syzkaller login: [ 61.858549] sshd (231) used greatest stack depth: 22944 bytes left Warning: Permanently added '[localhost]:29243' (ECDSA) to the list of known hosts. 2025/01/25 20:25:26 fuzzer started 2025/01/25 20:25:26 dialing manager at localhost:40883 [ 69.081045] cgroup: Unknown subsys name 'net' [ 69.168857] cgroup: Unknown subsys name 'cpuset' [ 69.200520] cgroup: Unknown subsys name 'rlimit' [ 74.756700] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/25 20:25:43 syscalls: 206 2025/01/25 20:25:43 code coverage: enabled 2025/01/25 20:25:43 comparison tracing: enabled 2025/01/25 20:25:43 extra coverage: enabled 2025/01/25 20:25:43 setuid sandbox: enabled 2025/01/25 20:25:43 namespace sandbox: enabled 2025/01/25 20:25:43 Android sandbox: enabled 2025/01/25 20:25:43 fault injection: enabled 2025/01/25 20:25:43 leak checking: enabled 2025/01/25 20:25:43 net packet injection: enabled 2025/01/25 20:25:43 net device setup: enabled 2025/01/25 20:25:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/25 20:25:43 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/25 20:25:43 USB emulation: enabled 2025/01/25 20:25:43 hci packet injection: enabled 2025/01/25 20:25:43 wifi device emulation: enabled 2025/01/25 20:25:43 802.15.4 emulation: enabled 2025/01/25 20:25:43 fetching corpus: 0, signal 0/0 (executing program) 2025/01/25 20:25:45 starting 8 fuzzer processes 20:25:45 executing program 0: write$P9_RFSYNC(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x33, 0x1}, 0x7) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x0, 0x3, 0x1}, 0x1000}}, 0x18) write$P9_RXATTRCREATE(r1, &(0x7f00000000c0)={0x7, 0x21, 0x1}, 0x7) write$9p(r1, &(0x7f0000000100)="e255212c0d12ddc7f81015e79a356af1a6639a186365224e0faff0948f928526e2c22476133b0831a9404a151b94fd517dbd3f64abfdebb3ce3e70d1469df17172ea77cfdefa3e4e3cc643d11eabce30912dd1d88c4c1a80ec157f65a327cd23aeb5dee324b14af65e0bb4e0e2ef8be66905cef9dfa16d37f11f2d4cd68e5b5468ad8433c1314c7d461d7a9b14e690049ca61109f1e32f069c856c14f53d6b34f1badcba59432aa2f3c3ed2661a9e3b1497fc66b2e3212a0da26e880", 0xbc) write$P9_RWRITE(r1, &(0x7f00000001c0)={0xb, 0x77, 0x2, 0x8}, 0xb) r2 = syz_open_dev$vcsa(&(0x7f0000000200), 0x100000001, 0x20002) write$P9_RLERRORu(r2, &(0x7f0000000240)={0x17, 0x7, 0x2, {{0xa, '-#)*-\xc0/b[\x00'}, 0x1}}, 0x17) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, 0x0, 0x8, 0x70bd25, 0x25dfdbfb, {}, [@ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x1}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}, @ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_RX={0x5}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x8801) write$P9_RAUTH(0xffffffffffffffff, &(0x7f00000003c0)={0x14, 0x67, 0x2, {0x40, 0x1, 0x2}}, 0x14) getsockopt$ARPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x63, &(0x7f0000000400)={'HL\x00'}, &(0x7f0000000440)=0x1e) write$P9_RFLUSH(r2, &(0x7f0000000480)={0x7, 0x6d, 0x1}, 0x7) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r1, 0xc0c89425, &(0x7f00000004c0)={"a0668c3a1d636b69f8a536459d38fd99", 0x0, 0x0, {0x4, 0x2}, {0x3, 0x7}, 0x10001, [0xfdd, 0x9, 0x0, 0x4, 0x9, 0x0, 0x6, 0x6, 0x9, 0x8, 0x9c, 0x7d, 0x5ba2, 0xe8d4, 0x378, 0x3]}) write$P9_RFSYNC(r2, &(0x7f00000005c0)={0x7, 0x33, 0x1}, 0x7) write$P9_RREADLINK(r0, &(0x7f0000000600)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000780)=@IORING_OP_STATX={0x15, 0x0, 0x0, r2, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000740)='./file0\x00', 0x20, 0x2000, 0x1}, 0x3192e0ab) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000008c0)={{{@in6=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in=@private}}, &(0x7f00000009c0)=0xe8) write$P9_RSTATu(r1, &(0x7f0000000a00)={0x61, 0x7d, 0x1, {{0x0, 0x42, 0xb1, 0x10000, {0x1, 0x4, 0x8}, 0x4000000, 0xfff, 0x1, 0x3ec, 0xb, '/dev/vcsa#\x00', 0x1, '%', 0x0, '', 0x3, '&[/'}, 0xa, '-#)*-\xc0/b[\x00', 0xee00, r3, r4}}, 0x61) r5 = syz_open_dev$vcsu(&(0x7f0000000a80), 0xffffffffffff52d1, 0x212000) sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f0000000c00)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b40)={0x48, 0x0, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x30, 0x2, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0xd}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}]}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x4048004) 20:25:45 executing program 1: getpeername$netlink(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$netlink(r0, 0x10e, 0x7, &(0x7f0000000080)=""/222, &(0x7f0000000180)=0xde) write$cgroup_devices(0xffffffffffffffff, &(0x7f00000001c0)={'c', ' *:* ', 'm\x00'}, 0x8) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x58, 0x13, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x4}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xe}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000000) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x101000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0x8, 0x70bd26, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_RX={0x5}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}, @ETHTOOL_A_PAUSE_TX={0x5}]}, 