Warning: Permanently added '[localhost]:7428' (ECDSA) to the list of known hosts. 2025/01/17 16:33:36 fuzzer started 2025/01/17 16:33:36 dialing manager at localhost:44245 syzkaller login: [ 70.080536] cgroup: Unknown subsys name 'net' [ 70.200660] cgroup: Unknown subsys name 'cpuset' [ 70.240578] cgroup: Unknown subsys name 'rlimit' [ 75.514637] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/17 16:33:54 syscalls: 2217 2025/01/17 16:33:54 code coverage: enabled 2025/01/17 16:33:54 comparison tracing: enabled 2025/01/17 16:33:54 extra coverage: enabled 2025/01/17 16:33:54 setuid sandbox: enabled 2025/01/17 16:33:54 namespace sandbox: enabled 2025/01/17 16:33:54 Android sandbox: enabled 2025/01/17 16:33:54 fault injection: enabled 2025/01/17 16:33:54 leak checking: enabled 2025/01/17 16:33:54 net packet injection: enabled 2025/01/17 16:33:54 net device setup: enabled 2025/01/17 16:33:54 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/17 16:33:54 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/17 16:33:54 USB emulation: enabled 2025/01/17 16:33:54 hci packet injection: enabled 2025/01/17 16:33:54 wifi device emulation: enabled 2025/01/17 16:33:54 802.15.4 emulation: enabled 2025/01/17 16:33:54 fetching corpus: 0, signal 0/0 (executing program) 2025/01/17 16:33:54 fetching corpus: 0, signal 0/0 (executing program) 2025/01/17 16:33:57 starting 8 fuzzer processes 16:33:57 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)='\"', 0x1}], 0x1, 0x8000, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, r1, 0x0) syz_io_uring_submit(r2, 0x0, 0x0, 0x0) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x15) madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x9) 16:33:57 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0) 16:33:57 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) [ 90.422627] audit: type=1400 audit(1737131637.504:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 16:33:57 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000240008000f80100200040000000000000000000800029600c6cf153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a00", 0xc0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ffff00f0ffffffff078000ffffff00"/64, 0x40, 0x1e0}, {&(0x7f0000010200)="f8ffff00f0ffffffff078000ffffff00"/32, 0x20, 0x400}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e980325132510000e980325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000a5e970325132510000e970325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000a5e970325132510000e970325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000a5e970325132510000e970325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000a5e970325132510000e9703251090064000000", 0x120, 0x600}, {&(0x7f0000010500)="2e202020202020202020201000a5e970325132510000e97032510300000000002e2e2020202020202020201000a5e970325132510000e970325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000a5e970325132510000e970325104001a040000", 0x80, 0x1e00}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x2e00}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0x3e00}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x7e00}], 0x0, &(0x7f0000010d00)) 16:33:57 executing program 4: mlockall(0x1) mlockall(0x3) mlockall(0x6) mlockall(0x0) 16:33:57 executing program 5: openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100), 0x40102, 0x0) write$vga_arbiter(r0, &(0x7f0000000000)=@other={'lock', ' ', 'mem'}, 0x9) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 16:33:57 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x80000392}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(r0, 0x800454e1, 0x0) 16:33:57 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000000)=0x3, 0x4) sendmmsg$sock(r0, &(0x7f00000038c0)=[{{&(0x7f00000036c0)=@in={0xa, 0x4e23, @local}, 0x80, 0x0}}], 0x1, 0x4c804) sendmmsg$inet6(r0, &(0x7f0000001500)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000240)={0xa, 0x4e26, 0x0, @remote}, 0x1c, &(0x7f00000005c0)=[{&(0x7f0000000380)="f23456cdf8dcdf7db792ad814a5cf50d472768038adb2abd9c2fbab92f01a1d2238f03ed64aa36d69764d8ed3fbb410c0d87a1a4bd7a0da7cfcae32d86dbd1dd63e0b5700fa6884dcd0119de", 0x4c}, {&(0x7f0000000400)="a24cf5473e3db9affd383fbf149cee47f6e70defda7be4740c28fea8f72cf7ed10af2881a340e35ed50a50d9b2a07374648b678f152622af297840a9bd640e87fb23af55fc8074fc02b646c6ecd5c6c972b80d3a99eaa3ab423981932ceec877a7a35164dc8960b6e44440bc8cff2753c379920319", 0x75}, {&(0x7f0000000040)="0a97b2d302790b2e7638f05b3b7151d425b475c3f1c305024a4b85d017a8f184d1bd1b9e5735c1b2f78f2482e79bbf5d727214e620f51a0a27440f8690611ec32b6721be7ce06e19a9ad7fd626eaa4cbee493a45648e061c41bbf5e9310c1da0ff1860c29824496cfb3920f8c31ea717fa2a2f203e30991d3dac5e38eaf191431607019880f794c03f94fd71975846f1f1094060d83868024cbc2051c53fe142903b14803cede32959b6ffe49048efb8bd324391ce68a9f0eac13d74f065", 0xbe}, {&(0x7f0000000100)="1e0a", 0x2}], 0x4}}], 0x2, 0x0) [ 92.076710] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.079234] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.081438] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.089334] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.092482] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 