Warning: Permanently added '[localhost]:48807' (ECDSA) to the list of known hosts. 2025/01/27 20:06:35 fuzzer started 2025/01/27 20:06:36 dialing manager at localhost:40883 syzkaller login: [ 69.553079] cgroup: Unknown subsys name 'net' [ 69.620470] cgroup: Unknown subsys name 'cpuset' [ 69.655277] cgroup: Unknown subsys name 'rlimit' [ 75.687695] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 85.559125] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/27 20:06:52 syscalls: 222 2025/01/27 20:06:52 code coverage: enabled 2025/01/27 20:06:52 comparison tracing: enabled 2025/01/27 20:06:52 extra coverage: enabled 2025/01/27 20:06:52 setuid sandbox: enabled 2025/01/27 20:06:52 namespace sandbox: enabled 2025/01/27 20:06:52 Android sandbox: enabled 2025/01/27 20:06:52 fault injection: enabled 2025/01/27 20:06:52 leak checking: enabled 2025/01/27 20:06:52 net packet injection: enabled 2025/01/27 20:06:52 net device setup: enabled 2025/01/27 20:06:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/27 20:06:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/27 20:06:52 USB emulation: enabled 2025/01/27 20:06:52 hci packet injection: enabled 2025/01/27 20:06:52 wifi device emulation: enabled 2025/01/27 20:06:52 802.15.4 emulation: enabled 2025/01/27 20:06:52 fetching corpus: 0, signal 0/0 (executing program) 2025/01/27 20:06:53 starting 8 fuzzer processes 20:06:53 executing program 0: ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(0xffffffffffffffff, 0xc05c5340, &(0x7f0000000000)={0x8bda, 0x1, 0x4, {0x2b, 0x1000}, 0x80, 0x7}) timer_create(0x1, &(0x7f0000000100)={0x0, 0x14, 0x4, @thr={&(0x7f0000000080)="0356cd22a8b706f65b0ee9381627ae2880e559f86618ee67d9c3c4ca", &(0x7f00000000c0)="2c2382a23d87e29d69934d4ba3617ea820ab793019c4de3b30031fa34598d8317e4ee817c2db76e7a6ce34652afbc3"}}, &(0x7f0000000140)=0x0) r1 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x9) r2 = syz_open_pts(r1, 0x480000) setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000180)="05b75411a62c20814e142f88493a916298eac43507fb2aca7403221ca560e43be2636cc35ae8f3eb8eca1d9d4363e36f84316dce5c3a04293d55d688d0b7340ca3466b411e768fd8bb37de79119a29e83ed3e1976331f00782475dda9722c4623761d7acd03e3b954ba8eab1638a54f4b2a6d24323db3484914d3dee01218b870bcc2e37c9d170e90b14f1e516a38c71e54da828301138db7461fd2db50969558144e61162355504362bbfd1eba8051e1681184fe221d61ecfa27352759fa076fba2", 0xc2) timer_getoverrun(0x0) ioctl$KDSIGACCEPT(r2, 0x4b4e, 0x29) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000280), 0x10040, 0x0) sendmsg$NL80211_CMD_DEL_TX_TS(r3, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x0, 0x8, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x48010) r4 = syz_open_pts(r2, 0x20000) ioctl$TCSETS(r4, 0x5402, &(0x7f00000003c0)={0x80, 0x7f, 0x7, 0x3a9dbaa, 0x2, "04d9f756c146f53bd8e9058f5ac04f7904926e"}) r5 = syz_open_pts(r2, 0x200000) ioctl$PIO_UNIMAP(r5, 0x4b67, &(0x7f0000000440)={0x9, &(0x7f0000000400)=[{0x800, 0xff}, {0x1, 0x30}, {0x3f, 0x1ff}, {0x7f, 0x8}, {0x3, 0x4a5}, {0x4, 0x8000}, {0x5, 0x7}, {0xb28, 0x1}, {0xe070, 0x7ff}]}) timer_delete(r0) r6 = getpid() r7 = accept(r3, 0x0, &(0x7f0000000480)) kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, 0xffffffffffffffff, &(0x7f00000004c0)={r3, r7, 0x2}) timer_create(0x4, &(0x7f0000000640)={0x0, 0x5, 0x0, @thr={&(0x7f0000000500)="2ab915a24df943d98d98370ebf4e20cf75c94b0e1d3b775c2ba8e71d2d852b4e9bc054b7317c7c30ef22da7d8848312d83e97001c16de0c0f9e499aeb8e273d13efc9d6139e1f2808cbbf95ef48e667395a2b3e5c8ed56582dd1bbddd8b0fda922e8cdf9eb163021194c8736d41293315cf2f5a5ea078693a40a4d9717aa1ed8abb7bf838781a36a6518967bf0d293ab9f091a03e531604bb6d599bcd08ba3752be34a41ada099137b9b4afdd1e77089f2dd422b516521a3d6392b49fd90036decb32bbaba36e05e2f17b4b5ca612cb8c0e7480a41d4e7781837d86eade9f4bf3985b5f7d5", &(0x7f0000000600)="e0b93952965e086920461787937bb790e7e8"}}, &(0x7f0000000680)) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$GTP_CMD_NEWPDP(r8, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x68, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@GTPA_LINK={0x8}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x18}}, @GTPA_NET_NS_FD={0x8, 0x7, r3}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_I_TEI={0x8, 0x8, 0x4}, @GTPA_I_TEI={0x8}, @GTPA_TID={0xc, 0x3, 0x3}, @GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_I_TEI={0x8, 0x8, 0x3}, @GTPA_O_TEI={0x8, 0x9, 0x3}]}, 0x68}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) 20:06:53 executing program 1: write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x1, 0x6, 0x77, 0xf5, @tick=0x3, {0x8, 0x4}, {0x8, 0xf9}, @raw32={[0x80000000, 0x800, 0x1f]}}, {0x81, 0x51, 0x99, 0x7f, @time={0x0, 0x3ff}, {0x47}, {0x6, 0x40}, @queue={0x1, {0x1, 0x778}}}, {0x3, 0x5, 0x1, 0xe6, @time={0x100, 0x7ff}, {0x20, 0x1}, {0x20, 0x81}, @addr={0x4f, 0x5}}, {0x5, 0x0, 0x81, 0xff, @time={0x0, 0x1f}, {0x0, 0x8}, {0x4, 0x7f}, @note={0xff, 0xff, 0x7, 0x3, 0xfffffffa}}], 0x70) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(0xffffffffffffffff, 0xc0505350, &(0x7f0000000080)={{0x24, 0x3}, {0x9, 0x3f}, 0x1000, 0x2, 0xf5}) ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000100)=""/180) r0 = socket$netlink(0x10, 0x3, 0x1) sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x44, 0x0, 0x100, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x3, 0x26}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x44}, 0x1, 0x0, 0x0, 0x2400c09c}, 0x4020) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000300)={{0x5, 0x4}, 'port0\x00', 0x8, 0xc0823, 0x0, 0x6, 0x1, 0x3eb, 0xffffffff, 0x0, 0x6, 0x8}) sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x40, 0x0, 0x110, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0xf}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xff}, @NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x401}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x1ff}]}, 0x40}, 0x1, 0x0, 0x0, 0x88d1}, 0x20000800) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_OCB(r0, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x40, r1, 0x200, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xfffffffd, 0x15}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xef}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2d}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x800) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(0xffffffffffffffff, 0xc05c5340, &(0x7f0000000640)={0x8, 0xffffffff, 0x5a, {0xb90, 0x10000}, 0x7, 0x3}) socketpair(0x1d, 0xa, 0x5, &(0x7f00000006c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) timer_getoverrun(0x0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x1c, r1, 0x2, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x21) sendmsg$NL80211_CMD_ADD_TX_TS(r3, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x58, r1, 