Warning: Permanently added '[localhost]:5597' (ECDSA) to the list of known hosts. 2025/01/25 14:43:40 fuzzer started 2025/01/25 14:43:41 dialing manager at localhost:40883 syzkaller login: [ 66.973124] cgroup: Unknown subsys name 'net' [ 67.065294] cgroup: Unknown subsys name 'cpuset' [ 67.101147] cgroup: Unknown subsys name 'rlimit' [ 73.436041] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/25 14:43:59 syscalls: 2217 2025/01/25 14:43:59 code coverage: enabled 2025/01/25 14:43:59 comparison tracing: enabled 2025/01/25 14:43:59 extra coverage: enabled 2025/01/25 14:43:59 setuid sandbox: enabled 2025/01/25 14:43:59 namespace sandbox: enabled 2025/01/25 14:43:59 Android sandbox: enabled 2025/01/25 14:43:59 fault injection: enabled 2025/01/25 14:43:59 leak checking: enabled 2025/01/25 14:43:59 net packet injection: enabled 2025/01/25 14:43:59 net device setup: enabled 2025/01/25 14:43:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/25 14:43:59 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/25 14:43:59 USB emulation: enabled 2025/01/25 14:43:59 hci packet injection: enabled 2025/01/25 14:43:59 wifi device emulation: enabled 2025/01/25 14:43:59 802.15.4 emulation: enabled 2025/01/25 14:43:59 fetching corpus: 0, signal 0/2000 (executing program) 2025/01/25 14:43:59 fetching corpus: 0, signal 0/4000 (executing program) 2025/01/25 14:43:59 fetching corpus: 0, signal 0/6000 (executing program) 2025/01/25 14:43:59 fetching corpus: 0, signal 0/8000 (executing program) 2025/01/25 14:43:59 fetching corpus: 0, signal 0/10000 (executing program) 2025/01/25 14:43:59 fetching corpus: 0, signal 0/12000 (executing program) 2025/01/25 14:43:59 fetching corpus: 0, signal 0/14000 (executing program) 2025/01/25 14:43:59 fetching corpus: 0, signal 0/14245 (executing program) 2025/01/25 14:43:59 fetching corpus: 0, signal 0/14245 (executing program) 2025/01/25 14:44:01 starting 8 fuzzer processes 14:44:01 executing program 0: ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x2) ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, &(0x7f0000000340)={{'\x00', 0x2}, {0x400}, 0x73, 0x0, 0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)="6b0f345ca11957166b3a0ade532730d427b0be13bd22b6c56c198e571122476db45f52fe8f058bc324d3a986ce0853eab7123d62131d75350631bfe20ad5126113cf7abe81f3d44bd86f9107d035f8afbd074da35cc93476c1588509f0e10ef850c3e6304c4fd43541368ccfd0c0c2439aad315590cd6de6428eaafa58755becc9d60fc5047a57342d10a866f5b298006e5e234869610a3a0b9acd2058e05321b4ecc4acdb54b68c1df063c6ea1fd9a59d3130c371cee7161cdf2ba7b6c8d8c15351f7509c879c32263f53d9cbc89c10f835804e19b4679d5440416132f6e86476c6c7ef95cdea427ba072e7c0b10a88ef9b77f2549e20564c33b7b1ae88bd11d6b279d67613a6f42b0e23e4e031648226b99a7be17e8310c066ea204732f568ccad996077bc4206bfc8096166eea447c1c9ac503ca0c0", 0x137, 0x0, &(0x7f00000001c0)={0x2, 0x73, {0x1, 0xc, 0x8, "5d3ec34e03e1fa4d", 0x5e, "23a2e417bb11eab85f5ed95bda94e6f37de4c2acf0bad775efea69c80ff31f402aab23ddc7be5bfde77cab88968d62247ae2e22d87be20c065d5493b822b75bc074adea0088265826dc9d604ebea606153812192740e0c8f31053253c3b2"}, 0xf5, "6fb1fa5f9976fc0e54044513afcfb4863090124907f742a8b9687536340d475a7b3a7ddaffd86f2f0cd0df969c34e90b8c013c3aa16fbb673d0b1e340444d602aa847916bbd4e79e61d72ea920f7f97d97fad714fccac58a6d4219822f46e8890b3a1266502a8634b570cd99694007ea44c40444e1e690767a7a0a9b91a0ed4fff595b7c5bf3abcb589539d9075b0f156c1012aa92aa5acf72b09cb762ff7091df44233ad88d6e762e515d7bc686b1c8f314abd344a29555c794ba7a7431aa522e88c216d4208eff25adfd26eac6b98c5ab80235ff0f2b0f5d397b3a8e215087f82369b035daa9d8d3a3385c58f8607ceec72de876"}, 0x174}) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, 0x4, 0x1, 0x5, 0x0, 0x0, {0x0, 0x0, 0x8}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20044880}, 0x28000) ioctl$VFAT_IOCTL_READDIR_SHORT(0xffffffffffffffff, 0x82307202, &(0x7f00000004c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) r0 = dup(0xffffffffffffffff) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x68, r1, 0x2, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x1f, 0x42}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xe}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xb1}, @NL80211_ATTR_BANDS={0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x80}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xe}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000800}, 0x24008094) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x44, 0x0, 0x2, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x400}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x2}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x100}, 0x44001) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000009c0)=0xa0, 0x4) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x28, r1, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0xd8b0, 0x52}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) getresuid(&(0x7f0000000b40), &(0x7f0000000b80)=0x0, &(0x7f0000000bc0)) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000c00)={{0x1, 0x1, 0x18, r0, {0xee00, 0xffffffffffffffff}}, './file0\x00'}) fsetxattr$system_posix_acl(r0, &(0x7f0000000b00)='system.posix_acl_default\x00', &(0x7f0000000c40)={{}, {0x1, 0x5}, [{0x2, 0x1, r2}, {0x2, 0x2, r4}, {0x2, 0x4, 0xee00}, {0x2, 0x4, 0xee00}, {0x2, 0x1, 0xee01}], {0x4, 0x5}, [{0x8, 0x4, 0xee00}], {0x10, 0x4}}, 0x54, 0x0) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000cc0), 0x0, 0x0) io_cancel(0x0, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x1, 0x2, r5, &(0x7f0000000d00)="4098346c33efe55ae1b73338c9629256abccb14cc5fde62d9fafd602eafbe4eaf32e22974bc768280a5e4bb41ff626f0c976eac2840c19fd939ffca655e4cb480ab3dcb72b35c81ea5aa8f161420a1ebac9e2d7e055c5eee20f9f6b6c8b93098dd2e2bab78606690081049b70bc3b4d12bb48b0d0b6c47a07f625e5d7eba5bf0067a1d9408723ac869513d87f724c6b414151a99db3b36c315c4a5c2b86bfe72d9b9424f23a24b028e73e0d39b3139aa2442a2a2953c1ab1a378d9005e5d750e099e47344e1613cda6565c6c835aa7b941cbc7e1cfb444d1ff6ca88af4e82a7eea323f9fb495c9cda4749865f0e0d9f80462290e0fe7cb1c7cdf75a402", 0xfd, 0x9, 0x0, 0x0, r0}, &(0x7f0000000e40)) setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000000e80)={0x2, 'batadv_slave_1\x00', 0x4}, 0x18) r6 = pidfd_open(0x0, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r6, 0x4004662b, &(0x7f0000000ec0)=0x1) sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f0000000fc0)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000f80)={&(0x7f0000000f40)={0x38, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@SEG6_ATTR_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) 14:44:01 executing program 1: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) write$evdev(r0, &(0x7f00000000c0)=[{{r1, r2/1000+60000}, 0x2, 0x0, 0x1000}, {{r3, r4/1000+10000}, 0x0, 0x3f, 0x4}, {{r5, r6/1000+60000}, 0x1, 0x3, 0x20}, {{0x0, 0xea60}, 0x17, 0x140, 0x45e62e38}, {{0x0, 0x2710}, 0x17, 0x8aa, 0xfffffffb}], 0x78) ptrace$setregset(0x4205, 0xffffffffffffffff, 0x201, &(0x7f0000000180)={&(0x7f0000000140)="e3d796a9e5254c9c9a271a7789fd809ec188c1bc55e4a0d5e4ac6c95e37cbab0d47e07f86fc601cd1d40d3791e6badaf31d015", 0x33}) r7 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) recvmmsg$unix(r7, &(0x7f0000001900)=[{{&(0x7f00000001c0)=@abs, 