Warning: Permanently added '[localhost]:2043' (ECDSA) to the list of known hosts.
2025/11/15 09:41:14 fuzzer started
2025/11/15 09:41:15 dialing manager at localhost:37161
syzkaller login: [   51.540507] cgroup: Unknown subsys name 'net'
[   51.606696] cgroup: Unknown subsys name 'cpuset'
[   51.625974] cgroup: Unknown subsys name 'rlimit'
2025/11/15 09:41:26 syscalls: 201
2025/11/15 09:41:26 code coverage: enabled
2025/11/15 09:41:26 comparison tracing: enabled
2025/11/15 09:41:26 extra coverage: enabled
2025/11/15 09:41:26 setuid sandbox: enabled
2025/11/15 09:41:26 namespace sandbox: enabled
2025/11/15 09:41:26 Android sandbox: enabled
2025/11/15 09:41:26 fault injection: enabled
2025/11/15 09:41:26 leak checking: enabled
2025/11/15 09:41:26 net packet injection: enabled
2025/11/15 09:41:26 net device setup: enabled
2025/11/15 09:41:26 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/11/15 09:41:26 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/11/15 09:41:26 USB emulation: enabled
2025/11/15 09:41:26 hci packet injection: enabled
2025/11/15 09:41:26 wifi device emulation: enabled
2025/11/15 09:41:26 802.15.4 emulation: enabled
2025/11/15 09:41:26 fetching corpus: 0, signal 0/0 (executing program)
2025/11/15 09:41:27 starting 8 fuzzer processes
09:41:27 executing program 0:
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f0000000000)=0x3, &(0x7f0000000040)=0x2)
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000080)=0xffffff7f, 0x4)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x503)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f00000004c0)={0x2, 0x1, 0x0, 0x1a, 0x135, &(0x7f00000000c0)="424e88e3d7dd9e6609ec29ed7e3290f59f20c7fa5eee8660f6087bd73eb7fc6585be941a912aa8b1837d220414043895b0cc96b079079c10ec31198f9b7ec39f023706baf216ce793393fa2be01b3b15b5e8f3d75def93867e58e16eb70905c9ed4cd488bd6ed2f3eebbafd0b77e6e3e3effbfbf96f27e1fc48fc611b878ac827dd5d49254b3971fefc4f516b6483a8ba34242ddc6dde6409679f7193d97b776903268b2948f2c58b06c384468fea83c290a955a6c58acbca64355999e212be8fc5c1b055fc9a5a3db9c510fc8ceb286952bc4b19e44fefff0de11fdf68d7008d17daaa7b219321024df5ff38d01e9101991e200e821ed2a645bbc03047391b5e83a6557ab0f80cdd3fca39d522ddf0259b404007f2e3e66ee54afbeba2bd43aa57e0b7c6c159747c45b8c0f8dd7cb665b20e849f132578821f32538809dba61279de42d79b2ef79b8b640dd1a328b36f1015d962ee3b2dc7521471c5798bb24085208cd9a9eaa9113469ad9bda64270b0b1618e9e47731f08fea75a3cd946a2b715122cf42e25f498440928bafbbdfb5778a6e1590d896de5ced30e2bec4d62acaea328021df698d5e90bc2be2f8cc50356f86199431db56535b14a7e310ae597290f6a9561275d88192883ab1e6de50c74cf92bb7ff88a00d800629cc7d1627c202e8d257003ea5c2d8de02bc7f1292aca0f638f6c7ac8e7df3977246d64db1e7f0e5374560d033eba5b6f7f5e5059fdcc56b4ef51bb1dc0de59e949d8181ef429a3d8ca2e93769df5221dd60edc5bea81d838f0dec9b25088b445e1b1c4fcc4a387531aa98253569c67c86ac8cd292bbef1dad9601767b96186beffcf6ece8579e43574cc4abcc99f0fc64fe88e5a45cf4c66bc21ffa0998e1ed991b90cc82e45cbf3b846f9f79d2a03bb5f746ef66f4ec58b34903e1226b2d3a5a67e9abf325e3399f82887bd00dff9b42a6701034a9f85001795a475f0b758c3cbc4f87a11d8dfb5d06c360b71150668c9ec7049e456e9a55d1480ebed4f2ae0fc58a1ebbbe1062445539fe84ef5eeb7aad65375a5befef56a0cb199645347cb78e23e825c937da3f2bcc52a351f23a275cca98ee6b3da7aab2113b3469454f991aa464cb519d1b67d95f596ba12ee22b8fc5fae49b9db421cc92d8454aef218ab4717aed994298a5223efed91af7c4247cac2dd8ea6a3707507d3e7ae12a06c3cfc7db66390169de9592dea635dffd9ecded1c78389796463b2333810785dc9f1232234d9504cb87b5368c3fc269eabb05c2067e8178ebd2510ce1aeac363835919d69693537c3e3d230af6c9668fedd732b58cc190f4617dab04fddf48fc514ce58b0a55526d209fc126b7bb8b90166a0e34a92b73677dfd448b3e09197042420f8f285ef783ddd38309182ff677e5dcb953f86462c26032cfc084b622041aa3f83900"})
r0 = memfd_secret(0x80000)
ioctl$TIOCSISO7816(r0, 0xc0285443, &(0x7f0000000500)={0x0, 0x1ff, 0x0, 0x9e, 0xff})
ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000540))
ioctl$TIOCSCTTY(r0, 0x540e, 0x8001)
ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000580)={0xfe, 0xff, 0xfffd})
r1 = memfd_secret(0x0)
ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f00000005c0)="aba6e05d9cf918c6820b12a209821fcb8c567b82ba4506efa576eec8bd4648b205fdc6f026624492f728d02e339634d8cd7e0db6b1883c974505b84bb06c7f5d7459e50b706aa866a86324b6528bce4b26430155852d559f558bc45750258fbd45003a05a5c6692ec767cd9cee0e4b39db40d1daa2b92a419e62c046d96422d076d663eef76620c3f63b28690cd5cfb7b105fe772382b76e11952fcb029b1d647779865797fcba88b98cc163b0d62e")
getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000680)=0x1a74, &(0x7f00000006c0)=0x2)
ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x541c, &(0x7f0000000700))
ioctl$TIOCEXCL(r0, 0x540c)
sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, 0x0, 0x10, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xf33}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0xcc804)
recvmsg$unix(r1, &(0x7f0000001f80)={&(0x7f0000000840), 0x6e, &(0x7f0000001d40)=[{0xfffffffffffffffc}, {&(0x7f00000008c0)=""/74, 0x4a}, {&(0x7f0000000940)=""/231, 0xe7}, {&(0x7f0000000a40)=""/4096, 0x1000}, {&(0x7f0000001a40)=""/58, 0x3a}, {&(0x7f0000001a80)=""/55, 0x37}, {&(0x7f0000001ac0)=""/200, 0xc8}, {&(0x7f0000001bc0)=""/220, 0xdc}, {&(0x7f0000001cc0)=""/108, 0x6c}], 0x9, &(0x7f0000001e00)=[@rights={{0x38, 0x1, 0x1, [<r2=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r3=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x158}, 0x20)
io_uring_setup(0x1c25, &(0x7f0000001fc0)={0x0, 0xb47c, 0x2, 0x3, 0x293, 0x0, r2})
r4 = ioctl$TIOCGPTPEER(r3, 0x5441, 0x6)
ioctl$TIOCGLCKTRMIOS(r4, 0x5456, &(0x7f0000002040)={0x7817, 0x9, 0x29, 0x3ea, 0xc, "658db76c0a5f0223130eb051d60dc9e7c0bd6f"})
ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c)

09:41:27 executing program 1:
r0 = add_key(&(0x7f0000000000)='blacklist\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000080)={0x0, 0x0, r0}, &(0x7f00000000c0)=""/7, 0x7, &(0x7f0000000180)={&(0x7f0000000100)={'sm3-generic\x00'}, &(0x7f0000000140)="fc9ffe05f995bf41ba139a4cba9d42d95c133a1a8ec99a58c33d2b", 0x1b})
r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$read(0xb, r1, &(0x7f0000000240)=""/111, 0x6f)
keyctl$dh_compute(0x17, &(0x7f00000002c0)={r0, r0, r0}, &(0x7f0000000300)=""/29, 0x1d, &(0x7f0000000380)={&(0x7f0000000340)={'hmac(sha1-ce)\x00'}})
r2 = request_key(&(0x7f0000000480)='rxrpc\x00', &(0x7f00000004c0)={'syz', 0x2}, &(0x7f0000000500)='-\x00', r0)
r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x1}, &(0x7f0000000440)="142f246e2c36cbb62902f0427d54c41502e2005197c0b3ab077dd75d4da7c679de7713", 0x23, r2)
r4 = request_key(&(0x7f00000005c0)='user\x00', &(0x7f0000000600)={'syz', 0x2}, &(0x7f0000000640)='blacklist\x00', 0x0)
add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, r4)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, &(0x7f0000000680)="8b15b746")
keyctl$revoke(0x3, r0)
keyctl$dh_compute(0x17, &(0x7f00000006c0)={r3, r3, r3}, &(0x7f0000000700)=""/113, 0x71, &(0x7f0000000800)={&(0x7f0000000780)={'sha224-neon\x00'}, &(0x7f00000007c0)="1f6db40fa65a370b294f735e8f69cfc026a8", 0x12})
request_key(&(0x7f0000000840)='logon\x00', &(0x7f0000000880)={'syz', 0x3}, &(0x7f00000008c0)='\x00', 0xfffffffffffffff9)
getresgid(&(0x7f0000000900), &(0x7f0000000940), &(0x7f0000000980))
add_key(&(0x7f00000009c0)='dns_resolver\x00', &(0x7f0000000a00)={'syz', 0x0}, &(0x7f0000000a40)="92f7ebfd48555a48cd1f4ba4253a63771921178b87325560f5d3d117b94a3a654255feb09256780715aeba071067a0c13390dee361ad03bd605b604804814481a0ad85d0ed654c38", 0x48, 0xfffffffffffffffd)
r5 = semget$private(0x0, 0x3, 0x4f2)
r6 = semget$private(0x0, 0x1, 0x410)
semctl$SEM_INFO(r6, 0x1, 0x13, &(0x7f0000000ac0)=""/186)
keyctl$read(0xb, 0x0, &(0x7f0000000b80)=""/81, 0x51)
semctl$IPC_STAT(r5, 0x0, 0x2, &(0x7f0000000c00)=""/4096)

09:41:27 executing program 7:
ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000000)={0xe22, 0x2, 0x800})
r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x5)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000440)={0x2, 0x0, 0x8, 0x2, 0x72, &(0x7f0000000040)="4c2d75757aaec13a601e6baf96de97313a73ac9bc033c6763654ee67594f790b8370a2ea934dd4e6fffacccd5ca81ad3d71c6aac78352b95b89c4578ea8a05cee96d347864bb1dff8f3b9710259f7e983fe511c838b32150a5959dda2d0135c6c2e534f3f366bd943374dc4fa94f53d3cb8339c59cf39421909f6afadd012159f11529d5f35b3dfb0634a3e1627007959c07d000d5ea6c0145bfd3370876cda9946e7cd9ff103efd6eb7d8149eea3ce25570f61fa0e6cc1852d7c8bbe39ab152004393f1fccb75505c3c9239d29dbd47d932e6c188c8a9770b7bd86e1ec7a7acb2a61ced2bf0300a42242b39040fdd529f50ee7dfd6c46ea000b8a4e81c0c23339aea3b718ecc0212ca4b586cbd61b814f254cb1f74907fc30371521cd46f4b1bf7bcd5899b20fe558543a8a2f5a909e0e2af913bdf87a06d1f7c4bc2f1966c5d80073c0dfec9681cb21e06cd7497010cff16ef8fe347fed711064a91bfba25a65897e7eaab4904091f058b78c3e38baa89f07454f5a793d8d6a2e89f49018c22f86c212629df4bcd1f451ff7d58563672b95145f8191149f1aca24bbfcdefda9ef9253fbd7576ff9fb9dd6ff87f9532446f184b5934babc9c63ef761b676480799cda2620c47ee61b027e7c08b90e9c6b0d52c276c61570638525bd6d044d147c094dcb79ee4fbac62b89c34b46ba5e6beb924abec3d6aafd95af6a05a04408b4803c3891b6e28dc51d06e12c9a229b084b3c980ce65631988b672745faeefd88c4353d941dfe95e75b840b7a9a624dc20451477cb291fbbed4f25ccbf557ecb7ea5b67629b1dbf4c56dfa41c4cf5bd18958ab9aef01ae008191361f86482bd3e4566e8a6c06fe00bdcbffa87b22dddcd11243eb1702bc7948058b106064abc2b4a8a9a922440793859388b310f63efdf9a323b488e33ac58176c3c8982273fa4a632b5001619a18589bcc8ea3d662fc0b0c15ef3dfc61b943d940b712d45581778630cb217c9ee3079b399c56e3b3003b361771ab5e50f8586fd5b7e2913ffb294e3451eb3c21ca40667882e7599e91b4c0923b5e5ef957a9963913a19ef4fcde7c4925afdc14561d5a94d5441829a79aba0dc1f5dce34648ed8ea7cddec22de9b3d39638237b26e2ac43ac50242c8306f85bd063d950a10bfc9a3d3214715f3def17d38adbcd420e90ef66ba947f73da66858d4a9861dcbd7a46064de802e6cbb4ca3a66e114784bda0df3714e5d2e28af65e31aebc9f1721fe8d407c64ec589a6abdf0c156831bcf0b880c97a558e6245e47920c2b1170fd1667a498d43cf0525b1128df10fece39844486fa92f730129f31ea80038ab2e932d8c38d97cbb83e2e6c13831f570cedf4204aa9e8edf81ebeb3662b5457595f03a829de316bb6c6c5c4150f71b703d7857ab4d46085b903dadb5f2ffdb4c8465226551d5038"})
r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x4)
ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x541c, &(0x7f0000000480))
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f00000004c0))
ioctl$TIOCSISO7816(r0, 0xc0285443, &(0x7f0000000500)={0x10001, 0x5, 0x100, 0x7, 0x108242b3})
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000540)=0x800)
ioctl$VT_ACTIVATE(r1, 0x5606, 0x1)
ioctl$VT_GETSTATE(r1, 0x5603, &(0x7f0000000580)={0x40, 0x40, 0xfff8})
ioctl$TIOCMSET(r0, 0x5418, &(0x7f00000005c0)=0x80000000)
ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000600))
semctl$IPC_STAT(0x0, 0x0, 0x2, &(0x7f0000000640)=""/164)
r2 = memfd_secret(0x80000)
ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x7c, 0x0, 0x8, 0x70bd2c, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x400}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xffff}, @IPVS_CMD_ATTR_DEST={0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@broadcast}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x24}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x48000)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, &(0x7f0000000840)="9597a0a01c16a7d7fb330bdaa1f0e59beb72f5992bbd2ed9dd4d9ac51883ad0154b88f131ca755194b2ba71856fe57deea9ada13bd34aee7a95824b7e1b7dcc1af0dd59626aae81cee42de1cd5cec8113b5363c43f00996fb8bd05e3271a942c56ddff67049780c45bc103ab9a606969cd974e0cb0061233c8c2a91e1eb278138a44d6b8c1d2908ddb9a5a33f62df4aef9773165ff2436efddc2ff479a6da134c26782e3ecab92cced4b3896ca4b5d02b8158ac7f98fcd8cc9be6361f92aed62478a")
