Warning: Permanently added '[localhost]:23851' (ECDSA) to the list of known hosts.
2025/11/15 19:19:18 fuzzer started
2025/11/15 19:19:18 dialing manager at localhost:37161
syzkaller login: [   44.990714] cgroup: Unknown subsys name 'net'
[   45.055522] cgroup: Unknown subsys name 'cpuset'
[   45.076819] cgroup: Unknown subsys name 'rlimit'
2025/11/15 19:19:29 syscalls: 203
2025/11/15 19:19:29 code coverage: enabled
2025/11/15 19:19:29 comparison tracing: enabled
2025/11/15 19:19:29 extra coverage: enabled
2025/11/15 19:19:29 setuid sandbox: enabled
2025/11/15 19:19:29 namespace sandbox: enabled
2025/11/15 19:19:29 Android sandbox: enabled
2025/11/15 19:19:29 fault injection: enabled
2025/11/15 19:19:29 leak checking: enabled
2025/11/15 19:19:29 net packet injection: enabled
2025/11/15 19:19:29 net device setup: enabled
2025/11/15 19:19:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/11/15 19:19:29 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/11/15 19:19:29 USB emulation: enabled
2025/11/15 19:19:29 hci packet injection: enabled
2025/11/15 19:19:29 wifi device emulation: enabled
2025/11/15 19:19:29 802.15.4 emulation: enabled
2025/11/15 19:19:29 fetching corpus: 0, signal 0/0 (executing program)
2025/11/15 19:19:31 starting 8 fuzzer processes
19:19:31 executing program 0:
r0 = syz_io_uring_setup(0x3ff, &(0x7f0000000080)={0x0, 0x779c, 0x8, 0x2, 0x1b7}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x8080, &(0x7f0000000180)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@cache_fscache}, {@noextend}, {@access_client}, {@dfltgid={'dfltgid', 0x3d, 0xffffffffffffffff}}, {@cache_mmap}, {}, {@cache_fscache}, {@cache_mmap}, {@nodevmap}, {@dfltuid={'dfltuid', 0x3d, 0xee00}}], [{@dont_appraise}]}})
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800800}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0xa91765d4a4b89f91, 0x70bd2c, 0x25dfdbff, {}, [@GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_TID={0xc, 0x3, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4010}, 0x80)
io_uring_register$IORING_REGISTER_PROBE(r0, 0x8, &(0x7f0000000380)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x18)
ioctl$INOTIFY_IOC_SETNEXTWD(0xffffffffffffffff, 0x40044900, 0x66ae)
r2 = inotify_init()
inotify_rm_watch(r2, 0x0)
io_uring_register$IORING_REGISTER_PROBE(r0, 0x8, 0xfffffffffffffffe, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
r3 = syz_io_uring_setup(0x7ec7, &(0x7f0000000480)={0x0, 0x6a73, 0x0, 0x1, 0x3c4, 0x0, r0}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000500)=<r4=>0x0, &(0x7f0000000540))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r1, &(0x7f00000008c0)=@IORING_OP_RECVMSG={0xa, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000880)={&(0x7f0000000580)=@l2tp={0x2, 0x0, @multicast2}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000600)=""/216, 0xd8}, {&(0x7f0000000700)=""/196, 0xc4}], 0x2, &(0x7f0000000840)=""/13, 0xd}, 0x0, 0x40000000, 0x0, {0x1, r5}}, 0x1)
r6 = syz_open_procfs(0x0, &(0x7f0000000900)='net/dev_snmp6\x00')
sendmsg$AUDIT_SET_FEATURE(r6, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x3fa, 0x800, 0x70bd2d, 0x25dfdbfc, {0x1, 0x0, 0x1}, ["", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x10)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a40)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
io_uring_register$IORING_UNREGISTER_EVENTFD(r3, 0x5, 0x0, 0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000a80)='/sys/class/net', 0x101001, 0xc0)
ioctl$CDROMSETSPINDOWN(r7, 0x531e, &(0x7f0000000ac0)=0xc)
ioctl$INOTIFY_IOC_SETNEXTWD(r7, 0x40044900, 0x7)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)

19:19:31 executing program 1:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan0\x00', <r0=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000080)={0x1c4, 0x0, 0x300, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0x1c, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x3f}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x7f}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x3f}]}, @NL802154_ATTR_SEC_KEY={0x17c, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "f3aa241eb0533a952f1808ceff0c083f1ebd739eb3478b172849024a9ded1231"}, @NL802154_KEY_ATTR_ID={0x5c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x44, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7}]}, @NL802154_KEY_ATTR_ID={0x8c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x54, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xb1c5}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7f}]}, @NL802154_KEY_ATTR_ID={0x10, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xffffffffffffffc2}]}, @NL802154_KEY_ATTR_ID={0x54, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x81}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x93}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xf04c}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x20, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x2}]}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x1c4}, 0x1, 0x0, 0x0, 0x24000005}, 0x80c0)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r1, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x81}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000081}, 0x31)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000440), 0x8000, 0x0)
