Warning: Permanently added '[localhost]:31622' (ECDSA) to the list of known hosts. 2025/11/14 08:27:09 fuzzer started 2025/11/14 08:27:09 dialing manager at localhost:37161 syzkaller login: [ 53.228616] cgroup: Unknown subsys name 'net' [ 53.293325] cgroup: Unknown subsys name 'cpuset' [ 53.307699] cgroup: Unknown subsys name 'rlimit' 2025/11/14 08:27:22 syscalls: 2214 2025/11/14 08:27:22 code coverage: enabled 2025/11/14 08:27:22 comparison tracing: enabled 2025/11/14 08:27:22 extra coverage: enabled 2025/11/14 08:27:22 setuid sandbox: enabled 2025/11/14 08:27:22 namespace sandbox: enabled 2025/11/14 08:27:22 Android sandbox: enabled 2025/11/14 08:27:22 fault injection: enabled 2025/11/14 08:27:22 leak checking: enabled 2025/11/14 08:27:22 net packet injection: enabled 2025/11/14 08:27:22 net device setup: enabled 2025/11/14 08:27:22 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/11/14 08:27:22 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/11/14 08:27:22 USB emulation: enabled 2025/11/14 08:27:22 hci packet injection: enabled 2025/11/14 08:27:22 wifi device emulation: enabled 2025/11/14 08:27:22 802.15.4 emulation: enabled 2025/11/14 08:27:22 fetching corpus: 0, signal 0/2000 (executing program) 2025/11/14 08:27:22 fetching corpus: 49, signal 21312/24942 (executing program) 2025/11/14 08:27:22 fetching corpus: 99, signal 29860/35090 (executing program) 2025/11/14 08:27:22 fetching corpus: 149, signal 37846/44564 (executing program) 2025/11/14 08:27:22 fetching corpus: 199, signal 45852/53860 (executing program) 2025/11/14 08:27:22 fetching corpus: 249, signal 52842/62046 (executing program) 2025/11/14 08:27:22 fetching corpus: 299, signal 55793/66329 (executing program) 2025/11/14 08:27:23 fetching corpus: 349, signal 60416/72143 (executing program) 2025/11/14 08:27:23 fetching corpus: 398, signal 64709/77533 (executing program) 2025/11/14 08:27:23 fetching corpus: 447, signal 68011/81951 (executing program) 2025/11/14 08:27:23 fetching corpus: 497, signal 73083/87888 (executing program) 2025/11/14 08:27:23 fetching corpus: 546, signal 75502/91355 (executing program) 2025/11/14 08:27:23 fetching corpus: 596, signal 77814/94755 (executing program) 2025/11/14 08:27:23 fetching corpus: 646, signal 80809/98670 (executing program) 2025/11/14 08:27:23 fetching corpus: 696, signal 83088/101922 (executing program) 2025/11/14 08:27:23 fetching corpus: 746, signal 84935/104728 (executing program) 2025/11/14 08:27:23 fetching corpus: 796, signal 86199/107072 (executing program) 2025/11/14 08:27:23 fetching corpus: 846, signal 88441/110192 (executing program) 2025/11/14 08:27:23 fetching corpus: 896, signal 92046/114367 (executing program) 2025/11/14 08:27:24 fetching corpus: 946, signal 94272/117425 (executing program) 2025/11/14 08:27:24 fetching corpus: 996, signal 96774/120604 (executing program) 2025/11/14 08:27:24 fetching corpus: 1046, signal 99100/123592 (executing program) 2025/11/14 08:27:24 fetching corpus: 1096, signal 100706/125999 (executing program) 2025/11/14 08:27:24 fetching corpus: 1146, signal 102817/128785 (executing program) 2025/11/14 08:27:24 fetching corpus: 1196, signal 103996/130733 (executing program) 2025/11/14 08:27:24 fetching corpus: 1246, signal 105605/132993 (executing program) 2025/11/14 08:27:24 fetching corpus: 1296, signal 107208/135246 (executing program) 2025/11/14 08:27:24 fetching corpus: 1346, signal 108449/137190 (executing program) 2025/11/14 08:27:24 fetching corpus: 1396, signal 109251/138847 (executing program) 2025/11/14 08:27:25 fetching corpus: 1446, signal 110434/140744 (executing program) 2025/11/14 08:27:25 fetching corpus: 1495, signal 111750/142686 (executing program) 2025/11/14 08:27:25 fetching corpus: 1545, signal 114363/145542 (executing program) 2025/11/14 08:27:25 fetching corpus: 1595, signal 115581/147390 (executing program) 2025/11/14 08:27:25 fetching corpus: 1645, signal 117462/149665 (executing program) 2025/11/14 08:27:25 fetching corpus: 1695, signal 120696/152836 (executing program) 2025/11/14 08:27:25 fetching corpus: 1745, signal 121918/154559 (executing program) 2025/11/14 08:27:25 fetching corpus: 1795, signal 122703/156013 (executing program) 2025/11/14 08:27:25 fetching corpus: 1845, signal 123867/157627 (executing program) 2025/11/14 08:27:25 fetching corpus: 1895, signal 125050/159276 (executing program) 2025/11/14 08:27:26 fetching corpus: 1945, signal 126002/160791 (executing program) 2025/11/14 08:27:26 fetching corpus: 1994, signal 127615/162713 (executing program) 2025/11/14 08:27:26 fetching corpus: 2043, signal 128532/164175 (executing program) 2025/11/14 08:27:26 fetching corpus: 2093, signal 129584/165672 (executing program) 2025/11/14 08:27:26 fetching corpus: 2143, signal 130398/166989 (executing program) 2025/11/14 08:27:26 fetching corpus: 2193, signal 131367/168386 (executing program) 2025/11/14 08:27:26 fetching corpus: 2243, signal 132184/169688 (executing program) 2025/11/14 08:27:26 fetching corpus: 2293, signal 133186/171092 (executing program) 2025/11/14 08:27:26 fetching corpus: 2343, signal 134167/172449 (executing program) 2025/11/14 08:27:26 fetching corpus: 2393, signal 134825/173568 (executing program) 2025/11/14 08:27:26 fetching corpus: 2441, signal 135826/174911 (executing program) 2025/11/14 08:27:27 fetching corpus: 2491, signal 137150/176387 (executing program) 2025/11/14 08:27:27 fetching corpus: 2540, signal 137903/177560 (executing program) 2025/11/14 08:27:27 fetching corpus: 2590, signal 139228/179033 (executing program) 2025/11/14 08:27:27 fetching corpus: 2640, signal 140186/180230 (executing program) 2025/11/14 08:27:27 fetching corpus: 2690, signal 140793/181294 (executing program) 2025/11/14 08:27:27 fetching corpus: 2740, signal 141637/182409 (executing program) 2025/11/14 08:27:27 fetching corpus: 2790, signal 142396/183524 (executing program) 2025/11/14 08:27:27 fetching corpus: 2840, signal 143357/184776 (executing program) 2025/11/14 08:27:27 fetching corpus: 2890, signal 143877/185768 (executing program) 2025/11/14 08:27:27 fetching corpus: 2940, signal 144644/186824 (executing program) 2025/11/14 08:27:27 fetching corpus: 2990, signal 145701/187994 (executing program) 2025/11/14 08:27:28 fetching corpus: 3040, signal 146496/189049 (executing program) 2025/11/14 08:27:28 fetching corpus: 3090, signal 147302/190098 (executing program) 2025/11/14 08:27:28 fetching corpus: 3140, signal 147933/191085 (executing program) 2025/11/14 08:27:28 fetching corpus: 3190, signal 148564/192054 (executing program) 2025/11/14 08:27:28 fetching corpus: 3239, signal 149070/192912 (executing program) 2025/11/14 08:27:28 fetching corpus: 3289, signal 149614/193770 (executing program) 2025/11/14 08:27:28 fetching corpus: 3339, signal 150252/194727 (executing program) 2025/11/14 08:27:28 fetching corpus: 3388, signal 150880/195616 (executing program) 2025/11/14 08:27:28 fetching corpus: 3438, signal 151583/196462 (executing program) 2025/11/14 08:27:28 fetching corpus: 3488, signal 152300/197373 (executing program) 2025/11/14 08:27:28 fetching corpus: 3538, signal 152966/198230 (executing program) 2025/11/14 08:27:29 fetching corpus: 3587, signal 153803/199165 (executing program) 2025/11/14 08:27:29 fetching corpus: 3634, signal 154329/199957 (executing program) 2025/11/14 08:27:29 fetching corpus: 3684, signal 154919/200737 (executing program) 2025/11/14 08:27:29 fetching corpus: 3733, signal 155545/201562 (executing program) 2025/11/14 08:27:29 fetching corpus: 3782, signal 156048/202340 (executing program) 2025/11/14 08:27:29 fetching corpus: 3832, signal 158621/203738 (executing program) 2025/11/14 08:27:29 fetching corpus: 3880, signal 159206/204544 (executing program) 2025/11/14 08:27:29 fetching corpus: 3930, signal 159967/205324 (executing program) 2025/11/14 08:27:29 fetching corpus: 3980, signal 160369/205986 (executing program) 2025/11/14 08:27:29 fetching corpus: 4029, signal 161022/206740 (executing program) 2025/11/14 08:27:29 fetching corpus: 4079, signal 162068/207615 (executing program) 2025/11/14 08:27:30 fetching corpus: 4127, signal 162547/208271 (executing program) 2025/11/14 08:27:30 fetching corpus: 4177, signal 163022/208956 (executing program) 2025/11/14 08:27:30 fetching corpus: 4227, signal 163718/209623 (executing program) 2025/11/14 08:27:30 fetching corpus: 4277, signal 164113/210239 (executing program) 2025/11/14 08:27:30 fetching corpus: 4327, signal 165064/210958 (executing program) 2025/11/14 08:27:30 fetching corpus: 4377, signal 165449/211589 (executing program) 2025/11/14 08:27:30 fetching corpus: 4427, signal 166414/212303 (executing program) 2025/11/14 08:27:30 fetching corpus: 4476, signal 