Extracting prog: 2m24.416353977s Minimizing prog: 23m41.89686672s Simplifying prog options: 2m49.997560114s Extracting C: 1m57.140026167s Simplifying C: 0s extracting reproducer from 1 programs testing a last program of every proc single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r3, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program crashed: WARNING in __cfg80211_ibss_joined single: successfully extracted reproducer found reproducer with 8 syscalls minimizing guilty program testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211 detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r3, 0x405, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, 0x0, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r2, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r3, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r2, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, 0x0, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r2, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r0, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r2, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, 0x0, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r2, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) sendmsg$nl_route(r0, 0x0, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r2, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r2, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r2, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(0x0, &(0x7f0000000040)=@default_ibss_ssid, 0x6, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r3, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r3, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r3, 0x405, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001d40)={0x2c, r3, 0x405, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x2c}}, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, 0x0, 0x0) program crashed: WARNING: suspicious RCU usage in sta_remove_link extracting C reproducer testing compiled C program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH program did not crash simplifying guilty program options testing program (duration=1m0.473897226s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, 0x0, 0x0) program did not crash testing program (duration=1m0.473897226s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-syz_80211_join_ibss-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CHANNEL_SWITCH detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x60e2e}}, 0x20}}, 0x0) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, 0x0, 0x0) program did not crash reproducing took 30m53.450839948s repro crashed as (corrupted=false): ============================= WARNING: suspicious RCU usage 6.1.114-syzkaller #0 Not tainted ----------------------------- net/mac80211/sta_info.c:361 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by syz.0.27/4468: #0: ffff800017ff4448 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffff800017ff4448 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 net/core/rtnetlink.c:6147 #1: ffff0000d8a207c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:5639 [inline] #1: ffff0000d8a207c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_netdev_notifier_call+0x414/0x13b8 net/wireless/core.c:1503 #2: ffff0000dd760d40 (&wdev->mtx){+.+.}-{3:3}, at: wdev_lock net/wireless/core.h:231 [inline] #2: ffff0000dd760d40 (&wdev->mtx){+.+.}-{3:3}, at: cfg80211_leave net/wireless/core.c:1341 [inline] #2: ffff0000dd760d40 (&wdev->mtx){+.+.}-{3:3}, at: cfg80211_netdev_notifier_call+0x424/0x13b8 net/wireless/core.c:1504 stack backtrace: CPU: 0 PID: 4468 Comm: syz.0.27 Not tainted 6.1.114-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 lockdep_rcu_suspicious+0x260/0x464 kernel/locking/lockdep.c:6608 sta_remove_link+0x38c/0x474 net/mac80211/sta_info.c:360 sta_info_free+0x68/0x2ec net/mac80211/sta_info.c:405 ieee80211_ibss_disconnect+0x2b0/0x5fc net/mac80211/ibss.c:704 ieee80211_ibss_leave+0x30/0x108 net/mac80211/ibss.c:1868 ieee80211_leave_ibss+0x20/0x30 net/mac80211/cfg.c:2820 rdev_leave_ibss net/wireless/rdev-ops.h:561 [inline] __cfg80211_leave_ibss+0x1e0/0x518 net/wireless/ibss.c:211 __cfg80211_leave+0x164/0x3a0 net/wireless/core.c:1293 cfg80211_leave net/wireless/core.c:1342 [inline] cfg80211_netdev_notifier_call+0x430/0x13b8 net/wireless/core.c:1504 notifier_call_chain