Warning: Permanently added '10.128.0.132' (ED25519) to the list of known hosts.
2024/04/25 21:24:48 fuzzer started
2024/04/25 21:24:49 dialing manager at 10.128.0.163:30012
[   50.459749][ T3545] cgroup: Unknown subsys name 'net'
[   50.639217][ T3545] cgroup: Unknown subsys name 'rlimit'
[   51.860751][ T3545] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
2024/04/25 21:24:50 code coverage: enabled
2024/04/25 21:24:50 comparison tracing: enabled
2024/04/25 21:24:50 extra coverage: enabled
2024/04/25 21:24:50 delay kcov mmap: enabled
2024/04/25 21:24:50 setuid sandbox: enabled
2024/04/25 21:24:50 namespace sandbox: enabled
2024/04/25 21:24:50 Android sandbox: /sys/fs/selinux/policy does not exist
2024/04/25 21:24:50 fault injection: enabled
2024/04/25 21:24:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2024/04/25 21:24:50 net packet injection: enabled
2024/04/25 21:24:50 net device setup: enabled
2024/04/25 21:24:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2024/04/25 21:24:50 devlink PCI setup: PCI device 0000:00:10.0 is not available
2024/04/25 21:24:50 NIC VF setup: PCI device 0000:00:11.0 is not available
2024/04/25 21:24:50 USB emulation: enabled
2024/04/25 21:24:50 hci packet injection: enabled
2024/04/25 21:24:50 wifi device emulation: enabled
2024/04/25 21:24:50 802.15.4 emulation: enabled
2024/04/25 21:24:50 swap file: enabled
2024/04/25 21:24:50 starting 5 executor processes
[   52.742972][ T3559] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   52.751430][ T3559] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   52.759165][ T3559] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   52.767013][ T3559] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   52.774941][ T3559] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   52.782251][ T3559] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   52.807650][ T3569] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   52.818549][ T3569] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   52.828077][ T3566] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   52.837804][ T3566] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   52.845431][ T3566] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   52.853024][ T3566] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   52.861153][ T3566] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   52.868628][ T3566] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   52.876508][ T3566] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   52.884408][ T3566] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   52.892239][ T3566] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   52.899940][ T3566] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   52.908293][ T3566] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   52.916471][ T3566] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   52.924803][ T3571] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   52.939663][ T3566] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   52.947247][ T3566] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   52.955667][ T3566] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   52.963139][ T3566] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   52.977562][ T3575] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   52.988308][ T3576] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   52.991353][ T3575] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   52.995460][ T3571] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   53.011323][ T3565] ==================================================================
[   53.019406][ T3565] BUG: KASAN: use-after-free in skb_release_head_state+0x35/0x230