92.095365] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.141986] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.145238] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.148251] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.159288] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.162116] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 92.163772] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.197719] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.202272] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 92.204269] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 92.212442] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 92.215236] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 92.217236] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.272035] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 92.283106] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 92.295269] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 92.303207] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 92.312326] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 92.314679] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 92.355328] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 92.360140] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 92.365535] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 92.376415] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 92.385254] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 92.389214] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 92.393364] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 92.393705] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 92.404779] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 92.405902] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 92.410192] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 92.416111] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 92.420028] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 92.424302] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 92.428529] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 92.429157] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 92.439646] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 92.442139] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 92.449121] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 92.458699] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 92.490399] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 92.495324] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 92.499218] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 92.499672] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 94.162471] Bluetooth: hci0: command tx timeout [ 94.226929] Bluetooth: hci1: command tx timeout [ 94.290901] Bluetooth: hci2: command tx timeout [ 94.354928] Bluetooth: hci3: command tx timeout [ 94.482426] Bluetooth: hci7: command tx timeout [ 94.483315] Bluetooth: hci4: command tx timeout [ 94.611663] Bluetooth: hci6: command tx timeout [ 94.613445] Bluetooth: hci5: command tx timeout [ 96.210010] Bluetooth: hci0: command tx timeout [ 96.274584] Bluetooth: hci1: command tx timeout [ 96.338927] Bluetooth: hci2: command tx timeout [ 96.401953] Bluetooth: hci3: command tx timeout [ 96.530043] Bluetooth: hci4: command tx timeout [ 96.530064] Bluetooth: hci7: command tx timeout [ 96.658803] Bluetooth: hci5: command tx timeout [ 96.658990] Bluetooth: hci6: command tx timeout [ 98.257880] Bluetooth: hci0: command tx timeout [ 98.322479] Bluetooth: hci1: command tx timeout [ 98.386891] Bluetooth: hci2: command tx timeout [ 98.450034] Bluetooth: hci3: command tx timeout [ 98.577898] Bluetooth: hci4: command tx timeout [ 98.580867] Bluetooth: hci7: command tx timeout [ 98.707797] Bluetooth: hci6: command tx timeout [ 98.708811] Bluetooth: hci5: command tx timeout [ 100.306176] Bluetooth: hci0: command tx timeout [ 100.369906] Bluetooth: hci1: command tx timeout [ 100.434992] Bluetooth: hci2: command tx timeout [ 100.497922] Bluetooth: hci3: command tx timeout [ 100.625965] Bluetooth: hci7: command tx timeout [ 100.625995] Bluetooth: hci4: command tx timeout [ 100.754512] Bluetooth: hci6: command tx timeout [ 100.755066] Bluetooth: hci5: command tx timeout [ 154.293348] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 154.299620] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 154.302195] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 154.308094] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 154.311623] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 154.314192] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 154.399035] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 154.407586] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 154.411013] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 154.412512] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 154.414551] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 154.415384] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 154.415757] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 154.420350] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 154.420940] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 154.425900] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 154.426178] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 154.432142] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 154.432976] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 