Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts.
2024/04/07 04:44:53 fuzzer started
2024/04/07 04:44:53 dialing manager at 10.128.0.169:30005
[   71.249208][ T5084] cgroup: Unknown subsys name 'net'
[   71.388474][ T5084] cgroup: Unknown subsys name 'rlimit'
[   71.713148][ T1243] ieee802154 phy0 wpan0: encryption failed: -22
[   71.719746][ T1243] ieee802154 phy1 wpan1: encryption failed: -22
2024/04/07 04:44:56 syscalls: 3855
2024/04/07 04:44:56 code coverage: enabled
2024/04/07 04:44:56 comparison tracing: enabled
2024/04/07 04:44:56 extra coverage: enabled
2024/04/07 04:44:56 delay kcov mmap: enabled
2024/04/07 04:44:56 setuid sandbox: enabled
2024/04/07 04:44:56 namespace sandbox: enabled
2024/04/07 04:44:56 Android sandbox: /sys/fs/selinux/policy does not exist
2024/04/07 04:44:56 fault injection: enabled
2024/04/07 04:44:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2024/04/07 04:44:56 net packet injection: enabled
2024/04/07 04:44:56 net device setup: enabled
2024/04/07 04:44:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2024/04/07 04:44:56 devlink PCI setup: PCI device 0000:00:10.0 is not available
2024/04/07 04:44:56 NIC VF setup: PCI device 0000:00:11.0 is not available
2024/04/07 04:44:56 USB emulation: enabled
2024/04/07 04:44:56 hci packet injection: enabled
2024/04/07 04:44:56 wifi device emulation: enabled
2024/04/07 04:44:56 802.15.4 emulation: enabled
2024/04/07 04:44:56 swap file: enabled
[   73.050614][ T5084] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2024/04/07 04:44:56 starting 5 executor processes
[   74.382765][ T5105] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   74.391924][ T5105] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   74.409874][ T5105] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   74.421817][ T5109] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   74.429402][ T5105] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   74.437758][ T5105] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   74.437859][ T5109] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   74.445658][ T5105] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   74.452731][ T5109] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   74.459865][ T5105] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   74.467263][ T5109] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   74.474619][ T5105] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   74.480576][ T5109] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   74.489688][ T5105] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   74.494149][ T5109] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   74.501110][ T5105] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   74.519438][ T5107] ==================================================================
[   74.519695][ T5109] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   74.527513][ T5107] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[   74.536878][ T5109] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   74.542251][ T5107] Read of size 4 at addr ffff8880645c9864 by task syz-executor.1/5107
[   74.542272][ T5107] 
[   74.542281][ T5107] CPU: 1 PID: 5107 Comm: syz-executor.1 Not tainted 6.9.0-rc2-next-20240405-syzkaller #0
[   74.556367][ T5111] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   74.557442][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   74.563086][ T5109] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   74.569628][ T5107] Call Trace:
[   74.569642][ T5107]  <TASK>
[   74.569651][ T5107]  dump_stack_lvl+0x241/0x360
[   74.569686][ T5107]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.569713][ T5107]  ? __pfx__printk+0x10/0x10
