Warning: Permanently added '[localhost]:43184' (ECDSA) to the list of known hosts.
2025/11/16 00:28:20 fuzzer started
2025/11/16 00:28:20 dialing manager at localhost:37161
syzkaller login: [   58.193192] cgroup: Unknown subsys name 'net'
[   58.260630] cgroup: Unknown subsys name 'cpuset'
[   58.275438] cgroup: Unknown subsys name 'rlimit'
2025/11/16 00:28:30 syscalls: 2214
2025/11/16 00:28:30 code coverage: enabled
2025/11/16 00:28:30 comparison tracing: enabled
2025/11/16 00:28:30 extra coverage: enabled
2025/11/16 00:28:30 setuid sandbox: enabled
2025/11/16 00:28:30 namespace sandbox: enabled
2025/11/16 00:28:30 Android sandbox: enabled
2025/11/16 00:28:30 fault injection: enabled
2025/11/16 00:28:30 leak checking: enabled
2025/11/16 00:28:30 net packet injection: enabled
2025/11/16 00:28:30 net device setup: enabled
2025/11/16 00:28:30 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/11/16 00:28:30 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/11/16 00:28:30 USB emulation: enabled
2025/11/16 00:28:30 hci packet injection: enabled
2025/11/16 00:28:30 wifi device emulation: enabled
2025/11/16 00:28:30 802.15.4 emulation: enabled
2025/11/16 00:28:30 fetching corpus: 50, signal 23093/24915 (executing program)
2025/11/16 00:28:30 fetching corpus: 100, signal 34245/37732 (executing program)
2025/11/16 00:28:30 fetching corpus: 150, signal 46698/51671 (executing program)
2025/11/16 00:28:30 fetching corpus: 200, signal 55278/61673 (executing program)
2025/11/16 00:28:30 fetching corpus: 250, signal 63420/71079 (executing program)
2025/11/16 00:28:30 fetching corpus: 300, signal 67396/76446 (executing program)
2025/11/16 00:28:31 fetching corpus: 350, signal 72123/82467 (executing program)
2025/11/16 00:28:31 fetching corpus: 400, signal 76294/87908 (executing program)
2025/11/16 00:28:31 fetching corpus: 450, signal 80600/93378 (executing program)
2025/11/16 00:28:31 fetching corpus: 500, signal 85390/99270 (executing program)
2025/11/16 00:28:31 fetching corpus: 550, signal 88916/103914 (executing program)
2025/11/16 00:28:31 fetching corpus: 600, signal 91559/107670 (executing program)
2025/11/16 00:28:31 fetching corpus: 650, signal 93633/110910 (executing program)
2025/11/16 00:28:31 fetching corpus: 700, signal 96093/114497 (executing program)
2025/11/16 00:28:31 fetching corpus: 750, signal 98080/117597 (executing program)
2025/11/16 00:28:32 fetching corpus: 800, signal 100216/120766 (executing program)
2025/11/16 00:28:32 fetching corpus: 850, signal 101991/123603 (executing program)
2025/11/16 00:28:32 fetching corpus: 900, signal 103923/126550 (executing program)
2025/11/16 00:28:32 fetching corpus: 950, signal 105495/129135 (executing program)
2025/11/16 00:28:32 fetching corpus: 1000, signal 107771/132259 (executing program)
2025/11/16 00:28:32 fetching corpus: 1050, signal 110106/135483 (executing program)
2025/11/16 00:28:32 fetching corpus: 1100, signal 111513/137880 (executing program)
2025/11/16 00:28:32 fetching corpus: 1150, signal 112884/140238 (executing program)
2025/11/16 00:28:33 fetching corpus: 1200, signal 115245/143386 (executing program)
2025/11/16 00:28:33 fetching corpus: 1250, signal 116614/145667 (executing program)
2025/11/16 00:28:33 fetching corpus: 1300, signal 117982/147967 (executing program)
2025/11/16 00:28:33 fetching corpus: 1350, signal 119490/150331 (executing program)
2025/11/16 00:28:33 fetching corpus: 1400, signal 120844/152530 (executing program)
2025/11/16 00:28:33 fetching corpus: 1450, signal 122255/154796 (executing program)
2025/11/16 00:28:33 fetching corpus: 1500, signal 123885/157197 (executing program)
2025/11/16 00:28:33 fetching corpus: 1550, signal 125478/159583 (executing program)
2025/11/16 00:28:33 fetching corpus: 1600, signal 127141/161925 (executing program)
2025/11/16 00:28:33 fetching corpus: 1650, signal 128439/164004 (executing program)
2025/11/16 00:28:34 fetching corpus: 1700, signal 129926/166190 (executing program)
2025/11/16 00:28:34 fetching corpus: 1750, signal 130717/167878 (executing program)
2025/11/16 00:28:34 fetching corpus: 1800, signal 132486/170223 (executing program)
2025/11/16 00:28:34 fetching corpus: 1850, signal 133434/171971 (executing program)
2025/11/16 00:28:34 fetching corpus: 1900, signal 134265/173581 (executing program)
2025/11/16 00:28:34 fetching corpus: 1950, signal 135201/175276 (executing program)
2025/11/16 00:28:34 fetching corpus: 2000, signal 136118/177000 (executing program)
2025/11/16 00:28:34 fetching corpus: 2050, signal 137047/178694 (executing program)
2025/11/16 00:28:34 fetching corpus: 2100, signal 137862/180304 (executing program)
2025/11/16 00:28:34 fetching corpus: 2150, signal 139071/182179 (executing program)
2025/11/16 00:28:34 fetching corpus: 2200, signal 140315/184038 (executing program)
2025/11/16 00:28:35 fetching corpus: 2250, signal 141614/185920 (executing program)
2025/11/16 00:28:35 fetching corpus: 2300, signal 142526/187503 (executing program)
2025/11/16 00:28:35 fetching corpus: 2350, signal 143195/188927 (executing program)
2025/11/16 00:28:35 fetching corpus: 2400, signal 144633/190807 (executing program)
2025/11/16 00:28:35 fetching corpus: 2450, signal 145884/192580 (executing program)
2025/11/16 00:28:35 fetching corpus: 2500, signal 146613/194032 (executing program)
2025/11/16 00:28:35 fetching corpus: 2550, signal 147435/195524 (executing program)
2025/11/16 00:28:35 fetching corpus: 2600, signal 148234/196960 (executing program)
2025/11/16 00:28:35 fetching corpus: 2650, signal 148975/198317 (executing program)
2025/11/16 00:28:35 fetching corpus: 2700, signal 149864/199845 (executing program)
2025/11/16 00:28:35 fetching corpus: 2750, signal 150629/201227 (executing program)
2025/11/16 00:28:36 fetching corpus: 2800, signal 151272/202551 (executing program)
2025/11/16 00:28:36 fetching corpus: 2850, signal 152263/204103 (executing program)
2025/11/16 00:28:36 fetching corpus: 2900, signal 153322/205640 (executing program)
2025/11/16 00:28:36 fetching corpus: 2950, signal 154246/207068 (executing program)
2025/11/16 00:28:36 fetching corpus: 3000, signal 154971/208398 (executing program)
2025/11/16 00:28:36 fetching corpus: 3050, signal 155767/209710 (executing program)
2025/11/16 00:28:36 fetching corpus: 3100, signal 156426/210904 (executing program)
2025/11/16 00:28:36 fetching corpus: 3150, signal 158157/212735 (executing program)
2025/11/16 00:28:36 fetching corpus: 3200, signal 159094/214073 (executing program)
2025/11/16 00:28:37 fetching corpus: 3250, signal 159621/215233 (executing program)
2025/11/16 00:28:37 fetching corpus: 3300, signal 160271/216416 (executing program)
2025/11/16 00:28:37 fetching corpus: 3350, signal 160857/217572 (executing program)
2025/11/16 00:28:37 fetching corpus: 3400, signal 161563/218778 (executing program)
2025/11/16 00:28:37 fetching corpus: 3450, signal 162431/220104 (executing program)
2025/11/16 00:28:37 fetching corpus: 3500, signal 163493/221493 (executing program)
2025/11/16 00:28:37 fetching corpus: 3550, signal 164303/222715 (executing program)
2025/11/16 00:28:37 fetching corpus: 3600, signal 164879/223824 (executing program)
2025/11/16 00:28:37 fetching corpus: 3650, signal 165515/224967 (executing program)
2025/11/16 00:28:37 fetching corpus: 3700, signal 166670/226298 (executing program)
2025/11/16 00:28:38 fetching corpus: 3750, signal 167297/227356 (executing program)
2025/11/16 00:28:38 fetching corpus: 3800, signal 167904/228401 (executing program)
2025/11/16 00:28:38 fetching corpus: 3850, signal 168354/229361 (executing program)
2025/11/16 00:28:38 fetching corpus: 3900, signal 169077/230427 (executing program)
2025/11/16 00:28:38 fetching corpus: 3950, signal 169453/231398 (executing program)
2025/11/16 00:28:38 fetching corpus: 4000, signal 170112/232437 (executing program)
2025/11/16 00:28:38 fetching corpus: 4050, signal 170812/233491 (executing program)
2025/11/16 00:28:38 fetching corpus: 4100, signal 171436/234523 (executing program)
2025/11/16 00:28:38 fetching corpus: 4150, signal 172233/235619 (executing program)
2025/11/16 00:28:38 fetching corpus: 4200, signal 172600/236497 (executing program)
2025/11/16 00:28:39 fetching corpus: 4250, signal 173057/237400 (executing program)
2025/11/16 00:28:39 fetching corpus: 4300, signal 173454/238321 (executing program)
2025/11/16 00:28:39 fetching corpus: 4350, signal 174083/239314 (executing program)
2025/11/16 00:28:39 fetching corpus: 4400, signal 174544/240225 (executing program)
2025/11/16 00:28:39 fetching corpus: 4450, signal 175075/241159 (executing program)
2025/11/16 00:28:39 fetching corpus: 4500, signal 175444/241996 (executing program)
2025/11/16 00:28:39 fetching corpus: 4550, signal 176033/242963 (executing program)
2025/11/16 00:28:39 fetching corpus: 4600, signal 176420/243800 (executing program)
2025/11/16 00:28:39 fetching corpus: 4650, signal 176885/244716 (executing program)
2025/11/16 00:28:39 fetching corpus: 4700, signal 177299/245571 (executing program)
2025/11/16 00:28:40 fetching corpus: 4750, signal 177706/246432 (executing program)
2025/11/16 00:28:40 fetching corpus: 4800, signal 178174/247304 (executing program)
2025/11/16 00:28:40 fetching corpus: 4850, signal 178761/248203 (executing program)
2025/11/16 00:28:40 fetching corpus: 4900, signal 179176/249045 (executing program)
2025/11/16 00:28:40 fetching corpus: 4950, signal 179587/249914 (executing program)
2025/11/16 00:28:40 fetching corpus: 5000, signal 180022/250724 (executing program)
2025/11/16 00:28:40 fetching corpus: 5050, signal 180617/251606 (executing program)
2025/11/16 00:28:40 fetching corpus: 5100, signal 181203/252416 (executing program)
2025/11/16 00:28:40 fetching corpus: 5150, signal 181798/253250 (executing program)
2025/11/16 00:28:40 fetching corpus: 5200, signal 182189/254014 (executing program)
2025/11/16 00:28:41 fetching corpus: 5250, signal 182599/254813 (executing program)
2025/11/16 00:28:41 fetching corpus: 5300, signal 182984/255577 (executing program)
2025/11/16 00:28:41 fetching corpus: 5350, signal 183856/256486 (executing program)
2025/11/16 00:28:41 fetching corpus: 5400, signal 184247/257275 (executing program)
2025/11/16 00:28:41 fetching corpus: 5450, signal 184464/257994 (executing program)
2025/11/16 00:28:41 fetching corpus: 5500, signal 184759/258692 (executing program)
2025/11/16 00:28:41 fetching corpus: 5550, signal 185286/259472 (executing program)
