Warning: Permanently added '[localhost]:32810' (ECDSA) to the list of known hosts. 2025/07/03 02:58:17 fuzzer started 2025/07/03 02:58:17 dialing manager at localhost:45015 syzkaller login: [ 50.321393] cgroup: Unknown subsys name 'net' [ 50.393623] cgroup: Unknown subsys name 'cpuset' [ 50.416771] cgroup: Unknown subsys name 'rlimit' 2025/07/03 02:58:29 syscalls: 200 2025/07/03 02:58:29 code coverage: enabled 2025/07/03 02:58:29 comparison tracing: enabled 2025/07/03 02:58:29 extra coverage: enabled 2025/07/03 02:58:29 setuid sandbox: enabled 2025/07/03 02:58:29 namespace sandbox: enabled 2025/07/03 02:58:29 Android sandbox: enabled 2025/07/03 02:58:29 fault injection: enabled 2025/07/03 02:58:29 leak checking: enabled 2025/07/03 02:58:29 net packet injection: enabled 2025/07/03 02:58:29 net device setup: enabled 2025/07/03 02:58:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/03 02:58:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/03 02:58:29 USB emulation: enabled 2025/07/03 02:58:29 hci packet injection: enabled 2025/07/03 02:58:29 wifi device emulation: enabled 2025/07/03 02:58:29 802.15.4 emulation: enabled 2025/07/03 02:58:29 fetching corpus: 0, signal 0/0 (executing program) 2025/07/03 02:58:30 starting 8 fuzzer processes 02:58:30 executing program 0: r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x1, 0x3, 0x81, 0x3, 0x2}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1) sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r2, 0x800, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040040}, 0x20000001) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x44, r3, 0x2, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x3f}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x659bd7c82eef8e3b}, 0x880) r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), r1) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x54, r4, 0x300, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x4}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x10000}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xabf6}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) sendmsg$BATADV_CMD_GET_VLAN(r1, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x120240}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r4, 0x2, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$SMC_PNETID_FLUSH(r0, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x34, 0x0, 0x400, 0x70bd26, 0x25dfdbff, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000f40), 0xb0800, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r5, &(0x7f0000001080)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001040)={&(0x7f0000000fc0)={0x44, r4, 0x8, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8000}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x9}]}, 0x44}, 0x1, 0x0, 0x0, 0xe66ee2952c885281}, 0x4004000) syz_genetlink_get_family_id$batadv(&(0x7f00000010c0), r1) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000001100), 0x101000, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001180), r5) sendmsg$NL80211_CMD_ASSOCIATE(r6, &(0x7f0000001400)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000013c0)={&(0x7f00000011c0)={0x1f8, r7, 0x4, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x12}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_FILS_NONCES={0x24, 0xf3, [0x800, 0x3, 0xbcb, 0x7, 0x6, 0x8000, 0x8, 0x3, 0x1, 0x101, 0x2, 0x9, 0x7, 0x8001, 0x8000, 0x4a9]}, @NL80211_ATTR_MAC={0xa, 0x6, @random="af82420ec6f9"}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x1000, 0x1, 0x5, 0x0, {0x4d, 0x81, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x400, 0xfe, 0x2}}, @NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0x40, {0x9, 0xde, 0xe8, 0x8000}}}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_PMK={0x102, 0xfe, "a952616fb04c9e66fa3e8004e846e4a36dd7ff3a7d3d00a07558b316d6d9a4308c88622a4a326784a8afa33fa485357b2e616461bd363c0e634b19c47f23e09594d361ef485d37f91a5038de9bcfa0e1c84b6a70991891fb250f2d6111493506aac58995f9bbb2aaf9ea725a3553c5b779a26348515c7dbe420e05999be75c70bf43d4a3eaa166795e5938fb39eae85ea0555227f842c86452680f45a146399125902cdbab2db918d8b44c89b34144a189a8a696c86a931a9dbf838a8acb72629b5455141685c99b4d909f7e3ea4054730f29b40261109bb21c1e7a0677c0280260a5a7ebe03517a7dc265551bef5e8ab4724fcfb32da8d5e4c88a2f8acc"}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x4}], @NL80211_ATTR_SSID={0x5, 0x34, @random='\x00'}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @from_mac}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x80, 