Warning: Permanently added '[localhost]:37674' (ECDSA) to the list of known hosts.
2025/11/16 08:29:11 fuzzer started
2025/11/16 08:29:12 dialing manager at localhost:37161
syzkaller login: [   59.533509] cgroup: Unknown subsys name 'net'
[   59.610058] cgroup: Unknown subsys name 'cpuset'
[   59.624171] cgroup: Unknown subsys name 'rlimit'
2025/11/16 08:29:23 syscalls: 221
2025/11/16 08:29:23 code coverage: enabled
2025/11/16 08:29:23 comparison tracing: enabled
2025/11/16 08:29:23 extra coverage: enabled
2025/11/16 08:29:23 setuid sandbox: enabled
2025/11/16 08:29:23 namespace sandbox: enabled
2025/11/16 08:29:23 Android sandbox: enabled
2025/11/16 08:29:23 fault injection: enabled
2025/11/16 08:29:23 leak checking: enabled
2025/11/16 08:29:23 net packet injection: enabled
2025/11/16 08:29:23 net device setup: enabled
2025/11/16 08:29:23 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/11/16 08:29:23 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/11/16 08:29:23 USB emulation: enabled
2025/11/16 08:29:23 hci packet injection: enabled
2025/11/16 08:29:23 wifi device emulation: enabled
2025/11/16 08:29:23 802.15.4 emulation: enabled
2025/11/16 08:29:23 fetching corpus: 0, signal 0/0 (executing program)
2025/11/16 08:29:24 starting 8 fuzzer processes
08:29:24 executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/handlers\x00', 0x0, 0x0)
io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3, r0, &(0x7f0000000040)="6e72b373f454f7f825bd6f946641cf3bfb23ad4c67781f7918ce679fac7523962f003468b1d3cc47581f75dac5fdaf259653360b6c4166e82244c2371aee001126174ad73f08be08a19f8438375b6a59e1a23b891aea37d60dff4f06af3fe77989c8650583b6b4f308a86072f463c14f3a8c1f1a41813acc449ed163579c5f771b0e2d3114dc9b44a166e0ddf6809195b71c9cfcb79f055e82b30ce19bf4bb66e2d3d645bbd4396d8bde82f11b8c136414f4a7c4", 0xb4, 0x4, 0x0, 0x1}, &(0x7f0000000140))
ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f00000002c0)={"95648bae3278465ced40e201", &(0x7f0000000180)="919655bab32a6cb5ddb45a0b6f486c4264ac7dd7dc873f14578c594e186c7917867a0ff1a9ee55afadce81b8444696d8e36a7239322bfe40029a0c566241004d6173a6595387bd529a6ecbadb83098efcda98004d7ae1fc94c3ae22878827d9f6729249355c618f4a884474c5b5bb66844a4f1aa2ac44b09bff2678ddb5b5ccf312b843c48fe9802834951a2ebc5ac643d320ad5d1a5bb204887df88", 0x9c, 0x9, &(0x7f0000000240)={0x5b, 0x0, 0x20, 0x5, 0x0, 0x0, 0x0, "4b3fbbfd", 0x2, "47c4bbf0", 0x7, 0x4, 0x9, "6fd18c", "67115816b040c24c981a88c0d7fc52173d4a706a3e1a76f6eb29c92e06afd2fcbb89f323702195eb311cb01cdaa2"}, 0x2, 0x1, 0x9e, &(0x7f0000000280)})
r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0)
io_cancel(0x0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x5, 0x1e8, r1, &(0x7f0000000340)="da99f3a23c716b16", 0x8, 0x200, 0x0, 0x3, r0}, &(0x7f00000003c0))
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000400)={0x3f, 0x10000, 0xfffffff9, 0x4, 0x4}, 0x14)
ioctl$HIDIOCGUSAGES(r0, 0xd01c4813, &(0x7f0000000440)={{0x1, 0x100, 0x2, 0x2, 0xfffffff9, 0x1}, 0x9c, [0x3, 0x81, 0x1, 0x5, 0x26, 0xffff, 0x4, 0x61, 0x8, 0x7ff, 0x10001, 0x8, 0x1bf1, 0x56, 0x6, 0x40, 0x7, 0x6, 0x1, 0x9, 0x2ee, 0x5, 0x1, 0x4, 0x1, 0x1, 0x2, 0x6, 0xb41f, 0x100, 0x791, 0x8, 0x6, 0x8, 0x81, 0x9, 0x50000, 0xa4, 0x2, 0x9, 0x2, 0x1ff, 0x1, 0x1, 0x6e, 0x1754, 0x3, 0x5d, 0xfffffffd, 0x0, 0x94, 0x2, 0x3, 0x9, 0x10000, 0x9, 0x4, 0x4, 0x101, 0x101, 0xa1940421, 0x30, 0x8, 0x7f, 0x6, 0x5f1d, 0x572f, 0x4, 0x6, 0x7, 0x5, 0x25d9, 0x10001, 0x5, 0x8001, 0x5, 0x800, 0x6, 0x666, 0x8, 0x3, 0x3, 0xfd9, 0x10001, 0x298, 0x2000000, 0x20, 0x80, 0x2, 0x40000000, 0x5, 0x2, 0x7, 0x401, 0x0, 0x9, 0x7fff, 0x9, 0x80000000, 0xb96b, 0x7, 0x80, 0x1ff, 0x3, 0x1f, 0xfb53, 0xff, 0x2, 0x6, 0x7f, 0xfffff000, 0x7ff, 0x8000, 0x576307b2, 0x81, 0xf47, 0x20, 0x200, 0x6, 0x3, 0xfffffffb, 0xfffffff9, 0x2, 0x46, 0x3, 0x3, 0x5, 0x85, 0x4, 0x8001, 0x1f, 0x3ff, 0xef1, 0x3f, 0x4527, 0x7, 0x7, 0x1, 0x1ff, 0x3, 0x5, 0x1, 0x5, 0x8, 0x200, 0x8, 0x8, 0x8, 0x8, 0x3, 0x800, 0x3, 0x9, 0x4, 0x8, 0x1, 0x7ff, 0x2, 0x2, 0xb0c, 0x0, 0xff, 0x7, 0x2, 0x80000001, 0x401, 0xfff, 0x0, 0xda, 0x1f, 0x100, 0x75, 0x1, 0x2, 0x3, 0x8, 0x5, 0x800, 0x8, 0x3, 0x5, 0x1000, 0x9, 0xeb, 0x0, 0x7, 0x20, 0x1000, 0x5, 0xc00a202, 0x2, 0xec6, 0x200, 0x9, 0x7, 0x1e1, 0xb5, 0xf654, 0x800, 0xffffff6d, 0x40, 0x1000, 0x7ff, 0x7, 0x6, 0x3, 0x9, 0x0, 0x400, 0x4, 0x800, 0x8, 0x100, 0x10000, 0x590a, 0x1, 0x3, 0xe05, 0x4, 0xec, 0x8, 0x9, 0xfff, 0x9, 0x87c, 0x0, 0x5, 0x87, 0x3f, 0x1, 0x70, 0x80000000, 0x3ff, 0x8b9, 0x2, 0x7, 0xaf, 0x1, 0x74, 0x3, 0x3, 0x3, 0x5, 0x3, 0x7fffffff, 0x8000, 0x6, 0x9, 0x2f, 0x0, 0x0, 0x3, 0x5, 0x5, 0x89, 0x8, 0x80, 0xfffffff9, 0x4, 0x8, 0xfffffe01, 0x7, 0x5, 0x2, 0x9, 0xf50, 0x401, 0x3, 0x0, 0x4, 0x2, 0x81, 0xffffffff, 0x1, 0x40, 0xffffffff, 0x7fff, 0xffff, 0x0, 0x8, 0xde, 0xa2, 0x5, 0x1000, 0xfffffffc, 0xffffffff, 0x5, 0xdc40, 0x36a, 0xb761, 0x2, 0x1ff, 0x7f, 0x9, 0x80, 0x0, 0x3f, 0x9, 0x3, 0x101, 0x8, 0x77bb, 0x6, 0x0, 0x4, 0x79, 0x8, 0x5, 0x2, 0x1ff, 0xffffffff, 0xffff, 0x7fe7, 0x9b87, 0x8000, 0x5, 0x81, 0x7, 0x2, 0x5, 0x2, 0x10001, 0x7, 0x8, 0x9, 0x43f, 0x9, 0x4, 0x9e79, 0x5, 0x3, 0x0, 0x10001, 0x2, 0xfc00, 0x7, 0x401, 0x3f, 0x10000, 0x8, 0x1, 0x7, 0x1, 0x3, 0x3, 0x1b5, 0x5, 0x8000, 0x35a141f7, 0xfffffe00, 0x7, 0xbc0, 0x5, 0x40, 0x3ff, 0x5, 0x81f4, 0x9, 0x200, 0x6, 0x2, 0xa30c, 0xe847, 0x7, 0x5, 0x4, 0x6, 0x2, 0x7, 0x1409, 0x125, 0xcd46, 0x9, 0x5, 0xffff, 0x401, 0x8, 0x12, 0x40, 0xfce7, 0x6, 0xfff, 0xe473, 0x1, 0x1, 0x7, 0x7fff, 0x2, 0x1, 0x8000, 0xffff7fff, 0xa7, 0x7, 0x1ff, 0x9c, 0x3, 0x6, 0x6, 0x10001, 0x3, 0x800, 0x3, 0x2, 0x85, 0x1, 0x6, 0x3, 0x100, 0x8000, 0x400, 0x2f67, 0x5, 0xfffffffb, 0x1, 0x80000000, 0x7, 0x3, 0xf81, 0x8, 0x0, 0x2, 0x80000001, 0x2, 0x10000, 0x401, 0x6, 0x101, 0x7fff, 0xcf7e, 0x1f, 0x10001, 0x0, 0x4, 0x0, 0x10001, 0x8, 0x10001, 0xc4a, 0x4589, 0x5, 0x100, 0x2000000, 0x1000, 0x3, 0x401, 0x3c1c, 0x101, 0x1000, 0x8001, 0x4, 0x6, 0x3, 0x3260, 0x4, 0x2, 0xcea, 0x6, 0x763, 0x100, 0xc9, 0x7, 0x4, 0x0, 0x4, 0x3, 0x0, 0x2, 0x3f, 0x7, 0x4, 0x5abf, 0x8, 0x80000001, 0x8928, 0x3, 0x1f, 0xffff, 0x7f, 0x2, 0x8, 0x2, 0x2, 0x20, 0x8, 0xd3d5, 0x0, 0x6, 0x918, 0x1, 0x1fc00000, 0x0, 0x2, 0x7fffffff, 0x9, 0x7c52cb41, 0x9, 0x401, 0x10001, 0x7, 0x0, 0x8000, 0xfffffffc, 0x3ff, 0x4, 0x7, 0x3ff, 0x9, 0x6, 0xffff, 0x0, 0x80000001, 0x0, 0x0, 0x2, 0x9, 0x5, 0x9, 0x1ff, 0x3, 0x1, 0x8, 0x5, 0x1, 0x80, 0x2, 0xfff, 0x7, 0x6, 0x3, 0xfffffffd, 0xffffffff, 0x1, 0xfff, 0x65e3, 0x7, 0x0, 0x3, 0x9, 0x7fffffff, 0x9, 0x0, 0x6, 0x4, 0x7fffffff, 0x5, 0x3ff, 0xffffffff, 0xe0000000, 0x6, 0x8, 0x3, 0x7fffffff, 0x100, 0xf4, 0x75, 0x1f, 0x3, 0x5, 0x7, 0x5, 0x3, 0x9, 0x84, 0x10001, 0xdf75, 0xffffff5b, 0x4, 0x0, 0x1, 0x2e, 0x8, 0x0, 0x8, 0xfffffffa, 0x1, 0x30000, 0x8, 0x2, 0x8000, 0x3, 0x6, 0xdd, 0x800, 0x6, 0x3, 0x20, 0x2e0, 0x5, 0x3, 0x5e, 0x7, 0x7, 0x40000000, 0x1, 0x1000, 