0x300, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6f}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xe}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x4000) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_ACCEPT(r5, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x44, 0x0, 0x800, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @remote}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'tunl0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x24004090}, 0x24000041) sendmsg$NL80211_CMD_RADAR_DETECT(r3, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x38, 0x0, 0x20, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x3, 0x6f}}}}, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x40}, @NL80211_ATTR_WIPHY_FREQ={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x840}, 0x8810) 20:06:53 executing program 2: sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x0, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x54b, 0x4a}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c800}, 0x0) sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, 0x0, 0x4, 0x70bd25, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x6c06ce7c612bf880) sendmsg$NL80211_CMD_RADAR_DETECT(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x50020244}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x30, 0x0, 0x300, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x3, 0x1a}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x8080}, 0x4814) sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x38, 0x0, 0x4, 0x70bd28, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x38}, 0x1, 0x0, 0x0, 0x8081}, 0x40000) sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x50, 0x0, 0x10, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x4c, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0xc77, 0x4}}}}, [@NL80211_ATTR_CQM={0x24, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x5}, @NL80211_ATTR_CQM_RSSI_THOLD={0x10, 0x1, [0xfffeffff, 0xffff, 0x3ff]}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x2ff}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x84) sendmsg$NL80211_CMD_RADAR_DETECT(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x24, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1d2}]}, 0x24}}, 0x40d0) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x30, 0x0, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010102}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @local}]}, 0x30}}, 0x4000040) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000008c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_FLUSH_PMKSA(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x1c, r0, 0x100, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x100000c5}, 0x1000) ioctl$TIOCL_GETKMSGREDIRECT(0xffffffffffffffff, 0x541c, &(0x7f00000009c0)) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x20, r0, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x62, 0x5f}}}}, ["", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4004000) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b40), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000b00), 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x40, r1, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x3f}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x57}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x7f}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xa}]}, 0x40}, 0x1, 0x0, 0x0, 0x60040050}, 0x880) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000c40)={'wpan4\x00'}) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x5) ioctl$KDGETLED(r2, 0x4b31, &(0x7f0000000c80)) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000d00), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d40)={0x38, r3, 0x400, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x15}, @val={0x8}, @val={0xc, 0x99, {0x7fff, 0x70}}}}, [@NL80211_ATTR_IFINDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000800}, 0x8050) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x3c, 0x0, 0x2, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x80000000}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x10000}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}]]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c001}, 0x4000010) 20:06:53 executing program 3: ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428) r0 = syz_open_pts(0xffffffffffffffff, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x541c, &(0x7f0000000000)) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@remote, @in6=@dev}}, {{@in=@private}, 0x0, @in6=@remote}}, &(0x7f0000000140)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in=@empty, @in=@dev}}, {{@in6=@loopback}, 0x0, @in=@empty}}, &(0x7f0000000280)=0xe8) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_WDS_PEER(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2400020}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x38, r1, 0x200, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x80c4}, 0x4040000) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000440)={0x0, @nfc={0x27, 0x1, 0x1, 0x7}, @nfc={0x27, 0x1, 0x1, 0x3}, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x401, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000400)='bridge0\x00', 0x3f, 0x20, 0xfc01}) ioctl$KDGETLED(r0, 0x4b31, &(0x7f00000004c0)) r2 = syz_open_pts(r0, 0x101002) ioctl$KDSKBMODE(r2, 0x4b45, &(0x7f0000000500)=0x1) ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x541c, &(0x7f0000000540)) ioctl$TIOCCBRK(r0, 0x5428) r3 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7) ioctl$KDGETLED(r3, 0x4b31, &(0x7f0000000580)) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000005c0), 0x400, 0x0) ioctl$KDSKBMODE(r4, 0x4b45, &(0x7f0000000600)=0x2) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000640), 0x20300, 0x0) ioctl$KDGETLED(r5, 0x4b31, &(0x7f0000000680)) timer_settime(0x0, 0x1, &(0x7f00000006c0)={{}, {0x0, 0x3938700}}, &(0x7f0000000700)) 20:06:53 executing program 4: syz_usb_connect$cdc_ncm(0x4, 0xb6, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa4, 0x2, 0x1, 0x8, 0x20, 0xf3, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "bccc09930d50"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x0, 0xec01, 0x2}, {0x6, 0x24, 0x1a, 0x1c, 0x8}, [@acm={0x4, 0x24, 0x2, 0x3}, @dmm={0x7, 0x24, 0x14, 0x101, 0x3}, @mdlm={0x15, 0x24, 0x12, 0xcc6c}, @obex={0x5, 0x24, 0x15, 0x4}, @mbim_extended={0x8, 0x24, 0x1c, 0x101, 0x5, 0x76}, @mdlm={0x15, 0x24, 0x12, 0xffff}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x7, 0x2, 0x8}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x3, 0x80, 0x4f}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x4, 0x4}}}}}}}]}}, &(0x7f0000000400)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0x8, 0xf6, 0x6, 0x40, 