Warning: Permanently added '[localhost]:55719' (ECDSA) to the list of known hosts. 2025/11/14 08:25:26 fuzzer started 2025/11/14 08:25:26 dialing manager at localhost:37161 syzkaller login: [ 53.751863] cgroup: Unknown subsys name 'net' [ 53.806039] cgroup: Unknown subsys name 'cpuset' [ 53.820606] cgroup: Unknown subsys name 'rlimit' 2025/11/14 08:25:39 syscalls: 2214 2025/11/14 08:25:39 code coverage: enabled 2025/11/14 08:25:39 comparison tracing: enabled 2025/11/14 08:25:39 extra coverage: enabled 2025/11/14 08:25:39 setuid sandbox: enabled 2025/11/14 08:25:39 namespace sandbox: enabled 2025/11/14 08:25:39 Android sandbox: enabled 2025/11/14 08:25:39 fault injection: enabled 2025/11/14 08:25:39 leak checking: enabled 2025/11/14 08:25:39 net packet injection: enabled 2025/11/14 08:25:39 net device setup: enabled 2025/11/14 08:25:39 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/11/14 08:25:39 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/11/14 08:25:39 USB emulation: enabled 2025/11/14 08:25:39 hci packet injection: enabled 2025/11/14 08:25:39 wifi device emulation: enabled 2025/11/14 08:25:39 802.15.4 emulation: enabled 2025/11/14 08:25:39 fetching corpus: 0, signal 0/2000 (executing program) 2025/11/14 08:25:39 fetching corpus: 47, signal 15877/19609 (executing program) 2025/11/14 08:25:39 fetching corpus: 97, signal 25512/30831 (executing program) 2025/11/14 08:25:39 fetching corpus: 147, signal 37341/44025 (executing program) 2025/11/14 08:25:39 fetching corpus: 197, signal 47160/55076 (executing program) 2025/11/14 08:25:39 fetching corpus: 247, signal 52036/61265 (executing program) 2025/11/14 08:25:39 fetching corpus: 297, signal 58362/68764 (executing program) 2025/11/14 08:25:39 fetching corpus: 347, signal 61661/73286 (executing program) 2025/11/14 08:25:39 fetching corpus: 397, signal 65547/78268 (executing program) 2025/11/14 08:25:39 fetching corpus: 447, signal 72728/86201 (executing program) 2025/11/14 08:25:40 fetching corpus: 497, signal 75665/90180 (executing program) 2025/11/14 08:25:40 fetching corpus: 547, signal 78422/93981 (executing program) 2025/11/14 08:25:40 fetching corpus: 597, signal 81657/98090 (executing program) 2025/11/14 08:25:40 fetching corpus: 647, signal 84775/102080 (executing program) 2025/11/14 08:25:40 fetching corpus: 697, signal 87171/105401 (executing program) 2025/11/14 08:25:40 fetching corpus: 747, signal 90255/109219 (executing program) 2025/11/14 08:25:40 fetching corpus: 797, signal 91889/111803 (executing program) 2025/11/14 08:25:40 fetching corpus: 847, signal 95517/116061 (executing program) 2025/11/14 08:25:40 fetching corpus: 896, signal 97366/118751 (executing program) 2025/11/14 08:25:40 fetching corpus: 945, signal 99127/121323 (executing program) 2025/11/14 08:25:40 fetching corpus: 995, signal 100464/123510 (executing program) 2025/11/14 08:25:41 fetching corpus: 1045, signal 102371/126113 (executing program) 2025/11/14 08:25:41 fetching corpus: 1095, signal 104443/128822 (executing program) 2025/11/14 08:25:41 fetching corpus: 1145, signal 105763/130910 (executing program) 2025/11/14 08:25:41 fetching corpus: 1195, signal 107524/133277 (executing program) 2025/11/14 08:25:41 fetching corpus: 1245, signal 108644/135175 (executing program) 2025/11/14 08:25:41 fetching corpus: 1295, signal 111681/138420 (executing program) 2025/11/14 08:25:41 fetching corpus: 1344, signal 114209/141281 (executing program) 2025/11/14 08:25:41 fetching corpus: 1394, signal 115158/142976 (executing program) 2025/11/14 08:25:41 fetching corpus: 1444, signal 116914/145209 (executing program) 2025/11/14 08:25:41 fetching corpus: 1493, signal 118997/147678 (executing program) 2025/11/14 08:25:41 fetching corpus: 1543, signal 120190/149454 (executing program) 2025/11/14 08:25:41 fetching corpus: 1592, signal 121237/151090 (executing program) 2025/11/14 08:25:42 fetching corpus: 1642, signal 122790/153044 (executing program) 2025/11/14 08:25:42 fetching corpus: 1692, signal 124102/154838 (executing program) 2025/11/14 08:25:42 fetching corpus: 1741, signal 125440/156611 (executing program) 2025/11/14 08:25:42 fetching corpus: 1791, signal 126229/158024 (executing program) 2025/11/14 08:25:42 fetching corpus: 1841, signal 127302/159564 (executing program) 2025/11/14 08:25:42 fetching corpus: 1891, signal 128374/161097 (executing program) 2025/11/14 08:25:42 fetching corpus: 1941, signal 129220/162489 (executing program) 2025/11/14 08:25:42 fetching corpus: 1991, signal 130060/163856 (executing program) 2025/11/14 08:25:42 fetching corpus: 2041, signal 131333/165456 (executing program) 2025/11/14 08:25:42 fetching corpus: 2090, signal 132768/167163 (executing program) 2025/11/14 08:25:42 fetching corpus: 2140, signal 133985/168667 (executing program) 2025/11/14 08:25:43 fetching corpus: 2190, signal 134845/169938 (executing program) 2025/11/14 08:25:43 fetching corpus: 2240, signal 135774/171255 (executing program) 2025/11/14 08:25:43 fetching corpus: 2290, signal 136588/172486 (executing program) 2025/11/14 08:25:43 fetching corpus: 2340, signal 138128/174086 (executing program) 2025/11/14 08:25:43 fetching corpus: 2390, signal 138705/175141 (executing program) 2025/11/14 08:25:43 fetching corpus: 2440, signal 139646/176451 (executing program) 2025/11/14 08:25:43 fetching corpus: 2490, signal 140316/177570 (executing program) 2025/11/14 08:25:43 fetching corpus: 2540, signal 141422/178811 (executing program) 2025/11/14 08:25:43 fetching corpus: 2590, signal 142382/180031 (executing program) 2025/11/14 08:25:43 fetching corpus: 2640, signal 143469/181313 (executing program) 2025/11/14 08:25:44 fetching corpus: 2689, signal 144166/182402 (executing program) 2025/11/14 08:25:44 fetching corpus: 2739, signal 144846/183419 (executing program) 2025/11/14 08:25:44 fetching corpus: 2789, signal 145269/184357 (executing program) 2025/11/14 08:25:44 fetching corpus: 2839, signal 145801/185300 (executing program) 2025/11/14 08:25:44 fetching corpus: 2889, signal 146421/186250 (executing program) 2025/11/14 08:25:44 fetching corpus: 2939, signal 147299/187325 (executing program) 2025/11/14 08:25:44 fetching corpus: 2989, signal 147926/188263 (executing program) 2025/11/14 08:25:44 fetching corpus: 3039, signal 148841/189323 (executing program) 2025/11/14 08:25:44 fetching corpus: 3089, signal 149688/190385 (executing program) 2025/11/14 08:25:44 fetching corpus: 3139, signal 150495/191366 (executing program) 2025/11/14 08:25:45 fetching corpus: 3189, signal 151135/192269 (executing program) 2025/11/14 08:25:45 fetching corpus: 3239, signal 151689/193117 (executing program) 2025/11/14 08:25:45 fetching corpus: 3289, signal 152297/193981 (executing program) 2025/11/14 08:25:45 fetching corpus: 3338, signal 152728/194768 (executing program) 2025/11/14 08:25:45 fetching corpus: 3388, signal 153528/195703 (executing program) 2025/11/14 08:25:45 fetching corpus: 3438, signal 154113/196497 (executing program) 2025/11/14 08:25:45 fetching corpus: 3488, signal 154871/197345 (executing program) 2025/11/14 08:25:45 fetching corpus: 3538, signal 155386/198131 (executing program) 2025/11/14 08:25:45 fetching corpus: 3588, signal 156137/198995 (executing program) 2025/11/14 08:25:45 fetching corpus: 3638, signal 156765/199832 (executing program) 2025/11/14 08:25:45 fetching corpus: 3688, signal 158038/200844 (executing program) 2025/11/14 08:25:46 fetching corpus: 3738, signal 158531/201590 (executing program) 2025/11/14 08:25:46 fetching corpus: 3788, signal 158965/202336 (executing program) 2025/11/14 08:25:46 fetching corpus: 3838, signal 159431/202988 (executing program) 2025/11/14 08:25:46 fetching corpus: 3888, signal 160007/203724 (executing program) 2025/11/14 08:25:46 fetching corpus: 3938, signal 160377/204374 (executing program) 2025/11/14 08:25:46 fetching corpus: 3987, signal 161027/205073 (executing program) 2025/11/14 08:25:46 fetching corpus: 4037, signal 161909/205832 (executing program) 2025/11/14 08:25:46 fetching corpus: 4087, signal 162652/206579 (executing program) 2025/11/14 08:25:46 fetching corpus: 4137, signal 163106/207214 (executing program) 2025/11/14 08:25:46 fetching corpus: 4187, signal 163879/207921 (executing program) 2025/11/14 08:25:46 fetching corpus: 4237, signal 164350/208550 (executing program) 2025/11/14 08:25:47 fetching corpus: 4287, signal 164847/209157 (executing program) 2025/11/14 08:25:47 fetching corpus: 4337, signal 165285/209720 (executing program) 2025/11/14 08:25:47 fetching corpus: 4387, signal 