0x1, 0x10001, 0x400, 0x6, 0x6, 0x5, 0x6, 0x7, 0x6, 0x8, 0x8, 0x4, 0x6, 0x9, 0x1, 0x80, 0x3ae, 0x1, 0x80000001, 0x7, 0x40, 0x5, 0x401, 0x0, 0x2, 0xfffffff7, 0x2, 0xfffffffb, 0x8, 0x7f, 0x4bcb, 0x1, 0x80, 0x4, 0x6, 0x8, 0x1000, 0x101, 0x6, 0x101, 0x100, 0x1, 0x4, 0x0, 0x9d6, 0x2, 0x10000, 0x5, 0x5, 0x80, 0x101, 0x0, 0x7fffffff, 0x10001, 0x4cc, 0xdc57, 0x6, 0xfffff800, 0x10001, 0x8, 0xa505, 0x0, 0x10000, 0x1, 0x1f, 0x400, 0x1, 0x4, 0x8, 0x9, 0x80000000, 0x6, 0x20, 0x8, 0x1, 0x3f, 0x3, 0x1, 0x1000, 0xffffff00, 0x65, 0x3, 0x3, 0x9, 0x5, 0x120, 0xffffff7f, 0x179a, 0x9, 0x2, 0x8000, 0x7, 0x800, 0x7, 0xfffff801, 0x6, 0x4, 0x2c16, 0x6, 0xfffffc01, 0xf674, 0x400, 0x8, 0x1f, 0xdf, 0x9bfe, 0xf2, 0x1ff, 0x15c7, 0x0, 0x3, 0x3, 0xffffffff, 0x70, 0x100, 0x6, 0x1f, 0x3, 0x0, 0x3, 0xc60, 0x61f, 0x0, 0x1000, 0x778, 0x4, 0x5, 0x8, 0x6, 0xfffffff7, 0x2, 0x1, 0xfffffa07, 0x80000000, 0x9, 0xfffffffc, 0x4, 0xcba8, 0x1, 0x5, 0x800, 0x8, 0xffffffff, 0xfffffffd, 0x1, 0x0, 0x5e21, 0x7c4, 0x0, 0x6, 0x87, 0x7ff, 0x0, 0x6, 0x20, 0x2, 0x8001, 0x200, 0x3ff, 0x3f, 0x4, 0xdf, 0x8, 0x1b7e, 0xf0, 0x7, 0x200, 0x7674, 0xfb, 0xb2ae, 0x1f, 0xf4ce, 0x1eefb872, 0xed1e, 0xa7e, 0x8, 0x4, 0x1, 0x1, 0x3, 0x7, 0x200, 0x146, 0x8000, 0xe000000, 0xeb, 0x1, 0x6, 0x6815, 0xbf2, 0x8, 0x2, 0x9, 0x0, 0x8000, 0x5, 0x9, 0x1380, 0x9, 0x80000001, 0x7e, 0x80, 0x2fe, 0x5, 0x1, 0x1, 0x76, 0x5, 0x9, 0x81, 0x2, 0x50f, 0x800, 0x2, 0xffffffff, 0x0, 0x0, 0xfe, 0x91d, 0x77, 0x0, 0x800, 0x55c, 0x4561ee7c, 0x8, 0x7fff, 0x58, 0x2, 0x0, 0x3ff, 0xfffffffb, 0x5, 0x3, 0x3ff, 0x8, 0x600, 0x6, 0x3f80000, 0x10000, 0x8, 0x8001, 0x111, 0x81, 0x7, 0x3, 0x1ff, 0x10001, 0x2e, 0x81, 0x9, 0x3, 0x7, 0x5e, 0x400, 0x5, 0x0, 0x40000000, 0x8001, 0x8, 0x0, 0x7, 0x5, 0x6, 0x5, 0x81e, 0x4e10, 0x7ff, 0x9, 0x7, 0x80, 0x80000000, 0xffffff80, 0x6, 0x7e, 0x3, 0x414, 0x8, 0x2, 0x2, 0x1, 0x100, 0x4, 0x23aa, 0x6, 0x8, 0x40, 0x95b0, 0x81, 0x8, 0x18000, 0x0, 0x0, 0x80000001, 0x1, 0x9, 0x8, 0x7fff, 0x200, 0x3ff, 0x0, 0x0, 0xffff, 0x5, 0x7, 0x5, 0x7fffffff, 0x1, 0xfff, 0x10000, 0x3, 0x4, 0x6, 0x2, 0xfffeffff, 0x20, 0x1ff, 0x761, 0x0, 0x7, 0x800, 0x800, 0xb0, 0xf2, 0x200, 0x6, 0x400, 0xce1e, 0x330, 0x3, 0x1, 0xfffffff0, 0x3, 0x8, 0x7ff, 0x8, 0x9, 0x10001, 0x1703, 0x80, 0x6, 0x1, 0x6, 0x1000, 0x156cc841, 0x0, 0x5, 0x7f, 0x5, 0x2, 0x1ff, 0x3f, 0x2, 0x633, 0x0, 0x20, 0xfffffff9, 0x5d1, 0x84e, 0x3f, 0x3, 0x1, 0x4, 0xffffff7f, 0x72f, 0xffffffff, 0x7f, 0x1, 0x8000, 0x7, 0x0, 0xee, 0x330a, 0xc5, 0x0, 0x8, 0x7ff, 0x0, 0xfff, 0x81, 0x3, 0x4, 0x5, 0x4, 0x2, 0x23e7, 0x1f, 0x4, 0x2, 0x40, 0x7, 0x3, 0x7, 0x400, 0x5, 0x48d, 0xd3, 0x4fee, 0x4, 0x90a, 0x65, 0x1, 0xffff4c5c, 0x9, 0x2, 0x0, 0x0, 0x0, 0x8, 0xfff, 0x8, 0x3f, 0xcf, 0x1e9400, 0x13, 0x3, 0x0, 0xfffff712, 0x100, 0x9, 0x4, 0x4bc, 0x8000, 0x1, 0x5, 0xe1, 0x9, 0x2, 0x5, 0x128]})
ioctl$CDROMSTOP(r0, 0x5307)
ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000001480))
ioctl$CDROMGETSPINDOWN(0xffffffffffffffff, 0x531d, &(0x7f00000014c0))
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000001500)={0x1000, 0x80, 0xa8, 0xc92, 0x4}, 0x14)
r2 = geteuid()
getsockname(r0, &(0x7f0000001640)=@xdp={0x2c, 0x0, <r3=>0x0}, &(0x7f00000016c0)=0x80)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000001840)={&(0x7f0000001540)={0x10, 0x0, 0x0, 0xe21000}, 0xc, &(0x7f0000001800)={&(0x7f0000001700)=@updpolicy={0xcc, 0x19, 0x2, 0x70bd27, 0x25dfdbff, {{@in=@dev={0xac, 0x14, 0x14, 0x41}, @in6=@empty, 0x4e22, 0x0, 0x4e22, 0x6, 0xa, 0xa0, 0xa0, 0x3c, 0x0, r2}, {0xee31, 0x6, 0x41ac, 0xfffffffffffffffb, 0x1ff, 0xffffffffffff8000, 0xaf37, 0x200}, {0x5918, 0x8, 0x1000000, 0xfff}, 0x20, 0x2, 0x0, 0x0, 0x4}, [@offload={0xc, 0x1c, {r3, 0x1}}, @XFRMA_IF_ID={0x8}]}, 0xcc}, 0x1, 0x0, 0x0, 0xc000}, 0x20040084)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001880)='/proc/bus/input/handlers\x00', 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000018c0)={'vxcan1\x00'})
ioctl$CDROMSTOP(r4, 0x5307)
ioctl$CDROM_NEXT_WRITABLE(r4, 0x5394, &(0x7f0000001900))
ioctl$CDROMREADALL(r4, 0x5318, &(0x7f0000001940))
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)

08:29:24 executing program 1:
ioctl$CDROM_LAST_WRITTEN(0xffffffffffffffff, 0x5395, &(0x7f0000000000))
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0)
ioctl$CDROM_SET_OPTIONS(r0, 0x5320, 0x0)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x400, 0x70bd25, 0x100, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x21, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x100ca080)
r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$CDROMGETSPINDOWN(r1, 0x531d, &(0x7f00000001c0))
r2 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000200), 0x18000, 0x0)
ioctl$CDROM_SEND_PACKET(r2, 0x5393, &(0x7f00000012c0)={"73208733bf0d1c291c3e8655", &(0x7f0000000240)="6b350cb7e2db33205f0285c98cc3942efaea57925a399c80eaaaf8ad7c965d23eb5ffe42f3e675db4710a59ef6bc86e87c9ef6cbde3f0f30490461f6c13e5a346a9812d610cbee9cac9e3210ad66b106f921c0404d58bd7a77427a5395f998821b0842c4e90c0db6c63b8a7d6775fa700c9687eed0ba1e948034b13b1dcf7cc512da2e8f91e76d3cf1c1b42fd775e895ac4ff93c24ce5644a81bc4c9ff1d32138683512efdf312048b8fe4580d8182a8f32c0dc2a41026e55152abb920f995cfae9b4300a2f6ca7dbc14a0bd4f3838b06966412b0c81bb91dc5d18152cc16fc4d8ab210d667efd75b1e21de80b9c0da7a8e75366483534134765ad3a8c0fc40dd8222a024a66fa885d558ae181db8cb0c891cffe88a55ed6d8d64bff60d4f6765eb3507b862a7c2af9e3bba5ef4dba0a33598a8a608e078b49a76d42e8cdb8e6745b468d0e7d681dad76f9aaae9981f316b3cfb0abc04e55e4d077b57ccf27dab9feef09271c45b4b024f2d52592b156d1d4771293cda3a3fe67d2738c2ecf80cdb1c23dc4caba6d7b4e22642841f4958a5686c2f6d7ceccfb005ee80cc39e8f95fa3d9763e2cd65b8f882fd5c7f2dfaffff91cd3f9bd15995cfee8a6dea894ac3c37fbfa8c6c71770baff89aaa4125b6bf2e8c686b0fc1a496dc889c29c21637af1fa72b3f4732ae3e0ded70ab32b0e1f023a2dd469f1df50dab6ecbf63fa3d25c0e9f856c7d01bc4e7bb8444347cd0f15925456c34b980a513b071a5e918246fffe61721bbc777ee890b142f059eecb445613ab3589006736fa70fb869b737a983a8f095a1d8a7f41c6c234df35eae5995e3794d1c999239ecfc4e3319f1ed29226ab28bdee0ae586a99047810fd22c410914a42c39c305fa9d16f6c83b69cb5d0176af908a8ebb4a406c93013174b1fc47ca17cd4fb0371dc45e4a282765f2e9c2c968ee5747a6b2e100c4fbeca98b1563b8bf0205d45a8324c18f6f402490342c37bda4d529894204d55ff675a96e04ab1507ac65b474b21f61c59266a253599817aadf4eceedcfd9da0ffab32cdb2732d1f410a381b46a8aadef53cc6b19270303721e66e7d6e3433c36d410cee6a33828e087dad216d70a1dc7dda032a6b3459c83b36b2769546d1ffa9dd9a828bb02af299dd4da3d5069e38d69ec97698d552c7b8b1cd42e89058b3acc6115f1efceaf025cab5200da257f833120136d084982ee048a4f7e7c3ce7d2ac0c9ba7ff821f257e9b5b885a369fad86f875bd5158c1874bfee96131b4ec0bc268de9f53f5a78f90094f29321e7ee96e9f98ba765528b1fe5f1a9796b86f47d24768c12fe4dd756dd3a584be3e38ddb77998396a05f62a836d40d699b0771aba74bd41e7a5457497ef051ff6693da83cee72848a387751a3433d6966e851e5e4dbcf47bbb5c78517cc1e8ee3ae6aa649d3bc8c8f00b91020e6ff114c9a5075d2237c6b1233e70d2f240034c5cbfa1adf78ccfb1e9f22b55cf941ddc6dfa4b8190366e1d54fae0783851fbe45dcf939ccb4114738623dee70c083084b3dea9eb02ade879d2032731a9901e1c9e7c1816a703361f08f441b8f5e57a08c8279c2dafe2f28ff6c904639ac94a0b9734746742e439b9651043ae1f61a34190b899ff775b3ba0364f3f7005c56106bb2b072a745e366d9e2ff019d1a8880eff4534e2f59752218bdf9fa7b9772a9576b9ba0d6e119faf7cb0d8b6368b92c2e4e75c9dd99a5d9328eaa226456634b63a0a73f4624401a435e54d60f269a4f50630c4ed9a1907ecc44504491637a5b2dc5328a1d5adeb91a752ea5dc5f72c16ff4736682e35ec1e037cfbb15f53172360e19cfc606b3a08759f18bd258ad5239ab1be09078e6d1962396cf2b017e03fd38a5371ebb66b089fcea8d564272df881fece3fce99f488a1a564e81f274ed92e91d3e6b2b33f59a909240e9f26fe535061ea5a22956e69a297fdbe661753eaa9a5a47630da4e27e9be053b15105e90dc96dd5201c470eae458a920fbc336aae0c88e38c8eef311f3fe08f03e47adf25e6ed8cd3bd37c33588e55bacff1b52b65f87846e32b67d7b9b9bfe84cb05eed63f4e37ad7289098d06f08c26bef10362bdec0cb25356f731f405f6114dc7a5005fbc79a824b3a41ffaede4ef4e4fdc6dcf5c7ade626c16c3e5064e93bbfb11039d0d04c1861bfe9de7fa9c8981d420ff98c22ad01b1cc8d7e662531866cbdb22bd18d44473489b55dcce896ae768a3cb774358cf12fd611a1d854a02686ad4fc4f1e9a12ee0312764171f24964c1668df2b626c7a9661e59432a77358103c177e36eff61d786563971adc174ea2735b12f10ee2e6f246575cceeccd5383f4c1e4f42635ac9ff7a221c9363e8d11f4bc607033a9931638f60ec23fb6282c47ea898ab490e5b167c6141a2fb1805c644b6f77857fd172f2852899474ba049fa7e5201252828d6bb5da0be1c59b197bcf521d85b265f11e2f6a9141e28230e31a1eec4de372760d6a6c35fb1642776e2367b0c253bf8b9b9d871efc8aff77df2fc0c11d7bc4439484c4cdef81e61655427caf3dd3f5eb8113c9ab735e0532adf27f7562afb475f44f577208c6a98ba22f8bd9ec6ef8849d9bf9aab2cdbff536b906c7b61d0a6f81c9b56a5226ad8cb3989a2ed93be4e1972d87a4f75e41bc26215af159490a167b5656290e406c76f349cf91a324f625881da02afd701a124c60d0dd0fa1671540ca991c8c09ce433c2c74b386611eb18a79670c99f9a65bb0a76ba2eaf0142889eda9b72ab5fde7705767b5d706644240b10d03929ced87fafb4ad5ad1a8153fdc951c2558ad63f433a323f778550276fda41ca6f9326a1028988cff2a5cebcffbc64e533419eb5ab912697dfca7251b72c9a4cb4fefabd46841a453d9610e75ed1167c6aa97a1ada858f58457bbe7ac1001050cc644cfbf52b81cae6db568ee50e2aca379a0cf64610a05b7224f30b7d36436d782a047130a27f38439493bc38ad86e78fa20bffd194886332848f667645bebbb8f5d298adc7259733aac1f0e03505723170d025dd25ca2d2c396416ef433cb87c26a7384225f6e875e7a84ec0ddea6eb4586782c607d82435deb464765ad82e669e723918287b934d994f21d400cae8fee35e77b24e9a21c9a2a97a36e330d43e603701a8e84ac6b538ddfa988a22aac5178714cdbc2a5bc3db79a5b96386308f3ab3057b61898492d25f5fa181f6d52e587435fcc8808bfa8be7223c609898e095d463344439c1d0de1588ce187e4d37dd04c1020d8b82ad3aad301fa16aaae124be09b2bfb5a1aac8092a209b1c0226677dc8bb5749077d4cdc64be5faf6cacb9caf010650cfe4ef4ab0075d97c3e73ba9162949863319bf3202f59cfbc83628f19eb2f926595def6d813fb4b139e3d9f0c37eb2a66537b39864314a9e088d036b38e185c9b3cdce0af686636c5458f25a25957cdffe3576e7c35eaca889d3c745d9e3bdccf9e31304e363e3bb53a55041b35c1b25754df327ae64f6bb5b237409f84991d3fe37ad3c914d09d0c3f14aad73a4b6889fdfbbb6e560838b5202aef39c375ae9929fd3ae0ba605280123a5d7dff31e0150fe5b193e9c9089e90cec4a424dd587b6b8c1ea4611fd627c35ede7d44ca9c0a00c845106649db1c00ea15650fcc4cd3289d2e8e9b096173b035b753f143f4ef2d270aff68f472658b954d08704234273bad4c09dc112334d2be4b6f768136fcdcb8b146522d0016313d7e77e7f6beeda0d7acea7f00604c272cdca9e470aefaab119d7199241b9bdff28a8b01536ce55d3ec1b87b513f641812dd3d099ec8b80d51dffc2caea9943d6f8396e30bd7064387eb2ab4d371a2184f48642f32c43ff212c0a6c47bece77e2037acb8fce7598aff91335b2b54ede73307667caa634a6c1ceeeaa8580d457855bbd329504250ffe593fa2f33f2a769888261ffcb5dc2cf08a1af67154880e6a0ac869617bd83629934e367fa83f18d742d4c6663678a351e2598eb4450ba563385e0163d0562bf49963fb8e06c85e118613a32cbe698a6f416c4480e8f91f2eae8cccf52cd79820f865a90faeb5783d41972f548c2c021c7846e363cb9cc156892ae93babb08ddaade4a147a9b5d4e1e423f79f572318adb74ecfa206b1b3d4bdad66c94265095731ab7a234301dc237704336689c7452aa0b3676cb00ac10c1edcd4d6e9bb6f6f1fce061f61ad817f800f63b7b6f189236a81a74848ff50497592383c1985a0ef8fad4920f9f7b250d3c6f87e3634ac4b475e448050bddbe2de6858ec93590174ccc4750ef2d42c49e08053af75035a86e51c9e4e9bc9fd3dde620adcc8aec03ff46e7dd92ca72e5facbe258486f0252a5141b22c3a04628de13a1d583a35b0518e73a6978408fcef11ab03b8eb7035e6aa7fc37f1959ca0d04224afd1551095d1e4d134aa8ea1dc5068d80ebf77dd5f43936023a9897c2658783e505db43e4c307bf58e1c548d1af3e5d7793fb4cbc112cb3483ff96ac37638341fbc6d8aadea95a1fe66b942b40e49fdc2a51835377a07283bc1499bbb30f3ff0857a8fd8219ea3e74799ffd35a5c31545e846b787fb8485f0d720c5c05966ff8fcea690fe04f11271ae4c0b721d1414d9432bc436bac6a8408adab6f7daf983dc2f4c8c079967ce145876913e09b5af024577132f1e748e8f5fa835ab25834eb1101fd93bd8399169d568bc4df1c42055361fc8d0ec4960b63ba8a48a31d9784df4f91fa01f3d86f4677a197793044904c48ce0f77e3f38f8266cdc8e58ac434107ddfb6e8e264d7202a990f15333241f00da4141947714be68d2b754288e6feffcc32ea668426fb6ab79b16f04394ee91c7e7f94c61c96749eec6bac090d3fc148ea2740567427424f07577c498adb61dd26f7faee57da21e75fd971639b16f3ee7db15530e0b038ea76c1d9fcc823539483aa1afb60cea240166154bfd0ac51f198d39134df26cc9a8cf5a6a47c5e9ee6f2be3db653c0b47760ffdf30cb7ade1ca9351b686640cb848bb6d96fdf2dea66f791b6a84cce3ac462379d5de58a85ec01e7834eed7aaef00c29b42b35e6066702a9fda559e0d9b2d5b906c284fd5d6ebcc0b85f9a9381af335af55ef8d2f68428a66ae77d8106442556fb56fc5d36981d8d55c442b547eafb99266ed900f2b70a378153aac49c0ecba7cecfb53e00e8ae9b813602f4eeeb0f001700e6b3f376ece858f8aaf59cf0afdc3f503e57a624522ed02239c22df9a6e95bbdb510f8acb8200debd638a65ba9d164816cd4d9762f2f54183c6b24cad17d9e77f01c01ea6c52a58e67e2ead0823827617fad292fd7686e22bbb9af6789e710921c47404c3d55e4bee82865c505506cded99c1a0b719fa9d35752276eba150e292d8e20f651e1af2290a102152047e6cd6ee78492647aaba0e6c148dac198dd61722b73cba388e208d3dd51cfb6cd821b2ac4b4acf801aeeeb7cb8f25bd47d71ad65d418932f37b7e07da1e5b652b35eee2d4024210303fd2b691d97dd6645fb106ffa2adab4cacc953d114ef20a6beaabc8a1112914510bae5149a04ca199893f00a7520b07e87cb97b830968f9a32f17934a7ed958c07957e9e5d1709276f4399431b32054aac105b32e99ad634410800f618d5a826af3438483b50ec9a2598a58bd4b4b770c4cb2dfad3f68226a62de6df18c51912bbe8fe1d8d6482f13c60af69caa8ae6c2e8ab82f579cd335f11dd2dd8f2b747eab59e52a786d1d8299f6ba3a7a41036b8e01ad79398748", 0x1000, 0x4, &(0x7f0000001240)={0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, "3b1657ad", 0x4, "c22fa078", 0x4, 0x8, 0x87, "259c77", "79eabf4e5be1bfd35eaa113e9a141ccc3af9d4c6d88ca1f0563cb574c1453b8beba4952f9b994401c22118d5d1f4"}, 0x3, 0x2, 0x8000, &(0x7f0000001280)})
r3 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000001300), 0x8000, 0x0)
ioctl$CDROM_SET_OPTIONS(r3, 0x5320, 0x10)
ioctl$CDROM_CLEAR_OPTIONS(r3, 0x5321, 0x10)