[   53.027250][ T3565] Read of size 8 at addr ffff88805e1d37d8 by task syz-executor.4/3565
[   53.035418][ T3565] 
[   53.037748][ T3565] CPU: 1 PID: 3565 Comm: syz-executor.4 Not tainted 6.1.87-syzkaller #0
[   53.038853][ T3558] chnl_net:caif_netlink_parms(): no params data found
[   53.046065][ T3565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   53.046076][ T3565] Call Trace:
[   53.046081][ T3565]  <TASK>
[   53.046088][ T3565]  dump_stack_lvl+0x1e3/0x2cb
[   53.073800][ T3565]  ? nf_tcp_handle_invalid+0x642/0x642
[   53.079280][ T3565]  ? panic+0x764/0x764
[   53.083366][ T3565]  ? _printk+0xd1/0x111
[   53.087638][ T3565]  ? __virt_addr_valid+0x17f/0x520
[   53.092774][ T3565]  ? __virt_addr_valid+0x17f/0x520
[   53.098022][ T3565]  print_report+0x15f/0x4f0
[   53.102540][ T3565]  ? __virt_addr_valid+0x17f/0x520
[   53.107670][ T3565]  ? __virt_addr_valid+0x17f/0x520
[   53.112799][ T3565]  ? __virt_addr_valid+0x44a/0x520
[   53.117931][ T3565]  ? __phys_addr+0xb6/0x170
[   53.122452][ T3565]  ? skb_release_head_state+0x35/0x230
[   53.127941][ T3565]  kasan_report+0x136/0x160
[   53.132454][ T3565]  ? do_raw_spin_unlock+0x137/0x8a0
[   53.137662][ T3565]  ? skb_release_head_state+0x35/0x230
[   53.143144][ T3565]  skb_release_head_state+0x35/0x230
[   53.148449][ T3565]  ? __hci_req_sync+0x626/0x940
[   53.153315][ T3565]  kfree_skb_reason+0x13d/0x390
[   53.158185][ T3565]  __hci_req_sync+0x626/0x940
[   53.162873][ T3565]  ? trace_contention_end+0x61/0x170
[   53.168175][ T3565]  ? hci_req_sync_complete+0x280/0x280
[   53.169907][ T3575] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.173638][ T3565]  ? mutex_lock_nested+0x10/0x10
[   53.185519][ T3565]  ? wake_bit_function+0x210/0x210
[   53.190651][ T3565]  ? hci_encrypt_req+0x170/0x170
[   53.195687][ T3565]  hci_req_sync+0xa5/0xc0
[   53.200049][ T3565]  hci_dev_cmd+0x2fc/0xa30
[   53.204479][ T3565]  ? security_capable+0x86/0xb0
[   53.209328][ T3565]  ? hci_dev_reset_stat+0x1a0/0x1a0
[   53.214511][ T3565]  ? hci_sock_ioctl+0x426/0x850
[   53.219339][ T3565]  sock_do_ioctl+0x152/0x450
[   53.223918][ T3565]  ? sock_show_fdinfo+0xb0/0xb0
[   53.228761][ T3565]  ? __fget_files+0x28/0x4a0
[   53.233336][ T3565]  sock_ioctl+0x47f/0x770
[   53.237671][ T3565]  ? sock_poll+0x410/0x410
[   53.242063][ T3565]  ? __fget_files+0x28/0x4a0
[   53.246644][ T3565]  ? __fget_files+0x435/0x4a0
[   53.251322][ T3565]  ? __fget_files+0x28/0x4a0
[   53.255903][ T3565]  ? bpf_lsm_file_ioctl+0x5/0x10
[   53.260822][ T3565]  ? security_file_ioctl+0x7d/0xa0
[   53.265918][ T3565]  ? sock_poll+0x410/0x410
[   53.270335][ T3565]  __se_sys_ioctl+0xf1/0x160
[   53.274920][ T3565]  do_syscall_64+0x3b/0xb0
[   53.279340][ T3565]  ? clear_bhb_loop+0x45/0xa0
[   53.284008][ T3565]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   53.289904][ T3565] RIP: 0033:0x7fb6f707dc0b
[   53.294299][ T3565] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   53.313896][ T3565] RSP: 002b:00007ffc4ba82080 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   53.322310][ T3565] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fb6f707dc0b
[   53.330264][ T3565] RDX: 00007ffc4ba820f8 RSI: 00000000400448dd RDI: 0000000000000003
[   53.338232][ T3565] RBP: 00005555560e7430 R08: 0000000000000000 R09: 0000000000000000
[   53.346185][ T3565] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000004
[   53.354140][ T3565] R13: 0000000000000004 R14: 00007fb6f71ac9d8 R15: 000000000000000c
[   53.362109][ T3565]  </TASK>
[   53.365114][ T3565] 
[   53.367416][ T3565] Allocated by task 3569:
[   53.371803][ T3565]  kasan_set_track+0x4b/0x70
[   53.376382][ T3565]  __kasan_slab_alloc+0x65/0x70
[   53.381214][ T3565]  slab_post_alloc_hook+0x52/0x3a0
[   53.386308][ T3565]  kmem_cache_alloc+0x10c/0x2d0