0x6e, &(0x7f00000014c0)=[{&(0x7f0000000240)=""/145, 0x91}, {&(0x7f0000000300)=""/171, 0xab}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f00000013c0)=""/131, 0x83}, {&(0x7f0000001480)=""/24, 0x18}], 0x5}}, {{&(0x7f0000001540), 0x6e, &(0x7f0000001740)=[{&(0x7f00000015c0)=""/163, 0xa3}, {&(0x7f0000001680)=""/150, 0x96}], 0x2, &(0x7f0000001780)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x18}}, {{&(0x7f00000017c0)=@abs, 0x6e, &(0x7f0000001840), 0x0, &(0x7f0000001880)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x78}}], 0x3, 0x0, &(0x7f00000019c0)) ioctl$EVIOCSABS3F(0xffffffffffffffff, 0x401845ff, &(0x7f0000001a00)={0x4, 0x0, 0x9, 0x1f, 0x80000001, 0x2}) ioctl$F2FS_IOC_DEFRAGMENT(r7, 0xc010f508, &(0x7f0000001a40)={0x400, 0x60b1}) ioctl$AUTOFS_IOC_EXPIRE(r8, 0x810c9365, &(0x7f0000001a80)={{0x3}, 0x100, './file0\x00'}) ioctl$TUNSETVNETLE(r10, 0x400454dc, &(0x7f0000001bc0)) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r9, 0x84009422, &(0x7f0000001c00)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) ioctl$AUTOFS_IOC_EXPIRE(r11, 0x810c9365, &(0x7f0000002000)={{0x8, 0x8}, 0x100, './file0\x00'}) write$cgroup_subtree(r10, &(0x7f0000002140)={[{0x2b, 'io'}, {0x2b, 'devices'}]}, 0xd) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000021c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_KEY(0xffffffffffffffff, &(0x7f0000002280)={&(0x7f0000002180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002240)={&(0x7f0000002200)={0x30, 0x0, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x800) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r11, 0x40042409, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000002300)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEV(0xffffffffffffffff, &(0x7f00000023c0)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000002380)={&(0x7f0000002340)={0x24, 0x0, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4008004) 14:44:01 executing program 2: ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000000000)={0x10000, 0x991, 0x0, 0x1, 0xffffffff}) r0 = geteuid() r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x240, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETOWNER(r1, 0x400454cc, r2) stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), &(0x7f00000002c0)=@v3={0x3000000, [{0x40, 0x9}, {0xffffffff, 0x5}], r4}, 0x18, 0x3) linkat(r1, &(0x7f0000000300)='./file1\x00', r1, &(0x7f0000000340)='./file0/file0\x00', 0x1000) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000840)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r1, 0x0, &(0x7f0000000800)={&(0x7f0000000380)=@nfc, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000400)=""/39, 0x27}, {&(0x7f0000000440)=""/26, 0x1a}, {&(0x7f0000000480)=""/231, 0xe7}, {&(0x7f0000000580)=""/236, 0xec}, {&(0x7f0000000680)=""/25, 0x19}], 0x5, &(0x7f0000000740)=""/179, 0xb3}, 0x0, 0x261, 0x1, {0x1}}, 0x7) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000880)=@v2={0x2, @adiantum, 0x8, '\x00', @a}) clone3(&(0x7f0000000a80)={0x52108080, &(0x7f00000008c0)=0xffffffffffffffff, &(0x7f0000000900), &(0x7f0000000940), {0x25}, &(0x7f0000000980)=""/62, 0x3e, &(0x7f00000009c0)=""/94, &(0x7f0000000a40)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x4, {r1}}, 0x58) ioctl$F2FS_IOC_GET_FEATURES(r6, 0x8004f50c, &(0x7f0000000b00)) getsockopt(r1, 0x7, 0x1, &(0x7f0000000b40)=""/102, &(0x7f0000000bc0)=0x66) r7 = fsmount(r1, 0x0, 0x70) io_submit(0x0, 0x3, &(0x7f0000000f00)=[&(0x7f0000000c80)={0x0, 0x0, 0x0, 0x5, 0x7, r6, &(0x7f0000000c00)="ae700cb8fcc46662d8719f614b86240f3173ff30cee53104fd6c3fe35038ae05cd9e34ce36cff057f816e9eaa4708a39fd971347a25d87df148a5f8a05a793e73901e020ca0dd903cc3d2962ef6e366f6a9080fd7296e6dd1745a9d681fc2ceb0e36e71207a07da52b00b2a311d5fce197", 0x71, 0x7, 0x0, 0x1, r1}, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x8, 0x88d6, r6, &(0x7f0000000cc0)="4e37c3eae414fca01d599f433783dc68994359a09b3bee80d546e7bb30e48b4e62d9fef60f43aec676563686e7daa7767891f59600f5d9861d9619131b02639867e416f16c69271eef43fdf89d57061226b1db1d2837104aed4d90a4237f9e45ac9a73bf05af741ea8f24bbaf9d0643b8bd6bef8e6c0f2945ac1b64218bcf62f3dc10c3fa2cd7ee93fe1f046051bb2294ba4fa69e22a1ac6c554e9a508287d570d7627e41c429329402ca80d2e6d043a57b6ffe46ac61cb1517a2cf317aea5316d2dce000fb3be309f6d1a", 0xcb, 0x2d, 0x0, 0x2, r1}, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x8, 0xff80, r1, &(0x7f0000000e00)="a6bf0ece76d0a028e525fa6a5ebb3d559353004d5508ad461a2fe4d59549687e5e045dbab74fc7dbd492928dec306fe6904026dd4ffe594eec7aa9d56737ba957f32ef91b5bfce066613bd4143cabacd1c417320d7c00dda68c8733b4c2e56e2579923daebdd157b3b71e4f6dcf7434e716e92218e47ece4da030cd0ae33ea1dae9eb9c1161fc080fab59696a00f2816632b3113c55d991e89a6037fc796a08e", 0xa0, 0x81, 0x0, 0x3}]) sendmsg$AUDIT_TRIM(r1, &(0x7f0000001000)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f80)={0x10, 0x3f6, 0x200, 0x70bd26, 0x25dfdbfb, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x80}, 0x24000044) sendmsg$NL80211_CMD_ASSOCIATE(r1, &(0x7f00000011c0)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001180)={&(0x7f0000001080)={0xc8, 0x0, 0x302, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x8000, 0x3, 0x3, 0x0, {0x9, 0xbf7, 0x0, 0x5a, 0x0, 0x0, 0x1, 0x2}, 0x800, 0x1ff}}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x0, 0x0, 0x1, 0x0, {0xb6f9, 0x0, 0x0, 0xae, 0x0, 0x1, 0x1, 0x3}, 0x300, 0xd9, 0x8}}, @NL80211_ATTR_FILS_NONCES={0x24, 0xf3, [0x3, 0x8, 0x6, 0x5, 0x40, 0x1, 0x400, 0x20, 0x9, 0x246, 0x7f, 0x8, 0x3f, 0x40, 0x3, 0xfffb]}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x80, 0x3, 0x3, 0x0, {0x9, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x2, 0x1}, 0x400, 0x7, 0x4}}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @from_mac}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_DISABLE_VHT={0x4}, @crypto_settings, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x3}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]]}, 0xc8}, 0x1, 0x0, 0x0, 0xc054}, 0x20000042) ioctl$CDROMSUBCHNL(r7, 0x530b, &(0x7f0000001200)={0x0, 0x2a, 0xe, 0x7, 0x40, 0x16, @msf={0x1, 0x3f, 0x20}, @msf={0x7, 0x7f, 0x6}}) prctl$PR_GET_FP_MODE(0x2e) fsetxattr$system_posix_acl(r1, &(0x7f0000001240)='system.posix_acl_default\x00', &(0x7f00000013c0)={{}, {0x1, 0x4}, [{0x2, 0x5, r4}, {0x2, 0x7, r2}, {0x2, 0x5, r2}, {0x2, 0x0, r0}, {0x2, 0x0, r4}, {0x2, 0x0, 0xee01}], {0x4, 0x5}, [{0x8, 0x0, r3}, {0x8, 0x7}, {0x8, 0x0, r5}, {0x8, 0x4, r3}, {0x8, 0x1, r3}, {0x8, 0x3}], {0x10, 0x2}, {0x20, 0x2}}, 0x84, 0x1) 14:44:01 executing program 3: ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(0xffffffffffffffff, 0x942e, 0x0) r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x7c, r0, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ip6_vti0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x7c}, 0x1, 0x0, 0x0, 0x24000800}, 0x5) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x10, 0x70bd27, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000080}, 0x90) sendmsg$NL80211_CMD_TESTMODE(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000500)={&(0x7f0000000300)={0x1fc, 0x0, 0x300, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x5, 0x1f}}}}, [@NL80211_ATTR_TESTDATA={0x41, 