last executing test programs: kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.50' (ED25519) to the list of known hosts. 2024/06/08 20:21:05 fuzzer started 2024/06/08 20:21:05 dialing manager at 10.128.0.163:30034 [ 70.414794][ T5094] cgroup: Unknown subsys name 'net' [ 70.616724][ T5094] cgroup: Unknown subsys name 'rlimit' [ 71.678917][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.685614][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 2024/06/08 20:21:07 starting 3 executor processes [ 72.070620][ T5096] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 72.665902][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.675459][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.683878][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.702643][ T5118] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.706270][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.717176][ T5118] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.719197][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.732602][ T5118] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.732923][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 72.740841][ T5118] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 72.747386][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.755247][ T5118] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.768794][ T5113] ================================================================== [ 72.776889][ T5113] BUG: KFENCE: invalid free in __hci_req_sync+0x62f/0x950 [ 72.776889][ T5113] [ 72.786218][ T5113] Invalid free of 0xffff88823bd92f00 (in kfence-#200): [ 72.792631][ T5118] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.793067][ T5113] __hci_req_sync+0x62f/0x950 [ 72.801404][ T5118] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.804718][ T5113] hci_req_sync+0xa9/0xd0 [ 72.813541][ T5118] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.815957][ T5113] hci_dev_cmd+0x4c5/0xa50 [ 72.815990][ T5113] sock_do_ioctl+0x158/0x460 [ 72.816015][ T5113] sock_ioctl+0x629/0x8e0 [ 72.816038][ T5113] __se_sys_ioctl+0xfc/0x170 [ 72.816060][ T5113] do_syscall_64+0xf3/0x230 [ 72.816082][ T5113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.816107][ T5113] [ 72.816113][ T5113] kfence-#200: 0xffff88823bd92f00-0xffff88823bd92fef, size=240, cache=skbuff_head_cache [ 72.816113][ T5113] [ 72.816135][ T5113] allocated by task 53 on cpu 0 at 72.768060s: [ 72.816170][ T5113] skb_clone+0x20c/0x390 [ 72.816190][ T5113] hci_cmd_work+0x29e/0x670 [ 72.816216][ T5113] process_scheduled_works+0xa2c/0x1830 [ 72.827583][ T5118] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.832128][ T5113] worker_thread+0x86d/0xd70 [ 72.837532][ T5118] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 72.841021][ T5113] kthread+0x2f0/0x390 [ 72.846733][ T5118] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.851389][ T5113] ret_from_fork+0x4b/0x80 [ 72.920307][ T5113] ret_from_fork_asm+0x1a/0x30 [ 72.925112][ T5113] [ 72.927463][ T5113] freed by task 5118 on cpu 1 at 72.768428s: [ 72.933477][ T5113] hci_req_sync_complete+0xe7/0x290 [ 72.938705][ T5113] hci_event_packet+0xc71/0x1540 [ 72.943663][ T5113] hci_rx_work+0x3e8/0xca0 [ 72.948099][ T5113] process_scheduled_works+0xa2c/0x1830 [ 72.953714][ T5113] worker_thread+0x86d/0xd70 [ 72.958331][ T5113] kthread+0x2f0/0x390 [ 72.962429][ T5113] ret_from_fork+0x4b/0x80 [ 72.966878][ T5113] ret_from_fork_asm+0x1a/0x30 [ 72.971762][ T5113] [ 72.974129][ T5113] CPU: 0 PID: 5113 Comm: syz-executor.2 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0 [ 72.984656][ T5113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 72.994737][ T5113] ================================================================== [ 73.002832][ T5113] Kernel panic - not syncing: KFENCE: panic_on_warn