0x1}, 0x5c, &(0x7f0000000100)={0x5, 0xf, 0x5c, 0x6, [@wireless={0xb, 0x10, 0x1, 0xc, 0x60, 0x7f, 0x5, 0xf67, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0xf9, "9babdd7f3ef8755251e36d69c8acbf04"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x1, 0x5, 0x40}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x6, 0x3f, 0x1000}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x1, 0x0, 0x6}, @ssp_cap={0x1c, 0x10, 0xa, 0x7, 0x4, 0xb5b, 0xf00, 0x7ff, [0x1fe0030, 0xff3ea1, 0xff0000, 0xf]}]}, 0x6, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x44a}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x445}}, {0xa1, &(0x7f0000000200)=@string={0xa1, 0x3, "3e1f56641e791418543ae7152a8f5fe0614364858ddcf75b0748e3fae74d591820453d641d17fd7bd7796707e3b323ac68cca4bf5852513f58ee990b47ff9ace1d66d1108963a05a131eaf96752d5afdb53a96a3874e50ec7aa79957d14d7e388843f5e75c58b22475a5f25a458937c7db1ea3a1dd84fbfd88b7a3c029e1283e781cfa5c60f97232c3a1c866a02d1b08edcf1d6b54775108c3ebebeb0826ce"}}, {0xa1, &(0x7f00000002c0)=@string={0xa1, 0x3, "8f1cf4e9341327f3a62bf9c210101673ad8d793415be959490dd025f3ce0a954f5d83b18c6277f34e13f29b2f6cc0c6f79f4a68b44dcf8893ea447f5e20aa1c451ca72055a81a384f96caa82b118656da010e5520019cdeda45c941d4bec0f9cb07decd109d101ccd8d34fbbcf160d945018fae87564698b6f47fdffc3c0bbffa750b5eff0db09df82e1c3243017edefefbd22dacd884a664ddc4ebc4d161f"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x429}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x240a}}]}) syz_usb_connect$cdc_ncm(0x2, 0xd0, &(0x7f0000000480)={{0x12, 0x1, 0x101, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbe, 0x2, 0x1, 0x5, 0x38, 0x1f, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "3c98"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x3f90, 0x7, 0x4}, {0x6, 0x24, 0x1a, 0xfff8, 0x9}, [@mdlm={0x15, 0x24, 0x12, 0x3}, @acm={0x4, 0x24, 0x2, 0x2}, @mdlm={0x15, 0x24, 0x12, 0x80}, @mdlm={0x15, 0x24, 0x12, 0x69a0}, @mbim_extended={0x8, 0x24, 0x1c, 0x2, 0x9, 0x8}, @mdlm={0x15, 0x24, 0x12, 0x200}]}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x1, 0x4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0x20, 0x81, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x5, 0xff}}}}}}}]}}, &(0x7f0000000a80)={0xa, &(0x7f0000000580)={0xa, 0x6, 0x250, 0xc1, 0x7e, 0x0, 0x10, 0x26}, 0xc6, &(0x7f00000005c0)={0x5, 0xf, 0xc6, 0x4, [@ss_container_id={0x14, 0x10, 0x4, 0x20, "a5826c737d0c259bccd77e0a7cab3d0f"}, @generic={0x7d, 0x10, 0xb, "2d97fc28c91cae64f9b978b5d13cc5e92979842503987eb1457cc9600b078fbe868ed8434ad4d6660946fd9a3aee09e356730d5e744fc4dea280a3f86d78fe3d6c8c441e73a87aa9df6e137e32da3f7d5277f543c80f3d402a7f5972d1daa5fd55683690aac96e54e18443238ffb82695e39f5115ba8b16543ad"}, @ssp_cap={0x1c, 0x10, 0xa, 0xe7, 0x4, 0x5, 0xf000, 0x7, [0xf0, 0xff0f, 0xc060, 0xff003f]}, @ss_container_id={0x14, 0x10, 0x4, 0x7f, "76254b78496cc2d32b35926a3c870215"}]}, 0x9, [{0xe5, &(0x7f00000006c0)=@string={0xe5, 0x3, "7a176434f22714f43e3b8a8ba076b3c7bff46ee536ad57f3dc86ec610ced49e287ed04d3fc3045bcdea9ccbf2cb4a74b5452ad4effcb8d943816772ad47ccbd2f0c2dc3c0385503ea4b35bb741cb490bb4d28658b641c16ce24bb9d9c99fde8d0e7ed2f054da0975fa11deffecbb86a00226ba96a1965d23bdbb42380ee19640c4715bc9d319835e585f1be9ee541ca98f953fc51dd60b86e1086ceafeba3c84fb6b41f64e4903e3f5aff4f8b06ea5343e17d504237179bc7221cfc84430b562e6fdcf225782632a0db79c6dfc9e9cea47e764d92be8791911fdc079c8e9f036196d5a"}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x140a}}, {0x4, &(0x7f0000000800)=@lang_id={0x4, 0x3, 0x404}}, {0x4, &(0x7f0000000840)=@lang_id={0x4, 0x3, 0x843}}, {0x5d, &(0x7f0000000880)=@string={0x5d, 0x3, "5245f1c51c57a68365f9d82ac1770bef997eb1790f977b1039deeb74afcb1191d8ae72e1865b908eb2d58294cf2e378cf50057bb5a3d984aae16308e9e971a9d87a5f8b3257a5dbcf7732ef2af574315a1e8f07525da6523e82b7d"}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x438}}, {0x4, &(0x7f0000000940)=@lang_id={0x4, 0x3, 0x418}}, {0x83, &(0x7f0000000980)=@string={0x83, 0x3, "1e84988858ffd2f637dbb6d79b81544e93812acb4ea4e916350bc506bf3848e6122684c8c3d1f694706e830f45312fdc5f80f9934d24cd45c72a0703e403a4bf56ae7e4f806b276a4780a36e14bb9f2eb81661288a347503e69a77072713454df0d22f43fb74c69a99ebf391c73e763906a64d9db21fd75ad892fba38f153f6e96"}}, {0x4, &(0x7f0000000a40)=@lang_id={0x4, 0x3, 0x813}}]}) r0 = syz_open_dev$evdev(&(0x7f0000000b40), 0x1, 0x88040) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000b80)=0x3) get_thread_area(&(0x7f0000000bc0)={0x4, 0x20000000, 0x1000, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1}) getpgrp(0xffffffffffffffff) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000c00)=""/137) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f0000000cc0)=""/9) r1 = syz_open_dev$evdev(&(0x7f0000000d00), 0xfdc6, 0x208042) ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f0000000d40)=""/190) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x50, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x2}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0xf9}, @NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [{0x8}]}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x101}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x4048080) ioctl$EVIOCGABS3F(r1, 0x8018457f, &(0x7f0000000f40)=""/65) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000001080)={0x11, 0x83, &(0x7f0000000fc0)="d32f8bdd820ff4384ffd15695178b3fa33e73974bacc3c85e28fa3fbe3792bcae55b3f187b83de98f29a11470ffd577fa1deecd5b4993a99c76bb283cbb5a0e285a1065db44218cc7fb02ba9434f015dafd8cfeb1f417e6266f06e5a994840edd886008540204759710877d1db265031240eb29c832d7e0abf4555e683b1b42dbd61df"}) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f00000010c0), 0x40400, 0x0) ioctl$EVIOCGBITSW(r2, 0x80404525, &(0x7f0000001100)=""/103) r3 = syz_open_dev$evdev(&(0x7f0000001180), 0xef20, 0x2400) ioctl$EVIOCGEFFECTS(r3, 0x80044584, &(0x7f00000011c0)=""/141) r4 = syz_open_dev$evdev(&(0x7f0000001280), 0x20, 0x381441) ioctl$EVIOCGABS2F(r4, 0x8018456f, &(0x7f00000012c0)=""/199) ioctl$EVIOCSCLOCKID(r3, 0x400445a0, &(0x7f00000013c0)) [ 87.201178] audit: type=1400 audit(1738008413.861:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 20:06:53 executing program 5: ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, &(0x7f0000000000)=""/230) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$EVIOCGABS2F(r0, 0x8018456f, &(0x7f0000000140)=""/131) ioctl$EVIOCREVOKE(r0, 0x40044591, &(0x7f0000000200)=0x15) r1 = syz_open_dev$evdev(&(0x7f0000000240), 0x5, 0x40040) ioctl$EVIOCGVERSION(r1, 0x80044501, &(0x7f0000000280)=""/222) ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000380)=""/190) ioctl$EVIOCGABS2F(r1, 0x8018456f, &(0x7f0000000440)=""/19) ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f00000004c0)={0x1, 0x0, &(0x7f0000000480)}) ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000500)=0x100) ioctl$EVIOCGABS2F(r0, 