Warning: Permanently added '[localhost]:47016' (ECDSA) to the list of known hosts. 2025/01/28 03:34:54 fuzzer started 2025/01/28 03:34:54 dialing manager at localhost:40883 syzkaller login: [ 69.146205] cgroup: Unknown subsys name 'net' [ 69.235900] cgroup: Unknown subsys name 'cpuset' [ 69.265443] cgroup: Unknown subsys name 'rlimit' [ 76.047383] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/28 03:35:12 syscalls: 202 2025/01/28 03:35:12 code coverage: enabled 2025/01/28 03:35:12 comparison tracing: enabled 2025/01/28 03:35:12 extra coverage: enabled 2025/01/28 03:35:12 setuid sandbox: enabled 2025/01/28 03:35:12 namespace sandbox: enabled 2025/01/28 03:35:12 Android sandbox: enabled 2025/01/28 03:35:12 fault injection: enabled 2025/01/28 03:35:12 leak checking: enabled 2025/01/28 03:35:12 net packet injection: enabled 2025/01/28 03:35:12 net device setup: enabled 2025/01/28 03:35:12 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/28 03:35:12 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/28 03:35:12 USB emulation: enabled 2025/01/28 03:35:12 hci packet injection: enabled 2025/01/28 03:35:12 wifi device emulation: enabled 2025/01/28 03:35:12 802.15.4 emulation: enabled 2025/01/28 03:35:12 fetching corpus: 0, signal 0/0 (executing program) 2025/01/28 03:35:13 starting 8 fuzzer processes 03:35:13 executing program 0: getitimer(0x2, &(0x7f0000000000)) r0 = getgid() getsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000040), &(0x7f0000000080)=0x4) sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x68, 0x0, 0x10, 0x70bd26, 0x25dfdbfb, {{}, {}, {0x4c, 0x18, {0xffff, @link='syz1\x00'}}}, ["", "", "", "", "", "", ""]}, 0x68}}, 0x800) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x400) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r1, 0xc0a85322, &(0x7f0000000240)) setsockopt$WPAN_SECURITY(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000300), 0x4) r2 = geteuid() r3 = getgid() getgroups(0x2, &(0x7f00000003c0)=[r0, r0]) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000400)={{0x3, r2, r3, 0xffffffffffffffff, r4, 0x40, 0x20}, 0x8, 0xff, 0x0, 0x0, 0x0, 0x0, 0x800}) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000480)=""/4096) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001480), 0x8980, 0x0) write$cgroup_freezer_state(r5, &(0x7f00000014c0)='FROZEN\x00', 0x7) r6 = fsmount(0xffffffffffffffff, 0x0, 0x8) semctl$SEM_INFO(0xffffffffffffffff, 0x1, 0x13, &(0x7f0000001500)=""/181) wait4(0xffffffffffffffff, &(0x7f00000015c0), 0x40000000, 0x0) r7 = accept4(r6, &(0x7f0000001600)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000001680)=0x80, 0x80000) sendmsg$TIPC_CMD_DISABLE_BEARER(r7, &(0x7f0000001780)={&(0x7f00000016c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001740)={&(0x7f0000001700)={0x2c, 0x0, 0xd09, 0x70bd2b, 0x25dfdbfb, {{}, {}, {0x10, 0x13, @udp='udp:syz0\x00'}}, ["", "", "", "", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10004800) 03:35:13 executing program 3: r0 = semget$private(0x0, 0x0, 0xa6) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f0000000000)=""/95) r1 = semget(0x2, 0x3, 0x0) semctl$SEM_INFO(r1, 0x0, 0x13, &(0x7f0000000080)=""/214) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000180)={{0x0, 0xee01, 0xee01, 0xee01, 0xee01, 0x56, 0xff4e}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1f}) semctl$GETVAL(r0, 0x3, 0xc, &(0x7f0000000200)=""/44) semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000240)=""/56) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x0}) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f00000002c0)=""/126) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000340)=""/15) semop(r1, &(0x7f0000000380)=[{0x4}, {0x0, 0x1ff, 0x1000}, {0x0, 0x7, 0x1800}, {0x0, 0x3f, 0x1000}, {0x2, 0x9}, {0x1, 0x81, 0x1800}, {0x3, 0x7f, 0x3000}, {0x3, 0x4, 0x800}, {0x0, 0x0, 0x1000}], 0x9) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f00000003c0)=""/4096) semctl$GETNCNT(r1, 0x2, 0xe, &(0x7f00000013c0)=""/218) r2 = semget(0x3, 0x2, 0x482) semctl$GETNCNT(r0, 0x0, 0xe, &(0x7f00000014c0)=""/96) semctl$GETALL(r2, 0x0, 0xd, &(0x7f0000001540)=""/193) r3 = geteuid() r4 = getgid() semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000001640)={{0x2, r3, 0xffffffffffffffff, 0xee01, r4, 0x189, 0x1}, 0xc561, 0x1000}) semctl$SEM_INFO(0x0, 0x1, 0x13, &(0x7f00000016c0)=""/4096) 03:35:13 executing program 1: remap_file_pages(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2, 0xffffffffffffff81, 0x100) shmget(0x0, 0x4000, 0x400, &(0x7f0000ffb000/0x4000)=nil) r0 = accept4(0xffffffffffffffff, &(0x7f0000000000)=@sco={0x1f, @fixed}, &(0x7f0000000080)=0x80, 0x800) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f00000000c0), &(0x7f0000000100)) sendmsg$NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xaa048}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4) connect$bt_sco(r0, &(0x7f0000000240)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) connect$bt_sco(r0, &(0x7f0000000280)={0x1f, @none}, 0x8) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f00000002c0)=0x1, 0x4) select(0x40, &(0x7f0000000300)={0x80000001, 0x7fff, 0x2, 0x9, 0x6, 0x6, 0x80000001, 0x4}, &(0x7f0000000340)={0x3ff, 0x81, 0x80000000, 0x10001, 0x100000000, 0xf70d, 0x7fff, 0x5}, &(0x7f0000000380)={0xfffffffffffffff8, 0x1, 0xff, 0x400, 0x5, 0x100000001, 0x100000001, 0x80000001}, &(0x7f00000003c0)) pipe2(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) bind$bt_sco(r1, &(0x7f0000000440)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) pselect6(0x40, &(0x7f0000000480)={0xfffffffffffffff8, 0x8, 0x1, 0x101, 0x0, 0xffff, 0xffffffffffffc0a5}, &(0x7f00000004c0)={0x2, 0x6c8, 0x21, 0x9, 0x24, 0x80, 0x4, 0xfffffffffffff62f}, &(0x7f0000000500)={0x2, 0x1, 0x2938000000, 0x8000800, 0x1, 0x3, 0x2, 0x7}, &(0x7f0000000540)={0x77359400}, &(0x7f00000005c0)={&(0x7f0000000580)={[0xfffffffffffffff9]}, 0x8}) mlock(&(0x7f0000fff000/0x1000)=nil, 0x1000) connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000600)={0x24, @short={0x2, 0xffff, 0xaaa2}}, 0x14) semctl$SEM_STAT(0x0, 0x3, 0x12, &(0x7f0000000640)=""/105) bind$802154_dgram(r0, &(0x7f00000006c0)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0302}}}, 0x14) r2 = semget(0x1, 0x1, 0x0) semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f0000000700)={{0x2, 0xffffffffffffffff, 0xffffffffffffffff, 0xee01, 0xee01, 0x13, 0x1}, 0x0, 0x276, 0x0, 0x0, 0x0, 0x0, 0x800}) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) mq_timedreceive(0xffffffffffffffff, &(0x7f0000000800)=""/87, 0x57, 0x1, &(0x7f0000000880)) 03:35:13 