Warning: Permanently added '[localhost]:34701' (ECDSA) to the list of known hosts.
2025/11/17 03:13:14 fuzzer started
2025/11/17 03:13:15 dialing manager at localhost:37161
syzkaller login: [   50.546663] cgroup: Unknown subsys name 'net'
[   50.612594] cgroup: Unknown subsys name 'cpuset'
[   50.627924] cgroup: Unknown subsys name 'rlimit'
2025/11/17 03:13:25 syscalls: 2214
2025/11/17 03:13:25 code coverage: enabled
2025/11/17 03:13:25 comparison tracing: enabled
2025/11/17 03:13:25 extra coverage: enabled
2025/11/17 03:13:25 setuid sandbox: enabled
2025/11/17 03:13:25 namespace sandbox: enabled
2025/11/17 03:13:25 Android sandbox: enabled
2025/11/17 03:13:25 fault injection: enabled
2025/11/17 03:13:25 leak checking: enabled
2025/11/17 03:13:25 net packet injection: enabled
2025/11/17 03:13:25 net device setup: enabled
2025/11/17 03:13:25 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/11/17 03:13:25 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/11/17 03:13:25 USB emulation: enabled
2025/11/17 03:13:25 hci packet injection: enabled
2025/11/17 03:13:25 wifi device emulation: enabled
2025/11/17 03:13:25 802.15.4 emulation: enabled
2025/11/17 03:13:25 fetching corpus: 50, signal 27843/29653 (executing program)
2025/11/17 03:13:25 fetching corpus: 100, signal 42429/45866 (executing program)
2025/11/17 03:13:25 fetching corpus: 150, signal 50924/55912 (executing program)
2025/11/17 03:13:25 fetching corpus: 200, signal 54881/61393 (executing program)
2025/11/17 03:13:26 fetching corpus: 250, signal 59456/67417 (executing program)
2025/11/17 03:13:26 fetching corpus: 300, signal 64793/74135 (executing program)
2025/11/17 03:13:26 fetching corpus: 350, signal 68017/78723 (executing program)
2025/11/17 03:13:26 fetching corpus: 400, signal 70864/82887 (executing program)
2025/11/17 03:13:26 fetching corpus: 450, signal 75374/88607 (executing program)
2025/11/17 03:13:26 fetching corpus: 500, signal 81086/95432 (executing program)
2025/11/17 03:13:26 fetching corpus: 550, signal 83908/99502 (executing program)
2025/11/17 03:13:26 fetching corpus: 600, signal 86428/103239 (executing program)
2025/11/17 03:13:26 fetching corpus: 650, signal 88998/107006 (executing program)
2025/11/17 03:13:26 fetching corpus: 700, signal 91869/110932 (executing program)
2025/11/17 03:13:26 fetching corpus: 750, signal 94354/114526 (executing program)
2025/11/17 03:13:27 fetching corpus: 800, signal 96580/117890 (executing program)
2025/11/17 03:13:27 fetching corpus: 850, signal 98666/121040 (executing program)
2025/11/17 03:13:27 fetching corpus: 900, signal 100492/123946 (executing program)
2025/11/17 03:13:27 fetching corpus: 950, signal 102392/126893 (executing program)
2025/11/17 03:13:27 fetching corpus: 1000, signal 104865/130322 (executing program)
2025/11/17 03:13:27 fetching corpus: 1050, signal 107500/133861 (executing program)
2025/11/17 03:13:27 fetching corpus: 1100, signal 109323/136667 (executing program)
2025/11/17 03:13:27 fetching corpus: 1150, signal 110682/139075 (executing program)
2025/11/17 03:13:27 fetching corpus: 1200, signal 112402/141732 (executing program)
2025/11/17 03:13:27 fetching corpus: 1250, signal 113786/144140 (executing program)
2025/11/17 03:13:28 fetching corpus: 1300, signal 115265/146542 (executing program)
2025/11/17 03:13:28 fetching corpus: 1350, signal 117686/149707 (executing program)
2025/11/17 03:13:28 fetching corpus: 1400, signal 118902/151852 (executing program)
2025/11/17 03:13:28 fetching corpus: 1450, signal 120181/154084 (executing program)
2025/11/17 03:13:28 fetching corpus: 1500, signal 121483/156242 (executing program)
2025/11/17 03:13:28 fetching corpus: 1550, signal 122266/158031 (executing program)
2025/11/17 03:13:28 fetching corpus: 1600, signal 124256/160711 (executing program)
2025/11/17 03:13:28 fetching corpus: 1650, signal 126069/163262 (executing program)
2025/11/17 03:13:28 fetching corpus: 1700, signal 127921/165862 (executing program)
2025/11/17 03:13:28 fetching corpus: 1750, signal 128872/167645 (executing program)
2025/11/17 03:13:29 fetching corpus: 1800, signal 130594/170027 (executing program)
2025/11/17 03:13:29 fetching corpus: 1850, signal 131736/171936 (executing program)
2025/11/17 03:13:29 fetching corpus: 1900, signal 132938/173880 (executing program)
2025/11/17 03:13:29 fetching corpus: 1950, signal 133836/175613 (executing program)
2025/11/17 03:13:29 fetching corpus: 2000, signal 135064/177634 (executing program)
2025/11/17 03:13:29 fetching corpus: 2050, signal 136174/179497 (executing program)
2025/11/17 03:13:29 fetching corpus: 2100, signal 137285/181357 (executing program)
2025/11/17 03:13:29 fetching corpus: 2150, signal 138279/183114 (executing program)
2025/11/17 03:13:29 fetching corpus: 2200, signal 139185/184829 (executing program)
2025/11/17 03:13:29 fetching corpus: 2250, signal 139778/186317 (executing program)
2025/11/17 03:13:30 fetching corpus: 2300, signal 140352/187715 (executing program)
2025/11/17 03:13:30 fetching corpus: 2350, signal 141125/189260 (executing program)
2025/11/17 03:13:30 fetching corpus: 2400, signal 142028/190895 (executing program)
2025/11/17 03:13:30 fetching corpus: 2450, signal 142888/192531 (executing program)
2025/11/17 03:13:30 fetching corpus: 2500, signal 144390/194521 (executing program)
2025/11/17 03:13:30 fetching corpus: 2550, signal 145238/196069 (executing program)
2025/11/17 03:13:30 fetching corpus: 2600, signal 146024/197562 (executing program)
2025/11/17 03:13:30 fetching corpus: 2650, signal 147343/199417 (executing program)
2025/11/17 03:13:30 fetching corpus: 2700, signal 148091/200908 (executing program)
2025/11/17 03:13:30 fetching corpus: 2750, signal 148914/202398 (executing program)
2025/11/17 03:13:30 fetching corpus: 2800, signal 149990/204031 (executing program)
2025/11/17 03:13:31 fetching corpus: 2850, signal 150947/205552 (executing program)
2025/11/17 03:13:31 fetching corpus: 2900, signal 151683/206920 (executing program)
2025/11/17 03:13:31 fetching corpus: 2950, signal 152291/208246 (executing program)
2025/11/17 03:13:31 fetching corpus: 3000, signal 153013/209645 (executing program)
2025/11/17 03:13:31 fetching corpus: 3050, signal 154270/211351 (executing program)
2025/11/17 03:13:31 fetching corpus: 3100, signal 154967/212672 (executing program)
2025/11/17 03:13:31 fetching corpus: 3150, signal 156046/214254 (executing program)
2025/11/17 03:13:31 fetching corpus: 3200, signal 156784/215621 (executing program)
2025/11/17 03:13:31 fetching corpus: 3250, signal 157627/217048 (executing program)
2025/11/17 03:13:32 fetching corpus: 3300, signal 158432/218372 (executing program)
2025/11/17 03:13:32 fetching corpus: 3350, signal 159237/219697 (executing program)
2025/11/17 03:13:32 fetching corpus: 3400, signal 160162/221064 (executing program)
2025/11/17 03:13:32 fetching corpus: 3450, signal 161024/222445 (executing program)
2025/11/17 03:13:32 fetching corpus: 3500, signal 161857/223734 (executing program)
2025/11/17 03:13:32 fetching corpus: 3550, signal 162385/224865 (executing program)
2025/11/17 03:13:32 fetching corpus: 3600, signal 162793/225988 (executing program)
2025/11/17 03:13:32 fetching corpus: 3650, signal 163299/227134 (executing program)
2025/11/17 03:13:32 fetching corpus: 3700, signal 163914/228268 (executing program)
2025/11/17 03:13:32 fetching corpus: 3750, signal 164422/229421 (executing program)
2025/11/17 03:13:32 fetching corpus: 3800, signal 164854/230447 (executing program)
2025/11/17 03:13:33 fetching corpus: 3850, signal 165403/231534 (executing program)
2025/11/17 03:13:33 fetching corpus: 3900, signal 166078/232711 (executing program)
2025/11/17 03:13:33 fetching corpus: 3950, signal 166582/233800 (executing program)
2025/11/17 03:13:33 fetching corpus: 4000, signal 167188/234896 (executing program)
2025/11/17 03:13:33 fetching corpus: 4050, signal 167661/235933 (executing program)
2025/11/17 03:13:33 fetching corpus: 4100, signal 168087/236944 (executing program)
2025/11/17 03:13:33 fetching corpus: 4150, signal 168597/237980 (executing program)
2025/11/17 03:13:33 fetching corpus: 4200, signal 169170/239125 (executing program)
2025/11/17 03:13:33 fetching corpus: 4250, signal 169566/240097 (executing program)
2025/11/17 03:13:33 fetching corpus: 4300, signal 170372/241239 (executing program)
2025/11/17 03:13:33 fetching corpus: 4350, signal 171081/242365 (executing program)
2025/11/17 03:13:34 fetching corpus: 4400, signal 171712/243444 (executing program)
2025/11/17 03:13:34 fetching corpus: 4450, signal 172624/244601 (executing program)
2025/11/17 03:13:34 fetching corpus: 4500, signal 173220/245639 (executing program)
