Warning: Permanently added '10.128.0.3' (ED25519) to the list of known hosts.
2024/04/29 03:24:44 fuzzer started
2024/04/29 03:24:44 dialing manager at 10.128.0.163:30011
[   50.767795][ T3546] cgroup: Unknown subsys name 'net'
[   50.896325][ T3546] cgroup: Unknown subsys name 'rlimit'
[   52.098896][ T3546] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
2024/04/29 03:24:46 code coverage: enabled
2024/04/29 03:24:46 comparison tracing: enabled
2024/04/29 03:24:46 extra coverage: enabled
2024/04/29 03:24:46 delay kcov mmap: enabled
2024/04/29 03:24:46 setuid sandbox: enabled
2024/04/29 03:24:46 namespace sandbox: enabled
2024/04/29 03:24:46 Android sandbox: /sys/fs/selinux/policy does not exist
2024/04/29 03:24:46 fault injection: enabled
2024/04/29 03:24:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2024/04/29 03:24:46 net packet injection: enabled
2024/04/29 03:24:46 net device setup: enabled
2024/04/29 03:24:46 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2024/04/29 03:24:46 devlink PCI setup: PCI device 0000:00:10.0 is not available
2024/04/29 03:24:46 NIC VF setup: PCI device 0000:00:11.0 is not available
2024/04/29 03:24:46 USB emulation: enabled
2024/04/29 03:24:46 hci packet injection: enabled
2024/04/29 03:24:46 wifi device emulation: enabled
2024/04/29 03:24:46 802.15.4 emulation: enabled
2024/04/29 03:24:46 swap file: enabled
2024/04/29 03:24:46 starting 5 executor processes
[   53.379498][ T3560] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.387610][ T3560] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.395521][ T3560] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.403423][ T3560] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.411845][ T3560] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   53.419284][ T3560] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.446455][ T3564] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.448335][ T3570] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.454297][ T3564] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   53.462408][ T3570] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.468995][ T3564] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.475408][ T3570] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   53.490143][ T3566] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.490450][ T3570] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.506169][ T3566] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   53.507046][ T3570] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.520573][ T3566] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.521148][ T3570] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   53.534929][ T3564] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   53.534947][ T3570] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.549608][ T3564] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   53.570125][ T3564] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   53.579873][ T3564] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   53.587592][ T3566] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   53.596289][ T3571] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   53.611917][ T3571] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   53.619315][ T3571] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   53.627966][ T3571] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   53.640871][ T3571] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   53.648111][ T3571] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   53.656710][ T3573] ==================================================================
[   53.664787][ T3573] BUG: KASAN: use-after-free in skb_release_data+0x142/0x7a0
