Warning: Permanently added '[localhost]:33527' (ECDSA) to the list of known hosts.
2025/11/14 10:15:38 fuzzer started
2025/11/14 10:15:39 dialing manager at localhost:37161
syzkaller login: [   43.624859] cgroup: Unknown subsys name 'net'
[   43.744487] cgroup: Unknown subsys name 'cpuset'
[   43.790843] cgroup: Unknown subsys name 'rlimit'
2025/11/14 10:15:48 syscalls: 2214
2025/11/14 10:15:48 code coverage: enabled
2025/11/14 10:15:48 comparison tracing: enabled
2025/11/14 10:15:48 extra coverage: enabled
2025/11/14 10:15:48 setuid sandbox: enabled
2025/11/14 10:15:48 namespace sandbox: enabled
2025/11/14 10:15:48 Android sandbox: enabled
2025/11/14 10:15:48 fault injection: enabled
2025/11/14 10:15:48 leak checking: enabled
2025/11/14 10:15:48 net packet injection: enabled
2025/11/14 10:15:48 net device setup: enabled
2025/11/14 10:15:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/11/14 10:15:48 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/11/14 10:15:48 USB emulation: enabled
2025/11/14 10:15:48 hci packet injection: enabled
2025/11/14 10:15:48 wifi device emulation: enabled
2025/11/14 10:15:48 802.15.4 emulation: enabled
2025/11/14 10:15:48 fetching corpus: 50, signal 18660/20523 (executing program)
2025/11/14 10:15:49 fetching corpus: 100, signal 26899/30459 (executing program)
2025/11/14 10:15:49 fetching corpus: 150, signal 36477/41575 (executing program)
2025/11/14 10:15:49 fetching corpus: 200, signal 49764/56149 (executing program)
2025/11/14 10:15:49 fetching corpus: 250, signal 57432/65134 (executing program)
2025/11/14 10:15:49 fetching corpus: 300, signal 64530/73368 (executing program)
2025/11/14 10:15:49 fetching corpus: 350, signal 69862/79844 (executing program)
2025/11/14 10:15:49 fetching corpus: 400, signal 73584/84714 (executing program)
2025/11/14 10:15:49 fetching corpus: 450, signal 77180/89437 (executing program)
2025/11/14 10:15:49 fetching corpus: 500, signal 79591/93018 (executing program)
2025/11/14 10:15:49 fetching corpus: 550, signal 82720/97199 (executing program)
2025/11/14 10:15:49 fetching corpus: 600, signal 84224/99896 (executing program)
2025/11/14 10:15:50 fetching corpus: 650, signal 86599/103336 (executing program)
2025/11/14 10:15:50 fetching corpus: 700, signal 89307/107081 (executing program)
2025/11/14 10:15:50 fetching corpus: 750, signal 91518/110292 (executing program)
2025/11/14 10:15:50 fetching corpus: 800, signal 93933/113577 (executing program)
2025/11/14 10:15:50 fetching corpus: 850, signal 95803/116382 (executing program)
2025/11/14 10:15:50 fetching corpus: 900, signal 98430/119843 (executing program)
2025/11/14 10:15:50 fetching corpus: 950, signal 100032/122361 (executing program)
2025/11/14 10:15:50 fetching corpus: 1000, signal 102969/125975 (executing program)
2025/11/14 10:15:50 fetching corpus: 1050, signal 105340/129055 (executing program)
2025/11/14 10:15:50 fetching corpus: 1100, signal 106242/130914 (executing program)
2025/11/14 10:15:51 fetching corpus: 1150, signal 108237/133669 (executing program)
2025/11/14 10:15:51 fetching corpus: 1200, signal 110835/136839 (executing program)
2025/11/14 10:15:51 fetching corpus: 1250, signal 112587/139282 (executing program)
2025/11/14 10:15:51 fetching corpus: 1300, signal 113918/141357 (executing program)
2025/11/14 10:15:51 fetching corpus: 1350, signal 114798/143092 (executing program)
2025/11/14 10:15:51 fetching corpus: 1400, signal 116313/145333 (executing program)
2025/11/14 10:15:51 fetching corpus: 1450, signal 117562/147300 (executing program)
2025/11/14 10:15:51 fetching corpus: 1500, signal 118652/149176 (executing program)
2025/11/14 10:15:51 fetching corpus: 1550, signal 119609/150890 (executing program)
2025/11/14 10:15:52 fetching corpus: 1600, signal 120770/152737 (executing program)
2025/11/14 10:15:52 fetching corpus: 1650, signal 122533/155061 (executing program)
2025/11/14 10:15:52 fetching corpus: 1700, signal 123520/156741 (executing program)
2025/11/14 10:15:52 fetching corpus: 1750, signal 124717/158618 (executing program)
2025/11/14 10:15:52 fetching corpus: 1800, signal 125612/160228 (executing program)
2025/11/14 10:15:52 fetching corpus: 1850, signal 126570/161811 (executing program)
2025/11/14 10:15:52 fetching corpus: 1900, signal 127703/163555 (executing program)
2025/11/14 10:15:52 fetching corpus: 1950, signal 128854/165260 (executing program)
2025/11/14 10:15:52 fetching corpus: 2000, signal 129693/166719 (executing program)
2025/11/14 10:15:52 fetching corpus: 2050, signal 130736/168346 (executing program)
2025/11/14 10:15:52 fetching corpus: 2100, signal 132705/170593 (executing program)
2025/11/14 10:15:52 fetching corpus: 2150, signal 133531/172012 (executing program)
2025/11/14 10:15:53 fetching corpus: 2200, signal 135673/174279 (executing program)
2025/11/14 10:15:53 fetching corpus: 2250, signal 136615/175744 (executing program)
2025/11/14 10:15:53 fetching corpus: 2300, signal 137823/177402 (executing program)
2025/11/14 10:15:53 fetching corpus: 2350, signal 138639/178753 (executing program)
2025/11/14 10:15:53 fetching corpus: 2400, signal 139300/180010 (executing program)
2025/11/14 10:15:53 fetching corpus: 2450, signal 140697/181668 (executing program)
2025/11/14 10:15:53 fetching corpus: 2500, signal 141672/183113 (executing program)
2025/11/14 10:15:53 fetching corpus: 2550, signal 143630/185104 (executing program)
2025/11/14 10:15:53 fetching corpus: 2600, signal 144496/186390 (executing program)
2025/11/14 10:15:53 fetching corpus: 2650, signal 146452/188328 (executing program)
2025/11/14 10:15:54 fetching corpus: 2700, signal 147364/189599 (executing program)
2025/11/14 10:15:54 fetching corpus: 2750, signal 148184/190813 (executing program)
2025/11/14 10:15:54 fetching corpus: 2800, signal 148874/191982 (executing program)
2025/11/14 10:15:54 fetching corpus: 2850, signal 150103/193387 (executing program)
2025/11/14 10:15:54 fetching corpus: 2900, signal 150691/194467 (executing program)
2025/11/14 10:15:54 fetching corpus: 2950, signal 151532/195630 (executing program)
2025/11/14 10:15:54 fetching corpus: 3000, signal 152311/196777 (executing program)
2025/11/14 10:15:54 fetching corpus: 3050, signal 153024/197838 (executing program)
2025/11/14 10:15:54 fetching corpus: 3100, signal 153640/198830 (executing program)
2025/11/14 10:15:54 fetching corpus: 3150, signal 154338/199885 (executing program)
2025/11/14 10:15:55 fetching corpus: 3200, signal 154957/200899 (executing program)
2025/11/14 10:15:55 fetching corpus: 3250, signal 155506/201869 (executing program)
2025/11/14 10:15:55 fetching corpus: 3300, signal 156396/202998 (executing program)
2025/11/14 10:15:55 fetching corpus: 3350, signal 157219/204080 (executing program)
2025/11/14 10:15:55 fetching corpus: 3400, signal 158064/205139 (executing program)
2025/11/14 10:15:55 fetching corpus: 3450, signal 158539/206013 (executing program)
2025/11/14 10:15:55 fetching corpus: 3500, signal 159091/206925 (executing program)
2025/11/14 10:15:55 fetching corpus: 3550, signal 159606/207828 (executing program)
2025/11/14 10:15:55 fetching corpus: 3600, signal 160323/208820 (executing program)
2025/11/14 10:15:56 fetching corpus: 3650, signal 160865/209723 (executing program)
2025/11/14 10:15:56 fetching corpus: 3700, signal 161496/210621 (executing program)
2025/11/14 10:15:56 fetching corpus: 3750, signal 162039/211455 (executing program)
2025/11/14 10:15:56 fetching corpus: 3800, signal 162675/212340 (executing program)
2025/11/14 10:15:56 fetching corpus: 3850, signal 163301/213227 (executing program)
2025/11/14 10:15:56 fetching corpus: 3900, signal 163828/214044 (executing program)
2025/11/14 10:15:56 fetching corpus: 3950, signal 164818/215068 (executing program)
2025/11/14 10:15:56 fetching corpus: 4000, signal 165428/215901 (executing program)
2025/11/14 10:15:56 fetching corpus: 4050, signal 166083/216791 (executing program)
2025/11/14 10:15:56 fetching corpus: 4100, signal 166592/217570 (executing program)
2025/11/14 10:15:57 fetching corpus: 4150, signal 166961/218296 (executing program)
2025/11/14 10:15:57 fetching corpus: 4200, signal 167462/219127 (executing program)
2025/11/14 10:15:57 fetching corpus: 4250, signal 168024/219868 (executing program)
2025/11/14 10:15:57 fetching corpus: 4300, signal 168581/220656 (executing program)
2025/11/14 10:15:57 fetching corpus: 4350, signal 169451/221471 (executing program)
2025/11/14 10:15:57 fetching corpus: 4400, signal 169833/222196 (executing program)
2025/11/14 10:15:57 fetching corpus: 4450, signal 170499/222967 (executing program)
2025/11/14 10:15:57 fetching corpus: 4500, signal 171074/223697 (executing program)
2025/11/14 10:15:57 fetching corpus: 4550, signal 171524/224394 (executing program)
2025/11/14 10:15:57 fetching corpus: 4600, signal 172104/225109 (executing program)
2025/11/14 10:15:58 fetching corpus: 4650, signal 172682/225838 (executing program)
2025/11/14 10:15:58 fetching corpus: 4700, signal 173151/226507 (executing program)
2025/11/14 10:15:58 fetching corpus: 4750, signal 173651/227222 (executing program)
