Warning: Permanently added '[localhost]:20470' (ECDSA) to the list of known hosts. 2025/11/15 05:49:28 fuzzer started 2025/11/15 05:49:28 dialing manager at localhost:37161 syzkaller login: [ 51.523474] cgroup: Unknown subsys name 'net' [ 51.578660] cgroup: Unknown subsys name 'cpuset' [ 51.591681] cgroup: Unknown subsys name 'rlimit' 2025/11/15 05:49:46 syscalls: 201 2025/11/15 05:49:46 code coverage: enabled 2025/11/15 05:49:46 comparison tracing: enabled 2025/11/15 05:49:46 extra coverage: enabled 2025/11/15 05:49:46 setuid sandbox: enabled 2025/11/15 05:49:46 namespace sandbox: enabled 2025/11/15 05:49:46 Android sandbox: enabled 2025/11/15 05:49:46 fault injection: enabled 2025/11/15 05:49:46 leak checking: enabled 2025/11/15 05:49:46 net packet injection: enabled 2025/11/15 05:49:46 net device setup: enabled 2025/11/15 05:49:46 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/11/15 05:49:46 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/11/15 05:49:46 USB emulation: enabled 2025/11/15 05:49:46 hci packet injection: enabled 2025/11/15 05:49:46 wifi device emulation: enabled 2025/11/15 05:49:46 802.15.4 emulation: enabled 2025/11/15 05:49:46 fetching corpus: 0, signal 0/0 (executing program) 2025/11/15 05:49:47 starting 8 fuzzer processes 05:49:47 executing program 0: ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f0000000000)) r0 = syz_io_uring_setup(0x8a, &(0x7f0000000040)={0x0, 0xefc9, 0x4, 0x1, 0x216}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000180)=0xc) getgroups(0x3, &(0x7f0000000200)=[0xee01, 0x0, 0x0]) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, r0, {r2, r3}}, './file0\x00'}) syz_io_uring_setup(0x41b1, &(0x7f0000000280)={0x0, 0x435b, 0x2, 0x3, 0xea}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000300)=0x0, &(0x7f0000000340)) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x4, 0x12, 0xffffffffffffffff, 0x8000000) r8 = syz_io_uring_complete(r7) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000003c0)={0x1, &(0x7f0000000380)=[{0x3ff, 0x7, 0xae, 0x2}]}) r9 = syz_io_uring_complete(r6) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x400280, 0x0) kcmp$KCMP_EPOLL_TFD(r1, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, &(0x7f0000000440)={r9, r10, 0x6}) epoll_ctl$EPOLL_CTL_DEL(r4, 0x2, r0) r11 = syz_open_dev$hiddev(&(0x7f0000000480), 0x5, 0x101000) r12 = getgid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r8, 0xc018937b, &(0x7f00000004c0)={{0x1, 0x1, 0x18, r11, {r5, r12}}, './file0\x00'}) name_to_handle_at(r8, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)=@fuse_with_parent={0x18, 0x82, {{0xffffffff, 0x4, 0x7}, {0xc1e8, 0x7fffffff, 0x200}}}, &(0x7f0000000580), 0x1000) ioctl$TUNSETVNETHDRSZ(r10, 0x400454d8, &(0x7f00000005c0)=0x40) ustat(0x3, &(0x7f0000000600)) 05:49:47 executing program 1: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) r1 = accept$inet6(r0, 0x0, &(0x7f0000000040)) r2 = syz_genetlink_get_family_id$fou(&(0x7f00000000c0), r0) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @remote}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) syz_genetlink_get_family_id$gtp(&(0x7f00000001c0), r0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000240)={0x5, 0x80, 0x4, 0x6, 0xd2, 0x1f, 0x0, 0x7, 0x20000, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x4, @perf_bp={&(0x7f0000000200), 0x8}, 0x100, 0x1066, 0x1, 0x2, 0x7, 0x1, 0x40, 0x0, 0xba21}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_GET_TUNSRC(r3, &(0x7f0000000380)={&(0x7f00000002c0), 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x0, 0x300, 0x70bd28, 0x25dfdbfd, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x469bfc5c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8cadc421b24cdd75}, 0x0) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f00000003c0), r0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x24, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4081}, 0x40) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x5, 0x100010, r0, 0x0) syz_io_uring_setup(0x7e66, &(0x7f0000000500)={0x0, 0x2785, 0x1, 0x3, 0x98, 0x0, r0}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000580), &(0x7f00000005c0)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000680)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r0, 0x80, &(0x7f0000000600)=@in6={0xa, 0x4e22, 0x9, @mcast2, 0x3}, 0x0, 0x0, 0x1}, 0x7) perf_event_open(&(0x7f00000006c0)={0x4, 0x80, 0x1f, 0x3, 0xfe, 0x2, 0x0, 0xff, 0x60000, 0xe, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x6a, 0x0, @perf_config_ext={0xb523, 0x3}, 0x8808, 0xffffffff, 0xe00, 0x9, 0x95, 0x7f, 0xfd, 0x0, 0x3, 0x0, 0x3ff}, 0xffffffffffffffff, 0x7, r0, 0x3) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000740), &(0x7f0000000780)=0xc) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_DUMPHMAC(r8, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x48, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@SEG6_ATTR_DST={0x14, 0x1, @private2}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x4}, @SEG6_ATTR_SECRET={0x8, 0x4, [0xcde]}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x401}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x850) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000900), 