0x45, "2314717cafdcb89aa128b2ccaa3cb4a54cd54adbef535661345f877e6af116be7a1b2be035aeb96b0c9b8e9d44c9b95fe661e14d55cf7fa2ff2d14ab5d"}, @NL80211_ATTR_TESTDATA={0xea, 0x45, "da6b823340cd52d6389c859502c5f88684ae3b7799edcea59b527dc27198b2346e2502ba567ed97bd5987f2cbae68b9def0fc767e42af729724da17257012e0e1e6682f5eac4dd998360a9617fefd3fb513bc6a690547c4e6930aa7348e6b30f83b5b032bb5e01bfa9bcc70a2e2ddb176eb5dd68f922d6fef7a0ad30ae8fd68d9e4bf32c67b68102ce19c7c6fb093a8c607408f2eb8f543eed6f4426762828918dd3912c8963c16590023dfa4408472f6904685269cdc6324b31265046069768d0f1b85cd25f4b1df2628692a80effda599ea2465dac83441d4b75741d393e9d7907ba80bbd8"}, @NL80211_ATTR_TESTDATA={0xaa, 0x45, "ff5675fdfd5cb089073b043110a5b01b41ff66f4c00615cf78767621ad8446895f7d0b97ea9ce593a2f774eba8bbfde182e4bf4f16df82aafbe0efc3c51f37cbb0a71cbda512a128bea0f6831f4828ce9911e21ca062d186f3c7a2d75f05428b8f084c5e8bd081dd81826a211ce819de120147ffff914a9f42f85dae22e22a751085d4eaee706f2c492012580d3a32ad730035cebc26aa20be6779f5ed0f1c498aec3e1c0265"}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x800}, 0x10) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0xfffffffffffffffd, 0x1, 0x0, 0x0, 0x80}, 0x6f3440886c6c1195) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000640)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xffffffffffffffff}}, './file0\x00'}) syz_genetlink_get_family_id$ipvs(&(0x7f0000000600), r3) accept(r2, &(0x7f0000000680)=@qipcrtr, &(0x7f0000000700)=0x80) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r3) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x9404410}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x1c, r4, 0x2, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x48}, @void, @void}}, [""]}, 0x1c}}, 0x4000) ioctl$DVD_WRITE_STRUCT(r3, 0x5390, &(0x7f0000000880)=@copyright={0x1, 0x1, 0x1, 0xf0}) sendmsg$GTP_CMD_GETPDP(r2, &(0x7f0000001180)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x14, 0x0, 0x81a, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4008801}, 0x4) sendmsg$IPSET_CMD_TYPE(r2, &(0x7f0000001280)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001240)={&(0x7f0000001200)={0x1c, 0xd, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x6}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xc}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60844}, 0x40) recvmsg(r3, &(0x7f00000027c0)={&(0x7f00000012c0)=@hci, 0x80, &(0x7f0000002740)=[{&(0x7f0000001340)=""/90, 0x5a}, {&(0x7f00000013c0)=""/226, 0xe2}, {&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f00000024c0)=""/180, 0xb4}, {&(0x7f0000002580)=""/169, 0xa9}, {&(0x7f0000002640)=""/54, 0x36}, {&(0x7f0000002680)=""/152, 0x98}], 0x7}, 0x40012001) sendmsg$NL80211_CMD_NEW_STATION(r2, &(0x7f00000029c0)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000002980)={&(0x7f0000002840)={0x12c, 0x0, 0x100, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0x103, 0xac, "00635a9fac2fe503c47cd56218376b55432a805f56b01ae965a1a5bb301a5c00fe761b3e88af0a8157ed8ef0f1851a117c9717872e0463dc6ea1af9ff21eb6003a4f36bda203071442fcef075014ede75ae1cb4eeb1d4ec9f64050d379fffd3f4afacda18fc6a4b6f83871705b5a1c6ea1261e736bb9425e568969b73475aa0377391cdddf29238ec1bd2102d16ddf237763f89f8ec9de10cf5da3f094c1df6d28ccb2249e0b260bc6af446096963c7749fe205d3fae1b5cbc77da636bd3abb77de5a7201e651221a9ad2884963d4f312991477396e25dbdf3ffc66535c07d6284f12cebe43431bedbdf99483a5806215a75d3066f99c42bd68bb5f64af8ff"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x9}]}, 0x12c}, 0x1, 0x0, 0x0, 0xc040}, 0x20000000) sendmsg$NFT_MSG_GETRULE(r2, &(0x7f0000002ac0)={&(0x7f0000002a00)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000002a80)={&(0x7f0000002a40)={0x2c, 0x7, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000080}, 0x20c0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r3, 0x40bc5311, &(0x7f0000002b00)={0x7, 0x0, 'client0\x00', 0x5, "d546b173c2d0a62a", "43eb05d8dea6c10e9f0c07959d7040610ba46c0c35cea7959ce68848fb833379", 0x2f, 0x1}) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000002d00)={&(0x7f0000002bc0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000002cc0)={&(0x7f0000002c40)={0x60, 0x0, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@SEG6_ATTR_DST={0x14, 0x1, @private2}, @SEG6_ATTR_SECRET={0x18, 0x4, [0x6, 0x10000, 0x20, 0x3, 0x8001]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x9}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x8000]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x40) 14:44:01 executing program 5: ioctl$sock_ipv6_tunnel_SIOCADDPRL(0xffffffffffffffff, 0x89f5, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000000)={'sit0\x00', 0x0, 0x4, 0x5, 0x1, 0xc1, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, '\x00', 0x3f}, 0x1, 0x40, 0x12fe0000, 0x5}}) r0 = socket$inet6(0xa, 0x6, 0x55c) recvfrom(r0, &(0x7f00000000c0)=""/115, 0x73, 0x100, &(0x7f0000000140)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(morus640-sse2)\x00'}, 0x80) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f00000001c0)=""/46, &(0x7f0000000200)=0x2e) ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000280)={0x11, 0x26, &(0x7f0000000240)="ec8bf206ea67b4cd053d1501eac0977c17863fcd770edadc29a76df98427079a0c8e90609652"}) sendmsg$NL80211_CMD_GET_COALESCE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x23}, @void, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x54}, 0x20000010) sendmsg$NL80211_CMD_TDLS_OPER(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x54, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x200, 0x1b}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TDLS_OPERATION={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x20004005}, 0x44) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x0, 0x8, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x3a}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x11) sendmsg$TIPC_NL_KEY_FLUSH(r1, &(0x7f0000000980)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000940)={&(0x7f0000000680)={0x290, 0x0, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffff89e}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x100}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x5c}]}, @TIPC_NLA_BEARER={0x98, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x10a}}, {0x14, 0x2, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfffffff7}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x52c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK={0x110, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x71}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd1e}]}]}, @TIPC_NLA_SOCK={0x4}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xb4c}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffa}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}]}, @TIPC_NLA_MEDIA={0x1c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}]}, @TIPC_NLA_NET={0x58, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xffffffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffff00000001}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1d0}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffffd}]}]}, 0x290}, 0x1, 0x0, 0x0, 0x8001}, 0x0) r3 = open(&(0x7f00000009c0)='./file0\x00', 0x4080, 0x104) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a40), r2) sendmsg$NL80211_CMD_DEL_TX_TS(r3, &(0x7f0000000b00)={&(0x7f0000000a00), 