[   53.391137][ T3565]  skb_clone+0x1e5/0x360
[   53.395358][ T3565]  hci_cmd_work+0x296/0x660
[   53.399841][ T3565]  process_one_work+0x8a9/0x11d0
[   53.404767][ T3565]  worker_thread+0xa47/0x1200
[   53.409441][ T3565]  kthread+0x28d/0x320
[   53.413481][ T3565]  ret_from_fork+0x1f/0x30
[   53.417877][ T3565] 
[   53.420190][ T3565] Freed by task 3571:
[   53.424154][ T3565]  kasan_set_track+0x4b/0x70
[   53.428767][ T3565]  kasan_save_free_info+0x27/0x40
[   53.434749][ T3565]  ____kasan_slab_free+0xd6/0x120
[   53.439765][ T3565]  kmem_cache_free+0x292/0x510
[   53.444522][ T3565]  hci_req_sync_complete+0xee/0x280
[   53.449716][ T3565]  hci_event_packet+0xc49/0x1510
[   53.454638][ T3565]  hci_rx_work+0x3cd/0xce0
[   53.459055][ T3565]  process_one_work+0x8a9/0x11d0
[   53.463984][ T3565]  worker_thread+0xa47/0x1200
[   53.468655][ T3565]  kthread+0x28d/0x320
[   53.472700][ T3565]  ret_from_fork+0x1f/0x30
[   53.477118][ T3565] 
[   53.479420][ T3565] The buggy address belongs to the object at ffff88805e1d3780
[   53.479420][ T3565]  which belongs to the cache skbuff_head_cache of size 240
[   53.493973][ T3565] The buggy address is located 88 bytes inside of
[   53.493973][ T3565]  240-byte region [ffff88805e1d3780, ffff88805e1d3870)
[   53.507139][ T3565] 
[   53.509439][ T3565] The buggy address belongs to the physical page:
[   53.515823][ T3565] page:ffffea00017874c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e1d3
[   53.525953][ T3565] flags: 0xfff80000000200(slab|node=0|zone=1|lastcpupid=0xfff)
[   53.533485][ T3565] raw: 00fff80000000200 0000000000000000 dead000000000122 ffff888013e54500
[   53.542046][ T3565] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   53.550602][ T3565] page dumped because: kasan: bad access detected
[   53.556990][ T3565] page_owner tracks the page as allocated
[   53.562675][ T3565] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3570, tgid 3564 (syz-executor.2), ts 53010471066, free_ts 11270153854
[   53.581143][ T3565]  post_alloc_hook+0x18d/0x1b0
[   53.585980][ T3565]  get_page_from_freelist+0x31a1/0x3320
[   53.591524][ T3565]  __alloc_pages+0x28d/0x770
[   53.596112][ T3565]  alloc_slab_page+0x6a/0x150
[   53.600772][ T3565]  new_slab+0x84/0x2d0
[   53.604826][ T3565]  ___slab_alloc+0xc20/0x1270
[   53.609486][ T3565]  kmem_cache_alloc_node+0x1cf/0x310
[   53.614750][ T3565]  __alloc_skb+0xde/0x670
[   53.619065][ T3565]  vhci_write+0xbc/0x440
[   53.623294][ T3565]  do_iter_write+0x6e6/0xc50
[   53.627863][ T3565]  do_writev+0x27b/0x460
[   53.632081][ T3565]  do_syscall_64+0x3b/0xb0
[   53.636508][ T3565]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   53.642381][ T3565] page last free stack trace:
[   53.647036][ T3565]  free_unref_page_prepare+0xf63/0x1120
[   53.652555][ T3565]  free_unref_page+0x33/0x3e0
[   53.657207][ T3565]  free_contig_range+0x9a/0x150
[   53.662038][ T3565]  destroy_args+0xfe/0x997
[   53.666433][ T3565]  debug_vm_pgtable+0x416/0x46b
[   53.671265][ T3565]  do_one_initcall+0x265/0x8f0
[   53.676008][ T3565]  do_initcall_level+0x157/0x207
[   53.680926][ T3565]  do_initcalls+0x49/0x86
[   53.685236][ T3565]  kernel_init_freeable+0x45c/0x60f
[   53.690411][ T3565]  kernel_init+0x19/0x290
[   53.694718][ T3565]  ret_from_fork+0x1f/0x30
[   53.699111][ T3565] 
[   53.701410][ T3565] Memory state around the buggy address:
[   53.707020][ T3565]  ffff88805e1d3680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.715059][ T3565]  ffff88805e1d3700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   53.723092][ T3565] >ffff88805e1d3780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.731144][ T3565]                                                     ^