[   53.672191][ T3573] Read of size 8 at addr ffff88805cd9cad0 by task syz-executor.3/3573
[   53.680438][ T3573] 
[   53.682772][ T3573] CPU: 0 PID: 3573 Comm: syz-executor.3 Not tainted 6.1.88-syzkaller #0
[   53.691114][ T3573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   53.701969][ T3573] Call Trace:
[   53.705256][ T3573]  <TASK>
[   53.708206][ T3573]  dump_stack_lvl+0x1e3/0x2cb
[   53.712921][ T3573]  ? nf_tcp_handle_invalid+0x642/0x642
[   53.718746][ T3573]  ? panic+0x764/0x764
[   53.722949][ T3573]  ? _printk+0xd1/0x111
[   53.727120][ T3573]  ? __virt_addr_valid+0x17f/0x520
[   53.732783][ T3573]  ? __virt_addr_valid+0x17f/0x520
[   53.737905][ T3573]  print_report+0x15f/0x4f0
[   53.742573][ T3573]  ? __virt_addr_valid+0x17f/0x520
[   53.748065][ T3573]  ? __virt_addr_valid+0x17f/0x520
[   53.753189][ T3573]  ? __virt_addr_valid+0x44a/0x520
[   53.758311][ T3573]  ? __phys_addr+0xb6/0x170
[   53.762827][ T3573]  ? skb_release_data+0x142/0x7a0
[   53.767864][ T3573]  kasan_report+0x136/0x160
[   53.772376][ T3573]  ? skb_release_data+0x142/0x7a0
[   53.777416][ T3573]  skb_release_data+0x142/0x7a0
[   53.782286][ T3573]  ? __hci_req_sync+0x626/0x940
[   53.787140][ T3573]  kfree_skb_reason+0x16f/0x390
[   53.792005][ T3573]  __hci_req_sync+0x626/0x940
[   53.796669][ T3573]  ? trace_contention_end+0x61/0x170
[   53.802028][ T3573]  ? hci_req_sync_complete+0x280/0x280
[   53.807485][ T3573]  ? mutex_lock_nested+0x10/0x10
[   53.812414][ T3573]  ? wake_bit_function+0x210/0x210
[   53.817520][ T3573]  ? hci_encrypt_req+0x170/0x170
[   53.822452][ T3573]  hci_req_sync+0xa5/0xc0
[   53.826779][ T3573]  hci_dev_cmd+0x2fc/0xa30
[   53.831189][ T3573]  ? security_capable+0x86/0xb0
[   53.836033][ T3573]  ? hci_dev_reset_stat+0x1a0/0x1a0
[   53.841223][ T3573]  ? hci_sock_ioctl+0x426/0x850
[   53.846059][ T3573]  sock_do_ioctl+0x152/0x450
[   53.850637][ T3573]  ? sock_show_fdinfo+0xb0/0xb0
[   53.855477][ T3573]  ? __fget_files+0x28/0x4a0
[   53.860056][ T3573]  sock_ioctl+0x47f/0x770
[   53.864375][ T3573]  ? sock_poll+0x410/0x410
[   53.868773][ T3573]  ? __fget_files+0x28/0x4a0
[   53.873347][ T3573]  ? __fget_files+0x435/0x4a0
[   53.878008][ T3573]  ? __fget_files+0x28/0x4a0
[   53.882582][ T3573]  ? bpf_lsm_file_ioctl+0x5/0x10
[   53.887503][ T3573]  ? security_file_ioctl+0x7d/0xa0
[   53.892595][ T3573]  ? sock_poll+0x410/0x410
[   53.896998][ T3573]  __se_sys_ioctl+0xf1/0x160
[   53.901579][ T3573]  do_syscall_64+0x3b/0xb0
[   53.905985][ T3573]  ? clear_bhb_loop+0x45/0xa0
[   53.910649][ T3573]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   53.916534][ T3573] RIP: 0033:0x7f0169e7dc0b
[   53.920936][ T3573] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   53.940630][ T3573] RSP: 002b:00007ffd465443b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   53.949041][ T3573] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0169e7dc0b
[   53.957001][ T3573] RDX: 00007ffd46544428 RSI: 00000000400448dd RDI: 0000000000000003
[   53.964958][ T3573] RBP: 0000555556d5c430 R08: 0000000000000000 R09: 0000000000000000
[   53.972911][ T3573] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000004
[   53.980864][ T3573] R13: 0000000000000004 R14: 00007f0169fac9d8 R15: 000000000000000c
[   53.988826][ T3573]  </TASK>
[   53.991829][ T3573] 
[   53.994138][ T3573] Allocated by task 3564:
[   53.998442][ T3573]  kasan_set_track+0x4b/0x70
[   54.003111][ T3573]  __kasan_slab_alloc+0x65/0x70
[   54.007951][ T3573]  slab_post_alloc_hook+0x52/0x3a0
[   54.013048][ T3573]  kmem_cache_alloc+0x10c/0x2d0
[   54.017883][ T3573]  skb_clone+0x1e5/0x360
[   54.022105][ T3573]  hci_cmd_work+0x296/0x660
[   54.026599][ T3573]  process_one_work+0x8a9/0x11d0