2025/11/17 03:13:34 fetching corpus: 4550, signal 173698/246675 (executing program)
2025/11/17 03:13:34 fetching corpus: 4600, signal 174192/247678 (executing program)
2025/11/17 03:13:34 fetching corpus: 4650, signal 174636/248643 (executing program)
2025/11/17 03:13:34 fetching corpus: 4700, signal 175185/249643 (executing program)
2025/11/17 03:13:34 fetching corpus: 4750, signal 175737/250615 (executing program)
2025/11/17 03:13:34 fetching corpus: 4800, signal 176152/251533 (executing program)
2025/11/17 03:13:35 fetching corpus: 4850, signal 176647/252514 (executing program)
2025/11/17 03:13:35 fetching corpus: 4900, signal 177184/253472 (executing program)
2025/11/17 03:13:35 fetching corpus: 4950, signal 177687/254424 (executing program)
2025/11/17 03:13:35 fetching corpus: 5000, signal 178077/255291 (executing program)
2025/11/17 03:13:35 fetching corpus: 5050, signal 178438/256240 (executing program)
2025/11/17 03:13:35 fetching corpus: 5100, signal 178925/257188 (executing program)
2025/11/17 03:13:35 fetching corpus: 5150, signal 179408/258121 (executing program)
2025/11/17 03:13:35 fetching corpus: 5200, signal 179733/258961 (executing program)
2025/11/17 03:13:35 fetching corpus: 5250, signal 180197/259836 (executing program)
2025/11/17 03:13:36 fetching corpus: 5300, signal 180669/260706 (executing program)
2025/11/17 03:13:36 fetching corpus: 5350, signal 181596/261728 (executing program)
2025/11/17 03:13:36 fetching corpus: 5400, signal 182051/262623 (executing program)
2025/11/17 03:13:36 fetching corpus: 5450, signal 182668/263523 (executing program)
2025/11/17 03:13:36 fetching corpus: 5500, signal 183051/264358 (executing program)
2025/11/17 03:13:36 fetching corpus: 5550, signal 183449/265203 (executing program)
2025/11/17 03:13:36 fetching corpus: 5600, signal 183954/266057 (executing program)
2025/11/17 03:13:36 fetching corpus: 5650, signal 184510/266889 (executing program)
2025/11/17 03:13:36 fetching corpus: 5700, signal 184794/267671 (executing program)
2025/11/17 03:13:37 fetching corpus: 5750, signal 185369/268496 (executing program)
2025/11/17 03:13:37 fetching corpus: 5800, signal 185738/269276 (executing program)
2025/11/17 03:13:37 fetching corpus: 5850, signal 186041/270044 (executing program)
2025/11/17 03:13:37 fetching corpus: 5900, signal 186292/270788 (executing program)
2025/11/17 03:13:37 fetching corpus: 5950, signal 186770/271594 (executing program)
2025/11/17 03:13:37 fetching corpus: 6000, signal 187323/272388 (executing program)
2025/11/17 03:13:37 fetching corpus: 6050, signal 187671/273181 (executing program)
2025/11/17 03:13:37 fetching corpus: 6100, signal 188001/273967 (executing program)
2025/11/17 03:13:37 fetching corpus: 6150, signal 188416/274752 (executing program)
2025/11/17 03:13:37 fetching corpus: 6200, signal 188929/275528 (executing program)
2025/11/17 03:13:38 fetching corpus: 6250, signal 189205/276256 (executing program)
2025/11/17 03:13:38 fetching corpus: 6300, signal 189452/276977 (executing program)
2025/11/17 03:13:38 fetching corpus: 6350, signal 190195/277743 (executing program)
2025/11/17 03:13:38 fetching corpus: 6400, signal 190607/278534 (executing program)
2025/11/17 03:13:38 fetching corpus: 6450, signal 190914/279287 (executing program)
2025/11/17 03:13:38 fetching corpus: 6500, signal 191291/279998 (executing program)
2025/11/17 03:13:38 fetching corpus: 6550, signal 191650/280714 (executing program)
2025/11/17 03:13:38 fetching corpus: 6600, signal 191992/281383 (executing program)
2025/11/17 03:13:38 fetching corpus: 6650, signal 192340/282106 (executing program)
2025/11/17 03:13:39 fetching corpus: 6700, signal 192675/282805 (executing program)
2025/11/17 03:13:39 fetching corpus: 6750, signal 193002/283516 (executing program)
2025/11/17 03:13:39 fetching corpus: 6800, signal 193336/284220 (executing program)
2025/11/17 03:13:39 fetching corpus: 6850, signal 193632/284907 (executing program)
2025/11/17 03:13:39 fetching corpus: 6900, signal 194052/285580 (executing program)
2025/11/17 03:13:39 fetching corpus: 6950, signal 194401/286258 (executing program)
2025/11/17 03:13:39 fetching corpus: 7000, signal 194805/286904 (executing program)
2025/11/17 03:13:39 fetching corpus: 7050, signal 195136/287579 (executing program)
2025/11/17 03:13:39 fetching corpus: 7100, signal 195445/288256 (executing program)
2025/11/17 03:13:39 fetching corpus: 7150, signal 195863/288912 (executing program)
2025/11/17 03:13:39 fetching corpus: 7200, signal 196169/289549 (executing program)
2025/11/17 03:13:40 fetching corpus: 7250, signal 196556/290200 (executing program)
2025/11/17 03:13:40 fetching corpus: 7300, signal 196966/290275 (executing program)
2025/11/17 03:13:40 fetching corpus: 7350, signal 197233/290275 (executing program)
2025/11/17 03:13:40 fetching corpus: 7400, signal 197975/290275 (executing program)
2025/11/17 03:13:40 fetching corpus: 7450, signal 198266/290275 (executing program)
2025/11/17 03:13:40 fetching corpus: 7500, signal 198663/290275 (executing program)
2025/11/17 03:13:40 fetching corpus: 7550, signal 198945/290275 (executing program)
2025/11/17 03:13:40 fetching corpus: 7600, signal 199202/290275 (executing program)
2025/11/17 03:13:40 fetching corpus: 7650, signal 199521/290275 (executing program)
2025/11/17 03:13:40 fetching corpus: 7700, signal 199830/290275 (executing program)
2025/11/17 03:13:40 fetching corpus: 7750, signal 200079/290275 (executing program)
2025/11/17 03:13:41 fetching corpus: 7800, signal 200488/290275 (executing program)
2025/11/17 03:13:41 fetching corpus: 7850, signal 201062/290275 (executing program)
2025/11/17 03:13:41 fetching corpus: 7900, signal 201570/290275 (executing program)
2025/11/17 03:13:41 fetching corpus: 7950, signal 201790/290275 (executing program)
2025/11/17 03:13:41 fetching corpus: 8000, signal 202112/290275 (executing program)
2025/11/17 03:13:41 fetching corpus: 8050, signal 202482/290275 (executing program)
2025/11/17 03:13:41 fetching corpus: 8100, signal 202740/290275 (executing program)
2025/11/17 03:13:41 fetching corpus: 8150, signal 203288/290275 (executing program)
2025/11/17 03:13:41 fetching corpus: 8200, signal 203554/290275 (executing program)
2025/11/17 03:13:41 fetching corpus: 8250, signal 203890/290275 (executing program)
2025/11/17 03:13:41 fetching corpus: 8300, signal 204125/290275 (executing program)
2025/11/17 03:13:41 fetching corpus: 8350, signal 204328/290275 (executing program)
2025/11/17 03:13:42 fetching corpus: 8400, signal 204710/290275 (executing program)
2025/11/17 03:13:42 fetching corpus: 8450, signal 205825/290275 (executing program)
2025/11/17 03:13:42 fetching corpus: 8500, signal 206095/290275 (executing program)
2025/11/17 03:13:42 fetching corpus: 8550, signal 206379/290275 (executing program)
2025/11/17 03:13:42 fetching corpus: 8600, signal 206627/290275 (executing program)
2025/11/17 03:13:42 fetching corpus: 8650, signal 206939/290275 (executing program)
2025/11/17 03:13:42 fetching corpus: 8700, signal 207271/290275 (executing program)
2025/11/17 03:13:42 fetching corpus: 8750, signal 207469/290275 (executing program)
2025/11/17 03:13:42 fetching corpus: 8800, signal 207797/290275 (executing program)
2025/11/17 03:13:42 fetching corpus: 8850, signal 208010/290279 (executing program)
2025/11/17 03:13:42 fetching corpus: 8900, signal 208319/290279 (executing program)
2025/11/17 03:13:43 fetching corpus: 8950, signal 208514/290279 (executing program)
2025/11/17 03:13:43 fetching corpus: 9000, signal 208874/290279 (executing program)
2025/11/17 03:13:43 fetching corpus: 9050, signal 209218/290279 (executing program)
2025/11/17 03:13:43 fetching corpus: 9100, signal 209516/290279 (executing program)
2025/11/17 03:13:43 fetching corpus: 9150, signal 209710/290279 (executing program)
2025/11/17 03:13:43 fetching corpus: 9200, signal 209958/290279 (executing program)
2025/11/17 03:13:43 fetching corpus: 9250, signal 210223/290279 (executing program)
2025/11/17 03:13:43 fetching corpus: 9300, signal 210546/290279 (executing program)
2025/11/17 03:13:43 fetching corpus: 9350, signal 210833/290279 (executing program)
2025/11/17 03:13:43 fetching corpus: 9400, signal 211091/290279 (executing program)
2025/11/17 03:13:44 fetching corpus: 9450, signal 211353/290279 (executing program)
2025/11/17 03:13:44 fetching corpus: 9500, signal 211706/290279 (executing program)
2025/11/17 03:13:44 fetching corpus: 9550, signal 211914/290279 (executing program)
2025/11/17 03:13:44 fetching corpus: 9600, signal 212199/290279 (executing program)
2025/11/17 03:13:44 fetching corpus: 9650, signal 212399/290279 (executing program)