0x2c}}, 0x40000) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)={0x88, 0x13, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x4}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}]}, 0x88}, 0x1, 0x0, 0x0, 0x44000}, 0x4000) inotify_init() r1 = syz_open_dev$mouse(&(0x7f0000000600), 0xfffffffffffff001, 0x101000) r2 = syz_genetlink_get_family_id$fou(&(0x7f00000005c0), r1) sendmsg$FOU_CMD_GET(r1, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x20, r2, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4008800) r3 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000740), &(0x7f0000000780)=0x14) sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x44, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0xc800) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000900)=0x4, 0x4) r4 = socket$inet(0x2, 0x5, 0xfffffff9) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000940)) syz_genetlink_get_family_id$batadv(&(0x7f0000000980), r1) setsockopt$netlink_NETLINK_CAP_ACK(r1, 0x10e, 0xa, &(0x7f00000009c0)=0x12, 0x4) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000a40), &(0x7f0000000a80)=0x14) 20:25:45 executing program 2: sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0xf, 0x6, 0x5, 0x0, 0x0, {0xc, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, 0x7, 0x6, 0x301, 0x0, 0x0, {0xa, 0x0, 0x3}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x3da1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x25d1994d}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x477}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000005}, 0x4048000) sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, 0xd, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x48000) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000340)="8315f34fca8c844a6013edd2d186db573686ba0615e2157fa5f9a10244a0e6a96f616b6f46c839d4a7797a32319e3e4ff7f95459349cfd9567604157a10e117279f254e454d9700f7650cff5d09cef99292494d0b0e54124112e8e580f6b1bf34207457f0fee79962c77", 0x6a) semget(0x0, 0x4, 0x2) r1 = syz_open_dev$vcsa(&(0x7f00000003c0), 0x0, 0x6080) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x5c, 0x0, 0x8, 0x201, 0x0, 0x0, {0x7dd38d28f1f9a1db, 0x0, 0x2}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}, @CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_TIMEWAIT={0x8, 0x7, 0x1, 0x0, 0x600}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0xffff7847}, @CTA_TIMEOUT_DCCP_RESPOND={0x8, 0x2, 0x1, 0x0, 0x8}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xfbfb}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20004000}, 0x20006000) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x50, 0x1, 0x2, 0x101, 0x0, 0x0, {0x7}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x14, 0x4, @private0}}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x90}, 0x48004) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000680)=0x7, 0x4) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$BINDER_CTL_ADD(r1, 0xc1086201, &(0x7f00000006c0)={'binder0\x00'}) r2 = socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) sendmsg$IPSET_CMD_GET_BYINDEX(r1, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x34, 0xf, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_INDEX={0x6, 0xb, 0x4}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x4}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x80) socketpair(0x0, 0x4, 0x6, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPCTNL_MSG_CT_GET_DYING(r3, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0x5, 0x0, 0x9}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x10) getsockopt$WPAN_SECURITY(r3, 0x0, 0x1, &(0x7f0000000a80), &(0x7f0000000ac0)=0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r4, &(0x7f0000000bc0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x38, 0x17, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x38}}, 0x4048000) 20:25:45 executing program 3: r0 = eventfd(0x81) sendmsg$IPCTNL_MSG_CT_GET_DYING(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20000080) r1 = syz_io_uring_complete(0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000100), 0x5, 0xb7503) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000140)=r2, 0x1) r3 = syz_io_uring_setup(0x63af, &(0x7f0000000180)={0x0, 0xd533, 0x1, 0x1, 0x28f, 0x0, r1}, &(0x7f0000ffa000/0x5000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000240)) ioctl$BTRFS_IOC_START_SYNC(r3, 0x80089418, &(0x7f0000000280)) connect$netlink(r2, &(0x7f00000002c0)=@unspec, 0xc) msgget(0x0, 0x20) prctl$PR_SET_FPEMU(0xa, 0x2) write$P9_RREMOVE(r2, &(0x7f0000000300)={0x7, 0x7b, 0x2}, 0x7) r5 = syz_io_uring_complete(0x0) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f0000000340)=r5, 0x1) r6 = syz_io_uring_complete(r4) io_uring_register$IORING_UNREGISTER_BUFFERS(r6, 0x1, 0x0, 0x0) write$P9_RLCREATE(r6, &(0x7f0000000380)={0x18, 0xf, 0x2, {{0x2, 0x2, 0x4}}}, 0x18) r7 = syz_io_uring_setup(0xe91, &(0x7f00000003c0)={0x0, 0x6604, 0x4, 0x1, 0x158, 0x0, r1}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000480)=0x0) io_uring_register$IORING_REGISTER_EVENTFD(r7, 