165865/210357 (executing program) 2025/11/14 08:25:47 fetching corpus: 4437, signal 166189/210904 (executing program) 2025/11/14 08:25:47 fetching corpus: 4486, signal 167018/211576 (executing program) 2025/11/14 08:25:47 fetching corpus: 4535, signal 167490/212160 (executing program) 2025/11/14 08:25:47 fetching corpus: 4584, signal 168023/212726 (executing program) 2025/11/14 08:25:47 fetching corpus: 4634, signal 168399/213242 (executing program) 2025/11/14 08:25:47 fetching corpus: 4684, signal 168780/213740 (executing program) 2025/11/14 08:25:47 fetching corpus: 4734, signal 169365/214274 (executing program) 2025/11/14 08:25:48 fetching corpus: 4782, signal 169770/214757 (executing program) 2025/11/14 08:25:48 fetching corpus: 4832, signal 170241/215266 (executing program) 2025/11/14 08:25:48 fetching corpus: 4882, signal 170602/215784 (executing program) 2025/11/14 08:25:48 fetching corpus: 4932, signal 171512/216339 (executing program) 2025/11/14 08:25:48 fetching corpus: 4982, signal 172243/216883 (executing program) 2025/11/14 08:25:48 fetching corpus: 5032, signal 172620/217345 (executing program) 2025/11/14 08:25:48 fetching corpus: 5082, signal 173233/217835 (executing program) 2025/11/14 08:25:48 fetching corpus: 5130, signal 173605/218306 (executing program) 2025/11/14 08:25:48 fetching corpus: 5180, signal 173954/218743 (executing program) 2025/11/14 08:25:48 fetching corpus: 5229, signal 174367/219170 (executing program) 2025/11/14 08:25:48 fetching corpus: 5279, signal 174789/219604 (executing program) 2025/11/14 08:25:49 fetching corpus: 5329, signal 175144/220036 (executing program) 2025/11/14 08:25:49 fetching corpus: 5379, signal 175482/220455 (executing program) 2025/11/14 08:25:49 fetching corpus: 5429, signal 175931/220854 (executing program) 2025/11/14 08:25:49 fetching corpus: 5478, signal 176432/221093 (executing program) 2025/11/14 08:25:49 fetching corpus: 5527, signal 176922/221093 (executing program) 2025/11/14 08:25:49 fetching corpus: 5577, signal 177188/221093 (executing program) 2025/11/14 08:25:49 fetching corpus: 5627, signal 177631/221093 (executing program) 2025/11/14 08:25:49 fetching corpus: 5677, signal 178062/221093 (executing program) 2025/11/14 08:25:49 fetching corpus: 5727, signal 178478/221093 (executing program) 2025/11/14 08:25:49 fetching corpus: 5777, signal 178958/221096 (executing program) 2025/11/14 08:25:49 fetching corpus: 5827, signal 179303/221096 (executing program) 2025/11/14 08:25:50 fetching corpus: 5877, signal 179543/221096 (executing program) 2025/11/14 08:25:50 fetching corpus: 5927, signal 180004/221096 (executing program) 2025/11/14 08:25:50 fetching corpus: 5977, signal 180561/221096 (executing program) 2025/11/14 08:25:50 fetching corpus: 6027, signal 180918/221097 (executing program) 2025/11/14 08:25:50 fetching corpus: 6074, signal 181521/221097 (executing program) 2025/11/14 08:25:50 fetching corpus: 6122, signal 181888/221105 (executing program) 2025/11/14 08:25:50 fetching corpus: 6170, signal 182260/221106 (executing program) 2025/11/14 08:25:50 fetching corpus: 6218, signal 182694/221106 (executing program) 2025/11/14 08:25:50 fetching corpus: 6268, signal 183091/221106 (executing program) 2025/11/14 08:25:50 fetching corpus: 6316, signal 183471/221111 (executing program) 2025/11/14 08:25:50 fetching corpus: 6366, signal 183694/221111 (executing program) 2025/11/14 08:25:51 fetching corpus: 6415, signal 184119/221111 (executing program) 2025/11/14 08:25:51 fetching corpus: 6465, signal 184366/221114 (executing program) 2025/11/14 08:25:51 fetching corpus: 6515, signal 184757/221122 (executing program) 2025/11/14 08:25:51 fetching corpus: 6565, signal 185095/221122 (executing program) 2025/11/14 08:25:51 fetching corpus: 6615, signal 185345/221132 (executing program) 2025/11/14 08:25:51 fetching corpus: 6665, signal 185596/221140 (executing program) 2025/11/14 08:25:51 fetching corpus: 6715, signal 185918/221143 (executing program) 2025/11/14 08:25:51 fetching corpus: 6765, signal 186514/221150 (executing program) 2025/11/14 08:25:51 fetching corpus: 6815, signal 186963/221158 (executing program) 2025/11/14 08:25:51 fetching corpus: 6865, signal 187296/221161 (executing program) 2025/11/14 08:25:51 fetching