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={0x4c, r4, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@SEG6_ATTR_DST={0x14, 0x1, @empty}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xfffffff9}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x46b}, @SEG6_ATTR_SECRET={0x14, 0x4, [0x9, 0x1ff, 0x5, 0x9]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4008000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000a40), r1) 05:49:47 executing program 2: r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000040)={0x0, 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000100)=0xc) r3 = perf_event_open(&(0x7f0000000140)={0x5, 0x80, 0x3, 0x2, 0x6, 0x4, 0x0, 0xd3, 0x7000, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x81, 0x1, @perf_config_ext={0x2, 0x4}, 0x10, 0x7f, 0x6, 0x1, 0x80000000, 0xffff, 0x1, 0x0, 0x0, 0x0, 0x9}, 0xffffffffffffffff, 0xb, r0, 0xa) kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r3, &(0x7f00000001c0)={0xffffffffffffffff, r0, 0x9}) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000200)={0x10}) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000240)=0x7) epoll_pwait(r0, &(0x7f0000000280)=[{}], 0x1, 0x590, &(0x7f00000002c0)={[0x9]}, 0x8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000340)={{{@in=@dev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@remote}}, &(0x7f0000000440)=0xe8) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x6c, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x35}}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}]}, 0x6c}, 0x1, 0x0, 0x0, 0x808}, 0x24004080) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000580), 0x14000, 0x0) mq_getsetattr(r5, &(0x7f00000005c0)={0x800, 0x6, 0x6, 0x3fffc0}, &(0x7f0000000600)) openat$cgroup_procs(r5, &(0x7f0000000640)='tasks\x00', 0x2, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000002, 0x8010, r0, 0x8000000) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000006c0), r5) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r5, &(0x7f0000000880)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000700)={0x110, r6, 0x50c, 0x70bd2c, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_ADDR={0x34, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010100}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x3f}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010102}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x67}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_ADDR={0x40, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x7}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}]}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}]}, 0x110}, 0x1, 0x0, 0x0, 0x8840}, 0x8000) ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) r7 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000008c0), 0x8003, 0x0) ioctl$TUNGETFEATURES(r7, 0x800454cf, &(0x7f0000000900)) setns(r7, 0x70000000) 05:49:47 executing program 7: r0 = getuid() ioprio_get$uid(0x3, r0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000002580)) getresuid(&(0x7f00000025c0), &(0x7f0000002600)=0x0, &(0x7f0000002640)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002680)={{{@in=@dev, @in6=@ipv4={""/10, ""/2, @local}}}, {{@in6=@mcast1}, 0x0, @in=@empty}}, &(0x7f0000002780)=0xe8) ioprio_get$uid(0x0, r0) r2 = epoll_create1(0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000027c0)={{0x1, 0x1, 0x18, r2, {r1, 0x0}}, './file0\x00'}) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000002800)={0x0}, &(0x7f0000002840)=0xc) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000002880)={{0x1, 0x1, 0x18, r3, {r4, r5}}, './file0\x00'}) kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r6, 0x7, r2, &(0x7f00000028c0)={r7, r3, 0x72df}) epoll_pwait2(r7, &(0x7f0000002900)=[{}, {}, {}, {}], 0x4, &(0x7f0000002940)={0x0, 0x989680}, &(0x7f0000002980)={[0x4]}, 0x8) openat$cgroup_netprio_ifpriomap(r7, &(0x7f00000029c0), 0x2, 0x0) ioctl$PTP_EXTTS_REQUEST2(r3, 0x40103d0b, &(0x7f0000002a00)={0x6, 0x8}) epoll_pwait(r3, &(0x7f0000002a40)=[{}, {}], 0x2, 0x1000, &(0x7f0000002a80)={[0x8]}, 0x8) ioctl$HIDIOCGCOLLECTIONINFO(0xffffffffffffffff, 0xc0104811, &(0x7f0000002ac0)={0x4, 0xffff}) ioctl$PTP_PIN_SETFUNC2(r7, 0x40603d10, &(0x7f0000002b00)={'\x00', 0x6, 0x3, 0x7}) openat$cgroup_netprio_ifpriomap(r7, &(0x7f0000002b80), 0x2, 0x0) r8 = socket(0x26, 0x6, 0x5) getsockopt$inet6_IPV6_IPSEC_POLICY(r8, 0x29, 0x22, &(0x7f0000002bc0)={{{@in6=@mcast2, @in6=@loopback}}, {{@in6=@ipv4={""/10, ""/2, @remote}}, 0x0, @in6=@remote}}, &(0x7f0000002cc0)=0xe8) 05:49:47 executing program 3: ioctl$PTP_CLOCK_GETCAPS(0xffffffffffffffff, 0x80503d01, &(0x7f0000000000)) r0 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080)) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xcd, &(0x7f00000000c0)={{0xa, 0x4e24, 0x1f, @dev={0xfe, 0x80, '\x00', 0x3f}, 0x800}, {0xa, 0x4e20, 0x8, @loopback, 0x52e}, 0x20, [0x4e2d, 0x400, 0xca9, 0xffffffff, 0x7f, 0x2, 0xa53, 0x2]}, 0x5c) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x4, 0x1f, 0x40, 0x1ff, 0x27, @private1={0xfc, 0x1, '\x00', 0x1}, @remote, 0x8, 0x8, 0xb06, 0xea6}}) r1 = getegid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000200)={{0x1, 0x1, 0x18, r0, {0xee01, r1}}, './file0\x00'}) getgroups(0x6, &(0x7f0000000240)=[r4, r1, r1, r4, 