executing program 2: r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x210000, 0x0) read$rfkill(r0, &(0x7f0000000040), 0x8) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000003, 0x401d130, r0, 0x8000000) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x8, 0x13, r0, 0x10000000) r1 = io_uring_setup(0x4585, &(0x7f0000000080)={0x0, 0xc5cc, 0x8, 0x3, 0x1d6}) r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000000, 0x10, r1, 0x10000000) mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000000) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000100)={0x3ff}, 0x4) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000004, 0x11, r0, 0x0) io_uring_setup(0x4e29, &(0x7f0000000140)={0x0, 0xef76, 0x10, 0x3, 0x28f, 0x0, r0}) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f00000001c0)) pidfd_open(0x0, 0x0) r4 = openat$cgroup_int(r0, &(0x7f0000000200)='cpuset.mem_exclusive\x00', 0x2, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000240)=@IORING_OP_WRITE_FIXED={0x5, 0x2, 0x4007, @fd=r4, 0x0, 0x4, 0x2, 0x10, 0x1, {0x2}}, 0x90) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) fspick(r0, &(0x7f0000000280)='./file0\x00', 0x0) connect$bt_sco(r0, &(0x7f00000002c0), 0x8) sendmsg$TIPC_CMD_SET_NETID(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, 0x0, 0x2, 0x4, 0x25dfdbfd, {{}, {}, {0x8, 0x2, 0x8}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x22010895}, 0x4) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) 03:35:13 executing program 4: ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0x0, 0x4, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000000}, 0x800) r2 = geteuid() r3 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0xd0, r3, 0x2, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0x48, 0x20, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x2c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SEC_ENABLED={0x5, 0x1e, 0x1}, @NL802154_ATTR_SEC_ENABLED={0x5, 0x1e, 0x1}, @NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x1f, 0x3}, @NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x21, 0x7ff}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x18, 0x20, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}]}]}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x20, 0x20, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_ATTR_SEC_OUT_LEVEL={0x8}]}, 0xd0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NET_DM_CMD_START(r4, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4010010) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), r4) sendmsg$NL802154_CMD_SET_CCA_MODE(r5, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x5c, r6, 0x0, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_CCA_OPT={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_CCA_OPT={0x8}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0xcaaba7d5e549f224}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x5}, @NL802154_ATTR_CCA_OPT={0x8, 0xd, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000600)=0x7, 0x12) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_KEY(r7, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, 0x0, 0x800, 0x70bd2c, 0x25dfdbfd, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x34004001}, 0x20008001) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000780), r4) sendmsg$NET_DM_CMD_START(r8, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x14, r9, 0x4, 0x70bd26, 0x25dfdbfe, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004840) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r10, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x68, 0x0, 0x300, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast2}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @remote}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wg0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000}, 0x20000001) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000e80)={{0x1, r2, 0x0, 0xee00, 0x0, 0xc, 0xfe00}, 0x800, 0x4, 0x0, 0x0, 0x0, 0x0, 0x81}) 03:35:13 executing program 5: r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000001, 0x80010, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0xf08, &(0x7f0000000000)={0x0, 0xcbfb, 0x10, 0x1, 0x15b}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x118, &(0x7f0000000100), 0x0, 0x4) syz_io_uring_setup(0x828, &(0x7f0000000140)={0x0, 0x2046, 0x0, 0x0, 0x49}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000200)) syz_memcpy_off$IO_URING_METADATA_FLAGS(r3, 0x118, &(0x7f0000000240)=0x1, 0x0, 0x4) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x100000a, 0x110, r1, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r4, 0x118, &(0x7f0000000280), 0x0, 0x4) r5 = syz_io_uring_complete(r0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x1) getsockopt$WPAN_WANTLQI(r5, 0x0, 0x3, &(0x7f00000002c0), &(0x7f0000000300)=0x4) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x100000c, 0x10010, r5, 0x8000000) syz_memcpy_off$IO_URING_METADATA_FLAGS(r6, 0x118, &(0x7f0000000340), 0x0, 0x4) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x10c, &(0x7f0000000380)=0x3, 0x0, 0x4) r8 = syz_io_uring_complete(0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x0, 0x10010, r8, 0x8000000) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r5, 0x9) ioctl$RFKILL_IOCTL_NOINPUT(r5, 0x5201) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x118, &(0x7f00000003c0)=0x1, 0x0, 0x4) io_uring_setup(0x7fb0, &(0x7f0000000440)={0x0, 0xff4b, 0x4, 0x1, 0x19e}) [ 88.080516] audit: type=1400 audit(1738035313.960:7): avc: denied { execmem } for pid=270 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 03:35:13 executing program 6: r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@alg, &(0x7f0000000080)=0x80) ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5201) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x8040, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5201) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x1010, r1, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000240)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000200)='./file0\x00', 0x400, 0x0, 0x1}, 0x4) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000280)=""/57, &(0x7f00000002c0)=0x39) write$rfkill(r1, &(0x7f0000000300)={0x800, 0x0, 0x2}, 0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000340)='/dev/hwrng\x00', 0x0, r3) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) r4 = accept(r3, &(0x7f00000003c0)=@nl=@proc, &(0x7f0000000440)=0x80) fsopen(&(0x7f0000000480)='reiserfs\x00', 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000004c0), 