Warning: Permanently added '[localhost]:60297' (ECDSA) to the list of known hosts. 2025/11/14 08:28:53 fuzzer started 2025/11/14 08:28:53 dialing manager at localhost:37161 syzkaller login: [ 50.314533] cgroup: Unknown subsys name 'net' [ 50.386058] cgroup: Unknown subsys name 'cpuset' [ 50.400992] cgroup: Unknown subsys name 'rlimit' 2025/11/14 08:29:02 syscalls: 2214 2025/11/14 08:29:02 code coverage: enabled 2025/11/14 08:29:02 comparison tracing: enabled 2025/11/14 08:29:02 extra coverage: enabled 2025/11/14 08:29:02 setuid sandbox: enabled 2025/11/14 08:29:02 namespace sandbox: enabled 2025/11/14 08:29:02 Android sandbox: enabled 2025/11/14 08:29:02 fault injection: enabled 2025/11/14 08:29:02 leak checking: enabled 2025/11/14 08:29:02 net packet injection: enabled 2025/11/14 08:29:02 net device setup: enabled 2025/11/14 08:29:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/11/14 08:29:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/11/14 08:29:02 USB emulation: enabled 2025/11/14 08:29:02 hci packet injection: enabled 2025/11/14 08:29:02 wifi device emulation: enabled 2025/11/14 08:29:02 802.15.4 emulation: enabled 2025/11/14 08:29:02 fetching corpus: 0, signal 0/2000 (executing program) 2025/11/14 08:29:02 fetching corpus: 40, signal 23303/26901 (executing program) 2025/11/14 08:29:03 fetching corpus: 90, signal 38793/43800 (executing program) 2025/11/14 08:29:03 fetching corpus: 140, signal 44437/50871 (executing program) 2025/11/14 08:29:03 fetching corpus: 190, signal 51447/59174 (executing program) 2025/11/14 08:29:03 fetching corpus: 239, signal 56269/65234 (executing program) 2025/11/14 08:29:03 fetching corpus: 289, signal 61087/71285 (executing program) 2025/11/14 08:29:03 fetching corpus: 339, signal 67569/78787 (executing program) 2025/11/14 08:29:03 fetching corpus: 389, signal 70099/82501 (executing program) 2025/11/14 08:29:03 fetching corpus: 439, signal 72836/86391 (executing program) 2025/11/14 08:29:03 fetching corpus: 489, signal 75025/89726 (executing program) 2025/11/14 08:29:04 fetching corpus: 539, signal 77821/93565 (executing program) 2025/11/14 08:29:04 fetching corpus: 587, signal 80436/97208 (executing program) 2025/11/14 08:29:04 fetching corpus: 636, signal 85921/103263 (executing program) 2025/11/14 08:29:04 fetching corpus: 686, signal 88099/106389 (executing program) 2025/11/14 08:29:04 fetching corpus: 736, signal 90071/109299 (executing program) 2025/11/14 08:29:04 fetching corpus: 786, signal 91369/111609 (executing program) 2025/11/14 08:29:04 fetching corpus: 836, signal 93246/114378 (executing program) 2025/11/14 08:29:04 fetching corpus: 886, signal 96603/118361 (executing program) 2025/11/14 08:29:04 fetching corpus: 935, signal 98158/120799 (executing program) 2025/11/14 08:29:04 fetching corpus: 985, signal 100344/123699 (executing program) 2025/11/14 08:29:05 fetching corpus: 1034, signal 102729/126678 (executing program) 2025/11/14 08:29:05 fetching corpus: 1084, signal 104120/128886 (executing program) 2025/11/14 08:29:05 fetching corpus: 1134, signal 105454/131040 (executing program) 2025/11/14 08:29:05 fetching corpus: 1184, signal 106927/133248 (executing program) 2025/11/14 08:29:05 fetching corpus: 1234, signal 108728/135633 (executing program) 2025/11/14 08:29:05 fetching corpus: 1284, signal 110745/138178 (executing program) 2025/11/14 08:29:05 fetching corpus: 1334, signal 112848/140768 (executing program) 2025/11/14 08:29:05 fetching corpus: 1383, signal 114143/142733 (executing program) 2025/11/14 08:29:05 fetching corpus: 1433, signal 115274/144546 (executing program) 2025/11/14 08:29:06 fetching corpus: 1483, signal 116275/146210 (executing program) 2025/11/14 08:29:06 fetching corpus: 1533, signal 117843/148274 (executing program) 2025/11/14 08:29:06 fetching corpus: 1583, signal 119071/150133 (executing program) 2025/11/14 08:29:06 fetching corpus: 1632, signal 120264/151941 (executing program) 2025/11/14 08:29:06 fetching corpus: 1682, signal 122078/154165 (executing program) 2025/11/14 08:29:06 fetching corpus: 1732, signal 123130/155763 (executing program) 2025/11/14 08:29:06 fetching corpus: 1781, signal 124600/157654 (executing program) 2025/11/14 08:29:06 fetching corpus: 1831, signal 126088/159550 (executing program) 2025/11/14 08:29:06 fetching corpus: 1881, signal 127059/161078 (executing program) 2025/11/14 08:29:06 fetching corpus: 