154.437110] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 154.440414] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 154.442433] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 154.449025] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 154.462134] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 154.508622] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 154.509555] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 154.514093] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 154.516019] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 154.516431] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 154.519042] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 154.521053] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 154.521224] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 154.524620] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 154.530425] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 154.531692] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 154.532094] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 154.542928] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 154.546212] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 154.550438] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 154.557858] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 154.564595] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 154.566028] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 154.571455] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 154.572201] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 154.578090] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 154.591150] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 154.608618] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 154.615937] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 156.369972] Bluetooth: hci0: command tx timeout [ 156.434163] Bluetooth: hci1: command tx timeout [ 156.498054] Bluetooth: hci2: command tx timeout [ 156.690329] Bluetooth: hci6: command tx timeout [ 156.690971] Bluetooth: hci7: command tx timeout [ 156.691340] Bluetooth: hci5: command tx timeout [ 156.691351] Bluetooth: hci4: command tx timeout [ 156.691546] Bluetooth: hci3: command tx timeout [ 158.417916] Bluetooth: hci0: command tx timeout [ 158.481939] Bluetooth: hci1: command tx timeout [ 158.545960] Bluetooth: hci2: command tx timeout [ 158.737973] Bluetooth: hci6: command tx timeout [ 158.738556] Bluetooth: hci3: command tx timeout [ 158.738594] Bluetooth: hci5: command tx timeout [ 158.738664] Bluetooth: hci4: command tx timeout [ 158.738679] Bluetooth: hci7: command tx timeout [ 160.466910] Bluetooth: hci0: command tx timeout [ 160.530955] Bluetooth: hci1: command tx timeout [ 160.594871] Bluetooth: hci2: command tx timeout [ 160.785933] Bluetooth: hci6: command tx timeout [ 160.786016] Bluetooth: hci7: command tx timeout [ 160.786102] Bluetooth: hci4: command tx timeout [ 160.786164] Bluetooth: hci5: command tx timeout [ 160.786254] Bluetooth: hci3: command tx timeout [ 162.516244] Bluetooth: hci0: command tx timeout [ 162.577883] Bluetooth: hci1: command tx timeout [ 162.642895] Bluetooth: hci2: command tx timeout [ 162.833936] Bluetooth: hci3: command tx timeout [ 162.834525] Bluetooth: hci5: command tx timeout [ 162.834574] Bluetooth: hci4: command tx timeout [ 162.834662] Bluetooth: hci7: command tx timeout [ 162.834717] Bluetooth: hci6: command tx timeout [ 216.426146] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 216.436856] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 216.441354] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 216.444473] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 216.447512] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 216.457358] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 216.460331] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 216.460647] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 216.464097] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 216.466295] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 216.470512] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 216.474093] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 216.480559] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 216.482679] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 216.485413] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 216.487731] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 216.488243] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 216.490397] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 216.513966] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 216.518961] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 216.537220] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 216.544222] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 216.547460] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 216.558298] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 216.560877] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 216.561327] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 216.564171] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 216.565656] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 216.576285] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 216.577456] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 