2025/11/14 10:15:58 fetching corpus: 4800, signal 174435/227968 (executing program)
2025/11/14 10:15:58 fetching corpus: 4850, signal 174896/228594 (executing program)
2025/11/14 10:15:58 fetching corpus: 4900, signal 175810/229354 (executing program)
2025/11/14 10:15:58 fetching corpus: 4950, signal 176247/230005 (executing program)
2025/11/14 10:15:58 fetching corpus: 5000, signal 176938/230677 (executing program)
2025/11/14 10:15:58 fetching corpus: 5050, signal 177427/231298 (executing program)
2025/11/14 10:15:58 fetching corpus: 5100, signal 177714/231902 (executing program)
2025/11/14 10:15:59 fetching corpus: 5150, signal 178158/232488 (executing program)
2025/11/14 10:15:59 fetching corpus: 5200, signal 178563/233077 (executing program)
2025/11/14 10:15:59 fetching corpus: 5250, signal 179023/233663 (executing program)
2025/11/14 10:15:59 fetching corpus: 5300, signal 179468/234229 (executing program)
2025/11/14 10:15:59 fetching corpus: 5350, signal 180176/234827 (executing program)
2025/11/14 10:15:59 fetching corpus: 5400, signal 180742/235414 (executing program)
2025/11/14 10:15:59 fetching corpus: 5450, signal 181234/235957 (executing program)
2025/11/14 10:15:59 fetching corpus: 5500, signal 181830/236504 (executing program)
2025/11/14 10:15:59 fetching corpus: 5550, signal 182389/237085 (executing program)
2025/11/14 10:15:59 fetching corpus: 5600, signal 182983/237617 (executing program)
2025/11/14 10:16:00 fetching corpus: 5650, signal 183367/238147 (executing program)
2025/11/14 10:16:00 fetching corpus: 5700, signal 183822/238630 (executing program)
2025/11/14 10:16:00 fetching corpus: 5750, signal 184224/239152 (executing program)
2025/11/14 10:16:00 fetching corpus: 5800, signal 184729/239609 (executing program)
2025/11/14 10:16:00 fetching corpus: 5850, signal 185184/240145 (executing program)
2025/11/14 10:16:00 fetching corpus: 5900, signal 185494/240618 (executing program)
2025/11/14 10:16:00 fetching corpus: 5950, signal 185804/241102 (executing program)
2025/11/14 10:16:00 fetching corpus: 6000, signal 186247/241559 (executing program)
2025/11/14 10:16:00 fetching corpus: 6050, signal 186682/242022 (executing program)
2025/11/14 10:16:00 fetching corpus: 6100, signal 187396/242022 (executing program)
2025/11/14 10:16:00 fetching corpus: 6150, signal 187731/242022 (executing program)
2025/11/14 10:16:01 fetching corpus: 6200, signal 188473/242022 (executing program)
2025/11/14 10:16:01 fetching corpus: 6250, signal 188928/242022 (executing program)
2025/11/14 10:16:01 fetching corpus: 6300, signal 189203/242022 (executing program)
2025/11/14 10:16:01 fetching corpus: 6350, signal 189548/242022 (executing program)
2025/11/14 10:16:01 fetching corpus: 6400, signal 189885/242022 (executing program)
2025/11/14 10:16:01 fetching corpus: 6450, signal 190145/242022 (executing program)
2025/11/14 10:16:01 fetching corpus: 6500, signal 190453/242022 (executing program)
2025/11/14 10:16:01 fetching corpus: 6550, signal 190844/242022 (executing program)
2025/11/14 10:16:01 fetching corpus: 6600, signal 191158/242022 (executing program)
2025/11/14 10:16:01 fetching corpus: 6650, signal 191614/242022 (executing program)
2025/11/14 10:16:01 fetching corpus: 6700, signal 192005/242022 (executing program)
2025/11/14 10:16:02 fetching corpus: 6750, signal 192406/242022 (executing program)
2025/11/14 10:16:02 fetching corpus: 6800, signal 192979/242022 (executing program)
2025/11/14 10:16:02 fetching corpus: 6850, signal 193236/242022 (executing program)
2025/11/14 10:16:02 fetching corpus: 6900, signal 193529/242022 (executing program)
2025/11/14 10:16:02 fetching corpus: 6950, signal 193861/242022 (executing program)
2025/11/14 10:16:02 fetching corpus: 7000, signal 194267/242022 (executing program)
2025/11/14 10:16:02 fetching corpus: 7050, signal 194605/242022 (executing program)
2025/11/14 10:16:02 fetching corpus: 7100, signal 194939/242022 (executing program)
2025/11/14 10:16:02 fetching corpus: 7150, signal 195390/242022 (executing program)
2025/11/14 10:16:02 fetching corpus: 7200, signal 195607/242022 (executing program)
2025/11/14 10:16:03 fetching corpus: 7250, signal 196114/242022 (executing program)
2025/11/14 10:16:03 fetching corpus: 7300, signal 196447/242022 (executing program)
2025/11/14 10:16:03 fetching corpus: 7350, signal 196816/242022 (executing program)
2025/11/14 10:16:03 fetching corpus: 7400, signal 197165/242022 (executing program)
2025/11/14 10:16:03 fetching corpus: 7450, signal 197499/242022 (executing program)
2025/11/14 10:16:03 fetching corpus: 7500, signal 197732/242022 (executing program)
2025/11/14 10:16:03 fetching corpus: 7550, signal 197976/242022 (executing program)
2025/11/14 10:16:03 fetching corpus: 7600, signal 198279/242022 (executing program)
2025/11/14 10:16:03 fetching corpus: 7650, signal 198538/242022 (executing program)
2025/11/14 10:16:03 fetching corpus: 7700, signal 198846/242022 (executing program)
2025/11/14 10:16:03 fetching corpus: 7750, signal 199201/242022 (executing program)
2025/11/14 10:16:04 fetching corpus: 7800, signal 199716/242022 (executing program)
2025/11/14 10:16:04 fetching corpus: 7850, signal 200158/242022 (executing program)
2025/11/14 10:16:04 fetching corpus: 7900, signal 200417/242022 (executing program)
2025/11/14 10:16:04 fetching corpus: 7950, signal 200743/242022 (executing program)
2025/11/14 10:16:04 fetching corpus: 8000, signal 201180/242022 (executing program)
2025/11/14 10:16:04 fetching corpus: 8050, signal 201425/242022 (executing program)
2025/11/14 10:16:04 fetching corpus: 8100, signal 202057/242022 (executing program)
2025/11/14 10:16:04 fetching corpus: 8150, signal 202285/242022 (executing program)
2025/11/14 10:16:04 fetching corpus: 8200, signal 202574/242022 (executing program)
2025/11/14 10:16:04 fetching corpus: 8250, signal 202854/242022 (executing program)
2025/11/14 10:16:05 fetching corpus: 8300, signal 203123/242022 (executing program)
2025/11/14 10:16:05 fetching corpus: 8350, signal 203401/242022 (executing program)
2025/11/14 10:16:05 fetching corpus: 8400, signal 203749/242022 (executing program)
2025/11/14 10:16:05 fetching corpus: 8450, signal 203997/242022 (executing program)
2025/11/14 10:16:05 fetching corpus: 8500, signal 204239/242029 (executing program)
2025/11/14 10:16:05 fetching corpus: 8550, signal 204448/242029 (executing program)
2025/11/14 10:16:05 fetching corpus: 8600, signal 204789/242029 (executing program)
2025/11/14 10:16:05 fetching corpus: 8650, signal 205125/242029 (executing program)
2025/11/14 10:16:05 fetching corpus: 8700, signal 205441/242029 (executing program)
2025/11/14 10:16:05 fetching corpus: 8750, signal 205741/242029 (executing program)
2025/11/14 10:16:05 fetching corpus: 8800, signal 206616/242029 (executing program)
2025/11/14 10:16:06 fetching corpus: 8850, signal 206891/242040 (executing program)
2025/11/14 10:16:06 fetching corpus: 8900, signal 207090/242040 (executing program)
2025/11/14 10:16:06 fetching corpus: 8950, signal 207393/242040 (executing program)
2025/11/14 10:16:06 fetching corpus: 9000, signal 207849/242040 (executing program)
2025/11/14 10:16:06 fetching corpus: 9050, signal 208080/242040 (executing program)
2025/11/14 10:16:06 fetching corpus: 9100, signal 208324/242040 (executing program)
2025/11/14 10:16:06 fetching corpus: 9150, signal 208577/242040 (executing program)
2025/11/14 10:16:06 fetching corpus: 9200, signal 208847/242040 (executing program)
2025/11/14 10:16:06 fetching corpus: 9250, signal 209057/242040 (executing program)
2025/11/14 10:16:06 fetching corpus: 9300, signal 209506/242043 (executing program)
2025/11/14 10:16:06 fetching corpus: 9350, signal 209766/242043 (executing program)
2025/11/14 10:16:06 fetching corpus: 9400, signal 210077/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 9450, signal 210342/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 9500, signal 210648/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 9550, signal 210882/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 9600, signal 211180/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 9650, signal 211387/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 9700, signal 211625/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 9750, signal 211914/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 9800, signal 212121/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 9850, signal 212438/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 9900, signal 212682/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 9950, signal 212907/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 10000, signal 213335/242044 (executing program)
2025/11/14 10:16:07 fetching corpus: 10050, signal 213521/242044 (executing program)
2025/11/14 10:16:08 fetching corpus: 10100, signal 213730/242044 (executing program)
2025/11/14 10:16:08 fetching corpus: 10150, signal 214029/242047 (executing program)
2025/11/14 10:16:08 fetching corpus: 10200, signal 214194/242047 (executing program)
2025/11/14 10:16:08 fetching corpus: 10250, signal 214509/242047 (executing program)