[   74.580524][   T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   74.586682][ T5107]  ? _printk+0xd5/0x120
[   74.625710][ T5107]  ? __virt_addr_valid+0x183/0x520
[   74.630883][ T5107]  ? __virt_addr_valid+0x183/0x520
[   74.636026][ T5107]  print_report+0x169/0x550
[   74.640545][ T5107]  ? __virt_addr_valid+0x183/0x520
[   74.645696][ T5107]  ? __virt_addr_valid+0x183/0x520
[   74.650863][ T5107]  ? __virt_addr_valid+0x44e/0x520
[   74.655986][ T5107]  ? __phys_addr+0xba/0x170
[   74.660617][ T5107]  ? kfree_skb_reason+0x41/0x3b0
[   74.665566][ T5107]  kasan_report+0x143/0x180
[   74.670075][ T5107]  ? kfree_skb_reason+0x41/0x3b0
[   74.675023][ T5107]  kasan_check_range+0x282/0x290
[   74.679992][ T5107]  kfree_skb_reason+0x41/0x3b0
[   74.684770][ T5107]  __hci_req_sync+0x62f/0x950
[   74.689467][ T5107]  ? __pfx___hci_req_sync+0x10/0x10
[   74.694686][ T5107]  ? __pfx___mutex_lock+0x10/0x10
[   74.699732][ T5107]  ? __pfx_autoremove_wake_function+0x10/0x10
[   74.705803][ T5107]  ? __pfx_hci_scan_req+0x10/0x10
[   74.710837][ T5107]  hci_req_sync+0xa9/0xd0
[   74.715205][ T5107]  hci_dev_cmd+0x518/0xa90
[   74.719637][ T5107]  ? security_capable+0x90/0xb0
[   74.724511][ T5107]  ? __pfx_hci_dev_cmd+0x10/0x10
[   74.729461][ T5107]  ? hci_sock_ioctl+0x6c2/0xaa0
[   74.734327][ T5107]  sock_do_ioctl+0x158/0x460
[   74.738922][ T5107]  ? __pfx_sock_do_ioctl+0x10/0x10
[   74.744047][ T5107]  ? __pfx_lock_acquire+0x10/0x10
[   74.749085][ T5107]  sock_ioctl+0x629/0x8e0
[   74.753457][ T5107]  ? __pfx_sock_ioctl+0x10/0x10
[   74.758331][ T5107]  ? __fget_files+0x28/0x470
[   74.762937][ T5107]  ? bpf_lsm_file_ioctl+0x9/0x10
[   74.767887][ T5107]  ? security_file_ioctl+0x87/0xb0
[   74.772999][ T5107]  ? __pfx_sock_ioctl+0x10/0x10
[   74.777864][ T5107]  __se_sys_ioctl+0xfc/0x170
[   74.782462][ T5107]  do_syscall_64+0xfb/0x240
[   74.786969][ T5107]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[   74.792868][ T5107] RIP: 0033:0x7fd8f7e7dbcb
[   74.797281][ T5107] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   74.816891][ T5107] RSP: 002b:00007ffc3d1858e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   74.825309][ T5107] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd8f7e7dbcb
[   74.833284][ T5107] RDX: 00007ffc3d185958 RSI: 00000000400448dd RDI: 0000000000000003
[   74.841255][ T5107] RBP: 00005555747dc430 R08: 0000000000000000 R09: 0000000000000000
[   74.849230][ T5107] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000003
[   74.857219][ T5107] R13: 0000000000000003 R14: 00007fd8f7fac9d8 R15: 000000000000000c
[   74.865201][ T5107]  </TASK>
[   74.868225][ T5107] 
[   74.870551][ T5107] Allocated by task 5105:
[   74.874965][ T5107]  kasan_save_track+0x3f/0x80
[   74.879669][ T5107]  __kasan_slab_alloc+0x66/0x80
[   74.884619][ T5107]  kmem_cache_alloc_noprof+0x135/0x290
[   74.890083][ T5107]  skb_clone+0x20c/0x390
[   74.894340][ T5107]  hci_cmd_work+0x29e/0x670
[   74.898853][ T5107]  process_scheduled_works+0xa2c/0x1830
[   74.904400][ T5107]  worker_thread+0x86d/0xd70
[   74.908991][ T5107]  kthread+0x2f0/0x390
[   74.913097][ T5107]  ret_from_fork+0x4b/0x80
[   74.917525][ T5107]  ret_from_fork_asm+0x1a/0x30
[   74.922296][ T5107] 
[   74.924617][ T5107] Freed by task 5109:
[   74.928591][ T5107]  kasan_save_track+0x3f/0x80
[   74.933296][ T5107]  kasan_save_free_info+0x40/0x50
[   74.938337][ T5107]  poison_slab_object+0xe0/0x150
[   74.943280][ T5107]  __kasan_slab_free+0x37/0x60
[   74.948073][ T5107]  kmem_cache_free+0x145/0x340
[   74.952841][ T5107]  hci_req_sync_complete+0xe7/0x290
[   74.958066][ T5107]  hci_event_packet+0xc71/0x1540
[   74.963027][ T5107]  hci_rx_work+0x3e8/0xca0