semctl$IPC_STAT(0x0, 0x0, 0x2, &(0x7f0000000940)=""/29)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_FLUSH(r3, &(0x7f0000000a80)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000a40)={&(0x7f00000009c0)={0x50, 0x0, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x28a5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x40}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffc}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xfb}]}, 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x4000000)

09:41:27 executing program 2:
r0 = memfd_secret(0x0)
ioctl$TIOCGPTPEER(r0, 0x5441, 0xd20)
r1 = memfd_secret(0x80000)
ioctl$TIOCSISO7816(r1, 0xc0285443, &(0x7f0000000000)={0x6, 0x3, 0x3, 0x6, 0x3ff})
ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000040))
ioctl$SG_SET_DEBUG(0xffffffffffffffff, 0x227e, &(0x7f0000000080))
socket$unix(0x1, 0x2, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x104, 0x0, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x10001}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}}]}, @IPVS_CMD_ATTR_DEST={0x40, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast1}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x80000001}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8d3}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'sh\x00'}]}]}, 0x104}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000)
r2 = syz_open_pts(r0, 0x20000)
r3 = semget(0x3, 0x1, 0x204)
semctl$SEM_STAT(r3, 0x1, 0x12, &(0x7f00000002c0)=""/229)
ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f00000007c0)={0x0, 0x0, 0x1b, 0x2, 0xc1, &(0x7f00000003c0)="03b1b3971ecbdf048cce8a1714885f57ec4cea3d83406465879bdb1314cb5bf527c5241c3208f4b83adb65a057c20f8411365de166ecdb75feb3b6aec36b5ae3afe9f81d634518bcb8f772d32e261e482aa2fbf266464f21d1d1f5ab05834e1c262c393f4e35c3f935fd7a0c3acf70e96ba592326f0820c0caf417be3ccf6a03d7697fbb2620cd802f83811aaaff3e0a499b18b88684cdffa1edbb636344a229f1e12a60ddc3ed483e5f9fa36daf92cca285b256f0c6fe1a99b3f928de45795a5148ab15ceed60d435203519a3bf7148d9330694b955d338172fe2fb1f69c145abe2f44833a4b93ef47077d175b4522a4ec1856e5991e89f798b8fa96cc6810bd313cba9431e06bad53ac1863654f5982a7169786a72201f01f84c5c6ede9966d37632f569b9c57757d5caecc0b82b721b97b7b867247e5de39c99e66bfac6ee4d24c3fcd1b32a71778d2aca2b4136fc9966978301db74c1e8eacae798c165d0771d6ea44e0e5d7d2eb82208640af7fe10fa92a1a38b31ff9e7b671afb9eabab1debe6ca6ef2c8534968f6c0832a6cd5a88d6f4de77b4253f5435fc57e5179e0940f6e6f19bb73443ec3570e95e4e82288d416a366f029e3e9538fbeb8b0b75c47b8a931a04e87e607344ffbc6dea25c09367d997186bd6f68a0db0b8a6e2525919b3aad60729d868fd057512a90defff2eb982a1f15b2263f833713359e08178ea8a26f503ded748c95ce97460d49b541de02002c0388c7f4c1f967783717b0d55a2a56251a7010e78dd1690b60b17e00d70eed2f358318b12851e269b7e88dc2a0658bca0ad7d26eaae482807410c49e238a76914ca478f7e99d1868c3383aae4cfdb64fe1e0008f7201de6ff718521d625af1e4b374e51909cb36d3bfff1ec43416c4aa98436cda041bbedd0b23bce27acc4db74968c706ff17b92bde0d1bbfa0aad2920038fa4a68168deb9c99a4828f01d4b568dd4415336f5d92e4000f4ec11464d92ae95ee16460c98e289a2202daeb183ac10e51da1ff28ccb30e17ac688f1a3ba3f07ecf3eaba860bc8786fc1a954c1322d713e734b34ba96cdb9d0e11c4b75ed0c5ef186de27a5c3c86aaa9c41fe92364f58862885bdacdcc0689afdedf4d1ed8cd8bde82adb9c26ea7ff0e4dbeee4acf9538840c989f0d2cda65c61f5204291e874778828f9c797bbe2364f470ebe1cb3aa515efd5350490280e4d769cdcd9498077ab2b970d36c5d5c62ab18c567286f00e1f8dccf6fbc095eecc85057c3aaaa2accbae4f68cefff321ab57bed7ee928f6260973ea87b9a4fa71e1a5779e01e2badf5530ca43fb62dba7815724abae07c120e41550af4f516d11c1f0344fe313e60cfc373bd36789e21109e163b7ef0a2a88da487f5b683ad4b70de8a5590a021458bad0df76b73806890735d6d91ffc92fc3052af39d784a80c"})
semctl$SEM_STAT(r3, 0x0, 0x12, &(0x7f0000000800)=""/65)
ioctl$KDDELIO(r0, 0x4b35, 0x2)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000880), 0x620100, 0x0)
ioctl$RTC_UIE_OFF(r4, 0x7004)
r5 = syz_open_dev$sg(&(0x7f00000008c0), 0xffffffff, 0x2180)
ioctl$SG_GET_SG_TABLESIZE(r5, 0x227f, &(0x7f0000000900))
semget(0x1, 0x0, 0x447)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x40, 0x0, 0x20, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8000}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x90}, 0x20000001)

09:41:27 executing program 3:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x200002, 0x0)
openat$cgroup_freezer_state(r0, &(0x7f0000000040), 0x2, 0x0)
r1 = memfd_secret(0x0)
ioctl$TIOCSCTTY(r1, 0x540e, 0xb51)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0)
ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f00000000c0))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r2=>r0, {0xee00, 0xee00}}, './file0\x00'})
ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5)
openat$cgroup_freezer_state(r1, &(0x7f0000000140), 0x2, 0x0)
r3 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x2)
ioctl$KDDELIO(r3, 0x4b35, 0x7fffffff)
ioctl$TCSETSW(r3, 0x5403, &(0x7f0000000180)={0x6, 0x0, 0x2, 0xfffffff8, 0x11, "c839366aedcaccf3e4440ffd4f17fdfa2f57f1"})
openat$cgroup_freezer_state(r2, &(0x7f00000001c0), 0x2, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0)
ioctl$TIOCCONS(r4, 0x541d)
ioctl$TCSBRKP(r2, 0x5425, 0x7)
r5 = syz_open_pts(r2, 0xa02)
ioctl$TCGETS(r5, 0x5401, &(0x7f0000000240))
ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000280)=0x6)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f00000002c0)=0x5)

[   63.120347] audit: type=1400 audit(1763199687.935:7): avc:  denied  { execmem } for  pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
09:41:27 executing program 5:
semctl$IPC_STAT(0x0, 0x0, 0x2, &(0x7f0000000000)=""/4096)
semop(0xffffffffffffffff, &(0x7f0000001000)=[{0x0, 0x3, 0x1800}], 0x1)
stat(&(0x7f0000001040)='./file0\x00', &(0x7f0000001080))
recvmsg$unix(0xffffffffffffffff, &(0x7f0000003540)={&(0x7f0000002380)=@abs, 0x6e, &(0x7f00000034c0)=[{&(0x7f0000002400)=""/50, 0x32}, {&(0x7f0000002440)=""/4096, 0x1000}, {&(0x7f0000003440)=""/73, 0x49}], 0x3, &(0x7f0000003500)=[@rights={{0x18, 0x1, 0x1, [<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff]}}], 0x18}, 0x2)