0x1, 0x4, 0x0, {0x1, 0x9, 0x0, 0x8, 0x0, 0x1, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x1f}}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x4000, 0x0, 0x0, 0x0, {0x8, 0x4, 0x0, 0x239, 0x0, 0x1, 0x0, 0x1}, 0x9, 0x8c42, 0x4}}]}, 0x1f8}, 0x1, 0x0, 0x0, 0x81}, 0x8000) r8 = fsmount(r0, 0x1, 0x80) sendmsg$BATADV_CMD_GET_DAT_CACHE(r8, &(0x7f0000001700)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000016c0)={&(0x7f0000001640)={0x4c, 0x0, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5}]}, 0x4c}}, 0x80) 02:58:30 executing program 1: ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, &(0x7f0000000000)=""/170) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, &(0x7f00000000c0)={{0x2, 0x2, 0x6, 0x2, 0x401}, 0x1, 0x7}) ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, &(0x7f0000000140)=""/210) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000240)={{0x2, 0x3, 0x3, 0x0, 0x6}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000280)={{0xffffffffffffffff, 0x1, 0x5, 0x1, 0x7}}) r0 = socket(0x0, 0x2, 0x8000) openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x141000) r1 = getpid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000001480)={0x0, 0x0}) clone3(&(0x7f0000001540)={0x242022400, &(0x7f0000000300), &(0x7f0000000340)=0x0, &(0x7f0000000380), {0x27}, &(0x7f00000003c0)=""/185, 0xb9, &(0x7f0000000480)=""/4096, &(0x7f0000001500)=[0x0, r1, r2], 0x3}, 0x58) r4 = pidfd_open(r3, 0x0) getsockname(r0, &(0x7f00000015c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000001640)=0x80) pidfd_getfd(r4, r5, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000001680), 0x800, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r6, 0xc0145401, &(0x7f00000016c0)={0xffffffffffffffff, 0x1, 0x2, 0x0, 0x13}) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001700), 0x101400) ioctl$sock_SIOCGSKNS(r5, 0x894c, &(0x7f0000001740)=0x9) process_mrelease(r6, 0x0) r7 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001780), 0x8002, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r7, 0x40505412, &(0x7f00000017c0)={0x5, 0x1, 0x2, 0x0, 0x6}) 02:58:30 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS64(0xffffffffffffffff, 0x80605414, &(0x7f0000000000)) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, 0x0, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'sit0\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x29, 0x0, 0x9, 0x7ff, 0x4e, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast1, 0x57, 0x7800, 0x4, 0xffffff86}}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000440)={&(0x7f0000000280)={0x19c, 0x0, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [{{0x8}, {0x180, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r0}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0xa87e, 0x0, 0x80, 0xca}, {0x20, 0x5, 0x2, 0x2}, {0x3ff, 0x3f, 0x4, 0x4}, {0x8000, 0x7f, 0xf0, 0x6}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x2, 0x6, 0x7f, 0x6}, {0x8001, 0x3f, 0x1, 0x401}, {0x7fff, 0x9, 0x80, 0x80000001}, {0x20, 0x6d, 0x7, 0x7ff}, {0x7fff, 0x7f, 0x1, 0x5a}, {0x5, 0x20, 0x81, 0x3068}, {0x8, 0x5, 0x1, 0x6e}, {0x2, 0x80, 0x8, 0x8}]}}}]}}]}, 0x19c}, 0x1, 0x0, 0x0, 0x801}, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, &(0x7f00000004c0)={0x8, 'xfrm0\x00', {'veth1_to_hsr\x00'}, 0x7}) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x38, r1, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x4}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x5}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x40800}, 0x4) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$team(&(0x7f00000006c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'team_slave_0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'batadv_slave_0\x00', 0x0}) sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x200040}, 0xc, &(0x7f0000000940)={&(0x7f0000000780)={0x190, r3, 0x10, 0x70bd28, 0x25dfdbfe, {}, [{{0x8, 0x1, r4}, {0x174, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7f}}, {0x8, 0x6, r0}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8, 0x6, r5}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r0}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r0}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}]}}]}, 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f00000009c0), &(0x7f0000000a00)=0x4) recvmmsg(0xffffffffffffffff, &(0x7f00000016c0)=[{{&(0x7f0000000a80)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000d80)=[{&(0x7f0000000b00)=""/95, 