx timeout [ 90.713425] Bluetooth: hci2: command tx timeout [ 90.776643] Bluetooth: hci3: command tx timeout [ 90.904436] Bluetooth: hci5: command tx timeout [ 90.904527] Bluetooth: hci4: command tx timeout [ 90.968531] Bluetooth: hci7: command tx timeout [ 90.968829] Bluetooth: hci6: command tx timeout [ 92.696577] Bluetooth: hci0: command tx timeout [ 92.696748] Bluetooth: hci1: command tx timeout [ 92.760915] Bluetooth: hci2: command tx timeout [ 92.824626] Bluetooth: hci3: command tx timeout [ 92.952492] Bluetooth: hci4: command tx timeout [ 92.952626] Bluetooth: hci5: command tx timeout [ 93.016478] Bluetooth: hci7: command tx timeout [ 93.016604] Bluetooth: hci6: command tx timeout [ 144.397969] syz-executor.0 (281) used greatest stack depth: 23312 bytes left [ 147.110482] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 147.118468] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 147.120757] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 147.121648] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 147.127465] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 147.127652] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 147.131526] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 147.134648] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 147.137883] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 147.151492] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 147.158911] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 147.162598] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 147.176159] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 147.180066] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 147.182540] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 147.185266] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 147.187154] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 147.187449] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 147.187602] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 147.188260] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 147.190214] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 147.191631] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 147.192320] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 147.192728] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 147.197679] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 147.200567] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 147.203204] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 147.204374] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 147.212710] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 147.217890] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 147.219531] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 147.238745] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 147.250958] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 147.252849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 147.258524] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 147.259514] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 147.259974] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 147.268091] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 147.268761] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 147.271159] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 147.272023] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 147.272471] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 147.274318] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 147.280750] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 147.284208] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 147.308200] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 147.321723] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 147.328629] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 149.208891] Bluetooth: hci0: command tx timeout [ 149.208906] Bluetooth: hci1: command tx timeout [ 149.272426] Bluetooth: hci5: command tx timeout [ 149.337415] Bluetooth: hci6: command tx timeout [ 149.337639] Bluetooth: hci3: command tx timeout [ 149.337795] Bluetooth: hci4: command tx timeout [ 149.337935] Bluetooth: hci2: command tx timeout [ 149.400405] Bluetooth: hci7: command tx timeout [ 151.256510] Bluetooth: hci1: command tx timeout [ 151.257405] Bluetooth: hci0: command tx timeout [ 151.321432] Bluetooth: hci5: command tx timeout [ 151.385861] Bluetooth: hci2: command tx timeout [ 151.385983] Bluetooth: hci4: command tx timeout [ 151.386091] Bluetooth: hci3: command tx timeout [ 151.386166] Bluetooth: hci6: command tx timeout [ 151.448438] Bluetooth: hci7: command tx timeout [ 153.304554] Bluetooth: hci0: command tx timeout [ 153.304801] Bluetooth: hci1: command tx timeout [ 153.368518] Bluetooth: hci5: command tx timeout [ 153.432446] Bluetooth: hci6: command tx timeout [ 153.432527] Bluetooth: hci3: command tx timeout [ 153.432611] Bluetooth: hci4: command tx timeout [ 153.432673] Bluetooth: hci2: command tx timeout [ 153.497400] Bluetooth: hci7: command tx timeout [ 155.353950] Bluetooth: hci1: command tx timeout [ 155.353971] Bluetooth: hci0: command tx timeout [ 155.418753] Bluetooth: hci5: command tx timeout [ 155.480469] Bluetooth: hci2: command tx timeout [ 155.480555] Bluetooth: hci4: command tx timeout [ 155.480655] Bluetooth: hci3: command tx timeout [ 155.480723] Bluetooth: hci6: command tx timeout [ 155.546416] Bluetooth: hci7: command tx timeout [ 209.197899] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 209.200202] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 