Warning: Permanently added '10.128.1.141' (ED25519) to the list of known hosts.
2024/05/19 04:33:22 fuzzer started
2024/05/19 04:33:22 dialing manager at 10.128.0.163:30012
[   52.708557][ T3547] cgroup: Unknown subsys name 'net'
[   52.920657][ T3547] cgroup: Unknown subsys name 'rlimit'
2024/05/19 04:33:23 starting 5 executor processes
[   53.954507][ T3549] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   53.966481][ T3549] syz-executor (3549) used greatest stack depth: 19984 bytes left
[   54.554195][ T3572] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.567218][ T3574] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   54.577135][ T3576] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   54.585391][ T3576] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   54.592227][ T3580] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.595238][ T3582] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   54.601283][ T3580] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   54.608270][ T3582] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   54.614800][ T3580] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   54.629123][ T3580] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.629705][ T3582] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   54.636519][ T3580] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   54.644628][ T3582] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   54.652091][ T3580] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   54.658445][ T3582] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   54.664426][ T3580] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   54.671616][ T3582] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   54.679516][ T3580] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   54.686844][ T3582] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   54.693386][ T3580] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   54.699180][ T3582] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.706394][ T3580] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   54.714038][ T3582] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   54.727087][ T3582] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   54.727773][ T3580] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   54.735318][ T3582] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   54.748890][ T3572] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   54.749503][ T3582] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   54.763712][ T3572] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.764150][ T3582] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   54.780477][ T3567] ==================================================================
[   54.788570][ T3567] BUG: KASAN: use-after-free in skb_release_data+0x6a5/0x7a0
[   54.795981][ T3567] Read of size 1 at addr ffff88805d6c6bbe by task syz-executor.0/3567
[   54.804143][ T3567] 
[   54.806478][ T3567] CPU: 0 PID: 3567 Comm: syz-executor.0 Not tainted 6.1.91-syzkaller #0
[   54.814808][ T3567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   54.824881][ T3567] Call Trace:
[   54.828170][ T3567]  <TASK>
[   54.831115][ T3567]  dump_stack_lvl+0x1e3/0x2cb
[   54.835825][ T3567]  ? nf_tcp_handle_invalid+0x642/0x642
[   54.841302][ T3567]  ? panic+0x764/0x764
[   54.845393][ T3567]  ? _printk+0xd1/0x111
