Warning: Permanently added '[localhost]:10670' (ECDSA) to the list of known hosts. 2025/01/20 01:49:40 fuzzer started 2025/01/20 01:49:40 dialing manager at localhost:44245 syzkaller login: [ 69.683897] cgroup: Unknown subsys name 'net' [ 69.790444] cgroup: Unknown subsys name 'cpuset' [ 69.815870] cgroup: Unknown subsys name 'rlimit' [ 75.757910] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/20 01:49:56 syscalls: 2217 2025/01/20 01:49:56 code coverage: enabled 2025/01/20 01:49:56 comparison tracing: enabled 2025/01/20 01:49:56 extra coverage: enabled 2025/01/20 01:49:56 setuid sandbox: enabled 2025/01/20 01:49:56 namespace sandbox: enabled 2025/01/20 01:49:56 Android sandbox: enabled 2025/01/20 01:49:56 fault injection: enabled 2025/01/20 01:49:56 leak checking: enabled 2025/01/20 01:49:56 net packet injection: enabled 2025/01/20 01:49:56 net device setup: enabled 2025/01/20 01:49:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/20 01:49:56 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/20 01:49:56 USB emulation: enabled 2025/01/20 01:49:56 hci packet injection: enabled 2025/01/20 01:49:56 wifi device emulation: enabled 2025/01/20 01:49:56 802.15.4 emulation: enabled 2025/01/20 01:49:56 fetching corpus: 50, signal 23627/25182 (executing program) 2025/01/20 01:49:56 fetching corpus: 100, signal 32742/35579 (executing program) 2025/01/20 01:49:56 fetching corpus: 150, signal 41815/45573 (executing program) 2025/01/20 01:49:57 fetching corpus: 200, signal 46371/51016 (executing program) 2025/01/20 01:49:57 fetching corpus: 250, signal 51096/56474 (executing program) 2025/01/20 01:49:57 fetching corpus: 300, signal 54383/60475 (executing program) 2025/01/20 01:49:57 fetching corpus: 350, signal 57140/63856 (executing program) 2025/01/20 01:49:57 fetching corpus: 400, signal 60817/67960 (executing program) 2025/01/20 01:49:57 fetching corpus: 450, signal 65693/72925 (executing program) 2025/01/20 01:49:57 fetching corpus: 500, signal 68979/76425 (executing program) 2025/01/20 01:49:58 fetching corpus: 550, signal 72253/79764 (executing program) 2025/01/20 01:49:58 fetching corpus: 600, signal 73781/81671 (executing program) 2025/01/20 01:49:58 fetching corpus: 650, signal 75423/83584 (executing program) 2025/01/20 01:49:58 fetching corpus: 700, signal 77714/85906 (executing program) 2025/01/20 01:49:58 fetching corpus: 750, signal 79657/87883 (executing program) 2025/01/20 01:49:58 fetching corpus: 800, signal 82309/90309 (executing program) 2025/01/20 01:49:58 fetching corpus: 850, signal 83917/91946 (executing program) 2025/01/20 01:49:59 fetching corpus: 900, signal 86115/93953 (executing program) 2025/01/20 01:49:59 fetching corpus: 950, signal 88326/95861 (executing program) 2025/01/20 01:49:59 fetching corpus: 1000, signal 91020/97922 (executing program) 2025/01/20 01:49:59 fetching corpus: 1050, signal 93226/99595 (executing program) 2025/01/20 01:49:59 fetching corpus: 1100, signal 95167/101063 (executing program) 2025/01/20 01:49:59 fetching corpus: 1150, signal 96078/101869 (executing program) 2025/01/20 01:49:59 fetching corpus: 1200, signal 98741/103601 (executing program) 2025/01/20 01:50:00 fetching corpus: 1250, signal 99725/104294 (executing program) 2025/01/20 01:50:00 fetching corpus: 1300, signal 101230/105260 (executing program) 2025/01/20 01:50:00 fetching corpus: 1350, signal 102863/106265 (executing program) 2025/01/20 01:50:00 fetching corpus: 1400, signal 105532/107670 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/107789 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/107881 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/107979 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108047 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108112 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108188 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108255 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108335 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108419 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108500 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108581 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108664 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108752 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108828 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108915 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/108992 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/109059 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/109146 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/109226 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/109303 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/109376 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/109454 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/109522 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/109599 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/109673 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/109730 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/109788 (executing program) 2025/01/20 01:50:00 fetching corpus: 1402, signal 105616/109788 (executing program) 2025/01/20 01:50:04 starting 8 fuzzer processes 01:50:04 executing program 1: madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x16) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000, 0x4, &(0x7f0000ffe000/0x1000)=nil) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14) mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3, &(0x7f0000000000)=0x3, 0x97, 0x4) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xa) mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, &(0x7f0000000040)=0x100, 0x8, 0x4) mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4000, &(0x7f0000000080)=0x20, 0x5, 0x1) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, &(0x7f00000000c0)=0x40, 0x1, 0x3) madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)) mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) mbind(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x8000, &(0x7f0000000140)=0x4, 0x3, 0x2) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffa000/0x4000)=nil) madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x4) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, &(0x7f0000000180)=""/58) mlock2(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8000, &(0x7f00000001c0)=0x9, 0x6, 0x4) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2, &(0x7f0000000200)=0x10000, 0x5, 0x9) mremap(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 01:50:04 executing program 0: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000011}, 0x40000) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) sendmsg$AUDIT_TTY_SET(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x18, 0x3f9, 0x100, 0x70bd2b, 0x25dfdbfb, {0x0, 0x2}, ["", "", "", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x41}, 0x40001) sendmsg$NL80211_CMD_DEL_PMK(r0, &(0x7f0000000340)={&(0x7f0000000240), 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x4c, 0x0, 0x602, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x1c) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, 0x0, 0x100, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x810}, 0x20000000) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000480)='/proc/tty/drivers\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r2, 0xc400941d, &(0x7f00000004c0)={0x0, 0x0, 0x34f0}) sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x38, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @loopback}, @NLBL_UNLABEL_A_ACPTFLG={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x4011) sendmsg$NFQNL_MSG_VERDICT(r2, &(0x7f0000000b80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000b40)={&(0x7f0000000a00)={0x134, 0x1, 0x3, 0x201, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFQA_PAYLOAD={0xfc, 0xa, "fc5f9ab993339b5759721328c579c3eadb9e10405fc70b5f43912c7bf34cb51dc764fd588fe3c7f2a61beb2a4a1e91f0e7f2930cba127582aefee94eb80a2e172dad73ac75ab545ee966712631f15c3a9e82035ee818e3454dbad23d76dcfc62f4e6886650248b50d135d44467d00107e3cb4baff30fc196ee65370540bbd3155709c8cd7cbb05586e31c882740298e0aa517285617d3d49945ed6d70c1467f3aa1d4bfcf759280956901ee0109452fd3b4daff316a906799faeb6b74a298ac83fe8e0bc342ae4550fac74cc157c52952637c25633bfa6e4e9f37266b361a692b0eab7f5ecd89ee945e6aa344185b28478607c67dd998fc7"}, @NFQA_VLAN={0x24, 0x13, 0x0, 0x1, [@NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x88a8}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x88a8}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x9}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}]}]}, 