1931, signal 127849/162448 (executing program) 2025/11/14 08:29:07 fetching corpus: 1980, signal 129061/164067 (executing program) 2025/11/14 08:29:07 fetching corpus: 2030, signal 129953/165479 (executing program) 2025/11/14 08:29:07 fetching corpus: 2080, signal 131295/167170 (executing program) 2025/11/14 08:29:07 fetching corpus: 2129, signal 133366/169295 (executing program) 2025/11/14 08:29:07 fetching corpus: 2179, signal 134318/170686 (executing program) 2025/11/14 08:29:07 fetching corpus: 2229, signal 135258/172008 (executing program) 2025/11/14 08:29:07 fetching corpus: 2278, signal 135947/173183 (executing program) 2025/11/14 08:29:07 fetching corpus: 2328, signal 137202/174698 (executing program) 2025/11/14 08:29:07 fetching corpus: 2378, signal 137899/175888 (executing program) 2025/11/14 08:29:07 fetching corpus: 2428, signal 138807/177140 (executing program) 2025/11/14 08:29:07 fetching corpus: 2478, signal 139713/178402 (executing program) 2025/11/14 08:29:08 fetching corpus: 2528, signal 140313/179469 (executing program) 2025/11/14 08:29:08 fetching corpus: 2577, signal 141385/180790 (executing program) 2025/11/14 08:29:08 fetching corpus: 2627, signal 141847/181806 (executing program) 2025/11/14 08:29:08 fetching corpus: 2676, signal 142682/182979 (executing program) 2025/11/14 08:29:08 fetching corpus: 2726, signal 143545/184090 (executing program) 2025/11/14 08:29:08 fetching corpus: 2775, signal 144263/185176 (executing program) 2025/11/14 08:29:08 fetching corpus: 2825, signal 144762/186144 (executing program) 2025/11/14 08:29:08 fetching corpus: 2875, signal 145812/187380 (executing program) 2025/11/14 08:29:08 fetching corpus: 2925, signal 146548/188419 (executing program) 2025/11/14 08:29:08 fetching corpus: 2974, signal 147316/189433 (executing program) 2025/11/14 08:29:09 fetching corpus: 3024, signal 148028/190457 (executing program) 2025/11/14 08:29:09 fetching corpus: 3074, signal 148697/191469 (executing program) 2025/11/14 08:29:09 fetching corpus: 3124, signal 149446/192444 (executing program) 2025/11/14 08:29:09 fetching corpus: 3173, signal 150308/193476 (executing program) 2025/11/14 08:29:09 fetching corpus: 3223, signal 151130/194513 (executing program) 2025/11/14 08:29:09 fetching corpus: 3272, signal 151773/195442 (executing program) 2025/11/14 08:29:09 fetching corpus: 3322, signal 152908/196549 (executing program) 2025/11/14 08:29:09 fetching corpus: 3372, signal 153811/197534 (executing program) 2025/11/14 08:29:09 fetching corpus: 3421, signal 154572/198430 (executing program) 2025/11/14 08:29:09 fetching corpus: 3470, signal 155042/199208 (executing program) 2025/11/14 08:29:10 fetching corpus: 3520, signal 155580/200024 (executing program) 2025/11/14 08:29:10 fetching corpus: 3569, signal 156237/200870 (executing program) 2025/11/14 08:29:10 fetching corpus: 3619, signal 156713/201607 (executing program) 2025/11/14 08:29:10 fetching corpus: 3669, signal 157296/202385 (executing program) 2025/11/14 08:29:10 fetching corpus: 3719, signal 157931/203219 (executing program) 2025/11/14 08:29:10 fetching corpus: 3769, signal 158403/203987 (executing program) 2025/11/14 08:29:10 fetching corpus: 3819, signal 158968/204776 (executing program) 2025/11/14 08:29:10 fetching corpus: 3869, signal 159457/205514 (executing program) 2025/11/14 08:29:10 fetching corpus: 3918, signal 160076/206271 (executing program) 2025/11/14 08:29:10 fetching corpus: 3968, signal 161241/207170 (executing program) 2025/11/14 08:29:11 fetching corpus: 4018, signal 161651/207864 (executing program) 2025/11/14 08:29:11 fetching corpus: 4068, signal 162158/208557 (executing program) 2025/11/14 08:29:11 fetching corpus: 4118, signal 162734/209249 (executing program) 2025/11/14 08:29:11 fetching corpus: 4168, signal 163435/209973 (executing program) 2025/11/14 08:29:11 fetching corpus: 4217, signal 163970/210637 (executing program) 2025/11/14 08:29:11 fetching corpus: 4267, signal 164460/211285 (executing program) 2025/11/14 08:29:11 fetching corpus: 4317, signal 164949/211952 (executing program) 2025/11/14 08:29:11 fetching corpus: 4366, signal 165502/212616 (executing program) 2025/11/14 08:29:11 fetching corpus: 4416, signal 166153/213254 (executing program) 2025/11/14 08:29:11 fetching corpus: 4465, signal 167372/214016 (executing program) 2025/11/14 08:29:12 fetching corpus: 4515, signal 167876/214643 (executing program) 2025/11/14 08:29:12 fetching corpus: 4565, signal 168240/215259 (executing program) 2025/11/14 08:29:12 fetching corpus: 4615, signal 168541/215788 (executing program) 2025/11/14 08:29:12 fetching corpus: 4665, signal 168980/216331 (executing program) 2025/11/14 08:29:12 fetching corpus: 4714, signal 169561/216899 (executing program) 2025/11/14 08:29:12 fetching corpus: 4764, signal 170148/217471 (executing program) 2025/11/14 08:29:12 fetching corpus: 4814, signal 170843/218080 (executing program) 2025/11/14 08:29:12 fetching corpus: 4864, signal 171504/218613 (executing program) 2025/11/14 08:29:12 fetching corpus: 4914, signal 172279/219156 (executing program) 2025/11/14 08:29:12 fetching corpus: 4964, signal 173779/219807 (executing program) 2025/11/14 08:29:13 fetching corpus: 5014, signal 174238/220329 (executing program) 2025/11/14 08:29:13 fetching corpus: 5064, signal 174631/220826 (executing program) 2025/11/14 08:29:13 fetching corpus: 5114, signal 175086/221348 (executing program) 2025/11/14 08:29:13 fetching corpus: 5163, signal 175492/221812 (executing program) 2025/11/14 08:29:13 fetching corpus: 5213, signal 175987/222296 (executing program) 2025/11/14 08:29:13 fetching corpus: 5263, signal 176299/222745 (executing program) 2025/11/14 08:29:13 fetching corpus: 5313, signal 176781/223219 (executing program) 2025/11/14 08:29:13 fetching corpus: 5363, signal 177006/223652 (executing program) 2025/11/14 08:29:13 fetching corpus: 5413, signal 177334/224082 (executing program) 2025/11/14 08:29:13 fetching corpus: 5463, signal 178025/224518 (executing program) 2025/11/14 08:29:13 fetching corpus: 5513, signal 178470/224931 (executing program) 2025/11/14 08:29:14 fetching corpus: 5563, signal 179647/225158 (executing program) 2025/11/14 08:29:14 fetching corpus: 5613, signal 180044/225158 (executing program) 2025/11/14 08:29:14 fetching corpus: 5663, signal 180586/225158 (executing program) 2025/11/14 08:29:14 fetching corpus: 5712, signal 180939/225158 (executing program) 2025/11/14 08:29:14 fetching corpus: 5762, signal 181628/225161 (executing program) 2025/11/14 08:29:14 fetching corpus: 5812, signal 182182/225161 (executing program) 2025/11/14 08:29:14 fetching corpus: 5861, signal 182514/225161 (executing program) 2025/11/14 08:29:14 fetching corpus: 5911, signal 182845/225161 (executing program) 2025/11/14 08:29:14 fetching corpus: 5961, signal 183228/225161 (executing program) 2025/11/14 08:29:14 fetching corpus: 6011, signal 183482/225161 (executing program) 2025/11/14 08:29:15 fetching corpus: 6061, signal 183846/225161 (executing program) 2025/11/14 08:29:15 fetching corpus: 6111, signal 184230/225161 (executing program) 2025/11/14 08:29:15 fetching corpus: 6161, signal 184493/225161 (executing program) 2025/11/14 08:29:15 fetching corpus: 6210, signal 184831/225161 (executing program) 2025/11/14 08:29:15 fetching corpus: 6260, signal 185118/225162 (executing program) 2025/11/14 08:29:15 fetching corpus: 6309, signal 185412/225162 (executing program) 2025/11/14 08:29:15 fetching corpus: 6359, signal 185792/225162 (executing program) 2025/11/14 08:29:15 fetching corpus: 6409, signal 186256/225162 (executing program) 2025/11/14 08:29:15 fetching corpus: 6459, signal 186637/225162 (executing program) 2025/11/14 08:29:15 fetching corpus: 6508, signal 187015/225162 (executing program) 2025/11/14 08:29:15 fetching corpus: 6558, signal 187409/225162 (executing program) 2025/11/14 08:29:15 fetching corpus: 6608, signal 187648/225162 (executing program) 2025/11/14 08:29:16 fetching corpus: 6658, signal 188017/225166 (executing program) 2025/11/14 08:29:16 fetching corpus: 6708, signal 188564/225166 (executing program) 2025/11/14 08:29:16 fetching corpus: 6758, signal 188952/225166 (executing program) 2025/11/14 08:29:16 fetching corpus: 6807, signal 189333/225166 (executing program) 2025/11/14 08:29:16 fetching corpus: 6857, signal 189642/225166 (executing program) 2025/11/14 08:29:16 fetching corpus: 6907, signal 189891/225166 (executing program) 2025/11/14 08:29:16 fetching corpus: 6957, signal 190144/225166 (executing program) 2025/11/14 08:29:16 fetching corpus: 7007, signal 190692/225166 (executing program) 2025/11/14 08:29:16 fetching corpus: 7057, signal 191069/225166 (executing program) 2025/11/14 08:29:16 fetching corpus: 7107, signal 191386/225166 (executing program) 2025/11/14 