sendmsg$NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, &(0x7f0000001400)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000013c0)={&(0x7f0000001380)={0x2c, 0x0, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4c000}, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4)
ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000001440)="0b04e7a269c6410be8f04d347872be990eb0fe5ac25d1af15470aba130c51ef08c464ca874f44e105a6183f3a5ea94657e2e313b4b9c95d51c4614090f53d6dbfd0634")
setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f00000014c0)=0x6, 0x4)
ioctl$CDROMGETSPINDOWN(r0, 0x531d, &(0x7f0000001500))
ioctl$CDROMSEEK(r2, 0x5316, &(0x7f0000001540)={0x9, 0x1, 0x81, 0x9, 0x8, 0x80})
ioctl$CDROMSTART(r1, 0x5308)
sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000001680)={&(0x7f0000001580)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001640)={&(0x7f0000001600)={0x1c, 0x0, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x95}, 0xc0)

08:29:24 executing program 7:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x138, &(0x7f0000000080)={[{0x8e, 0x4e00, "cd69c39ffb411f143a6a74e29e0e4f1547e287acf1c1d76610ddcc0c9ff5ff5de30513d4e64f42c8efad25bdc7fce178bebe59f5650f2a99903e0837b1625c8dd79ca4135660fcf73008410f0ba52c6254ba66864be8e2e2b8255cc740e97758a11554487663084e8708163a288f99440ed7985ef733340bc4f2f100164a9fca5c6c12ff8e3d641d21faf60dd2fd"}, {0x9d, 0x4e00, "dd50ca701ff9e100b56ed6cb3fcaaef794aa6b09549b0107f18ba82db749515f2a35b555623d2c692e3e880d83516cb79eb78d579e97f3d131377a13671cb7d4a65c3d6cae92e7ebadff6860ef36b6ccc62ccf0b10209084e6653285e5252c73648d74ffcde3c032ba751e901f4f568479722b968f8c355bfac89bfa007d6d83d5cdc1ce30e1fc2f9459082bae1f12e98978ad1e3038eefdf467a0af7c"}]})
r1 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
r2 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r2, 0x83, 0xca, &(0x7f00000002c0)=@generic={0x2, 0x2, 0xc2, "961b3c5e", "f1a13f5830d4bba12e8362d154cc220c885b54aa615886405f44b51fad30e99eaa098b3928182e1fd5a3d6386151abf028dcc4762976aeb3ea15b9d6a3004c238538dbfbfaf2e3b3ca3e93bc25e9c50fa25eaa3f81e4e32385df34595ce7a032c8a01d97f9d9b6948b07e9dc4223a87d406d4350f98a03ae4a466a48108fefe3239f76257636d79b35006ac11482fdd9d0ac3b68e401991e1cc77311a695917abc8b0dfd819ce9de0f8c583e7e0da3c0e14953c1aaf83bef002d0aa90fa541d2338a"})
syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x10, &(0x7f00000003c0)=@ready={0x0, 0x0, 0x8, '!\f]a', {0x1, 0xffff, 0x0, 0x4a, 0x5}})
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000400)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f0000000480)={0x8, 0x4, 0x6, 0x2, 0x9, "b607ee2f22e5729a"})
ioctl$CDROMREADALL(0xffffffffffffffff, 0x5318, &(0x7f00000004c0))
io_getevents(0x0, 0x0, 0x2, &(0x7f0000000f40)=[{}, {}], 0x0)
r3 = syz_usb_connect$printer(0x6, 0x36, &(0x7f0000000f80)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0x0, 0x1, [{{0x9, 0x4, 0x0, 0x81, 0x2, 0x7, 0x1, 0x2, 0x6, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x6, 0x5, 0x81}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0x2, 0x1, 0x74}}]}}}]}}]}}, &(0x7f0000001180)={0xa, &(0x7f0000000fc0)={0xa, 0x6, 0x200, 0x2, 0x1c, 0x3f, 0x10, 0xd5}, 0x90, &(0x7f0000001000)={0x5, 0xf, 0x90, 0x6, [@ssp_cap={0x18, 0x10, 0xa, 0x5, 0x3, 0x1, 0xf0f, 0x7, [0xff00c0, 0xc000, 0x3f00]}, @ss_container_id={0x14, 0x10, 0x4, 0x28, "5d293579e3d024f5b0209a5b5ed10e5a"}, @generic={0x44, 0x10, 0xa, "14490bdca5dc3a22c503d3ca95a36dee75660e3e2f77cb5848367a6cb37f783529f01cf447de4637a1ed1d48a28b5a236fe995f96e79f67a18923f4fe02f3eaffa"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xe, 0x1, 0xff}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xf, 0x4, 0x3f, 0x3f}, @ext_cap={0x7, 0x10, 0x2, 0x18, 0xd, 0xa, 0x200}]}, 0x3, [{0x4, &(0x7f00000010c0)=@lang_id={0x4, 0x3, 0x44f}}, {0x2f, &(0x7f0000001100)=@string={0x2f, 0x3, "2509ae29544ebb2977ae477adee5f50c47b4f76a410bd74196ac2eb6591150e73b6c76328f643242b64e6860f3"}}, {0x22, &(0x7f0000001140)=@string={0x22, 0x3, "444677c235ec1156d6e9eb528ed6b6bf37a078fe5fa1748e5eef8895449e0563"}}]})
syz_usb_control_io$printer(r3, &(0x7f0000001340)={0x14, &(0x7f00000011c0)={0x40, 0x21, 0x93, {0x93, 0x23, "b026c49389bef700b6b43a974640cb2d7042df266c0b55623ef9a7cd5689aa17bf5b17521a70a9d5d2d78eed10fdc10f2860b6513bd2c9db532721f678ef7451f5200b54c47d8872122e02c0c10399f86ebae47526a0803ce89af44ecc3f3b81f10fc56f599c73ac3c4df009308deb76c615d2df90b215d55581aa39b83e6b8df60e02fdfeb208f5ab9e548b3cfb42d365"}}, &(0x7f0000001280)={0x0, 0x3, 0xa9, @string={0xa9, 0x3, "7349c973e916c0e7e43a07bd7a93243428405d492e9e663ca403ff9e3a54bb5619973e5a122f89887df8895f442eadef38e8e0db3d95dcfa0bab1e5b8ba7ac493f4ce57e329d2cf08f3a98107462c84d3e75cb75cbb292ea497847cdaebd40c39605e4f2e9bcf81c2833b10c5c9ee54d0093d3637e093171fce696848fd3e5e475e539fadc82e9bacc605718d87aed2c15eb312db3076fb25d00961c844dccfd41cecb82f72849"}}}, &(0x7f00000015c0)={0x34, &(0x7f0000001380)={0x20, 0xd, 0x53, "712dd21eccaf73bb24df1e5a20f660889510fef17a6550b6f05fe1da1ff971128b1142131e82b992fce2b8fb27ced0ab3785039e07e2f1dea7122f70e15485500c3d4cf5747fe243e450638a529ce050baf632"}, &(0x7f0000001400)={0x0, 0xa, 0x1}, &(0x7f0000001440)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000001480)={0x20, 0x0, 0x91, {0x8f, "f5e8d7528994ff41c83deb1487883434a243586a4af0ebaf4482657b86e2a3e216dc1705a711b6e76d1569c9ad9e2f3c868a74bd8549901398178c513dfc406b14eca0a62c4389ddee56ed9e1fc386db099990f325b3a4ca88788d7025fdc1fe8ec956ea0a1eac8621b977c563c7b14be7bf654689da95cc154eb92cb1bd126ffb11a34a426a6750a4eb4c8ca92b12"}}, &(0x7f0000001540)={0x20, 0x1, 0x1, 0xff}, &(0x7f0000001580)={0x20, 0x0, 0x1, 0x9}})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r4, 0x541a, &(0x7f0000001640)=0x7)
ioctl$DVD_WRITE_STRUCT(0xffffffffffffffff, 0x5390, &(0x7f0000001680)=@copyright={0x1, 0x3, 0x80, 0xb8})
syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x12, &(0x7f0000001ec0)=@conn_svc_rsp={0x0, 0x0, 0xa, "d1faa65e", {0x3, 0x103, 0x0, 0x36, 0x100, 0x7f, 0x26}})
r5 = accept(0xffffffffffffffff, &(0x7f0000001f00)=@phonet, &(0x7f0000001f80)=0x80)
sendmsg$SMC_PNETID_GET(r5, &(0x7f0000002080)={&(0x7f0000001fc0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000002040)={&(0x7f0000002000)={0x40, 0x0, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'syzkaller0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008042}, 0x8890)
ioctl$KDENABIO(r4, 0x4b36)
syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x9e, &(0x7f0000002140)=@generic={0x2, 0x2, 0x96, "8a9fdcf2", "452d4d00b556f735dfbb395906d21ef7d352fb188ec24a4c5401650b349213fc95d2861d09961d2a760480aacb897f226e8ca6204e94f8edc2f9611eb21494309c7c9d87e2b753951788ca73c18d2e94039cedd419a2fa71ba25c4ceb702ede25ded5ff20f6d74309ed492cbcc7920e2e94444858fdc7b3d306ce3fab0e9c3834526708a9457ca030be8154e5af18019a029f3640c90"})