0x134}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) ioctl$BTRFS_IOC_SET_FEATURES(r0, 0x40309439, &(0x7f0000000bc0)={0x1, 0x0, 0x16}) r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000c40), r0) sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000d40)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000d00)={&(0x7f0000000c80)={0x48, r3, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast1}, @GTPA_TID={0xc, 0x3, 0x4}, @GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_O_TEI={0x8, 0x9, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000840}, 0x4) sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000e40)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x3c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200480d0}, 0xd4) r4 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000e80), 0x14000, 0x0) sendmsg$NL80211_CMD_SET_REG(r4, &(0x7f0000001100)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000010c0)={&(0x7f0000000f00)={0x18c, 0x0, 0x2, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_RULES={0x74, 0x22, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xffff}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x4}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7fffffff}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x7}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xff}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x7}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x3}]}, {0x4}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x42f}]}]}, @NL80211_ATTR_REG_RULES={0xf4, 0x22, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xfff}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x7fffffff}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xc1a4}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1f}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x400}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xbf02}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x40}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x52b}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x8}]}, {0x4c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x5}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x82}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x80000001}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x80000000}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x6}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x6}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0xac46}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x3}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x73}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x3b8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x3a6}]}]}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x6}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x5}]}, 0x18c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001180), r4) sendmsg$ETHTOOL_MSG_RINGS_GET(r0, &(0x7f0000001300)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000012c0)={&(0x7f00000011c0)={0xf4, r5, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4000}, 0x4044) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000001340), r6) 01:50:04 executing program 2: lseek(0xffffffffffffffff, 0x7fff, 0x4) r0 = memfd_secret(0x80000) ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000000)) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) linkat(r1, &(0x7f0000000080)='./file0\x00', r0, &(0x7f00000000c0)='./file0\x00', 0x400) ioctl$IOC_PR_RESERVE(r1, 0x401070c9, &(0x7f0000000100)={0xfffffffffffffffb, 0x21e400, 0x1}) ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000140)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000180)=0x6) r3 = syz_open_dev$hiddev(&(0x7f00000001c0), 0xffff, 0x81) write$binfmt_elf64(r3, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x7f, 0x8, 0x8, 0x5, 0x7, 0x3, 0x5, 0x100, 0x262, 0x40, 0x1c0, 0x3, 0x3ff, 0x38, 0x2, 0x3, 0x400, 0x1}, [{0x7, 0x0, 0x1, 0x5, 0xb0, 0x100000000, 0x81, 0xffff}, {0x7, 0x101, 0x8, 0x1, 0x3, 0x3, 0x8, 0xfffffffffffffffb}], "8a67f4d277ab579397d547ac21230279bb41a90d13d20d2dcd2803a3edc9c76428d67cc7570f2ed2c1c5c357f1cbb4cb73d020aea7f579b65aa8e70d75a618e0024ec37014b59966005e654efabd7043", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xa00) r4 = open_tree(0xffffffffffffffff, &(0x7f0000000c00)='./file0\x00', 0x81100) ioctl$BTRFS_IOC_SNAP_DESTROY(r4, 0x5000940f, &(0x7f0000000c40)={{}, "4c239469b8eb8f48a9fee8084f678ca325803bb4a069227742faecb6b63f45c805133be5a4e0469c2f7439436ab8b794eb71d3808827ecc65168bbce89223671dcf6deb03aea24a34d730601fde98914f66eacd33f11c3d99f6c3bca1a3cf767202dd6411e65dd5dce77586760c118ced1ea5213e010a6170ea8c23c2602c8abbd7a440e96621cde51b24389d834822aa70c9a68bb0177392b8e0f010332ebd3bd52762ff99cc2679be81991b358951b1b174e741cc40188808c759531edc6dac95fea4538344e01297df56a26617461e4e4ddcf2d62d13e5b674e722dc18b9034575947eae99b33ce5fc03626842bfef7ae856e10d3c46cbf14a805f7eb8ee755e03c5e9c10b634e1363a4c8966c9d0246ae1dafb2cef91b2f8a7ca6b465f98326618cbae82ec52f493ae0aeb8a4b625ce94ffcdc32c293d84cd8d672568a49ee1e798fdd268229988731a6f3cef1d8c942e2446c7a23891a55449c0d1fc3fe538746e5039911ba3aa4e05c636b0f32bc1a0ddd3e8752b194bb5c4ecbfee51961a2951a624ca79a05f6ea55580516e4205781fecfc0e57d6c1b2c0047ad4dd273080134fec52a84c27cdeb89b9e74e5f9549d27adc2585f957f93efff4f682379d65c19303ea9f6dbc928cf28492b59468f75a8c767c3ebd72fb0983e24435e521f1c2d599556a3b606bfe20a030937b2585ad3032c93a946a06dee034e88cfecc075e996e6508cc4cf437bc6bcaee6d8209408d26d3164dbd7b0f0a6314dd646ca82c1dd49f060a568910dcbc9abad93f0d75c4608753dedbfaac309f4bc93ed4abf1dbeb0e1b1f0d7799ba2ba5971a182d47749e48f920129e18b4001603efb5eac9b30fbc3cc88035d930399c2e97f8e3be64f261054b5275b969ba9331445f8ffb2be85238125cdffc6068393d08a35231e414e13f902c1c473778f76f3dbff08bbe8f36332f0721d29ead0c144411fdc4046c19ecaf1fd46f9f492069513d096bb8c8a1f26d7ede6f3b1171e3a0eccea3c2ad756b89f9e054fd2f1f5e9d38b9d0b0ae345149d1ab889ccc04eea6bed87d72fd1ce8132c607c315f5d6c68a28875370c5932e91603220469969a4e63a3592ae986fd0193a6574688c977845c266cd3c206f5ae1d041d6521a9332bb2399b023af884bc7f4dbbfcf5659e005ed38c246e23b439caef5d14735f2b34272b8d0f1831da1c699dc718630a1ae51dde07187ff1871c83b756af209d285a8dd39a7c81f8c76c42fcdc8d96332f54f975ae9683c7905e763324620e70b90fe95f4dbe48118fccdfda4721d91cd81ef04c40044c477ab813468b84169684035be4374360b7c7e88340e2a49aecf14cb8705e0da577cd86ed15aa96404c5c3af20add543de3bb4e2343cb2f297317fdca3e64c89d1725cae89f35e55e9d5154054896ccbef60b12fc91bff361a92c1f36c22859c5a5691fe107ea36189dacf1b274f3516c82528ad2450316fafbce37a425466d1588e4a9942098dbe94e5de08bb6b2d34000b468a92697ffb9579e651d751f3457a523f5287d6e5c3d88e0c3860c03ceed98b82e4099df91fcf04de74b85c4eb64210e1710a14a32e35177acfe6e6b3deb963f349782c1b9c40df184f2b9f17f1b87f32de563d98928511c6e627f4a0f1de7966c592263c3add7af8dabeb3b38cc63309d44799462c76026e03c37c0de5d45678d462bfa8baa2a7639fe2597370fad80582e6c812c40b974ea3066d5506ebab3200c968f55397180abbaed36b5a66606082e1fa42368568bcb4ffc2289b9ccb741d73fd6beeccdcb114481072602f2251244cf305d0f85fd4e0cfad68473a25478e440a7336681eed9fb2e3dcc036effd16931801498de9cbaf657e7e3d27102ee99f91dc7eb37db969a5c675117a14a961421b353f4980e4d4d8ae81c514fc85055a4aebda999f1834c0b3300281071ce2162ae3928973ea19a94a0be62613291cd67f7c2fc6ad5c3c35b323d44e1345c48a4f7e362f729b3ce9dcc3c67a044727b9160cefec6616b31ee93a822d221615ba636e712d90bd6b928ea537a968faa2b1b82077ce24544ce435040dfd461fb44accb1b18c275041d98a2192fc709d344fafa275f700e7e6fdf0d69180f09395321089dd5e2717a0b08ab8ec73632d5e265417d4030757c0780007ed12474ca8852b3fd5560d126f58bc477eddaeab8633773cb49f0c2a5ce6af87c0c4139319e8ee6e77fb2bce0e4d8726bbfbead13152460b997a0dc66e95b20850af83bfb8ddfee7c554c9bd0ef3129265722c43727c425250d20a7451f75e4bdb1ba5fa9683feab75b569bb4083f6caf928aab54133489a934f6cee2c6d0f1b637570ad6b26643d1015a4b518a863e823df949dd72d0a4a14af16c3738edc223e19b957cefd9ed9e57df89f76745bd8130daf0620b2b4833e750b0575c8e145e8478bd904b654e7558e48f43a329713bd70f18f97e06668f191a5777ce0f07bda122f4ef471e8412786bde70eda9de2b40be6b526bc6e4a66585702d55464167e1f7d3774f86d818ed6720a1b3d86e6db448b1caf682ee5e17dbaacf4c8cb2c4257e230914e463c484beeb031ca3bb6736cf6145d82de41069006e77ce2b8e28d1b5c6cb32c957c900136c1c631bd4da41b24a132b549ecb3a106de051f6572c288c351906681134aafa7eb43fe60a5850063343fa0f6341394a3096d245fb600e825c0495a3592277c1a1b54abec4d4374a45a4dfd02e2f18ecf0d5bde1d74623789f5e0f36349939593ea9c210fa1363a9ebeb218e9797384962c602aa45d591b2a921d4a96460db15f25aebfd3c86bfb70a7b0833384ad02eb852aee566b62d0b6b519e75f9c98642de16058a3b7f5df5956080a7ed72e8e9d7005f815200fd721fc708a2ae077f715c29563fa9bc0e7191fe82d18e54fb32bbeef514193e321633f667b1adf7109cdfb867eea5e29b3f4178040f0bb334