Warning: Permanently added '10.128.1.122' (ED25519) to the list of known hosts.
1970/01/01 00:00:35 fuzzer started
1970/01/01 00:00:35 dialing manager at 10.128.0.163:30026
[   35.678926][ T4227] cgroup: Unknown subsys name 'net'
[   35.799252][ T4238] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   35.962329][ T4227] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:00:36 starting 5 executor processes
[   36.508696][ T4252] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   36.513060][ T4250] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   36.515500][ T4250] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   36.518022][ T4250] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   36.520381][ T4250] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   36.522798][ T4254] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   36.524789][ T4250] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   36.527913][ T4254] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   36.531223][ T4250] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   36.533301][ T4250] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   36.546707][ T4254] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   36.550790][ T4256] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   36.568091][ T4256] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   36.570448][ T4256] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   36.572724][ T4256] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   36.575107][ T4256] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   36.606797][ T4256] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   36.608723][ T4256] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   36.611028][ T4250] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   36.613402][ T4250] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   36.623063][ T4250] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   36.626174][ T4258] ==================================================================
[   36.626454][ T4250] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   36.628143][ T4258] BUG: KASAN: use-after-free in skb_release_data+0x5a4/0x6b0
[   36.628163][ T4258] Read of size 1 at addr ffff0000ec68c43e by task syz-executor.1/4258
1970/01/01 00:00:36 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[   36.628173][ T4258] 
[   36.628177][ T4258] CPU: 1 PID: 4258 Comm: syz-executor.1 Not tainted 6.1.92-syzkaller #0
[   36.628189][ T4258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   36.628196][ T4258] Call trace:
[   36.628199][ T4258]  dump_backtrace+0x1c8/0x1f4
[   36.640302][ T4258]  show_stack+0x2c/0x3c
[   36.641311][ T4258]  dump_stack_lvl+0x108/0x170
[   36.642416][ T4258]  print_report+0x174/0x4c0
[   36.643529][ T4258]  kasan_report+0xd4/0x130
[   36.644575][ T4258]  __asan_report_load1_noabort+0x2c/0x38
[   36.646026][ T4258]  skb_release_data+0x5a4/0x6b0
[   36.647254][ T4258]  kfree_skb_reason+0x1a4/0x47c
[   36.648386][ T4258]  __hci_req_sync+0x4fc/0x7ac
[   36.649577][ T4258]  hci_req_sync+0xa4/0xd0
[   36.650655][ T4258]  hci_dev_cmd+0x330/0x90c
[   36.651747][ T4258]  hci_sock_ioctl+0x4b8/0x82c
[   36.652962][ T4258]  sock_do_ioctl+0x134/0x2dc
[   36.654071][ T4258]  sock_ioctl+0x4ec/0x858
[   36.655120][ T4258]  __arm64_sys_ioctl+0x14c/0x1c8
[   36.656301][ T4258]  invoke_syscall+0x98/0x2c0
[   36.657420][ T4258]  el0_svc_common+0x138/0x258
[   36.658591][ T4258]  do_el0_svc+0x64/0x218
[   36.659627][ T4258]  el0_svc+0x58/0x168
[   36.660604][ T4258]  el0t_64_sync_handler+0x84/0xf0
[   36.661869][ T4258]  el0t_64_sync+0x18c/0x190
[   36.662950][ T4258] 
[   36.663483][ T4258] Allocated by task 4252:
[   36.664530][ T4258]  kasan_set_track+0x4c/0x80
[   36.665599][ T4258]  kasan_save_alloc_info+0x24/0x30
[   36.666944][ T4258]  __kasan_slab_alloc+0x74/0x8c
[   36.668204][ T4258]  slab_post_alloc_hook+0x74/0x458
[   36.669434][ T4258]  kmem_cache_alloc+0x230/0x37c
[   36.670599][ T4258]  skb_clone+0x19c/0x304
[   36.671652][ T4258]  hci_cmd_work+0x174/0x568
[   36.672817][ T4258]  process_one_work+0x7ac/0x1404
[   36.674095][ T4258]  worker_thread+0x8e4/0xfec
[   36.675289][ T4258]  kthread+0x250/0x2d8
[   36.676267][ T4258]  ret_from_fork+0x10/0x20
[   36.677363][ T4258] 
[   36.677925][ T4258] Freed by task 4250:
[   36.678948][ T4258]  kasan_set_track+0x4c/0x80
[   36.680035][ T4258]  kasan_save_free_info+0x38/0x5c
[   36.681226][ T4258]  ____kasan_slab_free+0x144/0x1c0
[   36.682514][ T4258]  __kasan_slab_free+0x18/0x28
[   36.683755][ T4258]  kmem_cache_free+0x2f0/0x588
[   36.684951][ T4258]  kfree_skbmem+0x10c/0x19c
[   36.686073][ T4258]  kfree_skb_reason+0x1ac/0x47c
[   36.687233][ T4258]  hci_req_sync_complete+0xcc/0x258
[   36.688483][ T4258]  hci_event_packet+0xbd4/0x109c
[   36.689710][ T4258]  hci_rx_work+0x318/0xa68
[   36.690821][ T4258]  process_one_work+0x7ac/0x1404
[   36.692083][ T4258]  worker_thread+0x8e4/0xfec
[   36.693219][ T4258]  kthread+0x250/0x2d8
[   36.694243][ T4258]  ret_from_fork+0x10/0x20
[   36.695386][ T4258] 
[   36.695978][ T4258] The buggy address belongs to the object at ffff0000ec68c3c0
[   36.695978][ T4258]  which belongs to the cache skbuff_head_cache of size 240
[   36.699689][ T4258] The buggy address is located 126 bytes inside of
[   36.699689][ T4258]  240-byte region [ffff0000ec68c3c0, ffff0000ec68c4b0)
[   36.702959][ T4258] 
[   36.703512][ T4258] The buggy address belongs to the physical page:
[   36.705134][ T4258] page:000000003a0a27ff refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12c68c
[   36.707673][ T4258] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
[   36.709605][ T4258] raw: 05ffc00000000200 0000000000000000 dead000000000122 ffff0000c0b72480
[   36.711627][ T4258] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   36.713821][ T4258] page dumped because: kasan: bad access detected
[   36.715404][ T4258] 
[   36.716006][ T4258] Memory state around the buggy address:
[   36.717460][ T4258]  ffff0000ec68c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[   36.717671][ T4265] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   36.719457][ T4258]  ffff0000ec68c380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   36.719467][ T4258] >ffff0000ec68c400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.725162][ T4258]                                         ^
[   36.726658][ T4258]  ffff0000ec68c480: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[   36.728637][ T4258]  ffff0000ec68c500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.730701][ T4258] ==================================================================
[   36.733731][ T4258] Disabling lock debugging due to kernel taint
[   36.761751][   T47] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   36.763693][   T47] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   36.765548][   T47] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   36.767706][   T47] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   36.796829][ T4254] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   36.798807][ T4254] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   36.800633][ T4254] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2