0x8018456f, &(0x7f0000000540)=""/71) ioctl$EVIOCGBITSND(r0, 0x80404532, &(0x7f00000005c0)=""/4096) r2 = syz_open_dev$evdev(&(0x7f00000015c0), 0xdabb, 0x199000) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000001600)=""/63) r3 = syz_open_dev$evdev(&(0x7f0000001640), 0xffffffff, 0x400800) ioctl$EVIOCSREP(r3, 0x40084503, &(0x7f0000001680)=[0xe9, 0xdc5]) ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f00000016c0)=""/93) r4 = syz_open_dev$evdev(&(0x7f0000001740), 0x8, 0x2000) ioctl$EVIOCGVERSION(r4, 0x80044501, &(0x7f0000001780)=""/120) socket$netlink(0x10, 0x3, 0x5) 20:06:53 executing program 7: setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000000)=0x2, 0x4) r0 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$smc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r1, 0x208, 0x70bd25, 0x25dfdbfd, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x4000080) ioctl$EVIOCSABS3F(0xffffffffffffffff, 0x401845ff, &(0x7f00000001c0)={0x4, 0x96, 0x81, 0x3, 0x8, 0x80000000}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x0, 0x1, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xfffffffc, 0x4c}}}}, [@NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, @random=0x9a3}]}, 0x30}, 0x1, 0x0, 0x0, 0x4084c}, 0x805) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f0000000340)=0x775) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x48, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x3, 0x4}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "fd21f13b545f2ec511b41b0c8a"}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x40047}, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000500)=0xccc) ioctl$sock_inet6_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000540)) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$GTP_CMD_GETPDP(r4, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x50, r0, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_TID={0xc, 0x3, 0x2}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast1}, @GTPA_VERSION={0x8, 0x2, 0x4}, @GTPA_FLOW={0x6}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_O_TEI={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x4800}, 0x4008005) syz_genetlink_get_family_id$devlink(&(0x7f00000006c0), r4) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), r4) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r4, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x68, r5, 0x200, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x9c13, 0x30}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x40}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x33}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x30}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x18}]}, 0x68}, 0x1, 0x0, 0x0, 0x4804}, 0x20040000) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_FLUSH(r6, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x20, r1, 0x20, 0x70bd26, 0x25dfdbff, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x10000}, 0x800) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r4, &(0x7f0000000ac0)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x48, r5, 0x200, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x16}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PMKID={0x14, 0x55, "e5ad1ac8c0e7060a943a8fd7852ad2ff"}]}, 0x48}, 0x1, 0x0, 0x0, 0x20004000}, 0x28000) 20:06:53 executing program 6: sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x80, 0x0, 0x20, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x15, 0x13, [{0x4}, {0x9, 0x1}, {0x12}, {0x0, 0x1}, {0x12}, {0xb}, {0x36}, {0x3, 0x1}, {0xc, 0x1}, {0x12, 0x1}, {0x6c, 0x1}, {0x12, 0x1}, {0x30}, {0x30, 0x1}, {0xc, 0x1}, {0x16}, {0x2}]}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0xfff}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x7a9}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x6}, @NL80211_ATTR_STA_CAPABILITY={0x6}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x7, 0xfffffeff}}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0xffff}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x5}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x3}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5}]}, 0x80}}, 0x40000) getsockname(0xffffffffffffffff, &(0x7f0000000140)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, &(0x7f00000001c0)=0x80) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x68, 0x0, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x80000001, 0x55}}}}, [@NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x1}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x12bd}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x1}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x175}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x2b}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x1}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0xa92}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x1}]}, 0x68}}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000380)={0x51, 0x101, 0x2, {0x2}, {0x7f, 0x8001}, @period={0x59, 0x7, 0x0, 0x2, 0x7, {0x2, 0x0, 0x400, 0x800}, 0x1, &(0x7f0000000340)=[0xf738]}}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_int(r1, &(0x7f0000000400)='blkio.throttle.read_bps_device\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f0000000440), 0x5, 0x200000) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, &(0x7f0000000480)=""/49) ioctl$EVIOCSABS3F(0xffffffffffffffff, 0x401845ff, &(0x7f00000004c0)={0x4, 0x200, 0x1, 0x3, 0x9, 0x7ff}) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000005c0)={'vcan0\x00'}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x24, 0x0, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x14d111f2532d1044}, 0x40000) ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000700)=""/131) r3 = accept(r2, &(0x7f0000000880)=@vsock={0x28, 0x0, 0x0, @hyper}, &(0x7f0000000900)=0x80) bind$bt_hci(r3, &(0x7f0000000940)={0x1f, 0x2, 0x1}, 0x6) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40044581, &(0x7f0000000980)=0x1) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f00000009c0), 0x2, 0x0) ioctl$EVIOCGPHYS(r4, 0x80404507, &(0x7f0000000a00)=""/68) ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000ac0)=""/4096) [ 88.647562] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.649924] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.654097] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.656362] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.658927] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.659900] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.666813] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.666934] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.671957] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 