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f0000003640)={&(0x7f0000003580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f00000035c0)=""/81, 0x51})
r2 = socket(0x28, 0x6, 0x3)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000003680)={{{@in6=@dev, @in=@empty}}, {{@in6=@empty}, 0x0, @in6=@dev}}, &(0x7f0000003780)=0xe8)
ioctl$FIONREAD(r1, 0x541b, &(0x7f00000037c0))
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f0000003940)={&(0x7f0000003800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000003840)=""/255, 0xff})
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000003980)={{0x2, 0x0, 0x5f2, 0x1, 0x9}})
recvmsg$unix(r0, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000003b00)=[{&(0x7f00000039c0)=""/4, 0x4}, {&(0x7f0000003a00)=""/235, 0xeb}], 0x2, &(0x7f0000003b40)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa8}, 0x2040)
ioctl$VT_GETMODE(r5, 0x5601, &(0x7f0000003c40))
r6 = syz_open_dev$usbmon(&(0x7f0000003c80), 0x7ff, 0x2)
mmap$usbmon(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000007, 0x100010, r6, 0x5)
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x8)
ioctl$KDFONTOP_GET(r1, 0x4b72, &(0x7f00000040c0)={0x1, 0x8001, 0x17, 0x1d, 0x168, &(0x7f0000003cc0)})
ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000004100))
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000004140)='./cgroup.net/syz1\x00', 0x200002, 0x0)
fstat(r7, &(0x7f0000004180))
ioctl$KDFONTOP_GET(r4, 0x4b72, &(0x7f0000004600)={0x1, 0x0, 0x1f, 0xd, 0xc4, &(0x7f0000004200)})

09:41:28 executing program 6:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x105000, 0x0)
ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040)={0xc939, 0x7, 0x1, 0x7fff, 0x2, "f92a1547250a961e9ecf50f3a695adb73b294b"})
r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x1)
ioctl$TCSBRKP(r1, 0x5425, 0x8)
r2 = syz_open_pts(r1, 0x2)
ioctl$TIOCSCTTY(r2, 0x540e, 0x7fff)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x101800, 0x0)
r4 = syz_open_pts(r1, 0x40002)
r5 = syz_open_pts(r3, 0x20000)
ioctl$VT_ACTIVATE(r5, 0x5606, 0x0)
ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f00000000c0)="8bbed654f366019a23023905f9ba04a269de404b892a999a1457a302fdc016695f6235f8")
r6 = add_key(&(0x7f0000000100)='user\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000180)="7956db7824b9d2f2d376ef4ff27780d1f737dc3ab8d5b312a33bf0177adcc7851cf94ff02be35b646fb8069290460050da1acf71dd61eeec0fd70b8ad2ddcf8bb5623e08af6caa4057d14528d00bbc684c22381b2503fef9f710a98540d6c91c2398ec21874c17e6e472c600ce66d4dc2749a204409e", 0x76, 0xfffffffffffffff8)
keyctl$dh_compute(0x17, &(0x7f0000000200)={0x0, 0x0, r6}, &(0x7f0000000240)=""/104, 0x68, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x404000, 0x0)
ioctl$TIOCSCTTY(r7, 0x540e, 0x0)
r8 = syz_open_pts(r0, 0x4c840)
ioctl$PIO_SCRNMAP(r8, 0x4b41, &(0x7f0000000300)="5792e7e9aa616c7c57558a704fb36d8d077b07c664fc272b9f1af652be0a37c418cc2def06f643d8c4d7f59a1480256ce186ef144b994c111ef03f5f6ddcaf1a13cf03c81060453496039e537d369e970457bcaea72290a79c1befc23e0590236875739f1ce6378826fd1a0ff08ffc0b3ac7d780d8e407a1c44d617b9bf55ecceb040538afbf41ea2f40d8183359061fa4ba6417c591f9a13825aa72819bd278df41ee312e96e957338c86b97092eb9f871a4e9b293c23753affb1715f67f643ca33de9d1d91a2c240")
setsockopt$bt_hci_HCI_TIME_STAMP(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000400)=0x5, 0x4)
ioctl$KDFONTOP_SET(r4, 0x4b72, &(0x7f0000000840)={0x0, 0x0, 0x18, 0x18, 0x16, &(0x7f0000000440)="3569780212fb49986bb0835a97dc1f2e0219922e213003df2f861954b192bb74ce0d6166a344f8a0dda9b02b5ee12d239a0f8e2bab175ab828ce842db1569d7aebeb50b9dd70dda270f50846710ceec370d8cd8e7500859451d89cf34c833032eeee7405c587030f4a7df450b5335af244b5a5062b466aae7899d6ead9f2053e65991a299720926bd97e99fb7100278359c9ad1fa5796c2c1a529b56322f7f3c8020566587232ecb89bb3c0b507db04a6344746e49672e3465b2008e20336d455b6c8335268f9e952a62ae581cc52a2b94cdc4d7af4a5cc3249d6e6bbd92b2f25e4afdebbf76f0f4d9cc3a999bdc1547e85085ed4851a1fa5c3642651328a7e2b7d4e89bb77a58fcbd80c26b6248ebc02f4d4f5d75d9fc17ff3f8daaa33ae05fcd2a967e9fde1b9c48d03a4ad30af9926263aa2cced2d0302744e9fe11dd702a3247b54ca06dc469e2535afd72eef7583cb2d40013f19f06e2308dceea4df3d1bc38c696e607e86f3eb244194aa20ea081a25c010c408fc97346a51ff0cf2aadb04eec691ff87459b56fdcafaeb0e89f53e6bf860b1d0fa6b672cbab19613f87f03679c733757d343d7a98cfed36ced2bab7bfee69dedfdd72ab4ce4a76c6c728869d597d7bedbce504be989b41e4e7d35eb698f6fed671f6d0e6a501c6a26a5c68a2b90c3b44f9473e3df599bfd6bcb26b8501c8f7adb08ba6bc5dcd1c18788c88322fecc8940d329f21f99989fae605349c08822d1c8f425faa337a561f95c2097449328a9b7993591e250ebb8373c70a81202e4c1da174b2c0ad8586b869ed6f9dab6a5f92449094035d98acf914619d7ee851f5c547b102a1cb6c7abd22cc2b5b5e7fb5d8a0ab7668b24ab097cf6ea4f67e7c6e9e717f55706f6ac0617dcade309ff4604e06c73237203011df3c4bc3f7a98817ab09c283a9d8e064b2bd38ba39f9cf7e9c0809bbeb93cb70825b05fbec5eec8b809ce0dda6ee4521d68bcc12ebc84756cee2a5b67fc0217025eb0272d6f01de416d54672736c27bb95cb417501500b00158419d0709db5043ed806f73a9d10a2fe06ae70e3a11891a3aebeb7c1dd840be4565c4f6771659810bebcc3cf26c66fbbea5852a803fcd06e40acdd77fe718c166f357d452c0fdcf8c8e29e46ff3dd846cdc37a3fd9fe29dab95866d94d278d5b5b4e386c6a5b56eb26eef5ce6230847f480804ca5480231b2491b0273a500785812fcd2957efeb26c027a11122ac0f7758a4944102e5e8b68492081cd07c6e1852fe830a2d900a5987a40580fd7d1163508b15c2284e07248250c718b1b0646e392ef8337107cfda4678660a3b38e96efa2b0298da48aaad9e1e92555abf6b027478051f3b98660beea5e1d2fc9c5043661710087ecd142af0fff14978ff9529b22c444d7e4736359b09ad6d6201ec0a80fb468b2233d90cade"})
ioctl$TIOCCONS(0xffffffffffffffff, 0x541d)

09:41:28 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x28, 0x200100)