0x5f}, {&(0x7f0000000b80)=""/105, 0x69}, {&(0x7f0000000c00)=""/118, 0x76}, {&(0x7f0000000c80)=""/73, 0x49}, {&(0x7f0000000d00)=""/23, 0x17}, {&(0x7f0000000d40)=""/39, 0x27}], 0x6, &(0x7f0000000e00)=""/225, 0xe1}}, {{&(0x7f0000000f00)=@alg, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000f80)=""/21, 0x15}], 0x1, &(0x7f0000001000)=""/164, 0xa4}, 0xfffffd74}, {{&(0x7f00000010c0)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000001180)=[{&(0x7f0000001140)=""/41, 0x29}], 0x1, &(0x7f00000011c0)=""/5, 0x5}, 0xfffffffb}, {{&(0x7f0000001200)=@l2tp={0x2, 0x0, @dev}, 0x80, &(0x7f0000001340)=[{&(0x7f0000001280)}, {&(0x7f00000012c0)=""/95, 0x5f}], 0x2, &(0x7f0000001380)=""/253, 0xfd}, 0x6}, {{&(0x7f0000001480)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000001680)=[{&(0x7f0000001500)=""/114, 0x72}, {&(0x7f0000001580)=""/243, 0xf3}], 0x2}, 0xd5d}], 0x5, 0x40, &(0x7f0000001800)={0x77359400}) syz_genetlink_get_family_id$devlink(&(0x7f0000000a40), r6) syz_io_uring_submit(0x0, 0x0, &(0x7f0000001840)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0xa, 0x0, 0x0, 0x0, {0x2008}}, 0x2) syz_io_uring_setup(0x1bc9, &(0x7f0000001880)={0x0, 0x35cf, 0x9, 0x2, 0x380}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000001900)=0x0, &(0x7f0000001940)) r8 = openat$full(0xffffffffffffff9c, &(0x7f0000001980), 0x402100, 0x0) syz_io_uring_submit(r7, 0x0, &(0x7f00000019c0)=@IORING_OP_SPLICE={0x1e, 0x2, 0x0, @fd=r8, 0x4, {0x0, r6}, 0xfffffffb, 0x5, 0x1, {0x0, 0x0, r6}}, 0xa349) sendmsg$NL80211_CMD_ASSOCIATE(r8, &(0x7f0000001b40)={&(0x7f0000001a00), 0xc, &(0x7f0000001b00)={&(0x7f0000001a40)={0xa8, r2, 0x200, 0x70bd26, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x4, 0x30}}}}, [@NL80211_ATTR_DISABLE_VHT={0x4}, @NL80211_ATTR_IE={0x1e, 0x2a, [@mic={0x8c, 0x18, {0x6fb, "82e4f613788d", @long="fa36afe00f99e3f55ad13a5be80a7789"}}]}, @NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0xc0000000, {0x60, 0xb571, 0x7f, 0x9}}}, @NL80211_ATTR_DISABLE_HT={0x4}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x2, 0x1, 0x0, 0x0, {0x0, 0x3, 0x0, 0x33a, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x400, 0x1, 0x7f}}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x8, 0x0, 0x7, 0x0, {0x86e, 0x80, 0x0, 0x3fc, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x8, 0x5, 0xa8}}, @NL80211_ATTR_USE_RRM={0x4}]}, 0xa8}, 0x1, 0x0, 0x0, 0x40004}, 0x81) 02:58:30 executing program 3: r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, r0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x401}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000000}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x40000) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x131002, 0x0) sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3ff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000300), r1) sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x5c, r2, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xffffffff}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x2}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x633}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x100}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x73d}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x116}]}, 0x5c}}, 0x4) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x5c, r2, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x40}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x4}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4004801}, 0x40) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000580), 0x80c00, 0x0) r4 = fsmount(r3, 0x1, 0x7a) sendmsg$IPVS_CMD_FLUSH(r4, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x38, r0, 0x20, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x101}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x14}]}, 0x38}, 0x1, 0x0, 0x0, 0x90}, 0x8014) r5 = fsmount(r4, 0x0, 0x74) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000700)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000880)={'syztnl2\x00', &(0x7f0000000800)={'syztnl1\x00', 0x0, 0x29, 0x8, 0x2, 0x0, 0x30, @private0, @private2, 0x7800, 0x1, 0x1ff, 0x7fffffff}}) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000a40)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000001040)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001000)={&(0x7f0000000a80)={0x54c, 0x0, 0x300, 0x70bd29, 