0x4, &(0x7f00000004c0), 0x1) syz_io_uring_submit(r4, r9, &(0x7f0000000580)=@IORING_OP_CONNECT={0x10, 0x8, 0x0, r0, 0x80, &(0x7f0000000500)=@un=@file={0x0, './file0\x00'}, 0x0, 0x0, 0x1}, 0xc95) syz_io_uring_submit(r8, r9, &(0x7f00000005c0)=@IORING_OP_NOP={0x0, 0x4}, 0x3f) [ 88.189503] audit: type=1400 audit(1737836745.882:7): avc: denied { execmem } for pid=278 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 20:25:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x8) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) r1 = io_uring_setup(0x3afe, &(0x7f0000000040)={0x0, 0x5dfe, 0x5, 0x0, 0x216}) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f00000000c0), 0x1) r2 = syz_open_dev$vcsa(&(0x7f0000000100), 0xbf66, 0x20000) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x70, 0x0, 0x10, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x4}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x8801}, 0x20000040) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000280)={'batadv_slave_0\x00', 0x0}) r5 = io_uring_setup(0x28e3, &(0x7f00000002c0)={0x0, 0x7b01, 0x4, 0x0, 0xc7, 0x0, r2}) io_uring_register$IORING_REGISTER_EVENTFD(r5, 0x4, &(0x7f0000000340)=r2, 0x1) semctl$SEM_STAT(0xffffffffffffffff, 0x0, 0x12, &(0x7f0000000380)=""/157) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000440)=0x7f, 0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000500)={{{@in=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@private1}}, &(0x7f0000000600)=0xe8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000640)={{{@in=@initdev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@private}}, &(0x7f0000000740)=0xe8) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000780)={'batadv0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r6, &(0x7f0000000900)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000008c0)={&(0x7f00000007c0)={0xd0, r7, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0xd0}}, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0xf3c94e7dc09e6d66}, 0xc, &(0x7f0000000a00)={&(0x7f0000000980)={0x4c, 0x0, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SOCKETS={0x14, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001}, 0x40000000) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000a80)) 20:25:45 executing program 5: r0 = syz_io_uring_complete(0x0) write$P9_RSTATu(r0, &(0x7f0000000000)={0x5b, 0x7d, 0x2, {{0x0, 0x41, 0x3ff, 0x80000001, {0x80, 0x0, 0x7}, 0x800000, 0x1f, 0x6, 0x1, 0x3, '\xe4!]', 0x1, '}', 0x1, '#', 0x9, '+%\xc2\\+}\x0e\'\\'}, 0x5, '@(-!}', 0xee00, 0xee00, 0xffffffffffffffff}}, 0x5b) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x7, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20040800}, 0x4000) socket$nl_audit(0x10, 0x3, 0x9) r1 = syz_open_dev$mouse(&(0x7f0000000180), 0xffffffffffffffff, 0x90040) sendmsg$IPCTNL_MSG_CT_GET_DYING(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x400c8c0}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, 0x3, 0x8, 0x101, 0x0, 0x0, {0x2, 0x0, 0x7}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_CLOSED={0x8, 0x1, 0x1, 0x0, 0x7f}, @CTA_TIMEOUT_SCTP_SHUTDOWN_ACK_SENT={0x8, 0x7, 0x1, 0x0, 0x80000001}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x2000000) r2 = syz_io_uring_complete(0x0) sendmsg$FOU_CMD_ADD(r2, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x64, 0x0, 0x588, 0x70bd2b, 0x25dfdbfd, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_PEER_V4={0x8, 0x8, @rand_addr=0x64010102}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x2f}, @FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PEER_V6={0x14, 0x9, @private1}, @FOU_ATTR_IPPROTO={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x10000048) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r3, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x14, 0x4, 0x1, 0x0, 0x0, 0x0, {0x2, 0x0, 0x1}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4000008) socketpair(0x25, 0x3, 0x1000, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_SET_HARDIF(r4, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x38, 0x0, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x48050}, 0x4008001) socketpair(0x1d, 0x1, 0x7, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r4, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x14, 0x0, 0x10, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x80) sendmsg$NFNL_MSG_CTHELPER_NEW(r5, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x1c, 0x0, 0x9, 0x201, 0x0, 0x0, {0xfaea13d8fb9c00ac}, [@NFCTH_STATUS={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20041004) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000980)) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x5, &(0x7f00000009c0)=""/15, &(0x7f0000000a00)=0xf) r6 = syz_open_dev$vcsa(&(0x7f0000000a40), 0x8, 0x101000) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r6, &(0x7f0000000b40)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x38, 0x0, 0x8, 0x5, 0x0, 0x0, {0xc, 0x0, 