216.578428] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 216.580979] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 216.588485] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 216.594567] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 216.602138] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 216.609164] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 216.617103] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 216.621204] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 216.623476] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 216.629178] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 216.635000] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 216.639160] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 216.657310] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 216.662115] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 216.666123] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 216.670476] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 216.675944] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 216.677884] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 218.514885] Bluetooth: hci1: command tx timeout [ 218.514940] Bluetooth: hci2: command tx timeout [ 218.578892] Bluetooth: hci0: command tx timeout [ 218.641908] Bluetooth: hci5: command tx timeout [ 218.642922] Bluetooth: hci3: command tx timeout [ 218.706897] Bluetooth: hci7: command tx timeout [ 218.707005] Bluetooth: hci4: command tx timeout [ 218.770946] Bluetooth: hci6: command tx timeout [ 220.561970] Bluetooth: hci1: command tx timeout [ 220.562034] Bluetooth: hci2: command tx timeout [ 220.626949] Bluetooth: hci0: command tx timeout [ 220.690063] Bluetooth: hci3: command tx timeout [ 220.690769] Bluetooth: hci5: command tx timeout [ 220.754146] Bluetooth: hci7: command tx timeout [ 220.754173] Bluetooth: hci4: command tx timeout [ 220.819292] Bluetooth: hci6: command tx timeout [ 222.609962] Bluetooth: hci2: command tx timeout [ 222.609987] Bluetooth: hci1: command tx timeout [ 222.674462] Bluetooth: hci0: command tx timeout [ 222.737964] Bluetooth: hci5: command tx timeout [ 222.737995] Bluetooth: hci3: command tx timeout [ 222.801979] Bluetooth: hci7: command tx timeout [ 222.801998] Bluetooth: hci4: command tx timeout [ 222.865964] Bluetooth: hci6: command tx timeout [ 224.659946] Bluetooth: hci1: command tx timeout [ 224.659981] Bluetooth: hci2: command tx timeout [ 224.722941] Bluetooth: hci0: command tx timeout [ 224.785903] Bluetooth: hci3: command tx timeout [ 224.786912] Bluetooth: hci5: command tx timeout [ 224.851463] Bluetooth: hci4: command tx timeout [ 224.851546] Bluetooth: hci7: command tx timeout [ 224.914962] Bluetooth: hci6: command tx timeout [ 277.138065] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 278.692038] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 278.698251] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 278.700855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 278.710216] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 278.716468] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 278.719623] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 278.819526] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 278.821752] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 278.824656] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 278.829498] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 278.833680] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 278.835456] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 279.020529] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 279.022731] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 279.023540] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 279.024522] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 279.030966] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 279.033724] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 279.045529] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 279.046069] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 279.049383] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 279.068501] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 279.088699] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 279.100261] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 279.111411] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 279.112658] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 279.127391] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 279.137191] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 279.138368] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 279.141993] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 279.143558] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 279.144849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 279.159723] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 279.166322] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 279.171513] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 279.173481] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 279.214677] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 279.219164] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 279.224744] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 