88.674139] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.683637] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 88.688689] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.721912] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.724150] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.726364] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.735944] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.743712] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 88.747678] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.763182] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.763748] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.776143] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.778385] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.780055] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.781781] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.785992] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 88.794593] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 88.800574] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 88.806113] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.808677] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.813914] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 88.817720] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 88.820495] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 88.821902] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 88.824438] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.825937] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 88.828139] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 88.829954] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 88.832198] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.836727] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 88.841908] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 88.852414] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 88.854907] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 88.856592] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 88.863070] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 88.871902] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 88.871916] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 88.916465] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 88.925807] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 90.731768] Bluetooth: hci1: command tx timeout [ 90.793428] Bluetooth: hci4: command tx timeout [ 90.794685] Bluetooth: hci0: command tx timeout [ 90.922082] Bluetooth: hci2: command tx timeout [ 90.923502] Bluetooth: hci6: command tx timeout [ 90.923715] Bluetooth: hci3: command tx timeout [ 90.987281] Bluetooth: hci5: command tx timeout [ 90.987388] Bluetooth: hci7: command tx timeout [ 92.778968] Bluetooth: hci1: command tx timeout [ 92.841490] Bluetooth: hci0: command tx timeout [ 92.841847] Bluetooth: hci4: command tx timeout [ 92.969339] Bluetooth: hci6: command tx timeout [ 92.970384] Bluetooth: hci3: command tx timeout [ 92.970504] Bluetooth: hci2: command tx timeout [ 93.033594] Bluetooth: hci5: command tx timeout [ 93.033685] Bluetooth: hci7: command tx timeout [ 94.827293] Bluetooth: hci1: command tx timeout [ 94.889446] Bluetooth: hci4: command tx timeout [ 94.890385] Bluetooth: hci0: command tx timeout [ 95.017561] Bluetooth: hci3: command tx timeout [ 95.017594] Bluetooth: hci2: command tx timeout [ 95.018052] Bluetooth: hci6: command tx timeout [ 95.081384] Bluetooth: hci5: command tx timeout [ 95.081886] Bluetooth: hci7: command tx timeout [ 96.874355] Bluetooth: hci1: command tx timeout [ 96.939260] Bluetooth: hci0: command tx timeout [ 96.939737] Bluetooth: hci4: command tx timeout [ 97.065597] Bluetooth: hci6: command tx timeout [ 97.066196] Bluetooth: hci2: command tx timeout [ 97.066617] Bluetooth: hci3: command tx timeout [ 97.129437] Bluetooth: hci5: command tx timeout [ 97.129514] Bluetooth: hci7: command tx timeout [ 151.870237] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 151.887151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 151.892239] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 151.907741] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 151.912856] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 151.915105] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 152.052097] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 152.057863] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 152.059098] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 152.062185] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 152.063948] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 152.065412] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 152.070923] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 152.074688] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 152.076427] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 152.078050] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 152.081998] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 152.083725] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 152.194747] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 152.201368] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 152.206747] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 152.211391] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 152.212742] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 152.217919] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 152.220171] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 152.225383] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 152.229502] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 152.231696] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 152.260338] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 152.266869] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 152.268401] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 152.283653] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 152.306764] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 152.339365] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 152.340141] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 152.357811] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 152.362633] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 152.364685] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 152.376725] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 152.382069] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 152.386928] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 152.388714] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 152.397853] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 