last executing test programs:
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.1.131' (ED25519) to the list of known hosts.
2024/06/09 19:42:20 fuzzer started
2024/06/09 19:42:21 dialing manager at 10.128.0.163:30034
[ 53.242480][ T5087] cgroup: Unknown subsys name 'net'
[ 53.399066][ T5087] cgroup: Unknown subsys name 'rlimit'
2024/06/09 19:42:22 starting 3 executor processes
[ 54.497298][ T5090] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 54.985717][ T5109] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 54.996345][ T5109] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 55.015972][ T5113] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 55.023836][ T5113] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 55.031824][ T5111] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 55.044091][ T5113] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 55.044897][ T5115] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 55.060529][ T5115] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 55.060697][ T5113] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 55.069035][ T5115] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 55.076409][ T5113] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 55.082639][ T5115] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 55.092195][ T5113] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 55.113010][ T5113] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 55.114388][ T5115] ==================================================================
[ 55.120891][ T5113] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 55.128058][ T5115] BUG: KASAN: double-free in hci_req_sync_complete+0xe7/0x290
[ 55.140803][ T5113] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 55.148897][ T5115] Free of addr ffff8880288aba00 by task kworker/u9:5/5115
[ 55.148921][ T5115]
[ 55.148940][ T5115] CPU: 0 PID: 5115 Comm: kworker/u9:5 Not tainted 6.10.0-rc2-syzkaller-00442-g924ee5317548 #0
[ 55.148958][ T5115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 55.148969][ T5115] Workqueue: hci0 hci_rx_work
[ 55.148998][ T5115] Call Trace:
[ 55.149009][ T5115]
[ 55.149017][ T5115] dump_stack_lvl+0x241/0x360
[ 55.203023][ T5115] ? __pfx_dump_stack_lvl+0x10/0x10
[ 55.208237][ T5115] ? __pfx__printk+0x10/0x10
[ 55.212827][ T5115] ? _printk+0xd5/0x120
[ 55.216972][ T5115] ? __virt_addr_valid+0x183/0x520
[ 55.222343][ T5115] ? __virt_addr_valid+0x183/0x520
[ 55.227452][ T5115] print_report+0x169/0x550
[ 55.232047][ T5115] ? __virt_addr_valid+0x183/0x520
[ 55.237153][ T5115] ? __virt_addr_valid+0x183/0x520
[ 55.242266][ T5115] ? __virt_addr_valid+0x44e/0x520
[ 55.247406][ T5115] ? __phys_addr+0xba/0x170
[ 55.251951][ T5115] ? hci_req_sync_complete+0xe7/0x290
[ 55.257324][ T5115] kasan_report_invalid_free+0x11a/0x140
[ 55.262994][ T5115] ? hci_req_sync_complete+0xe7/0x290
[ 55.268455][ T5115] ? hci_req_sync_complete+0xe7/0x290
[ 55.275124][ T5115] poison_slab_object+0xf4/0x150
[ 55.280079][ T5115] ? hci_req_sync_complete+0xe7/0x290
[ 55.286312][ T5115] __kasan_slab_free+0x37/0x60
[ 55.291168][ T5115] kmem_cache_free+0x145/0x350
[ 55.295957][ T5115] hci_req_sync_complete+0xe7/0x290
[ 55.301253][ T5115] hci_event_packet+0xc71/0x1540
[ 55.306270][ T5115] ? __pfx_hci_cmd_complete_evt+0x10/0x10
[ 55.312509][ T5115] ? __pfx_hci_event_packet+0x10/0x10
[ 55.317874][ T5115] ? do_raw_spin_unlock+0x13c/0x8b0
[ 55.323070][ T5115] ? __pfx_hci_req_sync_complete+0x10/0x10
[ 55.328869][ T5115] ? hci_send_to_monitor+0xd8/0x7f0
[ 55.334063][ T5115] ? kcov_remote_start+0x9e/0x7e0
[ 55.339078][ T5115] hci_rx_work+0x3e8/0xca0
[ 55.343495][ T5115] ? process_scheduled_works+0x945/0x1830
[ 55.349236][ T5115] process_scheduled_works+0xa2c/0x1830
[ 55.354797][ T5115] ? __pfx_process_scheduled_works+0x10/0x10
[ 55.360875][ T5115] ? assign_work+0x364/0x3d0
[ 55.365483][ T5115] worker_thread+0x86d/0xd70