0xffffffffffffffff, 0xee01]) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000280)={{0x1, 0x1, 0x18, r2, {r3, r5}}, './file0\x00'}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000002c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000340)={r7, 0x6, 0x3ff}) ioctl$PTP_EXTTS_REQUEST(r6, 0x40103d02, &(0x7f0000000380)={0x9, 0x1}) getgid() r8 = socket$inet6(0xa, 0x4, 0x8) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r6, 0x89f7, &(0x7f0000000440)={'ip6tnl0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x7d, 0x0, 0x4, 0x40, @private0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0x20, 0x78c0, 0x7, 0xa9c}}) setsockopt$inet6_IPV6_PKTINFO(r8, 0x29, 0x32, &(0x7f0000000480)={@local, r9}, 0x14) syz_io_uring_submit(0x0, 0x0, &(0x7f00000004c0)=@IORING_OP_READ_FIXED={0x4, 0x5, 0x2004, @fd_index=0xa, 0x3, 0x40, 0x1d9, 0x8, 0x1, {0x3}}, 0x8) openat$sr(0xffffffffffffff9c, &(0x7f0000000500), 0x208a03, 0x0) r10 = syz_io_uring_setup(0x31b2, &(0x7f0000000540)={0x0, 0xfd7d, 0x20, 0x0, 0x143}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000005c0), &(0x7f0000000600)) io_uring_setup(0x5fea, &(0x7f0000000640)={0x0, 0x3854, 0x8, 0x3, 0x2d8, 0x0, r10}) timerfd_gettime(0xffffffffffffffff, &(0x7f00000006c0)) 05:49:47 executing program 4: r0 = syz_io_uring_complete(0x0) ioctl$PTP_EXTTS_REQUEST(r0, 0x40103d02, &(0x7f0000000000)={0x1, 0x4}) ioctl$PTP_PIN_GETFUNC2(r0, 0xc0603d0f, &(0x7f0000000040)={'\x00', 0x5, 0x0, 0xb0}) write$cgroup_netprio_ifpriomap(r0, &(0x7f00000000c0)={'bridge_slave_1', 0x32, 0x37}, 0x11) ioctl$HIDIOCGPHYS(0xffffffffffffffff, 0x80404812, &(0x7f0000000100)) ioctl$HIDIOCSUSAGES(r0, 0x501c4814, &(0x7f0000000140)={{0x1, 0x100, 0xc1a8, 0x4, 0x2, 0x20}, 0x33a, [0x6, 0xae, 0xe7, 0x2, 0x5, 0x3, 0xffffffff, 0x8, 0x800, 0x7, 0x0, 0x7, 0x0, 0x20, 0x6442, 0x1, 0x2, 0x100, 0x6, 0x3, 0x8, 0x1f, 0x0, 0x9, 0x7ff, 0x3, 0x10000, 0x5, 0x101, 0x1, 0x53, 0x5, 0x20, 0x5, 0x9, 0x8000, 0x8d0, 0x3f, 0x8, 0x40, 0x200, 0x6, 0x8, 0x3, 0x1, 0x80000001, 0x7, 0x4, 0x7, 0xbdb, 0x80, 0x3ff, 0x1, 0x0, 0x401, 0x80000000, 0x7f08, 0xfffffffd, 0x5, 0x4, 0xfffffffa, 0x29d, 0x5, 0x100, 0x7, 0xfff, 0x1ff, 0xb0f, 0x1c5dc, 0x9, 0xaa18, 0x401, 0x7f, 0x1, 0x7fffffff, 0x40, 0x1fffc0, 0xf6bc, 0x4, 0x6, 0x7, 0x3, 0x1, 0x80000001, 0x4, 0x7, 0x3, 0x0, 0x20, 0x91, 0x9, 0x7, 0x4, 0x7, 0x80000000, 0x6, 0x6, 0x1, 0x1000, 0x9, 0x80000000, 0x5, 0x9edd, 0x3f, 0x4, 0x7fffffff, 0x5f, 0x0, 0x7, 0x3ff, 0x240e, 0x10001, 0x7, 0x7, 0x7f, 0x20, 0x20, 0x8, 0xe47, 0x3, 0xb57, 0x40, 0x0, 0xfff, 0x9, 0x80, 0x3, 0x0, 0x1, 0x20, 0x3, 0x4, 0x101, 0x3, 0x3f, 0x9, 0x58a, 0x4, 0xffffffff, 0x1ff, 0x0, 0x4, 0x800, 0x8c, 0x1, 0xe8ad, 0x2d70, 0xfffffff8, 0x3, 0xa02c, 0x8, 0x80000001, 0x4, 0xfffffff9, 0x6330, 0x687, 0x200, 0x6, 0x2, 0xa42, 0x0, 0x80000001, 0x3, 0x9, 0xffffff7f, 0xfffffff8, 0x9d0, 0x4, 0x401, 0x10001, 0x1800, 0x6, 0x9, 0x9, 0x800, 0x9, 0x1, 0x5, 0xffffff4c, 0x2, 0x80, 0x3f, 0x229, 0x1, 0xedcb, 0x2c, 0x6, 0x8, 0x3ff, 0x2, 0x9, 0x4, 0x6, 0xfffffffe, 0x1, 0x4, 0x6, 0x5, 0xfffff48c, 0xffff7fff, 0x0, 0x0, 0x3, 0x8000, 0x1, 0x7, 0x0, 0x20, 0x298, 0x9, 0x8001, 0x58a, 0x6, 0x100, 0x9, 0xd2f, 0xd6a, 0xffffffff, 0x6, 0xcba, 0x8, 0x5d2, 0x22d, 0x688e, 0x3, 0x2, 0x80000001, 0x5, 0x3ff, 0x78d, 0x4, 0x7, 0x7, 0x9, 0x7f, 0x2, 0x8, 0xfffffff7, 0x0, 0x6, 0x8000, 0xfff, 0x20, 0x1, 0x9, 0xffffffff, 0x7, 0xc6f7, 0x5, 0xbe0, 0xe8fa, 0x3ff, 0x8, 0x8, 0x1f, 0x3f, 0xfffff51d, 0x7fffffff, 0x6, 0x4, 0x3ff, 0x3, 0xff, 0x3f, 0x2, 0x200, 0x8, 0x4, 0x4, 0x0, 0x1, 0x30ec, 0xfffffff9, 0x200, 0x9, 0x5, 0x3ff, 0x69ba, 0xffffffff, 0x80000, 0x3, 0x60000, 0x1000, 0x10000, 0x51, 0x1, 0x6, 0x80000000, 0x9, 0x2, 0x5, 0x4, 0x200, 0x3, 0x20, 0x4, 0x8693, 0x1, 0x5, 0x3, 0x521, 0x2711, 0x5, 0x7, 0x7, 0x1, 0x0, 0x0, 0x10000, 0x7ff, 0x7, 0x6, 0x1, 0xfffffffe, 0x2, 0x9, 0x2, 0x0, 0x8, 0x5, 0x8001, 0x3, 0x200, 0x80, 0x3, 0x100000, 0x65e, 0x5, 0x9e1, 0x9, 0x5, 0x7147588b, 0x4, 0xff, 0x100, 0x3f, 0xfffffffb, 0x3555ac51, 0xffffffff, 0x10, 0x0, 0x7, 0x6, 0x1, 0xa0a, 0x8000, 0x80000000, 0x7, 0x3, 0xdb4e, 0x81, 0x20, 0x58f, 0x800, 0x41, 0x3, 0x1, 0x5, 0x7, 0x0, 0xfffffffb, 0x8, 0xa000000, 0x81, 0xc3c00000, 0xffff8000, 0x20, 0x1, 0x0, 0x0, 0x1, 0xfffffffa, 0x10001, 0x3, 0x9, 0x7fff, 0xb263, 0x80000000, 0x1000, 0x800, 0x8, 0xffffff70, 0x5, 0x3, 0x1ff, 0x9, 0xa966, 0x7fff, 0x5, 0x3, 0x0, 0x10000, 0x2, 0x1000, 0x2, 0x7, 0x8ac, 0x3, 0x4, 0x5, 0x9, 0x3f, 0x5, 0x8, 0x80000001, 0x2, 0x7, 0x6, 0xfd9, 0xffff, 0x0, 0xdb, 0x3, 0x7, 0x6, 0x7, 0x0, 0x7, 0x0, 0x2, 0x3b, 0x2, 0x7fffffff, 0xf2a, 0x80, 0x7, 0x200, 0x400, 0x4, 0x8000, 0x1ff, 0xcb, 0x1, 0x5d, 0x3f, 0xfff, 0x9, 0x2, 0x9fae, 0x8, 0x100, 0xfaa7, 0x1, 0x7, 0xfffff000, 0xfff, 0x8, 0x1, 0x4, 0x0, 0x1000, 0x2, 0x4, 0x5d, 0x3ffc0000, 0xbe, 0x6, 0x4, 0x3, 0x5, 0x3, 0x4ce1, 0x9, 0x7, 0x1e4e, 0x3f, 0x9, 0x3, 0x4, 0x2, 0xffffff5f, 0x8, 0xfffffff7, 0x8000, 0x4, 0x3, 0x6c, 0x1, 0x31a, 0x10000, 0x0, 0x80000001, 0x1, 0x4, 0x6, 0x8001, 0x8, 0x4, 0x5, 0x2, 0x8, 0x1f, 0x9, 0xfffffffa, 0x8d19, 0x8, 0xff, 0xfffffffe, 0x80000000, 0x8, 0x0, 0x0, 0x6, 0x10000, 0x51, 0x5e6, 0x0, 0x80, 0x200, 0x218, 0x1000, 0x2, 0x1, 0x6, 0x5, 0x7, 0x101, 0xffff, 0x7, 0x7fffffff, 0x1025, 0x1f, 0x8, 0x80000001, 0x140, 0x6, 0x401, 0x6, 0x1, 0x5, 0x9900, 0x0, 0x3ff, 0x7, 0x8000, 0x3, 0x80000000, 0x2b, 0x8, 0x2, 