[   54.849560][ T3567]  ? __virt_addr_valid+0x17f/0x520
[   54.854688][ T3567]  ? __virt_addr_valid+0x17f/0x520
[   54.859820][ T3567]  print_report+0x15f/0x4f0
[   54.864342][ T3567]  ? __virt_addr_valid+0x17f/0x520
[   54.869471][ T3567]  ? __virt_addr_valid+0x17f/0x520
[   54.874599][ T3567]  ? __virt_addr_valid+0x44a/0x520
[   54.879726][ T3567]  ? __phys_addr+0xb6/0x170
[   54.884249][ T3567]  ? skb_release_data+0x6a5/0x7a0
[   54.889294][ T3567]  kasan_report+0x136/0x160
[   54.893813][ T3567]  ? skb_release_data+0x6a5/0x7a0
[   54.898857][ T3567]  skb_release_data+0x6a5/0x7a0
[   54.903729][ T3567]  ? __hci_req_sync+0x626/0x940
[   54.908588][ T3567]  kfree_skb_reason+0x16f/0x390
[   54.913454][ T3567]  __hci_req_sync+0x626/0x940
[   54.918138][ T3567]  ? trace_contention_end+0x61/0x170
[   54.923437][ T3567]  ? hci_req_sync_complete+0x280/0x280
[   54.928913][ T3567]  ? mutex_lock_nested+0x10/0x10
[   54.933868][ T3567]  ? hci_encrypt_req+0x170/0x170
[   54.938823][ T3567]  hci_req_sync+0xa5/0xc0
[   54.943167][ T3567]  hci_dev_cmd+0x2fc/0xa30
[   54.947601][ T3567]  ? security_capable+0x86/0xb0
[   54.952468][ T3567]  ? hci_dev_reset_stat+0x1a0/0x1a0
[   54.957695][ T3567]  ? hci_sock_ioctl+0x426/0x850
[   54.962565][ T3567]  sock_do_ioctl+0x152/0x450
[   54.967173][ T3567]  ? sock_show_fdinfo+0xb0/0xb0
[   54.972039][ T3567]  ? __fget_files+0x28/0x4a0
[   54.976648][ T3567]  sock_ioctl+0x47f/0x770
[   54.980992][ T3567]  ? sock_poll+0x410/0x410
[   54.985420][ T3567]  ? __fget_files+0x28/0x4a0
[   54.990020][ T3567]  ? __fget_files+0x435/0x4a0
[   54.994713][ T3567]  ? __fget_files+0x28/0x4a0
[   54.999328][ T3567]  ? bpf_lsm_file_ioctl+0x5/0x10
[   55.004283][ T3567]  ? security_file_ioctl+0x7d/0xa0
[   55.009412][ T3567]  ? sock_poll+0x410/0x410
[   55.013826][ T3567]  __se_sys_ioctl+0xf1/0x160
[   55.018414][ T3567]  do_syscall_64+0x3b/0xb0
[   55.022824][ T3567]  ? clear_bhb_loop+0x45/0xa0
[   55.027493][ T3567]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   55.033379][ T3567] RIP: 0033:0x7fd23d87cc4b
[   55.037783][ T3567] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   55.057374][ T3567] RSP: 002b:00007ffc65a2fdc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   55.065774][ T3567] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd23d87cc4b
[   55.073756][ T3567] RDX: 00007ffc65a2fe38 RSI: 00000000400448dd RDI: 0000000000000003
[   55.081715][ T3567] RBP: 000055555570d430 R08: 0000000000000000 R09: 0000000000000000
[   55.089673][ T3567] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[   55.097628][ T3567] R13: 0000000000000001 R14: 00007fd23d9ac9d8 R15: 000000000000000c
[   55.105597][ T3567]  </TASK>
[   55.108601][ T3567] 
[   55.110908][ T3567] Allocated by task 3574:
[   55.115217][ T3567]  kasan_set_track+0x4b/0x70
[   55.119807][ T3567]  __kasan_slab_alloc+0x65/0x70
[   55.124640][ T3567]  slab_post_alloc_hook+0x52/0x3a0
[   55.129739][ T3567]  kmem_cache_alloc+0x10c/0x2d0
[   55.134579][ T3567]  skb_clone+0x1e5/0x360
[   55.138812][ T3567]  hci_cmd_work+0x296/0x660
[   55.143311][ T3567]  process_one_work+0x8a9/0x11d0
[   55.148237][ T3567]  worker_thread+0xa47/0x1200
[   55.152911][ T3567]  kthread+0x28d/0x320
[   55.156961][ T3567]  ret_from_fork+0x1f/0x30
[   55.161365][ T3567] 
[   55.163672][ T3567] Freed by task 3574:
[   55.167635][ T3567]  kasan_set_track+0x4b/0x70
[   55.172216][ T3567]  kasan_save_free_info+0x27/0x40