[   74.967453][ T5107]  process_scheduled_works+0xa2c/0x1830
[   74.973011][ T5107]  worker_thread+0x86d/0xd70
[   74.977615][ T5107]  kthread+0x2f0/0x390
[   74.981694][ T5107]  ret_from_fork+0x4b/0x80
[   74.986125][ T5107]  ret_from_fork_asm+0x1a/0x30
[   74.990904][ T5107] 
[   74.993227][ T5107] The buggy address belongs to the object at ffff8880645c9780
[   74.993227][ T5107]  which belongs to the cache skbuff_head_cache of size 240
[   75.007809][ T5107] The buggy address is located 228 bytes inside of
[   75.007809][ T5107]  freed 240-byte region [ffff8880645c9780, ffff8880645c9870)
[   75.021608][ T5107] 
[   75.023952][ T5107] The buggy address belongs to the physical page:
[   75.030374][ T5107] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x645c9
[   75.039132][ T5107] flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
[   75.046240][ T5107] page_type: 0xffffefff(slab)
[   75.050921][ T5107] raw: 00fff80000000000 ffff888018ec2780 dead000000000122 0000000000000000
[   75.059506][ T5107] raw: 0000000000000000 00000000800c000c 00000001ffffefff 0000000000000000
[   75.068084][ T5107] page dumped because: kasan: bad access detected
[   75.074490][ T5107] page_owner tracks the page as allocated
[   75.080203][ T5107] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 5106, tgid 1501860599 (kworker/u9:4), ts 5106, free_ts 23287202140
[   75.098446][ T5107]  post_alloc_hook+0x1f3/0x230
[   75.103222][ T5107]  get_page_from_freelist+0x2e7e/0x2f40
[   75.108875][ T5107]  __alloc_pages_noprof+0x256/0x6c0
[   75.114080][ T5107]  alloc_slab_page+0x5f/0x120
[   75.118770][ T5107]  allocate_slab+0x5a/0x2e0
[   75.123282][ T5107]  ___slab_alloc+0xcd1/0x14b0
[   75.127962][ T5107]  __slab_alloc+0x58/0xa0
[   75.132295][ T5107]  kmem_cache_alloc_node_noprof+0x1fe/0x310
[   75.138191][ T5107]  __alloc_skb+0x1c3/0x440
[   75.142645][ T5107]  hci_sock_dev_event+0x100/0x5f0
[   75.147680][ T5107]  hci_dev_open_sync+0xfbe/0x33d0
[   75.152742][ T5107]  hci_power_on+0x1c8/0x700
[   75.157273][ T5107]  process_scheduled_works+0xa2c/0x1830
[   75.162821][ T5107]  worker_thread+0x86d/0xd70
[   75.167418][ T5107]  kthread+0x2f0/0x390
[   75.171497][ T5107]  ret_from_fork+0x4b/0x80
[   75.175939][ T5107] page last free pid 1 tgid 1 stack trace:
[   75.181747][ T5107]  free_unref_page+0xd3c/0xec0
[   75.186518][ T5107]  free_contig_range+0x9e/0x160
[   75.191389][ T5107]  destroy_args+0x8a/0x890
[   75.195818][ T5107]  debug_vm_pgtable+0x4be/0x550
[   75.200706][ T5107]  do_one_initcall+0x248/0x880
[   75.205481][ T5107]  do_initcall_level+0x157/0x210
[   75.210424][ T5107]  do_initcalls+0x3f/0x80
[   75.214769][ T5107]  kernel_init_freeable+0x435/0x5d0
[   75.219969][ T5107]  kernel_init+0x1d/0x2b0
[   75.224308][ T5107]  ret_from_fork+0x4b/0x80
[   75.228746][ T5107]  ret_from_fork_asm+0x1a/0x30
[   75.233608][ T5107] 
[   75.235932][ T5107] Memory state around the buggy address:
[   75.241559][ T5107]  ffff8880645c9700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[   75.249646][ T5107]  ffff8880645c9780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   75.257705][ T5107] >ffff8880645c9800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   75.265776][ T5107]                                                        ^
[   75.272983][ T5107]  ffff8880645c9880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   75.281044][ T5107]  ffff8880645c9900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   75.289102][ T5107] ==================================================================