0x40900, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000001500)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f00007fd000/0x800000)=nil, &(0x7f0000f21000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000fc9000/0x1000)=nil, &(0x7f00008eb000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000500)="bd6616d2e5606ff02e22c6fe262ba1ca1dbd1861a93af1d8d27f1e83e892b2931c2e470e5b101cd4998f4def47be37f0f61e78faca3022269ce09988c67068a6047fab1a1bf0deaad3faf9676b20eb509d7b700c20749d404ada0d3bf3c6bf78ba8ef68ab6454599c6206bcc4026e8ce0ae6befcb80dfec2d05c62e139cb97adf15cae4a961180165ff3117c74857fc2f1898e52da6d658932271a957c30d786bd4b11316e04be9778238275598ec9ae4a2b5a8f1e7b87f638cf0fd13384ce1bf21118e7406ecbd68e8091d07284533f51b06d8755f7d20ecc9b10ec7d24e4da9b755b76d527203a1930333e77ab33baccbb81104e63276511a39e0575830bd05b5b7ee8ea09c719585330a6f017c94d5c5e3a9c5ca23858edb230858b92bfda6430c31d847532239c3de670b3b250c2694acbcacdc82bca7192cd08c2ddada7494daffd721d21d43c2500b5b440eee8dd1576914475358e78c1e39650cf2047c6b30b7d3621ec76b5f9a4cddb4ed98389e60fde3cb514cc908e2941819b980fa345687a2e792be02b4c0e8262bc4d775157235386f4ec6c9dff2308e9edffaa59cb52120a0f8491f35c4034a9a33297daad2bd662e03d4d0422cddb3199c844fe3e3f59daee76800b423e06bc5ae3c68de224d276ded7feee32c269d10f42ae22efd42c216688d6efbd112a47bd09429bba8a9fbb74f32f4f4c68accd556cd4d04f98439b654991df3338579e32153e3dec8398d566bdec687e0feed5097c64760a4246ac4f5981f74313ba51f92febe8715e626e8b8034b66950a6f121bc4bb652cd9c96a031389737fc4d66029e961da428b7602b93417bbcb1badbe961ac4ef4e85bf2b36664b13ebf0ac2f2993e04de15b4b827f9bef6d37c8c608ee2f6b1d1f46aee5889ae5cdd7d7000b88b8e2d1b3f32ab519fc8c0c5d5d4f2cb6251f7fc723f43649fc06797668e28d43d9c25c9d77386a750ce6c019833fb681cec26d137e11ca879046e6fee0d011a68d22abd3af867d9b147dc6d2477d15408d5223c2dbae4f7f436f1ffaf36ee51d13438b141ae9987f0bafe0a528e5a1e44c68eacecf9a4790b6b53d1c1c13b9703b7002bdeb6bf225c8160ee046cdb6d4d074f56d3c406a13c4b6cf94e82732948cd14e392973d7e5d261c072f91de36d4ca6144e8338a8ec59a65eaa8c75125dc880738621b00bd0542db353c71d172d2f9f19c8d12c12744eb95ab62a2d2a437bd0a899044fd2b0c5316e2c44a9c81cdfd6ec8fc9a29ea4a96fbdc44303fb0514b417d9bc2331a22fb4029e63f4dae60d5dbdd19b250cc26dceec17b8915e1b440676d8eb7b479f317814b2eb75e491c045031470d95721e05c811cf7482d5eca6d235af749730740a9297b170a99a290b179237697292b9dc94ebef87331ecb592d468fb3afd164923515079924eefb2bff8ac34cbe1d19e4173f3efb328cb61f73b9834fdae1c7108e20acf35b03db02f53f84b9a536a367c49ef5c0c6bf33dbea73284aa3dea02b7e2e622091b6d76abde90fb4fec6554de32d31774fe8796f85ebe4a4a77ebe14e6cd96761cbefaacd79f7cfd80494fe575148ddba3e6b010e6753463787e13ac6aa49a38ab4e09adc84dd03c9356ac03972a9c1544cc6db56fcc2b6a25aa1f00004c833652fbfc089e0e1931626452ba323c764c41ec447e79049479dde30da198a07c5672768e02344fc8816b1adda4564156f0a9f78721e265e5ff348f3114d9459e2f0264cb9e77c69f9ecc21ded0e80f08b2293428562756c5e2ba115b79a169bfe2529670c2569f85d3174e91cc2a9ca3306d628a21f4d7fe4af30eec85e5af7339644e79dcf0ab9a9ff754e635807c2eae0dc3d505bf3038eb92567e80d4e816c614ce955617172d0c429714912a2e65517163ea101cfe98a93bef81535736bc8c9693ae071c71e5881db3ea12e5a88ed20d2075fad8b6563b20dccbafd47a806949f1eeff66ba3a3b04b5ca80a6b8260d61f31c1d915be50dbbf17dc80bc7bb7b4b1896cff95800b6f9ea4484eba813d45b2f830340012a1aef68a72df06eae48bf14e6351b071655a121cfa24cfb424efaaa34998cc494c6ac776ef4861a8cf37276f5f6e9deff0fea7f252cf11e75dde054b00c1b1389d2b8ef1c1eface4f556089090434400915afe0ee493b1cf2d4c406d6d730e5563a4d0a6613185853027a8a66da523ce493bd1214b496b524f50e51f44b11a01f32cf6c5e79cc32ecd74837cfed98f799aa7e4b32126bc36f4ae5e028c29da7cadcdda72a4aa732c7893f6d8eea9bdf4b56c654d398939532ee194cb222c1a0c0bf6ae5c37833929cead6e8226b3a5c70fb71c3448f4ec93a46287cccd8728f05dd1aa4e048ae08d8b8c3395ed907a10fe4d3103e60f63d3e0a64c4881cbbddfca734b8fe2b51811f309355dc5ba3bcfeab633e4e1d417d4a522e6f24ccab4f6a8fd3b5ce3947e633ed9d0357fce65c01281d597a051e232fd0c0e02c65c3144924ba098026787454c8d9dc5c4e1b3545eb370aaa4f5b711b9142a4078309c8b9e6f9bc8286e9b772654b52090b26f866c1542bafbc546f49fcfa01ab4840383c1922ee27edfa34e52659daf06b12b03eec53ae3d4689d4e4150c718ef6435dda54bcd9c5d47c2aa6c2e055a37f62237ae22b6f7454e64b6335ebc98e83c1992a3f64b3dab94806cf973c9228a2ce5c3fb813501a44f46240aaadabeee29b72480252f043187864904f15bdd3e3f0a09b48752e360b76135a4a1bad497ad89f4a4bd355649597b3c9d49d13cca48da0651a5b1ecae4d4e0542c50084fb412f9f81f882eee2297c2e693431c6f8b87e58b6f459d3574f16df495e1b921e957cc6abc199a2286ccda9f7be957af25bdc3cb420fff8e6bcf8c49aff75de09c4f464f3454de389bbe09b9daa528da228b201e5a08c85fcf822b066d107feb96d0babf1339c21f36d6e063bc73eff894273f482698481b180c7012c57a09e70b7e9c83f6dc6fcc3715d82a449f1676c2364c738934aa2300f06fff6ac9b72cd364b95dc7ed91828cad394dddbf51a4e1c0a52de7517968716e6cfbdee831de3942ee8e0f2472c9e776e13a89e17d9986da351cc74e8502aedce8af762f3d80708aba7d79ef9f78dd3e3e9c99b7aa98e45a23f6119fa6edf72bc9a1e32050368d454e60cfff1e96fd7771cb2a1472738a1182f569e2ccbe3debd1080f1010f5e11a8cc2a51426e6e37dca26b7ce3f93288a67b03ecd58fb19c30be4034071736a03ba6bfffa0e2adfedeebcdc04d3b883594ef1b373a2fb7a18085be74acaf58572f6aff20fd601a7b6b619a371677bd2f2d1e3dc6db4c83e5906b1239c9f55bba970640230186e938c6038eba2d7580341c488ba0187bf28a930696de9a79a7f8aef336c46b6310cb863d54abcd2c353cccb7bb1f29d4dd6fcf73647df6a99e41afcbe50d5786662a6549354b8d89cf1ea81dbe1bd61b953bc5af746fa7073dce4b489d9a014597fd983aa90cbd2bce293059da8e864f45e29a1738863462d597d85635bc5796036fdfb60de7649f304e9840674201a638b5fb81b79d603550ffc5985475926e536a27c211ecde3f3e582b6d537d44b325df6d714416517ba6cc8d5b2849332ed92cc8ce082160d16000a69d4c61ec4f2ffc0411a0ce55487ca7d516d79e162c4923cff9b9f04b9567c6bfe65f590444bf314aa4bfa5d9250d39e5c8efc778f3a9518f9829a7a4bc5137f74b27301be843e20d60f2f488274a74991f8dc9939227d31620b0f95c4c9269fa94a3b35a686b338bed1e5caa868930e8bdfb47412d324b75fb3aa37d7ffc12463235798f09073d2b81a0e5ea0e41b8e6d77b7518a99ce2be79f965d7032aa29583ebe83c4154aefd9ed7347f8a6219bf1cd8b3a6bf1a298767f33d90728edfeab6cb4d42deacfa2f8d9490f558235f377932ae6ea01d96d9941fdf66f892f441921d4cd5cd5c11e51f2505b4d547ea0002fc5d74c29709c9370ccebfdfc1590bee7512b8029195b6d6f01d24c9a5b4f6b38d3e5b5c26a708b6c2f7f58de984d72bb50469f9fb064450fabaff99b70092ea47a1b7628c9be3a621a39f1bbdb3a4e9a5c5472a8fda0fcfcc30cedb6c8cdeb74ac812c9e712cdcb214030106cdf53a446c7f94b33b868d4a55d98a493c1c4f9b5a12364d3c6a5162424d457a5b65f1684c683c502d2a68824f498c93a9318966537007841dd30ba4bce5b6a326df1628783e10b242fe9554883df8f0bd995dc48575b5d0cdaec424aa460a4c72ed16a2bf288741ed99cebd5e9e73ec42eabdfb422d3b909123364d9222ac466cb7ce59518c9f3dbd3464e03c6d6a4c6ee4cef2c2e827dcaf44c9e1be231830e8833da81829ccab52110f1bd31219577a9af31aaccb8bb72714bc4ce64ac55184e055df59ed484121228b044232d568dbf2d2ba15762bd6412c8663dc8fa3de1d27de6678c64dd41ea0d27cc732f45d83b0edd32d8e4204748a817f13d022eec131a1b19371742b5fb347e997688acc831f63b426ce4327f03a212c4f0f2f07b53a82442b9f5e2a62e6b54bc0d49e1918b7f3eedfdca3d26826ad02fd9b0e9f131ee3fc6712f446a4f4e33aed3f595decb7d8f2c1b2608de4a40aa4ea4d071e8f66e499f92bfb68098c7faaee52ae9e5afdcccb17d2fcabf94d4d78f5369e3410a60d159432bdae62493d45ac3206c8d5da2e85aadc256d69a4d3fb3ead9f1476c6238c7686fd72cb88323c29b6c93acbd950c9e2831a6e44c99043f5db3a07552506a7eed9b65a5a20ee055b3bccfb44fc7480c543ef22aebb6489fbb2bc05adf413a688724cedf5921fd6bf2ae3217e1d56a33dc5efbe70b2119f68c52e09ee42973ffeaeb75b5fe2fa8252606a7e3d2c6a75974833de9beb1f7669f0472319f6dbb3fac66ef48c354acddc48aaa010e3defd60a2c727e89d48d085b28f7954675250425185a0736522700eeb51d76dfe93907e94b0667281a6f83eee45275327fc457156659b1471ef5f7e7596433ade013eab307937d25aefc1f834cc0a034c651933542229d661cf9cc281c948669a0c60859cb7db826eedf92a62d62da8eb03a7c4ba8e676cfef95c39369d5daed38ba8012b57cb2090addc8234033b27e27c10f26ac508081387efe268c87df1132048d52969477d906d8027088239b21255c50c6581ac56139ca0f765fe2be97be7d68faf4ffb31be73ddfad75acca5bcc66fcd0a7142d080cde5b1811ca8a4e15c440a8965df701b2ee0cc18b1ee5e920bc363e08a550127ef62a93e592215ebb1f02a259caf211299275c7f27c8c7ef4957c3ae76e5c7bb191002790f132a413a80de8555fa2bf4e4364031d912080eb02602f3c00f19b96b3e61c8bac947b6db2314b57e56d6359e3e6eae7c4c7ebd232cdd0a5bdb1d88a6af96964de5c2f73a44f5d7268b4f8364cd38d121dc66499774727ae25ccf65a8db3984c0c2e580dec5592448720c76a3e3a941542cc3926c85d3fc946057a03b9b2e31d25d39f4ad93e2ee16be55568c7c25809dd923fe28b47b92d8cc91bbd51ab32ed05714e198ffa132d3ea512a0fda4d977975f20c075d5c8d211a8464fa9d94c41126a5f686a9f3e779b50b60c3c2c0ec8872cdab894a1ec1e4c0ff5e218a1b9913f6ead213d1075202391165b1eb1466430616299239637612914240e9585140a1a6e61e92871cb26ce697d85a82d63083fe55c280392f96e1b4dc25763696abb0173f7384476f36d25cfa382fd42fa8ebd4bf", 0x1000}, 0x68) sendmsg$TIPC_CMD_DISABLE_BEARER(r4, &(0x7f0000001640)={&(0x7f0000001580)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001600)={&(0x7f00000015c0)={0x2c, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {{}, {}, {0x10, 0x13, @l2={'ib', 0x3a, 'veth1\x00'}}}, ["", "", "", "", "", "", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040840}, 0x20004800) sendmsg$TIPC_CMD_SET_LINK_TOL(r5, &(0x7f0000001780)={&(0x7f0000001680)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001740)={&(0x7f00000016c0)={0x68, 0x0, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {}, {0x4c, 0x18, {0x80000001, @media='ib\x00'}}}, ["", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x40000}, 0x4) sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000001880)={&(0x7f00000017c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001840)={&(0x7f0000001800)={0x30, 0x0, 0x400, 0x70bd2b, 0x25dfdbfd, {{}, {}, {0x14, 0x18, {0x0, @bearer=@udp='udp:syz1\x00'}}}, ["", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x14) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f00000018c0)=""/254, &(0x7f00000019c0)=0xfe) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 03:35:13 executing program 7: connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000000)={0x24, @short={0x2, 0x3, 0xaaa1}}, 0x14) getsockopt$WPAN_SECURITY(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000040), &(0x7f0000000080)=0x4) bind$802154_dgram(0xffffffffffffffff, &(0x7f00000000c0), 0x14) getsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000100), &(0x7f0000000140)=0x4) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r0, &(0x7f0000000380)={&(0x7f0000000240), 0x14, &(0x7f0000000340)={&(0x7f0000000280)="113f65d45dcfdf56f9630a6c1f227f3578e5fb368f11d28183de4f99ca7c3cc2592f66f2719cc466dd943cafa22c44c0ab7874f91a47c6638d9693fb807577cbc2cfa45f0d587524f8db511740e4536b2a363260b0c07a44d18c1ceea70d03544bba021c9537d369128b68429a2130aa1df004382bfd2e034690212177454687edec4fb177200e6ad4b08eea669a690713", 0x91}, 0x1, 0x0, 0x0, 0x4000000}, 0x4c045) getsockopt$WPAN_WANTLQI(r0, 0x0, 0x3, &(0x7f00000003c0), &(0x7f0000000400)=0x4) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000440)={0x80}, 0x4) r2 = syz_io_uring_complete(0x0) getsockopt$WPAN_WANTLQI(r2, 0x0, 0x3, &(0x7f0000000480), &(0x7f00000004c0)=0x4) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000001, 0x10, r2, 0x8000000) clock_gettime(0x0, &(0x7f0000000500)={0x0, 0x0}) syz_io_uring_submit(r3, 0x0, &(0x7f0000000580)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x0, &(0x7f0000000540)={r4, r5+10000000}, 0x1, 0x1, 0x1}, 0x1f66) getsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f00000005c0), &(0x7f0000000600)=0x4) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000003, 0x810, r1, 0x7a662000) r6 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000640)='./binderfs2/binder-control\x00', 0x2, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000680)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd=r6, 0x7c6, 0x0, 0xffffffff, 0x0, 0x2}, 0x11) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700), r2) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x16200000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x30, r7, 0x100, 0x70bd2b, 0x25dfdbfc, {{}, {}, {0x14, 0x19, {0x9, 0x9, 0xbb, 0x80000000}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x511f76936d54e2c7}, 0x10000) [ 89.581396] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.589502] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.593458] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.599955] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.605822] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 89.608541] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.632317] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.639432] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.641389] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.642879] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.651322] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.665697] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.666856] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.667157] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.670549] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.670557] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.677323] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.683970] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 89.685753] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 