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x28, r4, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x4) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000b80), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @empty}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000009}, 0x20000010) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000c80)=[0x80000001, 0x7ff]) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000d00), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_OCB(r1, &(0x7f0000000e00)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d40)={0x58, r6, 0x10, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3ff, 0x6e}}}}, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x20}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x26}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}]}, 0x58}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000ec0)={{{@in6=@private1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private1}, 0x0, @in=@broadcast}}, &(0x7f0000000fc0)=0xe8) mount$tmpfs(0x0, &(0x7f0000000e40)='./file0\x00', &(0x7f0000000e80), 0x2c0029, &(0x7f00000010c0)={[{@nr_inodes={'nr_inodes', 0x3d, [0x70, 0x6d, 0x1a, 0x67, 0x37, 0x34, 0x30]}}, {@mode={'mode', 0x3d, 0x9ab}}, {@huge_advise}, {@uid={'uid', 0x3d, r7}}, {@mpol={'mpol', 0x3d, {'bind', '=static', @void}}}, {@gid}, {@huge_within_size}, {@nr_inodes={'nr_inodes', 0x3d, [0x2d, 0x78, 0x34, 0x25]}}, {@mpol={'mpol', 0x3d, {'prefer', '', @void}}}, {@huge_never}], [{@fowner_gt}, {@smackfstransmute={'smackfstransmute', 0x3d, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, {@obj_type={'obj_type', 0x3d, '*^'}}, {@appraise}]}) [ 86.788197] audit: type=1400 audit(1737816241.115:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 14:44:01 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x10282, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) sendmsg$TIPC_NL_NAME_TABLE_GET(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x11c, 0x0, 0x800, 0x70bd2b, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0xdc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x866}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0x11, 0x1, @l2={'eth', 0x3a, 'ip6_vti0\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @multicast1}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0xfffffffc, @remote, 0x8}}}}]}, @TIPC_NLA_SOCK={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xd6a}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x200}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xab}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x50}, 0x4000000) getsockopt$IP_SET_OP_GET_FNAME(r1, 0x1, 0x53, &(0x7f0000000280)={0x8, 0x7, 0x0, 'syz0\x00'}, &(0x7f00000002c0)=0x2c) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000300)={{r0}, 0x401, 0x9, 0x19}) sendmsg$IEEE802154_LLSEC_ADD_KEY(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340), 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x44, 0x0, 0xd3f, 0x70bd25, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xffff}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES={0x5, 0x31, 0x3f}]}, 0x44}, 0x1, 0x0, 0x0, 0x48084}, 0x24000800) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000000480)) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r1, 0x80286722, &(0x7f0000000500)={&(0x7f00000004c0)=""/12, 0xc, 0x6, 0x2}) ioctl$AUTOFS_DEV_IOCTL_READY(r1, 0xc0189376, &(0x7f0000000540)={{0x1, 0x1, 0x18, r0, {0x5}}, './file0\x00'}) ioctl$sock_bt_hci(r2, 0xc0000030, &(0x7f0000000580)="275e611eaeef5e") sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r2, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x2c, 0x2, 0x8, 0x201, 0x0, 0x0, {0x5, 0x0, 0x2}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6005}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8010}, 0x40890) ioctl$PTP_SYS_OFFSET(r1, 0x43403d05, &(0x7f00000006c0)={0x9}) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r2, 0x89f4, &(0x7f0000000c00)={'sit0\x00', &(0x7f0000000b80)={'syztnl2\x00', 0x0, 0x29, 0x4, 0xf1, 0x100, 0x0, @remote, @mcast2, 0xf820, 0x700, 0x3, 0x80000001}}) recvfrom$packet(r1, &(0x7f0000000a00)=""/162, 0xa2, 0x40010100, &(0x7f0000000c40)={0x11, 0x19, r3, 0x1, 0x60, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}}, 0x14) r4 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000c80)) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r4, 0x8008f512, &(0x7f0000000cc0)) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f0000000d00)=0x1ff, 0x4) setxattr$security_evm(&(0x7f0000000d40)='./file0\x00', &(0x7f0000000d80), &(0x7f0000000dc0)=@v1={0x2, "9023"}, 0x3, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f0000000e00)) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000f00)={'ip_vti0\x00', &(0x7f0000000e40)={'syztnl1\x00', 0x0, 0x0, 0x40, 0xffff, 0x10000, {{0x28, 0x4, 0x0, 0x3, 0xa0, 0x64, 0x0, 0x9, 0x29, 0x0, @multicast2, @multicast2, {[@end, @noop, @timestamp_prespec={0x44, 0xc, 0x71, 0x3, 0x3, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8}]}, @lsrr={0x83, 0x23, 0x3b, [@multicast1, @remote, @multicast2, @multicast1, @broadcast, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback]}, @timestamp_prespec={0x44, 0xc, 0x67, 0x3, 0x3, [{@local, 0x1}]}, @ssrr={0x89, 0x7, 0x7c, [@local]}, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x44, 0xfc, 0x1, 0x6, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}, {@multicast2, 0x400}, {@multicast2, 0x7f}, {@empty}, {@multicast1, 0x6}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@empty, 0x6}, {@multicast1, 0x8}]}]}}}}}) 14:44:01 executing program 6: setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000), 0x4) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040), 0x10) r0 = accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14, 0x80800) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={r1, @rand_addr=0x64010102, @multicast1}, 0xc) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) open_by_handle_at(r2, &(0x7f0000000180)=@fuse={0xc, 0x81, {0x4, 0x5}}, 0x200040) ioctl$CDROMGETSPINDOWN(0xffffffffffffffff, 0x531d, &(0x7f00000001c0)) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000000200)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000600)={r3, 0x9, 0x2}) getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000a00)=0x4, &(0x7f0000000a40)=0x4) mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) write(r4, &(0x7f0000000a80)="2750ca8b1d8f504cea46bca9c89ba3ab3a724f31f33016bdf643cc0930ab3fc4765f643926ae5d824b951be3fbc7ba4862c56b98344634939060114c0c643937738042c713053716632df3a8dc87fb68c6ec77d444ecea5cc6569c84671351d04a786be361f82ca06aef59ee3afbbcfa5d929324ec32130d27880fbff4a1f6c544e9ee86b2bfd6568697d629eadb898486e8bff1ec7b27e3a5c0f64b74cc3fc22465", 0xa2) ioctl$SG_NEXT_CMD_LEN(0xffffffffffffffff, 0x2283, &(0x7f0000000b40)=0xc7) ioctl$GIO_UNIMAP(r2, 0x4b66, &(0x7f0000000bc0)={0x4, &(0x7f0000000b80)=[{}, {}, {}, {}]}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c40), r0) sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000d00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x20, r5, 0x10, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x1000, 