Warning: Permanently added '10.128.1.187' (ED25519) to the list of known hosts.
2024/05/01 11:54:21 fuzzer started
2024/05/01 11:54:21 dialing manager at 10.128.0.169:30007
[   57.348711][ T5082] cgroup: Unknown subsys name 'net'
[   57.516180][ T5082] cgroup: Unknown subsys name 'rlimit'
2024/05/01 11:54:23 code coverage: enabled
2024/05/01 11:54:23 comparison tracing: enabled
2024/05/01 11:54:23 extra coverage: enabled
2024/05/01 11:54:23 delay kcov mmap: enabled
2024/05/01 11:54:23 setuid sandbox: enabled
2024/05/01 11:54:23 namespace sandbox: enabled
2024/05/01 11:54:23 Android sandbox: /sys/fs/selinux/policy does not exist
2024/05/01 11:54:23 fault injection: enabled
2024/05/01 11:54:23 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2024/05/01 11:54:23 net packet injection: enabled
2024/05/01 11:54:23 net device setup: enabled
2024/05/01 11:54:23 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2024/05/01 11:54:23 devlink PCI setup: PCI device 0000:00:10.0 is not available
2024/05/01 11:54:23 NIC VF setup: PCI device 0000:00:11.0 is not available
2024/05/01 11:54:23 USB emulation: enabled
2024/05/01 11:54:23 hci packet injection: enabled
2024/05/01 11:54:23 wifi device emulation: enabled
2024/05/01 11:54:23 802.15.4 emulation: enabled
2024/05/01 11:54:23 swap file: enabled
2024/05/01 11:54:23 starting 5 executor processes
[   58.879920][ T5082] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   59.809973][ T5098] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   59.819134][ T5098] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   59.838818][ T5099] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   59.847672][ T5099] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   59.856260][ T5099] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   59.866577][ T5104] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   59.877403][ T5103] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   59.884683][ T5104] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   59.887027][ T5103] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   59.899319][ T5104] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   59.900551][ T5103] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   59.919843][ T5103] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   59.921665][ T4482] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   59.934434][ T5095] ==================================================================
[   59.934895][ T4482] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   59.942500][ T5095] BUG: KFENCE: invalid free in __hci_req_sync+0x62f/0x950
[   59.942500][ T5095] 
[   59.942543][ T5095] Invalid free of 0xffff88823bd8a000 (in kfence-#196):
[   59.949901][ T4482] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   59.958718][ T5095]  __hci_req_sync+0x62f/0x950
[   59.958749][ T5095]  hci_req_sync+0xa9/0xd0
[   59.958767][ T5095]  hci_dev_cmd+0x518/0xa90
[   59.968574][   T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   59.972608][ T5095]  sock_do_ioctl+0x158/0x460
[   59.979554][   T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   59.981676][ T5095]  sock_ioctl+0x629/0x8e0
[   59.987252][   T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   59.993249][ T5095]  __se_sys_ioctl+0xfc/0x170
[   59.993272][ T5095]  do_syscall_64+0xf5/0x240
[   59.993291][ T5095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.993309][ T5095] 
[   59.999431][   T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   60.004836][ T5095] kfence-#196: 0xffff88823bd8a000-0xffff88823bd8a0ef, size=240, cache=skbuff_head_cache
[   60.004836][ T5095] 
[   60.009900][   T52] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   60.016056][ T5095] allocated by task 5103 on cpu 1 at 59.934205s:
[   60.021089][   T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   60.025125][ T5095]  skb_clone+0x20c/0x390
[   60.076625][ T5095]  hci_cmd_work+0x29e/0x670
[   60.081152][ T5095]  process_scheduled_works+0xa10/0x17c0
[   60.086723][ T5095]  worker_thread+0x86d/0xd70
[   60.091327][ T5095]  kthread+0x2f0/0x390
[   60.095412][ T5095]  ret_from_fork+0x4b/0x80
[   60.099844][ T5095]  ret_from_fork_asm+0x1a/0x30
[   60.104624][ T5095] 
[   60.106949][ T5095] freed by task 4482 on cpu 0 at 59.934324s:
[   60.112946][ T5095]  hci_req_sync_complete+0xe7/0x290
[   60.118157][ T5095]  hci_event_packet+0xc71/0x1540
[   60.123105][ T5095]  hci_rx_work+0x3e8/0xca0
[   60.127537][ T5095]  process_scheduled_works+0xa10/0x17c0
[   60.133090][ T5095]  worker_thread+0x86d/0xd70
[   60.137775][ T5095]  kthread+0x2f0/0x390
[   60.141944][ T5095]  ret_from_fork+0x4b/0x80
[   60.146375][ T5095]  ret_from_fork_asm+0x1a/0x30
[   60.148209][ T5104] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   60.151139][ T5095] 
[   60.151148][ T5095] CPU: 1 PID: 5095 Comm: syz-executor.0 Not tainted 6.9.0-rc5-syzkaller-01429-g9a1a2cb5a0e3 #0
[   60.159768][ T5104] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   60.160442][ T5095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   60.171700][ T5104] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   60.177658][ T5095] ==================================================================
[   60.177671][ T5095] Kernel panic - not syncing: KFENCE: panic_on_warn set ...