0x25dfdbfc, {}, [{{0x8}, {0xc8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1c3eee2c}}, {0x8}}}]}}, {{0x8}, {0xcc, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r7}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r8}, {0x1a0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x44}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8}, {0x19c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x20}}, {0x8}}}, {0x34, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x4}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x46cc7ea3}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x54c}, 0x1, 0x0, 0x0, 0x8000}, 0xe0) syz_io_uring_setup(0x76d8, &(0x7f0000001080)={0x0, 0x72bd, 0x1, 0x3, 0x19d, 0x0, r4}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000001100)=0x0, &(0x7f0000001140)) syz_io_uring_submit(r9, 0x0, &(0x7f0000001180)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x12345}, 0x56f) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000011c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_ASSOCIATE(r3, &(0x7f00000012c0)={&(0x7f0000001200)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001280)={&(0x7f0000001240)={0x28, 0x0, 0x400, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="39ad52c643e6"}]}, 0x28}, 0x1, 0x0, 0x0, 0x40110}, 0x200000c0) fsconfig$FSCONFIG_SET_PATH(r5, 0x3, &(0x7f0000001300)='+\x9b:&@%\x8d]\x00', &(0x7f0000001340)='./file0\x00', 0xffffffffffffffff) 02:58:30 executing program 4: r0 = getpid() r1 = getpid() r2 = getpgid(r0) r3 = fsmount(0xffffffffffffffff, 0x0, 0x2) clone3(&(0x7f0000000240)={0x80100000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x2f}, &(0x7f00000000c0)=""/173, 0xad, &(0x7f0000000180)=""/103, &(0x7f0000000200)=[r1, r2], 0x2, {r3}}, 0x58) fork() r4 = fsmount(r3, 0x0, 0x7c) fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f00000002c0)='\x00', 0x0, r4) getpid() r5 = fsmount(r3, 0x1, 0x6) r6 = syz_genetlink_get_family_id$team(&(0x7f0000000340), r4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000380)={'batadv0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_GET(r5, &(0x7f0000000640)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000600)={&(0x7f00000003c0)={0x234, r6, 0x1, 0x70bd2d, 0x25dfdbff, {}, [{{0x8}, {0x218, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10001}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xffffff01}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffff0001}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xa6a}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffe01}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x400}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x234}, 0x1, 0x0, 0x0, 0x4040890}, 0x4000010) ioctl$SNDRV_TIMER_IOCTL_TREAD(r3, 0x40045402, &(0x7f0000000680)=0x1) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000006c0), 0x4) socketpair(0x8, 0x5, 0x1ea, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000740)={'wlan0\x00'}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000780)={0x1, 0x1580, 0xffff, 0x0, 0x8}) r9 = openat$full(0xffffffffffffff9c, &(0x7f0000000800), 0xa000, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r9, 0xc0505405, &(0x7f0000000840)={{0x0, 0x1, 0x1aeaa4cf, 0x2, 0x7}, 0x9, 0x0, 0x3}) [ 62.468816] audit: type=1400 audit(1751511510.614:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 02:58:30 executing program 5: semctl$IPC_INFO(0x0, 0x2, 0x3, &(0x7f0000000000)=""/40) semctl$SEM_STAT_ANY(0x0, 0x0, 0x14, &(0x7f0000000040)=""/4096) semctl$SEM_STAT(0xffffffffffffffff, 0x2, 0x12, &(0x7f0000001040)=""/175) r0 = semget$private(0x0, 0x1, 0x220) semctl$SEM_STAT(r0, 0x2, 0x12, &(0x7f0000001100)=""/229) semctl$SETVAL(r0, 0x0, 0x10, &(0x7f0000001200)=0xffffffff) semop(r0, &(0x7f0000001240)=[{0x2, 0x4}], 0x1) r1 = semget$private(0x0, 0x2, 0x44) semctl$SEM_STAT_ANY(r1, 0x3, 0x14, &(0x7f0000001280)=""/27) r2 = semget(0x3, 0x1, 0x200) semctl$SETALL(r2, 0x0, 0x11, &(0x7f00000012c0)=[0xb1]) semctl$SEM_STAT(r1, 0x1, 0x12, &(0x7f0000001300)=""/3) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000001340), r3) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000001380)) r5 = semget(0x2, 0x1, 0x40) semctl$IPC_INFO(r5, 0x4, 0x3, &(0x7f00000013c0)=""/94) semget$private(0x0, 0x3, 0x500) semop(0x0, &(0x7f0000001440)=[{0x0, 0xff, 0x1800}, {0x2, 0x1, 0x800}], 0x2) 02:58:30 executing program 6: ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0x80585414, &(0x7f0000000000)) r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000080)={{0x1, 0x0, 0x8b4, 0x2, 0x7}, 0x0, 0x1, 