0x71}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20080}, 0x80c1) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000d40)={{0x1, 0x1, 0x18, r2, {0x4}}, './file0\x00'}) sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f00000010c0)={&(0x7f0000000d80), 0xc, &(0x7f0000001080)={&(0x7f0000000dc0)={0x298, r5, 0x800, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xfff8}, @NL80211_ATTR_FRAME_MATCH={0xd6, 0x5b, "1f3fa96ea923d90fe4ff07ebdbd2ac87f7d1a99f9db1663866e5fad18782864969d6250e92fbc554c2c6a647f5451d445dc19683b1591840ad2f4ee42aca55a08e8651e382b551308c37e235febe503f0e6cf0027efe7cd31f1c9506df81e921b0181cf41322a7cc635fc523e02523481db24ddc3eb5c0eba1e65b68e32b8f37773af13ae7418d3823e15400b416556c78794213875cabf1a3c043fdb0e6dae34d5ed4b9743a1304c98b8007002da9fb4281155b33b859b109187c7065cbdffe550b4a169fe38f0b6f2fb5445b058ddfa1ea"}, @NL80211_ATTR_FRAME_MATCH={0x4e, 0x5b, "672ef3a811d68e7086911c70ffbabc2090caf19165a3cb5c83104b00b3752da5ca325b11c01c91d6df553d1d664751e3381a38e16d8bfcf89a3245e0850c50cdb8c1870253a1bf245c3c"}, @NL80211_ATTR_FRAME_MATCH={0x6, 0x5b, "bdce"}, @NL80211_ATTR_FRAME_TYPE={0x6}, @NL80211_ATTR_FRAME_MATCH={0x22, 0x5b, "43fdc1624152d8b16949f4a991d8e12700a1d045aa6eb444264045273a08"}, @NL80211_ATTR_FRAME_MATCH={0x6f, 0x5b, "b984a60f31fbe817e523bf731f93e8d5c804e6c36c9304aedb321d5c9afbf910a35d7dfecd8ad5f60393681d6f8c1c3545399087cc8036feb77817ab7c0b85d5af451e34fc2c053c1c3f37a4971245668958c5b4d9b5f0dd8b142e527f5c7a43afacceaf1888ce78836def"}, @NL80211_ATTR_FRAME_MATCH={0xa6, 0x5b, "7c7ea3b25135fa3cc08a5e4f6625a2765e0e360c12bafbfda830142db787bf5c77584274dcd683f3c34c505c110d315cd60ab89c640c32104cbf0de8c5c380cdf2821973e74e52862175dcb60dd3161e83a1c876138fe83a13cab725bd27221f73f65d10b67e810d51eba3480f6f25b8991ce48ecffcf9e939e422b29a757b2eac9af8a8521dab9a63c4effca8d8e9c05f40d384cfafef4b131831276162ef3e660c"}]}, 0x298}, 0x1, 0x0, 0x0, 0x4008805}, 0x200400c0) sendmsg$DEVLINK_CMD_TRAP_GET(r6, &(0x7f0000001340)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001300)={&(0x7f0000001140)={0x1a8, 0x0, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) 14:44:01 executing program 7: fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, &(0x7f0000000000)) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000040)={0x2, 0xd9, "62e2fb71725cd53e34d0ebf5836326d7822f63b6818f1f39c4e94866d0acbf4e76eb840b0813560cf954be71c48f9fe7ab09551c5cb5b4dd202bc13027677120f4b6d424a874ee48450015497f4f5572a2a90817444288fbeff68c1c85df1ea9ce454c3827b381e2a4420a135a4c6ebca3325c3f936d56bdd42a18cb405934420375dfe2a35e38caadec1c3f5d4d95f9866e413750d36a51eb01391863543d297e0de62db12d492c0080bb0a431720e2978ddf44fc55f03748863ce734fae46f48007ddb3ffaf947b2dd59e4d46d9cf5a9f1101317a17d2ab4"}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000140)={'#! ', './file0', [{0x20, '\\-~&F-^\',])}'}], 0xa, "0958a160618a87df5bc31f6490c9b74f1cab5ff0faca79457b4b67b957bfcfc0e95f17636abd550b76ab839ed41c204605ea3e9a7f61471cfc1c5c76ef612ec42f449847053680364956008f53074225138367c8c646c4952cec9d1b9ac1db31d1f262b66b508b8d7bac61e0"}, 0x84) sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x20, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x57e7, 0x15}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20008004}, 0x44000831) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000300)) recvmmsg(0xffffffffffffffff, &(0x7f0000003b80)=[{{&(0x7f0000000340)=@in={0x2, 0x0, @private}, 0x80, &(0x7f0000001680)=[{&(0x7f00000003c0)=""/35, 0x23}, {&(0x7f0000000400)=""/102, 0x66}, {&(0x7f0000000480)=""/157, 0x9d}, {&(0x7f0000000540)=""/53, 0x35}, {&(0x7f0000000580)=""/47, 0x2f}, {&(0x7f00000005c0)=""/176, 0xb0}, {&(0x7f0000000680)=""/4096, 0x1000}], 0x7, &(0x7f0000001700)=""/152, 0x98}, 0x1}, {{0x0, 0x0, &(0x7f0000002980)=[{&(0x7f00000017c0)=""/10, 0xa}, {&(0x7f0000001800)=""/103, 0x67}, {&(0x7f0000001880)=""/4096, 0x1000}, {&(0x7f0000002880)=""/253, 0xfd}], 0x4}, 0x1}, {{&(0x7f00000029c0)=@tipc=@name, 0x80, &(0x7f0000002b40)=[{&(0x7f0000002a40)=""/201, 0xc9}], 0x1, &(0x7f0000002b80)=""/4096, 0x1000}, 0xaef7}], 0x3, 0x100, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000003c40)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_GET_DUMPABLE(0x3) r2 = memfd_secret(0x0) getsockopt$EBT_SO_GET_ENTRIES(r2, 0x0, 0x81, &(0x7f0000003dc0)={'broute\x00', 0x0, 0x3, 0xd1, [0x7, 0x6, 0x10001, 0x5, 0x8, 0x8], 0x4, &(0x7f0000003c80)=[{}, {}, {}, {}], &(0x7f0000003cc0)=""/209}, &(0x7f0000003e40)=0x78) ioctl$F2FS_IOC_RESIZE_FS(r0, 0x4008f510, &(0x7f0000003e80)=0x4) timerfd_settime(r2, 0x1, &(0x7f0000003ec0)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000003f00)) fsetxattr$security_evm(r1, &(0x7f0000003f40), &(0x7f0000003f80)=@v1={0x2, "67425819501dcaf8"}, 0x9, 0x0) sendmsg$IPSET_CMD_GET_BYNAME(0xffffffffffffffff, &(0x7f00000040c0)={&(0x7f0000003fc0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000004080)={&(0x7f0000004000)={0x70, 0xe, 0x6, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f0000004100)=0x80000000, 0x4) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f0000004140)={{0x1, 0x1, 0x18, r1, {0x4}}, './file1\x00'}) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f0000004180)=r2, 0x1) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000004200), r2) sendmsg$NL80211_CMD_ASSOCIATE(r3, &(0x7f0000004300)={&(0x7f00000041c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000042c0)={&(0x7f0000004240)={0x54, r4, 0x1, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x20000000, {0x1000, 0x8, 0xe0e2, 0x7c}}}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @random="e5288879c0fd"}, @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0xc000000, {0x5, 0x0, 0x3f6, 0x630c}}}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @random="49b3e0f2ebf2"}]}, 0x54}, 0x1, 0x0, 0x0, 0x48004}, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000004340)={@in6={{0xa, 0x4e20, 0x2, @rand_addr=' \x01\x00', 0x9}}, 0x0, 0x0, 0x3a, 0x0, "cf0d68b52b97543f992056e02b75dc1b25443c24eee27f506041ecb88a1dd87d038ede9480cb19edcb4e299c901a2f6326927aed15756480b71da12b8c17449ec8ed3c0b4048f28c1df2504d103f7e42"}, 0xd8) [ 88.186920] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.190902] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.193190] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.199691] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.204464] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 88.206808] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.251153] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.254655] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.256616] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.264586] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.272935] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 88.275394] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.315158] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.322858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.325569] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.331115] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.338659] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 