167000/212910 (executing program) 2025/11/14 08:27:30 fetching corpus: 4526, signal 167393/213465 (executing program) 2025/11/14 08:27:30 fetching corpus: 4575, signal 168012/214064 (executing program) 2025/11/14 08:27:30 fetching corpus: 4625, signal 168499/214628 (executing program) 2025/11/14 08:27:31 fetching corpus: 4675, signal 169102/215249 (executing program) 2025/11/14 08:27:31 fetching corpus: 4724, signal 169668/215812 (executing program) 2025/11/14 08:27:31 fetching corpus: 4774, signal 170190/216370 (executing program) 2025/11/14 08:27:31 fetching corpus: 4823, signal 170852/216956 (executing program) 2025/11/14 08:27:31 fetching corpus: 4872, signal 171245/217475 (executing program) 2025/11/14 08:27:31 fetching corpus: 4921, signal 171723/218008 (executing program) 2025/11/14 08:27:31 fetching corpus: 4970, signal 172211/218547 (executing program) 2025/11/14 08:27:31 fetching corpus: 5020, signal 172686/219033 (executing program) 2025/11/14 08:27:31 fetching corpus: 5070, signal 173012/219535 (executing program) 2025/11/14 08:27:31 fetching corpus: 5120, signal 173468/220013 (executing program) 2025/11/14 08:27:31 fetching corpus: 5170, signal 174015/220513 (executing program) 2025/11/14 08:27:32 fetching corpus: 5219, signal 174322/221003 (executing program) 2025/11/14 08:27:32 fetching corpus: 5267, signal 174586/221485 (executing program) 2025/11/14 08:27:32 fetching corpus: 5317, signal 175045/221954 (executing program) 2025/11/14 08:27:32 fetching corpus: 5367, signal 175561/222374 (executing program) 2025/11/14 08:27:32 fetching corpus: 5417, signal 176017/222791 (executing program) 2025/11/14 08:27:32 fetching corpus: 5467, signal 176407/223231 (executing program) 2025/11/14 08:27:32 fetching corpus: 5517, signal 176743/223510 (executing program) 2025/11/14 08:27:32 fetching corpus: 5567, signal 177116/223510 (executing program) 2025/11/14 08:27:32 fetching corpus: 5617, signal 177477/223510 (executing program) 2025/11/14 08:27:32 fetching corpus: 5667, signal 177888/223510 (executing program) 2025/11/14 08:27:32 fetching corpus: 5717, signal 178148/223510 (executing program) 2025/11/14 08:27:33 fetching corpus: 5767, signal 178532/223510 (executing program) 2025/11/14 08:27:33 fetching corpus: 5817, signal 178931/223510 (executing program) 2025/11/14 08:27:33 fetching corpus: 5867, signal 179252/223512 (executing program) 2025/11/14 08:27:33 fetching corpus: 5917, signal 179706/223512 (executing program) 2025/11/14 08:27:33 fetching corpus: 5967, signal 180160/223512 (executing program) 2025/11/14 08:27:33 fetching corpus: 6016, signal 180473/223512 (executing program) 2025/11/14 08:27:33 fetching corpus: 6066, signal 180908/223512 (executing program) 2025/11/14 08:27:33 fetching corpus: 6116, signal 181422/223512 (executing program) 2025/11/14 08:27:33 fetching corpus: 6166, signal 181746/223512 (executing program) 2025/11/14 08:27:33 fetching corpus: 6216, signal 182871/223512 (executing program) 2025/11/14 08:27:33 fetching corpus: 6266, signal 183410/223512 (executing program) 2025/11/14 08:27:34 fetching corpus: 6316, signal 183732/223512 (executing program) 2025/11/14 08:27:34 fetching corpus: 6366, signal 184139/223512 (executing program) 2025/11/14 08:27:34 fetching corpus: 6416, signal 184515/223517 (executing program) 2025/11/14 08:27:34 fetching corpus: 6466, signal 184867/223517 (executing program) 2025/11/14 08:27:34 fetching corpus: 6516, signal 185117/223517 (executing program) 2025/11/14 08:27:34 fetching corpus: 6566, signal 185446/223517 (executing program) 2025/11/14 08:27:34 fetching corpus: 6616, signal 185864/223517 (executing program) 2025/11/14 08:27:34 fetching corpus: 6665, signal 186260/223517 (executing program) 2025/11/14 08:27:34 fetching corpus: 6715, signal 186602/223517 (executing program) 2025/11/14 08:27:34 fetching corpus: 6765, signal 186936/223517 (executing program) 2025/11/14 08:27:34 fetching corpus: 6815, signal 187264/223517 (executing program) 2025/11/14 08:27:35 fetching corpus: 6865, signal 187617/223520 (executing program) 2025/11/14 08:27:35 fetching corpus: 6915, signal 187892/223520 (executing program) 2025/11/14 08:27:35 fetching corpus: 6965, signal 188225/223520 (executing program) 2025/11/14 08:27:35 fetching corpus: 7014, signal 188609/223529 (executing program) 2025/11/14 08:27:35 fetching corpus: 