2025/11/14 10:16:08 fetching corpus: 10300, signal 214777/242047 (executing program)
2025/11/14 10:16:08 fetching corpus: 10350, signal 215019/242047 (executing program)
2025/11/14 10:16:08 fetching corpus: 10400, signal 215361/242047 (executing program)
2025/11/14 10:16:08 fetching corpus: 10450, signal 215745/242047 (executing program)
2025/11/14 10:16:08 fetching corpus: 10500, signal 215936/242047 (executing program)
2025/11/14 10:16:08 fetching corpus: 10550, signal 216227/242047 (executing program)
2025/11/14 10:16:09 fetching corpus: 10600, signal 216437/242047 (executing program)
2025/11/14 10:16:09 fetching corpus: 10650, signal 216657/242049 (executing program)
2025/11/14 10:16:09 fetching corpus: 10700, signal 216895/242049 (executing program)
2025/11/14 10:16:09 fetching corpus: 10750, signal 217153/242049 (executing program)
2025/11/14 10:16:09 fetching corpus: 10800, signal 217409/242049 (executing program)
2025/11/14 10:16:09 fetching corpus: 10850, signal 217628/242049 (executing program)
2025/11/14 10:16:09 fetching corpus: 10900, signal 217829/242050 (executing program)
2025/11/14 10:16:09 fetching corpus: 10950, signal 218065/242050 (executing program)
2025/11/14 10:16:09 fetching corpus: 11000, signal 218394/242050 (executing program)
2025/11/14 10:16:10 fetching corpus: 11050, signal 218732/242050 (executing program)
2025/11/14 10:16:10 fetching corpus: 11100, signal 219005/242050 (executing program)
2025/11/14 10:16:10 fetching corpus: 11150, signal 219255/242050 (executing program)
2025/11/14 10:16:10 fetching corpus: 11200, signal 219546/242050 (executing program)
2025/11/14 10:16:10 fetching corpus: 11250, signal 219768/242050 (executing program)
2025/11/14 10:16:10 fetching corpus: 11300, signal 220030/242050 (executing program)
2025/11/14 10:16:10 fetching corpus: 11350, signal 220232/242050 (executing program)
2025/11/14 10:16:10 fetching corpus: 11400, signal 220496/242050 (executing program)
2025/11/14 10:16:10 fetching corpus: 11450, signal 220880/242050 (executing program)
2025/11/14 10:16:10 fetching corpus: 11500, signal 221091/242051 (executing program)
2025/11/14 10:16:10 fetching corpus: 11550, signal 221268/242051 (executing program)
2025/11/14 10:16:11 fetching corpus: 11600, signal 221742/242051 (executing program)
2025/11/14 10:16:11 fetching corpus: 11650, signal 221892/242051 (executing program)
2025/11/14 10:16:11 fetching corpus: 11700, signal 222083/242051 (executing program)
2025/11/14 10:16:11 fetching corpus: 11750, signal 222442/242051 (executing program)
2025/11/14 10:16:11 fetching corpus: 11800, signal 222615/242051 (executing program)
2025/11/14 10:16:11 fetching corpus: 11850, signal 222932/242051 (executing program)
2025/11/14 10:16:11 fetching corpus: 11900, signal 223232/242051 (executing program)
2025/11/14 10:16:11 fetching corpus: 11950, signal 223427/242053 (executing program)
2025/11/14 10:16:11 fetching corpus: 12000, signal 223678/242053 (executing program)
2025/11/14 10:16:11 fetching corpus: 12050, signal 223904/242053 (executing program)
2025/11/14 10:16:11 fetching corpus: 12100, signal 224815/242053 (executing program)
2025/11/14 10:16:12 fetching corpus: 12150, signal 225097/242053 (executing program)
2025/11/14 10:16:12 fetching corpus: 12200, signal 225370/242053 (executing program)
2025/11/14 10:16:12 fetching corpus: 12250, signal 225530/242053 (executing program)
2025/11/14 10:16:12 fetching corpus: 12300, signal 225930/242053 (executing program)
2025/11/14 10:16:12 fetching corpus: 12350, signal 226103/242073 (executing program)
2025/11/14 10:16:12 fetching corpus: 12400, signal 226278/242073 (executing program)
2025/11/14 10:16:12 fetching corpus: 12450, signal 226511/242073 (executing program)
2025/11/14 10:16:12 fetching corpus: 12500, signal 226645/242073 (executing program)
2025/11/14 10:16:12 fetching corpus: 12550, signal 226850/242073 (executing program)
2025/11/14 10:16:12 fetching corpus: 12600, signal 227022/242073 (executing program)
2025/11/14 10:16:12 fetching corpus: 12650, signal 227337/242073 (executing program)
2025/11/14 10:16:13 fetching corpus: 12700, signal 227517/242073 (executing program)
2025/11/14 10:16:13 fetching corpus: 12750, signal 227776/242077 (executing program)
2025/11/14 10:16:13 fetching corpus: 12800, signal 227964/242077 (executing program)
2025/11/14 10:16:13 fetching corpus: 12850, signal 228180/242077 (executing program)
2025/11/14 10:16:13 fetching corpus: 12900, signal 228382/242077 (executing program)
2025/11/14 10:16:13 fetching corpus: 12950, signal 228558/242077 (executing program)
2025/11/14 10:16:13 fetching corpus: 13000, signal 228791/242077 (executing program)
2025/11/14 10:16:13 fetching corpus: 13050, signal 228924/242077 (executing program)
2025/11/14 10:16:13 fetching corpus: 13100, signal 229104/242077 (executing program)
2025/11/14 10:16:13 fetching corpus: 13150, signal 229426/242077 (executing program)
2025/11/14 10:16:14 fetching corpus: 13200, signal 229602/242077 (executing program)
2025/11/14 10:16:14 fetching corpus: 13250, signal 229818/242077 (executing program)
2025/11/14 10:16:14 fetching corpus: 13300, signal 230088/242077 (executing program)
2025/11/14 10:16:14 fetching corpus: 13350, signal 230263/242077 (executing program)
2025/11/14 10:16:14 fetching corpus: 13400, signal 230409/242077 (executing program)
2025/11/14 10:16:14 fetching corpus: 13450, signal 230632/242077 (executing program)
2025/11/14 10:16:14 fetching corpus: 13500, signal 230804/242077 (executing program)
2025/11/14 10:16:14 fetching corpus: 13550, signal 230936/242077 (executing program)
2025/11/14 10:16:14 fetching corpus: 13600, signal 231093/242077 (executing program)
2025/11/14 10:16:14 fetching corpus: 13650, signal 231230/242077 (executing program)
2025/11/14 10:16:15 fetching corpus: 13700, signal 231410/242077 (executing program)
2025/11/14 10:16:15 fetching corpus: 13750, signal 231574/242077 (executing program)
2025/11/14 10:16:15 fetching corpus: 13800, signal 231738/242077 (executing program)
2025/11/14 10:16:15 fetching corpus: 13850, signal 231961/242077 (executing program)
2025/11/14 10:16:15 fetching corpus: 13900, signal 232140/242077 (executing program)
2025/11/14 10:16:15 fetching corpus: 13950, signal 232324/242077 (executing program)
2025/11/14 10:16:15 fetching corpus: 14000, signal 232496/242077 (executing program)
2025/11/14 10:16:15 fetching corpus: 14050, signal 232684/242077 (executing program)
2025/11/14 10:16:15 fetching corpus: 14100, signal 232896/242077 (executing program)
2025/11/14 10:16:15 fetching corpus: 14150, signal 233089/242077 (executing program)
2025/11/14 10:16:16 fetching corpus: 14200, signal 233301/242077 (executing program)
2025/11/14 10:16:16 fetching corpus: 14250, signal 233471/242077 (executing program)
2025/11/14 10:16:16 fetching corpus: 14300, signal 233667/242077 (executing program)
2025/11/14 10:16:16 fetching corpus: 14350, signal 233849/242077 (executing program)
2025/11/14 10:16:16 fetching corpus: 14400, signal 234027/242077 (executing program)
2025/11/14 10:16:16 fetching corpus: 14450, signal 234206/242077 (executing program)
2025/11/14 10:16:16 fetching corpus: 14500, signal 234385/242077 (executing program)
2025/11/14 10:16:16 fetching corpus: 14550, signal 234547/242077 (executing program)
2025/11/14 10:16:16 fetching corpus: 14600, signal 234772/242077 (executing program)
2025/11/14 10:16:16 fetching corpus: 14650, signal 234942/242077 (executing program)
2025/11/14 10:16:16 fetching corpus: 14700, signal 235106/242077 (executing program)
2025/11/14 10:16:16 fetching corpus: 14750, signal 235265/242077 (executing program)
2025/11/14 10:16:17 fetching corpus: 14800, signal 235379/242079 (executing program)
2025/11/14 10:16:17 fetching corpus: 14809, signal 235408/242079 (executing program)
2025/11/14 10:16:17 fetching corpus: 14809, signal 235408/242079 (executing program)
2025/11/14 10:16:18 starting 8 fuzzer processes
10:16:18 executing program 0:
ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40046629, &(0x7f0000000000))
ioctl$SIOCGIFHWADDR(0xffffffffffffffff, 0x8927, &(0x7f0000000040)={'gre0\x00'})
fstat(0xffffffffffffffff, &(0x7f0000000080))
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000100)=':\'+\x00', 0x0, 0xffffffffffffffff)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/udp6\x00')
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r2=>r1, {0x4}}, './file0\x00'})
ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f00000001c0)=0x7)
ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f0000000200))
r3 = pidfd_getfd(r0, r2, 0x0)