932d4ae22a0cd3663ff8b466d0bbca02ea7a797079aa556f149bb93074469809859f73ac638ab60ec68cd275df51e43c0b37536c267e34f70334a8408a235b257da03d1f386206999947d1d2e0f6d2f3f62b256f54b1bb2ebb956128f65ce0c344389b106b33cfdc6335c374be4c737bb4bdd006d7183e78f7bfc722345b31c9e09e4e1fa6debbddc353542b0c45e2fdc40d6b056f49e8503d06bc566e42a9679a08c92bedb373edca9dbce14c1449951b8032d8dd6794bf76e8de32332734bae28a06f3c7ae1d1af362854a7e36355262d14e461d0292dbfde41af240e685583fc8a8a76a9e2e24bc01ed63d156d7498a765f18765fe04d5b0fb20cce40c71168049dc77fac4705902e98869811842f03041af4c0455d91d192648b5b87214f7317dfbfc1d19c4d328beb30188d240f2a27534c0ac14efeb0817355542d69bfe6da83e01efa93a32a1c498ca44ea81a0070bcd0daaf98c5fadf2fffc7016fe3526df940fd7d8360e576d82a70bf6cf43f609ba6f53585821686512803897693d9a51fd66e0330babe00c62f3368f63c3894de3419ff2ec201075d538e4d8f2d2e5adfb100cf486aac419c6faf80ca7b095f4387e0b1eabe236f6d8d0f7b3d2695f13e24b0239b1d4ed4f80466dc509df99c4c17fdeb11c706de9413e2056e8eb538d3e89be2a445751fc8c466b1b1ab5a8ab4a5e3f14de52f371a20ac1c270601ed15447f3c7cfba8bcae27f697d709ef8e0a17f2ef0a3cab00af30640b0a6df60363ac46c142cfa1a89b07395306929bac6e0f597de01def211ebcbe6d8856bb192c675549036522b6f934f35b4df69f9f3272860185c2f49210489867733b375b52e6edbe05d8cebf4600bb81045a5dcbee62fb42dc97fc9eb74c6118c8e293a30d0f31ab444c0ee8fc3079f7c581cb3d013644930a33ef564140529e9e63dc75b406a62098c809e2ea3e5a6141755843ca2462bbedf4001d7a92bc90540ea3947faecbb08e5de3f6d42bd972e6f1e47608153cee9c92cd15f73c5fa8a6313c47bbe2e6a9c8d52a5af99059d4f3328c203e43227442d15c3176270700195ba423b6925957df0872ec285644f5b1429644c5f2ac13fbe3d476eee14f2b52c983e681d1c61009fdaf204b1d76a96d6d4f345970aed9ad30b3ccaaebedcebb366b4453d8ad87929c1fcc94e00395a712dd0a3192b735866e74e4b3b785ba6cb5fb3d56a21edd0725e18d28a86a2c86763f5240132c3b4fe76b233a9197dcc087622d8ba04497900f23d7decfd99517e319e6ef17d07099f4cd824e506de3a7ac5c5f2d2020d846244028e2f59efab8aed489469ea63ee6939739d2a13fba4493d34194b7a1f62cd37ad847eb522984837f3f3b64e4413294d4451ee7b55006c096f44c66186d994a9393353a9545d4ded60a8bd5e2156bd9ec77be87edd902219d6bd13f127adeff22f8a125b7c17b22aaf7ab97443405f277e07927c1721c4733d469761647213ab8dc8b55bdafc94c65d00e7fbcd7e710cc33343d22e5281296232ce563532f22507c8101ad9f6a05b11fea37c9eb6cc1d329fd30fc3aaba8ffe24eb0df24212f2b131cba5f6cc44c34055559911919b22680cd8cb3648a8c89a2fe86e47f0af180063a73f49e7f6c23c03ce52e24a57f3032949d2d61ebc30c364e4450d3d5ccbbb6c731ababda474b9ed1b321b6ab3ab660717b5d0235fffa3770244cbc07b542ed4a9e323404a26fc1b4800a8e9e29723224b9041b0c18368c3e6d10288d418dd07598df7ad1d20da82a810922a178a0e4d387c933b9a1548a1121f68aed75bcc6a608f92f5e5a75679043faf07edf0c9d8b5db61bd02eb71aa67757d281f9e94c0c42aab87400bd4be9a664b2e9ee50a008dafe53e0f59411b2f51975ad116bc5d39e021627a442d4664f69a6347b63c6a39811c6eb1e2967a2339f98f3efbdfb803226bd7d31edc5e4fac4cb0805a619f46bd5a2264832b5d71b799b06b8e271ae342610d1d9c0e313ad6081afbece2ae22832afc4daa07798da6cc0c0b54bc522a832d474b8cd3dd90579e7424aa17f7e4cfc0851d5749230e08038dc8cb7df18eba7e38875424a5a9c6f9ca362e88d8ed26af2bb66dfeb61f9179a8db20150f1fe4e1bfe260f15940eedaa2d5ac3cc20d37c87173e312ac85b594f46f1a183da728271d28e3a9b18c750ed1e74bf9f77d5b34dc321ac0a1f323a17d3f9b74488dd874aaf5f6df28f9ab88a77663f0833c192a1890af509a202140e0d7d8185daae20c332b6f02fe7a51a854f99891a4db1770447b510141378ca4895577404ec6b599ce99615d50ef677959b6bd0272341b44304b106574bfb41e5f5c0e2216fb20b9efe8c28312583e360abd2ec26aec1295e3377fcedd876f08fb3f02b4f3c9fc79cb575ea8abf62c5d982a3ef39062ed2de7d74ab1beea829ab066d6dbe29cda9c05495dac9fbd20999eb031d856bdc402270121840c14f1b6a9e337912f17360da6eef371cd0801dbd19cdf495ee2f6039defa6c4d69f4e2b366e9118b0dcc8f56ce62dd02edfa11f48a0d52230f3784c871dcc5aacf658368926161fa2daa19c7e022f3509a19b0c831462bdc0d8ce88362d5db9c6f9fb345cbf536b491033c748396a32f8abb24b586ae52550da3d1da7487310141de2ff7fb0c503f2336d0c55ebd1ca0680e793917a1e50f62a27739bba0b0bc4c56c9099f74b7dc79ce0a2843c1fce00da0be2bd44660eb0c6e05fc94829deb364f09907217a8bfb4a0e740f2764c533d322d250b17c6dee"}) recvmsg$unix(0xffffffffffffffff, &(0x7f0000002100)={0x0, 0x0, &(0x7f0000002080)=[{&(0x7f0000001c40)=""/148, 0x94}, {&(0x7f0000001d00)=""/247, 0xf7}, {&(0x7f0000001e00)=""/197, 0xc5}, {&(0x7f0000001f00)=""/179, 0xb3}, {&(0x7f0000001fc0)=""/106, 0x6a}, {&(0x7f0000002040)=""/27, 0x1b}], 0x6}, 0x40000123) r5 = dup3(0xffffffffffffffff, r3, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000002140)={{0x1, 0x1, 0x18, r1, {0x1}}, './file0\x00'}) r7 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000002180)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r5, 0x6, &(0x7f0000002200)={0xdd1a, 0x0, &(0x7f00000021c0)=[r0, r6, r7, r0]}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r5, 0xc400941d, &(0x7f0000002240)={0x0, 0xffffffff80000001, 0xffffffff, 0x1}) fstat(r2, &(0x7f0000002640)) 01:50:05 executing program 3: capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x8, 0x80000001, 0x4, 0x5, 0x4, 0x8001}) capset(&(0x7f0000000080)={0x19971634, 0xffffffffffffffff}, &(0x7f00000000c0)={0x80000000, 0x388c, 0x0, 0x3, 0x200, 0x7ff}) capset(&(0x7f0000000100)={0x20080522, 0xffffffffffffffff}, &(0x7f0000000140)={0x0, 0x0, 0xfffffff8, 0xfffffffd, 0x6, 0x2}) capset(&(0x7f0000000180)={0x20071026, 0xffffffffffffffff}, &(0x7f00000001c0)={0x80000001, 0x5, 0x6, 0x800, 0x2, 0x7bd}) capset(&(0x7f0000000200)={0x20071026, 0xffffffffffffffff}, &(0x7f0000000240)={0x5, 0x1, 0xb8, 0x401, 0x7, 0x6}) capset(&(0x7f0000000280)={0x19980330, 0xffffffffffffffff}, &(0x7f00000002c0)={0x1, 0x0, 0x4f81, 0x2, 0x5}) capget(&(0x7f0000000300)={0x20071026}, &(0x7f0000000340)={0x400, 0x1, 0x4, 0x6e6b, 0xafc, 0x200}) capset(&(0x7f0000000380)={0x20071026, 0xffffffffffffffff}, &(0x7f00000003c0)={0xca0d, 0x9, 0x4, 0x8000, 0x6, 0x1}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000400)={0x0, 0x0}) capset(&(0x7f0000000480)={0x20071026, r0}, &(0x7f00000004c0)={0x3ff, 0x9, 0x1, 0x793, 0x9, 0x9}) r1 = syz_mount_image$nfs4(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x3ff, 0x6, &(0x7f00000008c0)=[{&(0x7f0000000580)="e8b4fec8bc20f5e6bc98c9ca15c0cb176c5d2894a3da0d6ccd3760afc9a1975309880f13334512653f5a", 0x2a, 0x1}, {&(0x7f00000005c0)="052be19a869f0e872d2d94866e27e51cd0fa8a41e42a0c2f26ce4b6ed45edd233efcb5fd995986949b6622700f78a1bcf743933feaf96263efda5f3e6525473d4653eea4c8f942309460d23a411e2e9b2c9afa79815d157a65a8f379266a813635f6332248c51a", 0x67, 0x8}, {&(0x7f0000000640)="ac170d4a63974222aed06c61dbf630ee10ab4aadda60bfc341d38cff7d28e72395b338e0d145801c592d569240882bed1b877daa28d0d270d488690f7e455e28d91d3a8a5683ec24638f55cc9bb4780453974d4fa0bb35dd91f4b9aeafaf04efef6e54ac9b4802", 0x67, 0x80}, {&(0x7f00000006c0)="57d67d694223c87737d8c0e738023e400321a78094b422eb4fa370479665a5af86b48c9e2b91902307e71e4073fca4a44054ef786425e0dac128345d10aaec8945c7576afc2c12b26240040341bba9b49a22e5b0468d48e50bda526a7fc16b934bdbca88f61e47ced5dcd3615defdf835622882820ed9b0fcbcf02dce5a17f9a6927f12a656da4ea24e6e40969088f394ae147bb3914bec5cc66948bdf054dce1d6725702329df8036b53d46a77c22166379e85a6baa5298a83583e5fa90831bdd9f52333948ff455c17e12a32065839367bf9d6b30bbf8598debb2d74a69573", 0xe0, 0x8}, {&(0x7f00000007c0)="98d8a60fd8a0702435aa58960cefa792c01a1762cc2cc227c453a28ce192097f28212a7b661847be2196c5080cd522ab32c5ac2d2f64d4dda610aa2531ee720d4b6d5ae91ccabaf86250cb9fc37f8c7305aa05339f95f929a3e414149b15731834f6909388951771fac61f261d21f86ffa0ace190187c120f74b", 0x7a, 0x1}, {&(0x7f0000000840)="3b01342159be9cd3ebdebb3c31ac0e30a9f64ee8c8b7eb5b4d6ac2a78da996f8fc976253c965b63a227c6c4997b0194ab530773e676d5d88ddfdb8d36e445a67cdb6", 0x42, 0x9}], 0x182000, &(0x7f0000000980)={[{'}['}, {}], [{@subj_user={'subj_user', 0x3d, '[^-.:'}}, {@uid_lt={'uid<', 0xee01}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}]}) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f0000000a00)="0634a6cb0d428b8a501f4bbea3818be7fab39c40c6b11b6ee384b855cf317a1ec0974049f0c17560a424e80cfeeb36d5ba62b3a75334ce3bcbbe95da7caaab144143f28c573df21830672d115552026318090e62211d5145b1f186d4a110802db459b4378e84677e507f5d164ce4fec8100e093f68edeeef630943ef9558d12fe243d157428ae2c777df2d750be958228ad167dad1e0732972166f4c5f39942c701df3f38d080bdad4b28fa2814ed1ca550d414edd0e2d0da51ea87efcf9f11e4ef6eb21f201904238248a01b8791fadd24d786782c9c9549da1d7f8dbf81fb788ec8c6490f98cdbd2eec59a436e64cc197af89fd518d9a9349fba50a5cafba4") ioctl$BTRFS_IOC_INO_PATHS(r1, 0xc0389423, &(0x7f0000000b40)={0x3, 0x18, [0x9, 0x8, 0x5, 0xfffffffffffffffc], &(0x7f0000000b00)=[0x0, 0x0, 0x0]}) r2 = getpgrp(r0) capget(&(0x7f0000000b80)={0x19980330, r2}, &(0x7f0000000bc0)={0x7, 0xfff, 0x9, 0x9, 0x2, 0xffff}) capset(&(0x7f0000000c00)={0x19980330, r0}, &(0x7f0000000c40)={0xffffff4e, 0x1ff, 0x8e4, 0x8001, 0x80, 0x6}) capset(&(0x7f0000000c80)={0x20071026, r0}, &(0x7f0000000cc0)={0x6, 