sendmsg$SEG6_CMD_DUMPHMAC(r2, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x24, 0x0, 0x8, 0x70bd25, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
r3 = add_key$keyring(&(0x7f0000000640), &(0x7f0000000680)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r4 = request_key(&(0x7f0000000580)='dns_resolver\x00', &(0x7f00000005c0)={'syz', 0x1}, &(0x7f0000000600)='/dev/zero\x00', r3)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r5, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x34, 0x0, 0x300, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x34}, 0x1, 0x0, 0x0, 0xc010}, 0x800)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r5, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x3c, r1, 0x8, 0x70bd29, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x20}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x4}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x33}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x9}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1000}, 0x8000)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ADD_IFACE(r6, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x54, r1, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000a00), 0x200d02, 0x0)
ioctl$CDROMPAUSE(0xffffffffffffffff, 0x5301)
keyctl$clear(0x7, r4)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000a40), r7)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000a80)={'wpan1\x00', <r8=>0x0})
sendmsg$IEEE802154_LLSEC_GETPARAMS(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x5210020}, 0xc, &(0x7f0000000d00)={&(0x7f0000000c80)={0x6c, 0x0, 0x2, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)

19:19:31 executing program 7:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x880}, 0x840)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000180)={'wpan3\x00', <r2=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r1, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x408c0)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), r0)
sendmsg$IEEE802154_LIST_PHY(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r3, 0x100, 0x70bd26, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x840)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r0)
sendmsg$IEEE802154_START_REQ(r0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x2c, r4, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x16}, @IEEE802154_ATTR_BCN_ORD={0x5, 0x17, 0x40}, @IEEE802154_ATTR_SF_ORD={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4000000)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LIST_PHY(r5, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x14, 0x0, 0x400, 0x70bd27, 0x25dfdbff, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x40040)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r0)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r6, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, r7, 0x200, 0x70bd2c, 0x25dfdbfd, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20004890)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000780), r6)
sendmsg$IEEE802154_ADD_IFACE(r6, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x34, r8, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004804}, 0x4000840)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_KEY(r9, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x14, r4, 0x800, 0x70bd2d, 0x25dfdbfd, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x810}, 0x4040)
sendmsg$AUDIT_SIGNAL_INFO(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x10, 0x3f2, 0x100, 0x70bd26, 0x25dfdbfb, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4004044}, 0x4)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x24, 0x0, 0x700, 0x70bd28, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xfffe}]}, 0x24}}, 0x24000041)

19:19:31 executing program 6:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @remote}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast1}, @GTPA_O_TEI={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast1}, @GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010102}, @GTPA_TID={0xc}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4004000)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x100, 0x70bd26, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x40000)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r1, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, 0x0, 0x300, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x4008801)
sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x78, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy2\x00'}]}, 0x78}, 0x1, 0x0, 0x0, 0x5014}, 0x40000)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000500)={'wpan1\x00', <r2=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEV(r1, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x34, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x4c040)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x1c, 0x0, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000740), r1)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r3, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x84140111}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x2c, r4, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x20}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x200080d0)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r1, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x14, r4, 0x300, 0x70bd27, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x4329c69e54685ca0)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000940), 0x4a8000, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r6, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x14, r4, 0x100, 0x70bd2b, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x840}, 0x800)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r7, &(0x7f0000000b40)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x14, r4, 0x4, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x44000)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r5, &(0x7f0000000b80)={0x2000000c})