0x9, 0x4, 0x5, 0x8cc4, 0x9, 0x7, 0xfffffff7, 0x9, 0xfff, 0x400, 0x4, 0x6, 0x262b, 0xa5a2, 0x6, 0x0, 0x0, 0x6681, 0x10001, 0x9, 0x7, 0x1ff, 0x401, 0x81, 0x5, 0x401, 0x0, 0x4, 0x5, 0x0, 0x8, 0xd7, 0x40, 0x3ff, 0x0, 0x6, 0x6245, 0x8001, 0x401, 0x4, 0x0, 0x7, 0x7f, 0x3, 0x4, 0x7fff, 0x8000, 0x1ff, 0x8, 0xffff8001, 0x6e70, 0xfffffff9, 0x2, 0x3f, 0x7280, 0xc18, 0x4, 0x7fff, 0x100, 0x3, 0x6, 0x7fff, 0x3, 0x0, 0x7, 0x5, 0xcf, 0x1ff, 0x4, 0xfffff801, 0xb7, 0x4, 0x40, 0x2, 0x4, 0x9, 0x2, 0x401, 0x0, 0xb23, 0x64, 0xffffffff, 0x2, 0x1, 0x6, 0x6, 0x200, 0x4, 0x7d34, 0x6, 0xfffffffa, 0x0, 0x40, 0x9, 0x2, 0x6252, 0x5, 0x87, 0x0, 0x7c, 0x4, 0x7, 0x8, 0x5, 0x6, 0xfffffff9, 0x1, 0x80, 0x81, 0x7fffffff, 0x3, 0x6, 0x1f, 0x4a, 0x5, 0x5, 0xb80, 0x9c, 0x40, 0xb340, 0x9, 0xff, 0x1d, 0x2, 0x1000, 0x1, 0x6, 0x786, 0x3c, 0x8, 0x4, 0x10000, 0x15, 0x6, 0x2, 0x5, 0x94b, 0x8, 0x5, 0x1000, 0x465, 0x1, 0x4, 0x5, 0xffff, 0x8001, 0x7, 0x2, 0x9, 0x0, 0x7, 0xf1, 0x6, 0x4, 0xa22, 0x9, 0x4, 0x1, 0x0, 0x5, 0xfff, 0xd1, 0x2, 0xbf1c, 0x200, 0xfff, 0x1, 0x0, 0xa423, 0x401, 0x5, 0x1, 0x7ff, 0xe5, 0x6, 0x2, 0x1000, 0x10001, 0x14, 0xfffffffb, 0x9, 0x8000, 0x9c8, 0xffffffff, 0x9, 0x8001, 0x401, 0xffffffe0, 0x1, 0x0, 0x0, 0x5, 0xfff, 0x3, 0x5, 0x3, 0x400, 0x7ff, 0x3, 0xfdc7, 0x80000001, 0x3, 0x4, 0x1c, 0x9, 0x4, 0x7, 0x2, 0x7ff, 0x1, 0x6a7, 0x2, 0x8, 0x5, 0x8, 0x0, 0xfffffff9, 0x10000, 0x401, 0x9, 0x30f6, 0x8, 0x2, 0x81, 0x8, 0x681751b9, 0x4cb, 0x7, 0x8001, 0x3, 0x9, 0x8, 0xfffffffe, 0x7fffffff, 0x6, 0x7, 0x80d, 0x0, 0x2, 0xd7d, 0xce9, 0x7fff, 0x7fffffff, 0x80000001, 0x9, 0x9a, 0x3, 0x452, 0x2, 0x2052bc49, 0xcf, 0xeb23, 0x8, 0x892, 0x2, 0x4, 0x6, 0x5, 0x4, 0x9, 0x5, 0x3, 0x1, 0x4, 0x0, 0x1, 0x7c, 0x1, 0x7f, 0x0, 0x8, 0x2, 0x80, 0x0, 0x4, 0x5, 0x1, 0x5, 0x10001, 0x2, 0x401, 0x101, 0x7, 0xe0, 0x21, 0x5, 0x1f, 0x200, 0x7, 0x0, 0x1, 0xfff, 0x7fffffff, 0x80000000, 0x7fffffff, 0xbfdc, 0x4, 0xffff0001, 0x9, 0xfffffffd, 0x3, 0x9, 0xfffffffd, 0x401, 0x5, 0x2, 0x2, 0x5ec76c5e, 0x2, 0x2, 0x5, 0x5, 0x2, 0x43d, 0x9, 0x0, 0x4, 0x7, 0x14, 0x1, 0x0, 0xfff, 0xfffffffa, 0x9, 0x6, 0x2, 0x543b, 0x17, 0xc6bf, 0x0, 0x211, 0x9, 0x7fffffff, 0x4, 0x5, 0x1, 0x401, 0x35, 0x6, 0x5, 0x670e, 0x5, 0x3, 0x200, 0x1, 0x5, 0xbe5d, 0x4111, 0x4, 0x400, 0x0, 0x1ff, 0xffffff53, 0x0, 0x7, 0x1, 0x4, 0x54de, 0x49, 0x8, 0x723, 0x401, 0x1, 0x1, 0x4, 0xb65e, 0x7, 0x7, 0x33017381, 0x8, 0x9, 0x20, 0xda17, 0x2, 0x7, 0x5, 0x1, 0xac, 0xffff, 0x5, 0x2, 0x4, 0xee, 0xfffffffc, 0x2, 0x7fff, 0x18, 0xffff, 0x1, 0x6, 0x5, 0x9, 0x6f, 0x10001, 0x400, 0x4, 0x8001, 0x8, 0x0, 0xff, 0x7, 0x7, 0x8, 0x10001, 0x9, 0x0, 0x1, 0x43, 0x0, 0x8, 0xf772, 0x1ff, 0x4, 0x2000000, 0x2, 0x4f, 0xa, 0xadf, 0x4, 0x8, 0x2, 0x6, 0x7, 0x3, 0x9, 0x9, 0x0, 0x2, 0x7ff, 0x5c3, 0x1, 0x6, 0xb9, 0xffff, 0xac, 0x7fff, 0x0, 0x80000001, 0x1, 0x3, 0x8001, 0x3, 0x0, 0xfff, 0x96, 0x7ff, 0xffffffff, 0x3, 0x7fffffff, 0x80, 0x1, 0x4, 0x6, 0x80000001, 0x7, 0x8, 0x5, 0x1, 0xc7, 0xbe, 0xffffffff, 0x8, 0x1f, 0x5, 0x20, 0x73, 0xd06, 0x7fffffff, 0x14, 0x9, 0xfffffff8, 0x1, 0x9, 0x3, 0x10000, 0x2d10, 0x81, 0xfffff351, 0x6, 0x93a7ad10, 0x1, 0x59d7, 0x6, 0x3f]}) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001180), 0x240000, 0x0) ioctl$HIDIOCGREPORTINFO(r1, 0xc00c4809, &(0x7f00000011c0)={0x3, 0x100, 0x2}) r2 = openat$cgroup_pressure(r0, &(0x7f0000001200)='io.pressure\x00', 0x2, 0x0) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r2) syz_genetlink_get_family_id$devlink(&(0x7f0000001240), r0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000001280)=0x200) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000012c0)={0x0, 0x0, 0x0}, &(0x7f0000001300)=0xc) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000001340)={{0x1, 0x1, 0x18, r1, {0xee00, r3}}, './file0\x00'}) r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000001380), 0x402, 0x0) io_uring_setup(0x4df4, &(0x7f00000013c0)={0x0, 0x63ea, 0x4, 0x3, 0x205, 0x0, r4}) r5 = io_uring_setup(0x1ff, &(0x7f0000001440)={0x0, 0xe018, 0x1, 0x1, 0x77}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000004, 0x20010, r5, 0x0) ioctl$HIDIOCSUSAGES(r4, 0x501c4814, &(0x7f00000014c0)={{0x3, 0x2, 0x8001, 0x5, 0x50e50000, 0x933}, 0xfe, [0x81, 0x9, 0x10001, 0x1, 0x7fff, 0x5, 0x10000, 0xfffffffd, 0x8, 0xeb, 0x80000001, 0x3, 0x1ff, 0x5eb9, 0x2, 0x5, 0x1, 0x5, 0x1, 0x3980000, 0x2, 0x81, 0x2, 0x5e, 0x9, 0x2, 0xfffffffb, 0x0, 0x8, 0x3, 0x261d, 0x1000, 0x8, 0x0, 0x1, 0x1, 0x0, 0xfffff040, 0x5962, 0x8, 0x400, 0x8000, 0x1, 0x7, 0x0, 0x2, 0x80000001, 0x79f, 0x3, 0x6, 0x5, 0x8, 0x1, 0xbfb4, 0x80, 0x4, 0x1, 0x8000, 0x400, 0x6, 0x8001, 0xfffffe00, 0x0, 0x72a7, 0x83ba, 0x3ff, 0x9, 0x8000, 0x7f, 0xfffffff8, 0x5, 0x9, 0x8, 0x1, 0x80000001, 0xfff, 0x7da8, 0xd64, 0xea, 0x7f, 0x5, 0x1000, 0x6, 0x7f, 0x38d1, 0x1ff, 0x0, 0x2, 0x3376161e, 0x170, 0x2, 0xffff, 0x2, 0x66f, 0x3, 0x7, 0x6, 0x5, 0xfffffe00, 0x4, 0xe5, 0x80000001, 0x81, 0x1000, 0x10000, 0x8001, 0xecc, 0x50000, 0x6, 0xfffffff8, 0x3, 0x5f1, 0x0, 0xc9a4, 0x5, 0xff, 0x10000, 0x7fffffff, 0x2, 0x6, 0x3ff, 0x1ff, 0x9, 0x0, 0x8, 0x6c, 0x3, 0x2, 0x80000001, 0x3, 0x2, 0x0, 0x4a22aae8, 0x7, 0x400, 0x0, 0x8ac2, 0x400, 0x9, 0x80000000, 0x1, 0x0, 0x2, 0x7fffffff, 0x8c, 0x9, 0x7, 0x0, 0x8000, 0x0, 0x9, 0x2, 0x5, 0x9, 0x2b41, 0x7fffffff, 0x0, 0x400, 0x68000000, 0x9, 0x8157, 0x6, 0x74d, 0x40, 0x0, 0x7ff, 0x9, 0x456e5454, 0x40, 