write$sndseq(r3, &(0x7f0000000240)=[{0x7, 0x70, 0x3, 0x4, @tick=0x5, {0x6, 0x8}, {0x72, 0x6}, @raw32={[0x7ff, 0x8, 0x1000]}}, {0x3, 0xff, 0xb0, 0x9, @time={0x80000001, 0xfffffff8}, {0x9, 0x3}, {0x95, 0x81}, @time=@time={0x8, 0x2}}, {0x7, 0x7, 0x0, 0x4, @time={0x6, 0x63}, {0xff, 0x3}, {0x6, 0x6}, @connect={{0x5, 0x8}, {0x49, 0xa6}}}, {0x8d, 0xff, 0x0, 0xcd, @time={0x2, 0x400}, {0x6, 0x3}, {0xf0, 0xb7}, @result={0x5, 0x7}}, {0x4, 0x7, 0x8, 0x3f, @time={0x8, 0xb3000000}, {0x0, 0x9}, {0x7, 0x2}, @raw32={[0x7, 0x3f, 0xdb]}}], 0x8c)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x6)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000300)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, <r4=>0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000700)={0x4, 0x102f5ccc6e8f462d, {0x6, @usage=0x5, 0x0, 0x9, 0x4, 0x2, 0x3f, 0xff, 0x0, @usage=0xfffffffffffffff7, 0x1000, 0x1, [0xfffffffffffff9fe, 0x81, 0xffff, 0x158, 0x5, 0xfffffffffffffffc]}, {0x200, @struct={0x9, 0x8}, 0x0, 0x291ad0f7, 0x6, 0x3, 0x6, 0x5, 0xb1, @usage=0x2, 0x3f, 0x1, [0x2, 0x7, 0x6515380000000000, 0x9, 0x7f, 0x585]}, {0x9, @struct={0x7ff, 0x800}, r4, 0x1, 0x733, 0x1, 0x0, 0x100000001, 0x20, @struct={0x4a0, 0x1}, 0x3, 0x7, [0x40, 0xa488, 0x6, 0x1, 0x4, 0x6]}, {0x1000, 0x40, 0x7}})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000b00)={0x9, 0x0, {0x3, 0x0, 0x1000, 0xd945a35363d6d97b, 0x2}, 0xfff})
r5 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000b80), 0x1, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000bc0)='./file0\x00', 0x3000, 0x4)
close_range(r5, r6, 0x2)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000c00), 0x1, 0x0)

10:16:18 executing program 1:
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x400, 0x70bd29, 0x7, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x81}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x3}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x8}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x0, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x24, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HOLDING_TIMEOUT={0x6, 0x3, 0xd7}, @NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR={0x8, 0x15, 0x9b}, @NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0x40}, @NL80211_MESHCONF_MAX_RETRIES={0x5, 0x5, 0x7}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000004}, 0x28000)
clock_gettime(0x0, &(0x7f0000000200)={<r0=>0x0, <r1=>0x0})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_LINK_TIMEOUT={0xf, 0x2, 0x0, 0x0, 0x0, &(0x7f0000000240)={r0, r1+10000000}}, 0x346f)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x2, 0x71}}}}, ["", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x810}, 0x48840)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000003c0))
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000400)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff}, './file0\x00'})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
ppoll(&(0x7f0000000440)=[{r2}, {0xffffffffffffffff, 0x43e0}, {0xffffffffffffffff, 0xa200}, {0xffffffffffffffff, 0x5200}, {r3, 0x4010}, {0xffffffffffffffff, 0x240}, {0xffffffffffffffff, 0x10}], 0x7, &(0x7f0000000480), &(0x7f00000004c0), 0x8)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x2c, 0x0, 0x0, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x9}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x40800)
io_getevents(0x0, 0x8, 0x4, &(0x7f0000000600)=[{}, {}, {}, {}], &(0x7f0000000680))
clock_gettime(0x4, &(0x7f00000006c0))
write$binfmt_script(r3, &(0x7f0000000700)={'#! ', './file0', [{0x20, '\x00'}], 0xa, "605377e72fac49887d05ac5fc0c6"}, 0x1b)
openat$sr(0xffffffffffffff9c, &(0x7f0000000740), 0xa0000, 0x0)
clock_gettime(0x7, &(0x7f0000000780))
r4 = syz_open_dev$vcsn(&(0x7f00000007c0), 0xffffffff, 0x240000)
sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f0000000940)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000900)={&(0x7f0000000840)={0xb0, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x40, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xf3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x27}}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x81}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x20}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xf57}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x10000}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x20044000}, 0x4010)
sendmsg$NL80211_CMD_GET_MPP(r4, &(0x7f0000000a80)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000a40)={&(0x7f00000009c0)={0x44, 0x0, 0x400, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x4, 0x6c}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x44}, 0x1, 0x0, 0x0, 0xc000}, 0x88004)
r5 = syz_open_procfs(0x0, &(0x7f0000000ac0)='net/netlink\x00')
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b40)={0x48, 0x3, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x20044004}, 0x4)

10:16:18 executing program 7:
sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0xd4, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}]}, 0xd4}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x2c, r0, 0x8, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x9fb, 0x7f}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x33}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80c0}, 0x4000001)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000300), 0x220000, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x4c, r0, 0x10, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x221}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x37}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x14}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x6e}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x20000800)
r3 = openat(r1, &(0x7f00000004c0)='./file0\x00', 0x80, 0x8b)
close_range(r1, r3, 0x2)
madvise(&(0x7f0000fef000/0x10000)=nil, 0x10000, 0x2)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540), 0x420000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_none}, {@fscache}, {@cache_loose}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'pci\x00'}}]}})
ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000640)={0x0, {0x2, 0x4e24, @multicast1}, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e24, @multicast1}, 0x1c4, 0x0, 0x0, 0x0, 0x50fa, &(0x7f0000000600)='team0\x00', 0x6, 0x80, 0x1})
r4 = getuid()
r5 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file1\x00', 0x3, 0x8, &(0x7f0000000c80)=[{&(0x7f0000000740)="9b73e7ee86d5dd73ee08b91eaafaa620e759b52d18d4aaed4bd1ebbf0c2b447018795530ee48e39e2a10ad55bb31dea42c16a1cec6ee763d8bcf", 0x3a, 0x80}, {&(0x7f0000000780)="58780f245aa269fe06b9f67865be4af5e4be3af9a1e430d22ae2cab691db740daca93b979b8e6bf8ff9240402e60511d10eab07aabb5d49b28dfa49d236b83a74b847c7310941d2835cc0cb0834f25274f8d45bca85f46a96b7de50a35f5e6de9e46ff059f0a1170d2e61083b732d684c3dd7d5e8c950d10c5a81ccfe528965497fe8f916f6ac584093dc6106ff0a7d9fbaad2ff63edaad652a9cfb135710d7ef7572ab81e22bc2c999afaed4feda5f5e8d9e0f843a8bc963b33e8e28a3f39d9ea1015afaa7de5cb9fa83a03", 0xcc, 0x2}, {&(0x7f0000000880)="70c32d9c0bf0753bfbb1fb879d7312bcb00e5367a514efcd56abc5dc76ee682f5cb9f8aaf402ac42f7b0264136ddcaa7c0ddf90aca08839c06579295520e77fef3ddd288609e6e7b8fba1a919fa9", 0x4e, 0x7ff}, {&(0x7f0000000900)="2c3bbafe923e04bf769e426aa27e72fa08a9f35c3f151b1484e1c2bbcb06d27cb027a684b808ede17df006ad8589b95f66a13b2d05dddf0ec3d4a53edecabab55f5081edfb39954421f593f706e8affdb4b45be40eb34c63ef4a9c87004bdd0587812cf31c12c40aa9751bf302a3eaf249b19be9b72d3d052df457442604a572894a6795d754d1a3669c681b7d51f411825f3b9a86a9b33c493872d9cf1437b892fc75dfa114d045fe968db383d84b92f6d725e86671fc", 0xb7, 0x80000001}, {&(0x7f00000009c0)="e014844adf450a23b29bbc903f8def4e14b90a56652a52f79bc65d584be6a1d79504d58c1be1bf1c6d7903d8fed05115b3d6a2ca7983d9e45471e2e58ba70a99149c7613cfbfb77dacc1e6423cbd9949fb9d533454c32d4da315c85218f739a4d8acd50afd0edc0a8ac26d928b3ab716d8063bff511081fc06d8936fac8b43b0d7cb5f8523e99b190765b9d61108ad856bf02cf5faa8e2d1dcbd83feef067aef3ee315ad021f9efcdd9b007122282b81a3aaedaf9a6897407dba09381c3870f6a3cd00c01006bb82c1d6539ded92828b7dbf3f", 0xd3, 0x1}, {&(0x7f0000000ac0)="a6798c5038", 0x5, 0x3}, {&(0x7f0000000b00)="87319ad6ce7fea95bd548877250b33381360d76e0053378d1612a365c7ccc2611bcee6718993d3b92de384158692c8d79c34dcd0be78bcd828ea3b64a6b04b4d0433f0de6e19ee87198a", 0x4a, 0x6}, {&(0x7f0000000b80)="d5cb17f7e9a49e788c19d2cc163a994a2754179f7ef17b1c4695c697feb142d2732ebb154ee851ac679fa6622faa422b5da95c0d73461aa47c9c89d31740dad884cb67bb785d93bd531c3099d15160887ff0e3ab1ccf4bfabf4092e6f124cceb6fb478b6b7622ebfdac026efbe34ff67586f1e27257d62018298313f55c21e3323dea057cc77f5a4dba94a2fa5b88849153183688fc1d698d698defa069def147e5767143168a847e1dcfeac3b8709babcc63cfcad613b4eecb9ef1e9fc56aad777c375dcfcbc79a44d5b46a411ef742bdd5f36103f621805fc43e4f7efaff6749c23db5af98792cb72decaa5ee79a7a02d0", 0xf2, 0x6}], 0x0, &(0x7f0000000d40)={[{@uid={'uid', 0x3d, r4}}, {@gid}], [{@uid_eq={'uid', 0x3d, 0xee01}}, {@measure}]})
sendfile(0xffffffffffffffff, r3, &(0x7f0000000dc0)=0x7ff, 0xffffffffffffff9f)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000000e80)={{0x1, 0x1, 0x18, <r6=>r5, {<r7=>r4, 0xffffffffffffffff}}, './file0\x00'})
mount$9p_fd(0x0, &(0x7f0000000e00)='./file1\x00', &(0x7f0000000e40), 0x1008000, &(0x7f0000000ec0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L}, {@dfltuid={'dfltuid', 0x3d, r4}}, {@version_u}, {@debug={'debug', 0x3d, 0x7}}, {@loose}, {@access_uid={'access', 0x3d, r4}}], [{@uid_gt={'uid>', r4}}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@fowner_eq={'fowner', 0x3d, r7}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}]}})