sendmsg$IEEE802154_LLSEC_LIST_DEV(r3, &(0x7f0000000c80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x14, r4, 0x200, 0x70bd2b, 0x25dfdbff, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000810}, 0x40000)

19:19:31 executing program 2:
setsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000000), 0x4)
getsockopt$WPAN_WANTLQI(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000000c0)={'wpan3\x00'})
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/hid_sunplus', 0x8401, 0xd2)
ioctl$CDROM_NEXT_WRITABLE(r1, 0x5394, &(0x7f0000000140))
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), r0)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r2, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, r3, 0x300, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_DEVICE={0x20, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_PAN_ID={0x6}, @NL802154_DEV_ATTR_FRAME_COUNTER={0x6, 0x1, 0x20}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_ATTR_SEC_DEVICE={0x1c, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_FRAME_COUNTER={0x6, 0x1, 0x6}, @NL802154_DEV_ATTR_SECLEVEL_EXEMPT={0x5}, @NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0xfffd}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x8091)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000300), r1)
r4 = socket(0x23, 0x3, 0x3)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r4, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x38, 0x0, 0x10, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x1, 0x69}}}}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x25}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r2)
r6 = accept4(r1, &(0x7f00000004c0)=@generic, &(0x7f0000000540)=0x80, 0x80000)
sendmsg$802154_raw(r6, &(0x7f00000006c0)={&(0x7f0000000580), 0x14, &(0x7f0000000680)={&(0x7f00000005c0)="3afb44c75b8fbc4cbc6bf85395d20fa0c7ece1f280a1dbb6182ab04e4c51ed68c811b74d3e8bfae54ca05018914b0b6555f96c272226e4e1c4a473c8f81025a7bfd7ed65a1fb5648de6ffb0fc93b36dcc4c3fbb70a78ae53036793a0e1d3c51a9afeca773d5dcfe031938afcbe73b1f52672eb4c38b68b4abb5e82818d91c5469c726147baa5dcd7812b44f4928f1b37df5a0b4bde", 0x95}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000)
setsockopt$WPAN_WANTACK(r4, 0x0, 0x0, &(0x7f0000000700)=0x1, 0x4)
sendmsg$AUDIT_USER(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000880)={&(0x7f0000000780)={0xd0, 0x3ed, 0x400, 0x70bd26, 0x25dfdbfe, "c6646102c13587c9c24db2306c78c5beb08568b99e02e1042698ee457a1af9b174d4fefc72c59a73a4a59065adb72bc3a73777b669ddf4e98e85b5c9270773f93ea86c28ad286fdbe39b962e46cba706dbde8684043fe03ea391381b056577083953838c767f1e2941b05b8b48f3d6846f7b3c8ef2e9254760950376fc389f0f27cb98fa21725ed887a6850a857feabfa945df6110d12b1a3b52ba38e832b41781d4ea50179c711db29b04f05d1651da200c862deae49e26b9b35a47eb", ["", "", ""]}, 0xd0}, 0x1, 0x0, 0x0, 0x24008004}, 0x8005)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000940), r6)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f0000000a40)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10020108}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x40, r7, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x18}, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x0, 0x13}}}}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1c}]}, 0x40}, 0x1, 0x0, 0x0, 0x4040}, 0x800)

19:19:31 executing program 3:
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000000)={'gre0\x00', <r0=>0x0, 0x10, 0x8, 0x772, 0x200, {{0x14, 0x4, 0x0, 0x6, 0x50, 0x68, 0x0, 0x81, 0x2f, 0x0, @loopback, @empty, {[@ssrr={0x89, 0x27, 0x24, [@dev={0xac, 0x14, 0x14, 0x1b}, @multicast2, @private=0xa010102, @multicast1, @multicast1, @empty, @dev={0xac, 0x14, 0x14, 0x2c}, @empty, @private=0xa010102]}, @ssrr={0x89, 0x7, 0xe9, [@broadcast]}, @generic={0x82, 0xa, "e9a5c3ac5af1a7cf"}, @noop]}}}}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'syztnl1\x00', &(0x7f00000000c0)={'erspan0\x00', r0, 0x8000, 0x20, 0x81, 0x0, {{0x16, 0x4, 0x0, 0x12, 0x58, 0x65, 0x0, 0x6, 0x2f, 0x0, @private=0xa010100, @rand_addr=0x64010100, {[@ssrr={0x89, 0x1f, 0x51, [@empty, @multicast2, @empty, @rand_addr=0x64010100, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2]}, @ssrr={0x89, 0x23, 0x67, [@initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x15}, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @local, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000001c0)=0x14)