89.687360] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.692330] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.696956] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 89.698783] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.700148] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.702442] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 89.703925] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 89.705594] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 89.706973] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 89.708660] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.709766] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.714336] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 89.714977] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 89.717957] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.733695] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.742881] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 89.754771] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 89.756555] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 89.758870] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.761761] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 89.763938] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 89.787472] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 89.791680] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 89.793467] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 89.796778] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 89.800464] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 89.807361] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 89.842465] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 89.844446] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 91.665857] Bluetooth: hci0: command tx timeout [ 91.852101] Bluetooth: hci3: command tx timeout [ 91.852165] Bluetooth: hci4: command tx timeout [ 91.852747] Bluetooth: hci2: command tx timeout [ 91.863057] Bluetooth: hci1: command tx timeout [ 91.863492] Bluetooth: hci5: command tx timeout [ 91.921228] Bluetooth: hci7: command tx timeout [ 91.922070] Bluetooth: hci6: command tx timeout [ 93.714353] Bluetooth: hci0: command tx timeout [ 93.905385] Bluetooth: hci5: command tx timeout [ 93.905655] Bluetooth: hci4: command tx timeout [ 93.906251] Bluetooth: hci3: command tx timeout [ 93.906727] Bluetooth: hci1: command tx timeout [ 93.907594] Bluetooth: hci2: command tx timeout [ 93.969544] Bluetooth: hci7: command tx timeout [ 93.970328] Bluetooth: hci6: command tx timeout [ 95.761252] Bluetooth: hci0: command tx timeout [ 95.955148] Bluetooth: hci5: command tx timeout [ 95.956286] Bluetooth: hci2: command tx timeout [ 95.957251] Bluetooth: hci1: command tx timeout [ 95.958174] Bluetooth: hci3: command tx timeout [ 95.958919] Bluetooth: hci4: command tx timeout [ 96.017540] Bluetooth: hci7: command tx timeout [ 96.018784] Bluetooth: hci6: command tx timeout [ 97.809102] Bluetooth: hci0: command tx timeout [ 98.001145] Bluetooth: hci4: command tx timeout [ 98.001677] Bluetooth: hci3: command tx timeout [ 98.001721] Bluetooth: hci5: command tx timeout [ 98.002194] Bluetooth: hci2: command tx timeout [ 98.002625] Bluetooth: hci1: command tx timeout [ 98.065111] Bluetooth: hci6: command tx timeout [ 98.065612] Bluetooth: hci7: command tx timeout [ 146.506158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.506904] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.763063] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.763735] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.072202] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.073255] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.187748] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.188544] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.427961] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.429286] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.667508] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.668217] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 03:36:13 executing program 3: r0 = semget$private(0x0, 0x0, 0xa6) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f0000000000)=""/95) r1 = semget(0x2, 0x3, 0x0) semctl$SEM_INFO(r1, 0x0, 0x13, &(0x7f0000000080)=""/214) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000180)={{0x0, 0xee01, 0xee01, 0xee01, 0xee01, 0x56, 0xff4e}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1f}) semctl$GETVAL(r0, 0x3, 0xc, &(0x7f0000000200)=""/44) semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000240)=""/56) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x0}) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f00000002c0)=""/126) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000340)=""/15) semop(r1, &(0x7f0000000380)=[{0x4}, {0x0, 0x1ff, 0x1000}, {0x0, 0x7, 0x1800}, {0x0, 0x3f, 0x1000}, {0x2, 0x9}, {0x1, 0x81, 0x1800}, {0x3, 0x7f, 0x3000}, {0x3, 0x4, 0x800}, {0x0, 0x0, 0x1000}], 0x9) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f00000003c0)=""/4096) semctl$GETNCNT(r1, 0x2, 0xe, &(0x7f00000013c0)=""/218) r2 = semget(0x3, 0x2, 0x482) semctl$GETNCNT(r0, 0x0, 0xe, &(0x7f00000014c0)=""/96) semctl$GETALL(r2, 0x0, 0xd, &(0x7f0000001540)=""/193) r3 = geteuid() r4 = getgid() semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000001640)={{0x2, r3, 0xffffffffffffffff, 0xee01, r4, 0x189, 0x1}, 0xc561, 0x1000}) semctl$SEM_INFO(0x0, 0x1, 0x13, &(0x7f00000016c0)=""/4096) [ 148.165125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.165800] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 03:36:14 executing program 3: r0 = semget$private(0x0, 0x0, 0xa6) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f0000000000)=""/95) r1 = semget(0x2, 0x3, 0x0) semctl$SEM_INFO(r1, 0x0, 0x13, &(0x7f0000000080)=""/214) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000180)={{0x0, 0xee01, 0xee01, 0xee01, 0xee01, 0x56, 0xff4e}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1f}) semctl$GETVAL(r0, 0x3, 0xc, &(0x7f0000000200)=""/44) semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000240)=""/56) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x0}) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f00000002c0)=""/126) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000340)=""/15) semop(r1, &(0x7f0000000380)=[{0x4}, {0x0, 0x1ff, 0x1000}, {0x0, 0x7, 0x1800}, {0x0, 0x3f, 0x1000}, {0x2, 0x9}, {0x1, 0x81, 0x1800}, {0x3, 0x7f, 0x3000}, {0x3, 0x4, 0x800}, {0x0, 0x0, 0x1000}], 0x9) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f00000003c0)=""/4096) semctl$GETNCNT(r1, 