2025/11/16 00:28:41 fetching corpus: 5600, signal 185619/260157 (executing program)
2025/11/16 00:28:41 fetching corpus: 5650, signal 186075/260884 (executing program)
2025/11/16 00:28:41 fetching corpus: 5700, signal 186414/261619 (executing program)
2025/11/16 00:28:41 fetching corpus: 5750, signal 186837/262321 (executing program)
2025/11/16 00:28:42 fetching corpus: 5800, signal 187281/263025 (executing program)
2025/11/16 00:28:42 fetching corpus: 5850, signal 187792/263784 (executing program)
2025/11/16 00:28:42 fetching corpus: 5900, signal 188272/264546 (executing program)
2025/11/16 00:28:42 fetching corpus: 5950, signal 188725/265235 (executing program)
2025/11/16 00:28:42 fetching corpus: 6000, signal 189069/265909 (executing program)
2025/11/16 00:28:42 fetching corpus: 6050, signal 189550/266646 (executing program)
2025/11/16 00:28:42 fetching corpus: 6100, signal 190064/267332 (executing program)
2025/11/16 00:28:42 fetching corpus: 6150, signal 190477/268018 (executing program)
2025/11/16 00:28:42 fetching corpus: 6200, signal 190732/268702 (executing program)
2025/11/16 00:28:42 fetching corpus: 6250, signal 191258/269372 (executing program)
2025/11/16 00:28:43 fetching corpus: 6300, signal 191855/270072 (executing program)
2025/11/16 00:28:43 fetching corpus: 6350, signal 192295/270716 (executing program)
2025/11/16 00:28:43 fetching corpus: 6400, signal 192628/271335 (executing program)
2025/11/16 00:28:43 fetching corpus: 6450, signal 192921/271983 (executing program)
2025/11/16 00:28:43 fetching corpus: 6500, signal 193208/272639 (executing program)
2025/11/16 00:28:43 fetching corpus: 6550, signal 193648/273290 (executing program)
2025/11/16 00:28:43 fetching corpus: 6600, signal 194083/273941 (executing program)
2025/11/16 00:28:43 fetching corpus: 6650, signal 194398/274596 (executing program)
2025/11/16 00:28:43 fetching corpus: 6700, signal 194906/275213 (executing program)
2025/11/16 00:28:43 fetching corpus: 6750, signal 195379/275853 (executing program)
2025/11/16 00:28:43 fetching corpus: 6800, signal 195789/276415 (executing program)
2025/11/16 00:28:44 fetching corpus: 6850, signal 196195/277027 (executing program)
2025/11/16 00:28:44 fetching corpus: 6900, signal 196586/277613 (executing program)
2025/11/16 00:28:44 fetching corpus: 6950, signal 196977/278180 (executing program)
2025/11/16 00:28:44 fetching corpus: 7000, signal 197274/278224 (executing program)
2025/11/16 00:28:44 fetching corpus: 7050, signal 197591/278224 (executing program)
2025/11/16 00:28:44 fetching corpus: 7100, signal 197866/278224 (executing program)
2025/11/16 00:28:44 fetching corpus: 7150, signal 198367/278224 (executing program)
2025/11/16 00:28:44 fetching corpus: 7200, signal 198665/278224 (executing program)
2025/11/16 00:28:44 fetching corpus: 7250, signal 198923/278224 (executing program)
2025/11/16 00:28:44 fetching corpus: 7300, signal 199194/278224 (executing program)
2025/11/16 00:28:44 fetching corpus: 7350, signal 199520/278224 (executing program)
2025/11/16 00:28:45 fetching corpus: 7400, signal 199902/278224 (executing program)
2025/11/16 00:28:45 fetching corpus: 7450, signal 200235/278224 (executing program)
2025/11/16 00:28:45 fetching corpus: 7500, signal 200901/278224 (executing program)
2025/11/16 00:28:45 fetching corpus: 7550, signal 201152/278224 (executing program)
2025/11/16 00:28:45 fetching corpus: 7600, signal 201631/278224 (executing program)
2025/11/16 00:28:45 fetching corpus: 7650, signal 201991/278224 (executing program)
2025/11/16 00:28:45 fetching corpus: 7700, signal 202226/278230 (executing program)
2025/11/16 00:28:45 fetching corpus: 7750, signal 202546/278230 (executing program)
2025/11/16 00:28:45 fetching corpus: 7800, signal 203025/278230 (executing program)
2025/11/16 00:28:45 fetching corpus: 7850, signal 203407/278230 (executing program)
2025/11/16 00:28:46 fetching corpus: 7900, signal 203819/278230 (executing program)
2025/11/16 00:28:46 fetching corpus: 7950, signal 204110/278230 (executing program)
2025/11/16 00:28:46 fetching corpus: 8000, signal 204393/278230 (executing program)
2025/11/16 00:28:46 fetching corpus: 8050, signal 204637/278230 (executing program)
2025/11/16 00:28:46 fetching corpus: 8100, signal 204940/278230 (executing program)
2025/11/16 00:28:46 fetching corpus: 8150, signal 205373/278230 (executing program)
2025/11/16 00:28:46 fetching corpus: 8200, signal 205639/278230 (executing program)
2025/11/16 00:28:46 fetching corpus: 8250, signal 205901/278230 (executing program)
2025/11/16 00:28:46 fetching corpus: 8300, signal 206182/278231 (executing program)
2025/11/16 00:28:46 fetching corpus: 8350, signal 206449/278231 (executing program)
2025/11/16 00:28:47 fetching corpus: 8400, signal 206678/278231 (executing program)
2025/11/16 00:28:47 fetching corpus: 8450, signal 206946/278232 (executing program)
2025/11/16 00:28:47 fetching corpus: 8500, signal 207291/278234 (executing program)
2025/11/16 00:28:47 fetching corpus: 8550, signal 207492/278234 (executing program)
2025/11/16 00:28:47 fetching corpus: 8600, signal 207832/278234 (executing program)
2025/11/16 00:28:47 fetching corpus: 8650, signal 208353/278234 (executing program)
2025/11/16 00:28:47 fetching corpus: 8700, signal 208648/278239 (executing program)
2025/11/16 00:28:47 fetching corpus: 8750, signal 209017/278239 (executing program)
2025/11/16 00:28:47 fetching corpus: 8800, signal 209319/278239 (executing program)
2025/11/16 00:28:47 fetching corpus: 8850, signal 209544/278239 (executing program)
2025/11/16 00:28:48 fetching corpus: 8900, signal 209824/278239 (executing program)
2025/11/16 00:28:48 fetching corpus: 8950, signal 210097/278239 (executing program)
2025/11/16 00:28:48 fetching corpus: 9000, signal 210443/278239 (executing program)
2025/11/16 00:28:48 fetching corpus: 9050, signal 210676/278239 (executing program)
2025/11/16 00:28:48 fetching corpus: 9100, signal 210913/278239 (executing program)
2025/11/16 00:28:48 fetching corpus: 9150, signal 211111/278239 (executing program)
2025/11/16 00:28:48 fetching corpus: 9200, signal 211468/278239 (executing program)
2025/11/16 00:28:48 fetching corpus: 9250, signal 211705/278239 (executing program)
2025/11/16 00:28:48 fetching corpus: 9300, signal 211962/278239 (executing program)
2025/11/16 00:28:48 fetching corpus: 9350, signal 212221/278239 (executing program)
2025/11/16 00:28:48 fetching corpus: 9400, signal 212440/278239 (executing program)
2025/11/16 00:28:49 fetching corpus: 9450, signal 212763/278243 (executing program)
2025/11/16 00:28:49 fetching corpus: 9500, signal 213061/278243 (executing program)
2025/11/16 00:28:49 fetching corpus: 9550, signal 213312/278243 (executing program)
2025/11/16 00:28:49 fetching corpus: 9600, signal 213589/278243 (executing program)
2025/11/16 00:28:49 fetching corpus: 9650, signal 213789/278243 (executing program)
2025/11/16 00:28:49 fetching corpus: 9700, signal 214024/278243 (executing program)
2025/11/16 00:28:49 fetching corpus: 9750, signal 214235/278243 (executing program)
2025/11/16 00:28:49 fetching corpus: 9800, signal 214483/278243 (executing program)
2025/11/16 00:28:49 fetching corpus: 9850, signal 214682/278243 (executing program)
2025/11/16 00:28:49 fetching corpus: 9900, signal 214920/278243 (executing program)
2025/11/16 00:28:49 fetching corpus: 9950, signal 215140/278243 (executing program)
2025/11/16 00:28:49 fetching corpus: 10000, signal 215406/278243 (executing program)
2025/11/16 00:28:50 fetching corpus: 10050, signal 215661/278254 (executing program)
2025/11/16 00:28:50 fetching corpus: 10100, signal 215904/278254 (executing program)
2025/11/16 00:28:50 fetching corpus: 10150, signal 216072/278254 (executing program)
2025/11/16 00:28:50 fetching corpus: 10200, signal 216285/278254 (executing program)
2025/11/16 00:28:50 fetching corpus: 10250, signal 216501/278254 (executing program)
2025/11/16 00:28:50 fetching corpus: 10300, signal 216701/278254 (executing program)
2025/11/16 00:28:50 fetching corpus: 10350, signal 216959/278255 (executing program)
2025/11/16 00:28:50 fetching corpus: 10400, signal 217218/278255 (executing program)
2025/11/16 00:28:50 fetching corpus: 10450, signal 217497/278255 (executing program)
2025/11/16 00:28:50 fetching corpus: 10500, signal 217785/278255 (executing program)
2025/11/16 00:28:50 fetching corpus: 10550, signal 218088/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 10600, signal 218358/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 10650, signal 218519/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 10700, signal 218733/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 10750, signal 219025/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 10800, signal 219288/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 10850, signal 219490/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 10900, signal 219766/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 10950, signal 219987/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 11000, signal 220247/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 11050, signal 220446/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 11100, signal 220697/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 11150, signal 220910/278255 (executing program)
2025/11/16 00:28:51 fetching corpus: 11200, signal 221142/278255 (executing program)
2025/11/16 00:28:52 fetching corpus: 11250, signal 221413/278255 (executing program)
2025/11/16 00:28:52 fetching corpus: 11300, signal 221566/278255 (executing program)
2025/11/16 00:28:52 fetching corpus: 11350, signal 221825/278255 (executing program)
2025/11/16 00:28:52 fetching corpus: 11400, signal 222126/278255 (executing program)
2025/11/16 00:28:52 fetching corpus: 11450, signal 222336/278255 (executing program)
2025/11/16 00:28:52 fetching corpus: 11500, signal 222665/278255 (executing program)
2025/11/16 00:28:52 fetching corpus: 11550, signal 222800/278255 (executing program)
2025/11/16 00:28:52 fetching corpus: 11600, signal 223198/278255 (executing program)
2025/11/16 00:28:52 fetching corpus: 11650, signal 223382/278255 (executing program)
2025/11/16 00:28:52 fetching corpus: 11700, signal 223603/278255 (executing program)
2025/11/16 00:28:52 fetching corpus: 11750, signal 223869/278255 (executing program)
2025/11/16 00:28:52 fetching corpus: 11800, signal 224044/278255 (executing program)