[   75.329766][   T52] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   75.338072][   T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   75.346028][   T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   75.354874][   T52] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   75.362402][   T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   75.369974][   T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   75.379875][   T52] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   75.393292][   T52] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   75.408909][   T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   75.459660][ T5107] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   75.466909][ T5107] CPU: 1 PID: 5107 Comm: syz-executor.1 Not tainted 6.9.0-rc2-next-20240405-syzkaller #0
[   75.476752][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   75.486837][ T5107] Call Trace:
[   75.490146][ T5107]  <TASK>
[   75.493133][ T5107]  dump_stack_lvl+0x241/0x360
[   75.498030][ T5107]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.503273][ T5107]  ? __pfx__printk+0x10/0x10
[   75.507980][ T5107]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   75.513996][ T5107]  ? vscnprintf+0x5d/0x90
[   75.518367][ T5107]  panic+0x349/0x860
[   75.522294][ T5107]  ? check_panic_on_warn+0x21/0xb0
[   75.527439][ T5107]  ? __pfx_panic+0x10/0x10
[   75.532911][ T5107]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   75.538933][ T5107]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.545303][ T5107]  check_panic_on_warn+0x86/0xb0
[   75.550282][ T5107]  ? kfree_skb_reason+0x41/0x3b0
[   75.555258][ T5107]  end_report+0x77/0x160
[   75.559531][ T5107]  kasan_report+0x154/0x180
[   75.564063][ T5107]  ? kfree_skb_reason+0x41/0x3b0
[   75.569046][ T5107]  kasan_check_range+0x282/0x290
[   75.574017][ T5107]  kfree_skb_reason+0x41/0x3b0
[   75.578821][ T5107]  __hci_req_sync+0x62f/0x950
[   75.583537][ T5107]  ? __pfx___hci_req_sync+0x10/0x10
[   75.588769][ T5107]  ? __pfx___mutex_lock+0x10/0x10
[   75.593836][ T5107]  ? __pfx_autoremove_wake_function+0x10/0x10
[   75.599939][ T5107]  ? __pfx_hci_scan_req+0x10/0x10
[   75.605008][ T5107]  hci_req_sync+0xa9/0xd0
[   75.609372][ T5107]  hci_dev_cmd+0x518/0xa90
[   75.613819][ T5107]  ? security_capable+0x90/0xb0
[   75.618725][ T5107]  ? __pfx_hci_dev_cmd+0x10/0x10
[   75.623675][ T5107]  ? hci_sock_ioctl+0x6c2/0xaa0
[   75.628563][ T5107]  sock_do_ioctl+0x158/0x460
[   75.633179][ T5107]  ? __pfx_sock_do_ioctl+0x10/0x10
[   75.638292][ T5107]  ? __pfx_lock_acquire+0x10/0x10
[   75.643329][ T5107]  sock_ioctl+0x629/0x8e0
[   75.647672][ T5107]  ? __pfx_sock_ioctl+0x10/0x10
[   75.653500][ T5107]  ? __fget_files+0x28/0x470
[   75.658099][ T5107]  ? bpf_lsm_file_ioctl+0x9/0x10
[   75.663049][ T5107]  ? security_file_ioctl+0x87/0xb0
[   75.668192][ T5107]  ? __pfx_sock_ioctl+0x10/0x10
[   75.673060][ T5107]  __se_sys_ioctl+0xfc/0x170
[   75.677669][ T5107]  do_syscall_64+0xfb/0x240
[   75.682202][ T5107]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[   75.688191][ T5107] RIP: 0033:0x7fd8f7e7dbcb
[   75.692612][ T5107] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   75.712218][ T5107] RSP: 002b:00007ffc3d1858e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.720639][ T5107] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd8f7e7dbcb
[   75.728703][ T5107] RDX: 00007ffc3d185958 RSI: 00000000400448dd RDI: 0000000000000003
[   75.736675][ T5107] RBP: 00005555747dc430 R08: 0000000000000000 R09: 0000000000000000
[   75.744668][ T5107] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000003
[   75.752642][ T5107] R13: 0000000000000003 R14: 00007fd8f7fac9d8 R15: 000000000000000c
[   75.760625][ T5107]  </TASK>
[   75.763975][ T5107] Kernel Offset: disabled
[   75.768389][ T5107] Rebooting in 86400 seconds..