kernel/notifier.c:87 [inline] raw_notifier_call_chain+0xd4/0x164 kernel/notifier.c:455 call_netdevice_notifiers_info net/core/dev.c:1970 [inline] call_netdevice_notifiers_extack net/core/dev.c:2008 [inline] call_netdevice_notifiers net/core/dev.c:2022 [inline] __dev_close_many+0x1b8/0x3c4 net/core/dev.c:1515 __dev_close net/core/dev.c:1553 [inline] __dev_change_flags+0x280/0x5a0 net/core/dev.c:8587 dev_change_flags+0x80/0x154 net/core/dev.c:8660 do_setlink+0xacc/0x3318 net/core/rtnetlink.c:2830 __rtnl_newlink net/core/rtnetlink.c:3605 [inline] rtnl_newlink+0x1424/0x1b74 net/core/rtnetlink.c:3652 rtnetlink_rcv_msg+0x72c/0xd94 net/core/rtnetlink.c:6150 netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2508 rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6168 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline] netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1352 netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg net/socket.c:730 [inline] ____sys_sendmsg+0x55c/0x848 net/socket.c:2519 ___sys_sendmsg net/socket.c:2573 [inline] __sys_sendmsg+0x26c/0x33c net/socket.c:2602 __do_sys_sendmsg net/socket.c:2611 [inline] __se_sys_sendmsg net/socket.c:2609 [inline] __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2609 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 final repro crashed as (corrupted=false): ============================= WARNING: suspicious RCU usage 6.1.114-syzkaller #0 Not tainted ----------------------------- net/mac80211/sta_info.c:361 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by syz.0.27/4468: #0: ffff800017ff4448 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffff800017ff4448 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 net/core/rtnetlink.c:6147 #1: ffff0000d8a207c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:5639 [inline] #1: ffff0000d8a207c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_netdev_notifier_call+0x414/0x13b8 net/wireless/core.c:1503 #2: ffff0000dd760d40 (&wdev->mtx){+.+.}-{3:3}, at: wdev_lock net/wireless/core.h:231 [inline] #2: ffff0000dd760d40 (&wdev->mtx){+.+.}-{3:3}, at: cfg80211_leave net/wireless/core.c:1341 [inline] #2: ffff0000dd760d40 (&wdev->mtx){+.+.}-{3:3}, at: cfg80211_netdev_notifier_call+0x424/0x13b8 net/wireless/core.c:1504 stack backtrace: CPU: 0 PID: 4468 Comm: syz.0.27 Not tainted 6.1.114-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 lockdep_rcu_suspicious+0x260/0x464 kernel/locking/lockdep.c:6608 sta_remove_link+0x38c/0x474 net/mac80211/sta_info.c:360 sta_info_free+0x68/0x2ec net/mac80211/sta_info.c:405 ieee80211_ibss_disconnect+0x2b0/0x5fc net/mac80211/ibss.c:704 ieee80211_ibss_leave+0x30/0x108 net/mac80211/ibss.c:1868 ieee80211_leave_ibss+0x20/0x30 net/mac80211/cfg.c:2820 rdev_leave_ibss net/wireless/rdev-ops.h:561 [inline] __cfg80211_leave_ibss+0x1e0/0x518 net/wireless/ibss.c:211 __cfg80211_leave+0x164/0x3a0 net/wireless/core.c:1293 cfg80211_leave net/wireless/core.c:1342 [inline] cfg80211_netdev_notifier_call+0x430/0x13b8 net/wireless/core.c:1504 notifier_call_chain kernel/notifier.c:87 [inline] raw_notifier_call_chain+0xd4/0x164 kernel/notifier.c:455 call_netdevice_notifiers_info net/core/dev.c:1970 [inline] call_netdevice_notifiers_extack net/core/dev.c:2008 [inline] call_netdevice_notifiers net/core/dev.c:2022 [inline] __dev_close_many+0x1b8/0x3c4 net/core/dev.c:1515 __dev_close net/core/dev.c:1553 [inline] __dev_change_flags+0x280/0x5a0 net/core/dev.c:8587 dev_change_flags+0x80/0x154 net/core/dev.c:8660 do_setlink+0xacc/0x3318 net/core/rtnetlink.c:2830 __rtnl_newlink net/core/rtnetlink.c:3605 [inline] rtnl_newlink+0x1424/0x1b74 net/core/rtnetlink.c:3652 rtnetlink_rcv_msg+0x72c/0xd94 net/core/rtnetlink.c:6150 netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2508 rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6168 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline] netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1352 netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg net/socket.c:730 [inline] ____sys_sendmsg+0x55c/0x848 net/socket.c:2519 ___sys_sendmsg net/socket.c:2573 [inline] __sys_sendmsg+0x26c/0x33c net/socket.c:2602 __do_sys_sendmsg net/socket.c:2611 [inline] __se_sys_sendmsg net/socket.c:2609 [inline] __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2609 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585