ioctl$MON_IOCX_GETX(r0, 0x4018920a, &(0x7f0000000100)={&(0x7f0000000040), &(0x7f0000000080)=""/111, 0x6f})
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, &(0x7f0000000140)="981a6e03ca62f1355986bea1cb81a40482b1bc88f41c1f847128fa618eed62fc951840b39c12f3bf9ffa2e6e1765e9226014888028e16b47dbde8ec90a56d67f7794391baef4db192a50bfc18c23a6bf05600e6243ba5672053eef4647b1a1f2e44da645ff979fd5d0d2b5b962eb26634ec260f3658a98f3cff4f1703bfe0348da23bca4bd8d5bd1d164f01e17e99dff3a83a0e2ab6b0f92f4f082de679cbdbb7ba89649df757fea03d6bd957678e42584af9ef8de109cec69bbb4d109799d856a8b7589088ad39dadb6a499b6c1019f0ed04ecaaf1fa298249881ac3016c73942923040b8831bb364fe6a0b67510dabbf56a7c205a76646ba29ad4a4e7553d63efc6a9c392a2bfdc31e5b6d7e1a45137340e781d28591c3760da9850c977b0df06a6fd6df1c6345c958e4c132012c2637553acedae957a085d792af89c1297be7a2463b873856932d96de459124f66524e2ea6f7a0905ae19091060c260478cd32bf8e703c2ef300cf44d6f486ca2204cf2de4289b8b989c30d09bbd9f1867de9bc2db79b0bbfd7dbc3b4b2d74ab32c54e09895370dfd72d3c74ab3ca7d03d0734177ac76e5d488a4b2bdf08564d12718dd8072ac3cb37f328ee314f85a69bf0c254b47736f7f9b10ace53cf4e8ccabab551d6f108522354da9212c4c70aa50cf27464d0c01c1ca2d8909fa207382b1b22b48eb47abb2c232b1480c0349032b98d7c44ee94ee4101b2a4e107eeaf64d57e530e32f3948f304166b1b6373f64ec4d6102ac6bc6cfaedb644a21c8baf554ece1eef7082b59eb15b21dcf6aec23b400e10c036f10c34fa8945798a77d239fa902d69aaf68d7c5dacfc96765c898f8093e5b5d16b3e5f35d7aadbe16664c93e8fb4ec04224660590756db5daa6937388ca57a557d775984f17c2120c313e691723d569806529ab56a8dbf09aec92ac08efc468a132727c29289d7d7703c083182a3bb67cd57d9c793f804a22756b675be227f094c118352e74746ff1ebdb7816d18b0d20c634f8f021c203af830a7ce68fadbfc6c56f4993dc83915e96fe5d3700af1b91c94b5bbaf677097de2ffe5949752860c796b599ef46be85e86f87da36d0a35e853b4eccd0fc578a1c7060d8cd6f396e02d7f5a9a8af22dc6412041f12a1c04a695491926e6375b8e4c5f1e87e0fd7738b35199c1c67882d04598191e8d115679d38c75ea7d494efde4e1035642c6693d6f4519bb9197ab1bc70fdcf6715b73a632fb56cde5db7735d745433ad669309676810b83ec988dd8ad0a08d735b8064ad1dfd3016a006e2493efb89d8aec48fee9a7f3194af1ee30014ee0cabfd774f90c24031d3f34b371efc10342969a77d56fe64cd140240704447a2a85301ac38c2d5d5915ba22137869ba774af24b4bb92e33e1244b5f36aed24858867fe32e8fade29bbe4f192b618bae3264b1c81d68da5386778a0ecd5690647dcd9bb22641347c8437d033e18efa77bad267e4312de204cfab10cf13f56c71bb6f63d7fbe9138249fcbd4fc9287b5e22c655faec10c34811a9c6984e83b95771d316a5783254d67cbe5286ad2312ff2595637ba644bad54f1acb8527ee52ba5f666485ca0dcc9f86706d47deda70b34d3df91dc73a75e1c6bb180794223b2c223529dd715be061a6cda1bbf379fc511af9d33927270e21787758f2b7db483388bb64159bb1d6bf72b2d2b267b6d8f9482f260cfe38eeff717dbaed5b29ce73ba0e8166dcac4b7576c24f05febd97c7f2f4ece5729b01b59c60e7cc3e44b6d2d1ab106bcbb0d2d99a89f03bea23418e51384ad88450f21a1bc44bbc802f321eb66c907844e2e676ccc607c42132b1f7b05ff59c56e769799b08ac3025dd6a729e8c5d6514f752db04e16d146e970fe9683b0d139eb1485d1626704e9e6016c8952375719ca56c1ef31810d0162173aefc0925aca1e19dbe65611a3ae5342b90a2929f9963f9f997a24ee03426fef460473659fb75f77d273a11628b1e200ac2a47759fdc45c838f08bce26395e07149b41332911624bd8a236d36349c3902157f980b39a2faa3740bf5b0a7f0acbc5b99db81cd52faf6e06b045a7dde2eb6a5efb97a99b3212435bd57592223226f01be8077c20d533d5709635accde9bc7a09f28ace320446ae4c7067145e0d2247f605c87695ab558d5e2e58bee7beb623249011fcfc1908505374af90f3e7ff035614cf7184da4c933581cea1ed875bcec7cf07ab9288444c29f453abfb89f97e1bd90d7992e333b440f4040a3c330ef586fd82e2ba34ca3e41b553fabb02a0e592d46fb82da76f8f2968d16ee26a695f16c97cb4bfde66e21e645a50bc9dfabd6630a76d0c7460eb932b30df4399370afcfbb1e55e48979c723e7613ba3997e2d990a62361e87a4a528cf5520f74f37f32ccab8bac37afb3a3875f3d357af3837aae303a17e6ddfe29ec77ae89653671bb1fe614bcb1f8a8d60c85c29585ed203e3e8d731d42902eae0d55efd545e5e9146d85de92dfdb4d414ab1f5e46dafcd29a7261d40a2e65e35c200939213905bd2ac472131b2164db98b5a7e39544d4ba517f1e0df8b08ff672e2384428fce3aa33e2b3d3b4991a4ff59722e8cc703dafd159d5ed442a49e133771169047f62698cddfc934a010cd5de0f8c2ac704bf3090bab0b28c9556bfa86711cfdae248b4b5cdbf3065c0edc5b89e514820d8ae465152341223675ff92a9275dad924424a62b07f8bc82a2103aaafc76c8b497cd8eadccebd172ce69ffda4260f9bca5203410e7c0eeb8aa6a7bd49af6b527afe340c42776aac612960ab52b0e917733fdaca4a7c67ab780572317f0ba1d78ab3be520bf9d7334846b4aec3536a496311867b3de6ab9e67b81ba7d338e4ddd5a802b48969640ddb77e8414adfab8748e07c7a95ac04debda261e91cc7f9d5dd849f98ac91c50e1211dfdfe33376125bfac463cc18d13f1ce64d5dcc145b76880e923aabb4b136e1e013a3405401849410ccd88e4d0631bf0f00e7a4ccf23b28eec2c614475758a2d6efbb59fdf81639370831a07a824301aa8e0a9166403fdb27ba01bcd60cd53ef435e2a2ad29bdddb52b36cc1b5ca67829ff4e55523e6a61160fdb3a599dcf036e3053eb439aad6a91dcb108f861f9bb00f1f52d4fe6399a138f4a4c815675e47d3d24c427c611e86c5adbc79e65410a831fa6405e7ab8b35992e5311b43bdba2148353f634535482a83696061de60bd1f6aac0fff0703c780aa80ed73f533330cd0eafd04203415c8c4dd6d343cdf0905b06e452e374acf808b5f7e471a72bea0313963f55e4d3cf9369df9f85ce498af72a82c1c8bc4f46fdebd4afdfcfa4207d712bcb968b9c529557a8894d2aeebc5f4ceb29eaadc8176bb3f3a52472497a26b30e0edee3b40e6099738376288cd7e7fa5634d834cfae398875fae6332c3081d7032e58f4d23856bacc5809a95ff8ef9cd159b7999eb8d96751cb95f86e0595d765fce56adcccaa2ddd7dda39ecbd94c4fd0160a9f6cab228771bb8507407ab95906ed1ac8725ec95d097cf71753ba35db761c489eb03ebdbd0fe9c1cc90f3bda22c1b27af0afdcc5354cce36deebddbe80cabfe8ea2211550281d790b474d0d1ec21f9ac165cad1a90cfc5f8fd9daba2a8a58569b2249c51744d7d09e0879b1031f2e35ba8aaa4ad5dbe5f2927830d1a04505dcd900eb4b4287d13ba53b4d4e45fb9665eee67aeb0c93e69c54b26dafaa5ba1974e61d7ddded3fc92ae26d4073fae6e25f3ccfde140eb4f30f4c7098b77f8dab3cbbfd08eb6290d35749a9d5e62d8d95fef37bf57549020ed70290055e9949e6c174bb5b0175176c77c7613323a2117101dbab86614c212eb1e95f131023352098f9c9f90b7253f364675bb94a63dd82c33d674ecc2f1f3fe96a1de754acf572ce5f03c6076331652361b899ce888afca2653db7589c86c8039e6903203046a8588b50ad906acf28be6dc1f11b72b974969208ee22e589a07