0x5}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88f8}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x4c400}, 0x20000000) 20:25:45 executing program 6: sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x54, 0x0, 0x9, 0x3, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x9}}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x2}}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x80000001}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x6}}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x400}}]}, 0x54}}, 0x4005) r0 = syz_open_dev$vcsa(&(0x7f0000000140), 0x1f, 0x305100) sendmsg$AUDIT_DEL_RULE(r0, &(0x7f0000000640)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000600)={&(0x7f00000001c0)={0x424, 0x3f4, 0x400, 0x70bd2a, 0x25dfdbfe, {0x3, 0x1, 0x36, [0x101, 0x3, 0x81ac, 0x4, 0x6, 0x10001, 0xfffffff8, 0x8, 0x8001, 0x0, 0xfffffd7b, 0x4, 0x7, 0x8, 0x9, 0x800, 0x7, 0xffffffe0, 0xffffffff, 0xfd28, 0xfffffe00, 0x11, 0x8, 0x0, 0x0, 0xffff, 0xf69, 0x6, 0xd5ae, 0x7fff, 0xffff, 0x50d4, 0x1, 0x3f, 0x5, 0x8, 0x1, 0x3, 0x7, 0x0, 0x2, 0x1000, 0x1, 0xe91, 0x1ff, 0xffffffff, 0x7, 0x3, 0x4, 0x1000, 0xffff0001, 0xffffffff, 0x8, 0x4, 0x7f, 0xffffdd19, 0x3ff, 0x40, 0xffffff81, 0xfffffffd, 0x3bbb000, 0x0, 0x1, 0x7], [0x200, 0x3, 0x401, 0x7ff, 0x9, 0xa39, 0x5, 0xc0, 0xfffffeff, 0x1, 0x0, 0xc90, 0x10001, 0x3ff, 0x101, 0x2, 0xff, 0x8000, 0x3, 0x5, 0x2, 0x1, 0x2, 0x2, 0x5, 0x3, 0x8000, 0x3, 0x1, 0x9, 0x38, 0x5, 0x3, 0x2, 0x10000, 0x7, 0x2, 0x1, 0x735, 0x0, 0xaa43, 0x3, 0x4, 0x80000000, 0x44000000, 0x80, 0x8000, 0x40, 0x40, 0x20, 0xde, 0xde, 0x5, 0x4, 0x3, 0x1, 0x40, 0x4, 0x4, 0x83, 0x0, 0x2, 0x3f, 0x3], [0x1f, 0x1, 0x9, 0x7fff, 0x10000, 0xffff, 0x6, 0x6, 0xfff, 0x8, 0x70, 0x9, 0x400, 0x8, 0x1, 0x1, 0x0, 0x2ee5e951, 0x3, 0x447e, 0xfffffff7, 0x20, 0x3ff, 0x33a6, 0xc315, 0x9, 0xb94, 0x9, 0xff, 0xfff, 0x7fff, 0xeb, 0x7, 0x5, 0x1ff, 0x40, 0xbfaa, 0x20, 0x9, 0x323, 0x7, 0x6, 0x0, 0x0, 0x800, 0x80000000, 0x101, 0x9, 0x5, 0x20, 0xa71b, 0x6, 0x0, 0x4, 0x200, 0x400, 0x7ff, 0xf9b, 0x4, 0x60d6, 0x9, 0xffffffc1, 0xc5, 0x1], [0x8000, 0x81, 0xfffffff9, 0x80000000, 0x6fe, 0xffff, 0x9, 0x55fd, 0x3, 0x5, 0x0, 0x5, 0x3f, 0x0, 0x4, 0x7ff, 0x8000, 0x2a, 0x7, 0xe6e, 0xffffffa3, 0x4d2, 0x8, 0x8, 0x2, 0x8001, 0x5, 0x8, 0x101, 0x2, 0x0, 0x9, 0x6, 0x6, 0x2, 0x7fffffff, 0x1, 0x5, 0x4, 0x6092, 0x1, 0x10000, 0x1, 0xfff, 0x2, 0x3, 0xfd0, 0x10001, 0x3, 0xff, 0x6, 0xfffffffe, 0x3, 0x1000, 0x7d, 0x5, 0x401, 0x2, 0x8001, 0xc21, 0x8, 0x3, 0x1, 0x1], 0x1, ['\x00']}, [""]}, 0x424}, 0x1, 0x0, 0x0, 0x8000}, 0x4000094) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000680), 0x8000, 0x0) write$P9_RLOCK(r1, &(0x7f00000006c0)={0x8, 0x35, 0x1}, 0x8) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000007c0)={0x34, 0x0, &(0x7f0000000700)=[@exit_looper, @acquire_done={0x40106309, 0x3}, @decrefs={0x40046307, 0x3}, @acquire_done={0x40106309, 0x2}], 0x5c, 0x0, &(0x7f0000000740)="3035ef30567abf0c1f1c4a81de1cbe592b743352cc5e0e408fdf234d006662c44a74ef7df2e67173ac56ddf074ae31a63da9ed98cbb0483a6a5a13c3c6d8b283dd92aa84b01d41c64902accc2a1b11ec4b937b310e0450989eecc4cd"}) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7ff}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8001}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x80000000}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1}]}, 0x44}}, 0x8080) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000980)={'batadv_slave_1\x00', 0x0}) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000009c0)={{{@in=@broadcast, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private1}, 0x0, @in=@broadcast}}, &(0x7f0000000ac0)=0xe8) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000b00)={'batadv0\x00', 0x0}) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000b40)={{{@in6=@mcast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in=@dev}}, &(0x7f0000000c40)=0xe8) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000f00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000c80)={0x22c, 0x0, 0x2, 0x70bd26, 0x25dfdbfe, {}, [@HEADER={0x90, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x22c}, 0x1, 0x0, 0x0, 0x44}, 0x4044001) r6 = openat$cgroup_devices(r0, &(0x7f0000000f40)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r6, &(0x7f0000000f80)={'a', ' *:* ', 'r\x00'}, 0x8) write$P9_RREADDIR(r6, &(0x7f0000000fc0)={0xa6, 0x29, 0x2, {0x15f, [{{0x8, 0x2, 0x5}, 0xa79, 0x0, 0x7, './file0'}, {{0x80, 0x4, 0x8}, 0x6, 0x80, 0x7, './file0'}, {{0x2, 0x3}, 0x400, 0x1, 0x7, './file0'}, {{0x80, 0x0, 0x3}, 0x3, 0x6, 0x7, './file0'}, {{0x80, 0x1, 0x7}, 0x7f, 0x9, 0x7, './file0'}]}}, 0xa6) r7 = syz_io_uring_complete(0x0) sendmsg$BATADV_CMD_SET_HARDIF(r7, &(0x7f0000001180)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001140)={&(0x7f00000010c0)={0x44, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x80000001}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x4}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x9}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x80000001}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x200}]}, 0x44}, 0x1, 0x0, 0x0, 