Warning: Permanently added '[localhost]:57897' (ECDSA) to the list of known hosts. 2025/11/14 08:46:45 fuzzer started 2025/11/14 08:46:45 dialing manager at localhost:37161 syzkaller login: [ 50.570946] cgroup: Unknown subsys name 'net' [ 50.636475] cgroup: Unknown subsys name 'cpuset' [ 50.652946] cgroup: Unknown subsys name 'rlimit' 2025/11/14 08:46:54 syscalls: 2214 2025/11/14 08:46:54 code coverage: enabled 2025/11/14 08:46:54 comparison tracing: enabled 2025/11/14 08:46:54 extra coverage: enabled 2025/11/14 08:46:54 setuid sandbox: enabled 2025/11/14 08:46:54 namespace sandbox: enabled 2025/11/14 08:46:54 Android sandbox: enabled 2025/11/14 08:46:54 fault injection: enabled 2025/11/14 08:46:54 leak checking: enabled 2025/11/14 08:46:54 net packet injection: enabled 2025/11/14 08:46:54 net device setup: enabled 2025/11/14 08:46:54 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/11/14 08:46:54 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/11/14 08:46:54 USB emulation: enabled 2025/11/14 08:46:54 hci packet injection: enabled 2025/11/14 08:46:54 wifi device emulation: enabled 2025/11/14 08:46:54 802.15.4 emulation: enabled 2025/11/14 08:46:54 fetching corpus: 0, signal 0/2000 (executing program) 2025/11/14 08:46:55 fetching corpus: 50, signal 29767/33271 (executing program) 2025/11/14 08:46:55 fetching corpus: 100, signal 37840/42899 (executing program) 2025/11/14 08:46:55 fetching corpus: 150, signal 46261/52714 (executing program) 2025/11/14 08:46:55 fetching corpus: 200, signal 57743/65338 (executing program) 2025/11/14 08:46:55 fetching corpus: 250, signal 62023/70871 (executing program) 2025/11/14 08:46:55 fetching corpus: 300, signal 67443/77442 (executing program) 2025/11/14 08:46:55 fetching corpus: 350, signal 70916/82132 (executing program) 2025/11/14 08:46:55 fetching corpus: 400, signal 74339/86710 (executing program) 2025/11/14 08:46:55 fetching corpus: 450, signal 77656/91114 (executing program) 2025/11/14 08:46:56 fetching corpus: 500, signal 81230/95699 (executing program) 2025/11/14 08:46:56 fetching corpus: 550, signal 84685/100134 (executing program) 2025/11/14 08:46:56 fetching corpus: 600, signal 87839/104242 (executing program) 2025/11/14 08:46:56 fetching corpus: 650, signal 91732/108909 (executing program) 2025/11/14 08:46:56 fetching corpus: 700, signal 94031/112147 (executing program) 2025/11/14 08:46:56 fetching corpus: 750, signal 95826/114930 (executing program) 2025/11/14 08:46:56 fetching corpus: 800, signal 97536/117598 (executing program) 2025/11/14 08:46:56 fetching corpus: 850, signal 100009/120909 (executing program) 2025/11/14 08:46:57 fetching corpus: 900, signal 102776/124373 (executing program) 2025/11/14 08:46:57 fetching corpus: 950, signal 105375/127672 (executing program) 2025/11/14 08:46:57 fetching corpus: 1000, signal 107025/130128 (executing program) 2025/11/14 08:46:57 fetching corpus: 1050, signal 109210/133025 (executing program) 2025/11/14 08:46:57 fetching corpus: 1100, signal 110813/135357 (executing program) 2025/11/14 08:46:57 fetching corpus: 1150, signal 113377/138440 (executing program) 2025/11/14 08:46:57 fetching corpus: 1200, signal 115657/141263 (executing program) 2025/11/14 08:46:58 fetching corpus: 1250, signal 116916/143256 (executing program) 2025/11/14 08:46:58 fetching corpus: 1300, signal 118040/145165 (executing program) 2025/11/14 08:46:58 fetching corpus: 1350, signal 119857/147550 (executing program) 2025/11/14 08:46:58 fetching corpus: 1400, signal 121207/149563 (executing program) 2025/11/14 08:46:58 fetching corpus: 1450, signal 123252/152059 (executing program) 2025/11/14 08:46:58 fetching corpus: 1500, signal 124644/154046 (executing program) 2025/11/14 08:46:58 fetching corpus: 1550, signal 126420/156276 (executing program) 2025/11/14 08:46:58 fetching corpus: 1600, signal 128194/158509 (executing program) 2025/11/14 08:46:58 fetching corpus: 1650, signal 129386/160290 (executing program) 2025/11/14 08:46:58 fetching corpus: 1700, signal 130476/161959 (executing program) 2025/11/14 08:46:59 fetching corpus: 1750, signal 131541/163588 (executing program) 2025/11/14 08:46:59 fetching corpus: 1800, signal 132454/165093 (executing program) 2025/11/14 08:46:59 fetching corpus: 1850, signal 133605/166809 (executing program) 2025/11/14 08:46:59 fetching corpus: 1900, signal 134574/168341 (executing program) 2025/11/14 08:46:59 fetching corpus: 1950, signal 136004/170135 (executing program) 2025/11/14 08:46:59 fetching corpus: 2000, signal 137087/171727 (executing program) 2025/11/14 08:46:59 fetching corpus: 2050, signal 138129/173198 (executing program) 2025/11/14 08:46:59 fetching corpus: 2100, signal 138897/174549 (executing program) 2025/11/14 08:46:59 fetching corpus: 2149, signal 140171/176179 (executing program) 2025/11/14 08:47:00 fetching corpus: 2199, signal 141364/177766 (executing program) 2025/11/14 08:47:00 fetching corpus: 2249, signal 142607/179317 (executing program) 2025/11/14 08:47:00 fetching corpus: 2299, signal 143272/180559 (executing program) 2025/11/14 08:47:00 fetching corpus: 2349, signal 144555/182079 (executing program) 2025/11/14 08:47:00 fetching corpus: 2399, signal 145397/183346 (executing program) 