last executing test programs:
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.10.8' (ED25519) to the list of known hosts.
2024/06/06 19:15:44 fuzzer started
2024/06/06 19:15:44 dialing manager at 10.128.0.169:30000
[ 88.068402][ T5093] cgroup: Unknown subsys name 'net'
[ 88.237751][ T5093] cgroup: Unknown subsys name 'rlimit'
2024/06/06 19:15:47 starting 5 executor processes
[ 89.908645][ T5094] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.487608][ T5116] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 91.501163][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 91.524635][ T5117] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 91.546160][ T5117] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 91.557579][ T5117] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 91.574397][ T5121] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 91.583713][ T5121] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 91.592973][ T5121] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 91.597236][ T5127] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 91.613395][ T5121] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 91.622781][ T5121] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 91.627963][ T5127] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 91.638258][ T5126] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 91.639151][ T5127] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 91.650313][ T5126] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 91.658872][ T5127] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 91.668553][ T5129] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 91.683536][ T5127] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 91.707765][ T5129] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 91.716112][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 91.718483][ T5127] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 91.739865][ T5130] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 91.751830][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 91.752975][ T5127] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 91.764721][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 91.780226][ T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 91.791040][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 91.801760][ T53] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 91.810239][ T4489] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 91.822515][ T5116] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 91.842106][ T53] ==================================================================
[ 91.850772][ T53] BUG: KASAN: double-free in hci_req_sync_complete+0xe7/0x290
[ 91.859101][ T53] Free of addr ffff888062e00dc0 by task kworker/u9:0/53
[ 91.868081][ T53]
[ 91.872745][ T53] CPU: 0 PID: 53 Comm: kworker/u9:0 Not tainted 6.10.0-rc2-syzkaller-00097-g2df0193e62cf #0
[ 91.884263][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 91.896188][ T53] Workqueue: hci3 hci_rx_work
[ 91.901980][ T53] Call Trace:
[ 91.905887][ T53]
[ 91.909858][ T53] dump_stack_lvl+0x241/0x360
[ 91.915807][ T53] ? __pfx_dump_stack_lvl+0x10/0x10
[ 91.922784][ T53] ? __pfx__printk+0x10/0x10
[ 91.928035][ T53] ? _printk+0xd5/0x120
[ 91.933230][ T53] ? __virt_addr_valid+0x183/0x520
[ 91.938567][ T53] ? __virt_addr_valid+0x183/0x520
[ 91.943994][ T53] print_report+0x169/0x550
[ 91.949511][ T53] ? __virt_addr_valid+0x183/0x520
[ 91.956673][ T53] ? __virt_addr_valid+0x183/0x520
[ 91.965228][ T53] ? __virt_addr_valid+0x44e/0x520
[ 91.971602][ T53] ? __phys_addr+0xba/0x170
[ 91.976779][ T53] ? hci_req_sync_complete+0xe7/0x290
[ 91.983098][ T53] kasan_report_invalid_free+0x11a/0x140
[ 91.991874][ T53] ? hci_req_sync_complete+0xe7/0x290
[ 91.997863][ T53] ? hci_req_sync_complete+0xe7/0x290
[ 92.005649][ T53] poison_slab_object+0xf4/0x150
[ 92.011946][ T53] ? hci_req_sync_complete+0xe7/0x290
[ 92.018252][ T53] __kasan_slab_free+0x37/0x60