set ... [ 73.010356][ T5113] CPU: 0 PID: 5113 Comm: syz-executor.2 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0 [ 73.020795][ T5113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 73.030896][ T5113] Call Trace: [ 73.034206][ T5113] [ 73.037161][ T5113] dump_stack_lvl+0x241/0x360 [ 73.042141][ T5113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.047380][ T5113] ? __pfx__printk+0x10/0x10 [ 73.052015][ T5113] ? vprintk_emit+0x631/0x770 [ 73.056744][ T5113] ? vscnprintf+0x5d/0x90 [ 73.061119][ T5113] panic+0x349/0x860 [ 73.065055][ T5113] ? check_panic_on_warn+0x21/0xb0 [ 73.070217][ T5113] ? __pfx_panic+0x10/0x10 [ 73.074669][ T5113] ? _printk+0xd5/0x120 [ 73.078873][ T5113] ? __pfx__printk+0x10/0x10 [ 73.083503][ T5113] ? __pfx__printk+0x10/0x10 [ 73.088142][ T5113] check_panic_on_warn+0x86/0xb0 [ 73.093127][ T5113] kfence_report_error+0x998/0xd10 [ 73.098280][ T5113] ? mark_lock+0x9a/0x350 [ 73.102657][ T5113] ? __pfx_kfence_report_error+0x10/0x10 [ 73.108338][ T5113] ? kfence_guarded_free+0x16c/0x4e0 [ 73.113661][ T5113] ? kmem_cache_free+0x1b1/0x350 [ 73.118632][ T5113] ? __hci_req_sync+0x62f/0x950 [ 73.123525][ T5113] ? hci_req_sync+0xa9/0xd0 [ 73.128071][ T5113] ? hci_dev_cmd+0x4c5/0xa50 [ 73.132699][ T5113] ? sock_do_ioctl+0x158/0x460 [ 73.137501][ T5113] ? sock_ioctl+0x629/0x8e0 [ 73.142037][ T5113] ? __se_sys_ioctl+0xfc/0x170 [ 73.146841][ T5113] ? do_syscall_64+0xf3/0x230 [ 73.151557][ T5113] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.157715][ T5113] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 73.163220][ T5113] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 73.169148][ T5113] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 73.175249][ T5113] kfence_guarded_free+0x16c/0x4e0 [ 73.180381][ T5113] ? __hci_req_sync+0x62f/0x950 [ 73.185245][ T5113] kmem_cache_free+0x1b1/0x350 [ 73.190018][ T5113] __hci_req_sync+0x62f/0x950 [ 73.194712][ T5113] ? __pfx___hci_req_sync+0x10/0x10 [ 73.199931][ T5113] ? __pfx___mutex_lock+0x10/0x10 [ 73.204974][ T5113] ? __pfx_autoremove_wake_function+0x10/0x10 [ 73.211055][ T5113] ? __pfx_hci_scan_req+0x10/0x10 [ 73.216097][ T5113] hci_req_sync+0xa9/0xd0 [ 73.220442][ T5113] hci_dev_cmd+0x4c5/0xa50 [ 73.224872][ T5113] ? security_capable+0x90/0xb0 [ 73.229735][ T5113] ? __pfx_hci_dev_cmd+0x10/0x10 [ 73.234688][ T5113] ? hci_sock_ioctl+0x6c4/0xa40 [ 73.239554][ T5113] sock_do_ioctl+0x158/0x460 [ 73.244163][ T5113] ? __pfx_sock_do_ioctl+0x10/0x10 [ 73.249343][ T5113] sock_ioctl+0x629/0x8e0 [ 73.253688][ T5113] ? __pfx_sock_ioctl+0x10/0x10 [ 73.258551][ T5113] ? __fget_files+0x29/0x470 [ 73.263156][ T5113] ? __fget_files+0x3f6/0x470 [ 73.267847][ T5113] ? __fget_files+0x29/0x470 [ 73.272452][ T5113] ? bpf_lsm_file_ioctl+0x9/0x10 [ 73.277399][ T5113] ? security_file_ioctl+0x87/0xb0 [ 73.282550][ T5113] ? __pfx_sock_ioctl+0x10/0x10 [ 73.287417][ T5113] __se_sys_ioctl+0xfc/0x170 [ 73.292021][ T5113] do_syscall_64+0xf3/0x230 [ 73.296538][ T5113] ? clear_bhb_loop+0x35/0x90 [ 73.301246][ T5113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.307163][ T5113] RIP: 0033:0x7fb4dc67cccb [ 73.311586][ T5113] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 73.331196][ T5113] RSP: 002b:00007ffe21a16dc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.339617][ T5113] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fb4dc67cccb [ 73.347594][ T5113] RDX: 00007ffe21a16e38 RSI: 00000000400448dd RDI: 0000000000000003 [ 73.355570][ T5113] RBP: 000055557e0cc430 R08: 0000000000000000 R09: 0000000000000000 [ 73.363541][ T5113] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 73.371512][ T5113] R13: 0000000000000000 R14: 0000000000000003 R15: 000000000000000c [ 73.379504][ T5113] [ 73.382910][ T5113] Kernel Offset: disabled [ 73.387464][ T5113] Rebooting in 86400 seconds..