'id0\x00', 'timer0\x00', 0x0, 0x5, 0xfff, 0xffffffff, 0x8}) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, &(0x7f0000000180)) syz_io_uring_setup(0x3095, &(0x7f0000000200)={0x0, 0x28db, 0x8, 0x0, 0x24c}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000280), &(0x7f00000002c0)=0x0) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001b00), 0x40006, 0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000001b40)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x1, 0x4000, @fd=r2, 0x400, 0x0, 0x0, 0x18, 0x1, {0x3}}, 0x7) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000001b80)={'wpan1\x00'}) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001bc0), 0x40, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r4, 0x54a1) ioctl$SNDRV_TIMER_IOCTL_GINFO(r2, 0xc0f85403, &(0x7f0000001c00)={{0x1, 0x3, 0x8001, 0x1, 0x1}, 0x9, 0x80000001, 'id1\x00', 'timer0\x00', 0x0, 0x0, 0x6, 0x81, 0x5}) r5 = fsopen(&(0x7f0000001d00)='hfs\x00', 0x0) fsconfig$FSCONFIG_SET_PATH(r5, 0x3, &(0x7f0000001d40)=']\x00', &(0x7f0000001d80)='./file0\x00', r4) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, &(0x7f0000001dc0)={0x0, 0x10001, 0x6, 0x0, 0x5}) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) r6 = pidfd_getfd(r0, r3, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000001e40)='\x00', &(0x7f0000001e80)='./file0\x00', r6) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r2, 0x40485404, &(0x7f0000001ec0)={{0x0, 0x1, 0x7, 0x0, 0x4}, 0x1}) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000001f80)={0x2, 0x0, 0x9, 0x2, 0x7fffffff}) 02:58:30 executing program 7: r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8fa1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000c001}, 0x4000840) getsockname(0xffffffffffffffff, &(0x7f0000000140)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, &(0x7f00000001c0)=0x80) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x54, 0x0, 0x10, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfffffe00}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000040}, 0x4c000) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000380), r1) sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x44, r2, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x7}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xfffffff9}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000040}, 0x40) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000500), r1) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x64, r3, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x2}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x2}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6b7e}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x64}, 0x1, 0x0, 0x0, 0x8800}, 0x14000) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000000780)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000740)={&(0x7f0000000680)={0x9c, 0x0, 0x702, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x7fffffff, 0x11}}}}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0x73, 0xac, "ad9bdab6e9b80bf9e1910466a398e4b9661d8c0dfebdecb13bfb3d6c216a8923c148ff8070eb9ea788b477b43b7d9fd86432f328630989dbcc9e1d0fb792914b31b0f1a8dd578b95eb03ee03c9cc3ca5f0d60aae4ff0e4b46aa587c7fac335a223cbfe50071d2761cc61aa0237f1ad"}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x30b}]}, 0x9c}, 0x1, 0x0, 0x0, 0x8}, 0x880) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x34, r3, 0x10, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x512d9c1}]}, 0x34}, 0x1, 0x0, 0x0, 0x40084}, 0x20040894) socketpair(0x9, 0x800, 0x4, &(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPVS_CMD_FLUSH(r5, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x2c, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8080) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000a00), 0x240082, 0x0) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000a80), r4) sendmsg$BATADV_CMD_GET_HARDIF(r6, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x1c, r7, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48001}, 0x20004000) r8 = openat$full(0xffffffffffffff9c, &(0x7f0000000b80), 0x88400, 0x0) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000c00), r5) sendmsg$BATADV_CMD_GET_ORIGINATORS(r8, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x24, r9, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r10 