2025/11/14 08:47:00 fetching corpus: 2449, signal 146385/184697 (executing program) 2025/11/14 08:47:00 fetching corpus: 2499, signal 147144/185921 (executing program) 2025/11/14 08:47:00 fetching corpus: 2549, signal 147904/187137 (executing program) 2025/11/14 08:47:00 fetching corpus: 2599, signal 148883/188435 (executing program) 2025/11/14 08:47:00 fetching corpus: 2648, signal 149571/189536 (executing program) 2025/11/14 08:47:00 fetching corpus: 2698, signal 151118/191156 (executing program) 2025/11/14 08:47:01 fetching corpus: 2748, signal 151896/192314 (executing program) 2025/11/14 08:47:01 fetching corpus: 2798, signal 152621/193417 (executing program) 2025/11/14 08:47:01 fetching corpus: 2847, signal 153028/194372 (executing program) 2025/11/14 08:47:01 fetching corpus: 2897, signal 153613/195387 (executing program) 2025/11/14 08:47:01 fetching corpus: 2947, signal 154444/196538 (executing program) 2025/11/14 08:47:01 fetching corpus: 2997, signal 154965/197527 (executing program) 2025/11/14 08:47:01 fetching corpus: 3047, signal 155525/198460 (executing program) 2025/11/14 08:47:01 fetching corpus: 3097, signal 156385/199557 (executing program) 2025/11/14 08:47:01 fetching corpus: 3147, signal 158059/200992 (executing program) 2025/11/14 08:47:01 fetching corpus: 3197, signal 158807/201991 (executing program) 2025/11/14 08:47:02 fetching corpus: 3247, signal 159472/202887 (executing program) 2025/11/14 08:47:02 fetching corpus: 3297, signal 160149/203854 (executing program) 2025/11/14 08:47:02 fetching corpus: 3347, signal 160840/204751 (executing program) 2025/11/14 08:47:02 fetching corpus: 3397, signal 161329/205596 (executing program) 2025/11/14 08:47:02 fetching corpus: 3447, signal 162077/206555 (executing program) 2025/11/14 08:47:02 fetching corpus: 3497, signal 162729/207443 (executing program) 2025/11/14 08:47:02 fetching corpus: 3547, signal 163687/208423 (executing program) 2025/11/14 08:47:02 fetching corpus: 3596, signal 164294/209265 (executing program) 2025/11/14 08:47:02 fetching corpus: 3646, signal 164811/210069 (executing program) 2025/11/14 08:47:02 fetching corpus: 3696, signal 165621/210938 (executing program) 2025/11/14 08:47:02 fetching corpus: 3746, signal 166172/211738 (executing program) 2025/11/14 08:47:03 fetching corpus: 3796, signal 166945/212606 (executing program) 2025/11/14 08:47:03 fetching corpus: 3846, signal 167660/213405 (executing program) 2025/11/14 08:47:03 fetching corpus: 3896, signal 168288/214217 (executing program) 2025/11/14 08:47:03 fetching corpus: 3946, signal 168754/214987 (executing program) 2025/11/14 08:47:03 fetching corpus: 3996, signal 169233/215701 (executing program) 2025/11/14 08:47:03 fetching corpus: 4045, signal 170144/216563 (executing program) 2025/11/14 08:47:03 fetching corpus: 4095, signal 171040/217423 (executing program) 2025/11/14 08:47:03 fetching corpus: 4143, signal 171635/218155 (executing program) 2025/11/14 08:47:03 fetching corpus: 4193, signal 172070/218829 (executing program) 2025/11/14 08:47:04 fetching corpus: 4243, signal 172875/219591 (executing program) 2025/11/14 08:47:04 fetching corpus: 4293, signal 173312/220226 (executing program) 2025/11/14 08:47:04 fetching corpus: 4343, signal 173827/220900 (executing program) 2025/11/14 08:47:04 fetching corpus: 4393, signal 174172/221544 (executing program) 2025/11/14 08:47:04 fetching corpus: 4443, signal 175083/222330 (executing program) 2025/11/14 08:47:04 fetching corpus: 4493, signal 175668/222947 (executing program) 2025/11/14 08:47:04 fetching corpus: 4543, signal 176006/223504 (executing program) 2025/11/14 08:47:04 fetching corpus: 4593, signal 176390/224112 (executing program) 2025/11/14 08:47:04 fetching corpus: 4643, signal 176876/224710 (executing program) 2025/11/14 08:47:05 fetching corpus: 4693, signal 177261/225275 (executing program) 2025/11/14 08:47:05 fetching corpus: 4743, signal 177525/225778 (executing program) 2025/11/14 08:47:05 fetching corpus: 4792, signal 177903/226396 (executing program) 2025/11/14 08:47:05 fetching corpus: 4842, signal 178364/226964 (executing program) 2025/11/14 08:47:05 fetching corpus: 4892, signal 179017/227549 (executing program) 2025/11/14 08:47:05 fetching corpus: 4942, signal 179565/228120 (executing program) 2025/11/14 08:47:05 fetching corpus: 4992, signal 180008/228665 (executing program) 2025/11/14 08:47:05 fetching corpus: 5042, signal 180498/229231 (executing program) 2025/11/14 08:47:05 fetching corpus: 5092, signal 180985/229756 (executing program) 2025/11/14 08:47:06 fetching corpus: 5142, signal 181330/230288 (executing program) 2025/11/14 08:47:06 fetching corpus: 5191, signal 182232/230905 (executing program) 2025/11/14 08:47:06 fetching corpus: 5241, signal 182826/231426 (executing program) 2025/11/14 08:47:06 fetching corpus: 5291, signal 183381/231917 (executing program) 2025/11/14 08:47:06 fetching corpus: 5341, signal 183919/232421 (executing program) 2025/11/14 08:47:06 fetching corpus: 5391, signal 184622/232931 (executing program) 2025/11/14 08:47:06 fetching corpus: 5440, signal 184947/233390 (executing program) 2025/11/14 08:47:06 fetching corpus: 5490, signal 185449/233874 (executing program) 