Warning: Permanently added '10.128.0.106' (ED25519) to the list of known hosts.
2024/04/30 18:18:07 fuzzer started
2024/04/30 18:18:07 dialing manager at 10.128.0.163:30011
[   59.904032][ T3557] cgroup: Unknown subsys name 'net'
[   60.019323][ T3557] cgroup: Unknown subsys name 'rlimit'
2024/04/30 18:18:09 code coverage: enabled
2024/04/30 18:18:09 comparison tracing: enabled
2024/04/30 18:18:09 extra coverage: enabled
2024/04/30 18:18:09 delay kcov mmap: enabled
2024/04/30 18:18:09 setuid sandbox: enabled
2024/04/30 18:18:09 namespace sandbox: enabled
2024/04/30 18:18:09 Android sandbox: /sys/fs/selinux/policy does not exist
2024/04/30 18:18:09 fault injection: enabled
2024/04/30 18:18:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2024/04/30 18:18:09 net packet injection: enabled
2024/04/30 18:18:09 net device setup: enabled
2024/04/30 18:18:09 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2024/04/30 18:18:09 devlink PCI setup: PCI device 0000:00:10.0 is not available
2024/04/30 18:18:09 NIC VF setup: PCI device 0000:00:11.0 is not available
2024/04/30 18:18:09 USB emulation: enabled
2024/04/30 18:18:09 hci packet injection: enabled
2024/04/30 18:18:09 wifi device emulation: enabled
2024/04/30 18:18:09 802.15.4 emulation: enabled
2024/04/30 18:18:09 swap file: enabled
2024/04/30 18:18:09 starting 5 executor processes
[   61.528825][ T3557] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   62.641868][ T3572] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   62.655565][ T3582] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   62.663408][ T3582] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   62.670604][ T3585] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   62.671454][ T3582] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   62.680096][ T3585] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   62.685490][ T3582] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   62.699763][ T3585] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   62.700068][ T3582] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   62.708014][ T3585] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   62.714578][ T3582] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   62.721439][ T3585] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   62.728499][ T3582] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   62.735160][ T3585] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   62.743593][ T3582] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   62.749683][ T3585] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   62.757453][ T3582] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   62.763711][ T3585] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   62.770094][ T3582] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   62.777352][ T3585] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   62.784067][ T3582] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   62.791410][ T3585] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   62.797597][ T3582] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   62.805234][ T3585] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   62.811538][ T3582] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   62.819497][ T3585] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   62.833079][ T3574] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   62.840158][ T3574] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   62.841128][ T3585] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   62.855235][ T3570] ==================================================================