7064, signal 188975/223529 (executing program) 2025/11/14 08:27:35 fetching corpus: 7114, signal 189310/223529 (executing program) 2025/11/14 08:27:35 fetching corpus: 7164, signal 189778/223529 (executing program) 2025/11/14 08:27:35 fetching corpus: 7214, signal 190102/223529 (executing program) 2025/11/14 08:27:35 fetching corpus: 7264, signal 190594/223529 (executing program) 2025/11/14 08:27:35 fetching corpus: 7313, signal 190849/223529 (executing program) 2025/11/14 08:27:36 fetching corpus: 7363, signal 191128/223529 (executing program) 2025/11/14 08:27:36 fetching corpus: 7412, signal 191416/223529 (executing program) 2025/11/14 08:27:36 fetching corpus: 7462, signal 191650/223531 (executing program) 2025/11/14 08:27:36 fetching corpus: 7512, signal 191954/223531 (executing program) 2025/11/14 08:27:36 fetching corpus: 7562, signal 192234/223531 (executing program) 2025/11/14 08:27:36 fetching corpus: 7612, signal 192480/223531 (executing program) 2025/11/14 08:27:36 fetching corpus: 7661, signal 192986/223531 (executing program) 2025/11/14 08:27:36 fetching corpus: 7711, signal 193623/223533 (executing program) 2025/11/14 08:27:36 fetching corpus: 7759, signal 193898/223533 (executing program) 2025/11/14 08:27:36 fetching corpus: 7809, signal 194176/223533 (executing program) 2025/11/14 08:27:36 fetching corpus: 7858, signal 194606/223534 (executing program) 2025/11/14 08:27:36 fetching corpus: 7908, signal 195052/223534 (executing program) 2025/11/14 08:27:36 fetching corpus: 7958, signal 195337/223534 (executing program) 2025/11/14 08:27:37 fetching corpus: 8008, signal 195638/223534 (executing program) 2025/11/14 08:27:37 fetching corpus: 8058, signal 196101/223534 (executing program) 2025/11/14 08:27:37 fetching corpus: 8108, signal 196394/223534 (executing program) 2025/11/14 08:27:37 fetching corpus: 8158, signal 196763/223534 (executing program) 2025/11/14 08:27:37 fetching corpus: 8208, signal 197840/223534 (executing program) 2025/11/14 08:27:37 fetching corpus: 8257, signal 198094/223548 (executing program) 2025/11/14 08:27:37 fetching corpus: 8307, signal 198419/223548 (executing program) 2025/11/14 08:27:37 fetching corpus: 8357, signal 198755/223548 (executing program) 2025/11/14 08:27:37 fetching corpus: 8407, signal 199053/223548 (executing program) 2025/11/14 08:27:37 fetching corpus: 8457, signal 199500/223548 (executing program) 2025/11/14 08:27:38 fetching corpus: 8507, signal 199934/223555 (executing program) 2025/11/14 08:27:38 fetching corpus: 8557, signal 200139/223555 (executing program) 2025/11/14 08:27:38 fetching corpus: 8606, signal 200428/223555 (executing program) 2025/11/14 08:27:38 fetching corpus: 8656, signal 200698/223555 (executing program) 2025/11/14 08:27:38 fetching corpus: 8706, signal 200888/223555 (executing program) 2025/11/14 08:27:38 fetching corpus: 8756, signal 201058/223555 (executing program) 2025/11/14 08:27:38 fetching corpus: 8806, signal 201268/223565 (executing program) 2025/11/14 08:27:38 fetching corpus: 8855, signal 201527/223565 (executing program) 2025/11/14 08:27:38 fetching corpus: 8905, signal 201883/223565 (executing program) 2025/11/14 08:27:38 fetching corpus: 8955, signal 202037/223565 (executing program) 2025/11/14 08:27:38 fetching corpus: 9005, signal 202249/223565 (executing program) 2025/11/14 08:27:38 fetching corpus: 9055, signal 202465/223565 (executing program) 2025/11/14 08:27:38 fetching corpus: 9105, signal 202668/223565 (executing program) 2025/11/14 08:27:39 fetching corpus: 9155, signal 202872/223565 (executing program) 2025/11/14 08:27:39 fetching corpus: 9204, signal 203313/223565 (executing program) 2025/11/14 08:27:39 fetching corpus: 9254, signal 203693/223565 (executing program) 2025/11/14 08:27:39 fetching corpus: 9304, signal 203906/223565 (executing program) 2025/11/14 08:27:39 fetching corpus: 9354, signal 204953/223565 (executing program) 2025/11/14 08:27:39 fetching corpus: 9403, signal 205160/223565 (executing program) 2025/11/14 08:27:39 fetching corpus: 9453, signal 205385/223565 (executing program) 2025/11/14 08:27:39 fetching corpus: 9502, signal 205646/223565 (executing program) 2025/11/14 08:27:39 fetching corpus: 9552, signal 205995/223565 (executing program) 2025/11/14 08:27:39 fetching corpus: 9601, signal 206219/223567 (executing program) 2025/11/14 08:27:39 