0x9, 0x2, 0x8, 0x1000, 0x7f, 0x40, 0x1ff, 0xfffffffd, 0x3ff, 0xdb5e, 0x1, 0x999, 0x8, 0x101, 0x2, 0x1000, 0xff, 0x5, 0xb9a, 0x38bc087e, 0x80000001, 0x7fff, 0x7, 0x3, 0xffffffff, 0x3, 0x7fffffff, 0x7, 0x200, 0x1, 0x1, 0x7, 0x5, 0x8001, 0x6, 0x3, 0x8, 0x6, 0xae, 0x0, 0xf1, 0x4, 0x0, 0x1a, 0x1000, 0x20, 0x7, 0x200, 0x4, 0x2, 0x0, 0x8001, 0x401, 0x56, 0x3ff, 0x7, 0x82, 0x7, 0x2, 0x42, 0x0, 0x2c, 0x1ff, 0x9, 0x2, 0x631f, 0x52b, 0x400, 0x7, 0x3, 0x1, 0x9, 0xffffffff, 0x40, 0x9, 0x0, 0x1, 0x81, 0x7fe0, 0x8, 0x97, 0xfffffff9, 0x3, 0x7dc4, 0x8, 0x1, 0x6, 0x2, 0x4, 0x0, 0x8001, 0x7ff, 0xfffffdad, 0x3, 0x40, 0xff, 0x40, 0x80000000, 0xbd, 0x3ff, 0x4, 0x1, 0x1, 0x0, 0x5, 0x1000, 0x9, 0x9ba, 0x4, 0xfffffff9, 0x8, 0x2, 0xe6c6, 0x7, 0x6, 0x20, 0x8, 0x2, 0x1, 0xdd70, 0x6, 0x4, 0x3, 0x80000001, 0x900000, 0x3, 0x1ff, 0x9, 0x2, 0x4, 0xfffffd62, 0x6, 0xffffff7f, 0xffff, 0xc76, 0x5, 0x0, 0x1, 0x4, 0x9, 0x8, 0xfcc6, 0x20, 0x20, 0x3, 0x7, 0x7fffffff, 0x0, 0x5, 0x6, 0x40, 0x5, 0x7fffffff, 0x5, 0x5, 0x8, 0x59ea, 0x5, 0x1, 0x7, 0x4, 0x4, 0x7ff, 0x2, 0x180000, 0x1, 0x36, 0x2, 0x9e31, 0x660, 0x3, 0x1, 0xfff, 0x80000000, 0x0, 0x3, 0x6, 0x5, 0x1, 0x40, 0x85, 0x5, 0x3, 0x0, 0xff, 0x7, 0x1000, 0x80000001, 0x2, 0xff, 0x7, 0x400, 0x5, 0x3f, 0xe28, 0x6, 0x7, 0x0, 0x5, 0x8, 0x3, 0x9b, 0x8, 0x400, 0x2, 0x2, 0x40, 0x101, 0x5, 0x3, 0x7, 0x57, 0x8, 0x65, 0x7fffffff, 0x4, 0x0, 0x0, 0x100, 0x200, 0x0, 0x3, 0x5, 0x200, 0x1ff, 0x1, 0x80000001, 0x0, 0xdee4, 0xcd23431, 0x8, 0x0, 0xffffff1d, 0x10001, 0x1, 0xe9, 0x800, 0x2, 0xee9, 0x6, 0xffff, 0x0, 0x7f, 0x2, 0x9f33, 0x8, 0x7, 0x45fa11fc, 0x2, 0x4, 0x0, 0x2, 0xff, 0x5, 0x0, 0x8, 0x1, 0x1, 0x4, 0xfff, 0x101, 0x9, 0x82f, 0x1, 0x8, 0x80000001, 0x10000, 0x800, 0x41, 0xe3, 0x3ff, 0x1, 0x7f, 0x4, 0xfffffffa, 0x8c, 0x2, 0x72, 0x64a6, 0x100, 0x1, 0x8, 0x2, 0x80, 0x8, 0x9, 0x7, 0x1f, 0x9, 0x101, 0x0, 0x5936, 0x5, 0x5, 0x401, 0x2, 0x8, 0x3, 0x5, 0x7ff, 0x3, 0x6, 0x7, 0xb700, 0x4262, 0x6, 0xffffffff, 0x3, 0x1, 0x1, 0x400, 0x3, 0x5, 0xfff, 0x80, 0x4, 0x9, 0xa756, 0x8, 0x1ff, 0xda06, 0x8, 0x539, 0x9, 0xf831, 0x0, 0x6, 0x9, 0xac4e, 0x1, 0x3ff, 0x200, 0x7, 0x6, 0x8, 0xbd, 0x2, 0x80, 0x100, 0x0, 0x3, 0x3, 0x6, 0x80, 0x6, 0xec5c, 0x3f, 0x6, 0x1, 0x4, 0x80000, 0x200, 0x2, 0x8, 0x0, 0x2, 0xfae3, 0xfffffff7, 0x9c59, 0x1, 0x544, 0x8, 0xffffffad, 0x7, 0x81, 0x2f, 0xacdf, 0x10001, 0x1, 0x6, 0x1, 0x0, 0x28a, 0x7f, 0x0, 0x41, 0x6, 0xffffffff, 0x10001, 0xffffffff, 0x3, 0x8, 0x7, 0x0, 0x101, 0x4, 0x8, 0x7ff, 0x5c0f, 0x4, 0x5, 0x0, 0x2, 0xffffffff, 0x0, 0x3af, 0x0, 0x1, 0x101, 0x0, 0xfffffffd, 0x3, 0x8001, 0x40, 0x7, 0x4, 0x5, 0x8, 0x9, 0x8, 0x0, 0x9, 0x200, 0xffffff87, 0xfffff610, 0x562, 0x3, 0x800, 0xfffffffb, 0x9, 0x0, 0x0, 0x1ff, 0x81, 0x3ff, 0xb4, 0x75b7, 0x20, 0x7, 0xfffff678, 0x5, 0x3ff, 0x7, 0x85, 0x2, 0x1ff, 0x8, 0x1, 0x3ff, 0x9, 0x2, 0x1, 0x6, 0x3, 0x5, 0x8f6, 0x8, 0x0, 0x3, 0x8, 0x1ff, 0x8000, 0xffffffff, 0x9, 0x3, 0x8, 0x3, 0x3, 0x0, 0x4, 0x706, 0x7, 0x6, 0x2, 0x1, 0x3ff, 0x46, 0x200, 0x2, 0x1, 0x0, 0x7fff, 0x5, 0x9, 0x860, 0x30000000, 0x8, 0x1ff, 0x7, 0x5, 0xfffffff7, 0x8, 0x946c, 0x0, 0x8, 0x3aff9a48, 0x82f2e09, 0x6, 0x79a8, 0x81, 0x800, 0x7ff, 0x2, 0x2, 0x7fff, 0x9, 0x10000, 0x9, 0x9, 0x9, 0x9, 0x5, 0x10001, 0x0, 0x100, 0x6, 0x8, 0x1ff, 0xc, 0x1f, 0x20, 0x5e5, 0x5, 0x3, 0x1, 0xfffffffd, 0x0, 0x15, 0x401, 0x800, 0xfffffff7, 0x4, 0x1ff, 0x2, 0x401, 0xfffffffc, 0x9, 0x4, 0x7f, 0x9, 0x1, 0x2e3, 0xfd, 0x4, 0x7, 0x1, 0xcf, 0x0, 0x6, 0x3, 0x0, 0xb24, 0x0, 0xfffffff8, 0x8, 0xfff, 0x192, 0x5, 0xfff, 0xfffffff9, 0x8, 0xffff, 0x4, 0x7fff, 0x7, 0x7, 0xffffffff, 0x0, 0x6, 0x8000, 0xffffffff, 0xb9, 0x5, 0x4d, 0x2, 0x4, 0x200, 0x7fffffff, 0x7, 0x10000, 0x101, 0xd7, 0x7, 0x1, 0x9, 0x56, 0x9, 0x9, 0x5807, 0x2, 0xfffff800, 0xacbb, 0x80000000, 0xdc, 0x9, 0x9, 0x0, 0x6, 0x1, 0x1ff, 0x9, 0xad9, 0x7, 0xfff, 0x20, 0x80000001, 0x1, 0x2, 0x8000, 0x3, 0x4, 0x5, 0x3, 0x8f, 0x8, 0x401, 0x7, 0x200, 0x20, 0x10000, 0x0, 0x7, 0x8000000, 0x8dd, 0x4, 0x4, 0x46, 0x9, 0x7, 0x6, 0x7, 0x5, 0x7, 0x6, 0x32, 0x4, 0x6, 0x40, 0x3, 0x2d9d, 0xffff, 0x401, 0x8, 0x7, 0x8, 0x2, 0x14c6, 0x5, 0x3f, 0x1, 0xfff, 0x800, 0x10001, 0x3, 0x1, 0x6, 0xffff, 0xfffffffd, 0x20, 0xffffff80, 0x2, 0x40af, 0x4, 0x9, 0x5, 0x0, 0x80000001, 0x400, 0x2, 0x1f, 0x7f, 0xa10, 0x400, 0xa324, 0xf8000000, 0x1, 0x7ff, 0x0, 0x3, 0x1000, 0x4, 0x1000, 0x9, 0x8, 0x100, 0x90b4, 0x1b, 0x10001, 0x2, 0x40, 0x1000, 0x66ba, 0xb69, 0x0, 0x3, 0x6, 0x2b, 0x0, 0x3, 0xfffffe00, 0x300000, 0x9, 0x1, 0x8, 0xfffffe00, 0xbb49, 0x3, 0x2, 0x1f, 0x811, 0x2, 0xffff8a81, 0xfffffff7, 0x0, 0x9a, 0x20, 0x80, 0x2, 0x1, 0x9, 0xfffffffd, 0x0, 0x400, 0x2f2f, 0xbdc2, 0x6, 0xc, 0xcf8, 0x6, 0x0, 0xfffffff8, 0x0, 0x3, 0xffffffc0, 0x5, 0x8, 0x8, 0x20, 0x1, 0x401, 0x7, 0x1, 0x3, 0x0, 0x0, 0x5, 0x0, 0xcd78, 0x6, 0x1000, 0x9, 0x2, 0x5, 0x401, 0x5, 0x81, 0x8001, 0x3ff, 0xfff, 0x3, 0x4, 0x5, 0x2, 0x6, 0xd44, 0x13b9, 0x9, 0x6, 0xd86, 0x8, 0x7fff, 0xbab, 0x3492, 0xfffffff8, 0xfffffffa, 0xcf75, 0x1ff, 0x10001, 0xfd89, 0x60d, 0x6, 0x0, 0x9, 0x4abb, 0x5, 0x5, 0x79, 0x3, 0x7fffffff, 0xcae1, 0x6, 0x6, 0x7, 0x9bf8, 0x20, 0x96, 0x8001, 0x26, 0x10001, 0x2, 0x8, 0x8, 0x9, 0x401, 0x5, 0x9, 0x3, 0x2, 0x1, 0x9, 0x0, 0x7f, 0x3, 0xfa4, 0xea5, 0x3f, 0x20, 0x7ff, 0x6, 0x8000, 0x7, 0x3, 0x1f, 0xf2, 0x314, 0x2, 0x3, 0xfc, 0xffff316a, 0x7, 0x6, 0x1, 0x8, 0xfffffffc, 0x7, 0x64, 0x747, 0x2, 0x78, 0x7, 