socketpair(0x28, 0x5, 0x9, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, r3, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010102}, @GTPA_TID={0xc, 0x3, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x810}, 0x8010)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'erspan0\x00', &(0x7f0000000380)={'erspan0\x00', r0, 0x700, 0x7, 0x7, 0x7, {{0x9, 0x4, 0x1, 0x1e, 0x24, 0x66, 0x0, 0x7f, 0x29, 0x0, @local, @private=0xa010101, {[@generic={0x44, 0x10, "f0d1fd51a85339f718117a5f8cb2"}]}}}}})
sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20a00000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x24, r3, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_MS_ADDRESS={0x8, 0x5, @remote}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)
r4 = socket(0x2c, 0xa, 0x10001)
r5 = syz_genetlink_get_family_id$gtp(&(0x7f0000000580), r2)
r6 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$GTP_CMD_NEWPDP(r4, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x30, r5, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@GTPA_NET_NS_FD={0x8}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_NET_NS_FD={0x8, 0x7, r6}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r7 = syz_genetlink_get_family_id$SEG6(&(0x7f00000006c0), r2)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x50, r7, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x20}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x4}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x2}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x3}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x81}, @SEG6_ATTR_SECRET={0xc, 0x4, [0x74000000, 0x3f]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x2}]}, 0x50}}, 0x2c040000)
syz_open_dev$ptys(0xc, 0x3, 0x0)
semget$private(0x0, 0x1, 0x8)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x400010}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x54, r3, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @multicast1}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x2c}}, @GTPA_O_TEI={0x8}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_PEER_ADDRESS={0x8, 0x4, @broadcast}, @GTPA_MS_ADDRESS={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8001}, 0x844)
r8 = request_key(&(0x7f0000000940)='.dead\x00', &(0x7f0000000980)={'syz', 0x0}, &(0x7f00000009c0)='gtp\x00', 0xffffffffffffffff)
keyctl$clear(0x7, r8)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r2, &(0x7f0000000bc0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x4723976fa079f801}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x74, 0x0, 0x404, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0xd}, @val={0x8}, @void}}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x3c}, @NL80211_ATTR_PID={0x8, 0x52, 0xffffffffffffffff}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_PID={0x8}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PID={0x8, 0x52, 0xffffffffffffffff}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x42}, @NL80211_ATTR_PID={0x8}]}, 0x74}, 0x1, 0x0, 0x0, 0x4}, 0x2000c890)

19:19:31 executing program 4:
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x300, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x2}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x400}, 0x810)
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, r0, 0x800, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8014}, 0x4080)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$IEEE802154_ASSOCIATE_REQ(r1, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x54, r2, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x14}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x18}, @IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x9}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0xe}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0xa}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x8400)
sendmsg$IEEE802154_SCAN_REQ(r1, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x2c, r2, 0x8, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_CHANNELS={0x8, 0x14, 0x15}, @IEEE802154_ATTR_CHANNELS={0x8}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008800}, 0x8004)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000540)={'wpan1\x00', <r3=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000580)={'wpan0\x00', <r4=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r1, &(0x7f0000000680)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x5c, r0, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3f}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x8}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x7f}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0xff}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x80}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x4000010)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000006c0)={'wpan4\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000740), r1)
sendmsg$IEEE802154_DISASSOCIATE_REQ(r1, &(0x7f0000000840)={&(0x7f0000000700), 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x54, r6, 0x400, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_REASON={0x5, 0x12, 0x3}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x1}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x1f}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x7f}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa3}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x6}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x2}]}, 0x54}}, 0x0)