fetching corpus: 9650, signal 206502/223567 (executing program) 2025/11/14 08:27:39 fetching corpus: 9700, signal 206790/223567 (executing program) 2025/11/14 08:27:40 fetching corpus: 9749, signal 207257/223567 (executing program) 2025/11/14 08:27:40 fetching corpus: 9799, signal 207461/223567 (executing program) 2025/11/14 08:27:40 fetching corpus: 9849, signal 207691/223567 (executing program) 2025/11/14 08:27:40 fetching corpus: 9899, signal 207896/223567 (executing program) 2025/11/14 08:27:40 fetching corpus: 9949, signal 208075/223567 (executing program) 2025/11/14 08:27:40 fetching corpus: 9998, signal 208324/223567 (executing program) 2025/11/14 08:27:40 fetching corpus: 10047, signal 208580/223571 (executing program) 2025/11/14 08:27:40 fetching corpus: 10097, signal 208717/223571 (executing program) 2025/11/14 08:27:40 fetching corpus: 10147, signal 208906/223571 (executing program) 2025/11/14 08:27:40 fetching corpus: 10193, signal 209309/223580 (executing program) 2025/11/14 08:27:40 fetching corpus: 10243, signal 209452/223580 (executing program) 2025/11/14 08:27:40 fetching corpus: 10293, signal 209715/223580 (executing program) 2025/11/14 08:27:41 fetching corpus: 10343, signal 209965/223580 (executing program) 2025/11/14 08:27:41 fetching corpus: 10393, signal 210152/223580 (executing program) 2025/11/14 08:27:41 fetching corpus: 10443, signal 210364/223580 (executing program) 2025/11/14 08:27:41 fetching corpus: 10492, signal 210599/223580 (executing program) 2025/11/14 08:27:41 fetching corpus: 10541, signal 210916/223580 (executing program) 2025/11/14 08:27:41 fetching corpus: 10591, signal 211118/223580 (executing program) 2025/11/14 08:27:41 fetching corpus: 10640, signal 211290/223580 (executing program) 2025/11/14 08:27:41 fetching corpus: 10689, signal 211559/223616 (executing program) 2025/11/14 08:27:41 fetching corpus: 10739, signal 211751/223616 (executing program) 2025/11/14 08:27:41 fetching corpus: 10786, signal 211971/223616 (executing program) 2025/11/14 08:27:41 fetching corpus: 10832, signal 212186/223639 (executing program) 2025/11/14 08:27:42 fetching corpus: 10882, signal 212481/223639 (executing program) 2025/11/14 08:27:42 fetching corpus: 10932, signal 212649/223639 (executing program) 2025/11/14 08:27:42 fetching corpus: 10982, signal 212881/223639 (executing program) 2025/11/14 08:27:42 fetching corpus: 11032, signal 213106/223639 (executing program) 2025/11/14 08:27:42 fetching corpus: 11082, signal 213323/223639 (executing program) 2025/11/14 08:27:42 fetching corpus: 11130, signal 213541/223639 (executing program) 2025/11/14 08:27:42 fetching corpus: 11179, signal 213879/223639 (executing program) 2025/11/14 08:27:42 fetching corpus: 11228, signal 214063/223647 (executing program) 2025/11/14 08:27:42 fetching corpus: 11275, signal 214276/223653 (executing program) 2025/11/14 08:27:42 fetching corpus: 11325, signal 214544/223653 (executing program) 2025/11/14 08:27:42 fetching corpus: 11374, signal 214790/223653 (executing program) 2025/11/14 08:27:42 fetching corpus: 11422, signal 214977/223659 (executing program) 2025/11/14 08:27:43 fetching corpus: 11472, signal 215182/223659 (executing program) 2025/11/14 08:27:43 fetching corpus: 11520, signal 215384/223665 (executing program) 2025/11/14 08:27:43 fetching corpus: 11569, signal 215648/223666 (executing program) 2025/11/14 08:27:43 fetching corpus: 11619, signal 215808/223666 (executing program) 2025/11/14 08:27:43 fetching corpus: 11669, signal 216268/223666 (executing program) 2025/11/14 08:27:43 fetching corpus: 11718, signal 216433/223666 (executing program) 2025/11/14 08:27:43 fetching corpus: 11767, signal 216604/223669 (executing program) 2025/11/14 08:27:43 fetching corpus: 11817, signal 216781/223669 (executing program) 2025/11/14 08:27:43 fetching corpus: 11867, signal 217058/223669 (executing program) 2025/11/14 08:27:43 fetching corpus: 11917, signal 217247/223669 (executing program) 2025/11/14 08:27:43 fetching corpus: 11967, signal 217437/223669 (executing program) 2025/11/14 08:27:43 fetching corpus: 12016, signal 217612/223669 (executing program) 2025/11/14 08:27:44 fetching corpus: 12066, signal 217830/223669 (executing program) 2025/11/14 08:27:44 fetching corpus: 12115, signal 218024/223669 (executing program) 2025/11/14 08:27:44 fetching corpus: 