279.239071] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 279.263709] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 279.265232] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 279.266085] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 279.312204] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 279.312675] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 279.315177] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 279.316662] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 279.327264] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 280.785888] Bluetooth: hci0: command tx timeout [ 280.849974] Bluetooth: hci1: command tx timeout [ 281.105888] Bluetooth: hci2: command tx timeout [ 281.170880] Bluetooth: hci3: command tx timeout [ 281.234824] Bluetooth: hci5: command tx timeout [ 281.298418] Bluetooth: hci4: command tx timeout [ 281.426836] Bluetooth: hci7: command tx timeout [ 281.490015] Bluetooth: hci6: command tx timeout [ 282.834840] Bluetooth: hci0: command tx timeout [ 282.898908] Bluetooth: hci1: command tx timeout [ 283.154943] Bluetooth: hci2: command tx timeout [ 283.218910] Bluetooth: hci3: command tx timeout [ 283.282930] Bluetooth: hci5: command tx timeout [ 283.346999] Bluetooth: hci4: command tx timeout [ 283.474877] Bluetooth: hci7: command tx timeout [ 283.539037] Bluetooth: hci6: command tx timeout [ 284.882906] Bluetooth: hci0: command tx timeout [ 284.946894] Bluetooth: hci1: command tx timeout [ 285.202941] Bluetooth: hci2: command tx timeout [ 285.265857] Bluetooth: hci3: command tx timeout [ 285.330824] Bluetooth: hci5: command tx timeout [ 285.396807] Bluetooth: hci4: command tx timeout [ 285.523844] Bluetooth: hci7: command tx timeout [ 285.585821] Bluetooth: hci6: command tx timeout [ 286.930869] Bluetooth: hci0: command tx timeout [ 286.994060] Bluetooth: hci1: command tx timeout [ 287.249842] Bluetooth: hci2: command tx timeout [ 287.315882] Bluetooth: hci3: command tx timeout [ 287.377838] Bluetooth: hci5: command tx timeout [ 287.444907] Bluetooth: hci4: command tx timeout [ 287.571208] Bluetooth: hci7: command tx timeout [ 287.633854] Bluetooth: hci6: command tx timeout [ 336.453348] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.453465] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.718488] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.718575] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 337.892583] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 337.892654] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 337.924627] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 337.924701] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 338.099728] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 338.099909] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 338.300940] [ 338.301179] ====================================================== [ 338.301746] WARNING: possible circular locking dependency detected [ 338.302295] 6.13.0-rc7-next-20250117 #1 Not tainted [ 338.302752] ------------------------------------------------------ [ 338.303975] kworker/u8:2/13575 is trying to acquire lock: [ 338.305294] ffffffff8621b968 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 338.307731] [ 338.307731] but task is already holding lock: [ 338.308267] ffff88802a658768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 338.309184] [ 338.309184] which lock already depends on the new lock. [ 338.309184] [ 338.309931] [ 338.309931] the existing dependency chain (in reverse order) is: [ 338.310640] [ 338.310640] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 338.311280] __mutex_lock+0x13d/0xb50 [ 338.311713] wiphy_register+0x1b2e/0x25d0 [ 338.312171] ieee80211_register_hw+0x23a4/0x3d60 [ 338.312671] mac80211_hwsim_new_radio+0x2759/0x4d50 [ 338.313202] init_mac80211_hwsim+0x389/0x870 [ 338.313691] do_one_initcall+0xf9/0x640 [ 338.314146] kernel_init_freeable+0x53d/0x7a0 [ 338.314646] kernel_init+0x1e/0x2d0 [ 338.315041] ret_from_fork+0x48/0x80 [ 338.315448] ret_from_fork_asm+0x1a/0x30 [ 338.315904] [ 338.315904] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 338.316482] __lock_acquire+0x29fd/0x4580 [ 338.316936] lock_acquire+0x19b/0x520 [ 338.317357] __mutex_lock+0x13d/0xb50 [ 338.317790] unregister_netdevice_many_notify+0x1612/0x1c80 [ 338.318362] unregister_netdevice_queue+0x224/0x2e0 [ 338.318885] _cfg80211_unregister_wdev+0x57b/0x700 [ 338.319404] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 338.319923] ieee80211_unregister_hw+0x55/0x3a0 [ 338.320411] hwsim_exit_net+0x3a0/0x730 [ 338.320843] ops_exit_list+0xb3/0x180 [ 338.321258] cleanup_net+0x546/0xad0 [ 338.321668] process_one_work+0x8ee/0x1a10 [ 338.322145] worker_thread+0x674/0xe70 [ 338.322592] kthread+0x3ab/0x720 [ 338.322988] ret_from_fork+0x48/0x80 [ 338.323388] ret_from_fork_asm+0x1a/0x30 [ 338.323843] [ 338.323843] other info that might help us debug this: [ 338.323843] [ 338.324536] Possible unsafe locking scenario: [ 338.324536] [ 338.325064] CPU0 CPU1 [ 338.325482] ---- ---- [ 338.325897] lock(&rdev->wiphy.mtx); [ 338.326272] lock(rtnl_mutex); [ 338.326819] lock(&rdev->wiphy.mtx); [ 338.327396] lock(rtnl_mutex); [ 338.327739] [ 338.327739] *** DEADLOCK *** [ 338.327739] [ 338.328264] 4 locks held by kworker/u8:2/13575: [ 338.328700] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 