2025/11/14 08:47:06 fetching corpus: 5540, signal 185839/234335 (executing program) 2025/11/14 08:47:07 fetching corpus: 5590, signal 186264/234803 (executing program) 2025/11/14 08:47:07 fetching corpus: 5640, signal 186646/235248 (executing program) 2025/11/14 08:47:07 fetching corpus: 5690, signal 187087/235710 (executing program) 2025/11/14 08:47:07 fetching corpus: 5739, signal 187492/236136 (executing program) 2025/11/14 08:47:07 fetching corpus: 5789, signal 187822/236592 (executing program) 2025/11/14 08:47:07 fetching corpus: 5839, signal 188186/236998 (executing program) 2025/11/14 08:47:07 fetching corpus: 5889, signal 188527/237219 (executing program) 2025/11/14 08:47:07 fetching corpus: 5939, signal 188972/237219 (executing program) 2025/11/14 08:47:07 fetching corpus: 5989, signal 189243/237219 (executing program) 2025/11/14 08:47:07 fetching corpus: 6039, signal 189903/237219 (executing program) 2025/11/14 08:47:07 fetching corpus: 6089, signal 190159/237219 (executing program) 2025/11/14 08:47:08 fetching corpus: 6139, signal 190694/237219 (executing program) 2025/11/14 08:47:08 fetching corpus: 6189, signal 191059/237219 (executing program) 2025/11/14 08:47:08 fetching corpus: 6239, signal 191382/237219 (executing program) 2025/11/14 08:47:08 fetching corpus: 6288, signal 191817/237219 (executing program) 2025/11/14 08:47:08 fetching corpus: 6338, signal 192129/237219 (executing program) 2025/11/14 08:47:08 fetching corpus: 6388, signal 192699/237219 (executing program) 2025/11/14 08:47:08 fetching corpus: 6438, signal 193100/237219 (executing program) 2025/11/14 08:47:08 fetching corpus: 6488, signal 193418/237219 (executing program) 2025/11/14 08:47:08 fetching corpus: 6538, signal 193836/237219 (executing program) 2025/11/14 08:47:08 fetching corpus: 6588, signal 194219/237219 (executing program) 2025/11/14 08:47:09 fetching corpus: 6638, signal 194529/237219 (executing program) 2025/11/14 08:47:09 fetching corpus: 6688, signal 194767/237219 (executing program) 2025/11/14 08:47:09 fetching corpus: 6738, signal 195060/237219 (executing program) 2025/11/14 08:47:09 fetching corpus: 6788, signal 195287/237219 (executing program) 2025/11/14 08:47:09 fetching corpus: 6838, signal 195694/237219 (executing program) 2025/11/14 08:47:09 fetching corpus: 6888, signal 196060/237219 (executing program) 2025/11/14 08:47:09 fetching corpus: 6938, signal 196455/237219 (executing program) 2025/11/14 08:47:09 fetching corpus: 6988, signal 196937/237219 (executing program) 2025/11/14 08:47:09 fetching corpus: 7038, signal 197314/237219 (executing program) 2025/11/14 08:47:09 fetching corpus: 7088, signal 197749/237219 (executing program) 2025/11/14 08:47:10 fetching corpus: 7138, signal 198161/237219 (executing program) 2025/11/14 08:47:10 fetching corpus: 7188, signal 198521/237219 (executing program) 2025/11/14 08:47:10 fetching corpus: 7238, signal 198752/237219 (executing program) 2025/11/14 08:47:10 fetching corpus: 7288, signal 199030/237219 (executing program) 2025/11/14 08:47:10 fetching corpus: 7338, signal 199382/237219 (executing program) 2025/11/14 08:47:10 fetching corpus: 7388, signal 199661/237219 (executing program) 2025/11/14 08:47:10 fetching corpus: 7438, signal 199968/237219 (executing program) 2025/11/14 08:47:10 fetching corpus: 7488, signal 200312/237219 (executing program) 2025/11/14 08:47:10 fetching corpus: 7538, signal 200524/237219 (executing program) 2025/11/14 08:47:10 fetching corpus: 7588, signal 200995/237219 (executing program) 2025/11/14 08:47:11 fetching corpus: 7638, signal 201509/237219 (executing program) 2025/11/14 08:47:11 fetching corpus: 7688, signal 201896/237219 (executing program) 2025/11/14 08:47:11 fetching corpus: 7738, signal 202119/237219 (executing program) 2025/11/14 08:47:11 fetching corpus: 7788, signal 202371/237219 (executing program) 2025/11/14 08:47:11 fetching corpus: 7838, signal 202715/237219 (executing program) 2025/11/14 08:47:11 fetching corpus: 7888, signal 203102/237219 (executing program) 2025/11/14 08:47:11 fetching corpus: 7938, signal 203403/237219 (executing program) 2025/11/14 08:47:11 fetching corpus: 7988, signal 203811/237219 (executing program) 2025/11/14 08:47:11 fetching corpus: 8038, signal 204096/237219 (executing program) 2025/11/14 08:47:11 fetching corpus: 8088, signal 204466/237219 (executing program) 2025/11/14 08:47:12 fetching corpus: 8138, signal 204748/237219 (executing program) 2025/11/14 08:47:12 fetching corpus: 8188, signal 205066/237219 (executing program) 2025/11/14 08:47:12 fetching corpus: 8238, signal 205348/237219 (executing program) 2025/11/14 08:47:12 fetching corpus: 8288, signal 205648/237219 (executing program) 2025/11/14 08:47:12 fetching corpus: 8337, signal 205879/237219 (executing program) 2025/11/14 08:47:12 fetching corpus: 8387, signal 206126/237219 (executing program) 2025/11/14 08:47:12 fetching corpus: 8437, signal 206420/237219 (executing program) 2025/11/14 08:47:12 fetching corpus: 8486, signal 206703/237219 (executing program) 2025/11/14 08:47:12 fetching corpus: 8536, signal 206934/237219 (executing program) 2025/11/14 08:47:12 fetching corpus: 8586, signal 207243/237219 (executing program) 2025/11/14 