12165, signal 218206/223669 (executing program) 2025/11/14 08:27:44 fetching corpus: 12215, signal 218461/223669 (executing program) 2025/11/14 08:27:44 fetching corpus: 12264, signal 218679/223669 (executing program) 2025/11/14 08:27:44 fetching corpus: 12314, signal 218902/223669 (executing program) 2025/11/14 08:27:44 fetching corpus: 12364, signal 219108/223671 (executing program) 2025/11/14 08:27:44 fetching corpus: 12414, signal 219303/223673 (executing program) 2025/11/14 08:27:44 fetching corpus: 12464, signal 219527/223673 (executing program) 2025/11/14 08:27:44 fetching corpus: 12512, signal 219664/223676 (executing program) 2025/11/14 08:27:44 fetching corpus: 12562, signal 219883/223691 (executing program) 2025/11/14 08:27:45 fetching corpus: 12610, signal 220158/223691 (executing program) 2025/11/14 08:27:45 fetching corpus: 12659, signal 220349/223691 (executing program) 2025/11/14 08:27:45 fetching corpus: 12707, signal 220608/223691 (executing program) 2025/11/14 08:27:45 fetching corpus: 12755, signal 220819/223691 (executing program) 2025/11/14 08:27:45 fetching corpus: 12804, signal 221017/223701 (executing program) 2025/11/14 08:27:45 fetching corpus: 12854, signal 221176/223701 (executing program) 2025/11/14 08:27:45 fetching corpus: 12904, signal 221424/223701 (executing program) 2025/11/14 08:27:45 fetching corpus: 12954, signal 221626/223701 (executing program) 2025/11/14 08:27:45 fetching corpus: 13003, signal 221884/223709 (executing program) 2025/11/14 08:27:46 fetching corpus: 13053, signal 222090/223712 (executing program) 2025/11/14 08:27:46 fetching corpus: 13101, signal 222215/223712 (executing program) 2025/11/14 08:27:46 fetching corpus: 13150, signal 222377/223712 (executing program) 2025/11/14 08:27:46 fetching corpus: 13198, signal 222499/223724 (executing program) 2025/11/14 08:27:46 fetching corpus: 13248, signal 222719/223738 (executing program) 2025/11/14 08:27:46 fetching corpus: 13297, signal 222894/223738 (executing program) 2025/11/14 08:27:46 fetching corpus: 13308, signal 222929/223738 (executing program) 2025/11/14 08:27:46 fetching corpus: 13308, signal 222929/223738 (executing program) 2025/11/14 08:27:49 starting 8 fuzzer processes 08:27:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) getpeername(r0, 0x0, &(0x7f0000000140)) 08:27:49 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000080)) 08:27:49 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net\x00') fchown(r0, 0x0, 0xffffffffffffffff) 08:27:49 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x5, 0x0, 0x1) 08:27:49 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x1, 0x4, 0x801, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_FLAGS={0x6}]}, 0x24}}, 0x0) 08:27:49 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000200)="0f", 0x1}], 0x1}}], 0x1, 0x24000010) 08:27:49 executing program 4: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x300, 0x0) pread64(r0, 0x0, 0x5, 0x0) 08:27:49 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448d2, 0x0) [ 89.910963] audit: type=1400 audit(1763108869.190:7): avc: denied { execmem } for pid=275 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 91.147522] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 91.149918] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 91.153073] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 91.156710] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.161433] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.212997] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 91.215534] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 91.218806] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 91.222786] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 91.225223] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 91.227747] ================================================================== [ 91.228940] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0 [ 91.230057] Read of size 2 at addr ffff88800caa5538 by task kworker/u11:1/293 [ 91.234278] [ 91.236360] CPU: 0 UID: 0 PID: 293 Comm: kworker/u11:1 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) [ 91.236393] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 91.236409] Workqueue: hci1 hci_cmd_work [ 91.236441] Call Trace: [ 91.236450] [ 91.236459] dump_stack_lvl+0xca/0x120 [ 