ioctl$FS_IOC_RESVSP(r6, 0x40305828, &(0x7f0000001000)={0x0, 0x3, 0x81, 0x80000000})
readahead(r6, 0x6, 0xec)
r8 = msgget(0x3, 0x110)
msgctl$IPC_SET(r8, 0x1, &(0x7f0000001040)={{0x3, r4, 0x0, r4, 0x0, 0xc02d7d24508287e0, 0x4}, 0x0, 0x0, 0x8000, 0xff, 0x20, 0x6, 0xfffffffffffffffd, 0xdf4, 0x1, 0x67})

10:16:18 executing program 2:
r0 = eventfd2(0x0, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0xf503, 0x0)
io_uring_register$IORING_UNREGISTER_EVENTFD(0xffffffffffffffff, 0x5, 0x0, 0x0)
r1 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
io_submit(0x0, 0x2, &(0x7f00000001c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x3f, r0, &(0x7f0000000000)="2e6ab1d515a12cfb042fa972ca0145346e4906955c0c3fb9af57dfb685ba321f8af357c4104d04b5f66034e49ceab9a2caf2d34f73d7dd811d14e49cc147d40f8451e0181e8decba188133828d1a1158d5859fee83834e0e4cf39a0722d6416b1be9ba164f7552e8ec0b3331c9836d91ee3c2a5193a3bed5fdbef578727b903db782a1afa62aea70a11db98e7bc9c813e711", 0x92, 0xfffffffffffffff8, 0x0, 0x0, r0}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3, 0x8, r1, &(0x7f0000000100)="126e209ef71bc33a39f70735d9377d7cfd5d66a53697d63aed2341168e9099071f09c94f1d0f67db2eaaef847ce7b9b4a364a52237e24baf256e3757f8a9e11f312635444fc4a91c52724dd51235b6acec13beb4d9465f410e11604d90839f527b7396b1a5f3f1e7221fac6f3262c01103684c6971b6ccc313", 0x79, 0x7, 0x0, 0x2}])
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200), 0xc18442, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(r2, 0xc0389423, &(0x7f00000002c0)={0x9e0, 0x48, [0x0, 0x6, 0x8], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
io_setup(0x1, &(0x7f0000000300)=<r3=>0x0)
r4 = dup3(r1, r1, 0x0)
io_submit(r3, 0x1, &(0x7f0000000440)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x8001, r2, &(0x7f0000000340)="e2a5ff02d09e7b21e65c49dd45a63354586e77d2689c6f8b6914964717d55e2d0efe6060707cf1e86bb9fed0fb59a674340db3b99ab84de50f1bee83be12d2fe9c18dc82d025dabacb3b6fd2f5cd16c8608ffdf111e56e951c349341be193dc31856ffbdc0ae7df01b468cd1ec39e85eb315fe162b02e1d093ac10e5f1b51ef36180ae08fcf452c6a0f829e9b95dcece53da91d09a", 0x95, 0x1, 0x0, 0x1, r4}])
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000480)={0x0, 0x2, r1})
io_uring_register$IORING_UNREGISTER_EVENTFD(r4, 0x5, 0x0, 0x0)
io_uring_enter(r4, 0x28d8, 0x8760, 0x2, &(0x7f00000004c0)={[0x7a81]}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f0000000500)={{0x1, 0x1, 0x18, <r5=>0xffffffffffffffff, {0x100000001}}, './file0\x00'})
syz_io_uring_setup(0x297, &(0x7f0000000540)={0x0, 0xe55e, 0x10, 0x3, 0x8a, 0x0, r5}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000005c0)=<r6=>0x0, &(0x7f0000000600))
r7 = syz_io_uring_complete(r6)
copy_file_range(r7, &(0x7f0000000640)=0xc95a, r2, &(0x7f0000000680)=0x6, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r7, 0xc018937c, &(0x7f00000006c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'})
r8 = openat(r4, &(0x7f0000000700)='./file0\x00', 0x8000, 0xcb)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r8, 0x6, &(0x7f00000007c0)={0xc99, 0x0, &(0x7f0000000780)=[0xffffffffffffffff, r2, r7, r4, 0xffffffffffffffff]}, 0x5)

10:16:18 executing program 5:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000400)={0x1, 0x1, 0xc, 0xb, 0x105})
ioctl$KDADDIO(r0, 0x4b34, 0x1)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000840)={0x2, 0x0, 0x12, 0x4, 0x155, &(0x7f0000000440)="2bb71e858c7bc78026698babcbe1979408e04afddccfb0a86d40fd46e448636b1c78a232f9d04f72bdeabbf54ca12cafcf247907dae37fe02971f3450452524b2a29c542fdf9b0fe87a525765fc703aa2883a41bec3f73916579aa84a4964c9fbaef205a2b052cb7ef63da61ddfd76b51ca554cca52182dab77686ac65e55f328e7980ce9277b6cab58bb2d8b6a007ef5a7d2dbb0d7f85f4db203ac3135923feb2ec2a4d49ea9b4d137008793bbf420e4a94ed452fec19aa9c58f12eedcb7170d79ae73f28fc230f2b5f1587fa9da3d47230b9167f847544aa7052a6721a8c75fea115abdf1cae1b8f3611dae925a23669ebed616d7f6f5ed403d32597745cc07473c83d858463b5aedceafe28bdeb70b6beabfbe9436cbbc163826a83bdf204b4891cec6f309be1c82bb244547b02f54626649a64fabd2dd51d1fcfd0f45943e06a42c80a8f7bb579c55a1539a0266bacd9381a83a82c4885e8e1e93bc082373aec2a254772c18037be82c3440b5665d88fe2575c9f71cfce616d586c214995016fd8c9e94fa71761135cbb83f5f13e0c56fe3ae47a73f53dcce7745378e13c39078bc17910519f610fa5c4f00aeb266ead7bfd27051811a0c1a78ee8e765a7eb64fb211a8986e6712031f6e67b83c090bd94e0986bd1d4fb2cdbf6ff8831c02276fa4758917a8a6ede760aa8b410ac985fc6f672549d8769fbee4824168207268fbe03c1a6489a6a1e7ddc2cc854603a7d16fcf5e16fc73e3bb8e6bc48413ac626b124ce96e4073bb53c3da3beb60b2447ebd44b195b48157d6de7a2747b03983afd59681cd413ccec4e95edadc9dcda25cdc0fb741f42b7b309d54861b85123cb5ec5954b2852b21193adcbd3558a1885e906f5f71a2ec03505670ba77772de7ac1dc28ab122eba8956baf999d019b97b77b3ad692fd0895558600dd5401b68d199fc339478fb9b6243463c572209c0de237801eda1b7190c93495b3da9a5168e07a60253bc07747a23858b5e9c824c4031a0439d643d5df7cc96dc45ae1139108b26574e358660ad04929707778c3d503107c7dd8656aba9a28963cbb3c398c2ac10e00da2b1f8717529076624cd9c14d4edefdb51e4f25b4d6aa89e392bfb21bd3ef818f09a2654c3b2845f1db46b7f3d30a943da8f778d5caf573033b5ac39f3cbf0fa35ea7f2758560d44abe4ef859c6bd8d77ba8169f12e50a496d3e50a26253455f29ce1ea1b2319234d16f0fcec747080207eab6357b176bbed709143571593691d9e25a727959e20e9cbd98431526d6e6d9e74cd95926af53ddb183fc438143291fa896e36a91013441edf5a0ec1ca45fddfee37c4c7f07be8e5cf6ea046aeac26dd9759ccfd754b1a38234f8e6634674238b68e2d290a6d4f49df125091aefebb4c550b9b24f8ccd83bb67374b70a1cb4372534822570a7843b1"})
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCXONC(r1, 0x540a, 0x2)
r2 = fsmount(0xffffffffffffffff, 0x0, 0xc)
ioctl$TIOCOUTQ(r2, 0x5411, &(0x7f0000000880))
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f00000008c0)={0x3f, 0x67e, 0x46bf})
r3 = fsmount(r2, 0x0, 0x71)
ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000900))
ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f0000000d40)={0x0, 0x1, 0x1d, 0x1b, 0x1ec, &(0x7f0000000940)="721ed622c9fc51ff09bd7391d9ee60c7591cce5d1235f8969c7d42abf9a6d49a6f46d47930b7d651bc3ff5626bd65c9fb9b3f2ba8565b853668268cdb28f0f772a17525c49a6e2e0f0f96204f12d0f7a03db7fcc2381fdf5d40f0f58a3dd15bf9dcc2977edae1968d8b7841fbb3e1ba919c025cce9eb8d01347f0419c6dfd5968e5fae2c81048fb7411498b9cf97f4f899c9d03ef308b178bac327d20093bd95258bbcadee5b5062387a8cdbb31fbad1ba2e78953d98db75b659a4df4f4e99cb95e2c9b2435d905c6c8f7347797af21077fad0172b748ec1831173c23f7a105a9777e3905de9e5489a78396305644114fe25dde88aa4c97aa6967025504dbdcc8a0cce9889d917d3f19cd9b97c81cffca1c94e09d7763645caf9b7a87c5915b81d6760794201bb94017554bd530f45e67f799041b7815939a4029f1f318a780ed14be7c4299533809b6e846fb768c48a8e96d62a665ddb5439278a3be74b9f88d4e5ea1c89bcc4121babf5e940efb66fe64c20062971aa5de91be0a3c85222863a1af467bade8c791dd8dfe218aa5c2116961e3c8977ef94222bd605934533c4d0ee7a73c0280197dc00374b5e69759026cc60b14ae0805a7d286541a104d86c2046fcfc50a5d026e55724e852a296bc229f5a0d63d726a30784a8f12fdecb60a30c49c2399c884e94990a9204b21a10b8a8e4f1a18f811c3812eefc260a889348e5513cb27434cbcf505f5e11174f098fc5c3eed8b43edf69b2c0a802eb6f660005322ad5ece966aaea873a4662c785358af7ad4bb6ae44f31396c6a31aa3c2252dd83ae974e9f790d9b7c5883b62007d4c20565bc05627157a5c8eb1575a36a964b89f27b75de511acb8642a4713f9a4a343fc518152618f5e56ee8f148926b6bac550bdffc3679cdf7e4c7a24f2db392dd57acc7332f2fc86a691712721863969f267e36b57df8d8430c833a2c037a04fba9ef5be1dd5a7ec59da287328125c4f444e5f6349581102472180bcadf22d4613e5e8dda604a5ea71ebc72739251bd1ccdc12f38e67b7a03d778824d7642a734a3ccbea144311bc6b0b25c247409b7555d34df1f2b996c4eda21be0db42c2c07a8ed48de9ea247430afacabe2e5eb5978064c6910ab6eddfa3922f5fbe661d11d5d9f64ad6c771eacc7b456bd5ffc181b549731ff49bc2d779c2ae42fa2e7021563dfb2ee8f8d01fe07134508ec0d4be4a92f739447c4ee33d80f8153fc00f86e90165dfc28dec95435bd40ff3061051d85fd0c1654d6e41ca9fed5fa099f46fc7dd1173868693bfeafd6f232c32721f1fe1000f3cd6180f55df936b2af1c0f9359c5bfbf910717c01713d32a951c8a6b445abad039819cd599c9dfe20e5f7c566dbf09c03274f1a60f73a242e80c22aecec37457c4dd84cc8a9523494fbb3a0e56540188b0938ea5d0bdbce8a7"})
ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000d80))
ioctl$TIOCL_SCROLLCONSOLE(r2, 0x541c, &(0x7f0000000dc0))
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000e80)={&(0x7f00003ff000/0xc00000)=nil, &(0x7f0000ef2000/0x4000)=nil, &(0x7f00009bb000/0x2000)=nil, &(0x7f0000e41000/0x1000)=nil, &(0x7f0000651000/0x1000)=nil, &(0x7f0000781000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000815000/0x2000)=nil, &(0x7f0000c13000/0x2000)=nil, &(0x7f00009ea000/0x1000)=nil, &(0x7f0000000e00)="07e00abce4184d375bab299da7b2777787393fc8d7137ebee0ed60101e634e97b2d03abd5e6e52fefa849735c37ee854013223447cffc3a71366039b9784c534bb58b3683bab5109686caabfc4a19820377880e5f1bb0ec941200186eb39f3af1047774dbf67280848bd0fa7b5546d5c14d5afbb10", 0x75, r0}, 0x68)
ioctl$TIOCMGET(r3, 0x5415, &(0x7f0000000f00))
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000f40)={{0x1, 0x1, 0x18, <r4=>0xffffffffffffffff, {0xc02}}, './file0\x00'})
dup3(r4, r0, 0x80000)
ioctl$TIOCGSERIAL(0xffffffffffffffff, 0x541e, &(0x7f0000001fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=""/4096})