209.205401] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 209.213703] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 209.219286] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 209.221889] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 209.257405] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 209.262447] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 209.264614] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 209.273658] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 209.282445] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 209.286501] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 209.314998] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 209.318685] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 209.321676] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 209.334752] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 209.337507] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 209.339086] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 209.390845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 209.395531] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 209.396863] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 209.415516] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 209.440618] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 209.441998] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 209.522251] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 209.524760] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 209.542035] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 209.545182] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 209.551208] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 209.554584] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 209.557826] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 209.559157] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 209.561080] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 209.562414] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 209.563599] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 209.566618] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 209.569991] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 209.570920] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 209.576530] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 209.588630] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 209.600914] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 209.603644] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 209.603819] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 209.605096] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 209.651992] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 209.652204] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 209.658866] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 209.678223] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 211.288398] Bluetooth: hci0: command tx timeout [ 211.352409] Bluetooth: hci1: command tx timeout [ 211.416414] Bluetooth: hci2: command tx timeout [ 211.608421] Bluetooth: hci5: command tx timeout [ 211.608765] Bluetooth: hci3: command tx timeout [ 211.736420] Bluetooth: hci6: command tx timeout [ 211.736731] Bluetooth: hci7: command tx timeout [ 211.800435] Bluetooth: hci4: command tx timeout [ 213.337468] Bluetooth: hci0: command tx timeout [ 213.400391] Bluetooth: hci1: command tx timeout [ 213.464441] Bluetooth: hci2: command tx timeout [ 213.656491] Bluetooth: hci3: command tx timeout [ 213.657418] Bluetooth: hci5: command tx timeout [ 213.785392] Bluetooth: hci7: command tx timeout [ 213.785968] Bluetooth: hci6: command tx timeout [ 213.849551] Bluetooth: hci4: command tx timeout [ 215.384447] Bluetooth: hci0: command tx timeout [ 215.449519] Bluetooth: hci1: command tx timeout [ 215.513488] Bluetooth: hci2: command tx timeout [ 215.704470] Bluetooth: hci5: command tx timeout [ 215.704557] Bluetooth: hci3: command tx timeout [ 215.832406] Bluetooth: hci7: command tx timeout [ 215.833923] Bluetooth: hci6: command tx timeout [ 215.896410] Bluetooth: hci4: command tx timeout [ 217.433377] Bluetooth: hci0: command tx timeout [ 217.497350] Bluetooth: hci1: command tx timeout [ 217.561378] Bluetooth: hci2: command tx timeout [ 217.752652] Bluetooth: hci3: command tx timeout [ 217.753001] Bluetooth: hci5: command tx timeout [ 217.881965] Bluetooth: hci6: command tx timeout [ 217.881984] Bluetooth: hci7: command tx timeout [ 217.944443] Bluetooth: hci4: command tx timeout [ 269.867832] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 271.214478] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 271.219539] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 271.220929] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 271.228113] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 271.235153] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 271.237740] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 271.409009] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 271.416025] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 271.420195] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 271.429162] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 271.434168] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 271.437822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 271.540408] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 271.547588] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 271.553550] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 