08:47:13 fetching corpus: 8636, signal 207505/237219 (executing program) 2025/11/14 08:47:13 fetching corpus: 8686, signal 207848/237219 (executing program) 2025/11/14 08:47:13 fetching corpus: 8736, signal 208114/237219 (executing program) 2025/11/14 08:47:13 fetching corpus: 8786, signal 208591/237219 (executing program) 2025/11/14 08:47:13 fetching corpus: 8836, signal 208954/237221 (executing program) 2025/11/14 08:47:13 fetching corpus: 8886, signal 209192/237221 (executing program) 2025/11/14 08:47:13 fetching corpus: 8936, signal 209570/237221 (executing program) 2025/11/14 08:47:13 fetching corpus: 8986, signal 209814/237221 (executing program) 2025/11/14 08:47:13 fetching corpus: 9036, signal 210380/237221 (executing program) 2025/11/14 08:47:13 fetching corpus: 9086, signal 210690/237221 (executing program) 2025/11/14 08:47:13 fetching corpus: 9135, signal 210887/237221 (executing program) 2025/11/14 08:47:14 fetching corpus: 9185, signal 211191/237221 (executing program) 2025/11/14 08:47:14 fetching corpus: 9235, signal 211485/237221 (executing program) 2025/11/14 08:47:14 fetching corpus: 9285, signal 211682/237221 (executing program) 2025/11/14 08:47:14 fetching corpus: 9335, signal 212051/237221 (executing program) 2025/11/14 08:47:14 fetching corpus: 9385, signal 212290/237221 (executing program) 2025/11/14 08:47:14 fetching corpus: 9435, signal 212501/237221 (executing program) 2025/11/14 08:47:14 fetching corpus: 9485, signal 212753/237221 (executing program) 2025/11/14 08:47:14 fetching corpus: 9535, signal 212950/237221 (executing program) 2025/11/14 08:47:14 fetching corpus: 9585, signal 213137/237221 (executing program) 2025/11/14 08:47:14 fetching corpus: 9635, signal 213355/237221 (executing program) 2025/11/14 08:47:14 fetching corpus: 9685, signal 213591/237221 (executing program) 2025/11/14 08:47:14 fetching corpus: 9735, signal 214026/237221 (executing program) 2025/11/14 08:47:15 fetching corpus: 9785, signal 214391/237221 (executing program) 2025/11/14 08:47:15 fetching corpus: 9835, signal 214623/237222 (executing program) 2025/11/14 08:47:15 fetching corpus: 9885, signal 214872/237222 (executing program) 2025/11/14 08:47:15 fetching corpus: 9935, signal 215287/237222 (executing program) 2025/11/14 08:47:15 fetching corpus: 9985, signal 215516/237222 (executing program) 2025/11/14 08:47:15 fetching corpus: 10035, signal 215697/237222 (executing program) 2025/11/14 08:47:15 fetching corpus: 10085, signal 215869/237222 (executing program) 2025/11/14 08:47:15 fetching corpus: 10135, signal 216093/237222 (executing program) 2025/11/14 08:47:15 fetching corpus: 10185, signal 216329/237222 (executing program) 2025/11/14 08:47:15 fetching corpus: 10235, signal 216572/237222 (executing program) 2025/11/14 08:47:16 fetching corpus: 10285, signal 216789/237225 (executing program) 2025/11/14 08:47:16 fetching corpus: 10335, signal 217010/237225 (executing program) 2025/11/14 08:47:16 fetching corpus: 10385, signal 217242/237225 (executing program) 2025/11/14 08:47:16 fetching corpus: 10435, signal 217599/237225 (executing program) 2025/11/14 08:47:16 fetching corpus: 10485, signal 217814/237225 (executing program) 2025/11/14 08:47:16 fetching corpus: 10535, signal 218021/237225 (executing program) 2025/11/14 08:47:16 fetching corpus: 10585, signal 218255/237225 (executing program) 2025/11/14 08:47:16 fetching corpus: 10635, signal 218463/237225 (executing program) 2025/11/14 08:47:16 fetching corpus: 10685, signal 218701/237225 (executing program) 2025/11/14 08:47:16 fetching corpus: 10735, signal 218900/237225 (executing program) 2025/11/14 08:47:16 fetching corpus: 10785, signal 219216/237225 (executing program) 2025/11/14 08:47:17 fetching corpus: 10835, signal 219464/237225 (executing program) 2025/11/14 08:47:17 fetching corpus: 10885, signal 219671/237225 (executing program) 2025/11/14 08:47:17 fetching corpus: 10935, signal 219848/237225 (executing program) 2025/11/14 08:47:17 fetching corpus: 10985, signal 220051/237225 (executing program) 2025/11/14 08:47:17 fetching corpus: 11035, signal 220249/237225 (executing program) 2025/11/14 08:47:17 fetching corpus: 11085, signal 220462/237225 (executing program) 2025/11/14 08:47:17 fetching corpus: 11135, signal 220626/237225 (executing program) 2025/11/14 08:47:17 fetching corpus: 11185, signal 220865/237225 (executing program) 2025/11/14 08:47:17 fetching corpus: 11235, signal 221131/237225 (executing program) 2025/11/14 08:47:18 fetching corpus: 11285, signal 221397/237225 (executing program) 2025/11/14 08:47:18 fetching corpus: 11334, signal 221559/237225 (executing program) 2025/11/14 08:47:18 fetching corpus: 11384, signal 221774/237225 (executing program) 2025/11/14 08:47:18 fetching corpus: 11434, signal 222038/237225 (executing program) 2025/11/14 08:47:18 fetching corpus: 11484, signal 222254/237225 (executing program) 2025/11/14 08:47:18 fetching corpus: 11534, signal 222415/237225 (executing program) 2025/11/14 08:47:18 fetching corpus: 11584, signal 222579/237225 (executing program) 2025/11/14 08:47:18 fetching corpus: 11634, signal 222757/237225 (executing program) 2025/11/14 08:47:18 fetching corpus: 11684, signal 222992/237225 (executing program) 2025/11/14 08:47:18 fetching corpus: 11734, signal 223390/237225 (executing program) 2025/11/14 08:47:19 fetching corpus: 11784, signal 223662/237225 (executing program) 2025/11/14 08:47:19 fetching corpus: 11834, signal 223888/237225 (executing program) 2025/11/14 08:47:19 fetching corpus: 11884, signal 224063/237225 (executing program) 2025/11/14 08:47:19 fetching corpus: 11934, signal 224281/237225 (executing program) 2025/11/14 08:47:19 fetching corpus: 11984, signal 224492/237225 (executing program) 2025/11/14 08:47:19 fetching corpus: 12034, signal 224710/237225 (executing program) 2025/11/14 08:47:19 fetching corpus: 12084, signal 224968/237225 (executing program) 2025/11/14 08:47:19 fetching corpus: 12134, signal 225159/237225 (executing program) 2025/11/14 08:47:19 fetching corpus: 12184, signal 225436/237225 (executing program) 2025/11/14 08:47:19 fetching corpus: 12234, signal 225663/237225 (executing program) 2025/11/14 08:47:19 fetching corpus: 12284, signal 225829/237225 (executing program) 2025/11/14 08:47:20 fetching corpus: 12334, signal 226055/237225 (executing program) 2025/11/14 08:47:20 fetching corpus: 12383, signal 226280/237225 (executing program) 2025/11/14 08:47:20 fetching corpus: 12433, signal 226444/237226 (executing program) 2025/11/14 08:47:20 fetching corpus: 12483, signal 226690/237226 (executing program) 2025/11/14 08:47:20 fetching corpus: 12533, signal 226972/237233 (executing program) 2025/11/14 08:47:20 fetching corpus: 12583, signal 227181/237233 (executing program) 2025/11/14 08:47:20 fetching corpus: 12633, signal 227373/237233 (executing program) 2025/11/14 08:47:20 fetching corpus: 12683, signal 227573/237233 (executing program) 2025/11/14 08:47:20 fetching corpus: 12733, signal 227760/237233 (executing program) 2025/11/14 08:47:21 fetching corpus: 12783, signal 227923/237234 (executing program) 2025/11/14 08:47:21 fetching corpus: 12833, signal 228104/237234 (executing program) 2025/11/14 08:47:21 fetching corpus: 12883, signal 229053/237234 (executing program) 2025/11/14 08:47:21 fetching corpus: 12933, signal 229249/237234 (executing program) 2025/11/14 08:47:21 fetching corpus: 12983, signal 229392/237234 (executing program) 2025/11/14 08:47:21 fetching corpus: 13032, signal 229601/237234 (executing program) 2025/11/14 08:47:21 fetching corpus: 13082, signal 229765/237234 (executing program) 2025/11/14 08:47:21 fetching corpus: 13132, signal 230011/237234 (executing program) 2025/11/14 08:47:21 fetching corpus: 13182, signal 230216/237234 (executing program) 2025/11/14 08:47:21 fetching corpus: 13232, signal 230407/237234 (executing program) 2025/11/14 08:47:22 fetching corpus: 13282, signal 230818/237234 (executing program) 2025/11/14 08:47:22 fetching corpus: 13332, signal 231046/237234 (executing program) 2025/11/14 08:47:22 fetching corpus: 13382, signal 231223/237234 (executing program) 2025/11/14 08:47:22 fetching corpus: 13432, signal 231388/237234 (executing program) 2025/11/14 08:47:22 fetching corpus: 13482, signal 231549/237234 (executing program) 2025/11/14 08:47:22 fetching corpus: 13532, signal 231903/237234 (executing program) 2025/11/14 08:47:22 fetching corpus: 13582, signal 232069/237234 (executing program) 2025/11/14 08:47:22 fetching corpus: 13632, signal 232243/237234 (executing program) 2025/11/14 08:47:23 fetching corpus: 13682, signal 232438/237234 (executing program) 2025/11/14 08:47:23 fetching corpus: 13732, signal 232615/237234 (executing program) 2025/11/14 08:47:23 fetching corpus: 13782, signal 232729/237234 (executing program) 2025/11/14 08:47:23 fetching corpus: 13832, signal 232945/237234 (executing program) 2025/11/14 08:47:23 fetching corpus: 13882, signal 233120/237234 (executing program) 2025/11/14 08:47:23 fetching corpus: 13932, signal 233292/237234 (executing program) 2025/11/14 08:47:23 fetching corpus: 13982, signal 233445/237234 (executing program) 2025/11/14 08:47:23 fetching corpus: 14032, signal 233597/237234 (executing program) 2025/11/14 08:47:23 fetching corpus: 14082, signal 233773/237234 (executing program) 2025/11/14 08:47:23 fetching corpus: 14132, signal 233910/237234 (executing program) 2025/11/14 08:47:23 fetching corpus: 14182, signal 234003/237234 (executing program) 2025/11/14 08:47:23 fetching corpus: 14232, signal 234139/237234 (executing program) 2025/11/14 08:47:24 fetching corpus: 14282, signal 234324/237234 (executing program) 2025/11/14 08:47:24 fetching corpus: 14332, signal 234566/237234 (executing program) 2025/11/14 08:47:24 fetching corpus: 14381, signal 234749/237234 (executing program) 2025/11/14 08:47:24 fetching corpus: 14426, signal 234901/237234 (executing program) 2025/11/14 08:47:24 fetching corpus: 14426, signal 234901/237234 (executing program) 2025/11/14 08:47:27 starting 8 fuzzer processes 08:47:27 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0) r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000001480)) pwritev2(r1, &(0x7f0000000700)=[{&(0x7f0000000240)}, {&(0x7f0000000340)="ce513cbcfe7728da8a12195126b47075bf0e8e6c75c3f20b86980f97a53d9d0fdccba14b203463acb18a67d8ea8eb560ced315cc04702050ec61abd13a3b3dd6953045f34ae20740074de9403942845df3413b4c5f3ccf2d7b195320a5a5fb568ca032f42fdbc20443e6bb57b759b110fa27adf4592dbad95a5985a60d7f0b", 