0xf465506e0db8aacb}, 0x40004) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000001200), r0) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000001240)={{{@in, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in=@initdev}}, &(0x7f0000001340)=0xe8) sendmsg$BATADV_CMD_GET_MESH(r7, &(0x7f0000001400)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x108001}, 0xc, &(0x7f00000013c0)={&(0x7f0000001380)={0x34, r8, 0x200, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r9}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x40) 20:25:46 executing program 7: connect$netlink(0xffffffffffffffff, &(0x7f0000000000)=@kern={0x10, 0x0, 0x0, 0x200}, 0xc) r0 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff) r1 = syz_open_dev$vcsa(&(0x7f0000000080), 0x37, 0x0) msgget(0x3, 0x94) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f00000000c0)=0x6, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000100)=0x1a, 0x4) getpeername$netlink(r1, &(0x7f0000000140), &(0x7f0000000180)=0xc) syz_genetlink_get_family_id$nbd(&(0x7f00000001c0), 0xffffffffffffffff) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000001300)={&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000200)=""/4096, 0x1000, 0x0, &(0x7f0000001200)=""/233, 0xe9}, &(0x7f0000001340)=0x40) sendmsg$FOU_CMD_GET(r1, &(0x7f0000001480)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001440)={&(0x7f00000013c0)={0x6c, r0, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e20}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x3c}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @dev={0xfe, 0x80, '\x00', 0x2d}}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @remote}, @FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast1}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e23}]}, 0x6c}, 0x1, 0x0, 0x0, 0x810}, 0x1) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000014c0)=0x1f, 0x4) socketpair(0x18, 0x8000a, 0x1, &(0x7f0000001500)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000001580), r1) sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f0000001680)={&(0x7f0000001540)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001640)={&(0x7f00000015c0)={0x5c, r4, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x400}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x9}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x4040001) waitid$P_PIDFD(0x3, r1, &(0x7f00000016c0), 0x2, &(0x7f0000001740)) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000001840), r3) sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f0000001940)={&(0x7f0000001800)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001900)={&(0x7f0000001880)={0x5c, r5, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000810}, 0x8001) getsockopt$netlink(r1, 0x10e, 0x6, &(0x7f0000001980)=""/236, &(0x7f0000001a80)=0xec) r6 = syz_io_uring_complete(0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000001ac0), r6) [ 89.582858] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.584828] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.586861] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.590560] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.592416] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 89.593524] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.681771] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.688490] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.692987] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.696633] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.700014] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 89.701393] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.820776] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.822304] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.827729] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.828528] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.838236] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 89.839875] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.848152] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 89.850736] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 89.856847] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 89.860789] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 89.861933] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.862643] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.870626] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 89.875213] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 89.876399] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.879097] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 89.882954] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.884172] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.885029] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 89.886863] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 89.889685] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 89.890497] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 