2025/11/17 03:13:44 fetching corpus: 9700, signal 212714/290279 (executing program)
2025/11/17 03:13:44 fetching corpus: 9750, signal 212947/290279 (executing program)
2025/11/17 03:13:44 fetching corpus: 9800, signal 213184/290279 (executing program)
2025/11/17 03:13:44 fetching corpus: 9850, signal 213428/290280 (executing program)
2025/11/17 03:13:44 fetching corpus: 9900, signal 213652/290280 (executing program)
2025/11/17 03:13:44 fetching corpus: 9950, signal 213880/290280 (executing program)
2025/11/17 03:13:45 fetching corpus: 10000, signal 214077/290280 (executing program)
2025/11/17 03:13:45 fetching corpus: 10050, signal 214317/290280 (executing program)
2025/11/17 03:13:45 fetching corpus: 10100, signal 214615/290280 (executing program)
2025/11/17 03:13:45 fetching corpus: 10150, signal 214860/290280 (executing program)
2025/11/17 03:13:45 fetching corpus: 10200, signal 215095/290280 (executing program)
2025/11/17 03:13:45 fetching corpus: 10250, signal 215415/290280 (executing program)
2025/11/17 03:13:45 fetching corpus: 10300, signal 215617/290280 (executing program)
2025/11/17 03:13:45 fetching corpus: 10350, signal 215921/290280 (executing program)
2025/11/17 03:13:45 fetching corpus: 10400, signal 216204/290280 (executing program)
2025/11/17 03:13:46 fetching corpus: 10450, signal 216396/290280 (executing program)
2025/11/17 03:13:46 fetching corpus: 10500, signal 216638/290280 (executing program)
2025/11/17 03:13:46 fetching corpus: 10550, signal 216893/290280 (executing program)
2025/11/17 03:13:46 fetching corpus: 10600, signal 217251/290280 (executing program)
2025/11/17 03:13:46 fetching corpus: 10650, signal 217536/290280 (executing program)
2025/11/17 03:13:46 fetching corpus: 10700, signal 217760/290280 (executing program)
2025/11/17 03:13:46 fetching corpus: 10750, signal 217925/290281 (executing program)
2025/11/17 03:13:46 fetching corpus: 10800, signal 218163/290281 (executing program)
2025/11/17 03:13:46 fetching corpus: 10850, signal 218431/290281 (executing program)
2025/11/17 03:13:46 fetching corpus: 10900, signal 218706/290281 (executing program)
2025/11/17 03:13:47 fetching corpus: 10950, signal 218912/290281 (executing program)
2025/11/17 03:13:47 fetching corpus: 11000, signal 219207/290281 (executing program)
2025/11/17 03:13:47 fetching corpus: 11050, signal 219396/290281 (executing program)
2025/11/17 03:13:47 fetching corpus: 11100, signal 219671/290281 (executing program)
2025/11/17 03:13:47 fetching corpus: 11150, signal 219921/290281 (executing program)
2025/11/17 03:13:47 fetching corpus: 11200, signal 220150/290281 (executing program)
2025/11/17 03:13:47 fetching corpus: 11250, signal 220404/290281 (executing program)
2025/11/17 03:13:47 fetching corpus: 11300, signal 220663/290281 (executing program)
2025/11/17 03:13:47 fetching corpus: 11350, signal 220860/290281 (executing program)
2025/11/17 03:13:47 fetching corpus: 11400, signal 221071/290281 (executing program)
2025/11/17 03:13:47 fetching corpus: 11450, signal 221292/290281 (executing program)
2025/11/17 03:13:47 fetching corpus: 11500, signal 221572/290281 (executing program)
2025/11/17 03:13:48 fetching corpus: 11550, signal 221799/290281 (executing program)
2025/11/17 03:13:48 fetching corpus: 11600, signal 222090/290281 (executing program)
2025/11/17 03:13:48 fetching corpus: 11650, signal 222325/290281 (executing program)
2025/11/17 03:13:48 fetching corpus: 11700, signal 222572/290281 (executing program)
2025/11/17 03:13:48 fetching corpus: 11750, signal 222800/290281 (executing program)
2025/11/17 03:13:48 fetching corpus: 11800, signal 223043/290281 (executing program)
2025/11/17 03:13:48 fetching corpus: 11850, signal 223216/290281 (executing program)
2025/11/17 03:13:48 fetching corpus: 11900, signal 223451/290281 (executing program)
2025/11/17 03:13:48 fetching corpus: 11950, signal 223711/290281 (executing program)
2025/11/17 03:13:49 fetching corpus: 12000, signal 223910/290281 (executing program)
2025/11/17 03:13:49 fetching corpus: 12050, signal 224160/290281 (executing program)
2025/11/17 03:13:49 fetching corpus: 12100, signal 224339/290282 (executing program)
2025/11/17 03:13:49 fetching corpus: 12150, signal 224630/290282 (executing program)
2025/11/17 03:13:49 fetching corpus: 12200, signal 224807/290282 (executing program)
2025/11/17 03:13:49 fetching corpus: 12250, signal 225013/290282 (executing program)
2025/11/17 03:13:49 fetching corpus: 12300, signal 225166/290282 (executing program)
2025/11/17 03:13:49 fetching corpus: 12350, signal 225422/290282 (executing program)
2025/11/17 03:13:49 fetching corpus: 12400, signal 225757/290282 (executing program)
2025/11/17 03:13:50 fetching corpus: 12450, signal 226194/290282 (executing program)
2025/11/17 03:13:50 fetching corpus: 12500, signal 226348/290282 (executing program)
2025/11/17 03:13:50 fetching corpus: 12550, signal 226537/290282 (executing program)
2025/11/17 03:13:50 fetching corpus: 12600, signal 226775/290282 (executing program)
2025/11/17 03:13:50 fetching corpus: 12650, signal 227012/290282 (executing program)
2025/11/17 03:13:50 fetching corpus: 12700, signal 227250/290282 (executing program)
2025/11/17 03:13:50 fetching corpus: 12750, signal 227422/290282 (executing program)
2025/11/17 03:13:50 fetching corpus: 12800, signal 227672/290282 (executing program)
2025/11/17 03:13:50 fetching corpus: 12850, signal 227886/290282 (executing program)
2025/11/17 03:13:50 fetching corpus: 12900, signal 228105/290282 (executing program)
2025/11/17 03:13:51 fetching corpus: 12950, signal 228276/290282 (executing program)
2025/11/17 03:13:51 fetching corpus: 13000, signal 228504/290282 (executing program)
2025/11/17 03:13:51 fetching corpus: 13050, signal 228725/290282 (executing program)
2025/11/17 03:13:51 fetching corpus: 13100, signal 228902/290282 (executing program)
2025/11/17 03:13:51 fetching corpus: 13150, signal 229138/290282 (executing program)
2025/11/17 03:13:51 fetching corpus: 13200, signal 229333/290282 (executing program)
2025/11/17 03:13:51 fetching corpus: 13250, signal 229485/290282 (executing program)
2025/11/17 03:13:51 fetching corpus: 13300, signal 229674/290282 (executing program)
2025/11/17 03:13:51 fetching corpus: 13350, signal 229814/290282 (executing program)
2025/11/17 03:13:51 fetching corpus: 13400, signal 230023/290282 (executing program)
2025/11/17 03:13:52 fetching corpus: 13450, signal 230242/290282 (executing program)
2025/11/17 03:13:52 fetching corpus: 13500, signal 230414/290282 (executing program)
2025/11/17 03:13:52 fetching corpus: 13550, signal 230588/290282 (executing program)
2025/11/17 03:13:52 fetching corpus: 13600, signal 230764/290282 (executing program)
2025/11/17 03:13:52 fetching corpus: 13650, signal 230980/290282 (executing program)
2025/11/17 03:13:52 fetching corpus: 13700, signal 231145/290282 (executing program)
2025/11/17 03:13:52 fetching corpus: 13750, signal 231303/290282 (executing program)
2025/11/17 03:13:52 fetching corpus: 13800, signal 231536/290282 (executing program)
2025/11/17 03:13:52 fetching corpus: 13850, signal 231690/290282 (executing program)
2025/11/17 03:13:52 fetching corpus: 13900, signal 231896/290282 (executing program)
2025/11/17 03:13:53 fetching corpus: 13950, signal 232563/290282 (executing program)
2025/11/17 03:13:53 fetching corpus: 14000, signal 232794/290282 (executing program)
2025/11/17 03:13:53 fetching corpus: 14049, signal 232999/290282 (executing program)
2025/11/17 03:13:53 fetching corpus: 14099, signal 233289/290282 (executing program)
2025/11/17 03:13:53 fetching corpus: 14149, signal 233457/290282 (executing program)
2025/11/17 03:13:53 fetching corpus: 14199, signal 233619/290282 (executing program)
2025/11/17 03:13:53 fetching corpus: 14249, signal 233784/290282 (executing program)
2025/11/17 03:13:53 fetching corpus: 14299, signal 233970/290282 (executing program)
2025/11/17 03:13:53 fetching corpus: 14349, signal 234158/290282 (executing program)
2025/11/17 03:13:54 fetching corpus: 14399, signal 234329/290282 (executing program)
2025/11/17 03:13:54 fetching corpus: 14449, signal 234497/290282 (executing program)
2025/11/17 03:13:54 fetching corpus: 14499, signal 234691/290282 (executing program)
2025/11/17 03:13:54 fetching corpus: 14549, signal 234839/290282 (executing program)
2025/11/17 03:13:54 fetching corpus: 14599, signal 235020/290282 (executing program)
2025/11/17 03:13:54 fetching corpus: 14649, signal 235140/290282 (executing program)
2025/11/17 03:13:54 fetching corpus: 14699, signal 235390/290282 (executing program)
2025/11/17 03:13:54 fetching corpus: 14749, signal 235570/290282 (executing program)