0x3, 0x8, 0x9, 0x877b}) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r1) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r1, 0x40089413, &(0x7f0000000d00)=0x4) capset(&(0x7f0000000d40)={0x19980330}, &(0x7f0000000d80)={0xff, 0xea1a018d, 0x2, 0x400, 0x8, 0x8}) 01:50:05 executing program 5: fchown(0xffffffffffffffff, 0x0, 0xee00) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f0000000040)=@add_del={0x2, &(0x7f0000000000)='batadv_slave_0\x00'}) r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000080)={'tunl0\x00'}) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) getsockopt$packet_buf(r1, 0x107, 0x2, &(0x7f0000000100)=""/10, &(0x7f0000000140)=0xa) r3 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xc0100, 0x192) bind$inet6(r3, &(0x7f00000001c0)={0xa, 0x4e22, 0x8, @remote, 0x20}, 0x1c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) copy_file_range(r5, &(0x7f0000000240)=0x5b, r1, 0x0, 0x81, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000002c0)={0x2, &(0x7f0000000280)=[{0x7f, 0x8, 0xf9, 0x6}, {0x2, 0x1, 0x3, 0x6}]}) ioctl$FAT_IOCTL_GET_VOLUME_ID(r6, 0x80047213, &(0x7f0000000300)) getpeername(r5, &(0x7f0000000340)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, &(0x7f00000003c0)=0x80) setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f0000000400)={0x0, 0x1, 0x6, @multicast}, 0x10) ioctl$BTRFS_IOC_BALANCE_CTL(r4, 0x40049421, 0x1) getsockopt$inet6_mreq(r2, 0x29, 0x12, &(0x7f0000000440)={@mcast2}, &(0x7f0000000480)=0x14) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000004c0), 0x103003, 0x0) ioctl$FS_IOC_FIEMAP(r8, 0xc020660b, &(0x7f0000000500)={0x5, 0x4, 0x2, 0xdcdb, 0x4, [{0x4, 0x3ff, 0x8, '\x00', 0x270a}, {0x7f, 0xb11, 0xffffffffffff2051, '\x00', 0x106}, {0x3, 0x7fffffff, 0x8000, '\x00', 0x2400}, {0x8, 0x7, 0x3, '\x00', 0x582}]}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r6, 0xc0c89425, &(0x7f0000000600)={"b0f402f94c0552c8c7fa069106431c84", 0x0, 0x0, {0xda2, 0x9}, {0x4, 0x2}, 0x0, [0x4, 0x2, 0xac08, 0x1c, 0xf4, 0x2, 0x7fff, 0xfffffffffffffff8, 0x8, 0x7, 0x9, 0x5, 0x0, 0x0, 0x17, 0x2]}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r5, 0x5000943f, &(0x7f0000000780)={{r1}, r9, 0x10, @inherit={0x78, &(0x7f0000000700)={0x1, 0x6, 0x3, 0x8001, {0x0, 0x100, 0x1, 0x3, 0x8}, [0x0, 0x1200000000, 0x9, 0x5b, 0x0, 0xffff]}}, @devid}) 01:50:05 executing program 4: recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x2000, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x81, 0x9, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x18}, 0x700, 0x700, 0x6, 0x10001}}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'syztnl1\x00', r0, 0x29, 0x3, 0x0, 0x0, 0x38, @mcast1, @loopback, 0x80, 0x8000, 0x9, 0x7}}) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x5, &(0x7f0000000280)=[{0x100, 0x6, 0x6, 0x4}, {0x7f, 0x1, 0xe9, 0x6}, {0x1, 0x40, 0xc0, 0x6}, {0x2c, 0x80, 0x6, 0x7ff}, {0x0, 0x4, 0x80, 0x3}]}, 0x10) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000300), 0x24501, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001480)={'team0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000340)="d0f203efe96d0521164e0c79b2c326ee5036db3dee011c8c14d76d316ae9b96648e12c75232ad76355f13b2d1c47f1e5ac9d4064135a2c65f40a453e7beb54273d5076636bdefed3ebaaab9cbea623f6c4ca2e20c2883db15a472d75d1123a8680caec86691f444dd35ed5f5057e3333436f46f2d4a8105b98c956cae24661f2a1e01678cd6ab119abbc3c9b0c3be8a0e52aa123001185b8923ae19df507d8fa70451744555bf044b09146a9a12fbad7dba5ea12062cb4e423b57dec6893173b673ece9dbc500b28d5af7030a6f87d4f4385c0de1272a520b4ed767cf8225217f850ce3cf822f01afab8", 0xea, 0x4000000, &(0x7f00000014c0)={0x11, 0x17, r3, 0x1, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r2, 0x89f7, &(0x7f00000015c0)={'syztnl2\x00', &(0x7f0000001540)={'syztnl1\x00', r1, 0x0, 0x7, 0x7f, 0x5, 0x58, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x20, 0x5, 0x1000}}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f00000016c0)={&(0x7f0000001500)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001680)={&(0x7f0000001600)={0x74, 0x0, 0xeb80232b328c8989, 0x70bd27, 0x25dfdbfd, {}, [@HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001700), 0x8c80, 0x0) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r5, &(0x7f0000001800)={&(0x7f0000001740)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000017c0)={&(0x7f0000001780)={0x34, 0x0, 0x0, 0x70bd26, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x6ef, 0x12}}}}, [@NL80211_ATTR_IE={0x12, 0x2a, [@ibss={0x6, 0x2, 0xd2}, @ibss={0x6, 0x2, 0x4}, @chsw_timing={0x68, 0x4, {0x3, 0x5}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000800}, 0x8001) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000001840)={{0x1, 0x1, 0x18, r5, {0xee00}}, './file0\x00'}) fadvise64(r6, 0x4, 0x400, 0x3) getsockopt$packet_int(r6, 0x107, 0x11, &(0x7f0000001880), &(0x7f00000018c0)=0x4) r7 = open_tree(r5, &(0x7f0000001900)='./file0\x00', 0x1801) sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000001a80)={&(0x7f0000001940)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001a40)={&(0x7f0000001980)={0x9c, 0x0, 0x10, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x10000, 0xd}}}}, [@NL80211_ATTR_STA_FLAGS={0x20, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_TDLS_PEER={0x4}, @NL80211_STA_FLAG_SHORT_PREAMBLE={0x4}, @NL80211_STA_FLAG_AUTHENTICATED={0x4}, @NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_TDLS_PEER={0x4}, @NL80211_STA_FLAG_AUTHORIZED={0x4}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x7b1}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x1}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x3}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x17, 0x13, [{0x3}, {0x4}, {0x48, 0x1}, {0x9}, {0x6c}, {0x18}, {0x60, 0x1}, {0x16, 0x1}, {0x5c}, {0xc}, {0x6, 0x1}, {0x3}, {0x24, 0x1}, {0x52, 0x1}, {0x18, 0x1}, {0x6, 0x1}, {0x48, 0x1}, {0x18}, {0x30}]}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x3}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x9}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x6c7}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40080}, 0x800) r8 = dup(r5) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001b00), r2) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r8, &(0x7f0000001c00)={&(0x7f0000001ac0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001bc0)={&(0x7f0000001b40)={0x64, r9, 0x100, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x1}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0xf51}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0xe8a}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0xf7f}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x350}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x3e6}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x4c8}, @NL80211_ATTR_CRIT_PROT_ID={0x6}, @NL80211_ATTR_CRIT_PROT_ID={0x6}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x3}]}, 0x64}, 0x1, 0x0, 0x0, 0x24004000}, 0x800) sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000001d80)={&(0x7f0000001c40)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001d40)={&(0x7f0000001cc0)={0x4c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DURATION={0x5, 0x15, 0x1}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x49}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x6}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x20}, @IEEE802154_ATTR_DURATION={0x5}, @IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x3f}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x8}]}, 0x4c}}, 0x44000) [ 93.816140] audit: type=1400 audit(1737337805.051:7): avc: denied { execmem } for pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 01:50:05 executing program 6: r0 = syz_open_pts(0xffffffffffffffff, 0x10002) ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0) ioctl$TCFLSH(r0, 0x540b, 0x1) lseek(r0, 0x5, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x5) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f0000000000)={0x0, 0xff}) ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f0000001000)=0x8905) preadv(r0, &(0x7f0000001440)=[{&(0x7f0000001040)=""/229, 0xe5}, {&(0x7f0000001140)=""/111, 0x6f}, {&(0x7f00000011c0)=""/193, 0xc1}, {&(0x7f00000012c0)=""/86, 0x56}, {&(0x7f0000001340)=""/201, 0xc9}], 0x5, 0x3, 0x55020b8e) ioctl$FIONREAD(r0, 0x541b, &(0x7f00000014c0)) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000001500)={0x8, 0x4000, 0x2f8, 0xe80e, 0x16, "75c3eb90e52bbc0b"}) ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000001540)={0x2, 0xffff, 0x5, 0x8}) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000001580)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) ioctl$KDFONTOP_COPY(r1, 