89.891187] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 89.892052] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 89.893080] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.899011] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.901686] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.905476] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 89.912796] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 89.915136] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 89.927370] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.936673] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 89.951616] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 89.961688] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.963937] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 89.968798] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 91.657931] Bluetooth: hci0: command tx timeout [ 91.785473] Bluetooth: hci1: command tx timeout [ 91.977366] Bluetooth: hci2: command tx timeout [ 91.980314] Bluetooth: hci6: command tx timeout [ 91.980890] Bluetooth: hci4: command tx timeout [ 91.981456] Bluetooth: hci5: command tx timeout [ 92.042544] Bluetooth: hci7: command tx timeout [ 92.042609] Bluetooth: hci3: command tx timeout [ 93.706350] Bluetooth: hci0: command tx timeout [ 93.833537] Bluetooth: hci1: command tx timeout [ 94.026101] Bluetooth: hci6: command tx timeout [ 94.026183] Bluetooth: hci5: command tx timeout [ 94.027396] Bluetooth: hci4: command tx timeout [ 94.027518] Bluetooth: hci2: command tx timeout [ 94.091320] Bluetooth: hci7: command tx timeout [ 94.091794] Bluetooth: hci3: command tx timeout [ 95.755290] Bluetooth: hci0: command tx timeout [ 95.883303] Bluetooth: hci1: command tx timeout [ 96.073348] Bluetooth: hci2: command tx timeout [ 96.073865] Bluetooth: hci6: command tx timeout [ 96.074356] Bluetooth: hci4: command tx timeout [ 96.074767] Bluetooth: hci5: command tx timeout [ 96.137334] Bluetooth: hci3: command tx timeout [ 96.137827] Bluetooth: hci7: command tx timeout [ 97.801348] Bluetooth: hci0: command tx timeout [ 97.930472] Bluetooth: hci1: command tx timeout [ 98.121439] Bluetooth: hci5: command tx timeout [ 98.121996] Bluetooth: hci4: command tx timeout [ 98.123121] Bluetooth: hci6: command tx timeout [ 98.123657] Bluetooth: hci2: command tx timeout [ 98.186341] Bluetooth: hci7: command tx timeout [ 98.186886] Bluetooth: hci3: command tx timeout [ 149.888560] [ 149.889011] ====================================================== [ 149.890156] WARNING: possible circular locking dependency detected [ 149.891333] 6.13.0-next-20250124 #1 Not tainted [ 149.895491] ------------------------------------------------------ [ 149.899195] kworker/u8:1/65 is trying to acquire lock: [ 149.900418] ffffffff8621d8e8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 149.902841] [ 149.902841] but task is already holding lock: [ 149.904180] ffff8880344f0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 149.906067] [ 149.906067] which lock already depends on the new lock. [ 149.906067] [ 149.907559] [ 149.907559] the existing dependency chain (in reverse order) is: [ 149.908932] [ 149.908932] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 149.910198] __mutex_lock+0x13d/0xb50 [ 149.911125] wiphy_register+0x1b2e/0x25d0 [ 149.912099] ieee80211_register_hw+0x23a4/0x3d60 [ 149.913143] mac80211_hwsim_new_radio+0x2759/0x4d60 [ 149.914249] init_mac80211_hwsim+0x389/0x870 [ 149.915284] do_one_initcall+0xf9/0x640 [ 149.916242] kernel_init_freeable+0x53d/0x7a0 [ 149.917276] kernel_init+0x1e/0x2d0 [ 149.918101] ret_from_fork+0x48/0x80 [ 149.918953] ret_from_fork_asm+0x1a/0x30 [ 149.919942] [ 149.919942] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 149.921123] __lock_acquire+0x29fd/0x4580 [ 149.922083] lock_acquire+0x19b/0x520 [ 149.922985] __mutex_lock+0x13d/0xb50 [ 149.923886] unregister_netdevice_many_notify+0x1612/0x1c80 [ 149.924946] unregister_netdevice_queue+0x224/0x2e0 [ 149.925901] _cfg80211_unregister_wdev+0x57b/0x700 [ 149.926883] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 149.927832] ieee80211_unregister_hw+0x55/0x3a0 [ 149.928742] hwsim_exit_net+0x3a0/0x730 [ 149.929548] ops_exit_list+0xb3/0x180 [ 149.930313] cleanup_net+0x546/0xad0 [ 149.931095] process_one_work+0x8ee/0x1a10 [ 149.931973] worker_thread+0x674/0xe70 [ 149.932806] kthread+0x3ab/0x720 [ 149.933523] ret_from_fork+0x48/0x80 [ 149.934259] ret_from_fork_asm+0x1a/0x30 [ 149.935113] [ 149.935113] other info that might help us debug this: [ 149.935113] [ 149.936373] Possible unsafe locking scenario: [ 149.936373] [ 149.937367] CPU0 CPU1 [ 149.938155] ---- ---- [ 149.938981] lock(&rdev->wiphy.mtx); [ 149.939779] lock(rtnl_mutex); [ 149.940786] lock(&rdev->wiphy.mtx); [ 149.941871] lock(rtnl_mutex); [ 149.942463] [ 149.942463] *** DEADLOCK *** [ 149.942463] [ 149.943447] 4 locks held by kworker/u8:1/65: [ 149.944186] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 149.945911] #1: ffff88800deb7d30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 