[   60.177863][ T5095] CPU: 1 PID: 5095 Comm: syz-executor.0 Not tainted 6.9.0-rc5-syzkaller-01429-g9a1a2cb5a0e3 #0
[   60.177883][ T5095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   60.177892][ T5095] Call Trace:
[   60.177900][ T5095]  <TASK>
[   60.177908][ T5095]  dump_stack_lvl+0x241/0x360
[   60.177940][ T5095]  ? __pfx_dump_stack_lvl+0x10/0x10
[   60.177964][ T5095]  ? __pfx__printk+0x10/0x10
[   60.177982][ T5095]  ? vprintk_emit+0x631/0x770
[   60.178012][ T5095]  ? vscnprintf+0x5d/0x90
[   60.178030][ T5095]  panic+0x349/0x860
[   60.178053][ T5095]  ? check_panic_on_warn+0x21/0xb0
[   60.178077][ T5095]  ? __pfx_panic+0x10/0x10
[   60.178095][ T5095]  ? _printk+0xd5/0x120
[   60.178115][ T5095]  ? __pfx__printk+0x10/0x10
[   60.178139][ T5095]  ? __pfx__printk+0x10/0x10
[   60.178168][ T5095]  check_panic_on_warn+0x86/0xb0
[   60.178192][ T5095]  kfence_report_error+0x998/0xd10
[   60.178212][ T5095]  ? mark_lock+0x9a/0x350
[   60.178238][ T5095]  ? __pfx_kfence_report_error+0x10/0x10
[   60.178259][ T5095]  ? kfence_guarded_free+0x16c/0x4e0
[   60.178276][ T5095]  ? kmem_cache_free+0x173/0x2c0
[   60.178296][ T5095]  ? __hci_req_sync+0x62f/0x950
[   60.178318][ T5095]  ? hci_req_sync+0xa9/0xd0
[   60.178339][ T5095]  ? hci_dev_cmd+0x518/0xa90
[   60.178355][ T5095]  ? sock_do_ioctl+0x158/0x460
[   60.178372][ T5095]  ? sock_ioctl+0x629/0x8e0
[   60.178387][ T5095]  ? __se_sys_ioctl+0xfc/0x170
[   60.178402][ T5095]  ? do_syscall_64+0xf5/0x240
[   60.178422][ T5095]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.178480][ T5095]  ? _raw_spin_lock_irqsave+0xe1/0x120
[   60.178504][ T5095]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[   60.178534][ T5095]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[   60.178562][ T5095]  kfence_guarded_free+0x16c/0x4e0
[   60.178585][ T5095]  ? __hci_req_sync+0x62f/0x950
[   60.178607][ T5095]  kmem_cache_free+0x173/0x2c0
[   60.178633][ T5095]  __hci_req_sync+0x62f/0x950
[   60.178661][ T5095]  ? __pfx___hci_req_sync+0x10/0x10
[   60.178693][ T5095]  ? __pfx___mutex_lock+0x10/0x10
[   60.178714][ T5095]  ? __pfx_autoremove_wake_function+0x10/0x10
[   60.178740][ T5095]  ? __pfx_hci_scan_req+0x10/0x10
[   60.178759][ T5095]  hci_req_sync+0xa9/0xd0
[   60.178785][ T5095]  hci_dev_cmd+0x518/0xa90
[   60.178802][ T5095]  ? security_capable+0x90/0xb0
[   60.178826][ T5095]  ? __pfx_hci_dev_cmd+0x10/0x10
[   60.178846][ T5095]  ? hci_sock_ioctl+0x6c2/0xaa0
[   60.178868][ T5095]  sock_do_ioctl+0x158/0x460
[   60.178892][ T5095]  ? __pfx_sock_do_ioctl+0x10/0x10
[   60.178913][ T5095]  ? __pfx_lock_acquire+0x10/0x10
[   60.178944][ T5095]  sock_ioctl+0x629/0x8e0
[   60.178964][ T5095]  ? __pfx_sock_ioctl+0x10/0x10
[   60.178983][ T5095]  ? __fget_files+0x28/0x470
[   60.179009][ T5095]  ? bpf_lsm_file_ioctl+0x9/0x10
[   60.179025][ T5095]  ? security_file_ioctl+0x87/0xb0
[   60.179041][ T5095]  ? __pfx_sock_ioctl+0x10/0x10
[   60.179061][ T5095]  __se_sys_ioctl+0xfc/0x170
[   60.179080][ T5095]  do_syscall_64+0xf5/0x240
[   60.179102][ T5095]  ? clear_bhb_loop+0x35/0x90
[   60.179124][ T5095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.179144][ T5095] RIP: 0033:0x7f233267dc0b
[   60.179161][ T5095] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   60.179175][ T5095] RSP: 002b:00007ffc7d94a2f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   60.179195][ T5095] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f233267dc0b
[   60.179208][ T5095] RDX: 00007ffc7d94a368 RSI: 00000000400448dd RDI: 0000000000000003
[   60.179220][ T5095] RBP: 000055558de3e430 R08: 0000000000000000 R09: 0000000000000000
[   60.179231][ T5095] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[   60.179242][ T5095] R13: 0000000000000000 R14: 00007f23327ac9d8 R15: 000000000000000c
[   60.179268][ T5095]  </TASK>
[   60.188146][ T5095] Kernel Offset: disabled