08:29:24 executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x0, 0x100, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x38}, 0x1, 0x0, 0x0, 0x4084}, 0x20040900)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000180)={'wpan1\x00', <r2=>0x0})
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f0000000240)={&(0x7f0000000100), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x34, r1, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x34}}, 0x24000800)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x48, r1, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_CHANNEL={0x5, 0x8, 0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x15}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x1c}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000400)={'wpan0\x00', <r4=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x50, 0x0, 0x0, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xfffe}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa0}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x18000}, 0x4040000)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x24, 0x0, 0x2, 0x0, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x5)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000680)={'wpan3\x00', <r5=>0x0})
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x1c, r1, 0x102, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000084)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000780), r6)
ioctl$CDROM_CHANGER_NSLOTS(0xffffffffffffffff, 0x5328)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000800), r0)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000840)={'wpan4\x00', <r8=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r6, &(0x7f0000000b00)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000880)={0x240, r7, 0x10, 0x70bd2a, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_DEVKEY={0xf0, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x38, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x28, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xf55190ae45cfab35}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x80000000}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x10, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x2}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x60, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xfffffffffffffff9}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x48, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x48, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_ID={0x24, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7fff}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7fff}, @NL802154_KEY_ID_ATTR_INDEX={0x5}]}, @NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xa7}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_SEC_DEVKEY={0xd0, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x94, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x2c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x38, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x2c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1ff}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x10, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}]}]}, 0x240}, 0x1, 0x0, 0x0, 0x4000040}, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r9, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x40, 0x0, 0x8, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x80}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x20}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x1c}]}, 0x40}, 0x1, 0x0, 0x0, 0x6000006}, 0x44)

08:29:24 executing program 3:
ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000000)={0x0, 0xffff, 0x1, 0x0, 0x9, "9c595fe41c031269"})
ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f0000000040)={0x7ff, 0x1000, 0x7, 0xcbdd, 0x1a, "dbd79e4e230eb8a8"})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00'})
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000000c0))
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x200000, 0x0)
ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000140)=0x4)
r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x1)
ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000180)={0x0, 0x5, 0xcd})
ioctl$TCGETA(r1, 0x5405, &(0x7f00000001c0))
io_cancel(0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x3, r0, &(0x7f0000000200)="023c", 0x2, 0x80000000, 0x0, 0x2}, &(0x7f0000000280))
r2 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$VT_OPENQRY(r2, 0x5600, &(0x7f00000002c0))
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000300)={0x1, 0x28e0, 0x100, 0x20, 0x3, "810be0c44c0968ada77c5f00ca107222877a72"})
ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f0000000740)={0xf8, 0x20, &(0x7f0000000340)="1500118514ff736ed0a3f33bdb80fe0e84a7f3fa598a3a02af9aff9a6d16adb9a7172bddfb27e044e99d04248bbf5aa892a4ca6b1d201f2c4d85c3e344ac214f503e7c0fd51bb86e3d99c590ba400877dbc366a5679d9c720569d70f2d18894d8ca9fe4d4b526473b54573c564ba9545951e0dc5c5726f1c4dfae0ff4cc4f455b54184ecdf096422b9030c6f0e72476a8ddfee978c9fb37052a0616937cca62cc2e62de1a8117f4dfb761a6b48d3baf21a20467a991eb6b4e768399a8479153a8809dc32a14802b76ec7dddb23d4b6a34fbf9b63a3b98b242b2e494f1f51a4abe56bcacd4e15300230830683cf2bc0f2e9524225094ec86b798cce77829391c7a9ca49c6261307c875905dc40ee45b118a2764fa822a87a93d432c44ec4a897b66022f50aceae242bea1319db60a6f0c9dc31a3e4689cf3ef34aa5733a9ca020666be2ccfa3069a90f45841c87d9a5cee98b49709e177120eb649926f49617a7c5ffd21f4e9fdac94887596e212133dd6d2c0b1f1f4de66179eb54821a346082d0d346f99676c07dc9e1ea7f859b30c09d1cecfb5525ab8e6f1613dc5897a28e355c8ec1153a8ceef2d93c42aa5020b3fecb79d73617b642502f79b3ed2cc3ef05bf12a36cf77297676727067e412abc488b0b19d17fc6d5201a20f71b11e393682b326c67b5c2bb7d42b270b7cbf014429638927f6d262116f7f4c59686356175b23b0d4cd5a289e25506cb714e0a693033c3240afa87d11c495c03861dfac938fcefbce71190891dc8877f53d85c1ffd72e2f49db55390ea3b003167c77d92931836fd3802164e3f51efee3effb5af1c33f7e55f8db163a977c803f90560bacefa115e70118641c4dfa075a6f2a49c4eb8f92ca989a289634822c784cedadaf4980a0747ff91cfff7d0fdf4274dcf2279a3e631ab6a30e028cc42e2ba6ea81fe192cc2170e94e92835a7cd1c610e7e529c01f65fb2ac9258cae96a5b349ead5cfd19c5299a8a6b88c3f4dd6e8371590d1285d816dc13c092476774cb7296dffdcd77eb2335a180d92d8a2f6a637c707356c2be0b1a25155cdeace93c5df7b2fa6f77e1a4feba219830633d9850785082bc2dd42c028a89f21cef8b45868893720d66656d0cb1f699fa257fd83cc04a89d36092767335bbb86717a7d0f884418ac7403109ceb78313f1becf5c28b966e4d53e3f4c006e90db0ec87181cfc65e7a65f91ef9665627f4073cd7e85416eae233f59489f7bac385f0248cc02f6d0a9e7e09a6168ccc602a94e5d9d2f4da789e0fd75090163e8519a4f0497ce294425d09673993835fb25486a84c08d175d30d488acad9882e804dc25b9b633409d37d24bb5096397bf51ab2380a8b8e110bd9681c381210fc0357dd460f12ce06412c530c1b4fd659dca27cc6ed0ffb3233fce9c9cc11cfc41196ec09e2c60df2b2"})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000780), 0x10000, 0x0)