0x1, 0x7, 0xd9d, 0x34a, 0x2, 0x1ff, 0x80000000, 0x2, 0x200, 0x7, 0x1, 0x80, 0x5a, 0x6, 0x4, 0x9, 0x8001, 0x1, 0x80d1, 0x0, 0x5, 0x9, 0x15, 0x8, 0x400]}) ioctl$HIDIOCSFLAG(0xffffffffffffffff, 0x4004480f, &(0x7f0000002540)=0x1) [ 62.381419] audit: type=1400 audit(1763185787.681:7): avc: denied { execmem } for pid=275 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 05:49:47 executing program 5: ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffff9c, 0xc080661a, &(0x7f0000000000)={@id={0x2, 0x0, @a}}) r0 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x44, r0, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_PEER_ADDRESS={0x8, 0x4, @private=0xa010102}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_O_TEI={0x8, 0x9, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x850) r1 = syz_io_uring_complete(0x0) unlinkat(r1, &(0x7f0000000200)='./file0\x00', 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_io_uring_setup(0x3ee2, &(0x7f0000000240)={0x0, 0xafff, 0x4, 0x3, 0x1c4}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)=0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000340)=@IORING_OP_FALLOCATE={0x11, 0x1, 0x0, @fd_index=0x3, 0x4, 0x0, 0x2, 0x0, 0x1}, 0x3) sendmsg$GTP_CMD_DELPDP(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r0, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x1c}}, 0x4000841) syz_io_uring_setup(0x127d, &(0x7f0000000480)={0x0, 0x3748, 0x10, 0x0, 0x2a, 0x0, r3}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000500)=0x0, &(0x7f0000000540)) syz_io_uring_submit(r5, r4, &(0x7f0000000680)=@IORING_OP_READ=@pass_buffer={0x16, 0x2, 0x4007, @fd_index=0x3, 0x79, &(0x7f0000000580)=""/206, 0xce, 0x8}, 0x193) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000700), r2) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r2, &(0x7f0000000800)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x68, r6, 0x75d9b086a1692447, 0x70bd2c, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x24048811}, 0x20000000) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, 0x0, 0x2, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void, @void}}, [@NL80211_ATTR_PID={0x8, 0x52, 0xffffffffffffffff}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x10000000, 0x5}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20}, 0x50) r7 = openat$sr(0xffffffffffffff9c, &(0x7f0000000980), 0x281, 0x0) r8 = syz_genetlink_get_family_id$gtp(&(0x7f0000000940), r7) r9 = ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x48, r8, 0x8, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_TID={0xc, 0x3, 0x4}, @GTPA_LINK={0x8}, @GTPA_O_TEI={0x8}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010101}, @GTPA_NET_NS_FD={0x8, 0x7, r9}]}, 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0x20000040) r10 = syz_genetlink_get_family_id$gtp(&(0x7f0000000b40), r7) sendmsg$GTP_CMD_DELPDP(r7, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x60, r10, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r1}, @GTPA_TID={0xc, 0x3, 0x4}, @GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_LINK={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @loopback}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x3}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x480d4) 05:49:47 executing program 6: add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="f7a502617e99cb07", 0x8, 0xfffffffffffffffe) keyctl$join(0x1, &(0x7f00000000c0)={'syz', 0x1}) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, 0x0, 0x2, 0x70bd2b, 0x25dfdbfb, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e20}]}, 0x28}, 0x1, 0x0, 0x0, 0x48090}, 0x40000c0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0xffd3b3bdfb2e73f9}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x0, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@FOU_ATTR_IPPROTO={0x5, 0x3, 0x2b}]}, 0x1c}}, 0x4000011) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000340)={'wpan4\x00'}) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x40080, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000480)={'sit0\x00', &(0x7f0000000400)={'ip6_vti0\x00', 0x0, 0x2f, 0x2, 0x0, 0x4, 0x2, @empty, @dev={0xfe, 0x80, '\x00', 0x34}, 0x8, 0x7838, 0x4, 0xffffffff}}) sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000580)={&(0x7f00000003c0), 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x44, 0x0, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@GTPA_LINK={0x8}, @GTPA_NET_NS_FD={0x8}, @GTPA_LINK={0x8, 0x1, r3}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast2}, @GTPA_I_TEI={0x8, 0x8, 0x4}, @GTPA_I_TEI={0x8, 0x8, 0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) r4 = syz_io_uring_complete(0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000005c0), r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x24, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NL802154_ATTR_PID={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}]}, 0x24}}, 0x20008891) ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000700)={'wpan3\x00'}) ioctl$TUNSETVNETLE(r2, 0x400454dc, &(0x7f0000000740)=0x1) r6 = syz_genetlink_get_family_id$fou(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$FOU_CMD_DEL(r4, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x38, r6, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_TYPE={0x5, 