[   62.863326][ T3570] BUG: KASAN: use-after-free in kfree_skb_reason+0x3d/0x390
[   62.870663][ T3570] Read of size 4 at addr ffff88805c38c9a4 by task syz-executor.2/3570
[   62.878840][ T3570] 
[   62.881205][ T3570] CPU: 0 PID: 3570 Comm: syz-executor.2 Not tainted 6.1.89-syzkaller #0
[   62.889552][ T3570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   62.899627][ T3570] Call Trace:
[   62.902924][ T3570]  <TASK>
[   62.905875][ T3570]  dump_stack_lvl+0x1e3/0x2cb
[   62.910607][ T3570]  ? nf_tcp_handle_invalid+0x642/0x642
[   62.916106][ T3570]  ? panic+0x764/0x764
[   62.920206][ T3570]  ? _printk+0xd1/0x111
[   62.924402][ T3570]  ? __virt_addr_valid+0x17f/0x520
[   62.929552][ T3570]  ? __virt_addr_valid+0x17f/0x520
[   62.934695][ T3570]  print_report+0x15f/0x4f0
[   62.939227][ T3570]  ? __virt_addr_valid+0x17f/0x520
[   62.944378][ T3570]  ? __virt_addr_valid+0x17f/0x520
[   62.949618][ T3570]  ? __virt_addr_valid+0x44a/0x520
[   62.954769][ T3570]  ? __phys_addr+0xb6/0x170
[   62.959306][ T3570]  ? kfree_skb_reason+0x3d/0x390
[   62.964272][ T3570]  kasan_report+0x136/0x160
[   62.968788][ T3570]  ? kfree_skb_reason+0x3d/0x390
[   62.973740][ T3570]  kasan_check_range+0x27f/0x290
[   62.978680][ T3570]  kfree_skb_reason+0x3d/0x390
[   62.983461][ T3570]  __hci_req_sync+0x626/0x940
[   62.988142][ T3570]  ? trace_contention_end+0x61/0x170
[   62.993434][ T3570]  ? hci_req_sync_complete+0x280/0x280
[   62.998897][ T3570]  ? mutex_lock_nested+0x10/0x10
[   63.003839][ T3570]  ? hci_encrypt_req+0x170/0x170
[   63.008782][ T3570]  hci_req_sync+0xa5/0xc0
[   63.013114][ T3570]  hci_dev_cmd+0x2fc/0xa30
[   63.017542][ T3570]  ? security_capable+0x86/0xb0
[   63.022400][ T3570]  ? hci_dev_reset_stat+0x1a0/0x1a0
[   63.027612][ T3570]  ? hci_sock_ioctl+0x426/0x850
[   63.032468][ T3570]  sock_do_ioctl+0x152/0x450
[   63.037060][ T3570]  ? sock_show_fdinfo+0xb0/0xb0
[   63.041913][ T3570]  ? __fget_files+0x28/0x4a0
[   63.046518][ T3570]  sock_ioctl+0x47f/0x770
[   63.050847][ T3570]  ? sock_poll+0x410/0x410
[   63.055265][ T3570]  ? __fget_files+0x28/0x4a0
[   63.059872][ T3570]  ? __fget_files+0x435/0x4a0
[   63.064557][ T3570]  ? __fget_files+0x28/0x4a0
[   63.069148][ T3570]  ? bpf_lsm_file_ioctl+0x5/0x10
[   63.074177][ T3570]  ? security_file_ioctl+0x7d/0xa0
[   63.079288][ T3570]  ? sock_poll+0x410/0x410
[   63.083708][ T3570]  __se_sys_ioctl+0xf1/0x160
[   63.088309][ T3570]  do_syscall_64+0x3b/0xb0
[   63.092735][ T3570]  ? clear_bhb_loop+0x45/0xa0
[   63.097425][ T3570]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   63.103321][ T3570] RIP: 0033:0x7f3b4b27dc0b
[   63.107739][ T3570] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   63.127346][ T3570] RSP: 002b:00007ffe9d135cd0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   63.135761][ T3570] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3b4b27dc0b
[   63.143748][ T3570] RDX: 00007ffe9d135d48 RSI: 00000000400448dd RDI: 0000000000000003
[   63.151726][ T3570] RBP: 000055555725d430 R08: 0000000000000000 R09: 0000000000000000
[   63.159707][ T3570] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[   63.167682][ T3570] R13: 0000000000000001 R14: 00007f3b4b3ac9d8 R15: 000000000000000c
[   63.175673][ T3570]  </TASK>
[   63.178713][ T3570] 
[   63.181033][ T3570] Allocated by task 48:
[   63.185180][ T3570]  kasan_set_track+0x4b/0x70
[   63.189787][ T3570]  __kasan_slab_alloc+0x65/0x70
[   63.194637][ T3570]  slab_post_alloc_hook+0x52/0x3a0
[   63.199755][ T3570]  kmem_cache_alloc+0x10c/0x2d0
[   63.204611][ T3570]  skb_clone+0x1e5/0x360
[   63.208851][ T3570]  hci_cmd_work+0x296/0x660