08:29:17 fetching corpus: 7156, signal 191884/225166 (executing program) 2025/11/14 08:29:17 fetching corpus: 7205, signal 192303/225166 (executing program) 2025/11/14 08:29:17 fetching corpus: 7255, signal 192619/225166 (executing program) 2025/11/14 08:29:17 fetching corpus: 7305, signal 192934/225166 (executing program) 2025/11/14 08:29:17 fetching corpus: 7355, signal 193303/225166 (executing program) 2025/11/14 08:29:17 fetching corpus: 7405, signal 193551/225166 (executing program) 2025/11/14 08:29:17 fetching corpus: 7455, signal 193854/225166 (executing program) 2025/11/14 08:29:17 fetching corpus: 7505, signal 194166/225166 (executing program) 2025/11/14 08:29:17 fetching corpus: 7553, signal 194521/225166 (executing program) 2025/11/14 08:29:17 fetching corpus: 7603, signal 194735/225166 (executing program) 2025/11/14 08:29:18 fetching corpus: 7653, signal 194986/225166 (executing program) 2025/11/14 08:29:18 fetching corpus: 7703, signal 195269/225166 (executing program) 2025/11/14 08:29:18 fetching corpus: 7753, signal 195630/225166 (executing program) 2025/11/14 08:29:18 fetching corpus: 7803, signal 195915/225166 (executing program) 2025/11/14 08:29:18 fetching corpus: 7852, signal 196141/225166 (executing program) 2025/11/14 08:29:18 fetching corpus: 7901, signal 196424/225178 (executing program) 2025/11/14 08:29:18 fetching corpus: 7951, signal 196694/225178 (executing program) 2025/11/14 08:29:18 fetching corpus: 8001, signal 196992/225178 (executing program) 2025/11/14 08:29:18 fetching corpus: 8051, signal 197305/225178 (executing program) 2025/11/14 08:29:18 fetching corpus: 8101, signal 197617/225178 (executing program) 2025/11/14 08:29:19 fetching corpus: 8151, signal 197940/225178 (executing program) 2025/11/14 08:29:19 fetching corpus: 8201, signal 198257/225178 (executing program) 2025/11/14 08:29:19 fetching corpus: 8251, signal 198553/225178 (executing program) 2025/11/14 08:29:19 fetching corpus: 8301, signal 198845/225178 (executing program) 2025/11/14 08:29:19 fetching corpus: 8351, signal 199269/225178 (executing program) 2025/11/14 08:29:19 fetching corpus: 8401, signal 199545/225178 (executing program) 2025/11/14 08:29:19 fetching corpus: 8451, signal 199795/225178 (executing program) 2025/11/14 08:29:19 fetching corpus: 8501, signal 200143/225178 (executing program) 2025/11/14 08:29:19 fetching corpus: 8551, signal 200411/225178 (executing program) 2025/11/14 08:29:19 fetching corpus: 8601, signal 200675/225178 (executing program) 2025/11/14 08:29:19 fetching corpus: 8651, signal 201090/225178 (executing program) 2025/11/14 08:29:20 fetching corpus: 8701, signal 201331/225178 (executing program) 2025/11/14 08:29:20 fetching corpus: 8751, signal 201661/225178 (executing program) 2025/11/14 08:29:20 fetching corpus: 8800, signal 201892/225178 (executing program) 2025/11/14 08:29:20 fetching corpus: 8849, signal 202105/225178 (executing program) 2025/11/14 08:29:20 fetching corpus: 8898, signal 202347/225178 (executing program) 2025/11/14 08:29:20 fetching corpus: 8947, signal 202526/225178 (executing program) 2025/11/14 08:29:20 fetching corpus: 8997, signal 202880/225178 (executing program) 2025/11/14 08:29:20 fetching corpus: 9047, signal 203241/225178 (executing program) 2025/11/14 08:29:20 fetching corpus: 9097, signal 203520/225178 (executing program) 2025/11/14 08:29:20 fetching corpus: 9147, signal 203807/225178 (executing program) 2025/11/14 08:29:20 fetching corpus: 9197, signal 204016/225178 (executing program) 2025/11/14 08:29:20 fetching corpus: 9247, signal 204446/225178 (executing program) 2025/11/14 08:29:21 fetching corpus: 9297, signal 204704/225178 (executing program) 2025/11/14 08:29:21 fetching corpus: 9346, signal 204989/225178 (executing program) 2025/11/14 08:29:21 fetching corpus: 9395, signal 205346/225178 (executing program) 2025/11/14 08:29:21 fetching corpus: 9445, signal 205895/225202 (executing program) 2025/11/14 08:29:21 fetching corpus: 9495, signal 206285/225202 (executing program) 2025/11/14 08:29:21 fetching corpus: 9545, signal 206597/225202 (executing program) 2025/11/14 08:29:21 fetching corpus: 9595, signal 206795/225202 (executing program) 2025/11/14 08:29:21 fetching corpus: 9645, signal 207420/225202 (executing program) 2025/11/14 08:29:21 fetching corpus: 9695, signal 207666/225202 (executing program) 2025/11/14 08:29:21 fetching corpus: 