corpus: 6915, signal 187608/221161 (executing program) 2025/11/14 08:25:51 fetching corpus: 6965, signal 187897/221161 (executing program) 2025/11/14 08:25:52 fetching corpus: 7015, signal 188419/221161 (executing program) 2025/11/14 08:25:52 fetching corpus: 7065, signal 188701/221173 (executing program) 2025/11/14 08:25:52 fetching corpus: 7115, signal 189007/221173 (executing program) 2025/11/14 08:25:52 fetching corpus: 7165, signal 189392/221173 (executing program) 2025/11/14 08:25:52 fetching corpus: 7215, signal 189660/221194 (executing program) 2025/11/14 08:25:52 fetching corpus: 7265, signal 189906/221194 (executing program) 2025/11/14 08:25:52 fetching corpus: 7315, signal 190271/221194 (executing program) 2025/11/14 08:25:52 fetching corpus: 7365, signal 190653/221213 (executing program) 2025/11/14 08:25:52 fetching corpus: 7415, signal 190891/221213 (executing program) 2025/11/14 08:25:53 fetching corpus: 7465, signal 191420/221213 (executing program) 2025/11/14 08:25:53 fetching corpus: 7515, signal 191702/221213 (executing program) 2025/11/14 08:25:53 fetching corpus: 7564, signal 192056/221214 (executing program) 2025/11/14 08:25:53 fetching corpus: 7614, signal 192343/221254 (executing program) 2025/11/14 08:25:53 fetching corpus: 7664, signal 192549/221254 (executing program) 2025/11/14 08:25:53 fetching corpus: 7714, signal 192778/221255 (executing program) 2025/11/14 08:25:53 fetching corpus: 7764, signal 193004/221262 (executing program) 2025/11/14 08:25:53 fetching corpus: 7814, signal 193276/221262 (executing program) 2025/11/14 08:25:53 fetching corpus: 7864, signal 193731/221262 (executing program) 2025/11/14 08:25:53 fetching corpus: 7914, signal 194137/221262 (executing program) 2025/11/14 08:25:53 fetching corpus: 7964, signal 194425/221284 (executing program) 2025/11/14 08:25:54 fetching corpus: 8014, signal 194816/221297 (executing program) 2025/11/14 08:25:54 fetching corpus: 8064, signal 195123/221305 (executing program) 2025/11/14 08:25:54 fetching corpus: 8114, signal 195435/221305 (executing program) 2025/11/14 08:25:54 fetching corpus: 8164, signal 195769/221308 (executing program) 2025/11/14 08:25:54 fetching corpus: 8214, signal 195975/221308 (executing program) 2025/11/14 08:25:54 fetching corpus: 8263, signal 196246/221311 (executing program) 2025/11/14 08:25:54 fetching corpus: 8313, signal 196547/221317 (executing program) 2025/11/14 08:25:54 fetching corpus: 8363, signal 196828/221317 (executing program) 2025/11/14 08:25:54 fetching corpus: 8413, signal 197060/221317 (executing program) 2025/11/14 08:25:54 fetching corpus: 8463, signal 197395/221317 (executing program) 2025/11/14 08:25:54 fetching corpus: 8513, signal 197619/221317 (executing program) 2025/11/14 08:25:55 fetching corpus: 8563, signal 197902/221317 (executing program) 2025/11/14 08:25:55 fetching corpus: 8613, signal 198195/221317 (executing program) 2025/11/14 08:25:55 fetching corpus: 8663, signal 198449/221343 (executing program) 2025/11/14 08:25:55 fetching corpus: 8712, signal 198655/221343 (executing program) 2025/11/14 08:25:55 fetching corpus: 8762, signal 199008/221357 (executing program) 2025/11/14 08:25:55 fetching corpus: 8812, signal 199272/221357 (executing program) 2025/11/14 08:25:55 fetching corpus: 8862, signal 199488/221357 (executing program) 2025/11/14 08:25:55 fetching corpus: 8912, signal 199792/221357 (executing program) 2025/11/14 08:25:55 fetching corpus: 8962, signal 200099/221357 (executing program) 2025/11/14 08:25:55 fetching corpus: 9012, signal 200320/221357 (executing program) 2025/11/14 08:25:55 fetching corpus: 9062, signal 200628/221357 (executing program) 2025/11/14 08:25:55 fetching corpus: 9112, signal 200838/221359 (executing program) 2025/11/14 08:25:56 fetching corpus: 9162, signal 201219/221359 (executing program) 2025/11/14 08:25:56 fetching corpus: 9212, signal 201478/221377 (executing program) 2025/11/14 08:25:56 fetching corpus: 9261, signal 201669/221382 (executing program) 2025/11/14 08:25:56 fetching corpus: 9311, signal 201898/221382 (executing program) 2025/11/14 08:25:56 fetching corpus: 9361, signal 202173/221382 (executing program) 2025/11/14 08:25:56 fetching corpus: 9411, signal 202422/221385 (executing program) 