0x2, 0xe, &(0x7f00000013c0)=""/218) r2 = semget(0x3, 0x2, 0x482) semctl$GETNCNT(r0, 0x0, 0xe, &(0x7f00000014c0)=""/96) semctl$GETALL(r2, 0x0, 0xd, &(0x7f0000001540)=""/193) r3 = geteuid() r4 = getgid() semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000001640)={{0x2, r3, 0xffffffffffffffff, 0xee01, r4, 0x189, 0x1}, 0xc561, 0x1000}) semctl$SEM_INFO(0x0, 0x1, 0x13, &(0x7f00000016c0)=""/4096) 03:36:14 executing program 3: r0 = semget$private(0x0, 0x0, 0xa6) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f0000000000)=""/95) r1 = semget(0x2, 0x3, 0x0) semctl$SEM_INFO(r1, 0x0, 0x13, &(0x7f0000000080)=""/214) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000180)={{0x0, 0xee01, 0xee01, 0xee01, 0xee01, 0x56, 0xff4e}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1f}) semctl$GETVAL(r0, 0x3, 0xc, &(0x7f0000000200)=""/44) semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000240)=""/56) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x0}) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f00000002c0)=""/126) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000340)=""/15) semop(r1, &(0x7f0000000380)=[{0x4}, {0x0, 0x1ff, 0x1000}, {0x0, 0x7, 0x1800}, {0x0, 0x3f, 0x1000}, {0x2, 0x9}, {0x1, 0x81, 0x1800}, {0x3, 0x7f, 0x3000}, {0x3, 0x4, 0x800}, {0x0, 0x0, 0x1000}], 0x9) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f00000003c0)=""/4096) semctl$GETNCNT(r1, 0x2, 0xe, &(0x7f00000013c0)=""/218) r2 = semget(0x3, 0x2, 0x482) semctl$GETNCNT(r0, 0x0, 0xe, &(0x7f00000014c0)=""/96) semctl$GETALL(r2, 0x0, 0xd, &(0x7f0000001540)=""/193) r3 = geteuid() r4 = getgid() semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000001640)={{0x2, r3, 0xffffffffffffffff, 0xee01, r4, 0x189, 0x1}, 0xc561, 0x1000}) semctl$SEM_INFO(0x0, 0x1, 0x13, &(0x7f00000016c0)=""/4096) 03:36:14 executing program 3: r0 = semget$private(0x0, 0x0, 0xa6) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f0000000000)=""/95) r1 = semget(0x2, 0x3, 0x0) semctl$SEM_INFO(r1, 0x0, 0x13, &(0x7f0000000080)=""/214) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000180)={{0x0, 0xee01, 0xee01, 0xee01, 0xee01, 0x56, 0xff4e}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1f}) semctl$GETVAL(r0, 0x3, 0xc, &(0x7f0000000200)=""/44) semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000240)=""/56) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x0}) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f00000002c0)=""/126) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000340)=""/15) semop(r1, &(0x7f0000000380)=[{0x4}, {0x0, 0x1ff, 0x1000}, {0x0, 0x7, 0x1800}, {0x0, 0x3f, 0x1000}, {0x2, 0x9}, {0x1, 0x81, 0x1800}, {0x3, 0x7f, 0x3000}, {0x3, 0x4, 0x800}, {0x0, 0x0, 0x1000}], 0x9) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f00000003c0)=""/4096) semctl$GETNCNT(r1, 0x2, 0xe, &(0x7f00000013c0)=""/218) r2 = semget(0x3, 0x2, 0x482) semctl$GETNCNT(r0, 0x0, 0xe, &(0x7f00000014c0)=""/96) semctl$GETALL(r2, 0x0, 0xd, &(0x7f0000001540)=""/193) r3 = geteuid() r4 = getgid() semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000001640)={{0x2, r3, 0xffffffffffffffff, 0xee01, r4, 0x189, 0x1}, 0xc561, 0x1000}) 03:36:14 executing program 3: r0 = semget$private(0x0, 0x0, 0xa6) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f0000000000)=""/95) r1 = semget(0x2, 0x3, 0x0) semctl$SEM_INFO(r1, 0x0, 0x13, &(0x7f0000000080)=""/214) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000180)={{0x0, 0xee01, 0xee01, 0xee01, 0xee01, 0x56, 0xff4e}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1f}) semctl$GETVAL(r0, 0x3, 0xc, &(0x7f0000000200)=""/44) semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000240)=""/56) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x0}) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f00000002c0)=""/126) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000340)=""/15) semop(r1, &(0x7f0000000380)=[{0x4}, {0x0, 0x1ff, 0x1000}, {0x0, 0x7, 0x1800}, {0x0, 0x3f, 0x1000}, {0x2, 0x9}, {0x1, 0x81, 0x1800}, {0x3, 0x7f, 0x3000}, {0x3, 0x4, 0x800}, {0x0, 0x0, 0x1000}], 0x9) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f00000003c0)=""/4096) semctl$GETNCNT(r1, 0x2, 0xe, &(0x7f00000013c0)=""/218) r2 = semget(0x3, 0x2, 0x482) semctl$GETNCNT(r0, 0x0, 0xe, &(0x7f00000014c0)=""/96) semctl$GETALL(r2, 0x0, 0xd, &(0x7f0000001540)=""/193) geteuid() getgid() [ 148.851067] [ 148.851266] ====================================================== [ 148.851793] WARNING: possible circular locking dependency detected [ 148.852324] 6.13.0-next-20250124 #1 Not tainted [ 148.852725] ------------------------------------------------------ [ 148.854362] kworker/u8:1/65 is trying to acquire lock: [ 148.855559] ffffffff8621d8e8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 148.858020] [ 148.858020] but task is already holding lock: [ 148.859265] ffff888015bf8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 148.861520] [ 148.861520] which lock already depends on the new lock. [ 148.861520] [ 148.862202] [ 148.862202] the existing dependency chain (in reverse order) is: [ 148.862815] [ 148.862815] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 148.863385] __mutex_lock+0x13d/0xb50 [ 148.863783] wiphy_register+0x1b2e/0x25d0 [ 148.864213] ieee80211_register_hw+0x23a4/0x3d60 [ 148.864693] mac80211_hwsim_new_radio+0x2759/0x4d60 [ 148.865217] init_mac80211_hwsim+0x389/0x870 [ 148.865690] do_one_initcall+0xf9/0x640 [ 148.866121] kernel_init_freeable+0x53d/0x7a0 [ 148.866591] kernel_init+0x1e/0x2d0 [ 148.866966] ret_from_fork+0x48/0x80 [ 148.867351] ret_from_fork_asm+0x1a/0x30 [ 148.867782] [ 148.867782] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 148.868330] __lock_acquire+0x29fd/0x4580 [ 148.868762] lock_acquire+0x19b/0x520 [ 148.869166] __mutex_lock+0x13d/0xb50 [ 148.869572] unregister_netdevice_many_notify+0x1612/0x1c80 [ 148.870130] unregister_netdevice_queue+0x224/0x2e0 [ 148.870619] _cfg80211_unregister_wdev+0x57b/0x700 [ 148.871116] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 148.871609] ieee80211_unregister_hw+0x55/0x3a0 [ 148.872075] hwsim_exit_net+0x3a0/0x730 [ 148.872485] ops_exit_list+0xb3/0x180 [ 148.872884] cleanup_net+0x546/0xad0 [ 148.873282] process_one_work+0x8ee/0x1a10 [ 148.873735] worker_thread+0x674/0xe70 [ 148.874156] kthread+0x3ab/0x720 [ 148.874536] ret_from_fork+0x48/0x80 [ 148.874918] ret_from_fork_asm+0x1a/0x30 [ 148.875351] [ 148.875351] other info that might help us debug this: [ 148.875351] [ 148.876021] Possible unsafe locking scenario: [ 148.876021] [ 148.876527] CPU0 CPU1 [ 