9745, signal 207868/225202 (executing program) 2025/11/14 08:29:22 fetching corpus: 9795, signal 208248/225202 (executing program) 2025/11/14 08:29:22 fetching corpus: 9845, signal 208709/225202 (executing program) 2025/11/14 08:29:22 fetching corpus: 9895, signal 209010/225202 (executing program) 2025/11/14 08:29:22 fetching corpus: 9945, signal 209248/225202 (executing program) 2025/11/14 08:29:22 fetching corpus: 9995, signal 209443/225202 (executing program) 2025/11/14 08:29:22 fetching corpus: 10044, signal 209580/225202 (executing program) 2025/11/14 08:29:22 fetching corpus: 10094, signal 209936/225202 (executing program) 2025/11/14 08:29:22 fetching corpus: 10144, signal 210163/225202 (executing program) 2025/11/14 08:29:22 fetching corpus: 10194, signal 210374/225202 (executing program) 2025/11/14 08:29:22 fetching corpus: 10244, signal 210601/225202 (executing program) 2025/11/14 08:29:23 fetching corpus: 10294, signal 210773/225202 (executing program) 2025/11/14 08:29:23 fetching corpus: 10344, signal 210964/225202 (executing program) 2025/11/14 08:29:23 fetching corpus: 10393, signal 211154/225202 (executing program) 2025/11/14 08:29:23 fetching corpus: 10443, signal 211402/225202 (executing program) 2025/11/14 08:29:23 fetching corpus: 10493, signal 211654/225202 (executing program) 2025/11/14 08:29:23 fetching corpus: 10542, signal 211902/225202 (executing program) 2025/11/14 08:29:23 fetching corpus: 10592, signal 212200/225202 (executing program) 2025/11/14 08:29:23 fetching corpus: 10642, signal 212479/225202 (executing program) 2025/11/14 08:29:23 fetching corpus: 10692, signal 212776/225202 (executing program) 2025/11/14 08:29:23 fetching corpus: 10742, signal 213009/225202 (executing program) 2025/11/14 08:29:23 fetching corpus: 10792, signal 213191/225202 (executing program) 2025/11/14 08:29:24 fetching corpus: 10842, signal 213443/225202 (executing program) 2025/11/14 08:29:24 fetching corpus: 10892, signal 213629/225202 (executing program) 2025/11/14 08:29:24 fetching corpus: 10942, signal 213834/225202 (executing program) 2025/11/14 08:29:24 fetching corpus: 10992, signal 214083/225202 (executing program) 2025/11/14 08:29:24 fetching corpus: 11042, signal 214348/225202 (executing program) 2025/11/14 08:29:24 fetching corpus: 11092, signal 214505/225202 (executing program) 2025/11/14 08:29:24 fetching corpus: 11142, signal 214742/225202 (executing program) 2025/11/14 08:29:24 fetching corpus: 11192, signal 214951/225202 (executing program) 2025/11/14 08:29:24 fetching corpus: 11242, signal 215126/225202 (executing program) 2025/11/14 08:29:24 fetching corpus: 11292, signal 215332/225202 (executing program) 2025/11/14 08:29:24 fetching corpus: 11342, signal 215633/225202 (executing program) 2025/11/14 08:29:25 fetching corpus: 11391, signal 215937/225202 (executing program) 2025/11/14 08:29:25 fetching corpus: 11440, signal 216146/225202 (executing program) 2025/11/14 08:29:25 fetching corpus: 11490, signal 216349/225202 (executing program) 2025/11/14 08:29:25 fetching corpus: 11540, signal 216558/225202 (executing program) 2025/11/14 08:29:25 fetching corpus: 11590, signal 216810/225202 (executing program) 2025/11/14 08:29:25 fetching corpus: 11640, signal 217071/225202 (executing program) 2025/11/14 08:29:25 fetching corpus: 11690, signal 217467/225202 (executing program) 2025/11/14 08:29:25 fetching corpus: 11740, signal 217803/225202 (executing program) 2025/11/14 08:29:25 fetching corpus: 11789, signal 217998/225202 (executing program) 2025/11/14 08:29:25 fetching corpus: 11839, signal 218130/225202 (executing program) 2025/11/14 08:29:26 fetching corpus: 11888, signal 218309/225202 (executing program) 2025/11/14 08:29:26 fetching corpus: 11938, signal 218534/225202 (executing program) 2025/11/14 08:29:26 fetching corpus: 11988, signal 218633/225202 (executing program) 2025/11/14 08:29:26 fetching corpus: 12038, signal 218809/225202 (executing program) 2025/11/14 08:29:26 fetching corpus: 12088, signal 219083/225202 (executing program) 2025/11/14 08:29:26 fetching corpus: 12138, signal 219341/225202 (executing program) 2025/11/14 08:29:26 fetching corpus: 12188, signal 219483/225202 (executing program) 2025/11/14 08:29:26 fetching corpus: 12237, signal 219690/225202 (executing program) 2025/11/14 08:29:26 fetching corpus: 12287, signal 219866/225202 (executing program) 2025/11/14 08:29:26 fetching