10:16:18 executing program 6:
sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x3f9, 0x0, 0x70bd27, 0x25dfdbfb, {0x1, 0x1}, [""]}, 0x18}, 0x1, 0x0, 0x0, 0x4004000}, 0x4000)
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x19c, r0, 0x300, 0x70bd2c, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7fffffff}, {0x6, 0x16, 0x8}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x44282779}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x18d3}, {0x6, 0x16, 0x9}, {0x5}, {0x6, 0x11, 0x1}, {0x8, 0xb, 0x3}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x20}, {0x6}, {0x5}, {0x6, 0x11, 0x6}, {0x8, 0xb, 0xfb16}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x1}, {0x6, 0x16, 0x2}, {0x5}, {0x6, 0x11, 0x7}, {0x8, 0xb, 0x7f}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x80}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x1}, {0x8, 0xb, 0xffffff75}}]}, 0x19c}, 0x1, 0x0, 0x0, 0x4000}, 0x40)
r1 = syz_open_dev$vcsn(&(0x7f00000003c0), 0x18, 0x4a02)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x50, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x5f}}}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x3}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "3624de6446126f1f97dd2055b7"}]}, 0x50}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000580), r1)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000640)={'wpan0\x00', <r4=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x5c, r3, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x10)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000800)='/sys/kernel/oops_count', 0x4000, 0x1ce)
syz_genetlink_get_family_id$team(&(0x7f00000007c0), r6)
syz_genetlink_get_family_id$smc(&(0x7f0000000840), r6)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000008c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000900)={'wpan0\x00', <r8=>0x0})
sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x34, r7, 0x300, 0x70bd25, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r8}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000084}, 0x4008004)
sendmsg$IEEE802154_LLSEC_DEL_DEV(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x30, 0x0, 0x20, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x72af78a2ebb16472)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000b00))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

10:16:18 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ASSOCIATE_REQ(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x8}]}, 0x28}}, 0x20040801)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000100), r0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x10001}}, './file0\x00'})
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x38, r2, 0x1, 0x70bd28, 0x25dfdbff, {{}, {}, {0x1c, 0x18, {0x3, @bearer=@l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}}, ["", "", "", "", "", "", ""]}, 0x38}, 0x1, 0x0, 0x0, 0x84}, 0x4084)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000300), r4)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), r6)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r7, &(0x7f0000000680)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f00000003c0)={0x280, r3, 0x800, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0x70, 0xc, 0x0, 0x1, [{0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7ec16aad}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74c48a9}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6613}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x131e}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5940ef76}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2be8}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x484dad8e}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x69d9af78}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x66cc5620}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd8b8}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8fb3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x433a}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0xa8, 0x8, 0x0, 0x1, [{0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x77c0d8af}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb6}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xae6be83}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x642166c0}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x21}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6be59e4b}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x46}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x53c2fab0}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x72}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x785be60d}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4bd25bb}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4349e0d0}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd4}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x4e}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x66c43087}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x34}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5defb203}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x76596916}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x154, 0x8, 0x0, 0x1, [{0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3f1bf3ff}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x31}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xe4d818d}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xab7976f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3c4eac5b}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x259d3422}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1efd1d62}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x13}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1bd7b1da}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc7}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x67}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xb1f79f0}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4b90ee5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4324a5d6}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3cf5d8b3}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x93}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xda}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5ea5763f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3f48023f}]}, {0x54, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5c57450d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xcd}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2ec4cf31}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x52c9ccc3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x70089a1f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xbd}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4d14f14a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6a983edd}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x4d}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x463a0f1b}]}, {0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x128c2b9e}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x46a9f1c9}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x51}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x83}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3f524080}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xa9}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc5}]}]}]}, 0x280}, 0x1, 0x0, 0x0, 0x40040}, 0x800)
sendmsg$AUDIT_DEL_RULE(r1, &(0x7f0000000bc0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000700)={0x464, 0x3f4, 0x8, 0x70bd25, 0x25dfdbfe, {0x1, 0x2, 0x6, [0x3b17, 0x400, 0x0, 0x5, 0x40, 0xfffff000, 0x7b, 0x76aa, 0x6, 0xb44, 0xffffffff, 0x401, 0xbe0f, 0xca5d, 0x6, 0xebc5, 0x6, 0x1, 0x5, 0x401, 0x81, 0x3, 0x4, 0x1, 0x0, 0x1, 0xfffffffd, 0x200, 0x9dd, 0x101, 0x0, 0x7, 0x7, 0x7, 0x40, 0x6, 0x6, 0xfffffff7, 0x200, 0x5, 0x1, 0x8, 0x3, 0x4, 0x1, 0x8, 0x9, 0x80000000, 0x8, 0x3f59af24, 0x7fffffff, 0x2, 0x3, 0x7, 0x7, 0x669, 0x9, 0x1110, 0x1f, 0x8, 0x4, 0x1, 0x9, 0xc32d], [0xc290, 0x2, 0x10000, 0x1, 0x0, 0xfffffffd, 0xf06, 0xffffff49, 0x1, 0x8, 0x0, 0x0, 0x8001, 0x7, 0x20, 0x8, 0x5, 0xf7f7, 0x80000000, 0xd58, 0x40, 0xff, 0x7, 0x7, 0x80000000, 0xffff0000, 0x8001, 0x8000, 0x6, 0x0, 0x40, 0x80000001, 0x6432, 0x0, 0xbea9, 0x3f, 0xd23, 0x43, 0x7f, 0x6, 0x8, 0x5, 0x0, 0x1, 0x6, 0xffffffff, 0x200, 0xe2d, 0x6, 0x2f4, 0x7, 0x6, 0x9, 0x4a76, 0x6, 0x8, 0x20, 0x2, 0x1, 0x5, 0xe27e, 0xffff8001, 0x3, 0x5], [0x7, 0x1, 0x3, 0x2, 0x0, 0x80000001, 0x6, 0x9, 0xc90, 0xfff, 0x65, 0x7, 0x7, 0x5, 0x6, 0x200, 0x9c, 0x0, 0x7, 0x8, 0x5, 0x80000000, 0x3, 0x8, 0xffff, 0x4, 0x80000000, 0x2, 0x100, 0x41, 0x2, 0x7f, 0x7, 0x101, 0x1, 0x2, 0x3, 0x7fff, 0x3, 0x7ff, 0x7, 0x0, 0x9, 0xffffff72, 0x400, 0x4, 0x9, 0x1379, 0x6, 0xbab5, 0x0, 0x5, 0x1ff, 0x101, 0x400, 0x0, 0x7, 0x4, 0x7, 0x5, 0x7, 0x100, 0x6, 0x80], [0x2, 0x2, 0x8001, 0x2, 0xfffffffa, 0x3ff, 0x2, 0x8, 0x3, 0xfff, 0x2, 0x400, 0x101, 0x8, 0x7, 0x6, 0x80000001, 0x3, 0x80000000, 0x1, 0x57, 0x3, 0xb2f, 0xfffffed3, 0x9, 0x80, 0x8, 0x4, 0x20, 0x1, 0x400, 0x80, 0x8f, 0x7f, 0x2, 0x6, 0x8, 0x4, 0x3, 0x200, 0x1ff, 0x5, 0x2, 0x101, 0x4, 0xff, 0x3, 0xffffffff, 0x4, 0x9, 0x2, 0x2, 0x5, 0x2, 0xc80e, 0x5, 0x7ff, 0x8, 0x1000, 0x13, 0xb, 0x81, 0x0, 0x20], 0x42, ['!,*\\\\-$\x00', 'NLBL_CIPSOv4\x00', '-@[@\x00', '+\x00', '&]{%-)(\\}$&+\x00', '+\x00', '.[\x00', 'bridge_slave_0\x00', 'TIPC\x00']}, [""]}, 0x464}}, 0x800)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r7, &(0x7f0000000d00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c40)={0x70, r5, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x7}, {0x5}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x20, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdefe}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x906e}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xc7fc5c5}]}]}]}, 0x70}, 0x1, 0x0, 0x0, 0xc011}, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000d40), r8)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000d80), r9)

