Warning: Permanently added '10.128.1.113' (ED25519) to the list of known hosts.
1970/01/01 00:00:32 fuzzer started
1970/01/01 00:00:32 dialing manager at 10.128.0.163:30026
[   32.736513][ T4228] cgroup: Unknown subsys name 'net'
[   32.792309][ T4229] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   32.993490][ T4228] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:00:33 starting 5 executor processes
[   33.558750][ T4252] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   33.561171][ T4252] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   33.564748][ T4252] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   33.566963][ T4252] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   33.569658][ T4252] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   33.579183][ T4254] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   33.583337][ T4252] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   33.585686][ T4252] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   33.587948][ T4256] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   33.590365][ T4256] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   33.594383][ T4256] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   33.596915][ T4256] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   33.599147][ T4256] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   33.602017][ T4256] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   33.604353][ T4256] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   33.608358][ T4252] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   33.611626][ T4252] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   33.613562][ T4252] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   33.616209][ T4252] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   33.618141][   T47] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   33.622445][ T4252] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   33.622579][ T4260] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   33.626711][ T4262] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   33.627392][ T4252] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   33.644172][ T4262] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   33.646733][ T4262] ==================================================================
[   33.646896][ T4254] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   33.648730][ T4262] BUG: KASAN: double-free in kfree_skbmem+0x10c/0x19c
[   33.648751][ T4262] Free of addr ffff0000ed5d5280 by task kworker/u5:6/4262
[   33.648759][ T4262] 
[   33.648763][ T4262] CPU: 0 PID: 4262 Comm: kworker/u5:6 Not tainted 6.1.92-syzkaller #0
[   33.656985][ T4262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   33.659725][ T4262] Workqueue: hci2 hci_rx_work
[   33.660956][ T4262] Call trace:
[   33.661825][ T4262]  dump_backtrace+0x1c8/0x1f4
[   33.663091][ T4262]  show_stack+0x2c/0x3c
[   33.664213][ T4262]  dump_stack_lvl+0x108/0x170
[   33.665482][ T4262]  print_report+0x174/0x4c0
[   33.666693][ T4262]  kasan_report_invalid_free+0xc4/0x114
[   33.668146][ T4262]  ____kasan_slab_free+0x170/0x1c0
[   33.669483][ T4262]  __kasan_slab_free+0x18/0x28
[   33.670732][ T4262]  kmem_cache_free+0x2f0/0x588
[   33.672005][ T4262]  kfree_skbmem+0x10c/0x19c
[   33.673141][ T4262]  kfree_skb_reason+0x1ac/0x47c
[   33.674397][ T4262]  hci_req_sync_complete+0xcc/0x258
[   33.675788][ T4262]  hci_event_packet+0xbd4/0x109c
[   33.677141][ T4262]  hci_rx_work+0x318/0xa68
[   33.678340][ T4262]  process_one_work+0x7ac/0x1404
[   33.679619][ T4262]  worker_thread+0x8e4/0xfec
[   33.680864][ T4262]  kthread+0x250/0x2d8
[   33.681939][ T4262]  ret_from_fork+0x10/0x20
[   33.683109][ T4262] 
[   33.683684][ T4262] Allocated by task 4254:
[   33.684740][ T4262]  kasan_set_track+0x4c/0x80
[   33.685924][ T4262]  kasan_save_alloc_info+0x24/0x30
[   33.687228][ T4262]  __kasan_slab_alloc+0x74/0x8c
[   33.688565][ T4262]  slab_post_alloc_hook+0x74/0x458
[   33.689854][ T4262]  kmem_cache_alloc+0x230/0x37c
[   33.691115][ T4262]  skb_clone+0x19c/0x304
[   33.692195][ T4262]  hci_cmd_work+0x174/0x568
[   33.693337][ T4262]  process_one_work+0x7ac/0x1404
[   33.694613][ T4262]  worker_thread+0x8e4/0xfec
[   33.695785][ T4262]  kthread+0x250/0x2d8
[   33.696945][ T4262]  ret_from_fork+0x10/0x20
[   33.698138][ T4262] 
[   33.698771][ T4262] Freed by task 4257:
[   33.699810][ T4262]  kasan_set_track+0x4c/0x80
[   33.701031][ T4262]  kasan_save_free_info+0x38/0x5c
[   33.702331][ T4262]  ____kasan_slab_free+0x144/0x1c0
[   33.703721][ T4262]  __kasan_slab_free+0x18/0x28
[   33.704946][ T4262]  kmem_cache_free+0x2f0/0x588
[   33.706200][ T4262]  kfree_skbmem+0x10c/0x19c
[   33.707416][ T4262]  kfree_skb_reason+0x1ac/0x47c
[   33.708699][ T4262]  __hci_req_sync+0x4fc/0x7ac
[   33.709882][ T4262]  hci_req_sync+0xa4/0xd0
[   33.711035][ T4262]  hci_dev_cmd+0x330/0x90c
[   33.712158][ T4262]  hci_sock_ioctl+0x4b8/0x82c
[   33.713340][ T4254] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   33.713458][ T4262]  sock_do_ioctl+0x134/0x2dc
[   33.715869][ T4254] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   33.716477][ T4262]  sock_ioctl+0x4ec/0x858
[   33.719442][ T4262]  __arm64_sys_ioctl+0x14c/0x1c8
[   33.720411][ T4254] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   33.720736][ T4262]  invoke_syscall+0x98/0x2c0
[   33.723850][ T4262]  el0_svc_common+0x138/0x258
[   33.725087][ T4262]  do_el0_svc+0x64/0x218
[   33.726223][ T4262]  el0_svc+0x58/0x168
[   33.727311][ T4262]  el0t_64_sync_handler+0x84/0xf0
[   33.728667][ T4262]  el0t_64_sync+0x18c/0x190
[   33.729925][ T4262] 
[   33.730561][ T4262] The buggy address belongs to the object at ffff0000ed5d5280
[   33.730561][ T4262]  which belongs to the cache skbuff_head_cache of size 240
[   33.734484][ T4262] The buggy address is located 0 bytes inside of
[   33.734484][ T4262]  240-byte region [ffff0000ed5d5280, ffff0000ed5d5370)
[   33.738079][ T4262] 
[   33.738736][ T4262] The buggy address belongs to the physical page:
[   33.740435][ T4262] page:0000000082ab2715 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12d5d5
[   33.743200][ T4262] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
[   33.745257][ T4262] raw: 05ffc00000000200 0000000000000000 dead000000000122 ffff0000c0b76480
[   33.747506][ T4262] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   33.749873][ T4262] page dumped because: kasan: bad access detected
[   33.751539][ T4262] 
[   33.752125][ T4262] Memory state around the buggy address:
[   33.753563][ T4262]  ffff0000ed5d5180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.755724][ T4262]  ffff0000ed5d5200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   33.757866][ T4262] >ffff0000ed5d5280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.759986][ T4262]                    ^
[   33.761098][ T4262]  ffff0000ed5d5300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   33.763158][ T4262]  ffff0000ed5d5380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   33.765326][ T4262] ==================================================================
[   33.767888][ T4262] Disabling lock debugging due to kernel taint
[   33.769339][ T4254] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
1970/01/01 00:00:33 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[   33.874108][ T4259] chnl_net:caif_netlink_parms(): no params data found