Warning: Permanently added '[localhost]:28287' (ECDSA) to the list of known hosts. 2025/11/14 08:07:33 fuzzer started 2025/11/14 08:07:33 dialing manager at localhost:37161 syzkaller login: [ 44.746833] cgroup: Unknown subsys name 'net' [ 44.820412] cgroup: Unknown subsys name 'cpuset' [ 44.835720] cgroup: Unknown subsys name 'rlimit' 2025/11/14 08:07:44 syscalls: 2214 2025/11/14 08:07:44 code coverage: enabled 2025/11/14 08:07:44 comparison tracing: enabled 2025/11/14 08:07:44 extra coverage: enabled 2025/11/14 08:07:44 setuid sandbox: enabled 2025/11/14 08:07:44 namespace sandbox: enabled 2025/11/14 08:07:44 Android sandbox: enabled 2025/11/14 08:07:44 fault injection: enabled 2025/11/14 08:07:44 leak checking: enabled 2025/11/14 08:07:44 net packet injection: enabled 2025/11/14 08:07:44 net device setup: enabled 2025/11/14 08:07:44 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/11/14 08:07:44 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/11/14 08:07:44 USB emulation: enabled 2025/11/14 08:07:44 hci packet injection: enabled 2025/11/14 08:07:44 wifi device emulation: enabled 2025/11/14 08:07:44 802.15.4 emulation: enabled 2025/11/14 08:07:44 fetching corpus: 0, signal 0/2000 (executing program) 2025/11/14 08:07:44 fetching corpus: 40, signal 17726/21162 (executing program) 2025/11/14 08:07:44 fetching corpus: 71, signal 26937/31667 (executing program) 2025/11/14 08:07:44 fetching corpus: 102, signal 31454/37439 (executing program) 2025/11/14 08:07:44 fetching corpus: 134, signal 41320/47972 (executing program) 2025/11/14 08:07:44 fetching corpus: 184, signal 48477/55737 (executing program) 2025/11/14 08:07:45 fetching corpus: 234, signal 55590/63237 (executing program) 2025/11/14 08:07:45 fetching corpus: 284, signal 59188/67450 (executing program) 2025/11/14 08:07:45 fetching corpus: 334, signal 62865/71605 (executing program) 2025/11/14 08:07:45 fetching corpus: 384, signal 65863/75045 (executing program) 2025/11/14 08:07:45 fetching corpus: 434, signal 71406/80448 (executing program) 2025/11/14 08:07:45 fetching corpus: 484, signal 76055/85015 (executing program) 2025/11/14 08:07:45 fetching corpus: 533, signal 79674/88600 (executing program) 2025/11/14 08:07:45 fetching corpus: 581, signal 83404/92170 (executing program) 2025/11/14 08:07:46 fetching corpus: 631, signal 85762/94563 (executing program) 2025/11/14 08:07:46 fetching corpus: 681, signal 89545/97975 (executing program) 2025/11/14 08:07:46 fetching corpus: 731, signal 92340/100510 (executing program) 2025/11/14 08:07:46 fetching corpus: 780, signal 94396/102457 (executing program) 2025/11/14 08:07:46 fetching corpus: 830, signal 96740/104470 (executing program) 2025/11/14 08:07:46 fetching corpus: 880, signal 99142/106511 (executing program) 2025/11/14 08:07:46 fetching corpus: 930, signal 100631/107827 (executing program) 2025/11/14 08:07:47 fetching corpus: 979, signal 102236/109202 (executing program) 2025/11/14 08:07:47 fetching corpus: 1029, signal 104087/110709 (executing program) 2025/11/14 08:07:47 fetching corpus: 1079, signal 106229/112277 (executing program) 2025/11/14 08:07:47 fetching corpus: 1128, signal 108391/113814 (executing program) 2025/11/14 08:07:47 fetching corpus: 1178, signal 