241c39322a5ea84924e4e5152e3a536243fd170f8e42406a4f078d159ca5aa18db11182ff15199d6e9142d8f8be11fa3acb3b06611138a3b25039444bba46641e8b4a5f95e44f29a2d7f810bc8809919cf5183489cae7bd5ad1726a54b0310db9bb3d7324c5dd5b8f574584d6f97f5b1ef950842ef7d5727f0c4f67e88be85f1de241d357a7f649e444f067c92528d2b2f87f02312a2fd482140913048ac2425b3426ad1f4d8cbf3918465e79077094782b0f12211e0218d4a759636d8ee87b7f3c4e560f7e3c11517176efc3c716526c19ecf5eb8305e94407b5bd92606cdac41b50556a2740249a5a3ea50824327e37083340681d15b18425367e8b0e4508157c0186ef1cd2626b604531653e9dd9157aec59249177970cb83be422e9b217ac5fe32f2859a8aef2a7dc54a25866766b9dedeca4c1c8938e1e6e070e458c47d826a8f9862bd1218ed5618e47cc91d618925c1b4bb6ddfc40fe8513a08b4e018f3aa0bbdd2f5051707f6ec4dfa12d3aed41564ea416a9390339fbf2e19558a983a1076b887e55a3038ec1048f659ea2b2d2b62633110e55374cf2a130078eed1dd8d37aa7eb44a4bba091e7004453ed24c8749aa70530ebfb09f65b6c2efa80e1e9c3c692afc93fd4d2af45c5fd623fc5291134839c143a05cd66eb38c5d6ee54fd1f4b8e3469c65e0062b632aacde4a2254f74f77c9941ff45e09ff12a52e367961b43639e3daeaa4e1e41f0de01a96f70354be9cc9f969fd2ae1161847e864433624105190346f60f7e4347534ed67864f9b1b7b2554b13305f34f028206915d4a10d1ceb69201fdeccff72dd6d4bb49a17c46c3fa068b396c38474d06c0417dc267ec1363a704a8f50d7f745c2724160aa999f0136f441e951c78e3942bbecffc35663bdb418cb4511f4b0f28f9374bea7687dc12207f33cd20cbed5cabd2efc314c0a833bb02c305caf293a992be2360d5c458fa89e752e0ae59732510da8623b99608560c042408dcc54ec8a187a316df2be6822494b233997d0ad5c802107fd69db7ae6f97ff5353011619788e6d4ff5076be09ecda68136640f4ec2818c9d36ec2843bd25945a45aa762becb0e76a83d6266b6125504b18bd0d85a80e5bec745ca25def10815c172d977d7eaa030284dc50a03484daccc11a4b42e12f2c9ba63d8f7d6f0a551d5675922a657724914092b329cee45555d580db7e582c8b62006e13ea20bc8f8c828c212aa827f03354a1038ce4628857372c1aa5d6ed12490d2f248b0299c1d3df31ff5b0ad58d9eb68172b514237394d1f393d3a68b91db82e934ee2b0dd55cb1ad850ace24f8a187c02e8807bafb244fc3b773b286583f1ea8c95e1191de3f2e986c56d3f4fffb0dfb009bf63f93e326f62ad950dba819df671130b25d70c27c9fd6f500f52d82d307aeacf1e4572976538a04eb461b94ea73bba62c48c6c4f14aa94e111f08d637a73f26f36dc4fa11189a1e29fb4d23d3bed2ca58ae404497688331820aaf7f24be2de60e3bf6f01fa37af662ce7c07cb7812ed16248b062febb7198d038413eb1e07138d63586f1c792ab060eee8e8d78a868e0463c63974d360f6155f3fd010ad380d541dd770a29ad4098eeb5e1453b64147fc455a7c9bbc50f80d6d3cad647854893c359fb522e1b405fc681f9e70853814c71210339c0fca689ef02d1e2246d33b69547a0da3fea4555c3be7609d9b33d58cb0aff8a3b42fee97d89101c90ecc38a22036eab8123c9815a3e1255149d65218aa90b32e362")
r1 = syz_open_dev$usbmon(&(0x7f0000001140), 0x7, 0x202600)
mmap$usbmon(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x200000b, 0x10, r1, 0x8)
r2 = socket(0x22, 0xa, 0x7fffffff)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000011c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_FLUSH(r2, &(0x7f0000001380)={&(0x7f0000001180), 0xc, &(0x7f0000001340)={&(0x7f0000001200)={0x130, r3, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x40, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@rand_addr=' \x01\x00'}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x10000}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x73}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x5}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@ipv4={'\x00', '\xff\xff', @loopback}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x38}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}]}, @IPVS_CMD_ATTR_DAEMON={0x60, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'wg2\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x9}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0xffff}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7fffffff}]}, 0x130}, 0x1, 0x0, 0x0, 0x1080}, 0x40001)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000001400)={{{@in=@remote, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@private0}, 0x0, @in=@broadcast}}, &(0x7f0000001500)=0xe8)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001540)={'team0\x00', <r5=>0x0})
sendmsg$TEAM_CMD_OPTIONS_GET(r2, &(0x7f0000001b00)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001ac0)={&(0x7f0000001580)={0x53c, 0x0, 0x20, 0x70bd27, 0x25dfdbfd, {}, [{{0x8}, {0x50, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r4}, {0x26c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x53ac}}}, {0x84, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x54, 0x4, [{0x68, 0x70, 0x0, 0x100}, {0x200, 0x7, 0x5, 0x800}, {0x8001, 0x6, 0x5, 0x80000000}, {0x101, 0x5, 0x5, 0xfffffffe}, {0x0, 0x8, 0x2a, 0x1ff}, {0x1, 0x0, 0x57, 0x1ff}, {0x2, 0x6, 0x81, 0x2}, {0xd94, 0x8, 0x87, 0x8}, {0x3, 0x4, 0x40, 0x36bf}, {0x8, 0x5, 0x4, 0x2}]}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x20}}}]}}, {{0x8}, {0x1c8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x7d11}}}, {0x5c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x2c, 0x4, [{0x2, 0x1, 0x0, 0x2}, {0x8, 0x9, 0x2f, 0x7}, {0x7, 0x0, 0x40, 0xea1}, {0x7, 0x1f, 0x4, 0x7fffffff}, {0x3, 0x0, 0x1, 0x7}]}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x800}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x53c}, 0x1, 0x0, 0x0, 0x14}, 0x20008804)
ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000001b40)={0x7f, 0x40, 0x200})
getsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000001b80)=0x1, &(0x7f0000001bc0)=0x4)
ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f0000001c00))
getresgid(&(0x7f0000001c40), &(0x7f0000001c80), &(0x7f0000001cc0))
sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000001e00)={&(0x7f0000001d00)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001dc0)={&(0x7f0000001d40)={0x50, r3, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x80000001}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8000}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8000}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x5}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3f}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x800}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x20000004)
sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f0000001fc0)={&(0x7f0000001e40)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001f80)={&(0x7f0000001e80)={0xcc, r3, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6d1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'lo\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x81}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x10000}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x8001}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}]}, 0xcc}, 0x1, 0x0, 0x0, 0x1}, 0x80)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000002000)={{{@in6=@ipv4={""/10, ""/2, @multicast2}, @in6=@mcast2}}, {{@in6=@loopback}, 0x0, @in6=@private0}}, &(0x7f0000002100)=0xe8)
ioctl$SCSI_IOCTL_GET_IDLUN(0xffffffffffffffff, 0x5382, &(0x7f0000002140))
ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x4b4e, 0x16)

[   64.292599] ==================================================================
[   64.294072] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0
[   64.295396] Read of size 2 at addr ffff88800de813f8 by task kworker/u11:1/290
[   64.302489] 
[   64.302845] CPU: 1 UID: 0 PID: 290 Comm: kworker/u11:1 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) 
[   64.302882] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   64.302901] Workqueue: hci0 hci_cmd_work
[   64.302939] Call Trace:
[   64.302949]  <TASK>
[   64.302960]  dump_stack_lvl+0xca/0x120
[   64.302995]  print_report+0xcb/0x610
[   64.303030]  ? __virt_addr_valid+0x100/0x5d0
[   64.303061]  ? hci_cmd_work+0x66d/0x6d0
[   64.303096]  ? hci_cmd_work+0x66d/0x6d0
[   64.303131]  kasan_report+0xca/0x100
[   64.303166]  ? hci_cmd_work+0x66d/0x6d0
[   64.303205]  hci_cmd_work+0x66d/0x6d0
[   64.303242]  process_one_work+0x8e1/0x19c0
[   64.303288]  ? __pfx_process_one_work+0x10/0x10
[   64.303327]  ? rcuwait_wake_up+0x27/0x290
[   64.303364]  ? move_linked_works+0x172/0x270
[   64.303395]  ? assign_work+0x196/0x240
[   64.303434]  worker_thread+0x67e/0xe90
[   64.303473]  ? trace_irq_enable.constprop.0+0xc2/0x100
[   64.303506]  ? __pfx_worker_thread+0x10/0x10
[   64.303546]  kthread+0x3c8/0x740
[   64.303581]  ? __pfx_kthread+0x10/0x10
[   64.303615]  ? ret_from_fork+0x79/0x7a0
[   64.303642]  ? lock_release+0xc8/0x290
[   64.303684]  ? __pfx_kthread+0x10/0x10
[   64.303719]  ret_from_fork+0x67a/0x7a0
[   64.303746]  ? __pfx_ret_from_fork+0x10/0x10
[   64.303775]  ? __switch_to+0x759/0x1060
[   64.303812]  ? __pfx_kthread+0x10/0x10
[   64.303848]  ret_from_fork_asm+0x1a/0x30
[   64.303894]  </TASK>
[   64.303903] 
[   64.328163] Allocated by task 288:
[   64.328783]  kasan_save_stack+0x24/0x50
[   64.329476]  kasan_save_track+0x14/0x30
[   64.330174]  __kasan_slab_alloc+0x59/0x70
[   64.330901]  kmem_cache_alloc_node_noprof+0x228/0x6b0
[   64.331803]  __alloc_skb+0x2ab/0x370
[   64.332481]  hci_cmd_sync_alloc+0x34/0x300
[   64.333224]  __hci_cmd_sync_sk+0xf7/0x5c0
[   64.333984]  __hci_cmd_sync_status_sk+0x4d/0x1a0
[   64.334820]  hci_dev_open_sync+0x10ef/0x1f60
[   64.335586]  hci_power_on+0xdb/0x5d0
[   64.336238]  process_one_work+0x8e1/0x19c0
[   64.336978]  worker_thread+0x67e/0xe90
[   64.337672]  kthread+0x3c8/0x740
[   64.338283]  ret_from_fork+0x67a/0x7a0
[   64.338959]  ret_from_fork_asm+0x1a/0x30
[   64.339669] 
[   64.339983] Freed by task 289:
[   64.340530]  kasan_save_stack+0x24/0x50
[   64.341225]  kasan_save_track+0x14/0x30
[   64.341929]  kasan_save_free_info+0x3a/0x60
[   64.342687]  __kasan_slab_free+0x43/0x70
[   64.343396]  kmem_cache_free+0x26f/0x500
[   64.344109]  kfree_skbmem+0x18a/0x1f0
[   64.344785]  sk_skb_reason_drop+0x10e/0x1b0
[   64.345528]  vhci_read+0x3d5/0x5d0
[   64.346163]  vfs_read+0x1eb/0xc70
[   64.346771]  ksys_read+0x121/0x240
[   64.347383]  do_syscall_64+0xbf/0x430
[   64.348052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.348936] 
[   64.349233] The buggy address belongs to the object at ffff88800de813c0
[   64.349233]  which belongs to the cache skbuff_head_cache of size 232
[   64.351407] The buggy address is located 56 bytes inside of
[   64.351407]  freed 232-byte region [ffff88800de813c0, ffff88800de814a8)
[   64.353453] 
[   64.353760] The buggy address belongs to the physical page:
[   64.354721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xde81
[   64.356065] memcg:ffff88800d94b901
[   64.356677] flags: 0x100000000000000(node=0|zone=1)
[   64.357530] page_type: f5(slab)
[   64.358138] raw: 0100000000000000 ffff8880096c78c0 dead000000000100 dead000000000122
[   64.359565] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff88800d94b901
[   64.360994] page dumped because: kasan: bad access detected
[   64.362046] 
[   64.362369] Memory state around the buggy address:
[   64.363273]  ffff88800de81280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.364626]  ffff88800de81300: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[   64.365976] >ffff88800de81380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   64.367313]                                                                 ^
[   64.368634]  ffff88800de81400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.369984]  ffff88800de81480: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   64.371327] ==================================================================
[   64.372817] Disabling lock debugging due to kernel taint