sendmsg$IEEE802154_LIST_IFACE(r1, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x30, 0x0, 0x208, 0x70bd2b, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000855}, 0x14)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000980), r1)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000a00)={'wpan3\x00', <r8=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r7, &(0x7f0000000b00)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x50, 0x0, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r8}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}, @IEEE802154_ATTR_HW_ADDR={0xc}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000080}, 0x4)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000b40), 0xffffffffffffffff)
sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)={0x78, r2, 0x2, 0x70bd29, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r8}]}, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

[   56.426467] audit: type=1400 audit(1763234371.296:7): avc:  denied  { execmem } for  pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
19:19:31 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/llc/socket\x00')
write$cgroup_pressure(r0, &(0x7f0000000040)={'full', 0x20, 0x7}, 0x2f)
openat$cgroup_pressure(r0, &(0x7f0000000080)='cpu.pressure\x00', 0x2, 0x0)
openat$cgroup_pressure(r0, &(0x7f00000000c0)='cpu.pressure\x00', 0x2, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_udp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000100))
setsockopt$inet_udp_int(r0, 0x11, 0x1, &(0x7f0000000140)=0x7, 0x4)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000001c0)={'syztnl1\x00', &(0x7f0000000180)={'tunl0\x00', 0x0, 0x1, 0x700, 0x0, 0xfffffff8, {{0x6, 0x4, 0x3, 0x19, 0x18, 0x66, 0x0, 0x0, 0x2d, 0x0, @local, @broadcast, {[@noop, @noop]}}}}})
setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000200)=0x4, 0x4)
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='attr\x00')
sendmsg$AUDIT_USER(r3, &(0x7f0000001340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001300)={&(0x7f00000002c0)={0x1010, 0x3ed, 0x2, 0x70bd2c, 0x25dfdbfe, "ab8306e325108436feaa3283204b423f44f5941955d1b5a8dac4b43c85017ba9765cd719ee8e8215958f61bddbc4627a36793abf83f786c55d2ce55faca69b3368d35de8a77ea4fe6116dbd9a7455adc747db3c981da13b30c2afa2792ef535a4a140dadedd44659004961d7699450e1b4f30cb11d7eac1159d6e69a372dbe393d2b4ca73eac481a3590fbdd1c80d314cdd978922d9d604fcd254ebbae6562810bffa0d8a124b694815decf459ed0cd9f4b305cc3ffce0ceb6cb200bdc1edf5c02581e274878cf7b636225fc80912ac9232fce820b74f0aa14f1a611f9b468e4b5a7c11fb6a0b37b3822103fe95c67086cb584fd7043d51726b7e929ad083b5820545bf21c8e7643c9231aa409ea79fb8d641590f2b086d10bba64248e3743e2873011f7a8725c53dbd9437265f4332583353f7766a9de76cc05aecb293b87d1573c3e96959bfcab353e9fa1c2600dfa315130c868d853ab62a3d1258ba22fc3a659decb440c3a2d5714a7e1fbb2b465fde24ec54a08021eabd64b506e280664fbcf2a0e6b4714a026e08eda4c82efd70f7b613e3181430d14c97137f546c0177ac5309ddc4cf81689f3debf3d1156b2dcd157c827a9176bd94c7d5aeda10a907cbd1bbf6e7af2252243043ff62e88c0e699db88aaa70e79a0f9e2c30e23769c886407cac5bd140c0b60a6ef48a669ee3bff45aed220c96c4cdec8dbb6ac4eedb3547efa8f594755d959a214ae5584a6255e19c6bc952e7593a86efb743a1e352c2576ba867da12db612a835d98fffa12123a6b9ec6f6ffd3e27212e0cfa0cd9b4dfcdf48f9d341902d6240e40ca8edc330bbb8351b3a19bbe95a7e3b1c465b87d383555d9ed0e52569427f271cde273b83b73349cfab515f10b512ce3775b2bc2d4fc3d54cc1e98ae0d942715d1a23ddd358fad06f10d71cc0c403a81e7b657ab6c6408bcd680a523f0a2187d502334952d8fb278f0000441831a71af906ca0c6e97f449c6d0318b53a24e7ef3e82bf84886e383d1b8c4cfb08de3c6cb468c6eb32401a34f2c244099cd6ff44e238437600f63568250de232591b5454aa2775eddbd7e6d388b44aca38d222c9c38543a0b820bef76f28fe21fa657e338db286fe4485613f8c1091d8b8a5ef8d9e044264fba8812f7628b61f5c24a2ea4273b448e3435c5a9feaa7204e660a8a7403788e39dd3e3764b45ad1ecffd2167b23af318efdd812c8f76abed939b0ce2ac0f31c93c827055fbe190dbab9b629b4af69a3c9321ba7f94e91ee357eb721169cde60024b62e73243eb9e5cd8be639ca2f9791ccc2448029d43b06cad029b8ee1e8a8db35cce01082e249f5152dbbac13ca8d74f8d3bfb31d5719e865162363f56a8215aec94d9f8cafee018b930ff6a37d8eae97da8052bbb22d89e32abf5c8b77424c71729b77ffd60e7ad4cc4604fab209a69ed381603c96d510195866ab5c034744a4ff90eaf48e974793c0c3d3540100bc778e38ea944a4125395badbc4d981fdacc30094d05b18abb7cb312043b8da76bc66d3f43833316c54b6c485430aeb48e92167c230b3785e9291cb6d961b6cd0c346c987fba8eb47300ae279a21490d4a55ba6d403e8a132dd5aeebed60ec19934d4fa4a78d752bb5f092452856d18d4a831e8b16f68cb80f638ab22df050be2ef6db001b4c45c1c36b1988f179d605359f1dd7e99d5cd8584f5ec701465f20dd300ebaef62d87770e886fb9d1fcc0500a895ce75c90f636b15488d7f8fb83f7e5203966b383abc8328a064b13481b31d5c9dcb8ec388bf6dc4641275b337e3a6552e481b1c23c7b093511c693890e0985817c381657d19f082c9e9d34b23edc689406c9403a9c9bc2f83fe4592d88a6ff4b5aac43690532062a60f158239cb60f40122cc920f4d60bac0964b48b18e9da12e934c25b58d321aa01770c91e8a8c74659e316dd66f580bf2df3c1c026eedcb2bdbc07edb891af2333bda21208e93ac94467ed11643b81c624cf030c5e7c1157cc6cc5eacd15057dad5b9dd9eb4d1a6ddbe75bd17da1f1aeefeb5a67e8a9b6c2e40b5761d31c1958195aca1aa65030eb1e6cf545b3512081e8987f463f2e905366e78086f933026113baa07c395371c4f8e1c06b744e122365f295eefba8ae13935d956d79795418b3c07abad9d8042a59f69d173f46d7060f2f45d5b121973363ecafe6619dcde4efd2f33c604d86c18cae1d97f667f06a62ddf3dcd399c8fd6e0f843f1aa544f3e7aa2c32186224974076577631a364a21029b8dc4853dd2907922a2a08a212d01c490fe51582d71228fcfe2fac