0x4, 0x3}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0xc880) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x0) [ 63.546062] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.548391] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 63.550416] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 63.554154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 63.556397] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.563320] ================================================================== [ 63.564606] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0 [ 63.565815] Read of size 2 at addr ffff88800fe4f678 by task kworker/u11:0/291 [ 63.569170] [ 63.573328] CPU: 0 UID: 0 PID: 291 Comm: kworker/u11:0 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) [ 63.573363] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 63.573380] Workqueue: hci0 hci_cmd_work [ 63.573415] Call Trace: [ 63.573424] [ 63.573433] dump_stack_lvl+0xca/0x120 [ 63.573466] print_report+0xcb/0x610 [ 63.573499] ? __virt_addr_valid+0x100/0x5d0 [ 63.573528] ? hci_cmd_work+0x66d/0x6d0 [ 63.573560] ? hci_cmd_work+0x66d/0x6d0 [ 63.573592] kasan_report+0xca/0x100 [ 63.573624] ? hci_cmd_work+0x66d/0x6d0 [ 63.573660] hci_cmd_work+0x66d/0x6d0 [ 63.573693] process_one_work+0x8e1/0x19c0 [ 63.573736] ? __pfx_process_one_work+0x10/0x10 [ 63.573772] ? move_linked_works+0x172/0x270 [ 63.573800] ? assign_work+0x196/0x240 [ 63.573835] worker_thread+0x67e/0xe90 [ 63.573871] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 63.573901] ? __pfx_worker_thread+0x10/0x10 [ 63.573938] kthread+0x3c8/0x740 [ 63.573970] ? __pfx_kthread+0x10/0x10 [ 63.574001] ? ret_from_fork+0x79/0x7a0 [ 63.574026] ? lock_release+0xc8/0x290 [ 63.574064] ? __pfx_kthread+0x10/0x10 [ 63.574097] ret_from_fork+0x67a/0x7a0 [ 63.574121] ? __pfx_ret_from_fork+0x10/0x10 [ 63.574148] ? __switch_to+0x759/0x1060 [ 63.574182] ? __pfx_kthread+0x10/0x10 [ 63.574215] ret_from_fork_asm+0x1a/0x30 [ 63.574256] [ 63.574264] [ 63.596833] Allocated by task 279: [ 63.597451] kasan_save_stack+0x24/0x50 [ 63.598230] kasan_save_track+0x14/0x30 [ 63.599125] __kasan_slab_alloc+0x59/0x70 [ 63.599931] kmem_cache_alloc_node_noprof+0x228/0x6b0 [ 63.600863] __alloc_skb+0x2ab/0x370 [ 63.601553] hci_cmd_sync_alloc+0x34/0x300 [ 63.602353] __hci_cmd_sync_sk+0xf7/0x5c0 [ 63.603154] __hci_cmd_sync_status_sk+0x4d/0x1a0 [ 63.604029] hci_cmd_sync_status+0x4c/0x70 [ 63.604804] hci_dev_cmd+0x4d5/0x980 [ 63.605486] hci_sock_ioctl+0x493/0x810 [ 63.606200] sock_do_ioctl+0xd1/0x240 [ 63.606882] sock_ioctl+0x40d/0x630 [ 63.607525] __x64_sys_ioctl+0x18f/0x210 [ 63.608235] do_syscall_64+0xbf/0x430 [ 63.608914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.609825] [ 63.610135] Freed by task 292: [ 63.610705] kasan_save_stack+0x24/0x50 [ 63.611402] kasan_save_track+0x14/0x30 [ 63.612088] kasan_save_free_info+0x3a/0x60 [ 63.612911] __kasan_slab_free+0x43/0x70 [ 63.613624] kmem_cache_free+0x26f/0x500 [ 63.614336] kfree_skbmem+0x18a/0x1f0 [ 63.615000] sk_skb_reason_drop+0x10e/0x1b0 [ 63.615842] vhci_read+0x3d5/0x5d0 [ 63.616658] vfs_read+0x1eb/0xc70 [ 63.617369] ksys_read+0x121/0x240 [ 63.618015] do_syscall_64+0xbf/0x430 [ 63.618717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.619649] [ 63.619955] The buggy address belongs to the object at ffff88800fe4f640 [ 63.619955] which belongs to the cache skbuff_head_cache of size 232 [ 63.622683] The buggy address is located 56 bytes inside of [ 63.622683] freed 232-byte region [ffff88800fe4f640, ffff88800fe4f728) [ 63.625300] [ 63.625637] The buggy address belongs to the physical page: [ 63.626675] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xfe4f [ 63.627949] memcg:ffff88800e3a0e01 [ 63.628483] anon flags: 0x100000000000000(node=0|zone=1) [ 63.629282] page_type: f5(slab) [ 63.629867] raw: 0100000000000000 ffff8880096c78c0 ffffea000035a940 dead000000000005 [ 63.631017] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff88800e3a0e01 [ 63.632113] page dumped because: kasan: bad access detected [ 63.632924] [ 63.633180] Memory state around the buggy address: [ 63.633880] ffff88800fe4f500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.634933] ffff88800fe4f580: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 63.635963] >ffff88800fe4f600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 63.637001] ^ [ 63.638016] ffff88800fe4f680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.639057] ffff88800fe4f700: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 63.640092] ================================================================== [ 63.641338] Disabling lock debugging due to kernel taint [ 63.677950] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 63.680796] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 63.683139] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 63.685048] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 63.686813] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 63.688840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 63.692279] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 63.693656] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 63.695460] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 