ioctl$TIOCSERGETLSR(r4, 0x5459, &(0x7f00000007c0))
r5 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x9)
ioctl$KDDISABIO(r5, 0x4b37)

08:29:24 executing program 4:
io_setup(0x1f, &(0x7f0000000000)=<r0=>0x0)
io_submit(r0, 0x4, &(0x7f0000000400)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x7, 0xff, 0xffffffffffffffff, &(0x7f0000000040)="0b1f7f5a30c1034b85aaebc9ff05aefcf3870678d75285f6db5312675370cdefc325b04f998fc9d41019a92fee260aec5d66e2ba1d21a03dbc5d48d98b4fc210fec6ee8ca82ea099c37fe75711dba6b0f44acc2e8e5ea10d02eea8e0caa65577f39988b688f6b1db72da0976bba5565e839a072d6e3e53115a207d9904d0beac38152133a88b3c2879527e598e92c906151ee9ca8313b3e18cf96eafa5446e1899e2b846e00124da354d5e27c4c3d8f8a252edf0f460c1b9134c55100a8112327d239af1d177e33726b93055da5b46cc57b5c8099b4c91a119eb9ac9aeabca19c1a543b4029e", 0xe6, 0x1ff}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x1, 0xffffffffffffffff, &(0x7f0000000180)="af22fa097a3e0f32844c88bc290781796359e04ac5d5bdcfdb86b5d5e215df0d3c223f4d11b53e260e7dd60b50fdad82e2ca9170521270833ebfd24feb4f52fc099c61eaedc34c0b3f95b2519fdfbf9c0c096b347ef7c4e12aba8b3de6229728e9b86bb9a94d5e2651b3cfba56e215cdbf4fd31ea063fcea44dc0bb462dba273afbbbc3585ef0acf888f72b9699ce766324bb4999d646a91", 0x98, 0xcc1e, 0x0, 0x2}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000280)="9e02cda4482aa9fb3e", 0x9, 0x1, 0x0, 0x2}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x6, 0x3, 0xffffffffffffffff, &(0x7f0000000300)="d86d3b97dcc0940afee603c86e9cbb80202c1d06b8dadfad2592a5e69d78ac0ff602e7715cfd46c50c3bcb39668d3dd02d3fc172b8b6384ba1e03921feb31107af52a4c05d72de9b9acadad095a5c93ce0bc0000501a497e18944f554c4e25a1d1d0f91080a0588f161f47f7c99027ad12445ff9e9ade093bfcc11a1cef34077f46aa67ca4", 0x85, 0x4, 0x0, 0x6}])
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000440)={0x2, 0x2, 0xffffffff, 0x5, 0x14, "28118b7fbb211279ef23141e41e7a18f1902b6"})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'wpan0\x00', <r2=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEV(r1, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x40, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x40000c0)
ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f00000005c0))
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r1)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000680)='/proc/consoles\x00', 0x0, 0x0)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r1, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x1c, r3, 0x800, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20002000}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x3c, r3, 0x2, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x41)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f00000008c0), r5)
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r1, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x38, r6, 0x10, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x881)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000a00), r1)
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x34, r7, 0x9369d473bb00ed57, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000b00), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000b40), r4)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r9, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x60, r8, 0x0, 0x70bd2d, 0x25dfdbfb, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa0}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xffff}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x8}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xffff}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0102}}]}, 0x60}, 0x1, 0x0, 0x0, 0x880}, 0x20008090)

08:29:24 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x3, 0xffffffffffffffff, &(0x7f0000000000)="27bec6c271dade4c70eeefcd5b0c4e4d3d8ad62ca5905275106b326442adb916a02c3311deeffcb0e5305c0fe20c68bf87b0be4e6d519c85f4ec6f0bdd70f570cf93255f3cf096be434e6da100900aa1cb3f61c19d13166eb942af69607c23e6", 0x60, 0x89b, 0x0, 0x2, r0}])
ioctl$LOOP_SET_FD(r0, 0x4c00, r0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000140)={0x81, 0x5, 0xfffa, 0x20, 0x6})
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000180)={0xffff, 0x20, 0xffff, 0x139, 0x1a, "835c4bb69e88af471e5e54fa5b67ca079de9e0"})
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$PIO_SCRNMAP(r2, 0x4b41, &(0x7f00000001c0)="1985deed6dda")
ioctl$TIOCSRS485(r1, 0x542f, &(0x7f0000000200)={0x29, 0x2, 0x8001})
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
ioctl$HIDIOCGUCODE(r0, 0xc018480d, &(0x7f0000000240)={0x2, 0x1, 0x7fff, 0xfffffc00, 0x101, 0x1000})
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x10f000, 0x0)
ioctl$PIO_SCRNMAP(r3, 0x4b41, &(0x7f00000002c0)="88acfa6c4d65be7439bdc5ad3fdfd00b318b619ab689f6dedb0fc14c8c1b7fde0b1a")
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000300)=0x4)
r4 = syz_open_dev$hiddev(&(0x7f0000000340), 0x0, 0x1000)
ioctl$HIDIOCGUSAGE(r4, 0xc018480b, &(0x7f0000000380)={0x2, 0x1, 0xfff, 0x47b, 0x4, 0x6})
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x24200, 0x0)
ioctl$TIOCGISO7816(r5, 0x80285442, &(0x7f0000000400))
ioctl$HIDIOCSUSAGE(r4, 0x4018480c, &(0x7f0000000440)={0x3, 0x100, 0x9, 0xe072, 0x3, 0x1})

08:29:24 executing program 6:
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x40, 0x0, 0x100, 0x70bd29, 0x25dfdbfe, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ip6erspan0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x4050}, 0x54)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x3c, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xc61}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wpan4\x00', <r1=>0x0})
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x40, 0x0, 0x208, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_PAGE={0x5, 0x7, 0x11}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x18}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x7}]}, 0x40}}, 0x48004)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000500)={&(0x7f0000000380)=@delsa={0x158, 0x11, 0x20, 0x70bd2d, 0x25dfdbff, {@in=@broadcast, 0x4d4, 0xa, 0x33}, [@user_kmaddress={0x2c, 0x13, {@in=@multicast1, @in=@broadcast, 0x0, 0xa}}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0xffff}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x2}, @sec_ctx={0xcc, 0x8, {0xc8, 0x8, 0x1, 0x2, 0xc0, "66cd49bb28eac0ed36a4c3515c3f4e7bb4f1f8bee3aed8b5ad6a114a24ecef9187ba06c1fee50b5239b02c328c01a8b0d6d749c425a4dda12112774c489a3c0ec8030b124b53a4d2c20fd9b3b643d44240033af507eca9092748223b83fcfce5bdb1f46fcc2864d00259275fb386e65ebe8d00ac763dace5d83d6ce844e226c324ca6dc2699eb943b34f9f86d9b7a592854dbc17ab3f8480d666e473c2ed518ab364f86d5c479471a66637250fecf3cfaffdbcd3312c84c5d63320fad11ac06b"}}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x6}, @offload={0xc, 