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000d40), r5) sendmsg$IPVS_CMD_NEW_DEST(r5, &(0x7f0000000e80)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000d80)={0x84, r10, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x9}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}]}, 0x84}, 0x1, 0x0, 0x0, 0x4024000}, 0x408c) [ 63.720807] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.722895] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 63.724756] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 63.728772] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 63.734212] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.791963] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 63.794020] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 63.796078] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 63.801747] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 63.803260] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 63.805805] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 63.807787] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 63.813227] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 63.814950] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 63.824144] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 63.825942] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 63.828788] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 63.839021] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 63.859966] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 63.861872] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 63.866206] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 63.868146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 63.869836] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 63.871488] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 63.873515] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 63.876165] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 63.877451] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 63.878612] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 63.881218] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 63.887757] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 63.890180] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 63.891689] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 63.893105] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 63.894067] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 63.896617] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 63.898623] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 63.905844] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 63.908535] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 63.909644] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 63.914550] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 64.021193] [ 64.022030] ============================= [ 64.022857] WARNING: suspicious RCU usage [ 64.023699] 6.16.0-rc4-next-20250702 #1 Not tainted [ 64.026211] ----------------------------- [ 64.029107] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 64.032133] [ 64.032133] other info that might help us debug this: [ 64.032133] [ 64.033583] [ 64.033583] rcu_scheduler_active = 2, debug_locks = 1 [ 64.034902] 3 locks held by syz-executor.2/284: [ 64.035885] #0: ffff88800f724400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 64.037576] #1: ffff88800c11e618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 64.039363] #2: ffff88803503d270 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 64.041283] [ 64.041283] stack backtrace: [ 64.042195] CPU: 0 UID: 0 PID: 284 Comm: syz-executor.2 Not tainted 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 64.042223] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 64.042235] Call Trace: [ 64.042241] [ 64.042249] dump_stack_lvl+0xfa/0x120 [ 64.042274] lockdep_rcu_suspicious+0x152/0x1c0 [ 64.042302] proc_sys_compare+0x28a/0x340 [ 64.042324] ? __pfx_proc_sys_compare+0x10/0x10 [ 64.042348] d_same_name+0x229/0x2e0 [ 64.042371] d_alloc_parallel+0x7c1/0x1330 [ 64.042415] ? __pfx_d_alloc_parallel+0x10/0x10 [ 64.042443] ? __pfx_default_wake_function+0x10/0x10 [ 64.042475] ? __d_lookup+0x25f/0x490 [ 64.042508] lookup_open.isra.0+0x64f/0x1530 [ 64.042542] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 64.042587] ? mnt_get_write_access+0x81/0x2d0 [ 64.042608] ? mnt_get_write_access+0x1ea/0x2d0 [ 64.042637] path_openat+0xc26/0x2880 [ 64.042678] ? __lock_acquire+0x694/0x1b70 [ 64.042699] ? __pfx_path_openat+0x10/0x10 [ 