271.565959] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 271.587948] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 271.590503] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 271.634818] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 271.650607] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 271.656214] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 271.676373] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 271.683744] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 271.690644] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 271.693564] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 271.701105] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 271.709104] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 271.717926] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 271.720419] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 271.731214] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 271.735553] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 271.745760] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 271.750550] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 271.796146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 271.816715] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 271.837735] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 271.840985] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 271.853983] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 271.862005] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 271.868240] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 271.869470] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 271.873621] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 272.366942] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 272.379583] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 272.411681] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 272.444618] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 272.456533] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 272.469796] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 273.307594] Bluetooth: hci0: command tx timeout [ 273.497447] Bluetooth: hci1: command tx timeout [ 273.624690] Bluetooth: hci2: command tx timeout [ 273.752484] Bluetooth: hci5: command tx timeout [ 273.816447] Bluetooth: hci3: command tx timeout [ 273.944539] Bluetooth: hci7: command tx timeout [ 274.008467] Bluetooth: hci4: command tx timeout [ 274.648621] Bluetooth: hci6: command tx timeout [ 275.352370] Bluetooth: hci0: command tx timeout [ 275.545361] Bluetooth: hci1: command tx timeout [ 275.672449] Bluetooth: hci2: command tx timeout [ 275.800462] Bluetooth: hci5: command tx timeout [ 275.864419] Bluetooth: hci3: command tx timeout [ 275.992584] Bluetooth: hci7: command tx timeout [ 276.056536] Bluetooth: hci4: command tx timeout [ 276.696541] Bluetooth: hci6: command tx timeout [ 277.400545] Bluetooth: hci0: command tx timeout [ 277.592402] Bluetooth: hci1: command tx timeout [ 277.720430] Bluetooth: hci2: command tx timeout [ 277.849019] Bluetooth: hci5: command tx timeout [ 277.912368] Bluetooth: hci3: command tx timeout [ 278.041347] Bluetooth: hci7: command tx timeout [ 278.104464] Bluetooth: hci4: command tx timeout [ 278.744702] Bluetooth: hci6: command tx timeout [ 279.448404] Bluetooth: hci0: command tx timeout [ 279.640378] Bluetooth: hci1: command tx timeout [ 279.768395] Bluetooth: hci2: command tx timeout [ 279.896383] Bluetooth: hci5: command tx timeout [ 279.960392] Bluetooth: hci3: command tx timeout [ 280.088562] Bluetooth: hci7: command tx timeout [ 280.152416] Bluetooth: hci4: command tx timeout [ 280.792414] Bluetooth: hci6: command tx timeout [ 330.058449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.058569] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.327180] [ 331.327443] ====================================================== [ 331.328033] WARNING: possible circular locking dependency detected [ 331.328639] 6.13.0-rc7-next-20250117 #1 Not tainted [ 331.329125] ------------------------------------------------------ [ 331.330550] kworker/u8:1/66 is trying to acquire lock: [ 331.331654] ffffffff8621b968 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 331.333715] [ 331.333715] but task is already holding lock: [ 331.335346] ffff888025428768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 331.337265] [ 331.337265] which lock already depends on the new lock. [ 331.337265] [ 331.338978] [ 331.338978] the existing dependency chain (in reverse order) is: [ 331.339681] [ 331.339681] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 331.340344] __mutex_lock+0x13d/0xb50 [ 331.340806] wiphy_register+0x1b2e/0x25d0 [ 331.341294] ieee80211_register_hw+0x23a4/0x3d60 [ 331.341825] mac80211_hwsim_new_radio+0x2759/0x4d50 [ 331.342385] init_mac80211_hwsim+0x389/0x870 [ 331.342906] do_one_initcall+0xf9/0x640 [ 331.343391] kernel_init_freeable+0x53d/0x7a0 [ 331.343917] kernel_init+0x1e/0x2d0 [ 331.344345] ret_from_fork+0x48/0x80 [ 331.344787] ret_from_fork_asm+0x1a/0x30 [ 331.345275] [ 331.345275] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 331.345893] __lock_acquire+0x29fd/0x4580 [ 331.346372] lock_acquire+0x19b/0x520 [ 331.346826] __mutex_lock+0x13d/0xb50 [ 331.347279] unregister_netdevice_many_notify+0x1612/0x1c80 [ 331.347895] unregister_netdevice_queue+0x224/0x2e0 [ 331.348455] _cfg80211_unregister_wdev+0x57b/0x700 [ 331.349007] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 331.349554] ieee80211_unregister_hw+0x55/0x3a0 [ 331.350076] hwsim_exit_net+0x3a0/0x730 [ 