0x4b72, &(0x7f00000019c0)={0x3, 0x1, 0x7, 0x16, 0x7b, &(0x7f00000015c0)}) ioctl$TIOCEXCL(r1, 0x540c) clock_gettime(0x0, &(0x7f0000001a00)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000001a40)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000001a80)={0x0, 0x0}) write$evdev(r1, &(0x7f0000001ac0)=[{{r2, r3/1000+60000}, 0x6, 0x20, 0x2}, {{r4, r5/1000+60000}, 0x0, 0x5, 0x3}, {{r6, r7/1000+10000}, 0x3, 0xfff9, 0x3a06}, {{0x0, 0xea60}, 0x16, 0x5, 0xfffffff8}, {{0x77359400}, 0x0, 0x7, 0xfffffffd}, {{0x77359400}, 0x11, 0x800, 0x1ff}, {{0x77359400}, 0x12, 0x7, 0x7}], 0xa8) getsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f0000001b80), &(0x7f0000001bc0)=0x4) 01:50:05 executing program 7: keyctl$revoke(0x3, 0x0) r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9) r1 = request_key(&(0x7f0000000000)='trusted\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='#\x00', r0) keyctl$assume_authority(0x10, r0) add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r0) r2 = add_key(&(0x7f00000001c0)='ceph\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="cf07d8f748cd6a470d768301714bcc3912a6b41440799859f1634fc3531dbbd450c2a4b2a68b52126f3be7206af724e9839f5ef1c139756abae08a1145e8f3c1f20907dbd0a56ec23be482a31cd9", 0x4e, r1) keyctl$KEYCTL_MOVE(0x1e, 0x0, r1, r1, 0x0) r3 = add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000340)={0x0, "9f26eb1c7928d893daaef7fb741cdafa964bae9a73651d3fea2d4d433e9b5bcc7d6214b56ffffe293c72c2d92887a1420a63d000fc4727ee57e22b55fcef6d9d", 0x27}, 0x48, 0xfffffffffffffffc) r4 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, 0x0, 0x0, r1) keyctl$search(0xa, r0, &(0x7f00000003c0)='.dead\x00', &(0x7f0000000400)={'syz', 0x1}, r4) r5 = add_key$keyring(&(0x7f00000004c0), &(0x7f0000000500)={'syz', 0x1}, 0x0, 0x0, r4) keyctl$KEYCTL_MOVE(0x1e, r0, r2, r4, 0x0) r6 = add_key$fscrypt_provisioning(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x2}, &(0x7f00000005c0)={0x0, 0x0, @a}, 0x48, r1) keyctl$search(0xa, r6, &(0x7f0000000640)='encrypted\x00', &(0x7f0000000680)={'syz', 0x3}, r3) add_key$fscrypt_v1(&(0x7f00000006c0), &(0x7f0000000700)={'fscrypt:', @desc4}, &(0x7f0000000740)={0x0, "c19dfe4394e985156a466a27609dd2a3e6aecdfcfcb4ab591dff6c6f59e8895967d8370e4077aec2230d4f40d41e79383ebfb6d075c4561a535fa026adaaf96b", 0x13}, 0x48, 0x0) add_key$keyring(&(0x7f00000007c0), &(0x7f0000000800)={'syz', 0x2}, 0x0, 0x0, r2) r7 = add_key$keyring(&(0x7f0000000840), &(0x7f0000000880)={'syz', 0x0}, 0x0, 0x0, r5) keyctl$set_timeout(0xf, r7, 0x81) r8 = request_key(&(0x7f00000008c0)='trusted\x00', &(0x7f0000000900)={'syz', 0x0}, &(0x7f0000000940)='@\'{$\x00', 0xfffffffffffffffc) keyctl$restrict_keyring(0x1d, r8, &(0x7f0000000980)='logon\x00', &(0x7f00000009c0)='85baa174f0cb1142') [ 95.187045] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 95.191352] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 95.192748] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 95.197295] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 95.200337] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 95.202294] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 95.265347] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 95.272885] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 95.278493] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 95.282031] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 95.282378] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 95.284295] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 95.287301] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.289722] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 95.292776] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 95.294554] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 95.296871] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 95.303256] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.327488] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 95.335451] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 95.336869] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 95.338768] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 95.339231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 95.341629] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 95.352020] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 95.356851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 95.358036] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 95.358172] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 95.360262] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 95.364891] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 95.364904] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.377471] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 95.379020] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.390095] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 95.400787] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 95.402909] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 95.409934] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 95.425265] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 95.427068] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 95.432971] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 95.436054] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 95.437182] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 95.442733] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 95.446095] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 95.448238] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 95.448938] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 95.450901] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 95.458794] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 97.284202] Bluetooth: hci0: command tx timeout [ 97.347642] Bluetooth: hci2: command tx timeout [ 97.347681] Bluetooth: hci1: command tx timeout [ 97.411749] Bluetooth: hci3: command tx timeout [ 97.411983] Bluetooth: hci4: command tx timeout [ 97.475630] Bluetooth: hci5: command tx timeout [ 97.539652] Bluetooth: hci7: command tx timeout [ 97.539683] Bluetooth: hci6: command tx timeout [ 99.331731] Bluetooth: hci0: command tx timeout [ 99.395740] Bluetooth: hci2: command tx timeout [ 99.396719] Bluetooth: hci1: command tx timeout [ 99.459727] Bluetooth: hci4: command tx timeout [ 99.459807] Bluetooth: hci3: command tx timeout [ 99.524917] Bluetooth: hci5: command tx timeout [ 99.588625] Bluetooth: hci6: command tx timeout [ 99.589464] Bluetooth: hci7: command tx timeout [ 101.379833] Bluetooth: hci0: command tx timeout [ 101.444995] Bluetooth: hci1: command tx timeout [ 101.446020] Bluetooth: hci2: command tx timeout [ 101.507831] Bluetooth: hci3: command tx timeout [ 101.508157] Bluetooth: hci4: command tx timeout [ 101.571607] Bluetooth: hci5: command tx timeout [ 101.636192] Bluetooth: hci7: command tx timeout [ 101.636227] Bluetooth: hci6: command tx timeout [ 103.429743] Bluetooth: hci0: command tx timeout [ 103.493579] Bluetooth: hci2: command tx timeout [ 103.493681] Bluetooth: hci1: command tx timeout [ 103.555623] Bluetooth: hci3: command tx timeout [ 103.555651] Bluetooth: hci4: command tx timeout [ 103.619655] Bluetooth: hci5: command tx timeout [ 103.683798] Bluetooth: hci6: command tx timeout [ 103.684204] Bluetooth: hci7: command tx timeout [ 155.373855] syz-executor.6 (284) used greatest stack depth: 23856 bytes left [ 158.035628] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 158.041891] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 158.043062] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 158.046144] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 158.050885] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 158.053751] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 158.060699] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 158.064431] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 158.064965] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 158.066393] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 158.071929] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 158.074822] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 158.078182] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 158.078359] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 158.080045] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 158.083769] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 158.096898] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 158.097265] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 158.183198] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 