110570/115261 (executing program) 2025/11/14 08:07:47 fetching corpus: 1228, signal 111698/116030 (executing program) 2025/11/14 08:07:48 fetching corpus: 1278, signal 113099/116951 (executing program) 2025/11/14 08:07:48 fetching corpus: 1327, signal 114678/117918 (executing program) 2025/11/14 08:07:48 fetching corpus: 1377, signal 115944/118703 (executing program) 2025/11/14 08:07:48 fetching corpus: 1426, signal 117670/119670 (executing program) 2025/11/14 08:07:48 fetching corpus: 1475, signal 119146/120441 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121091/121397 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121091/121413 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121091/121419 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121091/121432 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121091/121447 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121091/121453 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121091/121459 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121091/121471 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121091/121480 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121091/121486 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121091/121495 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121095/121505 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121095/121519 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121095/121525 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121095/121539 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121095/121550 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121095/121562 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121095/121572 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121095/121585 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121095/121597 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121095/121605 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121095/121613 (executing program) 2025/11/14 08:07:48 fetching corpus: 1519, signal 121097/121624 (executing program) 2025/11/14 08:07:49 fetching corpus: 1520, signal 121098/121636 (executing program) 2025/11/14 08:07:49 fetching corpus: 1520, signal 121098/121644 (executing program) 2025/11/14 08:07:49 fetching corpus: 1521, signal 121107/121663 (executing program) 2025/11/14 08:07:49 fetching corpus: 1521, signal 121107/121722 (executing program) 2025/11/14 08:07:49 fetching corpus: 1521, signal 121107/121783 (executing program) 2025/11/14 08:07:49 fetching corpus: 1521, signal 121107/121909 (executing program) 2025/11/14 08:07:49 fetching corpus: 1521, signal 121107/121909 (executing program) 2025/11/14 08:07:50 starting 8 fuzzer processes 08:07:50 executing program 0: tee(0xffffffffffffffff, 0xffffffffffffffff, 0x39053dee, 0x0) 08:07:50 executing program 4: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') fsetxattr$security_evm(r0, &(0x7f0000000000), &(0x7f0000000040)=@sha1={0x1, "587f31c41a0d2e85e9e7839f3654584b204755b4"}, 0x15, 0x0) 08:07:50 executing program 7: fchdir(0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = mq_open(&(0x7f0000000080)='{#:E,,\x00\x9e\\\xe5\x9a\x86{w\x1f1\xfcN\x85U_0\x96\x13\xab\x12\b\x00\x00\x00\xfe\xc6\xf3\xf9\x05\x8de\xe5\xa8?5\x19\x88\xef;:\xb2#\x1b\\\x98.