152.398785] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 152.399836] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 152.410428] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 152.424836] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 152.426693] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 153.962369] Bluetooth: hci0: command tx timeout [ 154.153315] Bluetooth: hci2: command tx timeout [ 154.154295] Bluetooth: hci1: command tx timeout [ 154.281452] Bluetooth: hci4: command tx timeout [ 154.409416] Bluetooth: hci3: command tx timeout [ 154.473344] Bluetooth: hci7: command tx timeout [ 154.474715] Bluetooth: hci5: command tx timeout [ 154.537343] Bluetooth: hci6: command tx timeout [ 156.010268] Bluetooth: hci0: command tx timeout [ 156.201329] Bluetooth: hci1: command tx timeout [ 156.201911] Bluetooth: hci2: command tx timeout [ 156.329396] Bluetooth: hci4: command tx timeout [ 156.458254] Bluetooth: hci3: command tx timeout [ 156.521354] Bluetooth: hci5: command tx timeout [ 156.521820] Bluetooth: hci7: command tx timeout [ 156.585349] Bluetooth: hci6: command tx timeout [ 158.058312] Bluetooth: hci0: command tx timeout [ 158.249398] Bluetooth: hci2: command tx timeout [ 158.250415] Bluetooth: hci1: command tx timeout [ 158.377431] Bluetooth: hci4: command tx timeout [ 158.505358] Bluetooth: hci3: command tx timeout [ 158.569421] Bluetooth: hci7: command tx timeout [ 158.570939] Bluetooth: hci5: command tx timeout [ 158.633437] Bluetooth: hci6: command tx timeout [ 160.105336] Bluetooth: hci0: command tx timeout [ 160.297331] Bluetooth: hci1: command tx timeout [ 160.297975] Bluetooth: hci2: command tx timeout [ 160.425514] Bluetooth: hci4: command tx timeout [ 160.553301] Bluetooth: hci3: command tx timeout [ 160.617310] Bluetooth: hci5: command tx timeout [ 160.617799] Bluetooth: hci7: command tx timeout [ 160.681302] Bluetooth: hci6: command tx timeout [ 213.825729] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 213.828335] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 213.832672] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 213.835495] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 213.837009] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 213.843079] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 213.844628] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 213.848127] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 213.849438] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 213.851768] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 213.853668] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 213.855448] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 213.900894] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 213.907828] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 213.926748] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 213.936877] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 213.938631] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 213.939600] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 213.941939] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 213.943620] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 213.944695] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 213.945661] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 213.960627] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 213.962857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 214.021708] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 214.055524] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 214.065867] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 214.115551] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 214.136040] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 214.179526] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 214.207681] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 214.212591] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 214.213693] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 214.219035] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 214.220922] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 214.235259] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 214.252468] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 214.263523] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 214.292500] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 214.320792] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 214.329453] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 214.332390] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 214.333467] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 214.337733] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 214.341140] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 214.342374] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 214.348293] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 214.352623] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 215.913314] Bluetooth: hci1: command tx timeout [ 215.913464] Bluetooth: hci0: command tx timeout [ 215.977348] Bluetooth: hci3: command tx timeout [ 216.041470] Bluetooth: hci2: command tx timeout [ 216.297369] Bluetooth: hci6: command tx timeout [ 216.297421] Bluetooth: hci4: command tx timeout [ 216.425467] Bluetooth: hci7: command tx timeout [ 216.489311] Bluetooth: hci5: command tx timeout [ 217.961290] Bluetooth: hci0: command tx timeout [ 217.962357] Bluetooth: hci1: command tx timeout [ 218.025323] Bluetooth: hci3: command tx timeout [ 218.089419] Bluetooth: hci2: command tx timeout [ 218.345379] Bluetooth: hci6: command tx timeout [ 218.346548] Bluetooth: hci4: command tx timeout [ 218.475299] Bluetooth: hci7: command tx timeout [ 218.539228] Bluetooth: hci5: command tx timeout [ 220.011155] Bluetooth: hci1: command tx timeout [ 220.011988] Bluetooth: hci0: command tx timeout [ 220.073277] Bluetooth: hci3: command tx timeout [ 220.138308] Bluetooth: hci2: command tx timeout [ 220.393274] Bluetooth: hci4: command tx timeout [ 220.393330] Bluetooth: hci6: command tx timeout [ 220.523506] Bluetooth: hci7: command tx timeout [ 220.585365] Bluetooth: hci5: command tx timeout [ 222.057748] Bluetooth: hci0: command tx timeout [ 222.057829] Bluetooth: hci1: command tx timeout [ 222.122247] Bluetooth: hci3: command tx timeout [ 222.186462] Bluetooth: hci2: command tx timeout [ 222.441328] Bluetooth: hci4: command tx timeout [ 222.441537] Bluetooth: hci6: command tx timeout [ 222.569297] Bluetooth: hci7: command tx timeout [ 222.633393] Bluetooth: hci5: command tx timeout [ 