[   53.738065][ T3565]  ffff88805e1d3800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   53.746102][ T3565]  ffff88805e1d3880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   53.754137][ T3565] ==================================================================
[   53.763555][ T3565] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   53.770760][ T3565] CPU: 1 PID: 3565 Comm: syz-executor.4 Not tainted 6.1.87-syzkaller #0
[   53.779100][ T3565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   53.789140][ T3565] Call Trace:
[   53.792403][ T3565]  <TASK>
[   53.795320][ T3565]  dump_stack_lvl+0x1e3/0x2cb
[   53.799993][ T3565]  ? nf_tcp_handle_invalid+0x642/0x642
[   53.805443][ T3565]  ? panic+0x764/0x764
[   53.809492][ T3565]  ? preempt_schedule_common+0xa6/0xd0
[   53.814944][ T3565]  ? vscnprintf+0x59/0x80
[   53.819259][ T3565]  panic+0x318/0x764
[   53.823137][ T3565]  ? check_panic_on_warn+0x1d/0xa0
[   53.828233][ T3565]  ? memcpy_page_flushcache+0xfc/0xfc
[   53.833590][ T3565]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   53.839555][ T3565]  ? _raw_spin_unlock+0x40/0x40
[   53.844388][ T3565]  ? print_report+0x4a3/0x4f0
[   53.849050][ T3565]  check_panic_on_warn+0x7e/0xa0
[   53.854105][ T3565]  ? skb_release_head_state+0x35/0x230
[   53.859554][ T3565]  end_report+0x66/0x110
[   53.863778][ T3565]  kasan_report+0x143/0x160
[   53.868350][ T3565]  ? do_raw_spin_unlock+0x137/0x8a0
[   53.873532][ T3565]  ? skb_release_head_state+0x35/0x230
[   53.878987][ T3565]  skb_release_head_state+0x35/0x230
[   53.884269][ T3565]  ? __hci_req_sync+0x626/0x940
[   53.889100][ T3565]  kfree_skb_reason+0x13d/0x390
[   53.893939][ T3565]  __hci_req_sync+0x626/0x940
[   53.898687][ T3565]  ? trace_contention_end+0x61/0x170
[   53.903961][ T3565]  ? hci_req_sync_complete+0x280/0x280
[   53.909406][ T3565]  ? mutex_lock_nested+0x10/0x10
[   53.914325][ T3565]  ? wake_bit_function+0x210/0x210
[   53.919426][ T3565]  ? hci_encrypt_req+0x170/0x170
[   53.924350][ T3565]  hci_req_sync+0xa5/0xc0
[   53.928661][ T3565]  hci_dev_cmd+0x2fc/0xa30
[   53.933063][ T3565]  ? security_capable+0x86/0xb0
[   53.937933][ T3565]  ? hci_dev_reset_stat+0x1a0/0x1a0
[   53.943119][ T3565]  ? hci_sock_ioctl+0x426/0x850
[   53.947955][ T3565]  sock_do_ioctl+0x152/0x450
[   53.952618][ T3565]  ? sock_show_fdinfo+0xb0/0xb0
[   53.957459][ T3565]  ? __fget_files+0x28/0x4a0
[   53.962036][ T3565]  sock_ioctl+0x47f/0x770
[   53.966351][ T3565]  ? sock_poll+0x410/0x410
[   53.970748][ T3565]  ? __fget_files+0x28/0x4a0
[   53.975322][ T3565]  ? __fget_files+0x435/0x4a0
[   53.979984][ T3565]  ? __fget_files+0x28/0x4a0
[   53.984562][ T3565]  ? bpf_lsm_file_ioctl+0x5/0x10
[   53.989484][ T3565]  ? security_file_ioctl+0x7d/0xa0
[   53.994578][ T3565]  ? sock_poll+0x410/0x410
[   53.999067][ T3565]  __se_sys_ioctl+0xf1/0x160
[   54.003645][ T3565]  do_syscall_64+0x3b/0xb0
[   54.008054][ T3565]  ? clear_bhb_loop+0x45/0xa0
[   54.012717][ T3565]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   54.018599][ T3565] RIP: 0033:0x7fb6f707dc0b
[   54.023001][ T3565] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   54.042588][ T3565] RSP: 002b:00007ffc4ba82080 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   54.050988][ T3565] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fb6f707dc0b
[   54.058946][ T3565] RDX: 00007ffc4ba820f8 RSI: 00000000400448dd RDI: 0000000000000003
[   54.066902][ T3565] RBP: 00005555560e7430 R08: 0000000000000000 R09: 0000000000000000
[   54.074854][ T3565] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000004
[   54.082811][ T3565] R13: 0000000000000004 R14: 00007fb6f71ac9d8 R15: 000000000000000c
[   54.090770][ T3565]  </TASK>
[   54.094291][ T3565] Kernel Offset: disabled
[   54.098603][ T3565] Rebooting in 86400 seconds..