2025/11/17 03:13:54 fetching corpus: 14799, signal 235747/290282 (executing program)
2025/11/17 03:13:54 fetching corpus: 14849, signal 235950/290282 (executing program)
2025/11/17 03:13:54 fetching corpus: 14899, signal 236091/290282 (executing program)
2025/11/17 03:13:54 fetching corpus: 14949, signal 236294/290282 (executing program)
2025/11/17 03:13:55 fetching corpus: 14999, signal 236496/290282 (executing program)
2025/11/17 03:13:55 fetching corpus: 15049, signal 236634/290282 (executing program)
2025/11/17 03:13:55 fetching corpus: 15099, signal 236813/290282 (executing program)
2025/11/17 03:13:55 fetching corpus: 15149, signal 237007/290282 (executing program)
2025/11/17 03:13:55 fetching corpus: 15199, signal 237135/290282 (executing program)
2025/11/17 03:13:55 fetching corpus: 15249, signal 237310/290282 (executing program)
2025/11/17 03:13:55 fetching corpus: 15299, signal 237434/290282 (executing program)
2025/11/17 03:13:55 fetching corpus: 15349, signal 237537/290283 (executing program)
2025/11/17 03:13:55 fetching corpus: 15399, signal 237753/290283 (executing program)
2025/11/17 03:13:55 fetching corpus: 15449, signal 237916/290283 (executing program)
2025/11/17 03:13:55 fetching corpus: 15499, signal 238085/290284 (executing program)
2025/11/17 03:13:56 fetching corpus: 15549, signal 238387/290284 (executing program)
2025/11/17 03:13:56 fetching corpus: 15599, signal 238568/290284 (executing program)
2025/11/17 03:13:56 fetching corpus: 15649, signal 238785/290284 (executing program)
2025/11/17 03:13:56 fetching corpus: 15699, signal 238937/290284 (executing program)
2025/11/17 03:13:56 fetching corpus: 15749, signal 239105/290284 (executing program)
2025/11/17 03:13:56 fetching corpus: 15799, signal 239309/290285 (executing program)
2025/11/17 03:13:56 fetching corpus: 15849, signal 239555/290285 (executing program)
2025/11/17 03:13:56 fetching corpus: 15899, signal 239688/290285 (executing program)
2025/11/17 03:13:56 fetching corpus: 15949, signal 239910/290285 (executing program)
2025/11/17 03:13:56 fetching corpus: 15999, signal 240086/290285 (executing program)
2025/11/17 03:13:56 fetching corpus: 16049, signal 240227/290285 (executing program)
2025/11/17 03:13:57 fetching corpus: 16099, signal 240438/290287 (executing program)
2025/11/17 03:13:57 fetching corpus: 16149, signal 240745/290287 (executing program)
2025/11/17 03:13:57 fetching corpus: 16199, signal 240904/290287 (executing program)
2025/11/17 03:13:57 fetching corpus: 16249, signal 241073/290287 (executing program)
2025/11/17 03:13:57 fetching corpus: 16299, signal 241225/290287 (executing program)
2025/11/17 03:13:57 fetching corpus: 16349, signal 241501/290287 (executing program)
2025/11/17 03:13:57 fetching corpus: 16399, signal 241643/290287 (executing program)
2025/11/17 03:13:57 fetching corpus: 16449, signal 241828/290287 (executing program)
2025/11/17 03:13:57 fetching corpus: 16499, signal 242012/290287 (executing program)
2025/11/17 03:13:57 fetching corpus: 16549, signal 242150/290287 (executing program)
2025/11/17 03:13:57 fetching corpus: 16599, signal 242352/290288 (executing program)
2025/11/17 03:13:58 fetching corpus: 16649, signal 242526/290288 (executing program)
2025/11/17 03:13:58 fetching corpus: 16699, signal 242686/290288 (executing program)
2025/11/17 03:13:58 fetching corpus: 16732, signal 242790/290288 (executing program)
2025/11/17 03:13:58 fetching corpus: 16732, signal 242790/290288 (executing program)
2025/11/17 03:14:00 starting 8 fuzzer processes
03:14:00 executing program 0:
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x100}}, './file0\x00'})
ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000040)={0x400, 0x39, 0x9})
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
r3 = pidfd_getfd(r1, r2, 0x0)
close_range(r0, r0, 0x0)
flistxattr(r2, &(0x7f0000000080)=""/153, 0x99)
r4 = socket$nl_route(0x10, 0x3, 0x0)
copy_file_range(r0, &(0x7f0000000140)=0x6, r4, &(0x7f0000000180)=0x2, 0x3, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x0, 0x25dfdbff, 0x200000}, 0xc)
ioctl$BTRFS_IOC_QGROUP_CREATE(r1, 0x4010942a, &(0x7f0000000200)={0x0, 0x2})
sendmsg$AUDIT_USER_AVC(r3, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x453, 0x1, 0x70bd2b, 0x25dfdbfd, "feef644301018a76397beab357b6722dfc8dee6184aa93b8c7f8a2ac7405501a4c40a5070b703bbe5e", ["", "", "", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x4008044)
clock_gettime(0x0, &(0x7f0000000380)={<r5=>0x0, <r6=>0x0})
utimensat(r1, &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)={{}, {r5, r6/1000+10000}}, 0x100)
r7 = creat(&(0x7f0000001a80)='./file0\x00', 0x100)
bind$netlink(r7, &(0x7f0000001ac0)={0x10, 0x0, 0x25dfdbfc, 0xa1eec2e13a2bcd1d}, 0xc)
r8 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000001b00)='./file0\x00', &(0x7f0000001b40), 0x800000, &(0x7f0000001b80)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@smackfsdef={'smackfsdef', 0x3d, '\x9e.'}}, {@fsname}, {@uid_gt}, {@subj_role={'subj_role', 0x3d, '@$:\\)!'}}]}})
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001c80), r8)
sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000001ec0)={&(0x7f0000001c40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001e80)={&(0x7f0000001cc0)={0x194, r9, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffffff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x81}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}]}, @TIPC_NLA_NODE={0xf8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0xa1, 0x3, "20fc7ddb8494785bf37445f5799210602ef9ce6abb50c836720f905f62ca1abd57b219e6e0f2ef0f906eacfe131702366b7cf27207fa60bef08c8632720d252b3bed84fb8e98ece80a4d7c7f8ef3a5d6763dade62cbe6c207d2d03486049773d9c123696395e62bf9321ea4d4977094529f5dfbf5b774af2c2c07aaf2ce25e889c25b3f6b91086df6d26b8d551312bbd12818f29fa6f9f65951bf3f747"}, @TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "b81f60379e073638373c3c4c86de7775995ad6356ba07f4394882381b30bcef7ab"}}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xd1}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}]}, 0x194}, 0x1, 0x0, 0x0, 0x1810}, 0x48080)

03:14:00 executing program 1:
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000040)={0x208, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0x27, 0x9}, [@INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0xfa, 0x1, "8677468e25d1b965a806e6f7b805664a33f6f11568d65379ec15245de9838c37b684c4765ca268a9b09aed5100929636c4588a720264afa184b1a8e15b56d85f96702429059e8ac88ec4ea54a9ad905c16fee9ffd2b3a31b8bbfff8adc14df0b510b9774de8ecfc8b9efe078b2f41d18a4aee4729506f6f0dc55a7f7b4c6d0f4f65e2f43d70e20d87b27258680f34808f6690f25e59cf538fcfbc87579eeafb82b70ce1629f6ccb38ec6b09419bbb9370d4278ce1a9615b2fbdfdf31ed865d09d664ed24a5e3762a105d4dbb209a683f1394158510a30cf899a51276dc391ae140e0cf77bfdcc91bdd9662013c795a369f9e45a702ae"}, @INET_DIAG_REQ_BYTECODE={0xbe, 0x1, "d68788959202ba6d6ce58a88e86a37f7b2381d139bb9651c2cdd67081de93964a13d266b243b51c9c1695e5e9fc54cc6a104ce21d541fd6403736054ee9d87d09d0c113cf3d8c199e2d665038d1324a04aec2df147440f943219c1e706289ac32bc14fe77edf954c5865da7dd464020c236f4d8be86fdad3f79a3022090e2cb5dc513d5199510353e97b0e1929810ca6dbce1c22e92ca7c3afba98130e2a2ff1804007304d4a784bb69eb8a22d5b7e1927731816416395e24d15"}, @INET_DIAG_REQ_BYTECODE={0x17, 0x1, "25161d3bc765e29c51dd79207bd649b7f0cc97"}, @INET_DIAG_REQ_BYTECODE={0x19, 0x1, "d7226179a9c55d767ba0ea8cd50c67a65f6063b9ae"}]}, 0x208}, 0x1, 0x0, 0x0, 0x20010040}, 0x4001)
sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x50, 0x0, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0x20, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x80}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4000)
r1 = dup(r0)
sendmsg$SOCK_DESTROY(r1, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000640)={&(0x7f0000000480)={0x1c0, 0x15, 0x200, 0x70bd29, 0x25dfdbfb, {0x1a, 0x5}, [@INET_DIAG_REQ_BYTECODE={0xfd, 0x1, "7ed99e119c1e2f374a4afe59ba44622ce65b2d077e6921d9d873701cdd0d604a9d7207432ec2eaabd877a247ce567622cefe7ec0c18d78770da39a36b09e899f304650bf8397549bfbf2049b985c5f81230bf6f539c20ad73ebec482c85f420728ed5575d6173c8a898d79996b7b5eb0d0533f849bcd2a74552377fdf6063743a72f8419a3e7cd15bf5ec5168ba71deb600969e00288db43258286020a907bd823979c6cf03dbe03cf0f55336b83a402d0f173ac62943b2952183821aed30e0c8417fcb25f7e6dceaaff13cdf49d532751c291effd30bf2f39b666810a7d8cdfbf63f15ed17c440d11e9aad6b4317f45c7fc3a59af7ada6cbd"}, @INET_DIAG_REQ_BYTECODE={0xaa, 0x1, "ef72ac542ba575f6a2a187c62321894f72bcaa9aeef81bfec484a3afd9d78ea864390aca7a9267d8fbaccf0da13fe61c8c007ac34595c713edfec1f3b161f7d782c9a9cd9ae3aab9203bbc5e3249bec8b890b08758f0d1e2cce6b190bc3ec5b8de9a4b7f0e0b7b269fba8bd319f23284021a4d0472b09d7d1e26da6bf3b9e752a867c11fd69fe296f6016bfa995e70b0fca11daa25032fbdda7c65be267a4456aff3a68b0079"}]}, 0x1c0}, 0x1, 0x0, 0x0, 0x41}, 0x400c017)