271.629872] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.630572] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.928317] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.929040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.081944] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.083407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.170126] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.170817] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.256898] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.257674] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.280807] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.281694] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.328060] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.328765] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.431013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.431691] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.506568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.507650] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.643488] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.644133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.846610] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.847325] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.059254] [ 273.059497] ====================================================== [ 273.060007] WARNING: possible circular locking dependency detected [ 273.060523] 6.13.0-next-20250124 #1 Not tainted [ 273.060915] ------------------------------------------------------ [ 273.061922] kworker/u8:0/11 is trying to acquire lock: [ 273.063101] ffffffff8621d8e8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 273.064975] [ 273.064975] but task is already holding lock: [ 273.066296] ffff888027dc0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 273.068217] [ 273.068217] which lock already depends on the new lock. [ 273.068217] [ 273.069825] [ 273.069825] the existing dependency chain (in reverse order) is: [ 273.070435] [ 273.070435] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 273.071005] __mutex_lock+0x13d/0xb50 [ 273.071416] wiphy_register+0x1b2e/0x25d0 [ 273.071844] ieee80211_register_hw+0x23a4/0x3d60 [ 273.072310] mac80211_hwsim_new_radio+0x2759/0x4d60 [ 273.072803] init_mac80211_hwsim+0x389/0x870 [ 273.073256] do_one_initcall+0xf9/0x640 [ 273.073675] kernel_init_freeable+0x53d/0x7a0 [ 273.074134] kernel_init+0x1e/0x2d0 [ 273.074509] ret_from_fork+0x48/0x80 [ 273.074889] ret_from_fork_asm+0x1a/0x30 [ 273.075323] [ 273.075323] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 273.075849] __lock_acquire+0x29fd/0x4580 [ 273.076268] lock_acquire+0x19b/0x520 [ 273.076654] __mutex_lock+0x13d/0xb50 [ 273.077052] unregister_netdevice_many_notify+0x1612/0x1c80 [ 273.077585] unregister_netdevice_queue+0x224/0x2e0 [ 273.078060] _cfg80211_unregister_wdev+0x57b/0x700 [ 273.078544] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 273.079026] ieee80211_unregister_hw+0x55/0x3a0 [ 273.079489] hwsim_exit_net+0x3a0/0x730 [ 273.079891] ops_exit_list+0xb3/0x180 [ 273.080278] cleanup_net+0x546/0xad0 [ 273.080665] process_one_work+0x8ee/0x1a10 [ 273.081117] worker_thread+0x674/0xe70 [ 273.081533] kthread+0x3ab/0x720 [ 273.081901] ret_from_fork+0x48/0x80 [ 273.082273] ret_from_fork_asm+0x1a/0x30 [ 273.082697] [ 273.082697] other info that might help us debug this: [ 273.082697] [ 273.083346] Possible unsafe locking scenario: [ 273.083346] [ 273.083832] CPU0 CPU1 [ 273.084218] ---- ---- [ 273.084602] lock(&rdev->wiphy.mtx); [ 273.084943] lock(rtnl_mutex); [ 273.085435] lock(&rdev->wiphy.mtx); [ 273.085964] lock(rtnl_mutex); [ 273.086267] [ 273.086267] *** DEADLOCK *** [ 273.086267] [ 273.086756] 4 locks held by kworker/u8:0/11: [ 273.087128] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 273.088009] #1: ffff8880095dfd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 273.088846] #2: ffffffff86211910 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 273.089621] #3: ffff888027dc0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 273.090497] [ 273.090497] stack backtrace: [ 273.090867] CPU: 1 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-next-20250124 #1 [ 273.090904] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 273.090927] Workqueue: netns cleanup_net [ 273.090968] Call Trace: [ 273.090978] [ 273.090989] dump_stack_lvl+0xca/0x120 [ 273.091049] print_circular_bug+0x47b/0x750 [ 273.091095] check_noncircular+0x2e9/0x3c0 [ 273.091138] ? __pfx_check_noncircular+0x10/0x10 [ 273.091188] ? hlock_class+0x4e/0x130 [ 273.091218] ? srso_return_thunk+0x5/0x5f [ 273.091274] ? mark_lock+0xac/0xed0 [ 273.091314] ? srso_return_thunk+0x5/0x5f [ 273.091371] ? lockdep_lock+0xba/0x1b0 [ 273.091429] ? __pfx_lockdep_lock+0x10/0x10 [ 273.091492] __lock_acquire+0x29fd/0x4580 [ 273.091545] ? __pfx___lock_acquire+0x10/0x10 [ 273.091589] ? lock_release+0x20f/0x6f0 [ 273.091633] ? __pfx_lock_release+0x10/0x10 [ 273.091676] ? srso_return_thunk+0x5/0x5f [ 273.091736] lock_acquire+0x19b/0x520 [ 273.091779] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 273.091828] ? __pfx_lock_acquire+0x10/0x10 [ 273.091873] ? __pfx_lock_release+0x10/0x10 [ 273.091916] ? __pfx_try_to_wake_up+0x10/0x10 [ 273.091959] ? srso_return_thunk+0x5/0x5f [ 273.092014] ? lock_is_held_type+0x9e/0x120 [ 273.092069] ? srso_return_thunk+0x5/0x5f [ 273.092128] __mutex_lock+0x13d/0xb50 [ 273.092180] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 273.092225] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 273.092271] ? srso_return_thunk+0x5/0x5f [ 273.092326] ? synchronize_rcu_expedited+0x38a/0x420 [ 273.092371] ? __pfx___mutex_lock+0x10/0x10 [ 273.092425] ? srso_return_thunk+0x5/0x5f [ 273.092482] ? srso_return_thunk+0x5/0x5f [ 273.092537] ? kasan_quarantine_put+0x84/0x1e0 [ 273.092598] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 273.092633] ? srso_return_thunk+0x5/0x5f [ 273.092693] unregister_netdevice_many_notify+0x1612/0x1c80 [ 273.092742] ? lock_release+0x20f/0x6f0 [ 273.092787] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 273.092835] ? srso_return_thunk+0x5/0x5f [ 273.092893] ? srso_return_thunk+0x5/0x5f [ 273.092948] ? wake_up_q+0x9e/0x140 [ 273.092989] ? srso_return_thunk+0x5/0x5f [ 273.093044] ? rwsem_wake.isra.0+0xc3/0x110 [ 273.093095] ? __pfx_rwsem_wake.isra.0+0x10/0x10 [ 273.093146] ? srso_return_thunk+0x5/0x5f [ 273.093207] unregister_netdevice_queue+0x224/0x2e0 [ 273.093250] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 273.093294] ? up_write+0x208/0x520 [ 273.093348] _cfg80211_unregister_wdev+0x57b/0x700 [ 273.093400] ? srso_return_thunk+0x5/0x5f [ 273.093459] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 273.093498] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 273.093536] ? srso_return_thunk+0x5/0x5f [ 273.093591] ? srso_return_thunk+0x5/0x5f [ 