[   55.177225][ T3567]  ____kasan_slab_free+0xd6/0x120
[   55.182237][ T3567]  kmem_cache_free+0x292/0x510
[   55.186987][ T3567]  hci_req_sync_complete+0xee/0x280
[   55.192171][ T3567]  hci_event_packet+0xc49/0x1510
[   55.197095][ T3567]  hci_rx_work+0x3cd/0xce0
[   55.201500][ T3567]  process_one_work+0x8a9/0x11d0
[   55.206425][ T3567]  worker_thread+0xa47/0x1200
[   55.211087][ T3567]  kthread+0x28d/0x320
[   55.215140][ T3567]  ret_from_fork+0x1f/0x30
[   55.219542][ T3567] 
[   55.221850][ T3567] The buggy address belongs to the object at ffff88805d6c6b40
[   55.221850][ T3567]  which belongs to the cache skbuff_head_cache of size 240
[   55.236407][ T3567] The buggy address is located 126 bytes inside of
[   55.236407][ T3567]  240-byte region [ffff88805d6c6b40, ffff88805d6c6c30)
[   55.249665][ T3567] 
[   55.251975][ T3567] The buggy address belongs to the physical page:
[   55.258366][ T3567] page:ffffea000175b180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d6c6
[   55.268501][ T3567] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   55.276036][ T3567] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff88801426f500
[   55.284603][ T3567] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   55.293166][ T3567] page dumped because: kasan: bad access detected
[   55.299557][ T3567] page_owner tracks the page as allocated
[   55.305254][ T3567] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3574, tgid 3574 (kworker/u5:3), ts 54779076629, free_ts 11148888402
[   55.323559][ T3567]  post_alloc_hook+0x18d/0x1b0
[   55.328314][ T3567]  get_page_from_freelist+0x31a1/0x3320
[   55.333847][ T3567]  __alloc_pages+0x28d/0x770
[   55.338420][ T3567]  alloc_slab_page+0x6a/0x150
[   55.343083][ T3567]  new_slab+0x84/0x2d0
[   55.347143][ T3567]  ___slab_alloc+0xc20/0x1270
[   55.351805][ T3567]  kmem_cache_alloc+0x1a5/0x2d0
[   55.356641][ T3567]  skb_clone+0x1e5/0x360
[   55.360869][ T3567]  hci_event_packet+0x498/0x1510
[   55.365793][ T3567]  hci_rx_work+0x3cd/0xce0
[   55.370199][ T3567]  process_one_work+0x8a9/0x11d0
[   55.375121][ T3567]  worker_thread+0xa47/0x1200
[   55.379782][ T3567]  kthread+0x28d/0x320
[   55.383836][ T3567]  ret_from_fork+0x1f/0x30
[   55.388250][ T3567] page last free stack trace:
[   55.392903][ T3567]  free_unref_page_prepare+0xf63/0x1120
[   55.398452][ T3567]  free_unref_page+0x33/0x3e0
[   55.403129][ T3567]  free_contig_range+0x9a/0x150
[   55.407972][ T3567]  destroy_args+0xfe/0x997
[   55.412383][ T3567]  debug_vm_pgtable+0x416/0x46b
[   55.417224][ T3567]  do_one_initcall+0x265/0x8f0
[   55.421981][ T3567]  do_initcall_level+0x157/0x207
[   55.426908][ T3567]  do_initcalls+0x49/0x86
[   55.431577][ T3567]  kernel_init_freeable+0x45c/0x60f
[   55.436767][ T3567]  kernel_init+0x19/0x290
[   55.441081][ T3567]  ret_from_fork+0x1f/0x30
[   55.445486][ T3567] 
[   55.447794][ T3567] Memory state around the buggy address:
[   55.453422][ T3567]  ffff88805d6c6a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[   55.461508][ T3567]  ffff88805d6c6b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   55.469584][ T3567] >ffff88805d6c6b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.477634][ T3567]                                         ^
[   55.483509][ T3567]  ffff88805d6c6c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[   55.491555][ T3567]  ffff88805d6c6c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.499597][ T3567] ==================================================================