0x1c, {0x0, 0x2}}, @etimer_thresh={0x8, 0xc, 0xc0}, @mark={0xc, 0x15, {0x35075d, 0x1}}]}, 0x158}}, 0x30)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000005c0), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000600)={'wpan1\x00', <r4=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEV(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x1c, r3, 0x100, 0x70bd25, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8812}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r5, &(0x7f0000000900)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000008c0)={&(0x7f0000000740)={0x168, 0x0, 0x20, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_DEVKEY={0xb0, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xff5}, @NL802154_DEVKEY_ATTR_ID={0x84, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xdb5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x9}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xb89d}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x34, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x3}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_SEC_DEVKEY={0x7c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x78, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8000000}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x5c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xfff}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}]}, 0x168}}, 0x1)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x24, 0x0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008010}, 0x40004)
sendmsg$NL802154_CMD_SET_TX_POWER(r2, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x2c, 0x0, 0x300, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000080}, 0x40)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000b80), r5)
sendmsg$NL802154_CMD_GET_SEC_KEY(r0, &(0x7f0000000c40)={&(0x7f0000000b40), 0xc, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x28, r6, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4048855)
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x1c, 0x0, 0x10, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000001)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000e40)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x38, r3, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3b}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x20004044)
r7 = syz_open_dev$loop(&(0x7f0000000e80), 0x3, 0x1)
ioctl$LOOP_GET_STATUS(r7, 0x4c03, &(0x7f0000000ec0))

[   70.606148] audit: type=1400 audit(1763281764.393:7): avc:  denied  { execmem } for  pid=275 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   71.694695] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   71.696785] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   71.700517] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   71.705633] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   71.708482] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   71.709920] ==================================================================
[   71.711203] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0
[   71.712408] Read of size 2 at addr ffff88800d43f7b8 by task kworker/u11:2/292
[   71.717131] 
[   71.719696] CPU: 1 UID: 0 PID: 292 Comm: kworker/u11:2 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) 
[   71.719730] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   71.719748] Workqueue: hci0 hci_cmd_work
[   71.719785] Call Trace:
[   71.719794]  <TASK>
[   71.719803]  dump_stack_lvl+0xca/0x120
[   71.719835]  print_report+0xcb/0x610
[   71.719867]  ? __virt_addr_valid+0x100/0x5d0
[   71.719896]  ? hci_cmd_work+0x66d/0x6d0
[   71.719928]  ? hci_cmd_work+0x66d/0x6d0
[   71.719960]  kasan_report+0xca/0x100
[   71.719992]  ? hci_cmd_work+0x66d/0x6d0
[   71.720028]  hci_cmd_work+0x66d/0x6d0
[   71.720061]  process_one_work+0x8e1/0x19c0
[   71.720104]  ? __pfx_process_one_work+0x10/0x10
[   71.720139]  ? move_linked_works+0x172/0x270
[   71.720167]  ? assign_work+0x196/0x240
[   71.720203]  worker_thread+0x67e/0xe90
[   71.720238]  ? trace_irq_enable.constprop.0+0xc2/0x100
[   71.720268]  ? __pfx_worker_thread+0x10/0x10
[   71.720305]  kthread+0x3c8/0x740
[   71.720336]  ? __pfx_kthread+0x10/0x10
[   71.720367]  ? ret_from_fork+0x79/0x7a0
[   71.720392]  ? lock_release+0xc8/0x290
[   71.720431]  ? __pfx_kthread+0x10/0x10
[   71.720478]  ret_from_fork+0x67a/0x7a0
[   71.720502]  ? __pfx_ret_from_fork+0x10/0x10
[   71.720528]  ? __switch_to+0x759/0x1060
[   71.720563]  ? __pfx_kthread+0x10/0x10
[   71.720595]  ret_from_fork_asm+0x1a/0x30
[   71.720636]  </TASK>
[   71.720645] 
[   71.743205] Allocated by task 290:
[   71.743830]  kasan_save_stack+0x24/0x50
[   71.744531]  kasan_save_track+0x14/0x30
[   71.745236]  __kasan_slab_alloc+0x59/0x70
[   71.745968]  kmem_cache_alloc_node_noprof+0x228/0x6b0
[   71.746888]  __alloc_skb+0x2ab/0x370
[   71.747559]  hci_cmd_sync_alloc+0x34/0x300
[   71.748317]  __hci_cmd_sync_sk+0xf7/0x5c0
[   71.749054]  hci_read_current_iac_lap_sync+0x2c/0x170
[   71.749959]  hci_dev_open_sync+0x1874/0x1f60
[   71.750751]  hci_power_on+0xdb/0x5d0
[   71.751428]  process_one_work+0x8e1/0x19c0
[   71.752182]  worker_thread+0x67e/0xe90
[   71.752887]  kthread+0x3c8/0x740
[   71.753500]  ret_from_fork+0x67a/0x7a0
[   71.754197]  ret_from_fork_asm+0x1a/0x30
[   71.754918] 
[   71.755226] Freed by task 293:
[   71.755786]  kasan_save_stack+0x24/0x50
[   71.756486]  kasan_save_track+0x14/0x30
[   71.757180]  kasan_save_free_info+0x3a/0x60
[   71.757943]  __kasan_slab_free+0x43/0x70
[   71.758643]  kmem_cache_free+0x26f/0x500
[   71.759364]  kfree_skbmem+0x18a/0x1f0
[   71.760038]  sk_skb_reason_drop+0x10e/0x1b0
[   71.760805]  vhci_read+0x3d5/0x5d0
[   71.761442]  vfs_read+0x1eb/0xc70
[   71.762076]  ksys_read+0x121/0x240
[   71.762696]  do_syscall_64+0xbf/0x430
[   71.763365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.764272] 
[   71.764593] The buggy address belongs to the object at ffff88800d43f780
[   71.764593]  which belongs to the cache skbuff_head_cache of size 232
[   71.766822] The buggy address is located 56 bytes inside of
[   71.766822]  freed 232-byte region [ffff88800d43f780, ffff88800d43f868)
[   71.768927] 
[   71.769239] The buggy address belongs to the physical page:
[   71.770208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd43f
[   71.771564] memcg:ffff88800d6b5001
[   71.772185] anon flags: 0x100000000000000(node=0|zone=1)
[   71.773143] page_type: f5(slab)
[   71.773673] raw: 0100000000000000 ffff8880096c78c0 ffffea00002e0fc0 dead000000000003
[   71.774785] raw: 0000000000000000 00000000800c000c 00000000f5000000 ffff88800d6b5001