331.350539] ops_exit_list+0xb3/0x180 [ 331.350986] cleanup_net+0x546/0xad0 [ 331.351425] process_one_work+0x8ee/0x1a10 [ 331.351932] worker_thread+0x674/0xe70 [ 331.352408] kthread+0x3ab/0x720 [ 331.352830] ret_from_fork+0x48/0x80 [ 331.353256] ret_from_fork_asm+0x1a/0x30 [ 331.353741] [ 331.353741] other info that might help us debug this: [ 331.353741] [ 331.354487] Possible unsafe locking scenario: [ 331.354487] [ 331.355055] CPU0 CPU1 [ 331.355503] ---- ---- [ 331.355947] lock(&rdev->wiphy.mtx); [ 331.356352] lock(rtnl_mutex); [ 331.356923] lock(&rdev->wiphy.mtx); [ 331.357539] lock(rtnl_mutex); [ 331.357898] [ 331.357898] *** DEADLOCK *** [ 331.357898] [ 331.358461] 4 locks held by kworker/u8:1/66: [ 331.358892] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 331.359903] #1: ffff88800ed0fd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 331.360883] #2: ffffffff8620f810 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 331.361790] #3: ffff888025428768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 331.362800] [ 331.362800] stack backtrace: [ 331.363238] CPU: 0 UID: 0 PID: 66 Comm: kworker/u8:1 Not tainted 6.13.0-rc7-next-20250117 #1 [ 331.364044] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 331.364824] Workqueue: netns cleanup_net [ 331.365240] Call Trace: [ 331.365493] [ 331.365719] dump_stack_lvl+0xca/0x120 [ 331.366135] print_circular_bug+0x47b/0x750 [ 331.366570] check_noncircular+0x2e9/0x3c0 [ 331.366993] ? srso_return_thunk+0x5/0x5f [ 331.367424] ? __pfx_check_noncircular+0x10/0x10 [ 331.367894] ? hlock_class+0x4e/0x130 [ 331.368270] ? mark_lock+0xac/0xed0 [ 331.368638] ? srso_return_thunk+0x5/0x5f [ 331.369069] ? sched_clock+0x37/0x60 [ 331.369466] ? lockdep_lock+0xba/0x1b0 [ 331.369883] ? __pfx_lockdep_lock+0x10/0x10 [ 331.370335] __lock_acquire+0x29fd/0x4580 [ 331.370769] ? __pfx___lock_acquire+0x10/0x10 [ 331.371221] ? lock_release+0x20f/0x6f0 [ 331.371632] ? __pfx_lock_release+0x10/0x10 [ 331.372066] lock_acquire+0x19b/0x520 [ 331.372465] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 331.373037] ? __pfx_lock_acquire+0x10/0x10 [ 331.373470] ? srso_return_thunk+0x5/0x5f [ 331.373899] ? lock_release+0x20f/0x6f0 [ 331.374301] ? srso_return_thunk+0x5/0x5f [ 331.374733] ? lock_is_held_type+0x9e/0x120 [ 331.375178] ? srso_return_thunk+0x5/0x5f [ 331.375613] __mutex_lock+0x13d/0xb50 [ 331.376014] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 331.376590] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 331.377163] ? srso_return_thunk+0x5/0x5f [ 331.377592] ? synchronize_rcu_expedited+0x38a/0x420 [ 331.378096] ? __pfx___mutex_lock+0x10/0x10 [ 331.378538] ? __pfx_autoremove_wake_function+0x10/0x10 [ 331.379081] ? srso_return_thunk+0x5/0x5f [ 331.379516] ? kasan_quarantine_put+0x84/0x1e0 [ 331.379995] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 331.380460] ? srso_return_thunk+0x5/0x5f [ 331.380903] unregister_netdevice_many_notify+0x1612/0x1c80 [ 331.381461] ? __virt_addr_valid+0x2e8/0x5d0 [ 331.381919] ? __pfx_lock_release+0x10/0x10 [ 331.382353] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 331.382938] ? find_held_lock+0x2c/0x110 [ 331.383370] ? srso_return_thunk+0x5/0x5f [ 331.383803] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 331.384303] ? srso_return_thunk+0x5/0x5f [ 331.384737] ? lock_release+0x20f/0x6f0 [ 331.385138] ? __pfx_lock_release+0x10/0x10 [ 331.385570] ? srso_return_thunk+0x5/0x5f [ 331.385998] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 331.386520] ? srso_return_thunk+0x5/0x5f [ 331.386968] unregister_netdevice_queue+0x224/0x2e0 [ 331.387461] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 331.387998] ? up_write+0x195/0x520 [ 331.388394] _cfg80211_unregister_wdev+0x57b/0x700 [ 331.388888] ? srso_return_thunk+0x5/0x5f [ 331.389320] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 331.389814] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 331.390351] ? srso_return_thunk+0x5/0x5f [ 331.390781] ? srso_return_thunk+0x5/0x5f [ 331.391211] ? synchronize_rcu+0x1ff/0x260 [ 331.391634] ieee80211_unregister_hw+0x55/0x3a0 [ 331.392101] hwsim_exit_net+0x3a0/0x730 [ 331.392507] ? __pfx_hwsim_exit_net+0x10/0x10 [ 331.392952] ? srso_return_thunk+0x5/0x5f [ 331.393379] ? netdev_run_todo+0x788/0x1040 [ 331.393816] ? __pfx_hwsim_exit_net+0x10/0x10 [ 331.394263] ops_exit_list+0xb3/0x180 [ 331.394649] cleanup_net+0x546/0xad0 [ 331.395032] ? __pfx_cleanup_net+0x10/0x10 [ 331.395467] process_one_work+0x8ee/0x1a10 [ 331.395920] ? __pfx_lock_acquire+0x10/0x10 [ 331.396364] ? __pfx_process_one_work+0x10/0x10 [ 331.396850] ? srso_return_thunk+0x5/0x5f [ 331.397280] ? move_linked_works+0x172/0x270 [ 331.397726] ? srso_return_thunk+0x5/0x5f [ 331.398155] ? assign_work+0x196/0x240 [ 331.398565] worker_thread+0x674/0xe70 [ 331.398980] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 331.399502] ? srso_return_thunk+0x5/0x5f [ 331.399928] ? __pfx_worker_thread+0x10/0x10 [ 331.400392] kthread+0x3ab/0x720 [ 331.400748] ? __pfx_kthread+0x10/0x10 [ 331.401147] ? srso_return_thunk+0x5/0x5f [ 331.401571] ? finish_task_switch.isra.0+0x206/0x840 [ 331.402073] ? __pfx_kthread+0x10/0x10 [ 331.402476] ret_from_fork+0x48/0x80 [ 331.402846] ? __pfx_kthread+0x10/0x10 [ 331.403248] ret_from_fork_asm+0x1a/0x30 [ 331.403682] [ 333.348189] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 333.352649] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 333.357179] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 333.364919] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 333.371521] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 