[   55.518304][ T3567] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   55.525539][ T3567] CPU: 1 PID: 3567 Comm: syz-executor.0 Not tainted 6.1.91-syzkaller #0
[   55.533878][ T3567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   55.543947][ T3567] Call Trace:
[   55.547237][ T3567]  <TASK>
[   55.550177][ T3567]  dump_stack_lvl+0x1e3/0x2cb
[   55.554881][ T3567]  ? nf_tcp_handle_invalid+0x642/0x642
[   55.560358][ T3567]  ? panic+0x764/0x764
[   55.564433][ T3567]  ? vscnprintf+0x59/0x80
[   55.568756][ T3567]  panic+0x318/0x764
[   55.572637][ T3567]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   55.578782][ T3567]  ? check_panic_on_warn+0x1d/0xa0
[   55.583882][ T3567]  ? memcpy_page_flushcache+0xfc/0xfc
[   55.589266][ T3567]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   55.595268][ T3567]  ? _raw_spin_unlock+0x40/0x40
[   55.600120][ T3567]  check_panic_on_warn+0x7e/0xa0
[   55.605066][ T3567]  ? skb_release_data+0x6a5/0x7a0
[   55.610123][ T3567]  end_report+0x66/0x110
[   55.614365][ T3567]  kasan_report+0x143/0x160
[   55.618860][ T3567]  ? skb_release_data+0x6a5/0x7a0
[   55.623879][ T3567]  skb_release_data+0x6a5/0x7a0
[   55.629158][ T3567]  ? __hci_req_sync+0x626/0x940
[   55.634008][ T3567]  kfree_skb_reason+0x16f/0x390
[   55.638853][ T3567]  __hci_req_sync+0x626/0x940
[   55.643517][ T3567]  ? trace_contention_end+0x61/0x170
[   55.648798][ T3567]  ? hci_req_sync_complete+0x280/0x280
[   55.654247][ T3567]  ? mutex_lock_nested+0x10/0x10
[   55.659191][ T3567]  ? hci_encrypt_req+0x170/0x170
[   55.664145][ T3567]  hci_req_sync+0xa5/0xc0
[   55.668477][ T3567]  hci_dev_cmd+0x2fc/0xa30
[   55.672884][ T3567]  ? security_capable+0x86/0xb0
[   55.677731][ T3567]  ? hci_dev_reset_stat+0x1a0/0x1a0
[   55.682925][ T3567]  ? hci_sock_ioctl+0x426/0x850
[   55.687761][ T3567]  sock_do_ioctl+0x152/0x450
[   55.692344][ T3567]  ? sock_show_fdinfo+0xb0/0xb0
[   55.697182][ T3567]  ? __fget_files+0x28/0x4a0
[   55.701762][ T3567]  sock_ioctl+0x47f/0x770
[   55.706087][ T3567]  ? sock_poll+0x410/0x410
[   55.710505][ T3567]  ? __fget_files+0x28/0x4a0
[   55.715095][ T3567]  ? __fget_files+0x435/0x4a0
[   55.719773][ T3567]  ? __fget_files+0x28/0x4a0
[   55.724387][ T3567]  ? bpf_lsm_file_ioctl+0x5/0x10
[   55.729765][ T3567]  ? security_file_ioctl+0x7d/0xa0
[   55.734878][ T3567]  ? sock_poll+0x410/0x410
[   55.739291][ T3567]  __se_sys_ioctl+0xf1/0x160
[   55.743878][ T3567]  do_syscall_64+0x3b/0xb0
[   55.748293][ T3567]  ? clear_bhb_loop+0x45/0xa0
[   55.752961][ T3567]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   55.758842][ T3567] RIP: 0033:0x7fd23d87cc4b
[   55.763245][ T3567] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   55.782863][ T3567] RSP: 002b:00007ffc65a2fdc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   55.791272][ T3567] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd23d87cc4b
[   55.799229][ T3567] RDX: 00007ffc65a2fe38 RSI: 00000000400448dd RDI: 0000000000000003
[   55.807191][ T3567] RBP: 000055555570d430 R08: 0000000000000000 R09: 0000000000000000
[   55.815247][ T3567] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[   55.823207][ T3567] R13: 0000000000000001 R14: 00007fd23d9ac9d8 R15: 000000000000000c
[   55.831171][ T3567]  </TASK>
[   55.834436][ T3567] Kernel Offset: disabled
[   55.838744][ T3567] Rebooting in 86400 seconds..