6a78a804b747411632e8b055092bf051d0318cfc6333e1cbee67c0315700bbf01c2759fef897341fa5bc3b6e24b2f5cd2bf6c2f66877dd731ae2e54c0490075721dbda02e0568922d46e72301caac4301043cd1c7606b738bbe0804aefa432a91326fbd1cb6f5aff5bbbe7bf1245a67880bc0f40cea740ef64039a9ddfbee342583c36c3a917b950d1955a76685a9bfc7a86cd4644f7a1d1db166e155821f179a02aec97db5deb1e33c9d1a8f3dc5aacb44cb376139547e3943272d25a0a376d60163d9ec1dfb38c7ad6e3b8d94f13cea7bc79425bc977c4c8b9f254219330074d2f4b4f0ae23773fe3bf1502caed36d0de9a5d97b5d3706bdb6b1aac964569511d73496afd21deeab14435a4f54cfcea48707354969861d7ec6ff899533b89c14d861714590cc88cb39b26c84c005ee0636985b572c23ea1ef5ce682745b7cbd8d80027aae390c75d2dcc1a0e5ff8da78cbdd411f824f21ea2ab85546fa01c9c0df71b0ee463da6156e9e3c42cd5cc448366ab973dd78342a25004fac33a9d20a46d0de43caf5ccf0cbdff763ca8bf847d5d982518303067b4f7141d239d83dfe2966a8a0bce04b98adfa697cba051d82f8343761f6044b5f1ee83e9e399fabcd46255bf569c47673f7a95a62e1036a6fd129f84f4e09170e4fdfc57944b351e0db226be84ab51072ec5d5ff98f0ca96b55e31bc9c5cc1f781885f7ed33ee2a3403f8d52f411e689de12a9e5aafc5f462f6c70799dc325b657c90f167d74b37bf1ee9d539264d1fe67c350f0dd45e5dd118c00b9d87b93ead527a28b3faf1a942b846c214237487c747fd5082515e59eea8e459378009139e6f46c9182e0c535320d094985098721a9a7fb181474be20b4dcbe4f4c0122c0dd5aff53cfecd68fba2356340b7fd2de06583350291f0d5d8cd4d4946213e00afe607d4977b11add411d8b9e8daa5d774ed7f8deca679e881bb45ecbf57e5ac3c18e8da0daf5318348eda0fa6bce56ff736de0a8434b21057dc96f3f33649387a1e85891946236b96a694c300089eeabc68b6381005313dd8ae2177638a1c9026d101a571eb08bcc457fdce79a4e3ffd959b189d437e0a266f78a0c6a6734b2ab10b384a8821d260aa09588d75d68ad3249256a307ba5f2f4286145aea0fb15d9d8d056a24debab8d2c57cafdd4fba76aaeb2a6c797680f92f881b22f5b3a224e78e2b6b4e8f66031133f842b456eb437e1b9961de7ecb0da6a661a0e2e7e07391a1404f549d360ba6ccf1175b158dd55b03224b542ecc39f940d8c8f74920c13becdaa8aba5dc9add8f4e83cd6e88b2e6c00062480458a79a162e83c280c8ff22d42c687ee703ab7f36c2422fd0dfb1aca553b975a73ab5eaf384ded2ef11f8507767a3e2e16cc6738aadabef8f349f44a05f943954e7b317028f646131f1a2a2daa9871f8432f674f56c22443d5a54e214a7e5f86f89ba5088f6fb48df0430ec1885fc363e3bdf89c537f662edda8aa447b1665bbec8d0724a8e4d6e07466ed021e9eaef3dd96de2694498053c16e022728c9e5bee7470170481190b9e463bff0a69feab5b1ac138bcdb1034db3d80369073d667add5966f82ac9605da0d420c8e3217d691fabdfc44f9f305b3e54837e2921d94397b4797a786c993ee0063fdfd8e62fb6ec2f7be65621aff40c5944110f400bd9144c7282223c7845fa86fa7535183430e3a8ab4a460b48d49a172a71eed40dd3c07b8883e860f435190bc0cacf923a54c37f5d84028905da5ce175083c890c3f03ef99a481f10bfcf9a32ffc1ead645543129d1a3a01c0ebea83f7a9bb873eebd0c4dabd2c162a19f001ce370b482db2af3d1a7f08361ca9ede779dccc1c8475844b8a8f8056b5bf6757b73fcd845c891783239bf7a8fd65cb20cfa33a3ea3e031b644ff9df7d39cf3f84f13ccaab4fe6bab9eff3eb1c684a9cdbd717a7ad7cb5828a3ad98281837f05ee8b6edafcf73a0d809fc80f216d90ad32d4633239d235c03c43119ee302b61082d53c4cb6fb4ef24d0c145663194d65aa4e276a08d97c68f280da8757cea264ad236c7c438f239456fa2165d81e6fa2278a41b430020e1ce0301644429b6dbd3314e76e41dd1347ae847955e224d027ecc02ef84d5172863036b1091fd97d6709042b2b7336a08a1c88e9ccec7f488281f3002433db9dfbcc3f0027639cd7becb14a604365bf2698c846d15f0328151adc1362a2a2a16dfddc42cce5651dc962fef0470a3a9b31eb84355a4f4fb8f95ba1cd390129aaf449035c924dbc0c7ff55e6a4bac26e71fa8f59bc1b24bb942321989922c31ad8a10a42e5ef33fb6c7a88f45c13ddecb7950c4f71cfe56f5e0aa9363cd435bbbf0b80ca2e157e28b3ff7e54be4e2177aba2a2a687a9a41f199733f562dba7a570be0a528e2d62025f8964b4b7251564f33ea1af5bebbb330b229a3d9743e4f065ba03d8a7b76ab22cb1afb5bc588bc1fccc18242a0a49f680b6f415a605027b595bdf560b43e9d1243324ea4e91f4bc1469459598cc095f9f12a819f92ce9057a67b23facb0504c27b829d4458368411528b070a0b4b4ac3e4a65ea01e6e17262aaf2ca0b7d5841c33e5d5aba5acf76610bb81decbc2bfb1ff4e7b3b7953394e8acb901626664c395c2957b07a9d566cbd91533d5e5339a680779f19f17a9807bbfa5621b1ebdc4bbb006924d1bfded0daa49fbc647bad2dae31855b5255b3530703d0554dd2bdce5da7da60e829dc633f2444045bdecdbdbc0fab1f7a98d25920ff29c8505e3735e9e8870c00d2a8e5f29aefd3daa96ac9e3b617c5b65a2cbe67e787a32dd6f3b38f9ad0818933a1efee65acbe8c924fb605e8613e7f62bc082390f29c20d0d0006038b31625d01506da767f3ad6e5c3636cf824c54576a702407e91f1df09aabc34c3615953cbb0c99d062d4a484cfc0ef4e426a897586775df659c6b4e350226a725e4d5842c4f5ba112f6c20eda12969affe8c5207ab41fd924269270c96a96228f813de2bcbd31e0435a3cd4fe5ad4516b595a03a8573619718155b39820b59331c1ff5d5739cea084413780b513e1569713dbc774614cdeb6f76c91c98966909d31dc559cf0f54e9b393aa49d8ba719ff75036211c4d0bc4270e64217db4da30a79e6cba18ff1f2269aeb7aac07897803721928328032f6a6c94ed71a602262730bd9039515961f3cdea4a174dcd45e230eadd4d4ffa297fb088e066f1d8fbdeb24562096ed66325df97d3662d26983af9ee0c0902710f77f9f6210f71bcc09b843a726abb5eafc5b6450bd823a5cd5e8ace58792d20c69da9098b0f36fb729f04ffc314368243761a83d0fed9d1d85e8705525bbd1d5099673baf09bfc65d8e994d1d47c3c0ab4227db35306c36bc0a41f13fc730453bd144e2541e9b0c656febfb19097c9b9c1207b9ca0fe5c155be1e1d06d648d547dcd24f90d14d147c72", ["", "", "", "", "", "", "", "", "", ""]}, 0x1010}, 0x1, 0x0, 0x0, 0x44800}, 0x4004)
getsockopt$inet_udp_int(r0, 0x11, 0xd, &(0x7f0000001380), &(0x7f00000013c0)=0x4)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_inet_udp_SIOCOUTQ(r1, 0x5411, &(0x7f0000001400))
socketpair(0x21, 0x80000, 0x3ff, &(0x7f0000001440)={<r4=>0xffffffffffffffff})
getsockopt$inet_udp_int(r4, 0x11, 0x1, &(0x7f0000001480), &(0x7f00000014c0)=0x4)