338.329646] #1: ffff8880326ffd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 338.330559] #2: ffffffff8620f810 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 338.331419] #3: ffff88802a658768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 338.332377] [ 338.332377] stack backtrace: [ 338.332781] CPU: 1 UID: 0 PID: 13575 Comm: kworker/u8:2 Not tainted 6.13.0-rc7-next-20250117 #1 [ 338.333590] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 338.334329] Workqueue: netns cleanup_net [ 338.334724] Call Trace: [ 338.334961] [ 338.335173] dump_stack_lvl+0xca/0x120 [ 338.335564] print_circular_bug+0x47b/0x750 [ 338.335976] check_noncircular+0x2e9/0x3c0 [ 338.336389] ? srso_return_thunk+0x5/0x5f [ 338.336798] ? __pfx_check_noncircular+0x10/0x10 [ 338.337240] ? hlock_class+0x4e/0x130 [ 338.337596] ? mark_lock+0xac/0xed0 [ 338.337948] ? srso_return_thunk+0x5/0x5f [ 338.338354] ? sched_clock+0x37/0x60 [ 338.338741] ? lockdep_lock+0xba/0x1b0 [ 338.339132] ? __pfx_lockdep_lock+0x10/0x10 [ 338.339559] __lock_acquire+0x29fd/0x4580 [ 338.339968] ? __pfx___lock_acquire+0x10/0x10 [ 338.340398] ? lock_release+0x20f/0x6f0 [ 338.340781] ? __pfx_lock_release+0x10/0x10 [ 338.341194] lock_acquire+0x19b/0x520 [ 338.341563] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 338.342105] ? __pfx_lock_acquire+0x10/0x10 [ 338.342515] ? srso_return_thunk+0x5/0x5f [ 338.342928] ? lock_release+0x20f/0x6f0 [ 338.343310] ? srso_return_thunk+0x5/0x5f [ 338.343716] ? lock_is_held_type+0x9e/0x120 [ 338.344166] ? srso_return_thunk+0x5/0x5f [ 338.344612] __mutex_lock+0x13d/0xb50 [ 338.345020] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 338.345607] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 338.346173] ? srso_return_thunk+0x5/0x5f [ 338.346611] ? synchronize_rcu_expedited+0x38a/0x420 [ 338.347130] ? __pfx___mutex_lock+0x10/0x10 [ 338.347587] ? __pfx_autoremove_wake_function+0x10/0x10 [ 338.348126] ? srso_return_thunk+0x5/0x5f [ 338.348579] ? kasan_quarantine_put+0x84/0x1e0 [ 338.349043] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 338.349470] ? srso_return_thunk+0x5/0x5f [ 338.349882] unregister_netdevice_many_notify+0x1612/0x1c80 [ 338.350403] ? __virt_addr_valid+0x2e8/0x5d0 [ 338.350917] ? __pfx_lock_release+0x10/0x10 [ 338.351366] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 338.351968] ? find_held_lock+0x2c/0x110 [ 338.352413] ? srso_return_thunk+0x5/0x5f [ 338.352859] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 338.353381] ? srso_return_thunk+0x5/0x5f [ 338.353813] ? lock_release+0x20f/0x6f0 [ 338.354231] ? __pfx_lock_release+0x10/0x10 [ 338.354681] ? srso_return_thunk+0x5/0x5f [ 338.355128] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 338.355660] ? srso_return_thunk+0x5/0x5f [ 338.356108] unregister_netdevice_queue+0x224/0x2e0 [ 338.356616] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 338.357167] ? up_write+0x195/0x520 [ 338.357565] _cfg80211_unregister_wdev+0x57b/0x700 [ 338.358071] ? srso_return_thunk+0x5/0x5f [ 338.358507] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 338.359053] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 338.359606] ? srso_return_thunk+0x5/0x5f [ 338.360048] ? srso_return_thunk+0x5/0x5f [ 338.360488] ? synchronize_rcu+0x1ff/0x260 [ 338.360923] ieee80211_unregister_hw+0x55/0x3a0 [ 338.361400] hwsim_exit_net+0x3a0/0x730 [ 338.361812] ? __pfx_hwsim_exit_net+0x10/0x10 [ 338.362270] ? srso_return_thunk+0x5/0x5f [ 338.362718] ? netdev_run_todo+0x788/0x1040 [ 338.363167] ? __pfx_hwsim_exit_net+0x10/0x10 [ 338.363628] ops_exit_list+0xb3/0x180 [ 338.364024] cleanup_net+0x546/0xad0 [ 338.364419] ? __pfx_cleanup_net+0x10/0x10 [ 338.364860] process_one_work+0x8ee/0x1a10 [ 338.365317] ? __pfx_lock_acquire+0x10/0x10 [ 338.365762] ? __pfx_process_one_work+0x10/0x10 [ 338.366259] ? srso_return_thunk+0x5/0x5f [ 338.366701] ? move_linked_works+0x172/0x270 [ 338.367156] ? srso_return_thunk+0x5/0x5f [ 338.367593] ? assign_work+0x196/0x240 [ 338.368007] worker_thread+0x674/0xe70 [ 338.368429] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 338.368971] ? srso_return_thunk+0x5/0x5f [ 338.369408] ? __pfx_worker_thread+0x10/0x10 [ 338.369880] kthread+0x3ab/0x720 [ 338.370250] ? __pfx_kthread+0x10/0x10 [ 338.370667] ? srso_return_thunk+0x5/0x5f [ 338.371107] ? finish_task_switch.isra.0+0x206/0x840 [ 338.371617] ? __pfx_kthread+0x10/0x10 [ 338.372027] ret_from_fork+0x48/0x80 [ 338.372401] ? __pfx_kthread+0x10/0x10 [ 338.372805] ret_from_fork_asm+0x1a/0x30 [ 338.373241] [ 338.552283] syz-executor.0 (10109) used greatest stack depth: 23568 bytes left [ 340.438044] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 340.440328] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 340.441955] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 340.446334] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 340.448575] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 340.450936] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 340.577154] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 340.580020] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 340.581637] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 340.589324] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 340.597383] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 340.603080] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 