91.236490] print_report+0xcb/0x610 [ 91.236522] ? __virt_addr_valid+0x100/0x5d0 [ 91.236550] ? hci_cmd_work+0x66d/0x6d0 [ 91.236580] ? hci_cmd_work+0x66d/0x6d0 [ 91.236611] kasan_report+0xca/0x100 [ 91.236641] ? hci_cmd_work+0x66d/0x6d0 [ 91.236675] hci_cmd_work+0x66d/0x6d0 [ 91.236707] process_one_work+0x8e1/0x19c0 [ 91.236748] ? __pfx_process_one_work+0x10/0x10 [ 91.236782] ? move_linked_works+0x172/0x270 [ 91.236809] ? assign_work+0x196/0x240 [ 91.236842] worker_thread+0x67e/0xe90 [ 91.236876] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 91.236905] ? __pfx_worker_thread+0x10/0x10 [ 91.236940] kthread+0x3c8/0x740 [ 91.236970] ? __pfx_kthread+0x10/0x10 [ 91.237000] ? ret_from_fork+0x79/0x7a0 [ 91.237024] ? lock_release+0xc8/0x290 [ 91.237061] ? __pfx_kthread+0x10/0x10 [ 91.237092] ret_from_fork+0x67a/0x7a0 [ 91.237115] ? __pfx_ret_from_fork+0x10/0x10 [ 91.237140] ? __switch_to+0x759/0x1060 [ 91.237173] ? __pfx_kthread+0x10/0x10 [ 91.237204] ret_from_fork_asm+0x1a/0x30 [ 91.237243] [ 91.237251] [ 91.256609] Allocated by task 291: [ 91.257135] kasan_save_stack+0x24/0x50 [ 91.257723] kasan_save_track+0x14/0x30 [ 91.258310] __kasan_slab_alloc+0x59/0x70 [ 91.258933] kmem_cache_alloc_node_noprof+0x228/0x6b0 [ 91.259692] __alloc_skb+0x2ab/0x370 [ 91.260254] hci_cmd_sync_alloc+0x34/0x300 [ 91.260887] __hci_cmd_sync_sk+0xf7/0x5c0 [ 91.261504] hci_write_ca_timeout_sync+0x8f/0x1e0 [ 91.262214] hci_dev_open_sync+0x1874/0x1f60 [ 91.262872] hci_power_on+0xdb/0x5d0 [ 91.263435] process_one_work+0x8e1/0x19c0 [ 91.264063] worker_thread+0x67e/0xe90 [ 91.264649] kthread+0x3c8/0x740 [ 91.265159] ret_from_fork+0x67a/0x7a0 [ 91.265734] ret_from_fork_asm+0x1a/0x30 [ 91.266336] [ 91.266591] Freed by task 296: [ 91.267083] kasan_save_stack+0x24/0x50 [ 91.267674] kasan_save_track+0x14/0x30 [ 91.268271] kasan_save_free_info+0x3a/0x60 [ 91.268924] __kasan_slab_free+0x43/0x70 [ 91.269529] kmem_cache_free+0x26f/0x500 [ 91.270141] kfree_skbmem+0x18a/0x1f0 [ 91.270713] sk_skb_reason_drop+0x10e/0x1b0 [ 91.271354] vhci_read+0x3d5/0x5d0 [ 91.271887] vfs_read+0x1eb/0xc70 [ 91.272407] ksys_read+0x121/0x240 [ 91.272941] do_syscall_64+0xbf/0x430 [ 91.273512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.274268] [ 91.274523] The buggy address belongs to the object at ffff88800caa5500 [ 91.274523] which belongs to the cache skbuff_head_cache of size 232 [ 91.276372] The buggy address is located 56 bytes inside of [ 91.276372] freed 232-byte region [ffff88800caa5500, ffff88800caa55e8) [ 91.278100] [ 91.278353] The buggy address belongs to the physical page: [ 91.279166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xcaa5 [ 91.280288] flags: 0x100000000000000(node=0|zone=1) [ 91.281004] page_type: f5(slab) [ 91.281499] raw: 0100000000000000 ffff8880096c78c0 ffffea0000394f80 dead000000000004 [ 91.282625] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 91.283740] page dumped because: kasan: bad access detected [ 91.284541] [ 91.284795] Memory state around the buggy address: [ 91.285504] ffff88800caa5400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.286548] ffff88800caa5480: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 91.287599] >ffff88800caa5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.288642] ^ [ 91.289384] ffff88800caa5580: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 91.290433] ffff88800caa5600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 91.291481] ================================================================== [ 91.292623] Disabling lock debugging due to kernel taint [ 91.350626] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 91.355022] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 91.356775] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.359818] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.362451] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 91.364055] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 91.365588] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 91.365610] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 91.366932] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 91.369354] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.369373] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 91.373399] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 91.375744] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 