158.194885] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 158.228830] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 158.238763] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 158.250892] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 158.259997] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 158.319570] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 158.343780] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 158.369948] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 158.401577] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 158.450364] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 158.463197] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 158.503447] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 158.542779] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 158.565637] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 158.573079] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 158.581841] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 158.612417] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 158.625315] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 158.638825] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 158.646194] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 158.651099] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 158.658895] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 158.661949] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 158.662144] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 158.664831] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 158.666705] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 158.714712] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 158.731694] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 158.742223] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 160.132603] Bluetooth: hci1: command tx timeout [ 160.196614] Bluetooth: hci2: command tx timeout [ 160.196792] Bluetooth: hci0: command tx timeout [ 160.393146] Bluetooth: hci3: command tx timeout [ 160.707843] Bluetooth: hci4: command tx timeout [ 160.772620] Bluetooth: hci5: command tx timeout [ 160.836749] Bluetooth: hci7: command tx timeout [ 160.837177] Bluetooth: hci6: command tx timeout [ 162.179682] Bluetooth: hci1: command tx timeout [ 162.244602] Bluetooth: hci0: command tx timeout [ 162.244709] Bluetooth: hci2: command tx timeout [ 162.436700] Bluetooth: hci3: command tx timeout [ 162.755570] Bluetooth: hci4: command tx timeout [ 162.820650] Bluetooth: hci5: command tx timeout [ 162.884602] Bluetooth: hci7: command tx timeout [ 162.884683] Bluetooth: hci6: command tx timeout [ 164.228592] Bluetooth: hci1: command tx timeout [ 164.292688] Bluetooth: hci0: command tx timeout [ 164.292905] Bluetooth: hci2: command tx timeout [ 164.483642] Bluetooth: hci3: command tx timeout [ 164.804853] Bluetooth: hci4: command tx timeout [ 164.869406] Bluetooth: hci5: command tx timeout [ 164.932627] Bluetooth: hci6: command tx timeout [ 164.932710] Bluetooth: hci7: command tx timeout [ 166.275901] Bluetooth: hci1: command tx timeout [ 166.341095] Bluetooth: hci0: command tx timeout [ 166.341291] Bluetooth: hci2: command tx timeout [ 166.531658] Bluetooth: hci3: command tx timeout [ 166.851770] Bluetooth: hci4: command tx timeout [ 166.915612] Bluetooth: hci5: command tx timeout [ 166.979722] Bluetooth: hci7: command tx timeout [ 166.979880] Bluetooth: hci6: command tx timeout [ 220.631611] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 220.633426] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 220.634683] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 220.638635] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 220.643387] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 220.645323] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 220.648189] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 220.649871] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 220.650887] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 220.675204] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 220.684871] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 220.687575] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 220.695126] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 220.699054] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 220.700370] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 220.719635] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 220.721267] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 220.722244] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 220.792875] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 220.835074] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 220.838159] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 220.839850] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 220.843335] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 220.845867] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 220.849042] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 220.856436] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 220.857601] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 220.859788] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 220.860706] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 220.861037] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 220.865789] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 220.867713] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 220.868842] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 220.884904] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 220.885413] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 220.891624] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 220.891899] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 220.895866] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 220.901480] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 220.903235] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 220.905822] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 220.906087] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 220.908709] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 220.908746] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 220.910627] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 220.910809] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 220.919144] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 220.940620] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 222.724675] Bluetooth: hci0: command tx timeout [ 222.725021] Bluetooth: hci1: command tx timeout [ 222.788579] Bluetooth: hci2: command tx timeout [ 222.915615] Bluetooth: hci5: command tx timeout [ 222.980624] Bluetooth: hci6: command tx timeout [ 222.981032] Bluetooth: hci4: command tx timeout [ 222.981150] Bluetooth: hci3: command tx timeout [ 223.043584] Bluetooth: hci7: command tx timeout [ 224.771707] Bluetooth: hci0: command tx timeout [ 224.771879] Bluetooth: hci1: command tx timeout [ 224.837589] Bluetooth: hci2: command tx timeout [ 224.963700] Bluetooth: hci5: command tx timeout [ 225.027758] Bluetooth: hci3: command tx timeout [ 225.027937] Bluetooth: hci4: command tx timeout [ 225.028039] Bluetooth: hci6: command tx timeout [ 225.091655] Bluetooth: hci7: command tx timeout [ 226.819618] Bluetooth: hci1: command tx timeout [ 226.819738] Bluetooth: hci0: command tx timeout [ 226.884641] Bluetooth: hci2: command tx timeout [ 227.011643] Bluetooth: hci5: command tx timeout [ 227.077264] Bluetooth: hci6: command tx timeout [ 227.077385] Bluetooth: hci4: command tx timeout [ 227.078092] Bluetooth: hci3: command tx timeout [ 227.140681] Bluetooth: hci7: command tx timeout [ 228.867696] Bluetooth: hci0: command tx timeout [ 228.868387] Bluetooth: hci1: command tx timeout [ 228.931640] Bluetooth: hci2: command tx timeout [ 229.061096] Bluetooth: hci5: command tx timeout [ 229.123749] Bluetooth: hci3: command tx timeout [ 229.123995] Bluetooth: hci4: command tx timeout [ 229.124049] Bluetooth: hci6: command tx timeout [ 229.188571] Bluetooth: hci7: command tx timeout [ 280.729358] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 282.447417] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 282.456912] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 282.461255] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 282.476376] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 282.486752] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 282.490111] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 