\x04/\xa3\xc4:\xdbj\xfb\x0f\xf1\xe0y\xe8+9\xa6#\x1e\xf0P\x8c#h\xbb\f\x0e\x8b\xe0\xc4\n\x92zK/\xe2\x10M8\x9a\xf0\x02\xab,\xb5\xc5\x81\x99\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\xc7\f\xd8|\xd9\x8d]\x1c\xbe\x9e\xc7w\x1fG\x8f\xb9\x87\xe3n\a\xb8\xeak\xd22\x9a|8\\Xq\xd2\xa0\xdf7\x84\x11D;M\x1d\x97\xb4\xc0\xd5,|\xcfO\xce\x82-9\xa8?*\x04S\x96\x05\x8f\x83\x9b}Xy\xc3\x95\x84\xf4\xe7\xea\xf1|e\v4\xd8`V\xaf\xa4\xaf\x14\xb4Bfs\xb3$\xcc\xd9\xbe9WUM\x1e\x04\xdcg;\xec\xe3', 0x41, 0x0, 0x0) mq_timedsend(r0, &(0x7f00000001c0)="717016469f5c89085496564e2db0aae68966ab86e46314f1f5bf66e58f53d22f68887ebe8ececd34acca965a1d93f96e8ea7089a7039e5002ed8e5e557f1b4584e40db26e20c6eee70e1e29151c15b2599bc766a998d60619162fe542461074d356484d045dcd0dadcc7a8630323311657f1ae28ad74d6cd9d5f82f7fcc005df06d0bb4dd5fb2531d7f5d23ffe270c91ca2adce472694751abcf7ac3d155a74e5a1f0639b09ed7476f0253f18aad532789d359910b092a02e82b90bfb870110348dc6b1fe3408ab41e92c7d3782b8465c5b656ab2d93f52787f69b7b1b36a1a783ad9e178bd7df03785cfa9485c3c81502137a62f1ce3caf2e8e0a7af0d5f913bc462fa72444e87077c767480435b0128c69cec5c736ae8f8a937dc5da099043d8080c54c36d274e2d6c6aab87733616ec43b34f3ce915c3e66537bd63cfe8e6941771614d9ebcf72b8fbbfa8ad0c1c72c18cc6699ff018951ae745063a70c9a5a1f8c7d12d4af5c78c69f56b024f9448e4f4093f483c89e47e36b6c15028133e7cf4acdb588682da398da6bdaa1f3ee93864aa925a6eb0c5909102b4115da760c95bff780dbe7eda9ab50567cd86cdadeb9e8b6e67a70d6dc0a66ec5c57bfc2154ff1f04f36ad06e7953376b4f82e75fd921b461913669ff63459394859414e9d4e16638a7abc63f6e6c7d330b4df05b2bc93032c9f72aa141289b219c0f9ba7827715390b992096e285f8d3afe45d19416b249422211efac40854488729ebacc9a37892aa78d9b918b8db2a35921480aea66e7f8d2aa45437adc560a61ed58310379d5d869a6b985d16ba861723880b142d01cf38a486d2f8a9fdcedcfc63237425e6cc223085520a8fca2000e8e960106a670e027c5a51bdeac2ea9835362cc0c0ecf62c1b87468de3e89ff0e7110dbef69bb069a899705887e325d8ef9422f6ead2db594945bed3b9b61ec9c3a733282005984e03c7950a70074b88325a13e638a2e92b6554c9d856e6a108d6e16b4c3789e6525034b656a8d2f36b9d73546b9dff1423e453d94c874576054ea0c78793388cdd2cc683371aa9929d8033924b8f644a104e7e2ac670414606ce7838ed2b87c5dbabc7a35ffe718fe4b018dadff36968acdd72f817313fe6f0cd864702245641d1fce14912d06a8e84500a4f5a802f1bed8d623a13d0f611ad377ef6cab656aa31418d448904b5b7d5a85f5c6e0eaf461dcfac03596d2a3129ee2529c050826a270b292e99d6ed7ac9051669e0d5b6ade0875f312868934a1e09940a57f5c4ab877859ed9a09ba258e8f505284c51b65ac292b426c18308021e55255afcd5462db61ee60a628cff09f8369593bf00132e343cb43feffeb098b1c8b4f17ef77eb15b549d3009f1846d92c155e5ff902d26cd53a7e340d667d02aa86abc916205972d4b9f47a5f4b56c3acaf7a13770b363b4c0751384c8267195b2e2f30c6edcbf12dac3ed1354616b1f2efcd37fc208b30bc0a40f69759b102dc0fe20c9464fa9f06dcd64daad5c58b15a75b28786d0dfda83c5fb5900375dc74bb26189ab2e913182ea362aef2822148ef016ddfff624351e87fda81d855ac32c1a0c79292d1673cba700bbdb5a16b058aeecd38f32cd2f0b441e774f1230cdd95b5104f4533d894db86eeedd94958f38cb431f5534b45e310a6f4548fd159169a648f8694541a230c13ec69e70d8c9518d68b9689769350c3e8f07048c0d978f379c3a2fe13af4d95892eb1ea834ec1494c1ff4d59406acfbd7b6f93f193dea39d454eba97c7af64582f627333f5ca6cd8d969be179a2c8938dbe206e051a7aefd7aa191f4939f2d101d14f880aa9737f1457d3b0