r2 = fsmount(r1, 0x1, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r1)
sendmsg$NL80211_CMD_SET_STATION(r2, &(0x7f0000000800)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x7c, r3, 0x100, 0x70bd25, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0x3e}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x39, 0xbe, "c5853ba671d68bf3c2a74f8ea16a876a51c9ba717da213be31232f5183fdde7bba48ed4b473febd8f3b55910442cc93aeac75dfb4c"}, @NL80211_ATTR_STA_FLAGS={0x24, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_WME={0x4}, @NL80211_STA_FLAG_WME={0x4}, @NL80211_STA_FLAG_WME={0x4}, @NL80211_STA_FLAG_SHORT_PREAMBLE={0x4}, @NL80211_STA_FLAG_AUTHORIZED={0x4}, @NL80211_STA_FLAG_TDLS_PEER={0x4}, @NL80211_STA_FLAG_TDLS_PEER={0x4}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x24080040}, 0x1)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000880), r1)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000980)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x44, r4, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x200}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x100000}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004000}, 0x840)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, &(0x7f00000009c0)={0x6, 'wg0\x00', {0x7fff}, 0x8})
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000a40), r2)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14, r5, 0x4, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x40)
r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000b40), 0x8100, 0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r6, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x7c, r5, 0x20, 0x70bd25, 0x25dfdbff, {}, [@ETHTOOL_A_LINKINFO_PORT={0x5}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x5}, @ETHTOOL_A_LINKINFO_HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x44}, 0x4000)
r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000d00), r6)
sendmsg$SMC_PNETID_FLUSH(r6, &(0x7f0000000dc0)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d40)={0x24, r7, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20004000}, 0x4)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000e00)={{0x1, 0x1, 0x18, <r8=>r1, {0x1}}, './file0\x00'})
sendmsg$DCCPDIAG_GETSOCK(r8, &(0x7f00000010c0)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001080)={&(0x7f0000000e80)={0x1e0, 0x13, 0x2, 0x70bd25, 0x25dfdbfd, {0x22, 0x3, 0x0, 0x66, {0x4e21, 0x4e24, [0x8, 0x9, 0x1, 0x20], [0x5, 0x4eb8, 0x1, 0xfffffffe], 0x0, [0x26, 0x5ce0]}, 0x2, 0x400}, [@INET_DIAG_REQ_BYTECODE={0x2d, 0x1, "da83f5d200639a3dfb70b37a196f92f7c102479d482fdcb35f30bd24e696098d2b47a576b26337625d"}, @INET_DIAG_REQ_BYTECODE={0xf1, 0x1, "41bc385f2be725832b78d680ef51eb4dd6f991255db9b53ea9ffec72356e94eb58fa9fe4af05766de637f8b087e22819296e020401d844626fc63261e3ae187dfc382d20ed23d6dc3671bb305da74ab06e66a9c0969012cf5e79618e99a8e29a1eef6282379eb6351ee1f454281c368f682649d0128f9f4ccf6554a8cb3643da8d2ae010f49ec098f36f44d19f943a5eef0e2e35d1969b03575983e9e53a83f469fe9fbffa97b657950b4a58838efc720d5271b7283aa6e1f40395c188f98dd3b89ceb536cf1d425cb13e906bcfc573cc52e25facecc98bfb01e4c99d486600b8ecf1b6d196f7a65898e8ead78"}, @INET_DIAG_REQ_BYTECODE={0x6f, 0x1, "3e0850a559315a7bd376779b13dca92c1638d739390497a841cd90432c8d940aadf31cc4fe5f6fd9f6949be0000d47e9a45a219950f69c11b9a400114830fd0b65542acda14c9370ebe995f236293385998b0564c689dee58c4b56a1b7fda2f09c2bba8532e952a62592ea"}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x48000}, 0x40040c1)
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000001280)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001240)={&(0x7f00000011c0)={0x48, r3, 0x100, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x4}}}}, [@NL80211_ATTR_FRAME_MATCH={0x1f, 0x5b, "2ec60a640e68f0fe5a73c5ae7945fda2b05550389d189e329f0cb2"}]}, 0x48}, 0x1, 0x0, 0x0, 0x4008859}, 0x40001)

03:14:00 executing program 6:
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000)=[0x1f, 0x1])
r0 = semget(0x1, 0x1, 0x410)
semctl$IPC_RMID(r0, 0x0, 0x0)
r1 = semget$private(0x0, 0x1, 0x45)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000040)=""/210)
semtimedop(r1, &(0x7f0000000140)=[{0x3, 0x1, 0x1000}, {0x2, 0x4}, {0x0, 0x8, 0x1800}, {0x0, 0x400}], 0x4, &(0x7f0000000180))
semctl$GETALL(r1, 0x0, 0xd, &(0x7f00000001c0)=""/4)
r2 = semget$private(0x0, 0x3, 0x10)
semctl$GETALL(r2, 0x0, 0xd, &(0x7f0000000200)=""/49)
semctl$GETZCNT(0xffffffffffffffff, 0x3, 0xf, &(0x7f0000000240)=""/78)
semop(r0, &(0x7f00000002c0)=[{0x3, 0x0, 0x1000}, {0x8b3b87cb0b4f41c8, 0x1, 0x800}], 0x2)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000340)={<r3=>0x0, <r4=>0x0})
semtimedop(r0, &(0x7f0000000300)=[{0x4, 0x6, 0x1000}, {0x0, 0x7, 0x800}], 0x2, &(0x7f0000000380)={r3, r4+10000000})
semctl$GETNCNT(r1, 0x0, 0xe, &(0x7f00000003c0)=""/214)
r5 = semget$private(0x0, 0x4, 0x200)
semctl$IPC_STAT(r5, 0x0, 0x2, &(0x7f00000004c0)=""/216)
semget$private(0x0, 0x6, 0xa4)
semctl$SETVAL(r0, 0x1, 0x10, &(0x7f00000005c0)=0x9)

03:14:00 executing program 2:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan4\x00', <r0=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r1=>0x0})
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, 0x0, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}]}, 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x48000)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r2, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, 0x0, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x4}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), r2)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, r3, 0x300, 0x70bd28, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0302}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
sendmsg$NLBL_MGMT_C_REMOVE(r2, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x44, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @local}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x18}, @NLBL_MGMT_A_DOMAIN={0xa, 0x1, 'wpan1\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x20000005)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ADD_IFACE(r4, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x6c, r3, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy3\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8091}, 0x85)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r5, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x20, r3, 0xc, 0x70bd2a, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x8811)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000880)={&(0x7f0000000780), 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x50, r3, 0x2, 0x70bd28, 0x3, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x8}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x81}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xfffc}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x9d}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x5)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000008c0), r2)
sendmsg$NLBL_MGMT_C_ADD(r5, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={0x6c, 0x0, 0x100, 0x70bd27, 0x25dfdbff, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xf}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @empty}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x3}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private1}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_DOMAIN={0x9, 0x1, ']#*$\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4008000)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000a80), r2)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r7, &(0x7f0000000b80)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x5c, r8, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x40}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x9}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x1}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0xff}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2044}, 0x80)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r9, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x40, r6, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r1}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r1}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x20008001)

03:14:00 executing program 7:
ioctl$HIDIOCGUCODE(0xffffffffffffffff, 0xc018480d, &(0x7f0000000000)={0x2, 0x200, 0xffffffff, 0x4e4, 0x3, 0x20})
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