[   63.213361][ T3570]  process_one_work+0x8a9/0x11d0
[   63.218300][ T3570]  worker_thread+0xa47/0x1200
[   63.222978][ T3570]  kthread+0x28d/0x320
[   63.227046][ T3570]  ret_from_fork+0x1f/0x30
[   63.231468][ T3570] 
[   63.233791][ T3570] Freed by task 3582:
[   63.237762][ T3570]  kasan_set_track+0x4b/0x70
[   63.242354][ T3570]  kasan_save_free_info+0x27/0x40
[   63.247474][ T3570]  ____kasan_slab_free+0xd6/0x120
[   63.252507][ T3570]  kmem_cache_free+0x292/0x510
[   63.257276][ T3570]  hci_req_sync_complete+0xee/0x280
[   63.262469][ T3570]  hci_event_packet+0xc49/0x1510
[   63.267406][ T3570]  hci_rx_work+0x3cd/0xce0
[   63.271848][ T3570]  process_one_work+0x8a9/0x11d0
[   63.276790][ T3570]  worker_thread+0xa47/0x1200
[   63.281468][ T3570]  kthread+0x28d/0x320
[   63.285533][ T3570]  ret_from_fork+0x1f/0x30
[   63.289970][ T3570] 
[   63.292285][ T3570] The buggy address belongs to the object at ffff88805c38c8c0
[   63.292285][ T3570]  which belongs to the cache skbuff_head_cache of size 240
[   63.307259][ T3570] The buggy address is located 228 bytes inside of
[   63.307259][ T3570]  240-byte region [ffff88805c38c8c0, ffff88805c38c9b0)
[   63.320533][ T3570] 
[   63.322853][ T3570] The buggy address belongs to the physical page:
[   63.329262][ T3570] page:ffffea000170e300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5c38c
[   63.339412][ T3570] flags: 0xfff80000000200(slab|node=0|zone=1|lastcpupid=0xfff)
[   63.346963][ T3570] raw: 00fff80000000200 0000000000000000 dead000000000122 ffff8881401c7500
[   63.355559][ T3570] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   63.364138][ T3570] page dumped because: kasan: bad access detected
[   63.370551][ T3570] page_owner tracks the page as allocated
[   63.376269][ T3570] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3585, tgid 3585 (kworker/u5:6), ts 62841109373, free_ts 15135189128
[   63.394587][ T3570]  post_alloc_hook+0x18d/0x1b0
[   63.399355][ T3570]  get_page_from_freelist+0x31a1/0x3320
[   63.404897][ T3570]  __alloc_pages+0x28d/0x770
[   63.409492][ T3570]  alloc_slab_page+0x6a/0x150
[   63.414203][ T3570]  new_slab+0x84/0x2d0
[   63.418278][ T3570]  ___slab_alloc+0xc20/0x1270
[   63.422957][ T3570]  kmem_cache_alloc+0x1a5/0x2d0
[   63.427817][ T3570]  skb_clone+0x1e5/0x360
[   63.432054][ T3570]  hci_event_packet+0x221/0x1510
[   63.436996][ T3570]  hci_rx_work+0x3cd/0xce0
[   63.441425][ T3570]  process_one_work+0x8a9/0x11d0
[   63.446361][ T3570]  worker_thread+0xa47/0x1200
[   63.451038][ T3570]  kthread+0x28d/0x320
[   63.455102][ T3570]  ret_from_fork+0x1f/0x30
[   63.459523][ T3570] page last free stack trace:
[   63.464192][ T3570]  free_unref_page_prepare+0xf63/0x1120
[   63.469734][ T3570]  free_unref_page+0x33/0x3e0
[   63.474414][ T3570]  free_contig_range+0x9a/0x150
[   63.479284][ T3570]  destroy_args+0xfe/0x997
[   63.483713][ T3570]  debug_vm_pgtable+0x416/0x46b
[   63.488559][ T3570]  do_one_initcall+0x265/0x8f0
[   63.493324][ T3570]  do_initcall_level+0x157/0x207
[   63.498265][ T3570]  do_initcalls+0x49/0x86
[   63.502599][ T3570]  kernel_init_freeable+0x45c/0x60f
[   63.507796][ T3570]  kernel_init+0x19/0x290
[   63.512150][ T3570]  ret_from_fork+0x1f/0x30
[   63.516569][ T3570] 
[   63.518886][ T3570] Memory state around the buggy address:
[   63.524508][ T3570]  ffff88805c38c880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   63.532569][ T3570]  ffff88805c38c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   63.540621][ T3570] >ffff88805c38c980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[   63.548674][ T3570]                                ^