148.876923] ---- ---- [ 148.877329] lock(&rdev->wiphy.mtx); [ 148.877686] lock(rtnl_mutex); [ 148.878194] lock(&rdev->wiphy.mtx); [ 148.878745] lock(rtnl_mutex); [ 148.879059] [ 148.879059] *** DEADLOCK *** [ 148.879059] [ 148.879562] 4 locks held by kworker/u8:1/65: [ 148.879946] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 148.880839] #1: ffff88800bc5fd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 148.881713] #2: ffffffff86211910 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 148.882521] #3: ffff888015bf8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 148.883420] [ 148.883420] stack backtrace: [ 148.883807] CPU: 1 UID: 0 PID: 65 Comm: kworker/u8:1 Not tainted 6.13.0-next-20250124 #1 [ 148.883844] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 148.883866] Workqueue: netns cleanup_net [ 148.883906] Call Trace: [ 148.883916] [ 148.883927] dump_stack_lvl+0xca/0x120 [ 148.883986] print_circular_bug+0x47b/0x750 [ 148.884032] check_noncircular+0x2e9/0x3c0 [ 148.884075] ? __pfx_check_noncircular+0x10/0x10 [ 148.884116] ? hlock_class+0x4e/0x130 [ 148.884147] ? mark_lock+0xac/0xed0 [ 148.884187] ? srso_return_thunk+0x5/0x5f [ 148.884247] ? dl_scaled_delta_exec+0xd4/0x2c0 [ 148.884293] ? lockdep_lock+0xba/0x1b0 [ 148.884351] ? __pfx_lockdep_lock+0x10/0x10 [ 148.884413] __lock_acquire+0x29fd/0x4580 [ 148.884467] ? __pfx___lock_acquire+0x10/0x10 [ 148.884510] ? lock_release+0x20f/0x6f0 [ 148.884554] ? __pfx_lock_release+0x10/0x10 [ 148.884602] lock_acquire+0x19b/0x520 [ 148.884645] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 148.884694] ? __pfx_lock_acquire+0x10/0x10 [ 148.884739] ? srso_return_thunk+0x5/0x5f [ 148.884794] ? lock_release+0x20f/0x6f0 [ 148.884837] ? srso_return_thunk+0x5/0x5f [ 148.884892] ? lock_is_held_type+0x9e/0x120 [ 148.884947] ? srso_return_thunk+0x5/0x5f [ 148.885006] __mutex_lock+0x13d/0xb50 [ 148.885058] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 148.885110] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 148.885156] ? srso_return_thunk+0x5/0x5f [ 148.885211] ? synchronize_rcu_expedited+0x38a/0x420 [ 148.885255] ? __pfx___mutex_lock+0x10/0x10 [ 148.885309] ? __pfx_autoremove_wake_function+0x10/0x10 [ 148.885363] ? srso_return_thunk+0x5/0x5f [ 148.885418] ? kasan_quarantine_put+0x84/0x1e0 [ 148.885479] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 148.885515] ? srso_return_thunk+0x5/0x5f [ 148.885574] unregister_netdevice_many_notify+0x1612/0x1c80 [ 148.885619] ? __virt_addr_valid+0x2e8/0x5d0 [ 148.885673] ? __pfx_lock_release+0x10/0x10 [ 148.885717] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 148.885763] ? find_held_lock+0x2c/0x110 [ 148.885821] ? srso_return_thunk+0x5/0x5f [ 148.885879] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 148.885939] ? srso_return_thunk+0x5/0x5f [ 148.885994] ? lock_release+0x20f/0x6f0 [ 148.886039] ? __pfx_lock_release+0x10/0x10 [ 148.886082] ? srso_return_thunk+0x5/0x5f [ 148.886137] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 148.886184] ? srso_return_thunk+0x5/0x5f [ 148.886244] unregister_netdevice_queue+0x224/0x2e0 [ 148.886288] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 148.886331] ? up_write+0x195/0x520 [ 148.886386] _cfg80211_unregister_wdev+0x57b/0x700 [ 148.886438] ? srso_return_thunk+0x5/0x5f [ 148.886497] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 148.886535] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 148.886574] ? srso_return_thunk+0x5/0x5f [ 148.886629] ? srso_return_thunk+0x5/0x5f [ 148.886684] ? synchronize_rcu+0x1ff/0x260 [ 148.886727] ieee80211_unregister_hw+0x55/0x3a0 [ 148.886771] hwsim_exit_net+0x3a0/0x730 [ 148.886813] ? __pfx_hwsim_exit_net+0x10/0x10 [ 148.886854] ? srso_return_thunk+0x5/0x5f [ 148.886909] ? netdev_run_todo+0x788/0x1040 [ 148.886958] ? __pfx_hwsim_exit_net+0x10/0x10 [ 148.887001] ops_exit_list+0xb3/0x180 [ 148.887043] cleanup_net+0x546/0xad0 [ 148.887088] ? __pfx_cleanup_net+0x10/0x10 [ 148.887141] process_one_work+0x8ee/0x1a10 [ 148.887206] ? __pfx_lock_acquire+0x10/0x10 [ 148.887251] ? __pfx_process_one_work+0x10/0x10 [ 148.887309] ? srso_return_thunk+0x5/0x5f [ 148.887364] ? move_linked_works+0x172/0x270 [ 148.887409] ? srso_return_thunk+0x5/0x5f [ 148.887464] ? assign_work+0x196/0x240 [ 148.887521] worker_thread+0x674/0xe70 [ 148.887579] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 148.887631] ? srso_return_thunk+0x5/0x5f [ 148.887686] ? __pfx_worker_thread+0x10/0x10 [ 148.887745] kthread+0x3ab/0x720 [ 148.887797] ? __pfx_kthread+0x10/0x10 [ 148.887849] ? srso_return_thunk+0x5/0x5f [ 148.887904] ? finish_task_switch.isra.0+0x206/0x840 [ 148.887955] ? __pfx_kthread+0x10/0x10 [ 148.888009] ret_from_fork+0x48/0x80 [ 148.888040] ? __pfx_kthread+0x10/0x10 [ 148.888093] ret_from_fork_asm+0x1a/0x30 [ 148.888159] 03:36:15 executing program 3: r0 = semget$private(0x0, 0x0, 0xa6) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f0000000000)=""/95) r1 = semget(0x2, 0x3, 0x0) semctl$SEM_INFO(r1, 0x0, 0x13, &(0x7f0000000080)=""/214) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000180)={{0x0, 0xee01, 0xee01, 0xee01, 0xee01, 0x56, 0xff4e}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1f}) semctl$GETVAL(r0, 0x3, 0xc, &(0x7f0000000200)=""/44) semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000240)=""/56) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x0}) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f00000002c0)=""/126) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000340)=""/15) semop(r1, &(0x7f0000000380)=[{0x4}, {0x0, 0x1ff, 0x1000}, {0x0, 0x7, 0x1800}, {0x0, 0x3f, 0x1000}, {0x2, 0x9}, {0x1, 0x81, 0x1800}, {0x3, 0x7f, 0x3000}, {0x3, 0x4, 0x800}, {0x0, 0x0, 0x1000}], 0x9) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f00000003c0)=""/4096) semctl$GETNCNT(r1, 0x2, 0xe, &(0x7f00000013c0)=""/218) r2 = semget(0x3, 0x2, 0x482) semctl$GETNCNT(r0, 0x0, 0xe, &(0x7f00000014c0)=""/96) semctl$GETALL(r2, 0x0, 0xd, &(0x7f0000001540)=""/193) getgid() 03:36:15 executing program 3: r0 = semget$private(0x0, 0x0, 0xa6) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f0000000000)=""/95) r1 = semget(0x2, 0x3, 0x0) semctl$SEM_INFO(r1, 0x0, 0x13, &(0x7f0000000080)=""/214) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000180)={{0x0, 0xee01, 0xee01, 0xee01, 0xee01, 0x56, 0xff4e}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1f}) semctl$GETVAL(r0, 0x3, 0xc, &(0x7f0000000200)=""/44) semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000240)=""/56) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x0}) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f00000002c0)=""/126) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000340)=""/15) semop(r1, &(0x7f0000000380)=[{0x4}, {0x0, 