193145f78495b7e65efd935e3c04b1d272eb756260e9c98ab55e76306b7ffba898eef2d0196d8320db042bdd2efe50f54a2ac42b736a5f32a0f60016f6b57cd4d3278132f513a3e509409981cc2cf5a5cb0e0af5486e4c01cd05b50da1a420fb4faeea34d1b14b94a66ee14c9d13238ad529c449d71252037573171cf0453f6b32b13aceff67e50f8680c7ea477a98af849cd337a9abba1c6589a86308732ecca213b626658116ab00eba1bed9370df0b081cc8f5dcfddeb11d5ffd2d45f7a40ee9afe7ecdf1c1fc088cd2cb9141d4a06d1c508a85d1611ecda89e4cbe99605145a59648b1ab36b75514bf0c7d4aeb0eccdb813949a67e10fd9883d41bc7ab4bf29d0546d001cc59132724c29703cfcec5ce8b28f813be0ebf7b12f1ae2517944f5815e3a67e50469d6fe521f98190551b7d98f74a78a8e9e487b3a5f0a609873096222563bfecc64c0c242f57cda348c600c3b0043a69caa6fc3066b9b85d70d677184bfbdfb80d149915a70a36092b9a467bc0827c87012fcc063c75057021888d6623ff7725c7dffa3e3d259b08187e4aefde21ae6a6720cf6fd9582769fae2e67543022b840fb8984b593a9b15f033eede36321336b8060676908c123a3ad3b1360e66c2b100f7ef7ba4e323a4ae197376856dabcb1b550c09970d86952fe6403d078eea613267d43302cc452db46b68a1ba352b824433fa3d858803d461922daf7a29c9ff4efa768c0d97bec5cefb40329e6591ec4f97e46070d28be963c562ca62dfe142c74ca9b4e74699de840f45ada8e9cda18f93442d62b8956319f7e40126a57ad6be045f679b4019b552c1336733f6b347e76fcf7b38773b7dcc7a1bf84855cc10b8b84a5a7c7b7b8ad06c4be98935c56a7d6b8ac9811705de921a9d26953e059d52154ba9253ad60aca5c4cb8d98e5ea9c6cdd01124e2a26feb3fff8dd4e1d59363b7ca412bf65dcd3508fddbcdb15e3d41157da5ecfd6b9655af2e13afe77db7ed16f75303a3afad0f54a7fb1d10c8d636840f0c6bfa128ee76f544265ed42bb519c2ce65101963629bcc977d6a33906d6bc10473b75fb11dfd8219f073b4bc6832fe5a916bc960484e36eacfd3a07a50124ea49506d020fa459e9cef080378df4cc7aaff1c2b73c467025fd50444100107fdae66370a6fb2429a59e6f44107506944240aabda3943ff5791d5add239bd44688338362fb65b7efd67a4735b30c5b1e9482124c46fa439b0534f06c03cad033db3c08a1830fda28822f8ff7860c07ed40acc302b75afa1fb384610dd6ef81e9d8f199db346d4b508e621c897b14f5c2e20f78f295eb35ec03bf821f4b903a6ff8210ae443dea3ac1139d7ad796b41da3b14b0130687309c1aee962c6e8ed7a91d33c81923d1359cbacbfa943680a630b24c31f6f23afd224f22641447b9dc10fbf64e786b811900320c8a022748bf6ef76971d68beb45cea657c12a61f3cc99a6863528e6c0d836296d13cfeb08acf0909f3c8401b02927c06f2cac5b52e2f0c601ad8857d71296bd2d7c3aa57367e4a2ddb2a8ae6b569cdb5fc38ad654b8f0d1d7d8ae8215365d94f34714cc62864ac295cb4228ba51081264efd921f2a44f7f15649e25aacfb6556814e1bedb0789e8b272a270171f1fd62b195da915af4c0ab3655875d152de10ea39ebe484f3e1416431a390872e7ec7b268cfc16284c54e2a86a460526551d45c054e20045884ba64ac867f243aef85aa7fad17f6c6cca3bc3bb5e1a8a1cdb2b01cabc9c0a42342426e9e23ee3d7245844a494e0d4e7651d73ed466dd7afca0241439a7bb61966227fc9c35909a06ebffcdd83f785e2d04e466dd6ce19a73d2563f4ed24f1ab3fcba29d4d5f6157021468ddc96219cbc0cfc895f02e91f7d6a365c6f57acef0fe7270343be8183dc0e83c0b5317c3f882bee53adba8e33882be29b1f416984aea9e8846ea316f8950a922d4ec9dd87709422f2cd41dd043ac702f5176716cf1eef70d82bca7c2ae5a3a5ac55e1cf4ae2605c33199d9440b4ae457f29c2bfa9f18cb56118eca5c6dbeb7bb75d77b8db7c14d4d72d09586704e90ef82bdc2c7129575076cdaea3ed6a96d4c80919003823b0c3062f86494cbd1f15a205a91fd4177966cef310dbb8654223cdf39b5baa7d14ec1d92fb6f4ebbe4521db55e33c03075cac9c4cfacc97eac32336fd9e22b59c77d0c406ad94cab40b3ad473371528941c4f76d649d7da5527882adcdb9f827f7b4c35db60b82d03c2bdac46d3c624ef83ef38b8a001b6e