2025/11/16 00:28:53 fetching corpus: 11850, signal 224224/278255 (executing program)
2025/11/16 00:28:53 fetching corpus: 11900, signal 224455/278255 (executing program)
2025/11/16 00:28:53 fetching corpus: 11950, signal 224686/278255 (executing program)
2025/11/16 00:28:53 fetching corpus: 12000, signal 224901/278255 (executing program)
2025/11/16 00:28:53 fetching corpus: 12050, signal 225110/278255 (executing program)
2025/11/16 00:28:53 fetching corpus: 12100, signal 225332/278255 (executing program)
2025/11/16 00:28:53 fetching corpus: 12150, signal 225529/278255 (executing program)
2025/11/16 00:28:53 fetching corpus: 12200, signal 225777/278255 (executing program)
2025/11/16 00:28:53 fetching corpus: 12250, signal 226078/278255 (executing program)
2025/11/16 00:28:53 fetching corpus: 12300, signal 226237/278255 (executing program)
2025/11/16 00:28:53 fetching corpus: 12350, signal 226438/278255 (executing program)
2025/11/16 00:28:53 fetching corpus: 12400, signal 226655/278255 (executing program)
2025/11/16 00:28:54 fetching corpus: 12450, signal 226853/278255 (executing program)
2025/11/16 00:28:54 fetching corpus: 12500, signal 227070/278255 (executing program)
2025/11/16 00:28:54 fetching corpus: 12550, signal 227308/278255 (executing program)
2025/11/16 00:28:54 fetching corpus: 12600, signal 227511/278255 (executing program)
2025/11/16 00:28:54 fetching corpus: 12650, signal 227671/278255 (executing program)
2025/11/16 00:28:54 fetching corpus: 12700, signal 227852/278255 (executing program)
2025/11/16 00:28:54 fetching corpus: 12750, signal 228031/278255 (executing program)
2025/11/16 00:28:54 fetching corpus: 12800, signal 228183/278255 (executing program)
2025/11/16 00:28:54 fetching corpus: 12850, signal 228400/278255 (executing program)
2025/11/16 00:28:54 fetching corpus: 12900, signal 228607/278255 (executing program)
2025/11/16 00:28:54 fetching corpus: 12950, signal 228802/278255 (executing program)
2025/11/16 00:28:54 fetching corpus: 13000, signal 229011/278275 (executing program)
2025/11/16 00:28:55 fetching corpus: 13050, signal 229224/278275 (executing program)
2025/11/16 00:28:55 fetching corpus: 13100, signal 229377/278275 (executing program)
2025/11/16 00:28:55 fetching corpus: 13150, signal 229560/278275 (executing program)
2025/11/16 00:28:55 fetching corpus: 13200, signal 229765/278275 (executing program)
2025/11/16 00:28:55 fetching corpus: 13250, signal 229978/278275 (executing program)
2025/11/16 00:28:55 fetching corpus: 13300, signal 230171/278275 (executing program)
2025/11/16 00:28:55 fetching corpus: 13350, signal 230301/278275 (executing program)
2025/11/16 00:28:55 fetching corpus: 13400, signal 230535/278275 (executing program)
2025/11/16 00:28:55 fetching corpus: 13450, signal 230755/278275 (executing program)
2025/11/16 00:28:55 fetching corpus: 13500, signal 231038/278275 (executing program)
2025/11/16 00:28:56 fetching corpus: 13550, signal 231197/278275 (executing program)
2025/11/16 00:28:56 fetching corpus: 13600, signal 231351/278275 (executing program)
2025/11/16 00:28:56 fetching corpus: 13650, signal 231599/278275 (executing program)
2025/11/16 00:28:56 fetching corpus: 13700, signal 231827/278275 (executing program)
2025/11/16 00:28:56 fetching corpus: 13750, signal 232083/278275 (executing program)
2025/11/16 00:28:56 fetching corpus: 13800, signal 232326/278275 (executing program)
2025/11/16 00:28:56 fetching corpus: 13850, signal 232499/278275 (executing program)
2025/11/16 00:28:56 fetching corpus: 13900, signal 232768/278275 (executing program)
2025/11/16 00:28:56 fetching corpus: 13950, signal 233001/278275 (executing program)
2025/11/16 00:28:56 fetching corpus: 14000, signal 233186/278275 (executing program)
2025/11/16 00:28:57 fetching corpus: 14050, signal 233317/278275 (executing program)
2025/11/16 00:28:57 fetching corpus: 14100, signal 233809/278275 (executing program)
2025/11/16 00:28:57 fetching corpus: 14150, signal 233970/278275 (executing program)
2025/11/16 00:28:57 fetching corpus: 14200, signal 234198/278275 (executing program)
2025/11/16 00:28:57 fetching corpus: 14250, signal 234356/278275 (executing program)
2025/11/16 00:28:57 fetching corpus: 14300, signal 234576/278275 (executing program)
2025/11/16 00:28:57 fetching corpus: 14350, signal 234752/278275 (executing program)
2025/11/16 00:28:57 fetching corpus: 14400, signal 234878/278275 (executing program)
2025/11/16 00:28:57 fetching corpus: 14450, signal 235024/278275 (executing program)
2025/11/16 00:28:57 fetching corpus: 14500, signal 235124/278275 (executing program)
2025/11/16 00:28:58 fetching corpus: 14550, signal 235272/278275 (executing program)
2025/11/16 00:28:58 fetching corpus: 14600, signal 235527/278275 (executing program)
2025/11/16 00:28:58 fetching corpus: 14650, signal 235765/278275 (executing program)
2025/11/16 00:28:58 fetching corpus: 14700, signal 236053/278275 (executing program)
2025/11/16 00:28:58 fetching corpus: 14750, signal 236190/278275 (executing program)
2025/11/16 00:28:58 fetching corpus: 14800, signal 236334/278275 (executing program)
2025/11/16 00:28:58 fetching corpus: 14850, signal 236552/278275 (executing program)
2025/11/16 00:28:58 fetching corpus: 14900, signal 236751/278275 (executing program)
2025/11/16 00:28:58 fetching corpus: 14950, signal 236949/278275 (executing program)
2025/11/16 00:28:59 fetching corpus: 15000, signal 237215/278275 (executing program)
2025/11/16 00:28:59 fetching corpus: 15050, signal 237376/278275 (executing program)
2025/11/16 00:28:59 fetching corpus: 15100, signal 237480/278275 (executing program)
2025/11/16 00:28:59 fetching corpus: 15150, signal 237701/278275 (executing program)
2025/11/16 00:28:59 fetching corpus: 15200, signal 237853/278275 (executing program)
2025/11/16 00:28:59 fetching corpus: 15250, signal 237988/278275 (executing program)
2025/11/16 00:28:59 fetching corpus: 15300, signal 238168/278275 (executing program)
2025/11/16 00:28:59 fetching corpus: 15350, signal 238349/278275 (executing program)
2025/11/16 00:28:59 fetching corpus: 15400, signal 238538/278275 (executing program)
2025/11/16 00:28:59 fetching corpus: 15450, signal 238722/278275 (executing program)
2025/11/16 00:28:59 fetching corpus: 15500, signal 238876/278275 (executing program)
2025/11/16 00:29:00 fetching corpus: 15550, signal 239036/278275 (executing program)
2025/11/16 00:29:00 fetching corpus: 15600, signal 239225/278275 (executing program)
2025/11/16 00:29:00 fetching corpus: 15650, signal 239336/278275 (executing program)
2025/11/16 00:29:00 fetching corpus: 15700, signal 239483/278275 (executing program)
2025/11/16 00:29:00 fetching corpus: 15750, signal 239635/278275 (executing program)
2025/11/16 00:29:00 fetching corpus: 15800, signal 239746/278275 (executing program)
2025/11/16 00:29:00 fetching corpus: 15850, signal 239897/278275 (executing program)
2025/11/16 00:29:00 fetching corpus: 15900, signal 240092/278275 (executing program)
2025/11/16 00:29:00 fetching corpus: 15950, signal 240255/278275 (executing program)
2025/11/16 00:29:00 fetching corpus: 16000, signal 240403/278275 (executing program)
2025/11/16 00:29:00 fetching corpus: 16050, signal 240571/278275 (executing program)
2025/11/16 00:29:00 fetching corpus: 16100, signal 240768/278275 (executing program)
2025/11/16 00:29:01 fetching corpus: 16150, signal 240908/278275 (executing program)
2025/11/16 00:29:01 fetching corpus: 16184, signal 241053/278275 (executing program)
2025/11/16 00:29:01 fetching corpus: 16184, signal 241053/278275 (executing program)
2025/11/16 00:29:03 starting 8 fuzzer processes
00:29:03 executing program 0:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101)
ioctl$TCXONC(r0, 0x540a, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip6_flowlabel\x00')
pidfd_getfd(0xffffffffffffffff, r1, 0x0)
ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f00000000c0)={0x9, 0x100, 0xb33a, 0x1f, 0xc, "0e628f839facafc9"})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0xfc)
ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000140)={0x7, 0x5, 0x8000, 0x3ff, 0xa, "f58ee83953323f50"})
copy_file_range(r0, &(0x7f0000000180)=0x5, r0, &(0x7f00000001c0)=0x100, 0x0, 0x0)
ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000200))
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000240), 0x10000, 0x0)
ioctl$KDGETLED(r2, 0x4b31, &(0x7f0000000280))
r3 = dup3(r2, r1, 0x80000)
ioctl$GIO_FONTX(r3, 0x4b6b, &(0x7f00000006c0)={0x1e5, 0x15, &(0x7f00000002c0)})
ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000700)={0x3f, 0x2, 0x97, 0x7ff, 0x7, "d67d42f4c78704a3"})
syz_open_dev$ttys(0xc, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000740)="a98b3f9bdb553d6ae269a1171c32074d87adefc52cbf37998123b11fac711ff42456dcf238a31a2effcd924c3839685c2f88726660dbb57781a81a3df40a74c39a6aa7e4ea4523890ee53792fc439aac0cbe7327ef0fe3e4eca9fdabaf47f120", 0x60}, {&(0x7f00000007c0)="72d561f74103dade2c60ebb6a7513a22ccfddf23e747b1e3ff3a7af9cb66d3118f4533b0e400238fe5fe97950d0ec0758746dbad01ab4dda983af34e8062d02cdafe10a2bbecd3c7d361e2caa199e46435ec3cf2bf7f163a93962625b92ab607268ca2a48b551515501909c6", 0x6c}, {&(0x7f0000000840)="5a1bda5973fac9df02f31fb972f0269607000657a08f326e69ea68c5e7fa5ea7934fea294e5c1ab3784f1e89eab74c8277065bbfef292c0df3d5dc4e8eca23894d04ec7a24a13891d8a11e84744d62e2be7bef6d834488fdb60a53445b53e5a7688eaf797295a88d174f80ce27a49863d1f6bf3d76efdaf67446c984f8ea58cdbe64064a21d31e91a06f922c4bca61e5d70062ad90fd95446a94913ac1e2bdcff1382d43df1e405e3604a15cc9fe9763a1642c8dedcf", 0xb6}, {&(0x7f0000000900)="7283da27a8948142566654154960b5196eef5013", 0x14}, {&(0x7f0000000940)="ad88e8980fd227f3e5165585f285714d3db1eb874dce97f6b6bee52a8c112d5edadc73e1cadbf9d2487ae443a96cbd0ac096814c93954727362d3a93e717567c35da5d34f90095c17a66d5b65d1bd3dd8f2112cd2f9d0d90d120bf", 0x5b}, {&(0x7f00000009c0)="4dd0d0092e1be9ad66c8f2ef1bebddfa428ef9b084a4bcb720a961d4ddf29071d4705625f1895a613fd6c23ce1a4a802e127f47bdc64edf8ae5344bd0598a933412b8a5b6c85f7b58970151cf35d9e33773e99808a9704338be98a6b7ca4e4a176986999ba43b5033cbfa8bca29a7ad37751ab04c09947112046631705b02ee5389ac229db4871deecd3ab6f3d09b9f88609ca0140e1056e78e793087df79dc2123b662c9b8add242e974716", 0xac}, {&(0x7f0000000a80)="207bc9829c98cb7dfb7b249f955d46a69bf5ddbf1312e2c851a8762316aa9bd1de4b502bd8bb97c9128cddd182f5de0e0f3fce9905c9323093b9d60c34c4d0a1f6d8cc037bb60a36a54e6f5ab5592337c0ecffb88d31b5881b71d56433038a3fb891b106bd4620db68c4a05c891640a407b14ab58552282f12cc35f97bdea3bba1272e8b317f6583244042cae1f65494cf98e928fbd37cf31f67173eac82ec9307dbd47a7485bae2126802c033a5dd14ebb6ee45f43f7ac131407ebe67ba0a6e082ac49c5513dee5ed941561c74017e7ddb535cc9a7243decf0ed650b65b6103148ca12871a34ddd1a6b03222b3d64ae525b57ff8a3fb6d1df64ec2d", 0xfc}, {&(0x7f0000000b80)="e2f590d0a06c76bd5dfbb6ce07da42fe545e0653c9e44a28c81240e6b830cf1e28636ae615ed57f10009b0df7ac473749a6841edb45766a9669567a04f555c1d87a3918225ff5adf7b9049d345fc85d88cf7518554eb13c6dd5d993385af3b4ba9a80d2ab1a3157f841f122794495d909c6d166b8e", 0x75}, {&(0x7f0000000c00)="fbd43a0c1b41cdbfac611271e036d1e6be", 0x11}, {&(0x7f0000000c40)='b3', 0x2}], 0xa}}], 0x1, 0x48898)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000d80), 0x20000, 0x0)