333.373927] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 333.474249] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 333.482148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 333.485738] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 333.498812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 333.504565] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 333.506993] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 333.546659] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 333.549387] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 333.551595] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 333.552181] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 333.556885] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 333.558264] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 333.560807] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 333.564067] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 333.565468] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 333.581112] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 333.587639] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 333.590795] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 333.607248] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 333.609807] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 333.611803] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 333.619717] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 333.628467] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 333.630668] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 333.632078] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 333.655487] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 333.678869] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 333.683669] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 333.697058] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 333.701841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 333.703303] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 333.704963] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 333.717031] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 333.722715] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 333.731017] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 333.740542] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 333.746257] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 333.764386] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 333.803821] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 333.817752] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 333.850709] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 333.863688] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 335.448477] Bluetooth: hci0: command tx timeout [ 335.577386] Bluetooth: hci2: command tx timeout [ 335.577503] Bluetooth: hci1: command tx timeout [ 335.640371] Bluetooth: hci3: command tx timeout [ 335.706336] Bluetooth: hci4: command tx timeout [ 335.768436] Bluetooth: hci5: command tx timeout [ 335.833417] Bluetooth: hci6: command tx timeout [ 335.960362] Bluetooth: hci7: command tx timeout [ 337.496394] Bluetooth: hci0: command tx timeout [ 337.624370] Bluetooth: hci2: command tx timeout [ 337.624869] Bluetooth: hci1: command tx timeout [ 337.688316] Bluetooth: hci3: command tx timeout [ 337.752748] Bluetooth: hci4: command tx timeout [ 337.816391] Bluetooth: hci5: command tx timeout [ 337.880966] Bluetooth: hci6: command tx timeout [ 338.010513] Bluetooth: hci7: command tx timeout [ 339.545409] Bluetooth: hci0: command tx timeout [ 339.672350] Bluetooth: hci2: command tx timeout [ 339.672939] Bluetooth: hci1: command tx timeout [ 339.736330] Bluetooth: hci3: command tx timeout [ 339.800326] Bluetooth: hci4: command tx timeout [ 339.866367] Bluetooth: hci5: command tx timeout [ 339.929339] Bluetooth: hci6: command tx timeout [ 340.056333] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 19:52:40 Registers: info registers vcpu 0 RAX=000000000000000a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283cdc5 RDI=ffffffff886930a0 RBP=ffffffff88693060 RSP=ffff88800ed0ebb8 R8 =0000000000000001 R9 =ffffed1001da1d67 R10=0000000000000001 R11=3a6b636f6c206762 R12=000000000000000a R13=0000000000000001 R14=ffff888008fea010 R15=ffff88800ed0eeb8 RIP=ffffffff8283ce1d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f9e8cb27570 CR3=00000000133fe000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000004160cf1800000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffff88806cf00000 RBX=0000000000000001 RCX=ffffffff84a8bb27 RDX=ffffed100d9e6c4b RSI=0000000000000004 RDI=ffffffff814b1b6a RBP=dffffc0000000000 RSP=ffff8880096a7e68 R8 =0000000000000000 R9 =ffffed100d9e6c4a R10=ffff88806cf36253 R11=0000000000000001 R12=ffffffff864021d0 R13=1ffff110012d4fd2 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff84a8cace RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe6b00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005584267b7b68 CR3=00000000133fe000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=000000c000303680000000c0000564b0 XMM04=000000c000086090000000c000086060 XMM05=000000c0000860f0000000c0000860c0 XMM06=000000c000086150000000c000086120 XMM07=000000c000085760000000c00005b4d0 XMM08=000000c0000864b0000000c000086480 XMM09=000000c000086510000000c0000864e0 XMM10=000000c000086540000000c00005b530 XMM11=000000c0000865a0000000c000086570 XMM12=000000c000086600000000c0000865d0 XMM13=000000c000086660000000c000086630 XMM14=000000c0000866c0000000c000086690 XMM15=000000c0000a1080000000c0000866f0