ioctl$HIDIOCGUSAGE(r0, 0xc018480b, &(0x7f0000000080)={0x1, 0x100, 0x3, 0xa58, 0xe4, 0x6})
ioctl$HIDIOCSUSAGE(r0, 0x4018480c, &(0x7f00000000c0)={0x2, 0x2, 0x76a, 0xffff64c5, 0x3, 0x9})
ioctl$HIDIOCGCOLLECTIONINDEX(r0, 0x40184810, &(0x7f0000000100)={0x2, 0xfffffffc, 0xfffffff9, 0x1, 0x80, 0x3f})
ioctl$HIDIOCSUSAGE(r0, 0x4018480c, &(0x7f0000000140)={0x1, 0xffffffff, 0x1, 0x9, 0xfffff1c8, 0x5fb51d63})
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x400, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x10, r1, 0x0)
r2 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0), 0x400800, 0x0)
fremovexattr(r2, &(0x7f0000000200)=@known='trusted.overlay.origin\x00')
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x10)
fsetxattr$security_ima(r3, &(0x7f0000000280), &(0x7f00000002c0)=@sha1={0x1, "837789f17533c114047c0c99fb7e1604b0bad72e"}, 0x15, 0x0)
setxattr$trusted_overlay_redirect(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000380)='./file0\x00', 0x8, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, &(0x7f0000000440)={'syztnl2\x00', &(0x7f00000003c0)={'ip6_vti0\x00', 0x0, 0x4, 0x1, 0x83, 0x9, 0x30, @remote, @private1, 0x10, 0x8, 0xbb, 0x7}})
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f0000000480)={0x0, 0x0, 0x27f, 0x200})
fsmount(r4, 0x0, 0x70)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r1, &(0x7f0000000640)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0xc4, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x5}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xffff}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xac, 0x3, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, ']B\'-\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x100}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x30fc3859}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '+}\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '-\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x10, 0x2, '*%)-&\\\'}!]&\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x401}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x4}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '+{\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xe510}]}]}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x10}, 0x1)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000680)='/proc/meminfo\x00', 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r5, 0xc018480b, &(0x7f00000006c0)={0x1, 0x2, 0x1f, 0x10001, 0x4, 0xf0000000})

03:14:00 executing program 3:
r0 = shmget(0x0, 0x1000, 0x20, &(0x7f0000fff000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x3000)
r1 = shmget(0x1, 0x4000, 0x800, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r1, 0x0)
r2 = shmget(0x0, 0x4000, 0x10, &(0x7f0000ff9000/0x4000)=nil)
shmat(r2, &(0x7f0000ff6000/0x4000)=nil, 0x2000)
shmget$private(0x0, 0x4000, 0x78000000, &(0x7f0000ffc000/0x4000)=nil)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x2000)
r3 = shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ff8000/0x3000)=nil)
shmat(r3, &(0x7f0000ffc000/0x4000)=nil, 0x2000)
shmat(r1, &(0x7f0000ff8000/0x2000)=nil, 0x2000)
shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x0)
r4 = shmget(0x3, 0x2000, 0x80, &(0x7f0000ffd000/0x2000)=nil)
shmat(r4, &(0x7f0000ff8000/0x4000)=nil, 0x4000)
r5 = shmget$private(0x0, 0x3000, 0x8, &(0x7f0000ff9000/0x3000)=nil)
shmat(r5, &(0x7f0000ffb000/0x3000)=nil, 0x1000)
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
mbind(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x4000, &(0x7f0000000000)=0x1, 0x0, 0x2)
r6 = shmget(0x3, 0x1000, 0x40, &(0x7f0000ffc000/0x1000)=nil)
shmctl$SHM_LOCK(r6, 0xb)

[   95.632357] audit: type=1400 audit(1763349240.518:7): avc:  denied  { execmem } for  pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
03:14:00 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x401, &(0x7f0000000000)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x3, &(0x7f0000000040)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200, 0x7, &(0x7f0000000080)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3ff, 0xfffffffffffffff9, &(0x7f00000000c0))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000000100)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xbb27, 0x7, &(0x7f0000000140))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x2, &(0x7f0000000180))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1ff, 0x7, &(0x7f00000001c0)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x8001, &(0x7f0000000200)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xc88, 0x8, &(0x7f0000000240))
syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}, {@none}}}, 0x9)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x163, 0x6, &(0x7f00000002c0)=0x1)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xd3, 0x0, 0xea, 0x4, 0x0, 0x4, 0x800, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x7, 0x1, @perf_bp={&(0x7f0000000300), 0x1}, 0x4812c, 0x4, 0x3, 0x3, 0xfffffffffffffff8, 0x1, 0x6, 0x0, 0xffffffff, 0x0, 0xffffffff00000001}, 0x0, 0xf, 0xffffffffffffffff, 0xa)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x1, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x20, 0xa}, {0x0, 0x77f, 0x57, 0x89d, 0x3}}}}, 0x17)
syz_emit_vhci(&(0x7f0000000400)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_train_complete={{0x4f, 0x1}, {0x2}}}, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xf95, &(0x7f0000000440)=0x1)
syz_emit_vhci(&(0x7f0000000480)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xb8}, "e8bb004bf9c925e343ad039027df286f61696780039675fe9a389e89bd6c831112317736e6d68dd60bb212043cca0ade660fc82368436f86c46507d2ee8e13ad80f92219580db95cff406ef39829f86dc3d11768f703f52ec4ff28ead4be7b749f52f6a855b8104c1835fbb1ad25c794d6eef1bfc014c8dc6e3d5daf12ab081df943442c7c36fd9f587936fbc8a15d53a94f7d27a114625efdf9f6af5962e36c6081d35b9a1d2d3be27f66cdef813932661ae7bc46faaf25"}, 0xbc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3e18, 0x6, &(0x7f0000000540))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x14000, 0x3, &(0x7f0000000580))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x9, &(0x7f00000005c0))

03:14:00 executing program 5:
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x80000001]}, 0x8, 0x80000)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f0000000040))
ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000080)=0x2)
r1 = openat$hpet(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0)
r2 = openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000100), 0x2, 0x0)
r3 = dup2(r0, r2)
r4 = creat(&(0x7f0000000140)='./file0\x00', 0x28)
ioctl$PIO_UNIMAPCLR(r4, 0x4b68, &(0x7f0000000180)={0x1, 0x6, 0x9})
r5 = fsopen(&(0x7f00000001c0)='nfs4\x00', 0x0)
r6 = getuid()
fchown(r5, r6, 0xee01)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000200)='}!\x00', &(0x7f0000000240)="4611f020c0a5482b86a8b7d431fcc543069ee2b9a9a81a45aec6fe0d9fb09b5dccbbdb2570de8de39652946f2fcd2f47e97317cc0d87bde85bdf66523ff5117137eb3ceb29567f9d7bc93eb65f012effba70774bdd00043d1bda87d85db162f64f3229a5fa2d25c2cc65e5a48e1b8de38f6d3c8017533d1326d8619ba473ef7080b0c90b7eed1615e305bda30a672428a26bb0303c0fbf641dfc46d55fece2c603a4067a68200f6b4ed428d4a23cfbd6c45fb1d1df04e0c456a31b86469f0abe4d427580317ce60ed05b2559600916288687dbbbda9dd3e04d3eafb5fdac140faeb809e869dd25fbb7cbcb27a2a347db8ce598169f3b07591bdcb5c117c837459bb615706999f775cb519132612e0d9be2eb26331fa4f3f2422f898bc3b332a7651c5d01e00d76b2938ed5e1184e08a65d79716e723520ac0eb501c6cdf73b36c218ca7a268ce9421f4fa92c58e5e93761ea77e229c4aa93ffe7de5977726695d3819cd795cac4445708cbdf439fcf9e722b1e433b7fec531c1a708fa5a439d2fa6300a7c34d16d7474fa830c073b2d0301e61c3985ff015e2fa25cca6718ce6d0ffb43f7537572da5c6b23ee7389cf77700108a6488c03f8c54a2f8f3ecac4fde5f53643511d60546558b46bddea08dcd0d8a8fed65fa39f258391cb909f67cf7b5a85eac59fe23142edc524a72824cc74a33a53bb2b728e42e8259d849b83ec5ca08fdd4c7bf77d9578fbd38c31675d81beb66d26cebae16f3946c9458ed065bee498d05596432c3333fb1f8c31c6cadf1a17b1c659cfffb1a246f256c569ef73889803e91280a91491ca69efd590f6739deab7b20b93a179de28775934e2f48520b378772ef313cb6bb10563cb56c33b63a4680af10730a55166a90dffc9c5a4e508f22c96382a6b18aa05dd5ec2345122f0e2e813572b6ada2e725d1e4e9bc6d098a1917fd6bdf20b085ced5714757474b91407a7473082c9e0fef492eeb2aa1a50ab7894b8ca472f9311381cf3bbd1adf6bb87324fcdea8f12fb9ad4f203d9619097d037bde3eaffb4383dd3298e8a8e5e56d6cbe1c205b033c3f2d3886f0cdc49cc64b1d05fd0d022495d3207c9d779be701b48b161af5ded65d428163b74d9b1de3b97bbc0a3c4df476aa80738e37aa242bd939b17073e83c5e0cd2cb24b6da0b58416153cac642c6136c47e3838f4e28bc46ea44e6460b336ed543f5c57daa47447295858ca8cf43b6832f301b6e852adc7a653260c6427fc388e41a8891b71a53f761