91.375769] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 91.378128] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 91.379583] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 91.380393] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 91.382396] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.383705] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.386103] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 91.386127] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.387622] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 91.388831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.391766] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 91.393991] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 91.398056] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 91.406069] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 91.408577] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 91.413240] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 91.428520] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 93.181980] Bluetooth: hci0: command tx timeout [ 93.374253] Bluetooth: hci1: command tx timeout [ 93.437283] Bluetooth: hci7: command tx timeout [ 93.437692] Bluetooth: hci3: command tx timeout [ 93.438059] Bluetooth: hci2: command tx timeout [ 93.502167] Bluetooth: hci6: command tx timeout [ 93.502593] Bluetooth: hci5: command tx timeout [ 93.502971] Bluetooth: hci4: command tx timeout [ 95.230171] Bluetooth: hci0: command tx timeout [ 95.421203] Bluetooth: hci1: command tx timeout [ 95.485232] Bluetooth: hci3: command tx timeout [ 95.485672] Bluetooth: hci7: command tx timeout [ 95.486052] Bluetooth: hci2: command tx timeout [ 95.549196] Bluetooth: hci4: command tx timeout [ 95.549256] Bluetooth: hci5: command tx timeout [ 95.549616] Bluetooth: hci6: command tx timeout [ 97.277202] Bluetooth: hci0: command tx timeout [ 97.469188] Bluetooth: hci1: command tx timeout [ 97.533209] Bluetooth: hci2: command tx timeout [ 97.533616] Bluetooth: hci7: command tx timeout [ 97.533993] Bluetooth: hci3: command tx timeout [ 97.597226] Bluetooth: hci6: command tx timeout [ 97.597932] Bluetooth: hci5: command tx timeout [ 97.598155] Bluetooth: hci4: command tx timeout [ 99.325181] Bluetooth: hci0: command tx timeout [ 99.517195] Bluetooth: hci1: command tx timeout [ 99.581184] Bluetooth: hci3: command tx timeout [ 99.581581] Bluetooth: hci7: command tx timeout [ 99.581954] Bluetooth: hci2: command tx timeout [ 99.645229] Bluetooth: hci4: command tx timeout [ 99.645628] Bluetooth: hci5: command tx timeout [ 99.646017] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 08:27:50 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff8293dc70 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff888016587580 R8 =0000000000000000 R9 =ffffed100134d046 R10=00000000000fe503 R11=6330303838386652 R12=0000000000000823 R13=0000000000000060 R14=fffffbfff112e94a R15=dffffc0000000000 RIP=ffffffff8293dcc5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e538f000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f794a1f0070 CR3=00000000204db000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000004175308c80000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88806ce3e9e0 RCX=ffffffff8169b13c RDX=ffff888009548000 RSI=ffffffff8169b116 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880095576e8 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000001 R11=1ffff1100d9e6c41 R12=ffffed100d9c7d3d R13=ffff88806ce3e9e8 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff8169b118 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f655d045900 00000000 00000000 GS =0000 ffff8880e548f000 00000000 00000000 LDT=0000 fffffe2f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd7e103a650 CR3=000000000da91000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffffffffffff XMM01=6c6175747269762f736563697665642f XMM02=ffffffffffffffff00000000000000ff XMM03=696e656420737365636341002f737973 XMM04=00000003ffffffff000055dc401e5760 XMM05=000055dc401e57a0000055dc401e5780 XMM06=000055dc401e57c00000000000000000 XMM07=00000000000000000000000000000000 XMM08=7269762f736563697665642f7379732f XMM09=00000000000000000000000000000000 XMM10=00000000200000000000000020000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000