9fde4aa41923cdeb06359f7ed4d781b5e89885f7fdf0eb36f1adb4ef99004ce9dfed0d0d131e032b24df117b2f8b4d21f21e52185766ce280fc0b7048d7b04d4a9e3af506a4a1795109cf93002ed02d8132fe051d959b3fdb02304e184f4211c1471c0557e8ba08bc95553f32e13036bcf228083c00e03ae01e016ffd76a507969c8d81a2e706be03ecbee9c686e5a32d2abb676d4208a10e623658646a55922e828634b1b585beedaeebf34c473a9d94f7c0fa2888f3cfbe1469fae2a29de067e5d21ef27e3090e6afc6f3a17250e9ddab18063643266d5ce63f37b64a5c8d255c050b53e0a3df6457d8ae906166b30657f244c7e71ed4a7a5652f74be38dc864866518c1bbb2b42627135a68f4fccb92b417f26f8aca2002f2c1c51f6eee6db5b660c5704c2df01b588b21c123742f301f3bef4c2dd1ffd55eb3e761450b7e688ffaf839e422db14991fb9edace86f0b0653070d595a0ebc23e0b7b196c9115be3d521de18d1efdc13d0bf6fb87c5d0ebf9111bf033a5a645dc4070a26a80dfdec714a51577e97d104ad68dceba5178c6ee04f30ed8f5b5116e7b91883540de87f0198462f02fa7d194cf31a8759f768675235fac559e8944c07abea9b4f9544f6d9876b540b51c0b873a8f6812ec7056678fe0b990c505ed1ca0dee048f956292ca9973ac6627a8d49379b4b162e7e7f7d609c50221b76d04609bb4ce7bbd542362cf9828fef22687f95e668a9f621a724bc35c81fc387efffbd3072273a8fdd613e1e48ae4919d1f333cae6c1a3f2152fda436c2d56fb512b5ffcf3ed8d6a7c2cd09a94455c9a4a8bc69f2e415479a33446834ac231b0a0824a9ca090b883d55aa7c2adb3450344ba2b59f435cb1a9e1ebc312b94fc38d90f369cfbca25c4a1bbca43fb22e6f2975c8e3925748aa2c5ff4c8b12f7f8e5888093ad3d1b04f0b3bcf5a894872aff85a56eaa61b6b673dc8d0dae20a1cc32d720ac1f74ba37e7938bcd0b1ab41234df83f25beedf70ec7c58a99856f021d31e7b85b03470a989fed70977e77894b1c4d7e327c384752412919aec9fdcd4c5b0e5ada2f1dd44b004b32e16220f10ca61c49351f6e97cb3963d5eb5ed514e048b636137844910dbf4c5163b655905734ee2a130805c04e6a8e3978145b60b2f5909a97e2673e600f82083bbe74c91add3ffbcc062a7f4e45dc0f3b7b868ed02007aff84d70bc89ce0f5c1613f75059422d628daeb6c4ae3c455809f6f50b47430600b2147db102780ab75c1f30b96b2c18b2b49d43dbe27b75fb08d211a203cddd5d3a389dc5a12a27583ebcd3fa84177831f6d7bc30cb555e32dcb3d3472ec3d91218817f2cb74b02eaaee3c3e9e8e6fe316a8a63a8a22e0a4a7bd3fbf5a571020f495c66fbf4fb391fdbf103f6d311ef408536a86e8707802ca174fdc2da61f40686c5c0462fd142b15fcddcf83a659801756179154cb262713db6bc098548adc823c05f03dcc202fb414f5a26e5a8cc6f2c94a70b9674384a6d0cb2a5ef290eec0817879b32d12527ad248a730987991a5f49454f2657d59bdd3de03c262f4ddbb08a81d7c371b89ba7546a78b55819560682ece2c6fc19d2a8a8003fcf494e0069b0126fc27440374c94eb86a8668632a", 0x1000, 0x9, 0x0) 08:07:50 executing program 1: shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000002c0)=""/81) [ 61.272106] audit: type=1400 audit(1763107670.940:7): avc: denied { execmem } for pid=275 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:07:50 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x201) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000040)=0x7d) writev(r0, &(0x7f00000000c0)=[{&(0x7f00000001c0)="9811b416240000000000000092675a9eed92a8c20c45248749b781ffffffffffffff462af69d1bfa3560", 0x2a}], 0x1) 08:07:50 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00') write$cgroup_int(r0, &(0x7f0000000080)=0x100000000000000, 0x12) 08:07:50 executing program 5: setgroups(0x2901, 0x0) 08:07:50 executing program 6: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x40032, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3, 0x1c) [ 