0x7f}, {&(0x7f00000003c0)="ff6e1030bd75a3effc11ba5b015e2f5fb9630bbec40fc764dca160579d46290672e4eb0b3046e71b6e694f49078f80185ceedb5e225cec294fa397b3506fae2267e40c21963bd46c66e3379e8450da1910d17537e405318564d5f5025b38cc8ffb102e82be714f7c", 0x68}, {0x0}, {0x0}, {&(0x7f00000005c0)="784031c6e6ceb94cf927b67abc1e202e8d753af66e980ac0b2effac1e81ab28f745ea4894ebaddc5d1836332f1eed59587f317e6b1469639227c8847b2f3aa6ac8d0989f2e22b5c4998099314c148c9de61ae32f373ff0177190d37e7da0c9b7cef0388a2200f11c74553b", 0x6b}, {&(0x7f00000002c0)='j', 0x1}, {&(0x7f0000000640)="8e4c0171c8aa07fd4efe95d365409aa1f4fa7577d64be575dc8ca022e4909e70deb020c43b19dc412531a85f32c9507b616d8213e9981472", 0x38}], 0x8, 0x0, 0xb750, 0x75576dce4adb44a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz1\x00', 0x1ff) write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x44000) signalfd4(0xffffffffffffffff, &(0x7f00000001c0)={[0x368]}, 0x8, 0x80800) sendfile(r0, r2, 0x0, 0xfdef) 08:47:27 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) migrate_pages(0x0, 0x7, 0x0, &(0x7f00000000c0)=0x1) 08:47:27 executing program 4: syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xf}, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f0000000040)={0x0, @aes128, 0x0, @desc2}) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) clock_nanosleep(0x5, 0x1, &(0x7f0000000080)={0x77359400}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000100)=0xc) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f00000001c0)={{0xa, 0x4e22, 0x0, @mcast1, 0xf1c}, {0xa, 0x4e24, 0x2927, @private0={0xfc, 0x0, '\x00', 0x1}, 0x40}, 0x5, [0x7f, 0x10001, 0x0, 0x4, 0x4, 0x7, 0xfffffff8]}, 0x5c) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000240)=0x81) clock_getres(0x5, &(0x7f0000000280)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000002c0)={0x12}) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x2) inotify_rm_watch(0xffffffffffffffff, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000300)={0x0, 0x4, 0x1, 0x3}) write$tun(0xffffffffffffffff, &(0x7f0000000340)={@void, @void, @ipv4=@tcp={{0x1d, 0x4, 0x1, 0x31, 0xed, 0x65, 0x0, 0x5, 0x6, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x37}, {[@ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x1c, 0x93, 0x3, 0x7, [{@broadcast, 0x101}, {@private=0xa010100, 0x1}, {@private=0xa010101}]}, @generic={0x1a, 0x7, "f8db7d4af4"}, @timestamp={0x44, 0x10, 0xe6, 0x0, 0x4, [0xffffff0e, 0x1, 0x10000]}, @timestamp={0x44, 0x10, 0x82, 0x0, 0x8, [0x800000, 0xffffffff, 0x4]}, @timestamp_prespec={0x44, 0xc, 0xbf, 0x3, 0x3, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xbae}]}, @noop, @timestamp={0x44, 0x8, 0xd7, 0x0, 0x1, [0x0]}, @rr={0x7, 0x3, 0x11}]}}, {{0x4e23, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x20, 0x3000, 0x0, 0x9, {[@nop, @timestamp={0x8, 0xa, 0x6, 0x7}]}}, {"02fe1bd9457942354315fbcae3e9fdddc93add412e25fe341b9bb49d472c2872aa2763f631e28975ccd349c0d8fde348fbcaba9e7a8e94aea941eecd4478243ad6849052e0b310d0a83c3d4f81172d0d67cf6370dd96200720"}}}}, 0xed) syz_genetlink_get_family_id$batadv(&(0x7f0000000440), 0xffffffffffffffff) setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f00000004c0)={0xb3, 0x12, 0x1, 0x2, 0x0, [@local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @loopback, @remote, @remote, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @local}, @private2={0xfc, 0x2, '\x00', 0x1}]}, 0x98) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f0000000580)) 08:47:27 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000021000100000000000000000002"], 0x28}], 0x1}, 0x0) 08:47:27 executing program 3: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, 0x0) [ 92.206963] audit: type=1400 audit(1763110047.265:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:47:27 executing program 6: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x401c5820, &(0x7f0000001200)=0x10000) 08:47:27 executing program 5: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) getdents(r0, 0x0, 0x18) getdents64(r0, 0x0, 0x0) 08:47:27 executing program 7: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}, {0x0, 0x0, 0xffffffffffffff4b}], 0x0, &(0x7f0000010f60)) r1 = fsmount(0xffffffffffffffff, 0x1, 0x89) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r3) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x2008000, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',dfl|gid=', @ANYRESHEX=0x0, @ANYBLOB=',version=9p2000,access=client,access=', @ANYRESDEC=r3, @ANYBLOB=',seclabel,audit,\x00']) r4 = creat(&(0x7f0000000180)='./file0\x00', 0x0) fcntl$setlease(r4, 0x400, 0x0) r5 = socket$inet(0x2, 0x3, 0x2) r6 = syz_io_uring_complete(0x0) sendmsg$AUDIT_MAKE_EQUIV(r6, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8a00018}, 0xc, &(0x7f00000004c0)={&(0x7f0000000340)={0x24, 0x3f7, 0x8, 0x70bd2d, 0x25dfdbfe, {0x5, 0x5, './mnt', './mnt'}, [""]}, 0x24}}, 0x45) ioctl$sock_inet_SIOCGIFADDR(r5, 0x8915, &(0x7f00000001c0)={'wlan0\x00', {0x2, 0x0, @dev}}) mount$9p_fd(0x0, &(0x7f0000000040)='./mnt\x00', &(0x7f0000000080), 