[ 55.370379][ T5115] ? __kthread_parkme+0x169/0x1d0
[ 55.375505][ T5115] ? __pfx_worker_thread+0x10/0x10
[ 55.380791][ T5115] kthread+0x2f0/0x390
[ 55.384880][ T5115] ? __pfx_worker_thread+0x10/0x10
[ 55.389986][ T5115] ? __pfx_kthread+0x10/0x10
[ 55.394769][ T5115] ret_from_fork+0x4b/0x80
[ 55.399200][ T5115] ? __pfx_kthread+0x10/0x10
[ 55.403891][ T5115] ret_from_fork_asm+0x1a/0x30
[ 55.408682][ T5115]
[ 55.411690][ T5115]
[ 55.413998][ T5115] Allocated by task 5115:
[ 55.418309][ T5115] kasan_save_track+0x3f/0x80
[ 55.423072][ T5115] __kasan_slab_alloc+0x66/0x80
[ 55.427921][ T5115] kmem_cache_alloc_noprof+0x135/0x2a0
[ 55.433378][ T5115] skb_clone+0x20c/0x390
[ 55.437615][ T5115] hci_cmd_work+0x29e/0x670
[ 55.442114][ T5115] process_scheduled_works+0xa2c/0x1830
[ 55.447825][ T5115] worker_thread+0x86d/0xd70
[ 55.452583][ T5115] kthread+0x2f0/0x390
[ 55.456651][ T5115] ret_from_fork+0x4b/0x80
[ 55.461058][ T5115] ret_from_fork_asm+0x1a/0x30
[ 55.465819][ T5115]
[ 55.468131][ T5115] Freed by task 5107:
[ 55.472243][ T5115] kasan_save_track+0x3f/0x80
[ 55.477042][ T5115] kasan_save_free_info+0x40/0x50
[ 55.482098][ T5115] poison_slab_object+0xe0/0x150
[ 55.487317][ T5115] __kasan_slab_free+0x37/0x60
[ 55.492085][ T5115] kmem_cache_free+0x145/0x350
[ 55.496880][ T5115] __hci_req_sync+0x62f/0x950
[ 55.501565][ T5115] hci_req_sync+0xa9/0xd0
[ 55.505992][ T5115] hci_dev_cmd+0x4c5/0xa50
[ 55.510419][ T5115] sock_do_ioctl+0x158/0x460
[ 55.514999][ T5115] sock_ioctl+0x629/0x8e0
[ 55.519406][ T5115] __se_sys_ioctl+0xfc/0x170
[ 55.524005][ T5115] do_syscall_64+0xf3/0x230
[ 55.528600][ T5115] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 55.534587][ T5115]
[ 55.536905][ T5115] The buggy address belongs to the object at ffff8880288aba00
[ 55.536905][ T5115] which belongs to the cache skbuff_head_cache of size 240
[ 55.552174][ T5115] The buggy address is located 0 bytes inside of
[ 55.552174][ T5115] 240-byte region [ffff8880288aba00, ffff8880288abaf0)
[ 55.565358][ T5115]
[ 55.567672][ T5115] The buggy address belongs to the physical page:
[ 55.574267][ T5115] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x288ab
[ 55.583103][ T5115] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 55.590721][ T5115] page_type: 0xffffefff(slab)
[ 55.595397][ T5115] raw: 00fff00000000000 ffff888018ed2780 0000000000000000 dead000000000001
[ 55.603970][ T5115] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[ 55.612829][ T5115] page dumped because: kasan: bad access detected
[ 55.619443][ T5115] page_owner tracks the page as allocated
[ 55.625152][ T5115] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4545, tgid 4545 (udevadm), ts 20015435001, free_ts 20005782944
[ 55.644859][ T5115] post_alloc_hook+0x1f3/0x230
[ 55.649803][ T5115] get_page_from_freelist+0x2e2d/0x2ee0
[ 55.655342][ T5115] __alloc_pages_noprof+0x256/0x6c0
[ 55.660622][ T5115] alloc_slab_page+0x5f/0x120
[ 55.665471][ T5115] allocate_slab+0x5a/0x2e0
[ 55.670248][ T5115] ___slab_alloc+0xcd1/0x14b0
[ 55.674916][ T5115] __slab_alloc+0x58/0xa0
[ 55.679325][ T5115] kmem_cache_alloc_noprof+0x1c1/0x2a0
[ 55.685037][ T5115] skb_clone+0x20c/0x390
[ 55.689266][ T5115] netlink_broadcast_filtered+0x707/0x1290
[ 55.695245][ T5115] netlink_broadcast+0x39/0x50
[ 55.700009][ T5115] kobject_uevent_net_broadcast+0x38f/0x580
[ 55.706190][ T5115] kobject_uevent_env+0x57d/0x8e0
[ 55.711673][ T5115] kobject_synth_uevent+0x4ef/0xae0
[ 55.716902][ T5115] store_uevent+0x25/0x50
[ 55.721328][ T5115] module_attr_store+0x60/0x80
[ 55.726399][ T5115] page last free pid 4545 tgid 4545 stack trace:
[ 55.733004][ T5115] free_unref_page+0xd22/0xea0
[ 55.737782][ T5115] __put_partials+0xeb/0x130
[ 55.742361][ T5115] put_cpu_partial+0x17c/0x250
[ 55.747242][ T5115] __slab_free+0x2ea/0x3d0
[ 55.751677][ T5115] qlist_free_all+0x9e/0x140
[ 55.756269][ T5115] kasan_quarantine_reduce+0x14f/0x170