a402e0362eb999855a15cbbdc3c443757138a8785798980cae3b108d569a18c355c260dafacc0f0946d3334f334fc4abfc53bd7a27f7346a44c8f31fe05c05becb7bd30ce2afbee7a11748e5e18aa3dd68a715019fd64d53ca9fbec2a3b8cf4a6b4c86d8b1a36c7d803f9f59b1686d195ed8647ca1b510c402989ce85a1cc59963e3d299ea74dc24b08601572825868aaa599f05f6114223fedcf1dcd1f8d7bad26ba63b9cb4fdcf4e7141dd8882def36d14435806fe6c2778283795577e2afd4edf4dc633aee1589a15585b15be0f6a45824c1f1a10cbab0cae8b8c23ef7bbdc49b760343f7854b1b10b1e47db43021ac782015639ca38a8a1f64fc8a8341ad29669f773a42e0f5910c2a0cd380eff65cbf264f5c9b10387c929e4bfc54ed4d06ba544e1654f2a773e81abb09765453dbf2a4e7508d1b3e5198de6bd7a53ff5e7b30ecdd064ada09efa033a9f906c78c920923e9dc1ac5b41f067d808aaed25831a31b55e74c27099ddceccf124ed420119ee6efe8388553aed482a72c965d9f87e88e94a7626571b4ae42d28d59138a18f82e28833a3c84f522c0c0fb270122e1c53d11977e17de019bc5c94441dd4987a5dd6f549041d0de58a4a5a8bfebc311d0f87dbe431040f200d1c03c33c461daae3890560e7674967d9f42160dc1567528571b5ee3048488349738ed87b91d8b97a4d608579e80269abcec8362fec2be8c6158b0e1d1719c2c9892764bdf21e9c4edcd64715ab1947e6366415e143c12301ec63c9e3f3bb0ce1c707423e32344dc688bdec98e76df19261007c0cd9df84c2e89ed4bc4c59c01d0948510b7156adf68e905949c7282fb11e8d97f1117ba957c0f7364707700dad2a9d4b205e5d2b92884df78071aba96a256709e8420461f4e93b0d8cce296d3d7c793675622cb5f9b0e17ee16a1f0f69c5892d935cb4759c6491471b44df98370d96b28fd9ba431ef2a766cbab1c9edc5f14638e89201f520e7961c7845dad3e3bb3c8a55c949699b13deca8339dac086839c95d9f2aef43cefde28597ed4abf0219a8ea866f06587c82f7112f24395f1b6c66924dfd7ff416025e55c85944463351a6299d016f40cc14f73595405057200752610cd26b63828bb7a0afc071a3fbf4747f27c60e421cfd2e74f0a1479804b7830002cdab51097f4237b3f71ed50f16309db95200992585425e476bbebda88c89ff34d8f62531d0714edad3533c849e7c8e4ed0a1f9b45c086fc4990e59aa7e8a992719b279a9dd3f9ef459c565749cbb5cc334a9494477564bde6708d91422b82c5c163b83ca158e1f7f6522490955f6a65d7d46b339263ea25d3446703fb883d813f3ebf97d6669d66589eb6bce8402a68fa30f8e509101b60171a5d7b00519a19ddb1d7fe4286343c47d81d9313dca02fe2facd1cc02a0aad4e91956ceb58abb19a3c2d871f46374f249e096f45f893a2bc85a55ea5f067c63ade48fa0bf4f635bba11f71cb045fc44b64e6d5be444987eb6b6f569e3721ee9179a65c55bd089e67a4b7ff70a2d76bd74ebba27dc3314d9bb48f8b28ff82a3a1ca3ec9d46461dc9a118162534a25977093547e40c4a7b1dd126d2fc79e61c6722b989a1997fc04f71d18e5d7d3ffb2ad07ad661edbdbcce74df3a369675270ce5eb2765f0a8953c47f791e71834a2a59e851121662d2a820a0dc914235e5648af1640d7a047072107d507ab706d45136ae2710d8bd8e2353e85734774e7da820ff410d2d86c45aaf197f8c95d1dd0df6faf2251e77a7cce53d4ce61630ace62d4e747635fd126b774cb1063141de5896d2127ed814563755dc1b47fd8c00f91912540aa58ee135b4b1a68ce4b278ad910eb20436865abf8f254c3340859799af0bfb7a62541e3c26dfa84f34b680a0c33d79d7f6d4657f8edd2c801ee1c5d9bf6d306268d6f811158b05efa10e5c1847f62d73d4470e31e39e1e42a1c69379ac861554f366d574e8934a95db31996ddd9c5b57d1518a7865db4ee8b8bf12f9d72697f8de4edbf8a79c5e9b978ce291e2abbfa3e968d62e73de11c1629777c0e635b2d9eaa65620279303f9a857139299beb9bdf532e95d8c2018964b3df32df21c48cf0982500fce8b82f518713dc34477468ac8e352f79533adb6f20a9fb37e849c3440a13d7930ad69ee4ef828933851ef09c5a052fa4fd270536a1b77b19d0dd61df7159585760563f1ae9ae25987dfcf4c5adfe7eb66ada6afacf0129fc7ee89c255c0a0386157238eb974b1ef71ccaf1f5702740136f3fc68694f53df4268aa65309285ffabbc544bc65630ea67c8cc866b0c79b496cad9abe018c486e690e03978ca7cc9d3030fe956f19aeeee835bd3a93cfeb0d047e9d8cd0d202ad783f8a114d9fff21d2ddacf8b902afa3892d905cc0f8c77bd2727879b2a30845c217584184b45703ff530751b983ee8543ab403ae9268333294c2cb881a1d95be3248d355f147e07aa515e06a4af0a025af82579ad54f374db22eec5c6ae1fc21f6fda585523717771e522f4a4c34e9abdf96a29723496e1a0d4eac24246ca3949c6f590e36227377905d276a4e7cae6fb41ebecb8538f96ddd49eb302c430358c8ececc31f2a86f4d62a4c817a0e198aca13983a0d9d8565be4d39bf665aef3de632e50c797deb4df7fa2dba4797eaa154d7727986d9dbcbc6f441c7d74f59fccbd372055c322e763d57ce6e58c65595989516bfc389fbef2f36406efe9b39fada0dce27b779259088871e9f5dade368416bef857a598ecf39ade9b14169ea57790531ecc410a202c316c885e732887a899549db167d390e5e47d24baf01db7e799fa77a740740c68d2a9dfd1177fb32199a2a34e069adcbc98ddeaf8d44c7c6cd98509676cdf6d3ac5dc6793efcd497d1aad71e5b70bae598dfc4b6b20d1b2f6ea97158fd4371011df6e70347b706624e5a549bf793aea3903698556d6c6ecaa88318312b84f774e0c2525c6def878aaf43b5d01616cfcaa29d2c47113d7c9e16fe64497776ce22dfac8c31e7f993411ceff8956f63bdcdce5b643921f934f88762de981f0c4fd13fb8a2dcba30d739bc082e51fd37a8dc1cecf4be80f88e442f6aeae75ffbeb5302adffc520ee0cf6a9e954c09bb8b0198ce0f05de32ce05c12b69c820b79f53b1385744ff22bd1a3240f604e5678b76cdc7f06e15a7e29196ab30e1447d0503c0e379ed3d69df06eca4d38e47934e798b055f7ab1d3c4f7f2abaaf0424d276db9689096eda777d6aafd3546012fe8b2dfb23e8e0b9b358f60d65b31253dbb0a0160dfb5cf5aa6145d3625803c1208605c3d97f0110ed7538bb21a045d3e81e43b970a0d3560d920e4cf02ded8052d2b993dd1ecd4e6a117e7854c908173d9dde2cc1e7788c0ae94c34c9958782e590db618bc0b09e8b9e2fa075fe3eb7d2eb5e1ae5b5b2b5c058f907363e63d1087a1d2b1ae8cf1fcd899016a8db3d7c743c8f06596e7ecc9a734867c794e874e56199a03c6d5620101be3299ef5ce4e8706a813aaab37f5ddde45338520136be745bc3f654d4b8f4c289d76a604bc8084eef4b49add6fa7a013c1ae8172c1ae43bf7f625ea69d6f1088da6c8864e05daed5601fcee5454900a490db1a40295db391b079804a4ad8b4def66fe1b01880c4f14e44c3b9d023323de28b5730c99f9cda0ee7f8499a6ec118eae58aeccc1b11f7033051d690790c1f8ed2d55680af81b3d7c188203e182dd46f96ad8694bb87268f075a564dca22f1e3195f632488c22336bdf188a975972a47f5a62282db03e6bec2588f187794edec89f501f5d266767b94b34b132f149af17c2f6759f8c87d6aef7d7756bea75828e3cc88e1543c4edf1c22a08fac39389a46cc011c6f431831462c7e455fb35138d3222455320c44c4f387e3cd312ac655b8022d3f1fabc88574d242078c5685d4a5a4f801f429510bd1a9595e5825f4332c9968d2cd89a6b22d5223d77b7c0722c3b15900a90dc85251002cd872395cb747679c4b9342eeb535fdd03c76ba680305d02016913821ddcd4ba5145e5c5b98a5997b88a9ffc8e84686cc20286f3fe3281e6f6600f2aaa769380cf3dcc88b3a4971d97b63265d5a60daf70ab595887432fb0da98336a511a2f04b000123190f58dc71c70039624934a94e7e43e6ed0dba4db9e3b36109aa984159aff5ecdda90e2a3ae5ede0ba2ffc35969120b112d7f19a1ce7bccb821137fe4ac5b0d015d07dbcd4901ee21a6ba1039b2c8a95857d63dc5383f2001e89cd06ed0cd0ede2f1aed150ec281d6a6fbab93a999d9a13dd8be675fe4799c8e3906da151d505f69c8d70e2748620a86755402815f8cb7e5bfac181edc82f2346fe9ab843e7875f30b1b98f9787bfb5dc0cfc4812a6407e804c778af832e90f2e1a83495f889f47eea91a8ca0ab802ce6789aab4cc4621e0a1a285b19dc596f2b36fd243b30b1399c6b9d0ecd04d652ba765e7d45f47159665489ab373ef4d6d6daab25dfcf849be86", 0x1000)
tee(r3, r0, 0xd3, 0x1)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000001240)={{0x1, 0x1, 0x18, <r7=>r0, {0xff}}, './file0\x00'})
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000012c0), r4)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r7, &(0x7f0000001380)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001340)={&(0x7f0000001300)={0x28, r8, 0x800, 0x70bd2d, 0x25dfdbfd, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, ["", ""]}, 0x28}}, 0x0)
r9 = signalfd(r2, &(0x7f00000013c0)={[0xff]}, 0x8)
fsmount(r9, 0x0, 0x11)
ioctl$AUTOFS_DEV_IOCTL_READY(r9, 0xc0189376, &(0x7f0000001400)={{0x1, 0x1, 0x18, r3, {0x1f}}, './file0\x00'})
dup(0xffffffffffffffff)

[   96.787954] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.792626] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.796284] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.801531] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.803494] ==================================================================
[   96.804736] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0
[   96.805908] Read of size 2 at addr ffff88800a21cdf8 by task kworker/u11:1/290
[   96.808230] 
[   96.811942] CPU: 1 UID: 0 PID: 290 Comm: kworker/u11:1 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) 
[   96.811977] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   96.811993] Workqueue: hci0 hci_cmd_work
[   96.812028] Call Trace:
[   96.812037]  <TASK>
[   96.812046]  dump_stack_lvl+0xca/0x120
[   96.812079]  print_report+0xcb/0x610
[   96.812112]  ? __virt_addr_valid+0x100/0x5d0
[   96.812141]  ? hci_cmd_work+0x66d/0x6d0
[   96.812172]  ? hci_cmd_work+0x66d/0x6d0
[   96.812204]  kasan_report+0xca/0x100
[   96.812235]  ? hci_cmd_work+0x66d/0x6d0
[   96.812271]  hci_cmd_work+0x66d/0x6d0
[   96.812304]  process_one_work+0x8e1/0x19c0
[   96.812346]  ? __pfx_process_one_work+0x10/0x10
[   96.812381]  ? move_linked_works+0x172/0x270
[   96.812410]  ? assign_work+0x196/0x240
[   96.812445]  worker_thread+0x67e/0xe90
[   96.812480]  ? trace_irq_enable.constprop.0+0xc2/0x100
[   96.812511]  ? __pfx_worker_thread+0x10/0x10
[   96.812546]  kthread+0x3c8/0x740
[   96.812578]  ? __pfx_kthread+0x10/0x10
[   96.812609]  ? ret_from_fork+0x79/0x7a0