62.410522] ================================================================== [ 62.411867] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0 [ 62.413074] Read of size 2 at addr ffff88801d244b78 by task kworker/u11:2/295 [ 62.415116] [ 62.415591] CPU: 0 UID: 0 PID: 295 Comm: kworker/u11:2 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) [ 62.415626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 62.415643] Workqueue: hci1 hci_cmd_work [ 62.415677] Call Trace: [ 62.415686] [ 62.415695] dump_stack_lvl+0xca/0x120 [ 62.415728] print_report+0xcb/0x610 [ 62.415761] ? __virt_addr_valid+0x100/0x5d0 [ 62.415791] ? hci_cmd_work+0x66d/0x6d0 [ 62.415823] ? hci_cmd_work+0x66d/0x6d0 [ 62.415855] kasan_report+0xca/0x100 [ 62.415888] ? hci_cmd_work+0x66d/0x6d0 [ 62.415924] hci_cmd_work+0x66d/0x6d0 [ 62.415958] process_one_work+0x8e1/0x19c0 [ 62.416001] ? __pfx_process_one_work+0x10/0x10 [ 62.416037] ? rcuwait_wake_up+0x27/0x290 [ 62.416072] ? move_linked_works+0x172/0x270 [ 62.416101] ? assign_work+0x196/0x240 [ 62.416137] worker_thread+0x67e/0xe90 [ 62.416172] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 62.416204] ? __pfx_worker_thread+0x10/0x10 [ 62.416240] kthread+0x3c8/0x740 [ 62.416273] ? __pfx_kthread+0x10/0x10 [ 62.416304] ? ret_from_fork+0x79/0x7a0 [ 62.416330] ? lock_release+0xc8/0x290 [ 62.416369] ? __pfx_kthread+0x10/0x10 [ 62.416402] ret_from_fork+0x67a/0x7a0 [ 62.416427] ? __pfx_ret_from_fork+0x10/0x10 [ 62.416454] ? __switch_to+0x759/0x1060 [ 62.416489] ? __pfx_kthread+0x10/0x10 [ 62.416521] ret_from_fork_asm+0x1a/0x30 [ 62.416563] [ 62.416572] [ 62.447289] Allocated by task 292: [ 62.447935] kasan_save_stack+0x24/0x50 [ 62.448672] kasan_save_track+0x14/0x30 [ 62.449389] __kasan_slab_alloc+0x59/0x70 [ 62.450159] kmem_cache_alloc_node_noprof+0x228/0x6b0 [ 62.451127] __alloc_skb+0x2ab/0x370 [ 62.451837] hci_cmd_sync_alloc+0x34/0x300 [ 62.452627] __hci_cmd_sync_sk+0xf7/0x5c0 [ 62.453380] __hci_cmd_sync_status_sk+0x4d/0x1a0 [ 62.454275] hci_dev_open_sync+0x10ef/0x1f60 [ 62.455104] hci_power_on+0xdb/0x5d0 [ 62.455807] process_one_work+0x8e1/0x19c0 [ 62.456589] worker_thread+0x67e/0xe90 [ 62.457302] kthread+0x3c8/0x740 [ 62.457951] ret_from_fork+0x67a/0x7a0 [ 62.458677] ret_from_fork_asm+0x1a/0x30 [ 62.459413] [ 62.459750] Freed by task 293: [ 62.460322] kasan_save_stack+0x24/0x50 [ 62.461062] kasan_save_track+0x14/0x30 [ 62.461808] kasan_save_free_info+0x3a/0x60 [ 62.462614] __kasan_slab_free+0x43/0x70 [ 62.463330] kmem_cache_free+0x26f/0x500 [ 62.464075] kfree_skbmem+0x18a/0x1f0 [ 62.464793] sk_skb_reason_drop+0x10e/0x1b0 [ 62.465609] vhci_read+0x3d5/0x5d0 [ 62.466271] vfs_read+0x1eb/0xc70 [ 62.466909] ksys_read+0x121/0x240 [ 62.467558] do_syscall_64+0xbf/0x430 [ 62.468253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.469192] [ 62.469522] The buggy address belongs to the object at ffff88801d244b40 [ 62.469522] which belongs to the cache skbuff_head_cache of size 232 [ 62.471808] The buggy address is located 56 bytes inside of [ 62.471808] freed 232-byte region [ffff88801d244b40, ffff88801d244c28) [ 62.474028] [ 62.474356] The buggy address belongs to the physical page: [ 62.475293] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d244 [ 62.476618] flags: 