[   83.183181] audit: type=1400 audit(1763115378.761:7): avc:  denied  { execmem } for  pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
10:16:18 executing program 4:
recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/74, 0x4a, 0x40002001, &(0x7f0000000080)=@pppoe={0x18, 0x0, {0x4, @multicast, 'bond0\x00'}}, 0x80)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan1\x00', <r0=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGETPRL(0xffffffffffffffff, 0x89f4, &(0x7f00000001c0)={'ip6gre0\x00', &(0x7f0000000140)={'syztnl2\x00', <r1=>r0, 0x4, 0xff, 0x80, 0x7, 0x43, @local, @ipv4={'\x00', '\xff\xff', @local}, 0x10, 0x0, 0x401, 0x1}})
ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f0000000200))
getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xb, &(0x7f0000000240), &(0x7f0000000280)=0x4)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000002c0)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff, {0x6, 0x2}}, './file0\x00'})
getsockname(r2, &(0x7f0000000300)=@vsock={0x28, 0x0, 0x0, @host}, &(0x7f0000000380)=0x80)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg(r3, &(0x7f0000000880)={&(0x7f00000003c0)=@caif=@rfm={0x25, 0x67cac748, "50ae610f0b47acee2d78673c032e34ab"}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000440)="f1ac5a7469ca153093deb4d23cf220657b6e09962eda9c621e1c741040619e6d718fc7f450f1b9859b6c3b6258a92a70e3c064d7d33bd815b3e466ded179ba991c432457d7d8de643bb4bc895a242badc1757b05d15ad48bcf9780f019d8764c51f60892d284a7f17797e8d5abfe74b103299223f150841e4d28e887d1409168d32d", 0x82}], 0x1, &(0x7f0000000540)=[{0x68, 0x10b, 0x2f14, "02c41174e7a9f9ac9cc92579da7c47b41f1104bda42c953566f1f66a351e16abd4b1b7c934cb9cd42a58f349b95df1d251b1bc2e68a06313de8e5da41fdc16710afd2c139b5e4e5f2532167416342d682d22"}, {0x88, 0x101, 0x3, "bbcbf0181d5ab9bac8567bb04bc424f7e59bf0c0a686b09de482b1617a89a38e78f18d6825d6d5b2f8a026801aac22e2f11b93b0f42da61afd25044ffa99f4d2c47abd38b914ac99e6b3a0a03ba596916168c99613b925fc3d6986070b44d3623a96d7e1cefa32e661358580513692ad6dce0715b506"}, {0x88, 0x103, 0x1, "b7da09fc739a66331bcbd3a09a307982da1baf6ea9f51e504fa3f2bdbf361c10d7815a0e18625b92bad39f6ca23269d89f5e0eeb881e8a69b8c3048e76c7f25792360ead77896afd8d6b0d60a007919942310b3809250693f799d6a1b7a849076e240f0735889fe32e3647679645697120615bd7"}, {0xa8, 0x112, 0x9, "c7a7670affc14b9a853e3eb0121e237e130e81295e7e5d839b7fd07b0d6ca7bbd14beec9bdd598acf58418736aee877ac24f8ef777fb62250ea496f5273db98a558126246a748f4e74b39ddcfe8cf264b1f26115e29be4beb76a9bfcb7f14f9cb4a1d90e57f70f7af5282a7215786004335653e7f14b4a981063793fea58bd4456f829dbd89d448fa2e90b61b0fc4be73600e546a2fd4d65"}, {0x100, 0x107, 0x6, "659b808641e4cd3303340ad18e38f1b52c1ba5b2e6f041c0ce6f9029c7c75e179a15d914bce2f216394f44f5a84e3e3ea9893fa080fc305b752453e20c9e7b429c6cc32e2a5aa924e01f815e73f839b2da9b7e1c6486b2f053028968a8a1e4ed80e5b35d9c7990d94ef59e3a440b11a223aebe1ed350582a6bd3e579101ae9482c98d5332f154ccf4a6d5038c59b058ba9df9c0f8655db5d257c86487ce51fe22ca56981f98f38a903e5544d70d0fe6cb6538c9896362ab948243892d530da6dbd522dfff59e7980c017ad02b573949a3cc9cffe7ec018daabdcd38f010393ac48e04f1622204a0804"}], 0x320}, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f00000008c0)={0x0, 'batadv_slave_1\x00', {0x4}, 0x80})
bind$netlink(r2, &(0x7f0000000900)={0x10, 0x0, 0x25dfdbff, 0x1}, 0xc)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000940)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_netdev_private(r4, 0x89f7, &(0x7f0000000980)="74cbe6a12a8e1a43ce3853245aca8d3bc3f519b285b23be72f4b2748c4ee138521565e4bda6c2348aaf9c8d2dc41958f08113335aa977fc0186cc4f36f2c9a1179834b8fd13b7c27e3489c528414023662a4d8325c36a73d4d")
clock_gettime(0x0, &(0x7f0000008680)={<r6=>0x0, <r7=>0x0})
recvmmsg(r5, &(0x7f0000008480)=[{{&(0x7f0000000a00)=@hci, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000a80)=""/14, 0xe}, {&(0x7f0000000ac0)=""/15, 0xf}, {&(0x7f0000000b00)=""/175, 0xaf}], 0x3, &(0x7f0000000c00)=""/151, 0x97}, 0xf3f}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000cc0)=""/125, 0x7d}, {&(0x7f0000000d40)=""/235, 0xeb}, {&(0x7f0000000e40)=""/155, 0x9b}], 0x3, &(0x7f0000000f40)=""/230, 0xe6}, 0x80000000}, {{&(0x7f0000001040)=@un=@abs, 0x80, &(0x7f00000034c0)=[{&(0x7f00000010c0)=""/92, 0x5c}, {&(0x7f0000001140)=""/62, 0x3e}, {&(0x7f0000001180)=""/4096, 0x1000}, {&(0x7f0000002180)=""/130, 0x82}, {&(0x7f0000002240)=""/74, 0x4a}, {&(0x7f00000022c0)=""/131, 0x83}, {&(0x7f0000002380)=""/135, 0x87}, {&(0x7f0000002440)=""/4096, 0x1000}, {&(0x7f0000003440)=""/104, 0x68}], 0x9, &(0x7f0000003580)=""/48, 0x30}, 0x1}, {{&(0x7f00000035c0)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000004780)=[{&(0x7f0000003640)=""/59, 0x3b}, {&(0x7f0000003680)=""/4096, 0x1000}, {&(0x7f0000004680)=""/221, 0xdd}], 0x3}, 0xa34}, {{0x0, 0x0, &(0x7f0000004a00)=[{&(0x7f00000047c0)=""/124, 0x7c}, {&(0x7f0000004840)=""/163, 0xa3}, {&(0x7f0000004900)=""/49, 0x31}, {&(0x7f0000004940)=""/93, 0x5d}, {&(0x7f00000049c0)=""/26, 0x1a}], 0x5, &(0x7f0000004a80)=""/54, 0x36}, 0x9}, {{&(0x7f0000004ac0)=@pppol2tpv3={0x18, 0x1, {0x0, <r8=>0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f0000006000)=[{&(0x7f0000004b40)=""/54, 0x36}, {&(0x7f0000004b80)=""/125, 0x7d}, {&(0x7f0000004c00)=""/157, 0x9d}, {&(0x7f0000004cc0)=""/185, 0xb9}, {&(0x7f0000004d80)=""/61, 0x3d}, {&(0x7f0000004dc0)=""/11, 0xb}, {&(0x7f0000004e00)=""/81, 0x51}, {&(0x7f0000004e80)=""/171, 0xab}, {&(0x7f0000004f40)=""/181, 0xb5}, {&(0x7f0000005000)=""/4096, 0x1000}], 0xa, &(0x7f00000060c0)=""/4096, 0x1000}, 0x6}, {{&(0x7f00000070c0)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000007200)=[{&(0x7f0000007140)=""/187, 0xbb}], 0x1, &(0x7f0000007240)=""/143, 0x8f}, 0x2c95}, {{&(0x7f0000007300)=@caif=@util, 0x80, &(0x7f0000008380)=[{&(0x7f0000007380)=""/4096, 0x1000}], 0x1, &(0x7f00000083c0)=""/134, 0x86}, 0x7ff}], 0x8, 0x10000, &(0x7f00000086c0)={r6, r7+60000000})
fsync(r5)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000008740), r8)
getsockname$packet(0xffffffffffffffff, &(0x7f0000008780)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000087c0)=0x14)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r2, &(0x7f0000008900)={&(0x7f0000008700)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000088c0)={&(0x7f0000008800)={0xb4, r9, 0x701, 0x70bd2a, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_ADDR={0x54, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}]}, @MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r10}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r1}, @MPTCP_PM_ADDR_ATTR_ID={0x5}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4000004}, 0x4061)
getsockopt$WPAN_WANTLQI(r8, 0x0, 0x3, &(0x7f0000008940), &(0x7f0000008980)=0x4)

[   84.324543] ==================================================================
[   84.325899] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0
[   84.327088] Read of size 2 at addr ffff88800cef8538 by task kworker/u11:1/291
[   84.333951] 
[   84.334276] CPU: 1 UID: 0 PID: 291 Comm: kworker/u11:1 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) 
[   84.334313] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   84.334331] Workqueue: hci0 hci_cmd_work
[   84.334365] Call Trace:
[   84.334375]  <TASK>
[   84.334385]  dump_stack_lvl+0xca/0x120
[   84.334419]  print_report+0xcb/0x610
[   84.334453]  ? __virt_addr_valid+0x100/0x5d0
[   84.334484]  ? hci_cmd_work+0x66d/0x6d0
[   84.334517]  ? hci_cmd_work+0x66d/0x6d0
[   84.334551]  kasan_report+0xca/0x100
[   84.334584]  ? hci_cmd_work+0x66d/0x6d0
[   84.334621]  hci_cmd_work+0x66d/0x6d0
[   84.334657]  process_one_work+0x8e1/0x19c0
[   84.334701]  ? __pfx_process_one_work+0x10/0x10
[   84.334739]  ? rcuwait_wake_up+0x27/0x290
[   84.334775]  ? move_linked_works+0x172/0x270
[   84.334805]  ? assign_work+0x196/0x240
[   84.334842]  worker_thread+0x67e/0xe90
[   84.334879]  ? trace_irq_enable.constprop.0+0xc2/0x100
[   84.334911]  ? __pfx_worker_thread+0x10/0x10
[   84.334949]  kthread+0x3c8/0x740
[   84.334983]  ? __pfx_kthread+0x10/0x10
[   84.335016]  ? ret_from_fork+0x79/0x7a0
[   84.335042]  ? lock_release+0xc8/0x290
[   84.335082]  ? __pfx_kthread+0x10/0x10
[   84.335116]  ret_from_fork+0x67a/0x7a0