openat(r4, &(0x7f0000000dc0)='./file0/file0\x00', 0x102, 0x140)
ioctl$KDSETKEYCODE(r3, 0x4b4d, &(0x7f0000000e00)={0x2, 0x81})

00:29:03 executing program 4:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendto$inet(r1, &(0x7f0000000040)="3977a3f93b955904595be86ded29e5bd3a8aaa430a233f42ae784378a21c9fd1238b87a96e326beb856cb5e6fff57ed7b1da64a68cd439013d26a9ecfea4cbf5cbe1cf4c601c57ba561d2587141f7b6047963ad1cbaf88629dce320b6a019761b664ffaba2b2077511c88b5a937d8132e202ff55b4de59021b549ca7d407456193e827148da32d7239c7ff7c41b7919ca1346d210820dddc2cb8f2dcc8518d5f574d98c342348500f0376d", 0xab, 0x800, &(0x7f0000000100)={0x2, 0x4e24, @private=0xa010101}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r2=>r0, @in_args={0x4}}, './file0\x00'})
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000180), 0x141, 0x0)
close_range(r2, r3, 0x0)
r4 = accept4$bt_l2cap(r0, &(0x7f00000001c0)={0x1f, 0x0, @fixed}, &(0x7f0000000200)=0xe, 0x80000)
splice(r4, &(0x7f0000000240)=0x68b0, r1, &(0x7f0000000280)=0x8000, 0x100, 0x4)
copy_file_range(r4, &(0x7f00000002c0)=0x7f, r3, &(0x7f0000000300)=0x8, 0x8000000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, <r5=>r0, {0x711}}, './file0\x00'})
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r5, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, 0x2, 0x8, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20000008}, 0x8101)
r6 = fcntl$dupfd(r2, 0x406, r4)
inotify_add_watch(r6, &(0x7f0000000480)='./file0\x00', 0x102)
r7 = syz_io_uring_setup(0xa5a, &(0x7f00000004c0)={0x0, 0x33f6, 0x8, 0x2, 0x339}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000540), &(0x7f0000000580))
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f00000005c0)={{0x1, 0x1, 0x18, r7, {0x7fff}}, './file0\x00'})
splice(r6, &(0x7f0000000600)=0x365, r3, &(0x7f0000000640)=0x1f, 0x0, 0x8)
syz_mount_image$nfs4(&(0x7f0000000680), &(0x7f00000006c0)='./file0\x00', 0x2, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000700)="d744a438712eb2087265c58c1f8281e8fcabf0afa0a018afd5f5aabde8134b61814e60218b614d0899c66a466fcbfc91607cbd92b24406b6bb5d8107d6df63d09936dcd80c1b0e0aa2de6dbb6dde4d53fce2d193ecbaa67fae860e23dd99e68588fe968206b94b235d81ea8b73bcb696ae7acbcbc96804a6a8583db8727a0b5a3ac3ca2ff43d097c69c394b0951628687bbe3079756ac349b85bbeb050bae3cb6efb5d6b4db853a34c9527c9ced0de90d38e134b6c642cf4", 0xb8, 0x80000001}], 0x2040000, &(0x7f0000000800)={[{}, {'$'}, {'/dev/hpet\x00'}, {'Z\')%'}, {'+,,^).\xb4[@+^+'}, {'(*@(+T'}, {'/dev/hpet\x00'}, {'p'}, {'\x00'}], [{@fowner_lt}]})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000880)={{0x1, 0x1, 0x18, r7, {0xffffffffffffffff}}, './file0\x00'})
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r2, 0x8983, &(0x7f00000008c0)={0x8, 'syz_tun\x00', {'ipvlan1\x00'}, 0x4})
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000900)={0x5e, 0x0, 0x0, 0x2}, 0x8)
pselect6(0x40, &(0x7f0000000940)={0x133, 0x4, 0x7, 0xa00, 0x5, 0xfffffffffffffeff, 0x5, 0x8}, &(0x7f0000000980)={0x7, 0x0, 0x8000, 0x8af1, 0x0, 0x3, 0xffff, 0x80000001}, &(0x7f00000009c0)={0x0, 0x0, 0xa7e6, 0x7f, 0x401, 0x5, 0xfffffffffffff801, 0x3}, &(0x7f0000000a00)={0x77359400}, &(0x7f0000000a80)={&(0x7f0000000a40)={[0x3]}, 0x8})

00:29:03 executing program 2:
fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, &(0x7f0000000000))
ioctl(0xffffffffffffffff, 0x61, &(0x7f0000000040)="a7691d87533898870f37cadfd23fe63a95af1891f3c59ff3a78e60b0c20f72a4a9bf42adb4f3a40d850c1fdafc6dd54697fffff7427109acf40d663ae8695b41b34223ff845023727a5e4639804baa5f98715ca0389de9543e2dc929a70fa62843c67f40de8c7345bc171ff50e3ea1a827bc1a4feb3da8d96b65be7d764eee3785c72dbbcf59bdf6c203b7d1d8f1a7b63b51d3b5cabb7319")
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000100)={[0xff0f]}, 0x8)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, 0x0, 0x300, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x8, 0x34}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x20}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x80}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x2}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x7}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x79}]}, 0x60}, 0x1, 0x0, 0x0, 0x801}, 0x4010)
r2 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder-control\x00', 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r2, 0x8010671f, &(0x7f0000000380)={&(0x7f0000000300)=""/79, 0x4f})
setsockopt$inet6_buf(r0, 0x29, 0xcc, &(0x7f00000003c0)="386b2a22f6135ff8bb2c216b16ced5d08b7f1461c4b4fcb841b16f3f3fff96f5689488cfdc0138883ac4a88b1786e73436c8d4512d60bcbfbfc7fceb1e8fae20ddf5203d88cd6dba81bbdeae0e8dab2e9ab84e100c9d7807896193c34926854f59c06754bcf59bf2957c09c2837281cbf843a0b80871ba907d3eb1", 0x7b)
r3 = signalfd(0xffffffffffffffff, &(0x7f0000000440)={[0x5]}, 0x8)
fremovexattr(r0, &(0x7f0000000480)=@known='system.posix_acl_access\x00')
r4 = openat(r3, &(0x7f00000004c0)='./file0\x00', 0x119000, 0x2)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r4, 0xc018937a, &(0x7f0000000500)={{0x1, 0x1, 0x18, r2, {0x9}}, './file0\x00'})
finit_module(0xffffffffffffffff, &(0x7f0000000540)='wlan1\x00', 0x1)
sendfile(r2, r2, 0x0, 0xffffffff)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000580)={{0x1, 0x1, 0x18, <r5=>r2, {0x4}}, './file1\x00'})
ioctl$int_in(r5, 0x5421, &(0x7f00000005c0))
r6 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$PIO_FONTX(r6, 0x4b6c, &(0x7f0000000a00)={0x77, 0x14, &(0x7f0000000600)="97ce7444f435761e5891d601713b829fe988e86e0c9146d3749f1ed3adb0cd8985da77ca1c50b6b56849eaa48cb9e509dec607d8e1b180ac4d7d148fc111b2b79faa6654fb6a3aadd39eae0d5c2b21535d54e3713dfdeb54323c92ab84d6a24c59fbe611ceabc3eb906a4f965ce0f78884e73bded1430a66c44658714c3c8f54fd735767823fe3959a612b43f8789f6d0c0711f1e0959b358bc2198d87ef7bb8b2ecf30382d4aed93748a7306edfd9943f6cc5c586bb3b9df40d6e2a76588e32dcbd57af4574b8a0531882ddc4e47dcc6f9f33b9675ac558764d7d2cac364e83949ec314011e7f031c6fffd72f4d57f9b0a645c2b444366682e1f7500e4122f91f6a22814a4a16623fbb117128dc4cfdb6bcc3f2d88d97276ebd7b25195b40000e59d96313f0ebc20bdfca40c9c110c645b1fbe2e0ea258640e75d4b6841b59d4a8f364617e1487614e105e36cc3493bf16353f26b82516fe49c73ff3bbde7e0122451ce90cdab0c31275dcf3352445dcd15d9951f5c57f28649b95fa2fa59ff12e67afe27f8c85abf84aeac2e41d782e9797d19ebf5c1ae8edd02e34b69332fea4ab9c45d39b1675c6770b2d0cdaf4b7c86de31eb3e32632a8308ff2df9a864dc31254dc3a04e6e1b2e3729ad5c15a28e87b488ef2f30c2b2890b5dc05db6c91962469492a3369f7f51b6b1b2f8e9b04cb6fbad674552ff224fe1e689eb8c9a15e723dbd84f80f7ed72a43fc6ceb646243ec6b14f9462fb6153f04314bef0de75cfb5f756a7bca8f04f142a1325edd4de2e8b3a515c7e0580f1ffe707cd5b7cdddbd98a223d51fa57c2a9e3b5d9e9bebcc6290fe19894228f7cfbdfd6bb3fe00a66a74727e2a1aa01ba9de43bbd5dd069fb925d5fd7a01fac4ffa0a7f01dbca3744dff6e5d611bf3b70ee4518870337c519be5cb0a8a415d7d4146fbee0f9772c50ce798326a3954d3ceb5f0e6dbd9083cebcf6c1498de3a4ee13f589731909476398acdcaf29c3ce791965e024822d4b1810f790cd0612b5739f84653cb11216e5ef37c8d2c5cb24ddcc03d65fcac3d12a5426292ed8c16198df3ea02db19c9c3fba7d82161e8a47ca804fc5637fcc06dbaca99714ed74055b9d1b98550192037bed0b260734b613e430b428918b5f7da9891c511c0033f56d7cc06061a88272a1438d58d0609b7580c82f355ec70b22229d8ece58a4d3dc4f13b824d7d20929df477359f8fad4dda1ee23bb23b8f69dcd5880d5be0910677cdfb6407bbe6c29425fa64e4b99acff7690c4cb8fc8207b3226c0e10b5d51a698bb5686cd254ec7fb60d53ef91eb9f7ddb78033071cebda7f433afcd5958731c03c261df64ecfb4d59c4cc46d56be0b01bd4747cdd0e61e21f8b80833a1af0c87d8bb5f39239413c61738ef5828c6976420cdc63dbe9b8c93fedb2c8a8153a827c1186d098eb5"})
readahead(0xffffffffffffffff, 0x127, 0x2716)
sendmsg$TIPC_CMD_SHOW_PORTS(r3, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x1c, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1)

00:29:03 executing program 3:
r0 = syz_io_uring_setup(0x50a2, &(0x7f0000000000)={0x0, 0xf0e8, 0x2, 0x2, 0x3c7}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0))
writev(r0, &(0x7f0000000300)=[{&(0x7f0000000100)="ac8908377b50ba2763e1c59ec4cc8745b06b3fb7b32a071c8e423a9151c703b2f97855ec6337322fc335a74054acfe1d6c13b56ad7a12396e9c7d3623c3995148b4d986ee6fe35038bb85da58a0112a3c7bc0a0ecb4c7d0af8702254b2d1756d3a5b71592236a7707d467e913e816dcc3822e94eaaf5e4e6bf28b503d6091717b8e2b317fced041a7966af87abd24793e8c1699dacdb1d31af22b70fc4924f5febe7ec5e1c9f2f0eb8add9aae44977146590bfba2bfa3661adee6c608fe1", 0xbe}, {&(0x7f00000001c0)="65b06b9b06d9f36bec8af8226ef9c7d204ce2d3ff6a81d6438cc288c0f11e657b6aae088eaaf570341f50c804683b01ecff3b1e05907fe850f39ac85762fcfccbd4babe1b079aeaefac67797e529bc2b2fc37ecf800cfabb", 0x58}, {&(0x7f0000000240)="c533f6ec35ba02253edb165ca90d9925090865e4bad33265e4e61eeb4553456d68754d0767af983f64256cf0555c1852c4f8353d01f3", 0x36}, {&(0x7f0000000280)="f21006c942b5602ca6d43174110e49d58ef8ca6ea4db2c550aa2a4eb9687bcae5cdc8cfcccc28959103f5d43a27eaafc1760c1920d19c05154accdf323b42c6f1bb3cbec6b39aa", 0x47}], 0x4)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000340), 0x44000, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000380)=@IORING_OP_SPLICE={0x1e, 0x4, 0x0, @fd=r2, 0x100000001, {0x0, r0}, 0xcb7, 0x2, 0x1, {0x0, 0x0, r0}}, 0x9de4)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x7, 0x0)
r4 = dup3(r2, r3, 0x80000)
r5 = accept4$unix(r4, &(0x7f00000003c0), &(0x7f0000000440)=0x6e, 0x80800)
close_range(r5, r0, 0x2)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000480)={{0x1, 0x1, 0x18, <r6=>r0, @out_args}, './file0\x00'})
connect$bt_l2cap(r6, &(0x7f00000004c0)={0x1f, 0x9, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0xb000, 0x2}, 0xe)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r6, 0x6, 0x1, &(0x7f0000000500)={0x7f, 0x0, 0xff89, 0xff, 0x2f, 0x4, 0x1000}, 0xc)
ioctl$sock_inet_SIOCADDRT(r6, 0x890b, &(0x7f0000000580)={0x0, {0x2, 0x4e24, @remote}, {0x2, 0x4e22, @private=0xa010102}, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x21, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000540)='ip6_vti0\x00', 0x4, 0x7f, 0xc8d0})