corpus: 12337, signal 220043/225202 (executing program) 2025/11/14 08:29:26 fetching corpus: 12386, signal 220189/225202 (executing program) 2025/11/14 08:29:27 fetching corpus: 12436, signal 220347/225202 (executing program) 2025/11/14 08:29:27 fetching corpus: 12486, signal 220529/225202 (executing program) 2025/11/14 08:29:27 fetching corpus: 12536, signal 220870/225202 (executing program) 2025/11/14 08:29:27 fetching corpus: 12586, signal 221013/225202 (executing program) 2025/11/14 08:29:27 fetching corpus: 12636, signal 221294/225202 (executing program) 2025/11/14 08:29:27 fetching corpus: 12685, signal 221505/225202 (executing program) 2025/11/14 08:29:27 fetching corpus: 12735, signal 221810/225202 (executing program) 2025/11/14 08:29:27 fetching corpus: 12785, signal 221983/225202 (executing program) 2025/11/14 08:29:27 fetching corpus: 12835, signal 222184/225202 (executing program) 2025/11/14 08:29:27 fetching corpus: 12885, signal 222387/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 12935, signal 222569/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 12985, signal 222770/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 13035, signal 222927/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 13085, signal 223105/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 13134, signal 223292/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 13184, signal 223478/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 13234, signal 223652/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 13284, signal 223810/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 13333, signal 224015/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 13383, signal 224155/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 13432, signal 224307/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 13448, signal 224345/225202 (executing program) 2025/11/14 08:29:28 fetching corpus: 13448, signal 224345/225202 (executing program) 2025/11/14 08:29:31 starting 8 fuzzer processes 08:29:31 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) capset(&(0x7f0000001980)={0x20080522}, &(0x7f00000025c0)) ioctl$TIOCSLCKTRMIOS(r0, 0x4b65, 0x0) 08:29:31 executing program 1: socket$packet(0x11, 0x0, 0x300) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x541c, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000380)=""/200, &(0x7f0000000100)=0xc8) 08:29:31 executing program 7: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PTP_PIN_GETFUNC(r0, 0xc0603d06, &(0x7f0000000100)) 08:29:31 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x20, 0x0, 0x0) 08:29:31 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='mounts\x00') connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) sendfile(r1, r2, 0x0, 0xffd0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='mounts\x00') sendfile(r0, r3, 0x0, 0x4000000000000000) 08:29:31 executing program 3: creat(&(0x7f00000000c0)='./file1\x00', 0x0) move_mount(0xffffffffffffffff, &(0x7f0000000180)='\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x37) 08:29:31 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f00000001c0)={0x1017e}) [ 88.066113] audit: type=1400 audit(1763108971.496:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:29:31 executing program 5: setreuid(0xffffffffffffffff, 0x0) [ 89.363878] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.373501] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.374721] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.376113] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.377339] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.379521] ================================================================== [ 89.380785] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0 [ 89.381987] Read of size 2 at addr ffff888013cb12b8 by task kworker/u11:4/295 [ 89.388729] [ 89.389051] CPU: 1 UID: 0 PID: 295 Comm: kworker/u11:4 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) [ 89.389084] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 89.389101] Workqueue: hci1 hci_cmd_work [ 89.389135] Call Trace: [ 89.389144] [ 89.389154] dump_stack_lvl+0xca/0x120 [ 89.389185] print_report+0xcb/0x610 [ 89.389217] ? __virt_addr_valid+0x100/0x5d0 [ 89.389246] ? hci_cmd_work+0x66d/0x6d0 [ 89.389277] ? hci_cmd_work+0x66d/0x6d0 [ 89.389309] kasan_report+0xca/0x100 [ 89.389340] ? hci_cmd_work+0x66d/0x6d0 [ 