[   96.812634]  ? lock_release+0xc8/0x290
[   96.812672]  ? __pfx_kthread+0x10/0x10
[   96.812704]  ret_from_fork+0x67a/0x7a0
[   96.812729]  ? __pfx_ret_from_fork+0x10/0x10
[   96.812755]  ? __switch_to+0x759/0x1060
[   96.812789]  ? __pfx_kthread+0x10/0x10
[   96.812821]  ret_from_fork_asm+0x1a/0x30
[   96.812862]  </TASK>
[   96.812871] 
[   96.835532] Allocated by task 289:
[   96.836134]  kasan_save_stack+0x24/0x50
[   96.836818]  kasan_save_track+0x14/0x30
[   96.837504]  __kasan_slab_alloc+0x59/0x70
[   96.838212]  kmem_cache_alloc_node_noprof+0x228/0x6b0
[   96.839347]  __alloc_skb+0x2ab/0x370
[   96.840200]  hci_cmd_sync_alloc+0x34/0x300
[   96.841173]  __hci_cmd_sync_sk+0xf7/0x5c0
[   96.842113]  hci_read_local_name_sync+0x2c/0x170
[   96.843170]  hci_dev_open_sync+0x1874/0x1f60
[   96.844169]  hci_power_on+0xdb/0x5d0
[   96.845015]  process_one_work+0x8e1/0x19c0
[   96.845965]  worker_thread+0x67e/0xe90
[   96.846870]  kthread+0x3c8/0x740
[   96.847647]  ret_from_fork+0x67a/0x7a0
[   96.848512]  ret_from_fork_asm+0x1a/0x30
[   96.849273] 
[   96.849609] Freed by task 291:
[   96.850163]  kasan_save_stack+0x24/0x50
[   96.851023]  kasan_save_track+0x14/0x30
[   96.851804]  kasan_save_free_info+0x3a/0x60
[   96.852595]  __kasan_slab_free+0x43/0x70
[   96.853301]  kmem_cache_free+0x26f/0x500
[   96.854020]  kfree_skbmem+0x18a/0x1f0
[   96.854692]  sk_skb_reason_drop+0x10e/0x1b0
[   96.855426]  vhci_read+0x3d5/0x5d0
[   96.856043]  vfs_read+0x1eb/0xc70
[   96.856649]  ksys_read+0x121/0x240
[   96.857257]  do_syscall_64+0xbf/0x430
[   96.857920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.858801] 
[   96.859097] The buggy address belongs to the object at ffff88800a21cdc0
[   96.859097]  which belongs to the cache skbuff_head_cache of size 232
[   96.860958] The buggy address is located 56 bytes inside of
[   96.860958]  freed 232-byte region [ffff88800a21cdc0, ffff88800a21cea8)
[   96.862650] 
[   96.862900] The buggy address belongs to the physical page:
[   96.863687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa21c
[   96.864784] memcg:ffff88800ddccc01
[   96.865288] anon flags: 0x100000000000000(node=0|zone=1)
[   96.866049] page_type: f5(slab)
[   96.866528] raw: 0100000000000000 ffff8880096c78c0 ffffea0000288180 0000000000000007
[   96.867616] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff88800ddccc01
[   96.868686] page dumped because: kasan: bad access detected
[   96.869469] 
[   96.869719] Memory state around the buggy address:
[   96.870402]  ffff88800a21cc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   96.871422]  ffff88800a21cd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[   96.872432] >ffff88800a21cd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   96.873441]                                                                 ^
[   96.874438]  ffff88800a21ce00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   96.875456]  ffff88800a21ce80: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   96.876465] ==================================================================
[   96.877679] Disabling lock debugging due to kernel taint
[   96.881703] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.887851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   96.894890] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   96.896532] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   96.903206] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   96.904845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   96.906608] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   96.912038] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   96.913636] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   96.923830] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   96.929030] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   96.930457] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   96.933821] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   96.935530] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   96.937625] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   96.939602] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   96.970585] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   96.979090] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   96.986156] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   96.987491] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   97.000844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   97.007970] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   97.009163] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   97.010337] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   97.011927] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   97.018405] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   97.018782] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   97.022365] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   97.024301] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   97.030006] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   97.031901] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   97.032108] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   97.033348] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   97.038719] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   97.057134] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   97.058464] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   98.948848] Bluetooth: hci2: command tx timeout
[   98.948874] Bluetooth: hci1: command tx timeout
[   98.949591] Bluetooth: hci0: command tx timeout
[   99.012862] Bluetooth: hci3: command tx timeout
[   99.075812] Bluetooth: hci5: command tx timeout
[   99.139852] Bluetooth: hci4: command tx timeout
[   99.139966] Bluetooth: hci6: command tx timeout
[   99.140489] Bluetooth: hci7: command tx timeout
[  100.995849] Bluetooth: hci1: command tx timeout
[  100.995872] Bluetooth: hci2: command tx timeout
[  100.996590] Bluetooth: hci0: command tx timeout
[  101.059821] Bluetooth: hci3: command tx timeout
[  101.125964] Bluetooth: hci5: command tx timeout
[  101.187918] Bluetooth: hci7: command tx timeout
[  101.188889] Bluetooth: hci6: command tx timeout
[  101.189577] Bluetooth: hci4: command tx timeout
[  103.043861] Bluetooth: hci2: command tx timeout
[  103.044015] Bluetooth: hci1: command tx timeout
[  103.044611] Bluetooth: hci0: command tx timeout
[  103.108940] Bluetooth: hci3: command tx timeout
[  103.173805] Bluetooth: hci5: command tx timeout
[  103.235815] Bluetooth: hci4: command tx timeout
[  103.235886] Bluetooth: hci6: command tx timeout
[  103.236547] Bluetooth: hci7: command tx timeout
[  105.091987] Bluetooth: hci1: command tx timeout
[  105.092429] Bluetooth: hci2: command tx timeout
[  105.092483] Bluetooth: hci0: command tx timeout
[  105.156893] Bluetooth: hci3: command tx timeout
[  105.221007] Bluetooth: hci5: command tx timeout
[  105.285771] Bluetooth: hci7: command tx timeout
[  105.286211] Bluetooth: hci6: command tx timeout
[  105.286562] Bluetooth: hci4: command tx timeout

VM DIAGNOSIS:
03:14:01  Registers:
info registers vcpu 0
RAX=ffffffff81b8cf2b RBX=ffffffff8161a250 RCX=ffff888016fef944 RDX=1ffff11002dfdf49
RSI=ffffffff81b8cf2b RDI=ffff888016fefab8 RBP=ffff888016fefa88 RSP=ffff888016fef9e8
R8 =0000000000000001 R9 =ffff888016fefa30 R10=000000000003ca6e R11=000000000003f8a2
R12=ffff888016fefab8 R13=0000000000000000 R14=ffff88801c0fd340 R15=ffff88800945d280
RIP=ffffffff8161a254 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007ff7d229f8c0 00000000 00000000
GS =0000 ffff8880e538f000 00000000 00000000
LDT=0000 fffffe4900000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000562b574017d8 CR3=000000000e4d0000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f
XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=696e656420737365636341002f737973
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff8293dd05 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff88801c1bf5f8
R8 =00000000ffffffff R9 =ffffed1003837eb5 R10=0000000000000000 R11=000000003a555043
R12=0000000000000000 R13=ffffffff889747d0 R14=ffffffff88974780 R15=ffffffff88974a40
RIP=ffffffff8293dd5d RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e548f000 00000000 00000000
LDT=0000 fffffe2c00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f103e861070 CR3=000000000e389000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f103e9247c000007f103e9247c8
XMM02=00007f103e9247e000007f103e9247c0 XMM03=00007f103e9247c800007f103e9247c0
XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000