r7 = fsmount(r6, 0x0, 0xf8)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r7, 0x6, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0xc)
fcntl$F_GET_RW_HINT(r6, 0x40b, &(0x7f0000000680))
r8 = syz_open_dev$tty20(0xc, 0x4, 0x1)
write(r8, &(0x7f00000006c0)="c89b0dc0636fcaec2bfc2ab41598026a92ecf7536d8dfa5b19ba8093dbe19a41d2535bcc5182e07deb2a0cb9806205da0ed65496ff9405dba9298820e2108b88fb4ca1fcd51e39c6a7ad23a1203f9fd9069c8a395594a6cd3e35593d786f50a5", 0x60)
r9 = syz_io_uring_complete(r1)
ioctl$AUTOFS_DEV_IOCTL_READY(r9, 0xc0189376, &(0x7f0000000740)={{0x1, 0x1, 0x18, r6}, './file0\x00'})
io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f00000007c0)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x22)

[  100.791571] audit: type=1400 audit(1763252943.110:7): avc:  denied  { execmem } for  pid=276 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
00:29:03 executing program 7:
r0 = syz_open_pts(0xffffffffffffffff, 0x44400)
ioctl$KDGKBTYPE(r0, 0x4b33, &(0x7f0000000000))
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
ioctl$TCXONC(r1, 0x540a, 0x0)
ioctl$TCXONC(r1, 0x540a, 0x2)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000080)=0x1)
r2 = fcntl$dupfd(r1, 0x406, r0)
ioctl$TIOCGRS485(r2, 0x542e, &(0x7f00000000c0))
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x640000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x4, 0x70bd25, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x4000010}, 0x4001)
socketpair(0x1, 0x801, 0x5, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
io_submit(0x0, 0x3, &(0x7f00000004c0)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0xf, 0xfffe, r0, &(0x7f0000000200)="3d7ca0954d6e02c5c895f3523ef96a803a09a09e2da10377fa4715b878ee363d9f54111f85bb6f881b8aa07eefd516e7c7d9240ac9529f27167be37593d4240d0278625d31ade1881c46b58777c0f864b6d6fb143377075ad217c140a349643b2675e9a12ed26a0b89325863f41cbacfe67021a67293ea39a4b53b7ef5430c832127a8c108077f812dde25a54e989fc1604392bece86738369e5257aaa726ce1007e77617ac65a63b45829788ca749b6194075", 0xb3, 0x800}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x4, 0x89, r4, &(0x7f0000000340)="73c7862b10c55f6af4574de28d5128ded99dc645c04bf5c9aecb632d47a6b0f58e42297d9425f0c6382c22ee4a298dbdf7bbaa", 0x33, 0x2, 0x0, 0x1, r1}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x7, 0x80, r1, &(0x7f00000003c0)="3cc00f4c068ebadf8f8dc357f37b832144cc60d83e084a8418defaafef59acb2f249ce50493f86ac4a453d4dcd6a06ed4ae81b16339c1b94b8b85e6a9b5fe06dc3c54bb069cff8c4ca0c6cd316097aa41c6f9bd63843dc3e98f77ec43e085a75e3e984172c432dbad477a4a15f55249e62643144e755b8ff45475ef6595a01f4aac82663f49de518c3ce50a432accb", 0x8f, 0xff, 0x0, 0x3}])
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
writev(r5, &(0x7f0000000540)=[{&(0x7f0000000500)="097e808910accf1d8ccbf9e2b13d3b4b3bb80bf0a8192a5b9763a2ae8d6560ebe540beeb69868b0837ada2d86e0802d7cb871cf5d89171dd3d", 0x39}], 0x1)
open(&(0x7f0000000580)='./file0\x00', 0x1f61cca69317ce25, 0x0)
readv(r3, &(0x7f0000000940)=[{&(0x7f00000005c0)=""/19, 0x13}, {&(0x7f0000000600)=""/154, 0x9a}, {&(0x7f00000006c0)=""/20, 0x14}, {&(0x7f0000000700)=""/55, 0x37}, {&(0x7f0000000740)=""/170, 0xaa}, {&(0x7f0000000800)=""/189, 0xbd}, {&(0x7f00000008c0)=""/110, 0x6e}], 0x7)
sendmsg$DEVLINK_CMD_PORT_GET(r1, &(0x7f0000000a80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x38, 0x0, 0x400, 0x70bd26, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x800)
ioctl$TIOCGETD(r5, 0x5424, &(0x7f0000000ac0))
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000b40)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_GET_INTERFACE(r6, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x74, 0x0, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x74}, 0x1, 0x0, 0x0, 0x8801}, 0x841)

00:29:03 executing program 5:
sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x1, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}}, 0x4c800)
listen(0xffffffffffffffff, 0x5)
sendmsg$AUDIT_USER(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, 0x3ed, 0x8, 0x70bd29, 0x25dfdbfc, "cdc344dd134b2da405e483898ed441f942eb1b27ea9c13ddd5d08050a0f47b58", ["", ""]}, 0x30}}, 0x4800)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/class/mem', 0x2, 0x2)
sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000480)={&(0x7f0000000280)={0x1c8, 0x1, 0x3, 0x301, 0x0, 0x0, {0x1}, [@NFQA_PAYLOAD={0xc7, 0xa, "5456a2cbcb2e9ee8b98cc71228b8d4ab0a460824dfa5609fc9bdbc12c63d9c8d5dcb6afe28249eeedb034a12e8cb5dd8e3e119f481ef39cd98cd7a2f676fee63524064aa7ea0eae3b518ec02735e249be0ebdcbda414d9f169788d9c128b12014739baf99863a54713e5b3c14b09d3aaea968f747edf8077fade6e2325ce27cf953a47a8f0f773f17d708224bbdcd5020e0b580f5fa8286c2ae7ea81ac134d707a0b9eb2d764e336c43ee0a227072926f79b28c722f30dc594d28a8a425001b162072b"}, @NFQA_CT={0xd8, 0xb, 0x0, 0x1, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x9}, @CTA_LABELS={0x8, 0x16, 0x1, 0x0, [0x5]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x2}, @CTA_NAT_SRC={0xc, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @multicast2}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}, @CTA_LABELS={0x10, 0x16, 0x1, 0x0, [0x6, 0x3, 0x6]}, @CTA_LABELS_MASK={0x14, 0x17, [0x3, 0x8, 0x6, 0x1]}, @CTA_TUPLE_ORIG={0x5c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @local}}}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x1}, @CTA_NAT_DST={0x20, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @private=0xa010102}, @CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00'}]}]}, @NFQA_CT={0xc, 0xb, 0x0, 0x1, [@CTA_MARK={0x8}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x1}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x2004c801}, 0x8894)
r1 = openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x0, 0x101)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/module/acpi_x86', 0x402200, 0x20)
sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000740)={&(0x7f00000005c0)={0x150, 0x0, 0x0, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x134, 0xc, 0x0, 0x1, [{0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb3a6}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x36de8a3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9440}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9823}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc557}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4677550e}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6124}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7c95a7d1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x719c9456}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7322}]}, {0x4c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xf1ba4db}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1718}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5f126ba7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3609}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd38c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x79aa637}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x63f8539a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe795}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33d}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xf19f73d}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x32561ece}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd093}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x58af46c7}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7ced63f2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd79f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x559b366}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1dd4324e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2f94}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xce17}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcd07}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1324}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf0d7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xef8a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf4b5}]}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000)
r2 = syz_open_dev$mouse(&(0x7f00000007c0), 0x1, 0x101800)
fremovexattr(r2, &(0x7f0000000800)=@known='security.apparmor\x00')
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000840), 0x10400, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000ac0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x46220a0}, 0xc, &(0x7f0000000a80)={&(0x7f00000008c0)={0x1b8, 0x0, 0x800, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x80}]}, @TIPC_NLA_MEDIA={0x30, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}]}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}]}, @TIPC_NLA_NODE={0x50, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3d, 0x4, {'gcm(aes)\x00', 0x15, "ef0263d7c44afa85731c2d991f9fc76f5678ef5067"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_NET={0x5c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3df}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3ff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffffffffe1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffffff}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xb42}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xa00000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x28}]}, @TIPC_NLA_MEDIA={0x70, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3c4}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe632}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000048)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000b00)='/sys/kernel/oops_count', 0x342400, 0x0)
ioctl$TCFLSH(r0, 0x540b, 0x1)
r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000b40), 0x20000, 0x0)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000bc0), r2)
getsockname$packet(r1, &(0x7f0000000c40)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000c80)=0x14)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000004b80)={'ip6gre0\x00', &(0x7f0000004b00)={'ip6_vti0\x00', <r7=>0x0, 0x2f, 0x2d, 0x1, 0x5, 0x29, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1c}}, @mcast2, 0x40, 0x700, 0x2, 0x5}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000005180)={'syztnl0\x00', &(0x7f0000005100)={'sit0\x00', <r8=>0x0, 0x2f, 0xfa, 0x0, 0x8, 0xf, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @empty, 0x40, 0x7, 0x9, 0x8}})