[   84.335142]  ? __pfx_ret_from_fork+0x10/0x10
[   84.335170]  ? __switch_to+0x759/0x1060
[   84.335206]  ? __pfx_kthread+0x10/0x10
[   84.335240]  ret_from_fork_asm+0x1a/0x30
[   84.335284]  </TASK>
[   84.335292] 
[   84.358915] Allocated by task 289:
[   84.359537]  kasan_save_stack+0x24/0x50
[   84.360274]  kasan_save_track+0x14/0x30
[   84.360983]  __kasan_slab_alloc+0x59/0x70
[   84.361724]  kmem_cache_alloc_node_noprof+0x228/0x6b0
[   84.362641]  __alloc_skb+0x2ab/0x370
[   84.363322]  hci_cmd_sync_alloc+0x34/0x300
[   84.364118]  __hci_cmd_sync_sk+0xf7/0x5c0
[   84.364859]  __hci_cmd_sync_status_sk+0x4d/0x1a0
[   84.365709]  hci_dev_open_sync+0x10ef/0x1f60
[   84.366492]  hci_power_on+0xdb/0x5d0
[   84.367171]  process_one_work+0x8e1/0x19c0
[   84.367954]  worker_thread+0x67e/0xe90
[   84.368661]  kthread+0x3c8/0x740
[   84.369277]  ret_from_fork+0x67a/0x7a0
[   84.369973]  ret_from_fork_asm+0x1a/0x30
[   84.370704] 
[   84.371012] Freed by task 290:
[   84.371581]  kasan_save_stack+0x24/0x50
[   84.372332]  kasan_save_track+0x14/0x30
[   84.373043]  kasan_save_free_info+0x3a/0x60
[   84.373828]  __kasan_slab_free+0x43/0x70
[   84.374556]  kmem_cache_free+0x26f/0x500
[   84.375294]  kfree_skbmem+0x18a/0x1f0
[   84.376018]  sk_skb_reason_drop+0x10e/0x1b0
[   84.376783]  vhci_read+0x3d5/0x5d0
[   84.377427]  vfs_read+0x1eb/0xc70
[   84.378060]  ksys_read+0x121/0x240
[   84.378693]  do_syscall_64+0xbf/0x430
[   84.379378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.380318] 
[   84.380626] The buggy address belongs to the object at ffff88800cef8500
[   84.380626]  which belongs to the cache skbuff_head_cache of size 232
[   84.382849] The buggy address is located 56 bytes inside of
[   84.382849]  freed 232-byte region [ffff88800cef8500, ffff88800cef85e8)
[   84.384955] 
[   84.385264] The buggy address belongs to the physical page:
[   84.386229] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xcef8
[   84.387587] memcg:ffff88800af7fc81
[   84.388242] flags: 0x100000000000000(node=0|zone=1)
[   84.389129] page_type: f5(slab)
[   84.389722] raw: 0100000000000000 ffff8880096c78c0 ffffea000035bb00 dead000000000006
[   84.391081] raw: 0000000000000000 00000000800c000c 00000000f5000000 ffff88800af7fc81
[   84.392470] page dumped because: kasan: bad access detected
[   84.393465] 
[   84.393777] Memory state around the buggy address:
[   84.394638]  ffff88800cef8400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   84.395951]  ffff88800cef8480: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   84.397238] >ffff88800cef8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   84.398512]                                         ^
[   84.399421]  ffff88800cef8580: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[   84.400719]  ffff88800cef8600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   84.401837] ==================================================================
[   84.403092] Disabling lock debugging due to kernel taint
[   84.406110] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.410485] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.411940] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.414937] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.416846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.418587] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   84.421425] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   84.423444] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   84.431760] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   84.440646] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   84.456643] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   84.457967] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   84.459959] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   84.461569] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   84.462802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   84.464121] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   84.465663] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   84.468472] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   84.470511] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   84.474561] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   84.475812] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   84.477167] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   84.478508] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   84.479485] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   84.481146] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   84.481708] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   84.484997] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   84.487394] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   84.489633] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   84.490842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   84.492314] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   84.495132] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   84.498796] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   84.503480] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   84.506510] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   84.510897] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   84.515995] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   84.525170] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   84.527428] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   84.536863] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   86.484296] Bluetooth: hci0: command tx timeout
[   86.484930] Bluetooth: hci1: command tx timeout
[   86.548312] Bluetooth: hci3: command tx timeout
[   86.549308] Bluetooth: hci5: command tx timeout
[   86.549702] Bluetooth: hci4: command tx timeout
[   86.550089] Bluetooth: hci6: command tx timeout
[   86.550941] Bluetooth: hci2: command tx timeout
[   86.612362] Bluetooth: hci7: command tx timeout
[   88.533314] Bluetooth: hci1: command tx timeout
[   88.533765] Bluetooth: hci0: command tx timeout
[   88.597270] Bluetooth: hci2: command tx timeout
[   88.597702] Bluetooth: hci6: command tx timeout
[   88.598076] Bluetooth: hci4: command tx timeout
[   88.599131] Bluetooth: hci5: command tx timeout
[   88.599628] Bluetooth: hci3: command tx timeout
[   88.661725] Bluetooth: hci7: command tx timeout
[   90.581288] Bluetooth: hci1: command tx timeout
[   90.581725] Bluetooth: hci0: command tx timeout
[   90.645296] Bluetooth: hci5: command tx timeout
[   90.645702] Bluetooth: hci3: command tx timeout
[   90.646082] Bluetooth: hci4: command tx timeout
[   90.647050] Bluetooth: hci6: command tx timeout
[   90.647454] Bluetooth: hci2: command tx timeout
[   90.708270] Bluetooth: hci7: command tx timeout
[   92.629277] Bluetooth: hci0: command tx timeout
[   92.629721] Bluetooth: hci1: command tx timeout
[   92.692297] Bluetooth: hci6: command tx timeout
[   92.692737] Bluetooth: hci2: command tx timeout
[   92.693111] Bluetooth: hci4: command tx timeout
[   92.693518] Bluetooth: hci3: command tx timeout
[   92.693892] Bluetooth: hci5: command tx timeout
[   92.756282] Bluetooth: hci7: command tx timeout

VM DIAGNOSIS:
10:16:20  Registers:
info registers vcpu 0
RAX=0000000000000007 RBX=ffffffff866afd64 RCX=ffffffff813a30fd RDX=0000000000000000
RSI=ffffffff86a0755e RDI=ffffffff866afd40 RBP=ffffffff866afd64 RSP=ffff88801770f360
R8 =ffffffff86a0755e R9 =0000000000000000 R10=000000000003ca6e R11=00000000000080cd
R12=ffffffff866afd64 R13=ffffffff866afd40 R14=ffffffff866afd60 R15=dffffc0000000000
RIP=ffffffff8135ea9e RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fe750ddb8c0 00000000 00000000
GS =0000 ffff8880e538f000 00000000 00000000
LDT=0000 fffffe5800000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f251002d070 CR3=000000000d9dd000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f25100f07c000007f25100f07c8
XMM02=00007f25100f07e000007f25100f07c0 XMM03=00007f25100f07c800007f25100f07c0
XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8293dd05 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff88800f017618
R8 =0000000000000000 R9 =ffffed1001542046 R10=0000000000000032 R11=6330303838386652
R12=0000000000000032 R13=0000000000000010 R14=ffffffff88974780 R15=ffffffff8293dcf0
RIP=ffffffff8293dd5d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e548f000 00000000 00000000
LDT=0000 fffffe4f00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055f94203ab0c CR3=000000000d9dd000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffffffffffffffffffff XMM01=00000000000000000000000000000000
XMM02=ffffffffffffffff00000000000000ff XMM03=696e656420737365636341002f737973
XMM04=0000000300000001000055f9327a1a90 XMM05=000055f9327f7f70000055f9327a2260
XMM06=000055f9327a224000000004ffffffff XMM07=00000000000000000000000000000000
XMM08=7269762f736563697665642f7379732f XMM09=00000000000000000000000000000000
XMM10=00000000200000000000000020000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000