[ 92.024117][ T53] kmem_cache_free+0x145/0x350
[ 92.030058][ T53] hci_req_sync_complete+0xe7/0x290
[ 92.036556][ T53] hci_event_packet+0xc71/0x1540
[ 92.043567][ T53] ? __pfx_hci_cmd_complete_evt+0x10/0x10
[ 92.050318][ T53] ? __pfx_hci_event_packet+0x10/0x10
[ 92.057382][ T53] ? do_raw_spin_unlock+0x13c/0x8b0
[ 92.063264][ T53] ? __pfx_hci_req_sync_complete+0x10/0x10
[ 92.069187][ T53] ? hci_send_to_monitor+0xd8/0x7f0
[ 92.075513][ T53] ? kcov_remote_start+0x9e/0x7e0
[ 92.082697][ T53] hci_rx_work+0x3e8/0xca0
[ 92.087601][ T53] ? process_scheduled_works+0x945/0x1830
[ 92.096155][ T53] process_scheduled_works+0xa2c/0x1830
[ 92.104645][ T53] ? __pfx_process_scheduled_works+0x10/0x10
[ 92.111835][ T53] ? assign_work+0x364/0x3d0
[ 92.118209][ T53] worker_thread+0x86d/0xd70
[ 92.124064][ T53] ? __kthread_parkme+0x169/0x1d0
[ 92.129835][ T53] ? __pfx_worker_thread+0x10/0x10
[ 92.136041][ T53] kthread+0x2f0/0x390
[ 92.140787][ T53] ? __pfx_worker_thread+0x10/0x10
[ 92.147010][ T53] ? __pfx_kthread+0x10/0x10
[ 92.153061][ T53] ret_from_fork+0x4b/0x80
[ 92.158323][ T53] ? __pfx_kthread+0x10/0x10
[ 92.163654][ T53] ret_from_fork_asm+0x1a/0x30
[ 92.169365][ T53]
[ 92.172680][ T53]
[ 92.175609][ T53] Allocated by task 5127:
[ 92.180920][ T53] kasan_save_track+0x3f/0x80
[ 92.186940][ T53] __kasan_slab_alloc+0x66/0x80
[ 92.192804][ T53] kmem_cache_alloc_noprof+0x135/0x2a0
[ 92.199018][ T53] skb_clone+0x20c/0x390
[ 92.204668][ T53] hci_cmd_work+0x29e/0x670
[ 92.211120][ T53] process_scheduled_works+0xa2c/0x1830
[ 92.220552][ T53] worker_thread+0x86d/0xd70
[ 92.227019][ T53] kthread+0x2f0/0x390
[ 92.231406][ T53] ret_from_fork+0x4b/0x80
[ 92.236444][ T53] ret_from_fork_asm+0x1a/0x30
[ 92.241590][ T53]
[ 92.243990][ T53] Freed by task 5113:
[ 92.248097][ T53] kasan_save_track+0x3f/0x80
[ 92.254535][ T53] kasan_save_free_info+0x40/0x50
[ 92.259987][ T53] poison_slab_object+0xe0/0x150
[ 92.265810][ T53] __kasan_slab_free+0x37/0x60
[ 92.272824][ T53] kmem_cache_free+0x145/0x350
[ 92.278247][ T53] __hci_req_sync+0x62f/0x950
[ 92.285587][ T53] hci_req_sync+0xa9/0xd0
[ 92.290433][ T53] hci_dev_cmd+0x4c5/0xa50
[ 92.296556][ T53] sock_do_ioctl+0x158/0x460
[ 92.302434][ T53] sock_ioctl+0x629/0x8e0
[ 92.307581][ T53] __se_sys_ioctl+0xfc/0x170
[ 92.314606][ T53] do_syscall_64+0xf3/0x230
[ 92.319569][ T53] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 92.325715][ T53]
[ 92.328894][ T53] The buggy address belongs to the object at ffff888062e00dc0
[ 92.328894][ T53] which belongs to the cache skbuff_head_cache of size 240
[ 92.346164][ T53] The buggy address is located 0 bytes inside of
[ 92.346164][ T53] 240-byte region [ffff888062e00dc0, ffff888062e00eb0)
[ 92.363725][ T53]
[ 92.366514][ T53] The buggy address belongs to the physical page:
[ 92.375324][ T53] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62e00
[ 92.386723][ T53] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 92.395104][ T53] page_type: 0xffffefff(slab)
[ 92.400628][ T53] raw: 00fff00000000000 ffff888018ad5780 dead000000000122 0000000000000000
[ 92.412192][ T53] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[ 92.424292][ T53] page dumped because: kasan: bad access detected
[ 92.431614][ T53] page_owner tracks the page as allocated
[ 92.440403][ T53] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5127, tgid 5127 (kworker/u9:7), ts 91818882725, free_ts 30353222502
[ 92.464865][ T53] post_alloc_hook+0x1f3/0x230
[ 92.470599][ T53] get_page_from_freelist+0x2e2d/0x2ee0
[ 92.476656][ T53] __alloc_pages_noprof+0x256/0x6c0
[ 92.483634][ T53] alloc_slab_page+0x5f/0x120
[ 92.491225][ T53] allocate_slab+0x5a/0x2e0
[ 92.496807][ T53] ___slab_alloc+0xcd1/0x14b0
[ 92.503091][ T53] __slab_alloc+0x58/0xa0
[ 92.509374][ T53] kmem_cache_alloc_noprof+0x1c1/0x2a0
[ 92.515317][ T53] skb_clone+0x20c/0x390
[ 92.520842][ T53] hci_cmd_work+0xdc/0x670
[ 92.525974][ T53] process_scheduled_works+0xa2c/0x1830
[ 92.532194][ T53] worker_thread+0x86d/0xd70