sendmsg$ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000005340)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000005300)={&(0x7f00000051c0)={0x10c, r5, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x40800}, 0x4)

00:29:03 executing program 6:
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}]})
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x0, 0x0)
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f00000000c0))
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x541c, &(0x7f0000000100))
ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000000140)="f6ce090519c9b5ad474bb8628ef28951e71ae0774525d5ab884636eb7491c3418da23faaeaaa8e4ba913ea5315f0c26c22161ae4d5b3164845628ab33d2ebcf235bd0360b2fefc719d")
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000001c0)='ns/pid\x00')
r2 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x103000, 0x100, 0x28}, 0x18)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r3=>r0, {0x4}}, './file0\x00'})
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000002c0)={0x4, 0x7, 0x8, 0x0, 0x0, [{{r1}, 0x790}, {{r2}, 0xfff}, {{r0}, 0xbe3}, {{r0}}, {{r0}, 0x3}, {{r3}, 0x40}, {{r0}, 0x1}, {{r0}, 0x10000}]})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/asound/seq/clients\x00', 0x0, 0x0)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x24, 0x0, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r5}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r1}]}, 0x24}, 0x1, 0x0, 0x0, 0x20004000}, 0x4)
stat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580))
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r5, 0xc0189373, &(0x7f0000000600)={{0x1, 0x1, 0x18, <r6=>r5, {0x1f}}, './file0\x00'})
ioctl$TIOCMGET(r6, 0x5415, &(0x7f0000000640))
ioctl$NS_GET_OWNER_UID(r5, 0xb704, &(0x7f0000000680))
bind$unix(r0, &(0x7f00000006c0)=@file={0x1, './file0\x00'}, 0x6e)
sendmsg$NFQNL_MSG_VERDICT(r5, &(0x7f0000000a40)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000780)={0x24c, 0x1, 0x3, 0x301, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFQA_EXP={0x134, 0xf, 0x0, 0x1, [@CTA_EXPECT_FN={0x13, 0xb, 'callforwarding\x00'}, @CTA_EXPECT_ZONE={0x6}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'irc-20000\x00'}, @CTA_EXPECT_NAT={0xfc, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x64, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @private2}}}]}, @CTA_EXPECT_NAT_TUPLE={0x94, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xd}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x27}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @local}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010100}, {0x8, 0x2, @empty}}}]}]}, @CTA_EXPECT_ID={0x8}]}, @NFQA_EXP={0x2c, 0xf, 0x0, 0x1, [@CTA_EXPECT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x200}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x2}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc}}, @NFQA_PAYLOAD={0xb6, 0xa, "158c2df979598d8811204413c9b52f282663ff5bd62407d6008ecd5072439750df4d42dda78a727d6daf8dd1018b5917cdec1b0163518cee9cd4b48ac76ee01535026412c9dc092f3c52471edbe131f32a715570ea9c58862a810d2044a78e149f4a299b94271a2373a8473c713659368f5db01344a84f5e510593d6bb0ca6c07606f138dbeb1ee1581fe39f9013b901c3d31f5c35a115c87b77fc5206a7dc29a6b0d0486539360b6c3a9c2859efc1f702e1"}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0x400}}]}, 0x24c}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
r7 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TCSETA(r7, 0x5406, &(0x7f0000000a80)={0x2, 0x80, 0x6, 0x3, 0x2, "2645cec97e9d7a7b"})

00:29:03 executing program 1:
r0 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r1=>r0, {0x1}}, './file0\x00'})
fcntl$setstatus(r0, 0x4, 0x800)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r2=>r1}, './file0\x00'})
ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f00000000c0)={{0xfffffffe, 0x7}, 0x100, './file0\x00'})
r3 = openat2(r1, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x3, 0x4, 0x1}, 0x18)
fcntl$F_GET_FILE_RW_HINT(r3, 0x40d, &(0x7f0000000280))
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f00000002c0))
r4 = fcntl$dupfd(r2, 0x0, r0)
r5 = fspick(r3, &(0x7f0000000300)='./file0\x00', 0x1)
ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000340)={{r5}, {@val, @actul_num={@void, 0x2, 0x6d}}})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000380)={<r6=>0x0, ""/256, <r7=>0x0, <r8=>0x0})
ioctl$BTRFS_IOC_TREE_SEARCH(r2, 0xd0009411, &(0x7f0000000580)={{<r9=>r7, 0xa8, 0x2, 0x1f, 0xbb, 0x8, 0x1ff, 0xfff, 0x3f, 0x6, 0x10000, 0x0, 0x3000000, 0x401, 0x8001}})
connect$802154_dgram(r2, &(0x7f0000001580)={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0102}}}, 0x14)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f00000015c0)={0x1000, [{r6, r8}, {r7, r8}, {r9, r8}, {r7, r8}, {r6, r8}, {r9}, {r7, r8}, {r6, r8}, {r6, r8}, {r6, r8}, {r7, r8}, {r6, r8}, {r9, r8}, {r7, r8}, {r7, r8}, {r7, r8}, {r6, r8}, {r9, r8}, {r9, r8}, {r6, r8}, {r9, r8}, {r6}, {r9, r8}, {0x0, r8}, {r6, r8}, {r6, r8}, {r6, r8}, {r9, r8}, {r6, r8}, {r6, r8}, {r7, r8}, {r6, r8}, {0x0, r8}, {r9}, {r6, r8}, {r7, r8}, {r6, r8}, {r7, r8}, {r9, r8}, {r9, r8}, {0x0, r8}, {r6, r8}, {r7, r8}, {r9, r8}, {r7, r8}, {r6, r8}, {r6, r8}, {r9, r8}, {r9, r8}, {r7, r8}, {r6, r8}, {r6, r8}, {r6, r8}, {0x0, r8}, {r6, r8}, {r7, r8}, {r7, r8}, {r6, r8}, {r7, r8}, {r9}, {r6, r8}, {r6, r8}, {r9, r8}, {0x0, r8}, {r6, r8}, {r6}, {r6, r8}, {0x0, r8}, {0x0, r8}, {r7, r8}, {r6, r8}, {r6, r8}, {r6, r8}, {r9}, {0x0, r8}, {r7}, {r6, r8}, {r9}, {r6, r8}, {<r10=>r9, r8}, {r7, r8}, {r9, r8}, {r6, r8}, {r7, r8}, {r9}, {r6, r8}, {r7, r8}, {0x0, r8}, {r6, r8}, {r7, r8}, {r6, r8}, {r6, r8}, {r6, r8}, {r6, r8}, {r6}, {r6, r8}, {r9, r8}, {0x0, r8}, {r6, r8}, {r9, r8}, {r7, r8}, {r6, r8}, {r9, r8}, {0x0, r8}, {r7, r8}, {r9, r8}, {r9, r8}, {r7, r8}, {r6, r8}, {r7, r8}, {r6, r8}, {r6, r8}, {0x0, r8}, {r9}, {r6, r8}, {r6}, {r7, r8}, {0x0, r8}, {r6, r8}, {r7, r8}, {r7, r8}, {r6, r8}, {r6, r8}, {r7, r8}, {r9, r8}, {r7, r8}, {r7, r8}, {r7, r8}, {r9, r8}, {r6, r8}, {r6, r8}, {r7, r8}, {r7, r8}, {r9, r8}, {r9}, {r7, r8}, {r6, r8}, {r9, r8}, {r7, r8}, {r7, r8}, {r7, r8}, {r6, r8}, {r7, r8}, {r7, r8}, {r9}, {r6, r8}, {r6, r8}, {r6, r8}, {r7, r8}, {r6, r8}, {r7, r8}, {r6, r8}, {r7, r8}, {r9, r8}, {r9}, {r9, r8}, {r6, r8}, {r7, r8}, {r6, r8}, {r9, r8}, {r6, r8}, {r7, r8}, {r7, r8}, {r6, r8}, {r7, r8}, {r7, r8}, {r9, r8}, {r6, r8}, {r6, r8}, {r7, r8}, {}, {r6, r8}, {0x0, r8}, {r9, r8}, {0x0, r8}, {r7, r8}, {r9, r8}, {r6, r8}, {r6, r8}, {r7, r8}, {r7, r8}, {r9, r8}, {r9, r8}, {r6, r8}, {r9, r8}, {r6}, {r9, r8}, {r6, r8}, {r7, r8}, {r7, r8}, {r7, r8}, {0x0, r8}, {r7, r8}, {0x0, r8}, {r7, r8}, {r6, r8}, {r6, r8}, {r6}, {0x0, r8}, {r9}, {r6, r8}, {r9, r8}, {r9, r8}, {r7, r8}, {r7, r8}, {r6, r8}, {r9, r8}, {r7, r8}, {r6, r8}, {r9, r8}, {r9, r8}, {r7, r8}, {r6, r8}, {0x0, r8}, {0x0, r8}, {r7, r8}, {r9, r8}, {r9, r8}, {r6, r8}, {r6, r8}, {r9}, {r9}, {r7, r8}, {r7, r8}, {r6, r8}, {r9, r8}, {r6, r8}, {0x0, r8}, {r7, r8}, {r7, r8}, {r6, r8}, {r6, r8}, {r9, r8}, {r7, r8}, {r7, r8}, {r9, r8}, {r9, r8}, {r9, r8}, {r9, r8}, {r9, r8}, {r6, r8}, {r7, r8}, {r6}, {r6, r8}, {r9, r8}, {r7, r8}, {r6, r8}, {r9}, {r9, r8}, {r7, r8}, {r9, r8}, {r6}, {r9, r8}, {r9, r8}, {r9, r8}], 0x1, "35f065947a3952"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f00000025c0)={0x7, [{r9, r8}, {r9, r8}, {r7, r8}, {r9, r8}, {0x0, r8}, {0x0, r8}, {r7, r8}, {0x0, r8}, {r7, r8}, {r7, r8}, {0x0, r8}, {r6, r8}, {r7}, {r9, r8}, {r9, r8}, {r7, r8}, {r7, r8}, {r6, r8}, {r6, r8}, {r7}, {r9, r8}, {r9, r8}, {r7, r8}, {r6, r8}, {r9, r8}, {r6, r8}, {r6, r8}, {r7, r8}, {r6, r8}, {r7, r8}, {r9, r8}, {r6, r8}, {r9, r8}, {r6, r8}, {r6, r8}, {r9, r8}, {r6, r8}, {r6, r8}, {r7, r8}, {r7, r8}, {r6, r8}, {r7}, {r9, r8}, {0x0, r8}, {r9, r8}, {r7}, {r6, r8}, {r7, r8}, {0x0, r8}, {r9}, {r9, r8}, {r7, r8}, {r7, r8}, {r6, r8}, {r6, r8}, {r9, r8}, {r9, r8}, {r6, r8}, {r7, r8}, {0x0, r8}, {r6, r8}, {r7, <r11=>r8}, {r6, r8}, {r6, r8}, {r6, r8}, {r7, r8}, {r7, r8}, {r7, r8}, {r7, r8}, {r7, r8}, {r9, r8}, {r9, r8}, {r9, r8}, {r6, r8}, {r9, r8}, {r7, r8}, {r6, r8}, {r6, r8}, {r9, r8}, {r9, r8}, {}, {r9, r8}, {r6, r8}, {r7, r8}, {r9}, {r6, r8}, {r6, r8}, {0x0, r8}, {r9, r8}, {r9, r8}, {r7, r8}, {r7, r8}, {r9, r8}, {r6, r8}, {r7, r8}, {r6, r8}, {r9, r8}, {r7, r8}, {r6, r8}, {r9, r8}, {r9, r8}, {r7, r8}, {r9, r8}, {r9, r8}, {r7, r8}, {r9, r8}, {r9, r8}, {r6}, {r6, r8}, {r9, r8}, {0x0, r8}, {r9}, {r7, r8}, {r7, r8}, {r6, r8}, {r6, r8}, {0x0, r8}, {r6, r8}, {0x0, r8}, {0x0, r8}, {r6, r8}, {}, {r6}, {r6}, {0x0, r8}, {r7, r8}, {r6, r8}, {r6}, {r9, r8}, {r9, r8}, {r6}, {r6, r8}, {0x0, r8}, {r7, r8}, {r6, r8}, {r7, r8}, {r7}, {0x0, r8}, {0x0, r8}, {r9, r8}, {r9, r8}, {0x0, r8}, {r7}, {0x0, r8}, {r7, r8}, {r7, r8}, {0x0, r8}, {r7, r8}, {r7, r8}, {r9, r8}, {r6}, {r7, r8}, {r9, r8}, {r7, r8}, {r7, r8}, {r7, r8}, {r6, r8}, {0x0, r8}, {r6, r8}, {r9, r8}, {0x0, r8}, {r9, r8}, {r9, r8}, {r6, r8}, {r9, r8}, {r7, r8}, {r7, r8}, {r9, r8}, {r9, r8}, {r6}, {r9, r8}, {r9, r8}, {r9, r8}, {r9}, {r6, r8}, {r6, r8}, {r6, r8}, {r9, r8}, {r6, r8}, {r7}, {0x0, r8}, {r7, r8}, {r7, r8}, {r9, r8}, {r7}, {r7}, {r7, r8}, {r7, r8}, {0x0, r8}, {r7, r8}, {r9, r8}, {r6, r8}, {r7}, {r6, r8}, {r9, r8}, {r7, r8}, {r9, r8}, {r6, r8}, {r9, r8}, {0x0, r8}, {r7, r8}, {r6, r8}, {r9}, {r7}, {r6}, {r9, r8}, {r6, r8}, {r9, r8}, {r7, r8}, {r7, r8}, {0x0, r8}, {r6, r8}, {r6, r8}, {r7, r8}, {r6, r8}, {r9, r8}, {0x0, r8}, {r6, r8}, {r6, r8}, {0x0, r8}, {r7, r8}, {r9, r8}, {r6, r8}, {r6, r8}, {r9, r8}, {r9, r8}, {r9, r8}, {r6, r8}, {r9, r8}, {r6, r8}, {r6, r8}, {r7, r8}, {r9, r8}, {r6, r8}, {r9, r8}, {r7, r8}, {r6, r8}, {r7, r8}, {r9, r8}, {0x0, r8}, {r9, r8}, {r6, r8}, {r9, r8}, {r6, r8}, {r7, r8}, {r7, r8}, {r7}, {r6, r8}, {r9, r8}, {r6, r8}, {r6, r8}, {r9, r8}, {r7, r8}, {r6, r8}], 0xff, "6ff6103810df9c"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r5, 