64.042740] do_filp_open+0x1e8/0x450 [ 64.042770] ? __pfx_do_filp_open+0x10/0x10 [ 64.042813] ? find_held_lock+0x2b/0x80 [ 64.042843] ? alloc_fd+0x2c1/0x560 [ 64.042870] ? lock_release+0xc8/0x290 [ 64.042898] ? alloc_fd+0x2c1/0x560 [ 64.042935] do_sys_openat2+0x104/0x1b0 [ 64.042961] ? __pfx_do_sys_openat2+0x10/0x10 [ 64.042987] ? __pfx___schedule+0x10/0x10 [ 64.043018] ? lock_release+0xc8/0x290 [ 64.043045] __x64_sys_openat+0x142/0x200 [ 64.043071] ? __pfx___x64_sys_openat+0x10/0x10 [ 64.043103] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 64.043141] do_syscall_64+0xbf/0x360 [ 64.043165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.043187] RIP: 0033:0x7f136b4dea04 [ 64.043203] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 64.043222] RSP: 002b:00007fff1718fae0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 64.043242] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f136b4dea04 [ 64.043256] RDX: 0000000000080001 RSI: 00007f136b584f61 RDI: 00000000ffffff9c [ 64.043269] RBP: 00007f136b584f61 R08: 0000000000000000 R09: 00007fff1718fad0 [ 64.043282] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 64.043295] R13: 00007fff1718fb80 R14: 0000000000000000 R15: 00000000000000f8 [ 64.043324] [ 65.750983] Bluetooth: hci0: command tx timeout [ 65.879602] Bluetooth: hci1: command tx timeout [ 65.942553] Bluetooth: hci6: command tx timeout [ 65.942580] Bluetooth: hci2: command tx timeout [ 66.006540] Bluetooth: hci7: command tx timeout [ 66.006705] Bluetooth: hci5: command tx timeout [ 66.007181] Bluetooth: hci3: command tx timeout [ 66.007611] Bluetooth: hci4: command tx timeout [ 67.798483] Bluetooth: hci0: command tx timeout [ 67.928540] Bluetooth: hci1: command tx timeout [ 67.990465] Bluetooth: hci6: command tx timeout [ 67.990521] Bluetooth: hci2: command tx timeout [ 68.055181] Bluetooth: hci4: command tx timeout [ 68.055624] Bluetooth: hci3: command tx timeout [ 68.055640] Bluetooth: hci5: command tx timeout [ 68.056004] Bluetooth: hci7: command tx timeout [ 69.846517] Bluetooth: hci0: command tx timeout [ 69.974486] Bluetooth: hci1: command tx timeout [ 70.038564] Bluetooth: hci6: command tx timeout [ 70.038608] Bluetooth: hci2: command tx timeout [ 70.104499] Bluetooth: hci4: command tx timeout [ 70.104533] Bluetooth: hci7: command tx timeout [ 70.105150] Bluetooth: hci5: command tx timeout [ 70.105398] Bluetooth: hci3: command tx timeout [ 71.894582] Bluetooth: hci0: command tx timeout [ 72.022998] Bluetooth: hci1: command tx timeout [ 72.086523] Bluetooth: hci6: command tx timeout [ 72.087557] Bluetooth: hci2: command tx timeout [ 72.150552] Bluetooth: hci3: command tx timeout [ 72.150950] Bluetooth: hci7: command tx timeout [ 72.151681] Bluetooth: hci5: command tx timeout [ 72.152853] Bluetooth: hci4: command tx timeout VM DIAGNOSIS: 02:58:32 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828ba350 RDI=ffffffff88722060 RBP=ffffffff88722020 RSP=ffff888015587260 R8 =0000000000000000 R9 =ffffed1001727046 R10=00000000000fe503 R11=0000000000000001 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e445e R15=dffffc0000000000 RIP=ffffffff828ba3a5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555588508400 00000000 00000000 GS =0000 ffff8880e55ef000 00000000 00000000 LDT=0000 fffffe3b00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f98944de000 CR3=0000000030fce000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=5837fe9dc1c91f3200000000000ae618 XMM01=8ca0b852b1c7c8e100000000000ae7b8 XMM02=6b1e99b806172e3b00000000000aea28 XMM03=ac8bc31478ec851100000000000aefa0 XMM04=1d2fa3034b24a9db0000000000131e58 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=d3947d1bf833cfe900000000000ae988 XMM07=a1fcdcf819d7e1e500000000000ae728 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff888017476100 RCX=ffff888017476000 RDX=0000000000000008 RSI=ffff888017476000 RDI=ffff888008c7f140 RBP=ffff888008c7f140 RSP=ffff8880189b71c0 R8 =0000000000000200 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=ffff888017476000 R13=0000000000000002 R14=0000000000000002 R15=000000000000000f RIP=ffffffff81aef91d RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56ef000 00000000 00000000 LDT=0000 fffffe2c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd00faf8c30 CR3=00000000349eb000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=322d6465726168732d646d6574737973 XMM02=006f732e3734322d6465726168732d64 XMM03=6d657473797362696c2f646d65747379 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000