340.604723] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 340.605320] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 340.612126] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 340.622672] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 340.626077] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 340.630124] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 340.645194] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 340.647057] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 340.647587] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 340.667990] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 340.669479] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 340.670430] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 340.767400] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 340.772031] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 340.776689] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 340.780294] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 340.784023] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 340.785688] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 340.872925] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 340.879463] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 340.896053] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 340.902318] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 340.902589] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 340.917310] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 340.998082] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 341.000020] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 341.020859] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 341.024257] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 341.024324] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 341.031876] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 341.033944] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 341.081376] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 341.081415] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 341.084271] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 341.098074] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 341.099610] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 342.481830] Bluetooth: hci0: command tx timeout [ 342.673847] Bluetooth: hci1: command tx timeout [ 342.674371] Bluetooth: hci2: command tx timeout [ 342.737827] Bluetooth: hci3: command tx timeout [ 342.801963] Bluetooth: hci4: command tx timeout [ 343.058265] Bluetooth: hci5: command tx timeout [ 343.185949] Bluetooth: hci7: command tx timeout [ 343.186411] Bluetooth: hci6: command tx timeout [ 344.530019] Bluetooth: hci0: command tx timeout [ 344.723065] Bluetooth: hci2: command tx timeout [ 344.724057] Bluetooth: hci1: command tx timeout [ 344.786946] Bluetooth: hci3: command tx timeout [ 344.850815] Bluetooth: hci4: command tx timeout [ 345.106898] Bluetooth: hci5: command tx timeout [ 345.234825] Bluetooth: hci6: command tx timeout [ 345.234893] Bluetooth: hci7: command tx timeout [ 346.578794] Bluetooth: hci0: command tx timeout [ 346.770001] Bluetooth: hci1: command tx timeout [ 346.770488] Bluetooth: hci2: command tx timeout [ 346.835889] Bluetooth: hci3: command tx timeout [ 346.897855] Bluetooth: hci4: command tx timeout [ 347.153891] Bluetooth: hci5: command tx timeout [ 347.282185] Bluetooth: hci7: command tx timeout [ 347.282572] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 16:38:05 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=ffffea00005a8880 RCX=ffffffff819e63e2 RDX=1ffffd40000b5111 RSI=0000000000000000 RDI=0000000000000000 RBP=ffffea00005a8880 RSP=ffff8880307475f0 R8 =0000000000000000 R9 =fffff940000b5110 R10=0000000000000000 R11=00000000ce248c14 R12=0000000000000000 R13=ffffea000068d408 R14=0000000000000000 R15=ffff8880307477c0 RIP=ffffffff81719c78 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000557be3a13fc8 CR3=000000001a8dc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=682e29646e616d6d6f632a282e637069 XMM03=00000000000000000000000000000000 XMM04=000000c000086090000000c000086060 XMM05=000000c0000860f0000000c0000860c0 XMM06=000000c000086150000000c000086120 XMM07=000000c000085760000000c00005b4d0 XMM08=000000c0000864b0000000c000086480 XMM09=000000c000086510000000c0000864e0 XMM10=000000c000086540000000c00005b530 XMM11=000000c0000865a0000000c000086570 XMM12=000000c000086600000000c0000865d0 XMM13=000000c000086660000000c000086630 XMM14=000000c0000866c0000000c000086690 XMM15=000000c0000a1080000000c0000866f0 info registers vcpu 1 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283cdc5 RDI=ffffffff886930a0 RBP=ffffffff88693060 RSP=ffff8880326feb28 R8 =0000000000000001 R9 =ffffed10064dfd55 R10=0000000000000066 R11=6666666666666666 R12=0000000000000066 R13=0000000000000001 R14=ffff888008fea05d R15=ffff8880326fee28 RIP=ffffffff8283ce1d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f803e4b8425 CR3=000000000dd0e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffff00ffffffffffffff00 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=000055b1bf379d00000055b1bf3a0f40 XMM06=000055b1bf3b8b1000000004ffffffff XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000002020000000000000200000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000