[   63.553776][ T3570]  ffff88805c38ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   63.561829][ T3570]  ffff88805c38ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   63.569887][ T3570] ==================================================================
[   63.579230][ T3570] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   63.586444][ T3570] CPU: 0 PID: 3570 Comm: syz-executor.2 Not tainted 6.1.89-syzkaller #0
[   63.594784][ T3570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   63.604855][ T3570] Call Trace:
[   63.608133][ T3570]  <TASK>
[   63.611063][ T3570]  dump_stack_lvl+0x1e3/0x2cb
[   63.615753][ T3570]  ? nf_tcp_handle_invalid+0x642/0x642
[   63.621241][ T3570]  ? panic+0x764/0x764
[   63.625319][ T3570]  ? preempt_schedule_common+0xa6/0xd0
[   63.630789][ T3570]  ? vscnprintf+0x59/0x80
[   63.635122][ T3570]  panic+0x318/0x764
[   63.639017][ T3570]  ? check_panic_on_warn+0x1d/0xa0
[   63.644129][ T3570]  ? memcpy_page_flushcache+0xfc/0xfc
[   63.649503][ T3570]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   63.655485][ T3570]  ? _raw_spin_unlock+0x40/0x40
[   63.660339][ T3570]  ? print_report+0x4a3/0x4f0
[   63.665017][ T3570]  check_panic_on_warn+0x7e/0xa0
[   63.669957][ T3570]  ? kfree_skb_reason+0x3d/0x390
[   63.674905][ T3570]  end_report+0x66/0x110
[   63.679144][ T3570]  kasan_report+0x143/0x160
[   63.683645][ T3570]  ? kfree_skb_reason+0x3d/0x390
[   63.688593][ T3570]  kasan_check_range+0x27f/0x290
[   63.693527][ T3570]  kfree_skb_reason+0x3d/0x390
[   63.698296][ T3570]  __hci_req_sync+0x626/0x940
[   63.702996][ T3570]  ? trace_contention_end+0x61/0x170
[   63.708285][ T3570]  ? hci_req_sync_complete+0x280/0x280
[   63.713771][ T3570]  ? mutex_lock_nested+0x10/0x10
[   63.718717][ T3570]  ? hci_encrypt_req+0x170/0x170
[   63.723661][ T3570]  hci_req_sync+0xa5/0xc0
[   63.727999][ T3570]  hci_dev_cmd+0x2fc/0xa30
[   63.732418][ T3570]  ? security_capable+0x86/0xb0
[   63.737279][ T3570]  ? hci_dev_reset_stat+0x1a0/0x1a0
[   63.742487][ T3570]  ? hci_sock_ioctl+0x426/0x850
[   63.747341][ T3570]  sock_do_ioctl+0x152/0x450
[   63.751935][ T3570]  ? sock_show_fdinfo+0xb0/0xb0
[   63.756786][ T3570]  ? __fget_files+0x28/0x4a0
[   63.761382][ T3570]  sock_ioctl+0x47f/0x770
[   63.765730][ T3570]  ? sock_poll+0x410/0x410
[   63.770141][ T3570]  ? __fget_files+0x28/0x4a0
[   63.774729][ T3570]  ? __fget_files+0x435/0x4a0
[   63.779402][ T3570]  ? __fget_files+0x28/0x4a0
[   63.783995][ T3570]  ? bpf_lsm_file_ioctl+0x5/0x10
[   63.788947][ T3570]  ? security_file_ioctl+0x7d/0xa0
[   63.794060][ T3570]  ? sock_poll+0x410/0x410
[   63.798475][ T3570]  __se_sys_ioctl+0xf1/0x160
[   63.803071][ T3570]  do_syscall_64+0x3b/0xb0
[   63.807487][ T3570]  ? clear_bhb_loop+0x45/0xa0
[   63.812179][ T3570]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   63.818083][ T3570] RIP: 0033:0x7f3b4b27dc0b
[   63.822493][ T3570] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   63.842093][ T3570] RSP: 002b:00007ffe9d135cd0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   63.850505][ T3570] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3b4b27dc0b
[   63.858491][ T3570] RDX: 00007ffe9d135d48 RSI: 00000000400448dd RDI: 0000000000000003
[   63.866459][ T3570] RBP: 000055555725d430 R08: 0000000000000000 R09: 0000000000000000
[   63.874428][ T3570] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[   63.882532][ T3570] R13: 0000000000000001 R14: 00007f3b4b3ac9d8 R15: 000000000000000c
[   63.890524][ T3570]  </TASK>
[   63.893859][ T3570] Kernel Offset: disabled
[   63.898178][ T3570] Rebooting in 86400 seconds..