88.341812] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.400560] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.410323] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.412709] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 88.414724] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.417123] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 88.420675] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.422134] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.423500] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 88.425062] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 88.427498] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.429125] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 88.430931] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 88.436790] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.439800] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.442962] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 88.444813] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 88.446619] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 88.449617] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 88.450999] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 88.452590] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.454470] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 88.456059] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 88.457616] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.461555] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 88.483858] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 88.506759] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 88.509033] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 88.554669] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 88.558050] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 88.560051] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 90.277798] Bluetooth: hci0: command tx timeout [ 90.341411] Bluetooth: hci1: command tx timeout [ 90.405493] Bluetooth: hci2: command tx timeout [ 90.533029] Bluetooth: hci7: command tx timeout [ 90.534552] Bluetooth: hci4: command tx timeout [ 90.535630] Bluetooth: hci3: command tx timeout [ 90.597406] Bluetooth: hci6: command tx timeout [ 90.660559] Bluetooth: hci5: command tx timeout [ 92.325313] Bluetooth: hci0: command tx timeout [ 92.389564] Bluetooth: hci1: command tx timeout [ 92.453294] Bluetooth: hci2: command tx timeout [ 92.581489] Bluetooth: hci7: command tx timeout [ 92.581933] Bluetooth: hci3: command tx timeout [ 92.582676] Bluetooth: hci4: command tx timeout [ 92.646363] Bluetooth: hci6: command tx timeout [ 92.709997] Bluetooth: hci5: command tx timeout [ 94.373419] Bluetooth: hci0: command tx timeout [ 94.438311] Bluetooth: hci1: command tx timeout [ 94.501374] Bluetooth: hci2: command tx timeout [ 94.630326] Bluetooth: hci4: command tx timeout [ 94.631357] Bluetooth: hci3: command tx timeout [ 94.632440] Bluetooth: hci7: command tx timeout [ 94.693417] Bluetooth: hci6: command tx timeout [ 94.757736] Bluetooth: hci5: command tx timeout [ 96.420338] Bluetooth: hci0: command tx timeout [ 96.485372] Bluetooth: hci1: command tx timeout [ 96.550411] Bluetooth: hci2: command tx timeout [ 96.678266] Bluetooth: hci3: command tx timeout [ 96.678722] Bluetooth: hci7: command tx timeout [ 96.679120] Bluetooth: hci4: command tx timeout [ 96.741338] Bluetooth: hci6: command tx timeout [ 96.806269] Bluetooth: hci5: command tx timeout [ 148.332886] syz-executor.3 (287) used greatest stack depth: 24288 bytes left [ 150.700829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 150.702495] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 150.703648] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 150.706490] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 150.710605] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 150.715514] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 150.845913] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 150.849165] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 150.852784] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 150.855659] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 150.858486] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 150.865511] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 150.868474] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 150.872872] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 150.874356] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 150.875492] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 150.880835] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 150.881758] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 150.882738] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 150.892752] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 150.897385] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 150.901105] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 150.904642] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 150.907387] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 150.958701] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 150.962329] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 150.963880] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 150.967470] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 150.971391] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 150.974660] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 150.975956] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 150.980025] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 150.981740] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 150.982773] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 150.984174] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 150.989953] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 150.990697] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 150.994574] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 150.996172] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 150.997990] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 151.002652] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 151.008488] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 151.009441] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 151.016497] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 151.016501] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 151.016679] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 151.030744] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 151.034577] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 152.740276] Bluetooth: hci0: command tx timeout [ 152.933311] Bluetooth: hci2: command tx timeout [ 152.933576] Bluetooth: hci1: command tx timeout [ 152.997859] Bluetooth: hci3: command tx timeout [ 153.061350] Bluetooth: hci4: command tx timeout [ 153.124343] Bluetooth: hci5: command tx timeout [ 153.125302] Bluetooth: hci6: command tx timeout [ 153.125514] Bluetooth: hci7: command tx timeout [ 154.789383] Bluetooth: hci0: command tx timeout [ 154.980323] Bluetooth: hci1: command tx timeout [ 154.981507] Bluetooth: hci2: command tx timeout [ 155.044429] Bluetooth: hci3: command tx timeout [ 155.110304] Bluetooth: hci4: command tx timeout [ 155.172406] Bluetooth: hci5: command tx timeout [ 155.172888] Bluetooth: hci7: command tx timeout [ 155.172931] Bluetooth: hci6: command tx timeout [ 156.836296] Bluetooth: hci0: command tx timeout [ 157.028384] Bluetooth: hci2: command tx timeout [ 157.028892] Bluetooth: hci1: command tx timeout [ 157.092277] Bluetooth: hci3: command tx timeout [ 157.156294] Bluetooth: hci4: command tx timeout [ 157.222254] Bluetooth: hci6: command tx timeout [ 157.222313] Bluetooth: hci5: command tx timeout [ 157.222771] Bluetooth: hci7: command tx timeout [ 158.884366] Bluetooth: hci0: command tx timeout [ 159.076295] Bluetooth: hci1: command tx timeout [ 159.076397] Bluetooth: hci2: command tx timeout [ 159.142266] Bluetooth: hci3: command tx timeout [ 159.204272] Bluetooth: hci4: command tx timeout [ 159.270265] Bluetooth: hci7: command tx timeout [ 159.270392] Bluetooth: hci5: command tx timeout [ 159.270750] Bluetooth: hci6: command tx timeout [ 208.969374] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.970102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 209.284004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 209.284695] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.181817] syz-executor.4 (3398) used greatest stack depth: 24144 bytes left [ 210.381701] [ 210.381938] ====================================================== [ 210.382458] WARNING: possible circular locking dependency detected [ 210.382980] 6.13.0-next-20250124 #1 Not tainted [ 210.383380] ------------------------------------------------------ [ 210.383897] kworker/u8:1/67 is trying to acquire lock: [ 210.385456] ffffffff8621d8e8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.387639] [ 210.387639] but task is already holding lock: [ 210.389024] ffff888018fa0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 210.391168] [ 210.391168] which lock already depends on the new lock. [ 210.391168] [ 210.392687] [ 210.392687] the existing dependency chain (in reverse order) is: [ 210.393296] [ 210.393296] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 210.393871] __mutex_lock+0x13d/0xb50 [ 210.394278] wiphy_register+0x1b2e/0x25d0 [ 210.394707] ieee80211_register_hw+0x23a4/0x3d60 [ 210.395182] mac80211_hwsim_new_radio+0x2759/0x4d60 [ 210.395673] init_mac80211_hwsim+0x389/0x870 [ 210.396128] do_one_initcall+0xf9/0x640 [ 210.396547] kernel_init_freeable+0x53d/0x7a0 [ 210.397003] kernel_init+0x1e/0x2d0 [ 210.397371] ret_from_fork+0x48/0x80 [ 210.397748] ret_from_fork_asm+0x1a/0x30 [ 210.398185] [ 210.398185] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 210.398710] __lock_acquire+0x29fd/0x4580 [ 210.399140] lock_acquire+0x19b/0x520 [ 210.399531] __mutex_lock+0x13d/0xb50 [ 210.399934] unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.400476] unregister_netdevice_queue+0x224/0x2e0 [ 210.400963] _cfg80211_unregister_wdev+0x57b/0x700 [ 210.401450] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 210.401933] ieee80211_unregister_hw+0x55/0x3a0 [ 210.402390] hwsim_exit_net+0x3a0/0x730 [ 210.402797] ops_exit_list+0xb3/0x180 [ 210.403184] cleanup_net+0x546/0xad0 [ 210.403567] process_one_work+0x8ee/0x1a10 [ 210.404012] worker_thread+0x674/0xe70 [ 210.404429] kthread+0x3ab/0x720 [ 210.404798] ret_from_fork+0x48/0x80 [ 210.405169] ret_from_fork_asm+0x1a/0x30 [ 210.405594] [ 210.405594] other info that might help us debug this: [ 210.405594] [ 210.406246] Possible unsafe locking scenario: [ 210.406246] [ 210.406743] CPU0 CPU1 [ 210.407140] ---- ---- [ 210.407533] lock(&rdev->wiphy.mtx); [ 210.407894] lock(rtnl_mutex); [ 210.408393] lock(&rdev->wiphy.mtx); [ 210.408930] lock(rtnl_mutex); [ 210.409240] [ 210.409240] *** DEADLOCK *** [ 210.409240] [ 210.409734] 4 locks held by kworker/u8:1/67: [ 210.410110] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 210.410999] #1: ffff88800bd8fd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 210.411838] #2: ffffffff86211910 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 210.412630] #3: ffff888018fa0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 210.413515] [ 210.413515] stack backtrace: [ 210.413898] CPU: 1 UID: 0 PID: 67 Comm: kworker/u8:1 Not tainted 6.13.0-next-20250124 #1 [ 210.413935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 210.413958] Workqueue: netns cleanup_net [ 210.413998] Call Trace: [ 210.414008] [ 210.414019] dump_stack_lvl+0xca/0x120 [ 210.414079] print_circular_bug+0x47b/0x750 [ 210.414125] check_noncircular+0x2e9/0x3c0 [ 210.414168] ? __pfx_check_noncircular+0x10/0x10 [ 210.414209] ? hlock_class+0x4e/0x130 [ 210.414240] ? mark_lock+0xac/0xed0 [ 210.414280] ? srso_return_thunk+0x5/0x5f [ 210.414336] ? dl_scaled_delta_exec+0xd4/0x2c0 [ 210.414382] ? lockdep_lock+0xba/0x1b0 [ 210.414439] ? __pfx_lockdep_lock+0x10/0x10 [ 210.414502] __lock_acquire+0x29fd/0x4580 [ 210.414556] ? __pfx___lock_acquire+0x10/0x10 [ 210.414599] ? lock_release+0x20f/0x6f0 [ 210.414643] ? __pfx_lock_release+0x10/0x10 [ 210.414691] lock_acquire+0x19b/0x520 [ 210.414741] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.414790] ? __pfx_lock_acquire+0x10/0x10 [ 210.414835] ? srso_return_thunk+0x5/0x5f [ 210.414890] ? lock_release+0x20f/0x6f0 [ 210.414933] ? srso_return_thunk+0x5/0x5f [ 210.414988] ? lock_is_held_type+0x9e/0x120 [ 210.415044] ? srso_return_thunk+0x5/0x5f [ 210.415102] __mutex_lock+0x13d/0xb50 [ 210.415154] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.415200] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.415246] ? srso_return_thunk+0x5/0x5f [ 210.415301] ? synchronize_rcu_expedited+0x38a/0x420 [ 210.415346] ? __pfx___mutex_lock+0x10/0x10 [ 210.415400] ? __pfx_autoremove_wake_function+0x10/0x10 [ 210.415454] ? srso_return_thunk+0x5/0x5f [ 210.415509] ? kasan_quarantine_put+0x84/0x1e0 [ 210.415570] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 210.415606] ? srso_return_thunk+0x5/0x5f [ 210.415665] unregister_netdevice_many_notify+0x1612/0x1c80 [ 210.415711] ? __virt_addr_valid+0x2e8/0x5d0 [ 210.415767] ? __pfx_lock_release+0x10/0x10 [ 210.415811] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 210.415858] ? find_held_lock+0x2c/0x110 [ 210.415916] ? srso_return_thunk+0x5/0x5f [ 210.415973] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 210.416034] ? srso_return_thunk+0x5/0x5f [ 210.416089] ? lock_release+0x20f/0x6f0 [ 210.416133] ? __pfx_lock_release+0x10/0x10 [ 210.416176] ? srso_return_thunk+0x5/0x5f [ 210.416231] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 210.416279] ? srso_return_thunk+0x5/0x5f [ 210.416339] unregister_netdevice_queue+0x224/0x2e0 [ 210.416383] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 210.416426] ? up_write+0x195/0x520 [ 210.416482] _cfg80211_unregister_wdev+0x57b/0x700 [ 210.416534] ? srso_return_thunk+0x5/0x5f [ 210.416592] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 210.416631] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 210.416670] ? srso_return_thunk+0x5/0x5f [ 210.416725] ? srso_return_thunk+0x5/0x5f [ 210.416780] ? synchronize_rcu+0x1ff/0x260 [ 210.416823] ieee80211_unregister_hw+0x55/0x3a0 [ 210.416868] hwsim_exit_net+0x3a0/0x730 [ 210.416909] ? __pfx_hwsim_exit_net+0x10/0x10 [ 210.416950] ? srso_return_thunk+0x5/0x5f [ 210.417005] ? netdev_run_todo+0x788/0x1040 [ 210.417054] ? __pfx_hwsim_exit_net+0x10/0x10 [ 210.417097] ops_exit_list+0xb3/0x180 [ 210.417140] cleanup_net+0x546/0xad0 [ 210.417184] ? __pfx_cleanup_net+0x10/0x10 [ 210.417238] process_one_work+0x8ee/0x1a10 [ 210.417303] ? __pfx_lock_acquire+0x10/0x10 [ 210.417348] ? __pfx_process_one_work+0x10/0x10 [ 210.417406] ? srso_return_thunk+0x5/0x5f [ 210.417461] ? move_linked_works+0x172/0x270 [ 210.417506] ? srso_return_thunk+0x5/0x5f [ 210.417562] ? assign_work+0x196/0x240 [ 210.417619] worker_thread+0x674/0xe70 [ 210.417677] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 210.417729] ? srso_return_thunk+0x5/0x5f [ 210.417784] ? __pfx_worker_thread+0x10/0x10 [ 210.417844] kthread+0x3ab/0x720 [ 210.417896] ? __pfx_kthread+0x10/0x10 [ 210.417947] ? srso_return_thunk+0x5/0x5f [ 210.418002] ? finish_task_switch.isra.0+0x206/0x840 [ 210.418054] ? __pfx_kthread+0x10/0x10 [ 210.418108] ret_from_fork+0x48/0x80 [ 210.418139] ? __pfx_kthread+0x10/0x10 [ 210.418192] ret_from_fork_asm+0x1a/0x30 [ 210.418258] [ 210.458719] syz-executor.7 (3399) used greatest stack depth: 23896 bytes left [ 212.395990] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 212.398443] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 212.400726] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 212.405007] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 212.408136] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 212.410142] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 212.602348] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 212.604594] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 212.607710] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 212.612743] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 212.615823] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 212.618103] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 212.714627] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 212.716699] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 212.718778] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 212.722773] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 212.725517] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 212.727366] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 212.751576] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 212.758427] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 212.760529] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 212.772958] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 212.775679] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 212.781712] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 212.782626] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 212.784372] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 212.806652] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 212.811243] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 212.815008] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 212.822578] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 212.845265] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 212.848301] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 212.849945] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 212.859347] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 212.863707] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 212.865251] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 212.866436] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 212.873297] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 212.880562] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 212.884960] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 212.884986] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 212.922634] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 212.924424] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 212.926748] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 212.926829] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 212.927710] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 212.932554] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 212.933956] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 214.436357] Bluetooth: hci0: command tx timeout [ 214.631232] Bluetooth: hci1: command tx timeout [ 214.820254] Bluetooth: hci2: command tx timeout [ 214.884382] Bluetooth: hci4: command tx timeout [ 214.884582] Bluetooth: hci3: command tx timeout [ 215.014341] Bluetooth: hci7: command tx timeout [ 215.014407] Bluetooth: hci5: command tx timeout [ 215.015126] Bluetooth: hci6: command tx timeout [ 216.484342] Bluetooth: hci0: command tx timeout [ 216.676333] Bluetooth: hci1: command tx timeout [ 216.870199] Bluetooth: hci2: command tx timeout [ 216.932351] Bluetooth: hci4: command tx timeout [ 216.933343] Bluetooth: hci3: command tx timeout [ 217.060229] Bluetooth: hci6: command tx timeout [ 217.060704] Bluetooth: hci5: command tx timeout [ 217.061120] Bluetooth: hci7: command tx timeout [ 218.532241] Bluetooth: hci0: command tx timeout [ 218.725359] Bluetooth: hci1: command tx timeout [ 218.916224] Bluetooth: hci2: command tx timeout [ 218.980331] Bluetooth: hci3: command tx timeout [ 218.980812] Bluetooth: hci4: command tx timeout [ 219.108332] Bluetooth: hci7: command tx timeout [ 219.108892] Bluetooth: hci5: command tx timeout [ 219.110265] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 14:46:04 Registers: info registers vcpu 0 RAX=00000000000000e8 RBX=0000000000000000 RCX=0000000000000000 RDX=0000000000000006 RSI=0000000000000000 RDI=ffff88800f21ff58 RBP=ffff88800f21ff58 RSP=ffff88800f21ff18 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000007 R13=0000000000000000 R14=000055dd4255cdb0 R15=0000000000000000 RIP=ffffffff84a8e389 RFL=00000016 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fb175b498c0 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055dd4255cdb0 CR3=000000000999e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000055dd42534f700000000000001b37 XMM02=ffffffffffffffff00000000000000ff XMM03=696e656420737365636341002f737973 XMM04=000055dd425186d0000055dd42518570 XMM05=00000000000000000000000000000000 XMM06=000055dd425188400000000000000000 XMM07=00000000000000000000000000000000 XMM08=7269762f736563697665642f7379732f XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff8283f0d0 RDI=ffffffff886970a0 RBP=ffffffff88697060 RSP=ffff88800bd8ecc8 R8 =0000000000000000 R9 =ffffed1001478046 R10=00000000000fe503 R11=6f6c206863696877 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10d2e66 R15=dffffc0000000000 RIP=ffffffff8283f125 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000561536ac8050 CR3=000000000eb14000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=7465677261742e79636e656772656d65 XMM02=ffffffffffffffffffffffffffffffff XMM03=00000000000000000000000000000000 XMM04=0000561536a9cf100000561536aa1690 XMM05=3030323a346963682f346963682f00ff XMM06=697665642e3130323a376963682d3769 XMM07=00000000000000000000000000000000 XMM08=00000000000000510000000000000002 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000