last executing test programs: kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.27' (ED25519) to the list of known hosts. 2024/06/18 23:57:32 fuzzer started 2024/06/18 23:57:32 dialing manager at 10.128.0.169:30020 [ 70.597297][ T5096] cgroup: Unknown subsys name 'net' [ 70.729592][ T5096] cgroup: Unknown subsys name 'rlimit' [ 71.720484][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.727475][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 2024/06/18 23:57:34 starting 5 executor processes [ 72.292424][ T5103] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 73.492687][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.505698][ T5120] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.513769][ T5120] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.522025][ T5120] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.531195][ T5120] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.539695][ T5120] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.543510][ T5122] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.547515][ T5120] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.555699][ T5122] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.562615][ T5120] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.569795][ T5122] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.577326][ T5120] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 73.593832][ T5122] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.601306][ T5124] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.602215][ T5122] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 73.613354][ T5125] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.616809][ T5124] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.629995][ T5122] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.639756][ T5122] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.648739][ T5122] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 73.661158][ T5122] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.668791][ T5122] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.690085][ T5124] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 73.697955][ T5110] ================================================================== [ 73.698385][ T5124] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.706044][ T5110] BUG: KFENCE: invalid free in __hci_req_sync+0x62f/0x950 [ 73.706044][ T5110] [ 73.706086][ T5110] Invalid free of 0xffff88823bdc2000 (in kfence-#224): [ 73.706101][ T5110] __hci_req_sync+0x62f/0x950 [ 73.706125][ T5110] hci_req_sync+0xa9/0xd0 [ 73.706147][ T5110] hci_dev_cmd+0x4c5/0xa50 [ 73.706173][ T5110] compat_sock_ioctl+0x18b/0xf20 [ 73.706198][ T5110] __se_compat_sys_ioctl+0x51c/0xca0 [ 73.752958][ T5110] __do_fast_syscall_32+0xb4/0x120 [ 73.758112][ T5110] do_fast_syscall_32+0x34/0x80 [ 73.763009][ T5110] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 73.769380][ T5110] [ 73.771733][ T5110] kfence-#224: 0xffff88823bdc2000-0xffff88823bdc20ef, size=240, cache=skbuff_head_cache [ 73.771733][ T5110] [ 73.783741][ T5110] allocated by task 53 on cpu 1 at 73.697392s: [ 73.789958][ T5110] skb_clone+0x20c/0x390 [ 73.794240][ T5110] hci_cmd_work+0x29e/0x670 [ 73.798782][ T5110] process_scheduled_works+0xa2c/0x1830 [ 73.804362][ T5110] worker_thread+0x86d/0xd70 [ 73.809030][ T5110] kthread+0x2f0/0x390 [ 73.813125][ T5110] ret_from_fork+0x4b/0x80 [ 73.817557][ T5110] ret_from_fork_asm+0x1a/0x30 [ 73.822331][ T5110] [ 73.824688][ T5110] freed by task 5124 on cpu 0 at 73.697880s: [ 73.830715][ T5110] hci_req_sync_complete+0xe7/0x290 [ 73.835932][ T5110] hci_event_packet+0xc71/0x1540 [ 73.840962][ T5110] hci_rx_work+0x3e8/0xca0 [ 73.845383][ T5110] process_scheduled_works+0xa2c/0x1830 [ 73.850960][ T5110] worker_thread+0x86d/0xd70 [ 73.855563][ T5110] kthread+0x2f0/0x390 [ 73.859666][ T5110] ret_from_fork+0x4b/0x80 [ 73.864094][ T5110] ret_from_fork_asm+0x1a/0x30 [ 73.868901][ T5110] [ 73.871239][ T5110] CPU: 1 PID: 5110 Comm: syz-executor.4 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 [ 73.881745][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 73.892155][ T5110] ================================================================== [ 73.900233][ T5110] Kernel panic - not syncing: KFENCE: panic_on_warn set ... [ 73.907830][ T5110] CPU: 1 PID: 5110 Comm: syz-executor.4 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 [ 73.918258][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 73.928331][ T5110] Call Trace: [ 73.931660][ T5110] [ 73.934621][ T5110] dump_stack_lvl+0x241/0x360 [ 73.939324][ T5110] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.944541][ T5110] ? __pfx__printk+0x10/0x10 [ 73.949229][ T5110] ? vprintk_emit+0x631/0x770 [ 73.954034][ T5110] ? vscnprintf+0x5d/0x90 [ 73.958387][ T5110] panic+0x349/0x860 [ 73.962305][ T5110] ? check_panic_on_warn+0x21/0xb0 [ 73.967438][ T5110] ? __pfx_panic+0x10/0x10 [ 73.971895][ T5110] ? _printk+0xd5/0x120 [ 73.976094][ T5110] ? __pfx__printk+0x10/0x10 [ 73.980892][ T5110] ? __pfx__printk+0x10/0x10 [ 73.985524][ T5110] check_panic_on_warn+0x86/0xb0 [ 73.990483][ T5110] kfence_report_error+0x998/0xd10 [ 73.995616][ T5110] ? mark_lock+0x9a/0x350 [ 73.999970][ T5110] ? __pfx_kfence_report_error+0x10/0x10 [ 74.005647][ T5110] ? kfence_guarded_free+0x16c/0x4e0 [ 74.010948][ T5110] ? kmem_cache_free+0x1b1/0x350 [ 74.015898][ T5110] ? __hci_req_sync+0x62f/0x950 [ 74.020768][ T5110] ? hci_req_sync+0xa9/0xd0 [ 74.025289][ T5110] ? hci_dev_cmd+0x4c5/0xa50 [ 74.029907][ T5110] ? compat_sock_ioctl+0x18b/0xf20 [ 74.035042][ T5110] ? __se_compat_sys_ioctl+0x51c/0xca0 [ 74.040536][ T5110] ? __do_fast_syscall_32+0xb4/0x120 [ 74.045873][ T5110] ? do_fast_syscall_32+0x34/0x80 [ 74.050934][ T5110] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 74.057586][ T5110] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 74.063064][ T5110] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 74.069038][ T5110] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 74.075135][ T5110] kfence_guarded_free+0x16c/0x4e0 [ 74.080272][ T5110] ? __hci_req_sync+0x62f/0x950 [ 74.085141][ T5110] kmem_cache_free+0x1b1/0x350 [ 74.089923][ T5110] __hci_req_sync+0x62f/0x950 [ 74.094645][ T5110] ? __pfx___hci_req_sync+0x10/0x10 [ 74.099895][ T5110] ? __pfx___mutex_lock+0x10/0x10 [ 74.104935][ T5110] ? __pfx_autoremove_wake_function+0x10/0x10 [ 74.111022][ T5110] ? __pfx_hci_scan_req+0x10/0x10 [ 74.116093][ T5110] hci_req_sync+0xa9/0xd0 [ 74.120616][ T5110] hci_dev_cmd+0x4c5/0xa50 [ 74.125139][ T5110] ? security_capable+0x90/0xb0 [ 74.130096][ T5110] ? __pfx_hci_dev_cmd+0x10/0x10 [ 74.135117][ T5110] ? hci_sock_ioctl+0x6c4/0xa40 [ 74.140010][ T5110] compat_sock_ioctl+0x18b/0xf20 [ 74.145014][ T5110] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 74.150496][ T5110] ? __fget_files+0x29/0x470 [ 74.155108][ T5110] ? __fget_files+0x3f6/0x470 [ 74.159825][ T5110] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 74.165391][ T5110] ? security_file_ioctl_compat+0x87/0xb0 [ 74.171126][ T5110] __se_compat_sys_ioctl+0x51c/0xca0 [ 74.176452][ T5110] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 74.182285][ T5110] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 74.188302][ T5110] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.194648][ T5110] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 74.201378][ T5110] ? lockdep_hardirqs_on+0x99/0x150 [ 74.206609][ T5110] __do_fast_syscall_32+0xb4/0x120 [ 74.211747][ T5110] do_fast_syscall_32+0x34/0x80 [ 74.216617][ T5110] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 74.223080][ T5110] RIP: 0023:0xf740f579 [ 74.227167][ T5110] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 74.246822][ T5110] RSP: 002b:00000000ffd9b264 EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 74.255262][ T5110] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000400448dd [ 74.263252][ T5110] RDX: 00000000ffd9b2b4 RSI: 00000000f7400ff4 RDI: 0000000000000002 [ 74.271251][ T5110] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 74.279229][ T5110] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 74.287206][ T5110] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 74.295203][ T5110] [ 74.298480][ T5110] Kernel Offset: disabled [ 74.303034][ T5110] Rebooting in 86400 seconds..