0x2080, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="2c6e6f6465766d61702c76657273696f6e3d3970323030302e4c2c6c6f6f73652c76657273696f6e3d3970323030302c63616368653d6e6f6e652c64656275673d3078303030303030303030303030303030302c636f6e746578743d73797361646d5f752c61707072616973652c61707072616973652c7375626a5f726f6c653d2c7063723d30303030303030303030303030303030303031332c646f6e745f686173682c61756469742c00257b6b55e7f6e3f09f5d7b6b26aa834925da8a0d23a094d380147d7b8615c0cb0c36d4f7ce340bb85d38ddcf903ea12fb4"]) [ 93.436046] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.438834] ================================================================== [ 93.440449] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0 [ 93.441958] Read of size 2 at addr ffff88800c2b1df8 by task kworker/u11:2/290 [ 93.449005] [ 93.449408] CPU: 0 UID: 0 PID: 290 Comm: kworker/u11:2 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) [ 93.449461] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 93.449486] Workqueue: hci0 hci_cmd_work [ 93.449538] Call Trace: [ 93.449551] [ 93.449564] dump_stack_lvl+0xca/0x120 [ 93.449613] print_report+0xcb/0x610 [ 93.449663] ? __virt_addr_valid+0x100/0x5d0 [ 93.449708] ? hci_cmd_work+0x66d/0x6d0 [ 93.449759] ? hci_cmd_work+0x66d/0x6d0 [ 93.449809] kasan_report+0xca/0x100 [ 93.449860] ? hci_cmd_work+0x66d/0x6d0 [ 93.449920] hci_cmd_work+0x66d/0x6d0 [ 93.449977] process_one_work+0x8e1/0x19c0 [ 93.450050] ? __pfx_process_one_work+0x10/0x10 [ 93.450108] ? move_linked_works+0x172/0x270 [ 93.450153] ? assign_work+0x196/0x240 [ 93.450209] worker_thread+0x67e/0xe90 [ 93.450266] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 93.450314] ? __pfx_worker_thread+0x10/0x10 [ 93.450372] kthread+0x3c8/0x740 [ 93.450423] ? __pfx_kthread+0x10/0x10 [ 93.450473] ? ret_from_fork+0x79/0x7a0 [ 93.450513] ? lock_release+0xc8/0x290 [ 93.450574] ? __pfx_kthread+0x10/0x10 [ 93.450627] ret_from_fork+0x67a/0x7a0 [ 93.450666] ? __pfx_ret_from_fork+0x10/0x10 [ 93.450708] ? __switch_to+0x759/0x1060 [ 93.450762] ? __pfx_kthread+0x10/0x10 [ 93.450817] ret_from_fork_asm+0x1a/0x30 [ 93.450884] [ 93.450898] [ 93.474991] Allocated by task 288: [ 93.475617] kasan_save_stack+0x24/0x50 [ 93.476323] kasan_save_track+0x14/0x30 [ 93.477013] __kasan_slab_alloc+0x59/0x70 [ 93.477743] kmem_cache_alloc_node_noprof+0x228/0x6b0 [ 93.478667] __alloc_skb+0x2ab/0x370 [ 93.479341] hci_cmd_sync_alloc+0x34/0x300 [ 93.480094] __hci_cmd_sync_sk+0xf7/0x5c0 [ 93.480850] hci_read_local_features_sync+0x2c/0x170 [ 93.481727] hci_dev_open_sync+0x145c/0x1f60 [ 93.482505] hci_power_on+0xdb/0x5d0 [ 93.483179] process_one_work+0x8e1/0x19c0 [ 93.483930] worker_thread+0x67e/0xe90 [ 93.484621] kthread+0x3c8/0x740 [ 93.485222] ret_from_fork+0x67a/0x7a0 [ 93.485916] ret_from_fork_asm+0x1a/0x30 [ 93.486646] [ 93.486948] Freed by task 291: [ 93.487488] kasan_save_stack+0x24/0x50 [ 93.488169] kasan_save_track+0x14/0x30 [ 93.488873] kasan_save_free_info+0x3a/0x60 [ 93.489689] __kasan_slab_free+0x43/0x70 [ 93.490441] kmem_cache_free+0x26f/0x500 [ 93.491182] kfree_skbmem+0x18a/0x1f0 [ 93.491858] sk_skb_reason_drop+0x10e/0x1b0 [ 93.492595] vhci_read+0x3d5/0x5d0 [ 93.493208] vfs_read+0x1eb/0xc70 [ 93.493803] ksys_read+0x121/0x240 [ 93.494458] do_syscall_64+0xbf/0x430 [ 93.495156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.496067] [ 93.496383] The buggy address belongs to the object at ffff88800c2b1dc0 [ 93.496383] which belongs to the cache skbuff_head_cache of size 232 [ 93.498609] The buggy address is located 56 bytes inside of [ 93.498609] freed 232-byte region [ffff88800c2b1dc0, ffff88800c2b1ea8) [ 93.500689] [ 93.500988] The buggy address belongs to the physical page: [ 93.501950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc2b1 [ 93.503329] memcg:ffff88800c61e501 [ 93.503836] flags: 0x100000000000000(node=0|zone=1) [ 93.504548] page_type: f5(slab) [ 93.505039] raw: 0100000000000000 ffff8880096c78c0 dead000000000122 0000000000000000 [ 93.506179] raw: 0000000000000000 00000000800c000c 00000000f5000000 ffff88800c61e501 [ 93.507277] page dumped because: kasan: bad access detected [ 93.508067] [ 93.508314] Memory state around the buggy address: [ 93.509016] ffff88800c2b1c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 93.510062] ffff88800c2b1d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 93.511091] >ffff88800c2b1d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 93.512107] ^ [ 93.513100] ffff88800c2b1e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 93.514104] ffff88800c2b1e80: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 93.515150] ================================================================== [ 93.516309] Disabling lock debugging due to kernel taint [ 93.517907] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.520262] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.526427] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.527532] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 93.530326] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.531618] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.533558] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.534880] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.536115] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.537488] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.539412] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.541121] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 