273.093646] ? synchronize_rcu+0x1ff/0x260 [ 273.093689] ieee80211_unregister_hw+0x55/0x3a0 [ 273.093733] hwsim_exit_net+0x3a0/0x730 [ 273.093776] ? __pfx_hwsim_exit_net+0x10/0x10 [ 273.093816] ? srso_return_thunk+0x5/0x5f [ 273.093871] ? netdev_run_todo+0x788/0x1040 [ 273.093921] ? __pfx_hwsim_exit_net+0x10/0x10 [ 273.093963] ops_exit_list+0xb3/0x180 [ 273.094006] cleanup_net+0x546/0xad0 [ 273.094050] ? __pfx_cleanup_net+0x10/0x10 [ 273.094104] process_one_work+0x8ee/0x1a10 [ 273.094169] ? __pfx_lock_acquire+0x10/0x10 [ 273.094214] ? __pfx_process_one_work+0x10/0x10 [ 273.094272] ? srso_return_thunk+0x5/0x5f [ 273.094327] ? move_linked_works+0x172/0x270 [ 273.094372] ? srso_return_thunk+0x5/0x5f [ 273.094427] ? assign_work+0x196/0x240 [ 273.094484] worker_thread+0x674/0xe70 [ 273.094542] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 273.094595] ? __pfx_worker_thread+0x10/0x10 [ 273.094654] kthread+0x3ab/0x720 [ 273.094706] ? __pfx_kthread+0x10/0x10 [ 273.094758] ? srso_return_thunk+0x5/0x5f [ 273.094813] ? finish_task_switch.isra.0+0x206/0x840 [ 273.094864] ? __pfx_kthread+0x10/0x10 [ 273.094918] ret_from_fork+0x48/0x80 [ 273.094949] ? __pfx_kthread+0x10/0x10 [ 273.095002] ret_from_fork_asm+0x1a/0x30 [ 273.095068] [ 273.105266] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht' [ 275.119574] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 275.126306] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 275.129084] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 275.132868] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 275.134591] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 275.135658] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 275.142061] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 275.150993] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 275.153463] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 275.158043] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 275.160901] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 275.165637] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 275.375110] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 275.377121] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 275.379833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 275.382727] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 275.384399] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 275.386119] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 275.507777] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 275.510380] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 275.512661] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 275.516520] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 275.518052] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 275.520685] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 275.524264] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 275.527659] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 275.529932] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 275.531861] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 275.535434] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 275.540834] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 275.641531] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 275.653761] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 275.663970] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 275.668384] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 275.671596] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 275.675342] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 275.677612] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 275.680493] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 275.682482] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 275.701794] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 275.706342] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 275.707963] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 277.161387] Bluetooth: hci0: command tx timeout [ 277.225369] Bluetooth: hci1: command tx timeout [ 277.417387] Bluetooth: hci2: command tx timeout [ 277.609287] Bluetooth: hci5: command tx timeout [ 277.609320] Bluetooth: hci4: command tx timeout [ 277.737383] Bluetooth: hci7: command tx timeout [ 277.737423] Bluetooth: hci3: command tx timeout [ 279.209515] Bluetooth: hci0: command tx timeout [ 279.273352] Bluetooth: hci1: command tx timeout [ 279.465299] Bluetooth: hci2: command tx timeout [ 279.657327] Bluetooth: hci5: command tx timeout [ 279.657369] Bluetooth: hci4: command tx timeout [ 279.785509] Bluetooth: hci3: command tx timeout [ 279.785597] Bluetooth: hci7: command tx timeout [ 281.257398] Bluetooth: hci0: command tx timeout [ 281.321408] Bluetooth: hci1: command tx timeout [ 281.513496] Bluetooth: hci2: command tx timeout [ 281.705288] Bluetooth: hci4: command tx timeout [ 281.706318] Bluetooth: hci5: command tx timeout [ 281.833374] Bluetooth: hci7: command tx timeout [ 281.834362] Bluetooth: hci3: command tx timeout VM DIAGNOSIS: 20:09:59 Registers: info registers vcpu 0 RAX=fe25ac1adfba5d00 RBX=ffff8880334b5640 RCX=ffffffff83d4820d RDX=ffff8880336dd340 RSI=ffff8880334b5640 RDI=ffff888032deb000 RBP=dffffc0000000000 RSP=ffff88801321f8f8 R8 =0000000000000001 R9 =ffffed10034cdac2 R10=0000000000000112 R11=0000000000000000 R12=0000000000000002 R13=ffff8880334b5640 R14=0000000000000112 R15=ffff88801321fe58 RIP=ffffffff8220ad87 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f297a1ac8c0 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005560d129bcb0 CR3=000000002a11a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffff00ffffffffffffffff XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=525f4b434f4c425f57485f4c4c494b46 XMM05=006e616c773d455059545f4c4c494b46 XMM06=4b4652006c6c696b66723d4d45545359 XMM07=7968702f3131323038656565692f3231 XMM08=3a56000a73253a51000a73253a47000a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283f165 RDI=ffffffff886970a0 RBP=ffffffff88697060 RSP=ffff8880095ded20 R8 =0000000000000000 R9 =ffffed1001c53046 R10=0000000000000065 R11=6f6c206863696877 R12=0000000000000065 R13=0000000000000010 R14=ffffffff88697060 R15=ffffffff8283f150 RIP=ffffffff8283f1bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000563ce8f2e308 CR3=000000000ca7e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffff00000000 XMM01=0000000000000000000000007269762f XMM02=ffffffffffffffff00000000000000ff XMM03=696e656420737365636341002f737973 XMM04=0000563ce8f07f000000563ce8f08310 XMM05=00000008ffffffff0000563ce8eeb320 XMM06=0000563ce8ef35400000000900000003 XMM07=00000000000000000000000000000000 XMM08=00000000000000410000000000326963 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000