r5 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_GET(r5, &(0x7f00000015c0)={&(0x7f0000001500)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001580)={&(0x7f0000001540)={0x10, 0x3e8, 0x400, 0x70bd25, 0x25dfdbff, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x8080}, 0x40)
semctl$IPC_RMID(0x0, 0x0, 0x0)

[   57.572136] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   57.575239] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   57.577328] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   57.579763] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   57.581374] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   57.585239] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   57.589669] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   57.592527] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   57.615389] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   57.621186] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   57.647838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   57.652467] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   57.660103] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   57.664430] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   57.669302] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   57.701703] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   57.712656] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   57.714554] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   57.719572] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   57.726447] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   57.728989] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   57.732239] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   57.734209] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   57.746346] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   57.751135] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   57.798691] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   57.805513] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   57.806744] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   57.807879] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   57.811109] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   57.812905] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   57.816465] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   57.818575] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   57.820118] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   57.822793] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   57.826264] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   57.828939] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   57.840457] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   57.846793] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   57.857437] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   57.860156] ==================================================================
[   57.861285] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0
[   57.862342] Read of size 2 at addr ffff88800c393538 by task kworker/u11:2/290
[   57.867028] 
[   57.867316] CPU: 0 UID: 0 PID: 290 Comm: kworker/u11:2 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) 
[   57.867347] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   57.867364] Workqueue: hci5 hci_cmd_work
[   57.867395] Call Trace:
[   57.867404]  <TASK>
[   57.867413]  dump_stack_lvl+0xca/0x120
[   57.867443]  print_report+0xcb/0x610
[   57.867473]  ? __virt_addr_valid+0x100/0x5d0
[   57.867500]  ? hci_cmd_work+0x66d/0x6d0
[   57.867529]  ? hci_cmd_work+0x66d/0x6d0
[   57.867571]  kasan_report+0xca/0x100
[   57.867615]  ? hci_cmd_work+0x66d/0x6d0
[   57.867647]  hci_cmd_work+0x66d/0x6d0
[   57.867685]  process_one_work+0x8e1/0x19c0
[   57.867742]  ? __pfx_process_one_work+0x10/0x10
[   57.867775]  ? move_linked_works+0x172/0x270
[   57.867800]  ? assign_work+0x196/0x240
[   57.867832]  worker_thread+0x67e/0xe90
[   57.867864]  ? trace_irq_enable.constprop.0+0xc2/0x100
[   57.867892]  ? __pfx_worker_thread+0x10/0x10
[   57.867925]  kthread+0x3c8/0x740
[   57.867953]  ? __pfx_kthread+0x10/0x10
[   57.867981]  ? ret_from_fork+0x79/0x7a0
[   57.868004]  ? lock_release+0xc8/0x290
[   57.868039]  ? __pfx_kthread+0x10/0x10
[   57.868068]  ret_from_fork+0x67a/0x7a0
[   57.868090]  ? __pfx_ret_from_fork+0x10/0x10
[   57.868114]  ? __switch_to+0x759/0x1060
[   57.868145]  ? __pfx_kthread+0x10/0x10
[   57.868175]  ret_from_fork_asm+0x1a/0x30
[   57.868212]  </TASK>
[   57.868219] 
[   57.888385] Allocated by task 288:
[   57.888894]  kasan_save_stack+0x24/0x50
[   57.889490]  kasan_save_track+0x14/0x30
[   57.890087]  __kasan_slab_alloc+0x59/0x70
[   57.890697]  kmem_cache_alloc_node_noprof+0x228/0x6b0
[   57.891461]  __alloc_skb+0x2ab/0x370
[   57.892036]  hci_cmd_sync_alloc+0x34/0x300
[   57.892675]  __hci_cmd_sync_sk+0xf7/0x5c0
[   57.893297]  hci_write_ca_timeout_sync+0x8f/0x1e0
[   57.894004]  hci_dev_open_sync+0x1874/0x1f60
[   57.894646]  hci_power_on+0xdb/0x5d0
[   57.895203]  process_one_work+0x8e1/0x19c0
[   57.895826]  worker_thread+0x67e/0xe90
[   57.896402]  kthread+0x3c8/0x740
[   57.896908]  ret_from_fork+0x67a/0x7a0
[   57.897480]  ret_from_fork_asm+0x1a/0x30
[   57.898077] 