0xd000943e, &(0x7f00000035c0)={r8, <r12=>r9, "634c0e902b5a158fd7494b2c2de48bb9aa3b77553d916dcb8d75b784ad6aec8c6b303a80a8e2d3f9f775371e34c43486222a6ebb030912e56428b00ec5afbfa6530ddd7f83f00acffb3e9c4951e17ae4d957b07670aab0378bb527276c2dee0016003f9ceb13ed29fc943ee7222741a768ba57aa48f37743c7bae022c7038e66c2f8374da75ffb0b2d3b13d88ac4c32b70ace3081fbe600707fdd2f1c86854fc79c137660343b70b9ab58b595ec9d583e418d98739e45ac4b94589d6231e28689bef9adf259d6af3201740e27f9723ab67ccc1a4bc6f6c0c9a6958a355d701cd820218ca53c8fade47d27f532502967b6550c6bf454d45fc0946c604d7442c06", "c8ff480b80ea39425c904b162a6bb335cf7d4078a8dd9a74eb1bff30ef01e8cc8b3f81612063ffcff62505490742e299db62b8c0eea6c985ca79959197f870a8b48cdaab7f5b0ce3386215ee24d101f4689fb81e737aa353cf4f1dc88a08bfdc77209e77c7e3b20b436985d77f66404c0017c7a25ddbadc446e180ae102d378fb0a63ddbc3f816539044658b89c816782008f47c1bff5b8c6e8290ea9707f36207d78c9a6365e0903afa7f957f66aba71a74fdd69f812c1e173c0b90cfe3efd7e84d30b435266b61c3e21d1418c87ed4f24a1dae2056be4d37e7aaa3f8302755bd4ea57cc08acf1ec9f9d0ee6dee7d6b4f3162e0f5a543544eb4a0a5751433ad330f406bfc55648ee6bada64b144c8910e475f7829b4e5260c437fe5173275a338d563a7cea9f0d73d5834cef1246c2d6a170d274a19bb2e45661b168117227e664623f71edc60fbfb7bf9a694684ae904c7e0ee055d515c34f113625270e09120c3b547f5bdc6d080b3dad672c580151a088d69043d9a36b9ae561242b0a0c1f5e3eac19ad312ccf90b1507d13b9bf293b9b9223feba824193f040bdf96a596fb1013c4785a9ba5de4ffc75c3efb76ad3b187c426188d07fd67e87fab7fa547922e6126d333bf14413f7db3f9893b9a1fdcc5737bef078e29c77083d71000cc7b524629dc5c6997d7fcabd513a51330747caead83bd5dc0e6324dcc682e25e46e92e96d7baa319db21789248a8deebae6186a052542de3ab205e343ffa1dea8b6acb2539840f4c8a6a4672a4ce4f3195fa74170413702932c15590151f33d37813311eb6f1c980e5348fd977bd2dee2c4b48b200165a364d340a8004bbd1e13e84dd360d83f9faded80073dce05a5af0f603b5d259031b2eb80e3c9d85b920c549b6aaecd030c915cbff85d55254a7b23aea3d9686359dc468f9dacff42e3507f6d65387e4bcee1872e2e28dde08a0e35b42f863f1cad6af4fb17867e83cb2e8a71284fa7d824d171833e68e6eccca65f5ad0bf0180f806f5c2ee8ee03019eb415db8886c914398d38f53f94ced8820d470cf622838e8d71968e642dc06081a0701171212644e97ba65c7cd3314d540586b6988efa7c948d9bea858077964d70816cc9f2c91a4a11cd01afb0b7e75d1f3d45bd2a9578e2caf5047605a7439b168052301fa1156cc8dfc04c6efcf5f8c69e3140791b271e7c2f4ee72abaf7f11f10520887565f4891fada45a45144e2d5a48c5fd14bd65acf16c651f6f43a8dd8572080a0715676f0a204fd5ee4589fc2362c3b4c7883251f778d5797577a4b0c147a5c2b5c85f5458403631144a2be8185f5b6a95cfa802d39b918098bd72aad1eafc244305ec2e1eced18a4cfe98e53718db2d8c410fdd7fc795811886aec1894a1c6b93144cf1110ac9bfc97c23aca5fa80f87415b65dd7d89a3290f1838431e83547bcc4ddc62616ddaa319370dbcb8fc53d2aa06b4bffa3e5734dd85c686fb9923cbcaebc0a875772a2e2421484b3ce8a478f331fcd698d54f10b0b4af1233afd372f12ee65285b265a056da4ae2d17b2a7bf57d13cfedbc96cf415b3cd1f52518fb1c25024ff4c1978009a6966295b0a45ca539fa78e02f1a4fb23bd05d90c9b5e3d09860c505896b104635d0885c6e24a410aa993846322a1c92b7d0a2f354d32d15f96869af40f514c535968654d67a628582d3295014182ee335d1435ebbf34a9357d9582dbd960863e6d810b0d4821b575b7d7ae0298aae6de0aed81a1c6a83098d26c9d7725eba66201d1702c2384ceecf09381afb7c901adcda2190a32fe4343f63e8c060077131b00b938606e74636a2fd1c23e9d5b2efdc2fb4cf4df6c164e71ddce3e0bcb60197fbbc33f7994bcb4b5b1cc75e652d2fb2e55e16c57f6d9d3cbf35cbc87a0df942c1f62f29c266f17ea08ce0f9d03610d87acb04529c50b0def8ca2c6a8fc80ca560b3988db40377b0b29e3a8a420f26471727df5fb36d66ef5bb77a8fefd2271f4b1d934df44b6cb35365d98b8f1263e15c60da9c8dd5b97d6368f8829117028b8e6ed433cdfe44347597b8867bb00cc644b6d85d6dd0c1ce24de03a5b86963d61b85cfbe8d4f10fe16e01e8fa49a32f1cf2f4141750361ce4c1f8fed786ef6fdb2d4f44568d3163eacae473f19a634a13c31915efd94d2e4149d3b7e0cc142c96e5017575c8ceeb46c9da1d86993485c6d1a33485b2794f984da094c8e95ac7e3fa1328216bae252cf1a464bf24520edb0806dfab0ca809a6c7bc9634afcff5a7d34f6164cb0b9030a3cbf7ee179163195d07973959ea4cde101eabb9cf97d2e8533c758254657759ef308839f5d5dd33c5c5ccc597eff3869281554a876306e92540073d8b6af63c5e49cb9a09086d6317ebd76c0e57a4315d9183f2bd5fcbec43ddc05187352dd4d51258f51e2723f6d7393fd3eea2356746a5940167556a328ea778cba030abc37150d1de56a954423ac5f75a26de781b32c7989afeac0137a1b8d75e595ae0b069241a9fa0b26c7a0a639d7627edc8e985bef3c43dedbdb3791080bc18317b60d64a1439cfff7241cbd1c1a91efd4b81c9a5b37e0dd7a107d2dfec563a2830274750383eafc864b4649bd9d052048192ca68c94f668653df4b3529647af8999c27767360355d9c98c1de8260a80f02cebda9cc6e0232921c51bd760b9dc3191da04ebc07e8cc59ce35471be298a3d654272d3c539a0f5498f6053e60814ca4a5530767a81c83915ccb9297fe175e36e9991bd06b799e348cc50a87fddb2641adff6d2e8654cbe7789c8807855c9524b9779bba5576e97e2f2f5f157f0b69ad5e4bee4ab5f4cbc7dcb084a3afa10f26673a194ece01c79e051c6fa53c10f213ae79ca7f89c03dc2c7444b80b4b9f1301640f24e2b0fc96a53684e9f7c5b6b3421650e25afc50a520921fee65dc83414c84010a69ad00d602a9ec6ba969b2edfba82b19ffc213cf393fbe6f63c8c570df21f4527bf2d1ea39204a9f26701b5ef4b763d5a64b3b09a16f8612402b1a839e370df573f7462f3819937534b2e9455cca9db3065a387f963c086432885ec5b67bd3417a662afb053e15d698791bed0c8f98cec60a6a8ea5c9ed6b04b098bf26b61ea3c1677122b65ab2df6630aa78fdab5910ae8fdddb792935d44e1e8270552cbab27fd1d27b33ab4120b5bead4ee13eaffd5b02a531c44f5fb24ad6efef03fdfa038d118fbb5ed1db8c12e19974c85b006b457d76e2ab6f0f3dbb393b524713ffcbc3de88c2906a5049c08e9e6c5062899e76d5333bf418da7228d1f90d37ac7f9108d052f3de1b099c9878e74f8851812effc4425509bf09620e174134a11811a4b9ea92373954cd34450966c08761739e4c8719a98adf6a1201a54c99f750a6a02985270641327791d3c342c09102d8419263fe6a3be535be0724979151e715c593e3d458ecb43acdd7d51b514a2b7f673c66ec76414efbb2ebb8c12509a30c3dc53e7f9873591c83a2a43a3281ae1d54a717314aaec432e8d9e720c764d8482ff0c1a8ffa09500a69e1a40145a6a188b30fca77f5e982cff5a3fec129164126536fbf7eeb1349345ca6f913a4434746495555aa57807fb5b6d88d5081e6a080712ef60cfbf0c078f1b6dad56224de6e831109cf04c68eac8af89d0ea03da2e3ee5d56d263eea1a2262df7ccef1e6911af0459cc0bed6554486b96b5db339f66e1f1c4e22a6c0b95d231d387c1c3db01a40cdb6beab8e0cc88fe41c78348686565f491dcee00fc951e7b8588eb05833019c7a2a57985120dd7e67148f54921d41ee933a01142850df17ca0283497d011597b7a31d88ab13ae969d45ea834e7dfb5a1e5115a68bee1222f717c5dc7d78b278f0382108096b6cbebd37c8698f93914bed4679544239679bc32c8d81f28b5e8a39314f3ba909332eece006903dbb92e16bf7acbd646eb568662ce8922a22e87f917a9db8aeafa7f6532ec7e052d835dc167801003ad7519c1801d2a3777aa686f0bad9e8f4d0559d9dedf272ed0056ca138bd0ab8d9990775cd8b228b3c779319b0731658eac650952ce70ccfbfa1e3c8ff0eba29a627836203e33a8b3953beb960ef981b60e64966e6f8f901c0983e8c9805718fbd7cd572e507ceace24fd3b928511d7ba71e223e0c5803b2fe93bd1ef6df862a1fdc95655a6acd0d5c10d0630f833c01d8a6ee658fea39b5b21baf029eedc7255df68a80d6ddd4bf6dcca7273b7ebf500adefb76f911f16731d9237a00689638fab4f3ff18dc8db41d135f54a57826e99f0408c23648e7497b81f325e822df36676d1083a4e2a220f94e7f9cdd238fba9175a7e398b369bae57f816ef39fdf6c532425c2095b0760da77f5d1d5126c53313b148bcdf66aaeb977b683fe05b6ef99b6e6fedb2485c9b6841536182ea68c88ce3d0637f6a163b18fe753979c875f8c476d4aa8d02b541508f73873578e39de5d0011b285c9db0bab81b4c55bdf5994519d233c481cd86f44a9475c9dcc003c4775728086447090d0ad298b8b3fbf1ece4c1a0afb776dc3ae9816eb02cdec7e67482b1a359d6c743e02954539f04796aad8c2ed51ae15b656288b6e89a6a8f1e6f4cc4859253d24d3c139032a7ebce5295981ffe51674974ba0c61f79eda846d19b65470d26ae883cfc93f4b6baabf69080a9eb6adfb75bd4fc6d57c1ad907050d6e5e24c168affafef65ae378c4d9cb3a4185ff67a40450d0e85f0042075231e10f83f8ff30199ef36ca386b5690eaabf74754a6159363a11a4a97f1c04682cca5b4fe44276182e59ad4b1e305ed78df549fd5c11944923888fffd732771590bada03727d658d773ca5eb8835a3caff71e802fdcbc4085741a8d6264ea2d5eee2a7c036477eddddbe5e2046656a59a43bd43fea31181e724e95d9da1e42a866e63780116cb360fa7769824a62b731301ca4b0f55c1d7c033f76284de55502ee011bebae7526fadf5e3c091df186325c758dad31606078df78ce98a21a526da086766d903971508546997a5a5a30d85db37f5cf151b82bf599f0b1730b79252e5f60f94241f92d20ad79a5b1ee60b86fbd1adc2b60b8457a7d72be36d87962b982a9e29505dab1a69870eed863c1a2a171d28d4cc431014f943dc425e54f594f36d2d8f3bef911457c7036d762828b392504997a16521af028277f7409e97621fc2ed523e7cfec313a77c9fdce07a967eceb6fb3e87b1d0cd449f7025d78c77c383eb76998b76b73cf81993185384e445ec06a0892d2d71f312fe11abf3de74d74af439a007c310cf7781fa25017171f3b90c482c6be13f06dfe9efb3df0ad013137cd1d830cd8241e8bcbd6337e9a1cc044d07d7bfc2b3573c405e5ee054ab9b39d960188696d83a211875cae0c4f5"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000045c0)={0x0, ""/256, <r13=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f00000047c0)={0x0, ""/256, 0x0, <r14=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r4, 0xd000943d, &(0x7f000007ae80)={0x2, [{r9, r8}, {r10, r11}, {r12, r8}, {r13, r14}, {r6, r8}, {r6}, {r7, r8}, {r7}, {r9, r8}, {r9}, {0x0, r8}, {r6, r8}, {}, {r9, r8}, {}, {r6, r8}, {r6, r8}, {}, {0x0, r8}, {r7, r8}, {0x0, r8}, {r9}, {r9, r8}, {}, {}, {}, {r6, r8}, {}, {r9, r8}, {}, {0x0, r8}, {}, {0x0, r8}, {}, {r7}, {0x0, r8}, {r6}, {r6, r8}, {r7}, {}, {0x0, r8}, {r6}, {r9, r8}, {r7}, {r6}, {r7, r8}, {r7, r8}, {r6, r8}, {r9}, {0x0, r8}, {0x0, r8}, {r9}, {r6, r8}, {}, {r6, r8}, {r7, r8}, {}, {r9}, {}, {r7}, {r7}, {0x0, r8}, {}, {r7, r8}, {0x0, r8}, {0x0, r8}, {}, {r6}, {r6, r8}, {r9, r8}, {}, {r7}, {}, {}, {r6}, {r9, r8}, {0x0, r8}, {0x0, r8}, {r7, r8}, {0x0, r8}, {r7}, {r6, r8}, {}, {r7, r8}, {0x0, r8}, {0x0, r8}, {0x0, r8}, {r7}, {r9, r8}, {r9, r8}, {}, {}, {}, {r9}, {r6, r8}, {r6, r8}, {0x0, r8}, {r7}, {}, {r9, r8}, {}, {r9, r8}, {0x0, r8}, {r7, r8}, {r6}, {r6}, {r6, r8}, {0x0, r8}, {}, {r6}, {0x0, r8}, {r9, r8}, {r7, r8}, {r6}, {r9, r8}, {r7}, {r9, r8}, {}, {r9}, {r7}, {}, {r9}, {r7}, {r7, r8}, {}, {}, {r9, r8}, {}, {}, {r6, r8}, {0x0, r8}, {r7}, {r6, r8}, {r7, r8}, {0x0, r8}, {r9}, {r6, r8}, {r9}, {r7, r8}, {r6}, {r9, r8}, {0x0, r8}, {r7, r8}, {r6, r8}, {r6}, {r7}, {r7, r8}, {r6, r8}, {r7, r8}, {0x0, r8}, {0x0, r8}, {}, {0x0, r8}, {r7, r8}, {r7, r8}, {}, {r6, r8}, {r9, r8}, {r7}, {r9}, {0x0, r8}, {r6, r8}, {0x0, r8}, {r9, r8}, {0x0, r8}, {}, {r6, r8}, {0x0, r8}, {r6, r8}, {r7, r8}, {r7}, {r9, r8}, {0x0, r8}, {0x0, r8}, {r9}, {r7}, {}, {0x0, r8}, {}, {0x0, r8}, {0x0, r8}, {0x0, r8}, {0x0, r8}, {r6}, {r7, r8}, {r9, r8}, {r6, r8}, {0x0, r8}, {r6, r8}, {r7, r8}, {r9, r8}, {r7, r8}, {r9}, {r9}, {r9, r8}, {r6, r8}, {r9, r8}, {}, {}, {r9}, {0x0, r8}, {r7, r8}, {r7, r8}, {r9, r8}, {r9, r8}, {}, {r9}, {r7}, {}, {r6, r8}, {0x0, r8}, {r9, r8}, {r6, r8}, {r7}, {r7, r8}, {r7, r8}, {}, {r7, r8}, {r7, r8}, {r9, r8}, {r6, r8}, {r9, r8}, {}, {r9, r8}, {r7, r8}, {0x0, r8}, {r9, r8}, {r6}, {r7, r8}, {r6, r8}, {}, {}, {0x0, r8}, {r6, r8}, {r6}, {r6}, {0x0, r8}, {r9}, {0x0, r8}, {0x0, r8}, {}, {r6}, {r7}, {}, {0x0, r8}, {r7, r8}, {0x0, r8}, {r6, r8}, {}, {r9}, {r7, r8}, {r7, r8}, {0x0, r8}, {r7}, {r9, r8}], 0xa2, "8fa9f0bf5e7384"})

[  102.006024] ==================================================================
[  102.007386] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0
[  102.008586] Read of size 2 at addr ffff88800d8f53f8 by task kworker/u11:1/293
[  102.015611] 
[  102.015937] CPU: 1 UID: 0 PID: 293 Comm: kworker/u11:1 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) 