282.530791] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 282.537089] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 282.547117] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 282.555602] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 282.567775] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 282.569452] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 282.599865] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 282.604152] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 282.614127] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 282.644020] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 282.649053] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 282.658331] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 282.663233] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 282.690819] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 282.699127] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 282.732316] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 282.737376] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 282.743965] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 282.746208] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 282.749056] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 282.756139] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 282.759260] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 282.764344] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 282.767093] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 282.780161] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 282.794330] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 282.794763] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 282.802099] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 282.803146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 282.806451] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 282.841703] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 282.859737] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 282.884917] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 282.897400] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 282.928386] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 282.940193] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 282.942911] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 282.944084] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 282.946462] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 282.964050] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 282.970029] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 283.001079] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 284.548583] Bluetooth: hci0: command tx timeout [ 284.613536] Bluetooth: hci1: command tx timeout [ 284.739566] Bluetooth: hci2: command tx timeout [ 284.867940] Bluetooth: hci3: command tx timeout [ 284.996274] Bluetooth: hci5: command tx timeout [ 285.059639] Bluetooth: hci6: command tx timeout [ 285.188534] Bluetooth: hci4: command tx timeout [ 285.829417] Bluetooth: hci7: command tx timeout [ 286.595721] Bluetooth: hci0: command tx timeout [ 286.659567] Bluetooth: hci1: command tx timeout [ 286.787574] Bluetooth: hci2: command tx timeout [ 286.915550] Bluetooth: hci3: command tx timeout [ 287.043573] Bluetooth: hci5: command tx timeout [ 287.109539] Bluetooth: hci6: command tx timeout [ 287.235566] Bluetooth: hci4: command tx timeout [ 287.875603] Bluetooth: hci7: command tx timeout [ 288.643674] Bluetooth: hci0: command tx timeout [ 288.707591] Bluetooth: hci1: command tx timeout [ 288.836546] Bluetooth: hci2: command tx timeout [ 288.965524] Bluetooth: hci3: command tx timeout [ 289.092615] Bluetooth: hci5: command tx timeout [ 289.155545] Bluetooth: hci6: command tx timeout [ 289.283563] Bluetooth: hci4: command tx timeout [ 289.923570] Bluetooth: hci7: command tx timeout [ 290.691612] Bluetooth: hci0: command tx timeout [ 290.755593] Bluetooth: hci1: command tx timeout [ 290.884583] Bluetooth: hci2: command tx timeout [ 291.011564] Bluetooth: hci3: command tx timeout [ 291.140576] Bluetooth: hci5: command tx timeout [ 291.203726] Bluetooth: hci6: command tx timeout [ 291.331823] Bluetooth: hci4: command tx timeout [ 291.971584] Bluetooth: hci7: command tx timeout [ 342.526950] [ 342.527423] ====================================================== [ 342.528695] WARNING: possible circular locking dependency detected [ 342.529962] 6.13.0-rc7-next-20250117 #1 Not tainted [ 342.531022] ------------------------------------------------------ [ 342.532283] kworker/u8:1/66 is trying to acquire lock: [ 342.533365] ffffffff8621b968 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 342.535844] [ 342.535844] but task is already holding lock: [ 342.540151] ffff88803a970768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 342.542346] [ 342.542346] which lock already depends on the new lock. [ 342.542346] [ 342.544015] [ 342.544015] the existing dependency chain (in reverse order) is: [ 342.545588] [ 342.545588] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 342.547075] __mutex_lock+0x13d/0xb50 [ 342.548113] wiphy_register+0x1b2e/0x25d0 [ 342.549222] ieee80211_register_hw+0x23a4/0x3d60 [ 342.550440] mac80211_hwsim_new_radio+0x2759/0x4d50 [ 342.551703] init_mac80211_hwsim+0x389/0x870 [ 342.552868] do_one_initcall+0xf9/0x640 [ 342.553934] kernel_init_freeable+0x53d/0x7a0 [ 342.555122] kernel_init+0x1e/0x2d0 [ 342.556067] ret_from_fork+0x48/0x80 [ 342.557027] ret_from_fork_asm+0x1a/0x30 [ 342.558132] [ 342.558132] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 342.559516] __lock_acquire+0x29fd/0x4580 [ 342.560602] lock_acquire+0x19b/0x520 [ 342.561600] __mutex_lock+0x13d/0xb50 [ 342.562613] unregister_netdevice_many_notify+0x1612/0x1c80 [ 342.578501] unregister_netdevice_queue+0x224/0x2e0 [ 342.579731] _cfg80211_unregister_wdev+0x57b/0x700 [ 342.580945] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 342.582243] ieee80211_unregister_hw+0x55/0x3a0 [ 342.583433] hwsim_exit_net+0x3a0/0x730 [ 342.584499] ops_exit_list+0xb3/0x180 [ 342.585504] cleanup_net+0x546/0xad0 [ 342.586524] process_one_work+0x8ee/0x1a10 [ 342.587625] worker_thread+0x674/0xe70 [ 342.588688] kthread+0x3ab/0x720 [ 342.589620] ret_from_fork+0x48/0x80 [ 342.590586] ret_from_fork_asm+0x1a/0x30 [ 342.591665] [ 342.591665] other info that might help us debug this: [ 342.591665] [ 342.593309] Possible unsafe locking scenario: [ 342.593309] [ 342.594581] CPU0 CPU1 [ 342.595578] ---- ---- [ 342.596565] lock(&rdev->wiphy.mtx); [ 342.597463] lock(rtnl_mutex); [ 342.598769] lock(&rdev->wiphy.mtx); [ 342.600152] lock(rtnl_mutex); [ 342.600955] [ 342.600955] *** DEADLOCK *** [ 342.600955] [ 342.602218] 4 locks held by kworker/u8:1/66: [ 342.603176] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 342.605578] #1: ffff88800c36fd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 342.607800] #2: ffffffff8620f810 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 342.609835] #3: ffff88803a970768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 342.612175] [ 342.612175] stack backtrace: [ 342.613146] CPU: 1 UID: 0 PID: 66 Comm: kworker/u8:1 Not tainted 6.13.0-rc7-next-20250117 #1 [ 342.614958] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 342.616688] Workqueue: netns cleanup_net [ 342.617658] Call Trace: [ 342.618269] [ 342.618795] dump_stack_lvl+0xca/0x120 [ 342.619756] print_circular_bug+0x47b/0x750 [ 342.620784] check_noncircular+0x2e9/0x3c0 [ 342.621755] ? lock_repin_lock+0x207/0x320 [ 342.622753] ? __pfx_check_noncircular+0x10/0x10 [ 342.623787] ? hlock_class+0x4e/0x130 [ 342.624620] ? mark_lock+0xac/0xed0 [ 342.625449] ? __pfx_lock_repin_lock+0x10/0x10 [ 342.626525] ? timerqueue_del+0x83/0x150 [ 342.627428] ? lockdep_lock+0xba/0x1b0 [ 342.628345] ? __pfx_lockdep_lock+0x10/0x10 [ 342.629353] __lock_acquire+0x29fd/0x4580 [ 342.630317] ? __pfx___lock_acquire+0x10/0x10 [ 342.631376] ? lock_release+0x20f/0x6f0 [ 342.632333] ? __pfx_lock_release+0x10/0x10 [ 342.633369] lock_acquire+0x19b/0x520 [ 342.634307] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 342.635673] ? __pfx_lock_acquire+0x10/0x10 [ 342.636671] ? srso_return_thunk+0x5/0x5f [ 342.637624] ? lock_release+0x20f/0x6f0 [ 342.638533] ? srso_return_thunk+0x5/0x5f [ 342.639501] ? lock_is_held_type+0x9e/0x120 [ 342.640488] ? srso_return_thunk+0x5/0x5f [ 342.641461] __mutex_lock+0x13d/0xb50 [ 342.642379] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 342.643645] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 342.644954] ? srso_return_thunk+0x5/0x5f [ 342.645915] ? synchronize_rcu_expedited+0x38a/0x420 [ 342.647033] ? __pfx___mutex_lock+0x10/0x10 [ 342.648009] ? __pfx_autoremove_wake_function+0x10/0x10 [ 342.649174] ? srso_return_thunk+0x5/0x5f [ 342.650137] ? kasan_quarantine_put+0x84/0x1e0 [ 342.651186] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 342.652169] ? srso_return_thunk+0x5/0x5f [ 342.653144] unregister_netdevice_many_notify+0x1612/0x1c80 [ 342.654360] ? __virt_addr_valid+0x2e8/0x5d0 [ 342.655368] ? __pfx_lock_release+0x10/0x10 [ 342.656335] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 342.657615] ? find_held_lock+0x2c/0x110 [ 342.658573] ? srso_return_thunk+0x5/0x5f [ 342.659518] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 342.660620] ? srso_return_thunk+0x5/0x5f [ 342.661567] ? lock_release+0x20f/0x6f0 [ 342.662518] ? __pfx_lock_release+0x10/0x10 [ 342.663474] ? srso_return_thunk+0x5/0x5f [ 342.664448] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 342.665608] ? srso_return_thunk+0x5/0x5f [ 342.666611] unregister_netdevice_queue+0x224/0x2e0 [ 342.667719] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 342.668897] ? up_write+0x195/0x520 [ 342.669760] _cfg80211_unregister_wdev+0x57b/0x700 [ 342.670853] ? srso_return_thunk+0x5/0x5f [ 342.671813] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 342.672908] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 342.674172] ? srso_return_thunk+0x5/0x5f [ 342.675168] ? srso_return_thunk+0x5/0x5f [ 342.676129] ? synchronize_rcu+0x1ff/0x260 [ 342.677062] ieee80211_unregister_hw+0x55/0x3a0 [ 342.678117] hwsim_exit_net+0x3a0/0x730 [ 342.679031] ? __pfx_hwsim_exit_net+0x10/0x10 [ 342.680037] ? srso_return_thunk+0x5/0x5f [ 342.681024] ? netdev_run_todo+0x788/0x1040 [ 342.682012] ? __pfx_hwsim_exit_net+0x10/0x10 [ 342.683045] ops_exit_list+0xb3/0x180 [ 342.683934] cleanup_net+0x546/0xad0 [ 342.684808] ? __pfx_cleanup_net+0x10/0x10 [ 342.685770] process_one_work+0x8ee/0x1a10 [ 342.686772] ? __pfx_lock_acquire+0x10/0x10 [ 342.687721] ? __pfx_process_one_work+0x10/0x10 [ 342.688772] ? srso_return_thunk+0x5/0x5f [ 342.689716] ? move_linked_works+0x172/0x270 [ 342.690723] ? srso_return_thunk+0x5/0x5f [ 342.691700] ? assign_work+0x196/0x240 [ 342.692634] worker_thread+0x674/0xe70 [ 342.693569] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 342.694749] ? srso_return_thunk+0x5/0x5f [ 342.695722] ? __pfx_worker_thread+0x10/0x10 [ 342.696768] kthread+0x3ab/0x720 [ 342.697590] ? __pfx_kthread+0x10/0x10 [ 342.698559] ? srso_return_thunk+0x5/0x5f [ 342.699503] ? finish_task_switch.isra.0+0x206/0x840 [ 342.700609] ? __pfx_kthread+0x10/0x10 [ 342.701522] ret_from_fork+0x48/0x80 [ 342.702386] ? __pfx_kthread+0x10/0x10 [ 342.703310] ret_from_fork_asm+0x1a/0x30 [ 342.704289] [ 344.334997] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 344.336936] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 344.346807] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 344.350323] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 344.354725] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 344.357152] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 344.597136] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 344.599266] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 344.601543] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 344.603106] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 344.605431] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 344.606834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 344.608812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 344.611264] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 344.612746] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 344.613325] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 344.615792] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 344.622735] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 344.720062] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 344.740815] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 344.741403] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 344.745066] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 344.747791] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 344.748353] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 344.801897] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 344.802785] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 344.805405] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 344.808217] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 344.810780] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 344.811419] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 344.820057] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 344.831749] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 344.863079] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 344.919853] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 344.921571] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 344.929614] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 344.929908] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 344.930433] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 344.933352] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 344.957748] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 344.959837] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 344.961612] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 344.966632] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 344.966646] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 344.970897] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 344.974102] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 344.977088] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 344.980742] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 346.371532] Bluetooth: hci0: command tx timeout [ 346.691664] Bluetooth: hci2: command tx timeout [ 346.691854] Bluetooth: hci1: command tx timeout [ 346.756499] Bluetooth: hci3: command tx timeout [ 346.820068] Bluetooth: hci4: command tx timeout [ 347.011886] Bluetooth: hci6: command tx timeout [ 347.012896] Bluetooth: hci5: command tx timeout [ 347.076522] Bluetooth: hci7: command tx timeout [ 348.420492] Bluetooth: hci0: command tx timeout [ 348.739526] Bluetooth: hci2: command tx timeout [ 348.739614] Bluetooth: hci1: command tx timeout [ 348.804516] Bluetooth: hci3: command tx timeout [ 348.868531] Bluetooth: hci4: command tx timeout [ 349.059715] Bluetooth: hci5: command tx timeout [ 349.059802] Bluetooth: hci6: command tx timeout [ 349.123511] Bluetooth: hci7: command tx timeout [ 350.470484] Bluetooth: hci0: command tx timeout [ 350.787568] Bluetooth: hci1: command tx timeout [ 350.787722] Bluetooth: hci2: command tx timeout [ 350.851539] Bluetooth: hci3: command tx timeout [ 350.915527] Bluetooth: hci4: command tx timeout [ 351.108544] Bluetooth: hci5: command tx timeout [ 351.108633] Bluetooth: hci6: command tx timeout [ 351.171548] Bluetooth: hci7: command tx timeout [ 352.515504] Bluetooth: hci0: command tx timeout VM DIAGNOSIS: 01:54:14 Registers: info registers vcpu 0 RAX=0000000000063ea9 RBX=0000000000000000 RCX=ffffffff84a8bb27 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff814b1b6a RBP=dffffc0000000000 RSP=ffffffff85a07e10 R8 =0000000000000001 R9 =ffffed100d9c6c4a R10=ffff88806ce36253 R11=0000000000000001 R12=ffffffff864021d0 R13=1ffffffff0b40fc7 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff84a8cace RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4ba4d576c0 CR3=00000000179bc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=36393635383937333172696474736574 XMM02=2f363936353839373331726964747365 XMM03=63556c6554642e72656c6c616b7a7973 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=000000000000000a000000c000014016 XMM09=000000000000002a000000c000016000 XMM10=0000000000000009000000c000014040 XMM11=0000000000000007000000c000014049 XMM12=000000000000001c000000c000018000 XMM13=0000000000000041000000c00001a000 XMM14=000000000000000c000000c000014050 XMM15=000000000000000d000000c000014060 info registers vcpu 1 RAX=0000000000000034 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283cdc5 RDI=ffffffff886930a0 RBP=ffffffff88693060 RSP=ffff88800c36ebb8 R8 =0000000000000001 R9 =ffffed100186dd67 R10=0000000000000034 R11=3a6b636f6c206762 R12=0000000000000034 R13=0000000000000001 R14=ffff888008fea01c R15=ffff88800c36eeb8 RIP=ffffffff8283ce1d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4ba4d5f020 CR3=00000000179bc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=0000000000000000417857dd80000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000