[   57.898325] Freed by task 306:
[   57.898785]  kasan_save_stack+0x24/0x50
[   57.899361]  kasan_save_track+0x14/0x30
[   57.899951]  kasan_save_free_info+0x3a/0x60
[   57.900593]  __kasan_slab_free+0x43/0x70
[   57.901208]  kmem_cache_free+0x26f/0x500
[   57.901808]  kfree_skbmem+0x18a/0x1f0
[   57.902368]  sk_skb_reason_drop+0x10e/0x1b0
[   57.902982]  vhci_read+0x3d5/0x5d0
[   57.903519]  vfs_read+0x1eb/0xc70
[   57.904052]  ksys_read+0x121/0x240
[   57.904568]  do_syscall_64+0xbf/0x430
[   57.905123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.905880] 
[   57.906132] The buggy address belongs to the object at ffff88800c393500
[   57.906132]  which belongs to the cache skbuff_head_cache of size 232
[   57.907972] The buggy address is located 56 bytes inside of
[   57.907972]  freed 232-byte region [ffff88800c393500, ffff88800c3935e8)
[   57.909675] 
[   57.909931] The buggy address belongs to the physical page:
[   57.910728] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc393
[   57.912184] flags: 0x100000000000000(node=0|zone=1)
[   57.913255] page_type: f5(slab)
[   57.913992] raw: 0100000000000000 ffff8880096c78c0 dead000000000122 0000000000000000
[   57.915235] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000
[   57.916359] page dumped because: kasan: bad access detected
[   57.917174] 
[   57.917431] Memory state around the buggy address:
[   57.918172]  ffff88800c393400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.919229]  ffff88800c393480: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   57.920294] >ffff88800c393500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.921349]                                         ^
[   57.922113]  ffff88800c393580: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[   57.923159]  ffff88800c393600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   57.924214] ==================================================================
[   57.925412] Disabling lock debugging due to kernel taint
[   59.664151] Bluetooth: hci0: command tx timeout
[   59.664753] Bluetooth: hci1: command tx timeout
[   59.727250] Bluetooth: hci2: command tx timeout
[   59.791846] Bluetooth: hci4: command tx timeout
[   59.855213] Bluetooth: hci7: command tx timeout
[   59.855265] Bluetooth: hci6: command tx timeout
[   59.856087] Bluetooth: hci3: command tx timeout
[   59.983175] Bluetooth: hci5: command tx timeout
[   61.712103] Bluetooth: hci0: command tx timeout
[   61.712884] Bluetooth: hci1: command tx timeout
[   61.775642] Bluetooth: hci2: command tx timeout
[   61.839252] Bluetooth: hci4: command tx timeout
[   61.903164] Bluetooth: hci6: command tx timeout
[   61.903920] Bluetooth: hci3: command tx timeout
[   61.903968] Bluetooth: hci7: command tx timeout
[   62.032076] Bluetooth: hci5: command tx timeout
[   63.761947] Bluetooth: hci1: command tx timeout
[   63.761963] Bluetooth: hci0: command tx timeout
[   63.823086] Bluetooth: hci2: command tx timeout
[   63.887123] Bluetooth: hci4: command tx timeout
[   63.951244] Bluetooth: hci3: command tx timeout
[   63.951344] Bluetooth: hci6: command tx timeout
[   63.951749] Bluetooth: hci7: command tx timeout
[   64.079101] Bluetooth: hci5: command tx timeout
[   65.807136] Bluetooth: hci0: command tx timeout
[   65.807643] Bluetooth: hci1: command tx timeout
[   65.872528] Bluetooth: hci2: command tx timeout
[   65.935169] Bluetooth: hci4: command tx timeout
[   65.999113] Bluetooth: hci7: command tx timeout
[   65.999492] Bluetooth: hci6: command tx timeout
[   65.999849] Bluetooth: hci3: command tx timeout
[   66.127116] Bluetooth: hci5: command tx timeout

VM DIAGNOSIS:
19:19:32  Registers:
info registers vcpu 0
RAX=0000000000000077 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8293dd05 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff88801eddf618
R8 =0000000000000000 R9 =ffffed1001662046 R10=0000000000000077 R11=6330303838386652
R12=0000000000000077 R13=0000000000000010 R14=ffffffff88974780 R15=ffffffff8293dcf0
RIP=ffffffff8293dd5d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e538f000 00000000 00000000
LDT=0000 fffffe1600000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055ed1eb1d008 CR3=000000000f1c0000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffffffffffffffffffff XMM01=2f7273752f3a6e6962732f3d48544150
XMM02=000000000000000000ff000000000000 XMM03=00000000000000000000ff00000000ff
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=5f45424f5250444f4d0068563a623a6b XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000080000000 RBX=ffff88800f0b8000 RCX=0000000000000001 RDX=0000000000000137
RSI=ffff88800f0b8000 RDI=ffffffff81b2ff0a RBP=ffff888009462140 RSP=ffff88800f237ce0
R8 =0000000073f8494e R9 =ffff88806bbaa020 R10=0000000000000001 R11=0000000000000000
R12=0000000000000200 R13=0000000000000000 R14=ffff88800f0b8000 R15=ffff888009462140
RIP=ffffffff84c79de5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e548f000 00000000 00000000
LDT=0000 fffffe1900000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f2bbcabb008 CR3=000000000ce8e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=756e696c2d34365f3638782f62696c2f XMM01=6f732e616d7a6c62696c2f756e672d78
XMM02=00352e6f732e616d7a6c62696c2f756e XMM03=672d78756e696c2d34365f3638782f62
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000