[  102.015971] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  102.015987] Workqueue: hci1 hci_cmd_work
[  102.016021] Call Trace:
[  102.016030]  <TASK>
[  102.016040]  dump_stack_lvl+0xca/0x120
[  102.016072]  print_report+0xcb/0x610
[  102.016105]  ? __virt_addr_valid+0x100/0x5d0
[  102.016134]  ? hci_cmd_work+0x66d/0x6d0
[  102.016166]  ? hci_cmd_work+0x66d/0x6d0
[  102.016198]  kasan_report+0xca/0x100
[  102.016230]  ? hci_cmd_work+0x66d/0x6d0
[  102.016266]  hci_cmd_work+0x66d/0x6d0
[  102.016299]  process_one_work+0x8e1/0x19c0
[  102.016342]  ? __pfx_process_one_work+0x10/0x10
[  102.016377]  ? rcuwait_wake_up+0x27/0x290
[  102.016412]  ? move_linked_works+0x172/0x270
[  102.016440]  ? assign_work+0x196/0x240
[  102.016475]  worker_thread+0x67e/0xe90
[  102.016511]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  102.016541]  ? __pfx_worker_thread+0x10/0x10
[  102.016577]  kthread+0x3c8/0x740
[  102.016609]  ? __pfx_kthread+0x10/0x10
[  102.016641]  ? ret_from_fork+0x79/0x7a0
[  102.016665]  ? lock_release+0xc8/0x290
[  102.016704]  ? __pfx_kthread+0x10/0x10
[  102.016737]  ret_from_fork+0x67a/0x7a0
[  102.016761]  ? __pfx_ret_from_fork+0x10/0x10
[  102.016787]  ? __switch_to+0x759/0x1060
[  102.016822]  ? __pfx_kthread+0x10/0x10
[  102.016854]  ret_from_fork_asm+0x1a/0x30
[  102.016896]  </TASK>
[  102.016904] 
[  102.040182] Allocated by task 292:
[  102.040797]  kasan_save_stack+0x24/0x50
[  102.041487]  kasan_save_track+0x14/0x30
[  102.042175]  __kasan_slab_alloc+0x59/0x70
[  102.042901]  kmem_cache_alloc_node_noprof+0x228/0x6b0
[  102.043799]  __alloc_skb+0x2ab/0x370
[  102.044461]  hci_cmd_sync_alloc+0x34/0x300
[  102.045197]  __hci_cmd_sync_sk+0xf7/0x5c0
[  102.045923]  __hci_cmd_sync_status_sk+0x4d/0x1a0
[  102.046760]  hci_dev_open_sync+0x10ef/0x1f60
[  102.047545]  hci_power_on+0xdb/0x5d0
[  102.048222]  process_one_work+0x8e1/0x19c0
[  102.048971]  worker_thread+0x67e/0xe90
[  102.049670]  kthread+0x3c8/0x740
[  102.050271]  ret_from_fork+0x67a/0x7a0
[  102.050964]  ret_from_fork_asm+0x1a/0x30
[  102.051690] 
[  102.052001] Freed by task 295:
[  102.052558]  kasan_save_stack+0x24/0x50
[  102.053269]  kasan_save_track+0x14/0x30
[  102.053965]  kasan_save_free_info+0x3a/0x60
[  102.054729]  __kasan_slab_free+0x43/0x70
[  102.055467]  kmem_cache_free+0x26f/0x500
[  102.056174]  kfree_skbmem+0x18a/0x1f0
[  102.056861]  sk_skb_reason_drop+0x10e/0x1b0
[  102.057628]  vhci_read+0x3d5/0x5d0
[  102.058263]  vfs_read+0x1eb/0xc70
[  102.058880]  ksys_read+0x121/0x240
[  102.059518]  do_syscall_64+0xbf/0x430
[  102.060204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.061114] 
[  102.061421] The buggy address belongs to the object at ffff88800d8f53c0
[  102.061421]  which belongs to the cache skbuff_head_cache of size 232
[  102.063620] The buggy address is located 56 bytes inside of
[  102.063620]  freed 232-byte region [ffff88800d8f53c0, ffff88800d8f54a8)
[  102.065673] 
[  102.065989] The buggy address belongs to the physical page:
[  102.066952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd8f5
[  102.068312] memcg:ffff88800d2c1381
[  102.068919] anon flags: 0x100000000000000(node=0|zone=1)
[  102.069860] page_type: f5(slab)
[  102.070444] raw: 0100000000000000 ffff8880096c78c0 ffffea0000375a80 0000000000000007
[  102.071796] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff88800d2c1381
[  102.073129] page dumped because: kasan: bad access detected
[  102.074097] 
[  102.074408] Memory state around the buggy address:
[  102.075257]  ffff88800d8f5280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  102.076441]  ffff88800d8f5300: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[  102.077484] >ffff88800d8f5380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  102.078517]                                                                 ^
[  102.079550]  ffff88800d8f5400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  102.080593]  ffff88800d8f5480: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[  102.081622] ==================================================================
[  102.082853] Disabling lock debugging due to kernel taint
[  102.086955] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  102.089564] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.094300] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.094960] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  102.096394] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.097994] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  102.104556] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  102.105898] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.109961] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  102.109994] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.142885] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  102.144911] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  102.146650] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  102.149109] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  102.150860] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  102.159081] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  102.169268] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  102.171856] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  102.175515] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  102.181508] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  102.194635] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  102.208862] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  102.211061] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  102.228326] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  102.238390] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  102.241448] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  102.254560] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  102.255828] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  102.257617] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  102.259702] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  102.262829] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  102.271151] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  102.276968] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  102.281499] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  102.282782] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  102.322755] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  102.332306] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  102.353785] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  102.360464] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  102.366059] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  104.165212] Bluetooth: hci0: command tx timeout
[  104.165660] Bluetooth: hci1: command tx timeout
[  104.230289] Bluetooth: hci3: command tx timeout
[  104.230715] Bluetooth: hci2: command tx timeout
[  104.293211] Bluetooth: hci5: command tx timeout
[  104.293630] Bluetooth: hci4: command tx timeout
[  104.358199] Bluetooth: hci6: command tx timeout
[  104.486268] Bluetooth: hci7: command tx timeout
[  106.213338] Bluetooth: hci1: command tx timeout
[  106.213806] Bluetooth: hci0: command tx timeout
[  106.278188] Bluetooth: hci2: command tx timeout
[  106.278606] Bluetooth: hci3: command tx timeout
[  106.342232] Bluetooth: hci4: command tx timeout
[  106.342653] Bluetooth: hci5: command tx timeout
[  106.405276] Bluetooth: hci6: command tx timeout
[  106.534204] Bluetooth: hci7: command tx timeout
[  108.262236] Bluetooth: hci0: command tx timeout
[  108.262683] Bluetooth: hci1: command tx timeout
[  108.326618] Bluetooth: hci3: command tx timeout
[  108.327026] Bluetooth: hci2: command tx timeout
[  108.391640] Bluetooth: hci4: command tx timeout
[  108.392054] Bluetooth: hci5: command tx timeout
[  108.454238] Bluetooth: hci6: command tx timeout
[  108.582188] Bluetooth: hci7: command tx timeout
[  110.309197] Bluetooth: hci1: command tx timeout
[  110.309640] Bluetooth: hci0: command tx timeout
[  110.373907] Bluetooth: hci2: command tx timeout
[  110.374489] Bluetooth: hci3: command tx timeout
[  110.437254] Bluetooth: hci5: command tx timeout
[  110.437650] Bluetooth: hci4: command tx timeout
[  110.501228] Bluetooth: hci6: command tx timeout
[  110.629300] Bluetooth: hci7: command tx timeout

VM DIAGNOSIS:
00:29:04  Registers:
info registers vcpu 0
RAX=0000000000000005 RBX=0000000000000200 RCX=ffffffff87d14028 RDX=0000000000000008
RSI=ffff88801567de10 RDI=ffff88801567d340 RBP=ffff88801567d340 RSP=ffff888016607488
R8 =0000000000000000 R9 =0000000000000005 R10=0000000000000001 R11=0000000000000000
R12=0000000000000009 R13=0000000000000003 R14=ffff88801567de10 R15=0000000000000004
RIP=ffffffff815271da RFL=00000007 [-----PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f295cf018c0 00000000 00000000
GS =0000 ffff8880e538f000 00000000 00000000
LDT=0000 fffffe3d00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fca6f019134 CR3=000000000bd7f000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000004148fdb38dc7b552 XMM01=00000000000000003f847ae147ae147b
XMM02=00000000000000000000000000000000 XMM03=00000000000000003f7411e34f4ab6ba
XMM04=00000000000000003fc21a4bf968642c XMM05=000000c000a9bad0000000c000a9b950
XMM06=00000000000000003fd3333333333333 XMM07=00000000000000003fd00f85e6e0b0f6
XMM08=00000000000000003fd7ae6f23ac3668 XMM09=00000000000000003fb1ecefc1e40cd4
XMM10=00000000000000003fc999999999999a XMM11=000000c000a9bbf0000000c000a9b680
XMM12=000000c0044a1ca0000000c0044a10e0 XMM13=000000c004534ea0000000c0045345a0
XMM14=000000c0045d9c60000000c0045d8360 XMM15=000000c000a9af60000000c000a9d7a0
info registers vcpu 1
RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8293dd05 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff88801997f618
R8 =0000000000000000 R9 =ffffed100152f046 R10=0000000000000031 R11=6430303838386652
R12=0000000000000031 R13=0000000000000010 R14=ffffffff88974780 R15=ffffffff8293dcf0
RIP=ffffffff8293dd5d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e548f000 00000000 00000000
LDT=0000 fffffe2800000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f137ac67070 CR3=000000001d89f000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f137ad2a7c000007f137ad2a7c8
XMM02=00007f137ad2a7e000007f137ad2a7c0 XMM03=00007f137ad2a7c800007f137ad2a7c0
XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000