[   54.031520][ T3573]  worker_thread+0xa47/0x1200
[   54.036184][ T3573]  kthread+0x28d/0x320
[   54.040231][ T3573]  ret_from_fork+0x1f/0x30
[   54.044718][ T3573] 
[   54.047025][ T3573] Freed by task 3564:
[   54.050982][ T3573]  kasan_set_track+0x4b/0x70
[   54.055561][ T3573]  kasan_save_free_info+0x27/0x40
[   54.060565][ T3573]  ____kasan_slab_free+0xd6/0x120
[   54.065577][ T3573]  kmem_cache_free+0x292/0x510
[   54.070349][ T3573]  hci_req_sync_complete+0xee/0x280
[   54.075529][ T3573]  hci_event_packet+0xc49/0x1510
[   54.080450][ T3573]  hci_rx_work+0x3cd/0xce0
[   54.084942][ T3573]  process_one_work+0x8a9/0x11d0
[   54.089861][ T3573]  worker_thread+0xa47/0x1200
[   54.094523][ T3573]  kthread+0x28d/0x320
[   54.098574][ T3573]  ret_from_fork+0x1f/0x30
[   54.102977][ T3573] 
[   54.105282][ T3573] The buggy address belongs to the object at ffff88805cd9ca00
[   54.105282][ T3573]  which belongs to the cache skbuff_head_cache of size 240
[   54.119837][ T3573] The buggy address is located 208 bytes inside of
[   54.119837][ T3573]  240-byte region [ffff88805cd9ca00, ffff88805cd9caf0)
[   54.133098][ T3573] 
[   54.135407][ T3573] The buggy address belongs to the physical page:
[   54.141810][ T3573] page:ffffea0001736700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5cd9c
[   54.151941][ T3573] flags: 0xfff80000000200(slab|node=0|zone=1|lastcpupid=0xfff)
[   54.159471][ T3573] raw: 00fff80000000200 0000000000000000 dead000000000122 ffff888014652000
[   54.168035][ T3573] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   54.176944][ T3573] page dumped because: kasan: bad access detected
[   54.183335][ T3573] page_owner tracks the page as allocated
[   54.189026][ T3573] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 3564, tgid 3564 (kworker/u5:3), ts 53655287622, free_ts 11037737470
[   54.207322][ T3573]  post_alloc_hook+0x18d/0x1b0
[   54.212073][ T3573]  get_page_from_freelist+0x31a1/0x3320
[   54.217604][ T3573]  __alloc_pages+0x28d/0x770
[   54.222178][ T3573]  alloc_slab_page+0x6a/0x150
[   54.226839][ T3573]  new_slab+0x84/0x2d0
[   54.230890][ T3573]  ___slab_alloc+0xc20/0x1270
[   54.235548][ T3573]  kmem_cache_alloc_node+0x1cf/0x310
[   54.240815][ T3573]  __alloc_skb+0xde/0x670
[   54.245130][ T3573]  __hci_cmd_sync_sk+0x154/0x1100
[   54.250138][ T3573]  hci_read_current_iac_lap_sync+0x29/0x120
[   54.256020][ T3573]  hci_dev_open_sync+0x2f0d/0x35f0
[   54.261117][ T3573]  hci_power_on+0x1c4/0x6f0
[   54.265607][ T3573]  process_one_work+0x8a9/0x11d0
[   54.270561][ T3573]  worker_thread+0xa47/0x1200
[   54.275220][ T3573]  kthread+0x28d/0x320
[   54.279268][ T3573]  ret_from_fork+0x1f/0x30
[   54.283670][ T3573] page last free stack trace:
[   54.288318][ T3573]  free_unref_page_prepare+0xf63/0x1120
[   54.293844][ T3573]  free_unref_page+0x33/0x3e0
[   54.298503][ T3573]  free_contig_range+0x9a/0x150
[   54.303336][ T3573]  destroy_args+0xfe/0x997
[   54.307733][ T3573]  debug_vm_pgtable+0x416/0x46b
[   54.312566][ T3573]  do_one_initcall+0x265/0x8f0
[   54.317316][ T3573]  do_initcall_level+0x157/0x207
[   54.322240][ T3573]  do_initcalls+0x49/0x86
[   54.326551][ T3573]  kernel_init_freeable+0x45c/0x60f
[   54.331734][ T3573]  kernel_init+0x19/0x290
[   54.336044][ T3573]  ret_from_fork+0x1f/0x30
[   54.340444][ T3573] 
[   54.342750][ T3573] Memory state around the buggy address:
[   54.348357][ T3573]  ffff88805cd9c980: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   54.356489][ T3573]  ffff88805cd9ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.364530][ T3573] >ffff88805cd9ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   54.372566][ T3573]                                                  ^