0x1ff, 0x1000}, {0x0, 0x7, 0x1800}, {0x0, 0x3f, 0x1000}, {0x2, 0x9}, {0x1, 0x81, 0x1800}, {0x3, 0x7f, 0x3000}, {0x3, 0x4, 0x800}, {0x0, 0x0, 0x1000}], 0x9) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f00000003c0)=""/4096) semctl$GETNCNT(r1, 0x2, 0xe, &(0x7f00000013c0)=""/218) semget(0x3, 0x2, 0x482) semctl$GETNCNT(r0, 0x0, 0xe, &(0x7f00000014c0)=""/96) getgid() 03:36:15 executing program 3: r0 = semget$private(0x0, 0x0, 0xa6) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f0000000000)=""/95) r1 = semget(0x2, 0x3, 0x0) semctl$SEM_INFO(r1, 0x0, 0x13, &(0x7f0000000080)=""/214) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000180)={{0x0, 0xee01, 0xee01, 0xee01, 0xee01, 0x56, 0xff4e}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1f}) semctl$GETVAL(r0, 0x3, 0xc, &(0x7f0000000200)=""/44) semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000240)=""/56) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x0}) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f00000002c0)=""/126) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000340)=""/15) semop(r1, &(0x7f0000000380)=[{0x4}, {0x0, 0x1ff, 0x1000}, {0x0, 0x7, 0x1800}, {0x0, 0x3f, 0x1000}, {0x2, 0x9}, {0x1, 0x81, 0x1800}, {0x3, 0x7f, 0x3000}, {0x3, 0x4, 0x800}, {0x0, 0x0, 0x1000}], 0x9) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f00000003c0)=""/4096) semctl$GETNCNT(r1, 0x2, 0xe, &(0x7f00000013c0)=""/218) semget(0x3, 0x2, 0x482) getgid() [ 151.598289] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 151.602124] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 151.604335] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 151.614509] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 151.615433] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 151.616901] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 151.618028] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 151.619153] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 151.620097] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 151.621714] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 151.622690] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 151.627128] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 151.627857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 151.629240] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 151.629965] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 151.630718] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 151.633400] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 151.635075] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 151.635103] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 151.640416] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 151.643250] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 151.651212] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 151.652237] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 151.653346] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 151.656469] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 151.660115] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 151.660176] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 151.662255] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 151.673362] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 151.675225] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 151.678561] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 151.690714] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 151.699940] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 151.703469] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 151.707191] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 151.710487] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 151.723371] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 151.727300] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 151.734819] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 151.753206] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 151.757487] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 151.761230] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 153.684257] Bluetooth: hci1: command tx timeout [ 153.685274] Bluetooth: hci0: command tx timeout [ 153.745339] Bluetooth: hci6: command tx timeout [ 153.747117] Bluetooth: hci3: command tx timeout [ 153.747907] Bluetooth: hci2: command tx timeout [ 153.749102] Bluetooth: hci5: command tx timeout [ 153.809356] Bluetooth: hci7: command tx timeout [ 155.729127] Bluetooth: hci0: command tx timeout [ 155.729621] Bluetooth: hci1: command tx timeout [ 155.793471] Bluetooth: hci6: command tx timeout [ 155.793907] Bluetooth: hci2: command tx timeout [ 155.794505] Bluetooth: hci5: command tx timeout [ 155.794913] Bluetooth: hci3: command tx timeout [ 155.857995] Bluetooth: hci7: command tx timeout [ 157.777048] Bluetooth: hci0: command tx timeout [ 157.777534] Bluetooth: hci1: command tx timeout [ 157.841154] Bluetooth: hci6: command tx timeout [ 157.841613] Bluetooth: hci2: command tx timeout [ 157.842209] Bluetooth: hci3: command tx timeout [ 157.842618] Bluetooth: hci5: command tx timeout [ 157.905068] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 03:36:14 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88806cf41280 RCX=ffffffff816643a2 RDX=ffff8880314d1bc0 RSI=ffffffff8166437c RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888032f6f7c8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000003 R12=ffffed100d9e8251 R13=ffff88806cf41288 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff8166437e RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000c0057a7000 CR3=000000000c030000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000560342bcc6800000560342bda220 XMM06=000000000000000000000000ffffffff XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000061 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283f165 RDI=ffffffff886970a0 RBP=ffffffff88697060 RSP=ffff88800bc5ec90 R8 =0000000000000000 R9 =ffffed1001d70046 R10=0000000000000061 R11=3038383866666666 R12=0000000000000061 R13=0000000000000010 R14=ffffffff88697060 R15=ffffffff8283f150 RIP=ffffffff8283f1bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f62fd3b03a4 CR3=000000000e4a6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=0000000000000000416fc0e400000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000