93.542718] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.546145] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.625318] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 93.645821] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.646989] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 93.651346] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.652629] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 93.655140] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.656277] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 93.657616] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 93.658794] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 93.660662] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 93.665353] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 93.665356] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 93.668222] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 93.670618] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 93.671357] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 93.674712] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 93.683695] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.685547] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.689849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 93.693041] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 93.694544] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 93.695949] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 93.698214] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 93.711023] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 93.713468] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 95.595397] Bluetooth: hci0: command tx timeout [ 95.596151] Bluetooth: hci2: command tx timeout [ 95.596868] Bluetooth: hci1: command tx timeout [ 95.724269] Bluetooth: hci5: command tx timeout [ 95.724577] Bluetooth: hci3: command tx timeout [ 95.787237] Bluetooth: hci7: command tx timeout [ 95.787283] Bluetooth: hci4: command tx timeout [ 95.788704] Bluetooth: hci6: command tx timeout [ 97.643266] Bluetooth: hci1: command tx timeout [ 97.643695] Bluetooth: hci0: command tx timeout [ 97.645209] Bluetooth: hci2: command tx timeout [ 97.771290] Bluetooth: hci3: command tx timeout [ 97.771352] Bluetooth: hci5: command tx timeout [ 97.835262] Bluetooth: hci7: command tx timeout [ 97.835292] Bluetooth: hci6: command tx timeout [ 97.835894] Bluetooth: hci4: command tx timeout [ 99.691240] Bluetooth: hci2: command tx timeout [ 99.691706] Bluetooth: hci0: command tx timeout [ 99.691729] Bluetooth: hci1: command tx timeout [ 99.819218] Bluetooth: hci5: command tx timeout [ 99.820275] Bluetooth: hci3: command tx timeout [ 99.883216] Bluetooth: hci4: command tx timeout [ 99.884296] Bluetooth: hci6: command tx timeout [ 99.884595] Bluetooth: hci7: command tx timeout [ 101.739235] Bluetooth: hci2: command tx timeout [ 101.739653] Bluetooth: hci0: command tx timeout [ 101.740769] Bluetooth: hci1: command tx timeout [ 101.867239] Bluetooth: hci3: command tx timeout [ 101.867689] Bluetooth: hci5: command tx timeout [ 101.931239] Bluetooth: hci6: command tx timeout [ 101.931320] Bluetooth: hci7: command tx timeout [ 101.931702] Bluetooth: hci4: command tx timeout VM DIAGNOSIS: 08:47:28 Registers: info registers vcpu 0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8293dd05 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff8880177b7618 R8 =0000000000000000 R9 =ffffed100163e046 R10=0000000000000038 R11=6330303838386652 R12=0000000000000038 R13=0000000000000010 R14=ffffffff88974780 R15=ffffffff8293dcf0 RIP=ffffffff8293dd5d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e538f000 00000000 00000000 LDT=0000 fffffe0100000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb651177070 CR3=000000000f8b3000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fb65123a7c000007fb65123a7c8 XMM02=00007fb65123a7e000007fb65123a7c0 XMM03=00007fb65123a7c800007fb65123a7c0 XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff888013efd340 RCX=0000000000000001 RDX=0000000000000000 RSI=00000000ffffffff RDI=ffffffff85e61848 RBP=ffff88800effb800 RSP=ffff88801597fe10 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffff888013efd340 R13=00007f6de5cdcfd0 R14=0000000000000000 R15=ffff8880158a1f80 RIP=ffffffff84c7a0ea RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f6de68c1900 00000000 00000000 GS =0000 ffff8880e548f000 00000000 00000000 LDT=0000 fffffe0e00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f6de5cdcfd0 CR3=000000000afca000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=494e4f544f4e4f4d5f454352554f535f XMM01=49545f43494e4f544f4e4f4d5f454352 XMM02=38303062343861363036386166633561 XMM03=2f6c616e72756f6a2f676f6c2f6e7572 XMM04=f244220d7a507e9d000000000012f2b0 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=300595cd070d204100000000000ae988 XMM07=00000000000000000000000000000000 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=20200000000020202020202020200000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000