89.389375] hci_cmd_work+0x66d/0x6d0 [ 89.389408] process_one_work+0x8e1/0x19c0 [ 89.389450] ? __pfx_process_one_work+0x10/0x10 [ 89.389485] ? move_linked_works+0x172/0x270 [ 89.389512] ? assign_work+0x196/0x240 [ 89.389547] worker_thread+0x67e/0xe90 [ 89.389582] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 89.389612] ? __pfx_worker_thread+0x10/0x10 [ 89.389647] kthread+0x3c8/0x740 [ 89.389679] ? __pfx_kthread+0x10/0x10 [ 89.389724] ? ret_from_fork+0x79/0x7a0 [ 89.389749] ? lock_release+0xc8/0x290 [ 89.389787] ? __pfx_kthread+0x10/0x10 [ 89.389819] ret_from_fork+0x67a/0x7a0 [ 89.389843] ? __pfx_ret_from_fork+0x10/0x10 [ 89.389869] ? __switch_to+0x759/0x1060 [ 89.389903] ? __pfx_kthread+0x10/0x10 [ 89.389935] ret_from_fork_asm+0x1a/0x30 [ 89.389976] [ 89.389984] [ 89.412497] Allocated by task 290: [ 89.413114] kasan_save_stack+0x24/0x50 [ 89.413818] kasan_save_track+0x14/0x30 [ 89.414520] __kasan_slab_alloc+0x59/0x70 [ 89.415254] kmem_cache_alloc_node_noprof+0x228/0x6b0 [ 89.416170] __alloc_skb+0x2ab/0x370 [ 89.416841] hci_cmd_sync_alloc+0x34/0x300 [ 89.417597] __hci_cmd_sync_sk+0xf7/0x5c0 [ 89.418364] hci_read_bd_addr_sync+0x2c/0x170 [ 89.419169] hci_dev_open_sync+0x145c/0x1f60 [ 89.419940] hci_power_on+0xdb/0x5d0 [ 89.420612] process_one_work+0x8e1/0x19c0 [ 89.421349] worker_thread+0x67e/0xe90 [ 89.422043] kthread+0x3c8/0x740 [ 89.422667] ret_from_fork+0x67a/0x7a0 [ 89.423344] ret_from_fork_asm+0x1a/0x30 [ 89.424073] [ 89.424371] Freed by task 293: [ 89.424942] kasan_save_stack+0x24/0x50 [ 89.425652] kasan_save_track+0x14/0x30 [ 89.426367] kasan_save_free_info+0x3a/0x60 [ 89.427126] __kasan_slab_free+0x43/0x70 [ 89.427835] kmem_cache_free+0x26f/0x500 [ 89.428552] kfree_skbmem+0x18a/0x1f0 [ 89.429236] sk_skb_reason_drop+0x10e/0x1b0 [ 89.430003] vhci_read+0x3d5/0x5d0 [ 89.430635] vfs_read+0x1eb/0xc70 [ 89.431190] ksys_read+0x121/0x240 [ 89.431718] do_syscall_64+0xbf/0x430 [ 89.432277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.433019] [ 89.433273] The buggy address belongs to the object at ffff888013cb1280 [ 89.433273] which belongs to the cache skbuff_head_cache of size 232 [ 89.435118] The buggy address is located 56 bytes inside of [ 89.435118] freed 232-byte region [ffff888013cb1280, ffff888013cb1368) [ 89.436831] [ 89.437088] The buggy address belongs to the physical page: [ 89.437891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13cb1 [ 89.439020] anon flags: 0x100000000000000(node=0|zone=1) [ 89.439791] page_type: f5(slab) [ 89.440280] raw: 0100000000000000 ffff8880096c78c0 ffffea00004f3040 0000000000000005 [ 89.441390] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 89.442529] page dumped because: kasan: bad access detected [ 89.443341] [ 89.443597] Memory state around the buggy address: [ 89.444297] ffff888013cb1180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 89.445330] ffff888013cb1200: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 89.446378] >ffff888013cb1280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 89.447404] ^ [ 89.448161] ffff888013cb1300: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 89.449201] ffff888013cb1380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 89.450247] ================================================================== [ 89.451395] Disabling lock debugging due to kernel taint [ 89.453004] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.462488] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.464633] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.465988] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.468564] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.469254] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.470366] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.471818] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 89.472498] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.476250] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.477311] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.478272] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.481393] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.482093] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.485186] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 