2025/11/14 08:25:56 fetching corpus: 9461, signal 202632/221386 (executing program) 2025/11/14 08:25:56 fetching corpus: 9511, signal 202910/221386 (executing program) 2025/11/14 08:25:56 fetching corpus: 9561, signal 203237/221386 (executing program) 2025/11/14 08:25:56 fetching corpus: 9611, signal 203464/221391 (executing program) 2025/11/14 08:25:57 fetching corpus: 9661, signal 203785/221391 (executing program) 2025/11/14 08:25:57 fetching corpus: 9711, signal 204060/221397 (executing program) 2025/11/14 08:25:57 fetching corpus: 9761, signal 204252/221397 (executing program) 2025/11/14 08:25:57 fetching corpus: 9811, signal 204472/221397 (executing program) 2025/11/14 08:25:57 fetching corpus: 9861, signal 204682/221398 (executing program) 2025/11/14 08:25:57 fetching corpus: 9911, signal 205158/221419 (executing program) 2025/11/14 08:25:57 fetching corpus: 9961, signal 205409/221434 (executing program) 2025/11/14 08:25:57 fetching corpus: 10010, signal 205642/221434 (executing program) 2025/11/14 08:25:57 fetching corpus: 10060, signal 205891/221434 (executing program) 2025/11/14 08:25:57 fetching corpus: 10110, signal 206145/221434 (executing program) 2025/11/14 08:25:57 fetching corpus: 10160, signal 206314/221434 (executing program) 2025/11/14 08:25:58 fetching corpus: 10210, signal 206583/221434 (executing program) 2025/11/14 08:25:58 fetching corpus: 10258, signal 206784/221444 (executing program) 2025/11/14 08:25:58 fetching corpus: 10307, signal 206953/221444 (executing program) 2025/11/14 08:25:58 fetching corpus: 10357, signal 207167/221444 (executing program) 2025/11/14 08:25:58 fetching corpus: 10407, signal 207429/221444 (executing program) 2025/11/14 08:25:58 fetching corpus: 10457, signal 207662/221444 (executing program) 2025/11/14 08:25:58 fetching corpus: 10507, signal 207906/221444 (executing program) 2025/11/14 08:25:58 fetching corpus: 10557, signal 208074/221444 (executing program) 2025/11/14 08:25:58 fetching corpus: 10607, signal 208227/221444 (executing program) 2025/11/14 08:25:58 fetching corpus: 10657, signal 208438/221444 (executing program) 2025/11/14 08:25:58 fetching corpus: 10707, signal 208606/221445 (executing program) 2025/11/14 08:25:59 fetching corpus: 10757, signal 208995/221477 (executing program) 2025/11/14 08:25:59 fetching corpus: 10807, signal 209286/221477 (executing program) 2025/11/14 08:25:59 fetching corpus: 10857, signal 209487/221478 (executing program) 2025/11/14 08:25:59 fetching corpus: 10907, signal 209716/221478 (executing program) 2025/11/14 08:25:59 fetching corpus: 10957, signal 209934/221478 (executing program) 2025/11/14 08:25:59 fetching corpus: 11007, signal 210172/221494 (executing program) 2025/11/14 08:25:59 fetching corpus: 11057, signal 210402/221494 (executing program) 2025/11/14 08:25:59 fetching corpus: 11106, signal 210624/221494 (executing program) 2025/11/14 08:25:59 fetching corpus: 11156, signal 211433/221494 (executing program) 2025/11/14 08:25:59 fetching corpus: 11206, signal 211740/221494 (executing program) 2025/11/14 08:26:00 fetching corpus: 11256, signal 211966/221494 (executing program) 2025/11/14 08:26:00 fetching corpus: 11306, signal 212226/221494 (executing program) 2025/11/14 08:26:00 fetching corpus: 11355, signal 212517/221554 (executing program) 2025/11/14 08:26:00 fetching corpus: 11405, signal 212762/221554 (executing program) 2025/11/14 08:26:00 fetching corpus: 11455, signal 213049/221578 (executing program) 2025/11/14 08:26:00 fetching corpus: 11505, signal 213303/221578 (executing program) 2025/11/14 08:26:00 fetching corpus: 11554, signal 213525/221586 (executing program) 2025/11/14 08:26:00 fetching corpus: 11604, signal 213743/221586 (executing program) 2025/11/14 08:26:00 fetching corpus: 11654, signal 213941/221586 (executing program) 2025/11/14 08:26:00 fetching corpus: 11704, signal 214155/221586 (executing program) 2025/11/14 08:26:00 fetching corpus: 11754, signal 214489/221586 (executing program) 2025/11/14 08:26:00 fetching corpus: 11804, signal 214716/221586 (executing program) 2025/11/14 08:26:01 fetching corpus: 11854, signal 215367/221586 (executing program) 2025/11/14 08:26:01 fetching corpus: 11904, signal 215601/221587 (executing program) 2025/11/14 08:26:01 fetching