[ 92.538002][ T53] kthread+0x2f0/0x390
[ 92.543648][ T53] ret_from_fork+0x4b/0x80
[ 92.548914][ T53] ret_from_fork_asm+0x1a/0x30
[ 92.556396][ T53] page last free pid 1 tgid 1 stack trace:
[ 92.563499][ T53] free_unref_page+0xd22/0xea0
[ 92.572413][ T53] free_contig_range+0x9e/0x160
[ 92.579438][ T53] destroy_args+0x8a/0x890
[ 92.584956][ T53] debug_vm_pgtable+0x4be/0x550
[ 92.591155][ T53] do_one_initcall+0x248/0x880
[ 92.597464][ T53] do_initcall_level+0x157/0x210
[ 92.603294][ T53] do_initcalls+0x3f/0x80
[ 92.609134][ T53] kernel_init_freeable+0x435/0x5d0
[ 92.616553][ T53] kernel_init+0x1d/0x2b0
[ 92.623613][ T53] ret_from_fork+0x4b/0x80
[ 92.629629][ T53] ret_from_fork_asm+0x1a/0x30
[ 92.636910][ T53]
[ 92.639506][ T53] Memory state around the buggy address:
[ 92.645625][ T53] ffff888062e00c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 92.656090][ T53] ffff888062e00d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 92.665295][ T53] >ffff888062e00d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 92.675162][ T53] ^
[ 92.682748][ T53] ffff888062e00e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.691558][ T53] ffff888062e00e80: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 92.700560][ T53] ==================================================================
[ 92.757662][ T53] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 92.765293][ T53] CPU: 0 PID: 53 Comm: kworker/u9:0 Not tainted 6.10.0-rc2-syzkaller-00097-g2df0193e62cf #0
[ 92.779537][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 92.792705][ T53] Workqueue: hci3 hci_rx_work
[ 92.798680][ T53] Call Trace:
[ 92.803187][ T53]
2024/06/06 19:15:49 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[ 92.807821][ T53] dump_stack_lvl+0x241/0x360
[ 92.813105][ T53] ? __pfx_dump_stack_lvl+0x10/0x10
[ 92.819502][ T53] ? __pfx__printk+0x10/0x10
[ 92.824718][ T53] ? preempt_schedule+0xe1/0xf0
[ 92.830421][ T53] ? vscnprintf+0x5d/0x90
[ 92.835688][ T53] panic+0x349/0x860
[ 92.840113][ T53] ? check_panic_on_warn+0x21/0xb0
[ 92.849120][ T53] ? __pfx_panic+0x10/0x10
[ 92.854420][ T53] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 92.863803][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 92.871317][ T53] ? print_report+0x502/0x550
[ 92.876423][ T53] check_panic_on_warn+0x86/0xb0
[ 92.881819][ T53] ? hci_req_sync_complete+0xe7/0x290
[ 92.889057][ T53] end_report+0x77/0x160
[ 92.895814][ T53] kasan_report_invalid_free+0x12a/0x140
[ 92.905471][ T53] ? hci_req_sync_complete+0xe7/0x290
[ 92.913190][ T53] ? hci_req_sync_complete+0xe7/0x290
[ 92.919345][ T53] poison_slab_object+0xf4/0x150
[ 92.926800][ T53] ? hci_req_sync_complete+0xe7/0x290
[ 92.933357][ T53] __kasan_slab_free+0x37/0x60
[ 92.939491][ T53] kmem_cache_free+0x145/0x350
[ 92.945704][ T53] hci_req_sync_complete+0xe7/0x290
[ 92.952320][ T53] hci_event_packet+0xc71/0x1540
[ 92.959246][ T53] ? __pfx_hci_cmd_complete_evt+0x10/0x10
[ 92.965553][ T53] ? __pfx_hci_event_packet+0x10/0x10
[ 92.971238][ T53] ? do_raw_spin_unlock+0x13c/0x8b0
[ 92.977287][ T53] ? __pfx_hci_req_sync_complete+0x10/0x10
[ 92.983599][ T53] ? hci_send_to_monitor+0xd8/0x7f0
[ 92.989380][ T53] ? kcov_remote_start+0x9e/0x7e0
[ 92.997676][ T53] hci_rx_work+0x3e8/0xca0
[ 93.002855][ T53] ? process_scheduled_works+0x945/0x1830
[ 93.009771][ T53] process_scheduled_works+0xa2c/0x1830
[ 93.017338][ T53] ? __pfx_process_scheduled_works+0x10/0x10
[ 93.023559][ T53] ? assign_work+0x364/0x3d0
[ 93.029416][ T53] worker_thread+0x86d/0xd70
[ 93.036321][ T53] ? __kthread_parkme+0x169/0x1d0
[ 93.042670][ T53] ? __pfx_worker_thread+0x10/0x10
[ 93.049917][ T53] kthread+0x2f0/0x390
[ 93.054273][ T53] ? __pfx_worker_thread+0x10/0x10
[ 93.059839][ T53] ? __pfx_kthread+0x10/0x10
[ 93.065600][ T53] ret_from_fork+0x4b/0x80
[ 93.072079][ T53] ? __pfx_kthread+0x10/0x10
[ 93.077794][ T53] ret_from_fork_asm+0x1a/0x30
[ 93.084999][ T53]
[ 93.089099][ T53] Kernel Offset: disabled
[ 93.093962][ T53] Rebooting in 86400 seconds..