[ 55.761917][ T5115] __kasan_slab_alloc+0x23/0x80
[ 55.766787][ T5115] kmem_cache_alloc_lru_noprof+0x139/0x2b0
[ 55.772607][ T5115] iget_locked+0x214/0x850
[ 55.777020][ T5115] kernfs_get_inode+0x50/0x760
[ 55.781775][ T5115] kernfs_iop_lookup+0x266/0x390
[ 55.786699][ T5115] path_openat+0x1033/0x3280
[ 55.791309][ T5115] do_filp_open+0x235/0x490
[ 55.795984][ T5115] do_sys_openat2+0x13e/0x1d0
[ 55.800655][ T5115] __x64_sys_openat+0x247/0x2a0
[ 55.805492][ T5115] do_syscall_64+0xf3/0x230
[ 55.809990][ T5115]
[ 55.812310][ T5115] Memory state around the buggy address:
[ 55.817931][ T5115] ffff8880288ab900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.826064][ T5115] ffff8880288ab980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 55.834116][ T5115] >ffff8880288aba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.842248][ T5115] ^
[ 55.846472][ T5115] ffff8880288aba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 55.854517][ T5115] ffff8880288abb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.862561][ T5115] ==================================================================
[ 55.870966][ T5115] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 55.878443][ T5115] CPU: 0 PID: 5115 Comm: kworker/u9:5 Not tainted 6.10.0-rc2-syzkaller-00442-g924ee5317548 #0
2024/06/09 19:42:23 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[ 55.888695][ T5115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 55.898768][ T5115] Workqueue: hci0 hci_rx_work
[ 55.903479][ T5115] Call Trace:
[ 55.906862][ T5115]
[ 55.909984][ T5115] dump_stack_lvl+0x241/0x360
[ 55.914728][ T5115] ? __pfx_dump_stack_lvl+0x10/0x10
[ 55.920046][ T5115] ? __pfx__printk+0x10/0x10
[ 55.924749][ T5115] ? preempt_schedule+0xe1/0xf0
[ 55.929627][ T5115] ? vscnprintf+0x5d/0x90
[ 55.934073][ T5115] panic+0x349/0x860
[ 55.937996][ T5115] ? check_panic_on_warn+0x21/0xb0
[ 55.943138][ T5115] ? __pfx_panic+0x10/0x10
[ 55.947580][ T5115] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 55.953677][ T5115] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 55.960035][ T5115] ? print_report+0x502/0x550
[ 55.964915][ T5115] check_panic_on_warn+0x86/0xb0
[ 55.970157][ T5115] ? hci_req_sync_complete+0xe7/0x290
[ 55.975547][ T5115] end_report+0x77/0x160
[ 55.979814][ T5115] kasan_report_invalid_free+0x12a/0x140
[ 55.985453][ T5115] ? hci_req_sync_complete+0xe7/0x290
[ 55.990822][ T5115] ? hci_req_sync_complete+0xe7/0x290
[ 55.996360][ T5115] poison_slab_object+0xf4/0x150
[ 56.001301][ T5115] ? hci_req_sync_complete+0xe7/0x290
[ 56.006752][ T5115] __kasan_slab_free+0x37/0x60
[ 56.011510][ T5115] kmem_cache_free+0x145/0x350
[ 56.016321][ T5115] hci_req_sync_complete+0xe7/0x290
[ 56.021602][ T5115] hci_event_packet+0xc71/0x1540
[ 56.026561][ T5115] ? __pfx_hci_cmd_complete_evt+0x10/0x10
[ 56.032273][ T5115] ? __pfx_hci_event_packet+0x10/0x10
[ 56.037633][ T5115] ? do_raw_spin_unlock+0x13c/0x8b0
[ 56.042827][ T5115] ? __pfx_hci_req_sync_complete+0x10/0x10
[ 56.048878][ T5115] ? hci_send_to_monitor+0xd8/0x7f0
[ 56.054154][ T5115] ? kcov_remote_start+0x9e/0x7e0
[ 56.059174][ T5115] hci_rx_work+0x3e8/0xca0
[ 56.063593][ T5115] ? process_scheduled_works+0x945/0x1830
[ 56.069393][ T5115] process_scheduled_works+0xa2c/0x1830
[ 56.074946][ T5115] ? __pfx_process_scheduled_works+0x10/0x10
[ 56.080931][ T5115] ? assign_work+0x364/0x3d0
[ 56.085511][ T5115] worker_thread+0x86d/0xd70
[ 56.090204][ T5115] ? __kthread_parkme+0x169/0x1d0
[ 56.095223][ T5115] ? __pfx_worker_thread+0x10/0x10
[ 56.100322][ T5115] kthread+0x2f0/0x390
[ 56.104379][ T5115] ? __pfx_worker_thread+0x10/0x10
[ 56.109480][ T5115] ? __pfx_kthread+0x10/0x10
[ 56.114057][ T5115] ret_from_fork+0x4b/0x80
[ 56.118466][ T5115] ? __pfx_kthread+0x10/0x10
[ 56.123072][ T5115] ret_from_fork_asm+0x1a/0x30
[ 56.127918][ T5115]
[ 56.131031][ T5115] Kernel Offset: disabled
[ 56.135355][ T5115] Rebooting in 86400 seconds..