corpus: 11954, signal 215796/221588 (executing program) 2025/11/14 08:26:01 fetching corpus: 12004, signal 216009/221588 (executing program) 2025/11/14 08:26:01 fetching corpus: 12054, signal 216228/221588 (executing program) 2025/11/14 08:26:01 fetching corpus: 12104, signal 216505/221588 (executing program) 2025/11/14 08:26:01 fetching corpus: 12153, signal 216696/221588 (executing program) 2025/11/14 08:26:01 fetching corpus: 12203, signal 216939/221588 (executing program) 2025/11/14 08:26:01 fetching corpus: 12252, signal 217232/221597 (executing program) 2025/11/14 08:26:01 fetching corpus: 12302, signal 217470/221597 (executing program) 2025/11/14 08:26:01 fetching corpus: 12352, signal 217646/221597 (executing program) 2025/11/14 08:26:02 fetching corpus: 12402, signal 217828/221597 (executing program) 2025/11/14 08:26:02 fetching corpus: 12452, signal 218079/221598 (executing program) 2025/11/14 08:26:02 fetching corpus: 12502, signal 218343/221598 (executing program) 2025/11/14 08:26:02 fetching corpus: 12552, signal 218622/221598 (executing program) 2025/11/14 08:26:02 fetching corpus: 12602, signal 218857/221598 (executing program) 2025/11/14 08:26:02 fetching corpus: 12652, signal 219059/221598 (executing program) 2025/11/14 08:26:02 fetching corpus: 12702, signal 219315/221598 (executing program) 2025/11/14 08:26:02 fetching corpus: 12752, signal 219450/221598 (executing program) 2025/11/14 08:26:02 fetching corpus: 12802, signal 219763/221598 (executing program) 2025/11/14 08:26:02 fetching corpus: 12851, signal 219948/221599 (executing program) 2025/11/14 08:26:02 fetching corpus: 12901, signal 220097/221602 (executing program) 2025/11/14 08:26:02 fetching corpus: 12951, signal 220270/221602 (executing program) 2025/11/14 08:26:03 fetching corpus: 13001, signal 220572/221631 (executing program) 2025/11/14 08:26:03 fetching corpus: 13051, signal 220742/221631 (executing program) 2025/11/14 08:26:03 fetching corpus: 13101, signal 220889/221644 (executing program) 2025/11/14 08:26:03 fetching corpus: 13101, signal 220889/221644 (executing program) 2025/11/14 08:26:04 starting 8 fuzzer processes 08:26:04 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) 08:26:04 executing program 1: r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 08:26:04 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) uname(0x0) 08:26:04 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000080)) 08:26:04 executing program 3: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/mnt\x00') mount_setattr(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000001480)={0x10000e, 0x0, 0x0, {r0}}, 0x20) 08:26:05 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpgid(0x0, 0x0) 08:26:05 executing program 5: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffa000/0x4000)=nil) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r1, 0x0) shmctl$SHM_LOCK(r0, 0xb) [ 89.479011] audit: type=1400 audit(1763108765.033:7): avc: denied { execmem } for pid=274 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:26:05 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x0) [ 90.674606] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.676782] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.678580] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.683804] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.686170] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.744013] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.752011] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.757093] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.759029] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.760925] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 90.763803] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.765214] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.766578] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 90.768150] ================================================================== [ 90.769288] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0 [ 90.770352] Read of size 2 at addr ffff88800c119cb8 by task kworker/u11:7/307 [ 90.776987] [ 90.777265] CPU: 1 UID: 0 PID: 307 Comm: kworker/u11:7 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) [ 