[   54.379215][ T3573]  ffff88805cd9cb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   54.387253][ T3573]  ffff88805cd9cb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.395290][ T3573] ==================================================================
[   54.404515][ T3573] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   54.411721][ T3573] CPU: 0 PID: 3573 Comm: syz-executor.3 Not tainted 6.1.88-syzkaller #0
[   54.420043][ T3573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   54.430080][ T3573] Call Trace:
[   54.433348][ T3573]  <TASK>
[   54.436262][ T3573]  dump_stack_lvl+0x1e3/0x2cb
[   54.440931][ T3573]  ? nf_tcp_handle_invalid+0x642/0x642
[   54.446385][ T3573]  ? panic+0x764/0x764
[   54.450437][ T3573]  ? vscnprintf+0x59/0x80
[   54.454750][ T3573]  panic+0x318/0x764
[   54.458626][ T3573]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   54.464769][ T3573]  ? check_panic_on_warn+0x1d/0xa0
[   54.469863][ T3573]  ? memcpy_page_flushcache+0xfc/0xfc
[   54.475222][ T3573]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   54.481188][ T3573]  ? _raw_spin_unlock+0x40/0x40
[   54.486025][ T3573]  check_panic_on_warn+0x7e/0xa0
[   54.491031][ T3573]  ? skb_release_data+0x142/0x7a0
[   54.496041][ T3573]  end_report+0x66/0x110
[   54.500268][ T3573]  kasan_report+0x143/0x160
[   54.504755][ T3573]  ? skb_release_data+0x142/0x7a0
[   54.509769][ T3573]  skb_release_data+0x142/0x7a0
[   54.514608][ T3573]  ? __hci_req_sync+0x626/0x940
[   54.519441][ T3573]  kfree_skb_reason+0x16f/0x390
[   54.524277][ T3573]  __hci_req_sync+0x626/0x940
[   54.528938][ T3573]  ? trace_contention_end+0x61/0x170
[   54.534228][ T3573]  ? hci_req_sync_complete+0x280/0x280
[   54.539679][ T3573]  ? mutex_lock_nested+0x10/0x10
[   54.544606][ T3573]  ? wake_bit_function+0x210/0x210
[   54.549712][ T3573]  ? hci_encrypt_req+0x170/0x170
[   54.554644][ T3573]  hci_req_sync+0xa5/0xc0
[   54.558966][ T3573]  hci_dev_cmd+0x2fc/0xa30
[   54.563373][ T3573]  ? security_capable+0x86/0xb0
[   54.568211][ T3573]  ? hci_dev_reset_stat+0x1a0/0x1a0
[   54.573398][ T3573]  ? hci_sock_ioctl+0x426/0x850
[   54.578237][ T3573]  sock_do_ioctl+0x152/0x450
[   54.582813][ T3573]  ? sock_show_fdinfo+0xb0/0xb0
[   54.587653][ T3573]  ? __fget_files+0x28/0x4a0
[   54.592229][ T3573]  sock_ioctl+0x47f/0x770
[   54.596544][ T3573]  ? sock_poll+0x410/0x410
[   54.600957][ T3573]  ? __fget_files+0x28/0x4a0
[   54.605530][ T3573]  ? __fget_files+0x435/0x4a0
[   54.610184][ T3573]  ? __fget_files+0x28/0x4a0
[   54.614761][ T3573]  ? bpf_lsm_file_ioctl+0x5/0x10
[   54.619684][ T3573]  ? security_file_ioctl+0x7d/0xa0
[   54.624781][ T3573]  ? sock_poll+0x410/0x410
[   54.629179][ T3573]  __se_sys_ioctl+0xf1/0x160
[   54.633774][ T3573]  do_syscall_64+0x3b/0xb0
[   54.638234][ T3573]  ? clear_bhb_loop+0x45/0xa0
[   54.642910][ T3573]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   54.648808][ T3573] RIP: 0033:0x7f0169e7dc0b
[   54.653215][ T3573] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   54.672805][ T3573] RSP: 002b:00007ffd465443b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   54.681205][ T3573] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0169e7dc0b
[   54.689161][ T3573] RDX: 00007ffd46544428 RSI: 00000000400448dd RDI: 0000000000000003
[   54.697117][ T3573] RBP: 0000555556d5c430 R08: 0000000000000000 R09: 0000000000000000
[   54.705072][ T3573] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000004
[   54.713047][ T3573] R13: 0000000000000004 R14: 00007f0169fac9d8 R15: 000000000000000c
[   54.721009][ T3573]  </TASK>
[   54.724276][ T3573] Kernel Offset: disabled
[   54.728583][ T3573] Rebooting in 86400 seconds..