[   71.775881] page dumped because: kasan: bad access detected
[   71.776684] 
[   71.776942] Memory state around the buggy address:
[   71.777640]  ffff88800d43f680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.778677]  ffff88800d43f700: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   71.779702] >ffff88800d43f780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.780742]                                         ^
[   71.781470]  ffff88800d43f800: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[   71.782491]  ffff88800d43f880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   71.783510] ==================================================================
[   71.784705] Disabling lock debugging due to kernel taint
[   71.829158] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   71.830727] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   71.831792] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   71.834431] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   71.835716] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   71.838392] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   71.838876] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   71.841086] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   71.842285] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   71.843119] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   71.845188] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   71.846645] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   71.848233] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   71.849897] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   71.850757] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   71.854693] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   71.854698] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   71.856141] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   71.857131] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   71.858360] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   71.872156] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   71.873472] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   71.874704] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   71.875341] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   71.880246] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   71.885520] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   71.887817] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   71.891968] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   71.893486] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   71.896239] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   71.897390] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   71.898104] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   71.899316] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   71.902064] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   71.924355] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   73.859202] Bluetooth: hci5: command tx timeout
[   73.859387] Bluetooth: hci2: command tx timeout
[   73.859650] Bluetooth: hci0: command tx timeout
[   73.923119] Bluetooth: hci3: command tx timeout
[   73.923403] Bluetooth: hci1: command tx timeout
[   73.923638] Bluetooth: hci4: command tx timeout
[   73.989034] Bluetooth: hci6: command tx timeout
[   73.989110] Bluetooth: hci7: command tx timeout
[   75.907102] Bluetooth: hci5: command tx timeout
[   75.907127] Bluetooth: hci0: command tx timeout
[   75.907548] Bluetooth: hci2: command tx timeout
[   75.971762] Bluetooth: hci4: command tx timeout
[   75.972238] Bluetooth: hci1: command tx timeout
[   75.972625] Bluetooth: hci3: command tx timeout
[   76.035098] Bluetooth: hci7: command tx timeout
[   76.035512] Bluetooth: hci6: command tx timeout
[   77.955392] Bluetooth: hci5: command tx timeout
[   77.955835] Bluetooth: hci0: command tx timeout
[   77.956774] Bluetooth: hci2: command tx timeout
[   78.019215] Bluetooth: hci3: command tx timeout
[   78.019243] Bluetooth: hci1: command tx timeout
[   78.020082] Bluetooth: hci4: command tx timeout
[   78.083105] Bluetooth: hci6: command tx timeout
[   78.083530] Bluetooth: hci7: command tx timeout
[   80.003330] Bluetooth: hci2: command tx timeout
[   80.004804] Bluetooth: hci0: command tx timeout
[   80.004866] Bluetooth: hci5: command tx timeout
[   80.067141] Bluetooth: hci1: command tx timeout
[   80.068077] Bluetooth: hci4: command tx timeout
[   80.068486] Bluetooth: hci3: command tx timeout
[   80.131083] Bluetooth: hci6: command tx timeout
[   80.131123] Bluetooth: hci7: command tx timeout

VM DIAGNOSIS:
08:29:25  Registers:
info registers vcpu 0
RAX=0000000000040000 RBX=ffff888009548000 RCX=0000000000000000 RDX=000000000004009c
RSI=0000000000000000 RDI=ffffffff85f05f20 RBP=ffff888009548a58 RSP=ffff8880095573f0
R8 =0000000000000000 R9 =000000000000009c R10=0000000000000001 R11=0000000000000000
R12=ffff888009548af8 R13=0000000000000000 R14=0000000000000001 R15=0000000000040000
RIP=ffffffff81527d0c RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fcb1c80b900 00000000 00000000
GS =0000 ffff8880e538f000 00000000 00000000
LDT=0000 fffffe6d00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fcb1bee1cec CR3=000000000a4a8000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=79732f6563696c732e6d65747379732f XMM01=646d65747379732f6563696c732e6d65
XMM02=7379732f646d65747379732f62696c2f XMM03=006c6c696b66722d646d65747379732f
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=000055570f844330000055570f8ce8d0
XMM06=000055570f7da9b00000000000000000 XMM07=00000000000000000000000000000000
XMM08=69253d4449504e49414d0073253d5445 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff8293dc70 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff888015557620
R8 =00000000ffffffff R9 =ffffed1002aaaeb5 R10=0000000000000000 R11=fffffffffffc9720
R12=0000000000000010 R13=ffffffff889747d0 R14=ffffffff88974780 R15=ffffffff88974a40
RIP=ffffffff8293dcc5 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e548f000 00000000 00000000
LDT=0000 fffffe4300000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffda5b28f88 CR3=000000000da6a000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=2035323a39323a383020363120766f4e XMM01=5d3333363530372e31372020205b203a
XMM02=20333263307830206363206465746365 XMM03=6f7465756c42205d3333363530372e31
XMM04=2034323a39323a383020363120766f4e XMM05=65636f72703d7373616c63742030733a
XMM06=733a755f6d65747379733d747865746e XMM07=725f6d65747379733a755f6d65747379
XMM08=7475636578652d7a7973223d6d6d6f63 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000