90.777295] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 90.777310] Workqueue: hci5 hci_cmd_work [ 90.777341] Call Trace: [ 90.777349] [ 90.777357] dump_stack_lvl+0xca/0x120 [ 90.777387] print_report+0xcb/0x610 [ 90.777416] ? __virt_addr_valid+0x100/0x5d0 [ 90.777443] ? hci_cmd_work+0x66d/0x6d0 [ 90.777471] ? hci_cmd_work+0x66d/0x6d0 [ 90.777500] kasan_report+0xca/0x100 [ 90.777529] ? hci_cmd_work+0x66d/0x6d0 [ 90.777561] hci_cmd_work+0x66d/0x6d0 [ 90.777591] process_one_work+0x8e1/0x19c0 [ 90.777632] ? __pfx_process_one_work+0x10/0x10 [ 90.777665] ? move_linked_works+0x172/0x270 [ 90.777690] ? assign_work+0x196/0x240 [ 90.777722] worker_thread+0x67e/0xe90 [ 90.777754] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 90.777781] ? __pfx_worker_thread+0x10/0x10 [ 90.777814] kthread+0x3c8/0x740 [ 90.777855] ? __pfx_kthread+0x10/0x10 [ 90.777883] ? ret_from_fork+0x79/0x7a0 [ 90.777905] ? lock_release+0xc8/0x290 [ 90.777940] ? __pfx_kthread+0x10/0x10 [ 90.777970] ret_from_fork+0x67a/0x7a0 [ 90.777992] ? __pfx_ret_from_fork+0x10/0x10 [ 90.778015] ? __switch_to+0x759/0x1060 [ 90.778046] ? __pfx_kthread+0x10/0x10 [ 90.778076] ret_from_fork_asm+0x1a/0x30 [ 90.778113] [ 90.778121] [ 90.798024] Allocated by task 296: [ 90.798573] kasan_save_stack+0x24/0x50 [ 90.799195] kasan_save_track+0x14/0x30 [ 90.799816] __kasan_slab_alloc+0x59/0x70 [ 90.800457] kmem_cache_alloc_node_noprof+0x228/0x6b0 [ 90.801257] __alloc_skb+0x2ab/0x370 [ 90.801855] hci_cmd_sync_alloc+0x34/0x300 [ 90.802518] __hci_cmd_sync_sk+0xf7/0x5c0 [ 90.803168] hci_read_local_version_sync+0x2c/0x170 [ 90.803943] hci_dev_open_sync+0x145c/0x1f60 [ 90.804627] hci_power_on+0xdb/0x5d0 [ 90.805215] process_one_work+0x8e1/0x19c0 [ 90.805882] worker_thread+0x67e/0xe90 [ 90.806502] kthread+0x3c8/0x740 [ 90.807038] ret_from_fork+0x67a/0x7a0 [ 90.807634] ret_from_fork_asm+0x1a/0x30 [ 90.808269] [ 90.808540] Freed by task 306: [ 90.809036] kasan_save_stack+0x24/0x50 [ 90.809663] kasan_save_track+0x14/0x30 [ 90.810281] kasan_save_free_info+0x3a/0x60 [ 90.810957] __kasan_slab_free+0x43/0x70 [ 90.811591] kmem_cache_free+0x26f/0x500 [ 90.812226] kfree_skbmem+0x18a/0x1f0 [ 90.812823] sk_skb_reason_drop+0x10e/0x1b0 [ 90.813481] vhci_read+0x3d5/0x5d0 [ 90.814075] vfs_read+0x1eb/0xc70 [ 90.814621] ksys_read+0x121/0x240 [ 90.815183] do_syscall_64+0xbf/0x430 [ 90.815783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.816567] [ 90.816847] The buggy address belongs to the object at ffff88800c119c80 [ 90.816847] which belongs to the cache skbuff_head_cache of size 232 [ 90.818787] The buggy address is located 56 bytes inside of [ 90.818787] freed 232-byte region [ffff88800c119c80, ffff88800c119d68) [ 90.820598] [ 90.820869] The buggy address belongs to the physical page: [ 90.821719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc119 [ 90.822924] memcg:ffff88800c13a781 [ 90.823470] anon flags: 0x100000000000000(node=0|zone=1) [ 90.824294] page_type: f5(slab) [ 90.824813] raw: 0100000000000000 ffff8880096c78c0 0000000000000000 0000000000000001 [ 90.826013] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff88800c13a781 [ 90.827179] page dumped because: kasan: bad access detected [ 90.828031] [ 90.828298] Memory state around the buggy address: [ 90.829039] ffff88800c119b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 90.830153] ffff88800c119c00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 90.831249] >ffff88800c119c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 90.832346] ^ [ 90.833129] ffff88800c119d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 90.834253] ffff88800c119d80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 90.835354] ================================================================== [ 90.836604] Disabling lock debugging due to kernel taint [ 90.837560] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.838005] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.839428] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 90.853342] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 90.856884] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 90.859362] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 90.861215] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 