0x100000000000000(node=0|zone=1) [ 62.477421] page_type: f5(slab) [ 62.477988] raw: 0100000000000000 ffff8880096c78c0 dead000000000122 0000000000000000 [ 62.479232] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 62.480477] page dumped because: kasan: bad access detected [ 62.481380] [ 62.481701] Memory state around the buggy address: [ 62.482492] ffff88801d244a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.483616] ffff88801d244a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 62.484757] >ffff88801d244b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 62.485898] ^ [ 62.486992] ffff88801d244b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.488089] ffff88801d244c00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 62.489167] ================================================================== [ 62.490933] Disabling lock debugging due to kernel taint [ 62.495022] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.498030] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.499574] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.501016] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.503349] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.505254] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.506939] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.509665] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.514407] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.526414] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.531597] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.535354] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 62.539459] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 62.540937] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 62.541407] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.543305] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.544657] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.547619] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.549865] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.551473] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.552913] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 62.554971] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 62.557977] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 62.560385] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 62.562306] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 62.564980] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.566636] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 62.569456] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 62.571095] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 62.573439] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 62.582067] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.587343] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 62.589570] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.593355] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 62.596762] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 62.597678] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 62.602391] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 62.606377] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 62.644512] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 62.650309] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 64.566317] Bluetooth: hci0: command tx timeout [ 64.566351] Bluetooth: hci1: command tx timeout [ 64.630286] Bluetooth: hci3: command tx timeout [ 64.630433] Bluetooth: hci6: command tx timeout [ 64.631053] Bluetooth: hci5: command tx timeout [ 64.631074] Bluetooth: hci2: command tx timeout [ 64.694820] Bluetooth: hci7: command tx timeout [ 64.695609] Bluetooth: hci4: command tx timeout [ 66.614710] Bluetooth: hci0: command tx timeout [ 66.615447] Bluetooth: hci1: command tx timeout [ 66.678935] Bluetooth: hci6: command tx timeout [ 66.679825] Bluetooth: hci5: command tx timeout [ 66.680479] Bluetooth: hci2: command tx timeout [ 66.681081] Bluetooth: hci3: command tx timeout [ 66.743381] Bluetooth: hci7: command tx timeout [ 66.744009] Bluetooth: hci4: command tx timeout [ 68.662385] Bluetooth: hci0: command tx timeout [ 68.663529] Bluetooth: hci1: command tx timeout [ 68.726265] Bluetooth: hci2: command tx timeout [ 68.727228] Bluetooth: hci6: command tx timeout [ 68.728096] Bluetooth: hci5: command tx timeout [ 68.728127] Bluetooth: hci3: command tx timeout [ 68.791129] Bluetooth: hci4: command tx timeout [ 68.791158] Bluetooth: hci7: command tx timeout [ 70.712211] Bluetooth: hci0: command tx timeout [ 70.712221] Bluetooth: hci1: command tx timeout [ 70.774309] Bluetooth: hci2: command tx timeout [ 70.774323] Bluetooth: hci6: command tx timeout [ 70.774769] Bluetooth: hci3: command tx timeout [ 70.775134] Bluetooth: hci5: command tx timeout [ 70.840216] Bluetooth: hci4: command tx timeout [ 70.840230] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 08:07:52 Registers: info registers vcpu 0 RAX=000000000000006c RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8293dd05 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff888017117618 R8 =0000000000000000 R9 =ffffed100167b046 R10=000000000000006c R11=30643578302f3030 R12=000000000000006c R13=0000000000000010 R14=ffffffff88974780 R15=ffffffff8293dcf0 RIP=ffffffff8293dd5d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e538f000 00000000 00000000 LDT=0000 fffffe5100000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f15b4a93070 CR3=000000000d191000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f15b4b567c000007f15b4b567c8 XMM02=00007f15b4b567e000007f15b4b567c0 XMM03=00007f15b4b567c800007f15b4b567c0 XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffffea000061da40 RCX=ffffffff819f014d RDX=ffff88801662b780 RSI=ffffffff819f015f RDI=0000000000000005 RBP=ffffea000061da40 RSP=ffff888016ac7588 R8 =0000000000000001 R9 =fffff940000c3b4e R10=0000000000000000 R11=0000000000000001 R12=ffffea000061da74 R13=ffff888016ac78b8 R14=ffffea000061da58 R15=0000000000000000 RIP=ffffffff817533e8 RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f063fa9f8c0 00000000 00000000 GS =0000 ffff8880e548f000 00000000 00000000 LDT=0000 fffffe2c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055e8b0952908 CR3=000000000c431000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000003ffe04952301a771 XMM02=00000000000000004139f22a00000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000