89.489366] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.490309] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.491651] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.512716] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.513396] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 89.515390] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 89.515977] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 89.517037] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.517878] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.518959] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 89.519721] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 89.520392] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 89.520969] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.522953] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 89.528362] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 89.537589] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 89.541534] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 89.544404] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 89.554870] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 89.556524] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 91.515238] Bluetooth: hci2: command tx timeout [ 91.515268] Bluetooth: hci1: command tx timeout [ 91.515994] Bluetooth: hci0: command tx timeout [ 91.579244] Bluetooth: hci6: command tx timeout [ 91.579255] Bluetooth: hci7: command tx timeout [ 91.580242] Bluetooth: hci5: command tx timeout [ 91.580809] Bluetooth: hci3: command tx timeout [ 91.581117] Bluetooth: hci4: command tx timeout [ 93.564188] Bluetooth: hci0: command tx timeout [ 93.564210] Bluetooth: hci1: command tx timeout [ 93.564868] Bluetooth: hci2: command tx timeout [ 93.627315] Bluetooth: hci3: command tx timeout [ 93.628729] Bluetooth: hci4: command tx timeout [ 93.628981] Bluetooth: hci5: command tx timeout [ 93.629665] Bluetooth: hci6: command tx timeout [ 93.629729] Bluetooth: hci7: command tx timeout [ 95.611265] Bluetooth: hci2: command tx timeout [ 95.612198] Bluetooth: hci1: command tx timeout [ 95.612593] Bluetooth: hci0: command tx timeout [ 95.676186] Bluetooth: hci6: command tx timeout [ 95.676611] Bluetooth: hci5: command tx timeout [ 95.676995] Bluetooth: hci4: command tx timeout [ 95.677793] Bluetooth: hci3: command tx timeout [ 95.677830] Bluetooth: hci7: command tx timeout [ 97.660219] Bluetooth: hci1: command tx timeout [ 97.660664] Bluetooth: hci0: command tx timeout [ 97.660898] Bluetooth: hci2: command tx timeout [ 97.723188] Bluetooth: hci7: command tx timeout [ 97.725167] Bluetooth: hci4: command tx timeout [ 97.725189] Bluetooth: hci3: command tx timeout [ 97.725658] Bluetooth: hci5: command tx timeout [ 97.726525] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 08:29:32 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=0000000000000001 RCX=ffffffff86a165e2 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000001 RBP=ffff888015c67868 RSP=ffff888015c677a0 R8 =ffffffff86a165e6 R9 =0000000000000000 R10=000000000003ca6e R11=000000000000a8db R12=ffff888015c67870 R13=ffff888015c67858 R14=0000000000000005 R15=ffff888015c67810 RIP=ffffffff8135f8e3 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f76e60448c0 00000000 00000000 GS =0000 ffff8880e538f000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f9ea6b61400 CR3=000000000d483000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffffffffffff XMM01=00000000000000000000000000000000 XMM02=ffffffffffffffff00000000000000ff XMM03=696e656420737365636341002f737973 XMM04=0000000000000001000055d2de65dda0 XMM05=000055d2de616260000055d2de616240 XMM06=00000000000000000000000400000003 XMM07=ffffffff00000004000055d2de63b070 XMM08=7269762f736563697665642f7379732f XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000075 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8293dd05 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff8880163a7618 R8 =0000000000000000 R9 =ffffed10016fb046 R10=0000000000000075 R11=3331303838386652 R12=0000000000000075 R13=0000000000000010 R14=ffffffff88974780 R15=ffffffff8293dcf0 RIP=ffffffff8293dd5d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e548f000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f41ee5d0070 CR3=000000001a5f8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f41ee6937c000007f41ee6937c8 XMM02=00007f41ee6937e000007f41ee6937c0 XMM03=00007f41ee6937c800007f41ee6937c0 XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000