90.862751] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 90.865159] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 90.865735] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.867020] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.868032] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 90.869906] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.871526] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.873204] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.876503] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.883352] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.889599] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.890794] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 90.895765] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.900421] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.901519] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 90.910730] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.911403] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.913802] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 90.943798] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 90.956933] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 92.708243] Bluetooth: hci0: command tx timeout [ 92.900270] Bluetooth: hci5: command tx timeout [ 92.901498] Bluetooth: hci6: command tx timeout [ 92.963760] Bluetooth: hci3: command tx timeout [ 92.964211] Bluetooth: hci2: command tx timeout [ 92.965039] Bluetooth: hci1: command tx timeout [ 92.965463] Bluetooth: hci4: command tx timeout [ 93.027716] Bluetooth: hci7: command tx timeout [ 94.755810] Bluetooth: hci0: command tx timeout [ 94.946730] Bluetooth: hci6: command tx timeout [ 94.947140] Bluetooth: hci5: command tx timeout [ 95.011493] Bluetooth: hci4: command tx timeout [ 95.012556] Bluetooth: hci1: command tx timeout [ 95.013024] Bluetooth: hci2: command tx timeout [ 95.013382] Bluetooth: hci3: command tx timeout [ 95.075707] Bluetooth: hci7: command tx timeout [ 96.805108] Bluetooth: hci0: command tx timeout [ 96.994694] Bluetooth: hci6: command tx timeout [ 96.995115] Bluetooth: hci5: command tx timeout [ 97.059345] Bluetooth: hci1: command tx timeout [ 97.060418] Bluetooth: hci3: command tx timeout [ 97.060880] Bluetooth: hci2: command tx timeout [ 97.061239] Bluetooth: hci4: command tx timeout [ 97.122685] Bluetooth: hci7: command tx timeout [ 98.853683] Bluetooth: hci0: command tx timeout [ 99.043811] Bluetooth: hci6: command tx timeout [ 99.044234] Bluetooth: hci5: command tx timeout [ 99.107744] Bluetooth: hci3: command tx timeout [ 99.108128] Bluetooth: hci4: command tx timeout [ 99.108486] Bluetooth: hci2: command tx timeout [ 99.109214] Bluetooth: hci1: command tx timeout [ 99.171729] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 08:26:06 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=ffffffff8161a250 RCX=ffff888015dcf4ac RDX=1ffff11002bb9eb6 RSI=ffffffff81a280d5 RDI=ffff888015dcf620 RBP=ffff888015dcf5f0 RSP=ffff888015dcf550 R8 =0000000000000001 R9 =ffff888015dcf598 R10=000000000003ca6e R11=0000000000023df4 R12=ffff888015dcf620 R13=0000000000000000 R14=ffff888015ea1bc0 R15=ffff88800944cc80 RIP=ffffffff8161a25e RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e538f000 00000000 00000000 LDT=0000 fffffe5e00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f8132f5a000 CR3=000000001608b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f702dd6e7c000007f702dd6e7c8 XMM02=00007f702dd6e7e000007f702dd6e7c0 XMM03=00007f702dd6e7c800007f702dd6e7c0 XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8293dd05 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff888016267618 R8 =0000000000000000 R9 =ffffed1001676046 R10=0000000000000037 R11=6330303838386652 R12=0000000000000037 R13=0000000000000010 R14=ffffffff88974780 R15=ffffffff8293dcf0 RIP=ffffffff8293dd5d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e548f000 00000000 00000000 LDT=0000 fffffe4c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055556a9896e8 CR3=000000001f305000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f25d54727c000007f25d54727c8 XMM02=00007f25d54727e000007f25d54727c0 XMM03=00007f25d54727c800007f25d54727c0 XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000