[   64.376922] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.379837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.385512] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.386733] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.398571] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.399833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.401371] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.401499] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.409137] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.410565] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   64.411988] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.415017] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   64.417791] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   64.422066] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   64.424321] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   64.431325] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.435637] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.436735] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.441116] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.443880] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.546292] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   64.549436] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   64.555901] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   64.562429] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   64.563361] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   64.564568] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   64.568283] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   64.569253] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   64.570212] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   64.571128] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   64.572917] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   64.573794] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   64.584235] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   64.588651] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   64.591092] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   64.593761] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   64.596766] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   64.597897] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   64.607832] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   64.625412] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   66.455205] Bluetooth: hci3: command tx timeout
[   66.455820] Bluetooth: hci1: command tx timeout
[   66.456405] Bluetooth: hci2: command tx timeout
[   66.456943] Bluetooth: hci0: command tx timeout
[   66.646259] Bluetooth: hci7: command tx timeout
[   66.646690] Bluetooth: hci6: command tx timeout
[   66.710250] Bluetooth: hci4: command tx timeout
[   66.710785] Bluetooth: hci5: command tx timeout
[   68.502256] Bluetooth: hci0: command tx timeout
[   68.502688] Bluetooth: hci2: command tx timeout
[   68.503061] Bluetooth: hci1: command tx timeout
[   68.503461] Bluetooth: hci3: command tx timeout
[   68.694545] Bluetooth: hci6: command tx timeout
[   68.695271] Bluetooth: hci7: command tx timeout
[   68.760187] Bluetooth: hci4: command tx timeout
[   68.760598] Bluetooth: hci5: command tx timeout
[   70.550483] Bluetooth: hci1: command tx timeout
[   70.550942] Bluetooth: hci2: command tx timeout
[   70.551929] Bluetooth: hci0: command tx timeout
[   70.552392] Bluetooth: hci3: command tx timeout
[   70.742201] Bluetooth: hci6: command tx timeout
[   70.742703] Bluetooth: hci7: command tx timeout
[   70.807190] Bluetooth: hci5: command tx timeout
[   70.807601] Bluetooth: hci4: command tx timeout
[   72.599220] Bluetooth: hci3: command tx timeout
[   72.599785] Bluetooth: hci0: command tx timeout
[   72.599822] Bluetooth: hci2: command tx timeout
[   72.600300] Bluetooth: hci1: command tx timeout
[   72.790241] Bluetooth: hci7: command tx timeout
[   72.790878] Bluetooth: hci6: command tx timeout
[   72.854221] Bluetooth: hci4: command tx timeout
[   72.854767] Bluetooth: hci5: command tx timeout

VM DIAGNOSIS:
09:41:29  Registers:
info registers vcpu 0
RAX=0000000000000001 RBX=0000000000000000 RCX=35534676adce14ec RDX=00000000978510e4
RSI=000000004d02483f RDI=0000000032f87294 RBP=ffffffff85e1fd40 RSP=ffff8880095574b8
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=0000000000000002 R13=0000000000000000 R14=0000000000000000 R15=0000000000000200
RIP=ffffffff8152801b RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f13f919d900 00000000 00000000
GS =0000 ffff8880e538f000 00000000 00000000
LDT=0000 fffffe4f00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f87dab23ae0 CR3=000000000c5dc000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffff00000000000000
XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973
XMM04=0000000000000000003a646d65747379 XMM05=3a646d65747379733a3d534741540035
XMM06=494e495f4345535500323837313d4d55 XMM07=440068746f6f7465756c623d4d455453
XMM08=49006d756e203c2069000a313a56000a XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff8293dc70 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff88800f1bf5c0
R8 =0000000000000000 R9 =ffffed100166e046 R10=00000000000fe503 R11=6430303838386652
R12=0000000000000823 R13=0000000000000020 R14=fffffbfff112e94a R15=dffffc0000000000
RIP=ffffffff8293dcc5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e548f000 00000000 00000000
LDT=0000 fffffe6d00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555c24ebe228 CR3=000000000c5dc000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=732f70756f7267632f73662f7379732f XMM01=6563696c732e6d65747379732f70756f
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00005653c5eb89b00000000000000000
XMM06=00005653c5f9e18000005653c5fb4050 XMM07=00000000000000000000000000000000
XMM08=000000000000000000006d6574737973 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000