63.696704] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 63.698944] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 63.700175] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 63.705402] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 63.707487] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 63.709468] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 63.710728] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 63.712283] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 63.713493] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 63.714720] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 63.716021] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 63.718169] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 63.721461] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 63.723332] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 63.727430] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 63.745683] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 63.758976] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 63.768060] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 63.771293] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 63.772395] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 63.784957] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 63.786721] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 63.792094] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 63.794579] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 63.795828] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 63.803037] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 65.707967] Bluetooth: hci0: command tx timeout [ 65.708431] Bluetooth: hci1: command tx timeout [ 65.771908] Bluetooth: hci5: command tx timeout [ 65.772345] Bluetooth: hci2: command tx timeout [ 65.836919] Bluetooth: hci6: command tx timeout [ 65.837350] Bluetooth: hci7: command tx timeout [ 65.837721] Bluetooth: hci4: command tx timeout [ 65.838135] Bluetooth: hci3: command tx timeout [ 67.756991] Bluetooth: hci1: command tx timeout [ 67.757442] Bluetooth: hci0: command tx timeout [ 67.820874] Bluetooth: hci2: command tx timeout [ 67.821328] Bluetooth: hci5: command tx timeout [ 67.884951] Bluetooth: hci3: command tx timeout [ 67.885405] Bluetooth: hci4: command tx timeout [ 67.885780] Bluetooth: hci7: command tx timeout [ 67.886186] Bluetooth: hci6: command tx timeout [ 69.807133] Bluetooth: hci0: command tx timeout [ 69.807577] Bluetooth: hci1: command tx timeout [ 69.867885] Bluetooth: hci5: command tx timeout [ 69.868325] Bluetooth: hci2: command tx timeout [ 69.931952] Bluetooth: hci6: command tx timeout [ 69.932391] Bluetooth: hci7: command tx timeout [ 69.932760] Bluetooth: hci4: command tx timeout [ 69.933297] Bluetooth: hci3: command tx timeout [ 71.851949] Bluetooth: hci1: command tx timeout [ 71.852407] Bluetooth: hci0: command tx timeout [ 71.916039] Bluetooth: hci2: command tx timeout [ 71.916502] Bluetooth: hci5: command tx timeout [ 71.981647] Bluetooth: hci3: command tx timeout [ 71.982277] Bluetooth: hci4: command tx timeout [ 71.982652] Bluetooth: hci7: command tx timeout [ 71.983052] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 05:49:49 Registers: info registers vcpu 0 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff8293dc70 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff8880159e7620 R8 =00000000ffffffff R9 =ffffed1002b3ceb5 R10=0000000000000000 R11=fffffffffffc9760 R12=0000000000000010 R13=ffffffff889747d0 R14=ffffffff88974780 R15=ffffffff88974a40 RIP=ffffffff8293dcc5 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e538f000 00000000 00000000 LDT=0000 fffffe3300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd41e79ae60 CR3=000000000e88c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=494e4f544f4e4f4d5f454352554f535f XMM01=49545f43494e4f544f4e4f4d5f454352 XMM02=38303062343861363036386166633561 XMM03=2f6c616e72756f6a2f676f6c2f6e7572 XMM04=63b1a146c37bb9fe00000000000ae988 XMM05=0b6edabfa1302a93000000000012fd48 XMM06=c4c1c5f9eeec8d5c000000000012fc08 XMM07=00000000000000000000000000000000 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff888009557798 RCX=ffff888009557624 RDX=1ffff110012aaef5 RSI=ffffffff813a291a RDI=ffff8880095577a8 RBP=ffff888009557768 RSP=ffff8880095576b0 R8 =0000000000000001 R9 =ffff888009557710 R10=000000000003ca6e R11=00000000000080af R12=ffff888009557798 R13=0000000000000000 R14=ffff888009548000 R15=0000000000000cc0 RIP=ffffffff8161a276 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fbe7224c900 00000000 00000000 GS =0000 ffff8880e548f000 00000000 00000000 LDT=0000 fffffe6d00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbe71922cec CR3=000000000c8b6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=79732f6563696c732e6d65747379732f XMM01=646d65747379732f6563696c732e6d65 XMM02=7379732f646d65747379732f62696c2f XMM03=006c6c696b66722d646d65747379732f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000556e0084a4e00000556e00940890 XMM06=0000556e00859a900000556e0093cea0 XMM07=00000000000000000000000000000000 XMM08=69253d4449504e49414d0073253d5445 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000