149.947570] #2: ffffffff86211910 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 149.949140] #3: ffff8880344f0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 149.950922] [ 149.950922] stack backtrace: [ 149.951655] CPU: 1 UID: 0 PID: 65 Comm: kworker/u8:1 Not tainted 6.13.0-next-20250124 #1 [ 149.951739] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 149.951782] Workqueue: netns cleanup_net [ 149.951864] Call Trace: [ 149.951884] [ 149.951907] dump_stack_lvl+0xca/0x120 [ 149.952019] print_circular_bug+0x47b/0x750 [ 149.952110] check_noncircular+0x2e9/0x3c0 [ 149.952195] ? __pfx_check_noncircular+0x10/0x10 [ 149.952280] ? hlock_class+0x4e/0x130 [ 149.952339] ? srso_return_thunk+0x5/0x5f [ 149.952450] ? mark_lock+0xac/0xed0 [ 149.952529] ? srso_return_thunk+0x5/0x5f [ 149.952645] ? lockdep_lock+0xba/0x1b0 [ 149.952768] ? __pfx_lockdep_lock+0x10/0x10 [ 149.952893] __lock_acquire+0x29fd/0x4580 [ 149.953001] ? __pfx___lock_acquire+0x10/0x10 [ 149.953087] ? lock_release+0x20f/0x6f0 [ 149.953175] ? __pfx_lock_release+0x10/0x10 [ 149.953261] ? srso_return_thunk+0x5/0x5f [ 149.953380] lock_acquire+0x19b/0x520 [ 149.953467] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 149.953564] ? __pfx_lock_acquire+0x10/0x10 [ 149.953659] ? srso_return_thunk+0x5/0x5f [ 149.953787] ? lock_is_held_type+0x9e/0x120 [ 149.953898] ? srso_return_thunk+0x5/0x5f [ 149.954016] __mutex_lock+0x13d/0xb50 [ 149.954120] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 149.954210] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 149.954302] ? srso_return_thunk+0x5/0x5f [ 149.954412] ? synchronize_rcu_expedited+0x38a/0x420 [ 149.954499] ? __pfx___mutex_lock+0x10/0x10 [ 149.954607] ? srso_return_thunk+0x5/0x5f [ 149.954745] ? srso_return_thunk+0x5/0x5f [ 149.954856] ? kasan_quarantine_put+0x84/0x1e0 [ 149.954975] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 149.955045] ? srso_return_thunk+0x5/0x5f [ 149.955164] unregister_netdevice_many_notify+0x1612/0x1c80 [ 149.955255] ? __virt_addr_valid+0x2e8/0x5d0 [ 149.955359] ? __pfx_lock_release+0x10/0x10 [ 149.955449] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 149.955541] ? find_held_lock+0x2c/0x110 [ 149.955657] ? srso_return_thunk+0x5/0x5f [ 149.955781] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 149.955900] ? srso_return_thunk+0x5/0x5f [ 149.956010] ? lock_release+0x20f/0x6f0 [ 149.956098] ? __pfx_lock_release+0x10/0x10 [ 149.956185] ? srso_return_thunk+0x5/0x5f [ 149.956294] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 149.956389] ? srso_return_thunk+0x5/0x5f [ 149.956510] unregister_netdevice_queue+0x224/0x2e0 [ 149.956597] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 149.956689] ? up_write+0x195/0x520 [ 149.956803] _cfg80211_unregister_wdev+0x57b/0x700 [ 149.956907] ? srso_return_thunk+0x5/0x5f [ 149.957025] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 149.957102] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 149.957179] ? srso_return_thunk+0x5/0x5f [ 149.957289] ? srso_return_thunk+0x5/0x5f [ 149.957399] ? synchronize_rcu+0x1ff/0x260 [ 149.957484] ieee80211_unregister_hw+0x55/0x3a0 [ 149.957573] hwsim_exit_net+0x3a0/0x730 [ 149.957657] ? __pfx_hwsim_exit_net+0x10/0x10 [ 149.957754] ? srso_return_thunk+0x5/0x5f [ 149.957865] ? netdev_run_todo+0x788/0x1040 [ 149.957963] ? __pfx_hwsim_exit_net+0x10/0x10 [ 149.958049] ops_exit_list+0xb3/0x180 [ 149.958133] cleanup_net+0x546/0xad0 [ 149.958222] ? __pfx_cleanup_net+0x10/0x10 [ 149.958329] process_one_work+0x8ee/0x1a10 [ 149.958460] ? __pfx_lock_acquire+0x10/0x10 [ 149.958549] ? __pfx_process_one_work+0x10/0x10 [ 149.958679] ? srso_return_thunk+0x5/0x5f [ 149.958799] ? move_linked_works+0x172/0x270 [ 149.958888] ? srso_return_thunk+0x5/0x5f [ 149.958998] ? assign_work+0x196/0x240 [ 149.959113] worker_thread+0x674/0xe70 [ 149.959229] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 149.959333] ? srso_return_thunk+0x5/0x5f [ 149.959442] ? __pfx_worker_thread+0x10/0x10 [ 149.959562] kthread+0x3ab/0x720 [ 149.959666] ? __pfx_kthread+0x10/0x10 [ 149.959778] ? srso_return_thunk+0x5/0x5f [ 149.959890] ? finish_task_switch.isra.0+0x206/0x840 [ 149.959991] ? __pfx_kthread+0x10/0x10 [ 149.960099] ret_from_fork+0x48/0x80 [ 149.960161] ? __pfx_kthread+0x10/0x10 [ 149.960267] ret_from_fork_asm+0x1a/0x30 [ 149.960399] [ 152.018094] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 152.020593] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 152.022515] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 152.027827] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 152.030819] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 152.032914] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 152.081773] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 152.089717] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 152.091800] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 152.098054] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 152.100454] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 152.104485] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 152.145425] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 152.149495] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 152.152639] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 152.157664] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 152.159790] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 152.161905] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 152.164520] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 152.192691] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 152.196846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 152.208732] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 152.209474] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 152.211609] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 152.215909] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 152.220435] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 152.222604] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 152.224791] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 152.228467] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 152.229778] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 152.233194] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 152.245997] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 152.251945] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 152.254523] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 152.256210] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 152.273520] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 152.288546] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 152.290333] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 152.292620] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 152.298845] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 152.322049] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 152.323421] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 152.330031] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 152.335559] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 152.343512] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 152.344541] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 152.370699] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 152.372765] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 154.057281] Bluetooth: hci0: command tx timeout [ 154.121338] Bluetooth: hci1: command tx timeout [ 154.249302] Bluetooth: hci3: command tx timeout [ 154.314394] Bluetooth: hci4: command tx timeout [ 154.314538] Bluetooth: hci2: command tx timeout [ 154.314961] Bluetooth: hci5: command tx timeout [ 154.442260] Bluetooth: hci7: command tx timeout [ 154.442754] Bluetooth: hci6: command tx timeout [ 156.106332] Bluetooth: hci0: command tx timeout [ 156.169419] Bluetooth: hci1: command tx timeout [ 156.297403] Bluetooth: hci3: command tx timeout [ 156.361514] Bluetooth: hci4: command tx timeout [ 156.361957] Bluetooth: hci2: command tx timeout [ 156.362601] Bluetooth: hci5: command tx timeout [ 156.491039] Bluetooth: hci6: command tx timeout [ 156.491566] Bluetooth: hci7: command tx timeout [ 158.153351] Bluetooth: hci0: command tx timeout [ 158.219435] Bluetooth: hci1: command tx timeout [ 158.349388] Bluetooth: hci3: command tx timeout [ 158.409311] Bluetooth: hci2: command tx timeout [ 158.409356] Bluetooth: hci5: command tx timeout [ 158.409787] Bluetooth: hci4: command tx timeout [ 158.537385] Bluetooth: hci7: command tx timeout [ 158.537536] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 20:26:47 Registers: info registers vcpu 0 RAX=ffff88800a453780 RBX=ffff888074ec7868 RCX=ffffffff81429a4a RDX=1ffff11001bcf100 RSI=0000000000000008 RDI=ffff88800de78800 RBP=ffffffffffffffff RSP=ffff88800dec7dd0 R8 =0000000000000000 R9 =ffffed1001bcf100 R10=ffff88800de78807 R11=0000000000000001 R12=ffff888074ec7ff9 R13=ffffffff8864f1c8 R14=ffff88800a453780 R15=0000000000000086 RIP=ffffffff81aefac6 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f610ef60af8 CR3=000000000ce36000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=e57699a7ff747eb8844760859bdc61e8 XMM02=00000000000ff6b8a3797342f9eb3dd9 XMM03=000000000013388868a8aee3740b9fad XMM04=678481123994bdeb00000000000ae988 XMM05=9f165a4fe6c971ad0000000000137a58 XMM06=439522edc1a7287a00000000001379b8 XMM07=2488416fff9b863600000000001338e0 XMM08=68a8aee3740b9fad00000000000ff798 XMM09=00000000000000000000000000000000 XMM10=20000000000000002000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283f165 RDI=ffffffff886970a0 RBP=ffffffff88697060 RSP=ffff88800deb6d20 R8 =0000000000000000 R9 =ffffed1001880046 R10=0000000000000020 R11=2d2d2d2d2d2d2d2d R12=0000000000000020 R13=0000000000000010 R14=ffffffff88697060 R15=ffffffff8283f150 RIP=ffffffff8283f1bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000c00577f000 CR3=000000000d490000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=000000000000000041536e8600000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000