[   80.183895][   T26] audit: type=1800 audit(1564877829.511:29): pid=11044 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   80.223726][   T26] audit: type=1800 audit(1564877829.521:30): pid=11044 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.189' (ECDSA) to the list of known hosts.
syzkaller login: [ 1011.544685][   T26] kauditd_printk_skb: 5 callbacks suppressed
[ 1011.544695][   T26] audit: type=1400 audit(1564878760.871:36): avc:  denied  { map } for  pid=11235 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/08/04 00:32:42 parsed 1 programs
[ 1012.660144][   T26] audit: type=1400 audit(1564878761.991:37): avc:  denied  { map } for  pid=11235 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=16409 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2019/08/04 00:32:44 executed programs: 0
[ 1014.802579][T11259] IPVS: ftp: loaded support on port[0] = 21
[ 1014.822130][T11261] IPVS: ftp: loaded support on port[0] = 21
[ 1014.822186][T11256] IPVS: ftp: loaded support on port[0] = 21
[ 1014.839279][T11258] IPVS: ftp: loaded support on port[0] = 21
[ 1014.903481][T11264] IPVS: ftp: loaded support on port[0] = 21
[ 1014.919895][T11265] IPVS: ftp: loaded support on port[0] = 21
[ 1015.129606][T11256] chnl_net:caif_netlink_parms(): no params data found
[ 1015.192795][T11258] chnl_net:caif_netlink_parms(): no params data found
[ 1015.257419][T11259] chnl_net:caif_netlink_parms(): no params data found
[ 1015.290911][T11261] chnl_net:caif_netlink_parms(): no params data found
[ 1015.355168][T11258] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.363573][T11258] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.372186][T11258] device bridge_slave_0 entered promiscuous mode
[ 1015.380342][T11256] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.388160][T11256] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.398977][T11256] device bridge_slave_0 entered promiscuous mode
[ 1015.408814][T11256] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1015.416023][T11256] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1015.423584][T11256] device bridge_slave_1 entered promiscuous mode
[ 1015.437533][T11264] chnl_net:caif_netlink_parms(): no params data found
[ 1015.454220][T11258] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1015.461522][T11258] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1015.469264][T11258] device bridge_slave_1 entered promiscuous mode
[ 1015.514385][T11261] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.522007][T11261] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.530822][T11261] device bridge_slave_0 entered promiscuous mode
[ 1015.538503][T11259] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.547549][T11259] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.556015][T11259] device bridge_slave_0 entered promiscuous mode
[ 1015.581216][T11256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1015.596778][T11261] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1015.603934][T11261] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1015.611792][T11261] device bridge_slave_1 entered promiscuous mode
[ 1015.618922][T11259] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1015.626907][T11259] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1015.634479][T11259] device bridge_slave_1 entered promiscuous mode
[ 1015.651982][T11258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1015.668796][T11256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1015.702433][T11256] team0: Port device team_slave_0 added
[ 1015.709777][T11258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1015.730612][T11264] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.738145][T11264] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.745960][T11264] device bridge_slave_0 entered promiscuous mode
[ 1015.758897][T11265] chnl_net:caif_netlink_parms(): no params data found
[ 1015.768343][T11256] team0: Port device team_slave_1 added
[ 1015.788040][T11261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1015.799044][T11261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1015.808591][T11264] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1015.816062][T11264] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1015.823657][T11264] device bridge_slave_1 entered promiscuous mode
[ 1015.832141][T11259] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1015.851418][T11259] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1015.928368][T11256] device hsr_slave_0 entered promiscuous mode
[ 1015.985984][T11256] device hsr_slave_1 entered promiscuous mode
[ 1016.053387][T11258] team0: Port device team_slave_0 added
[ 1016.067060][T11258] team0: Port device team_slave_1 added
[ 1016.085331][T11264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1016.103624][T11259] team0: Port device team_slave_0 added
[ 1016.115972][T11261] team0: Port device team_slave_0 added
[ 1016.123571][T11261] team0: Port device team_slave_1 added
[ 1016.133448][T11264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1016.158054][T11259] team0: Port device team_slave_1 added
[ 1016.192823][T11264] team0: Port device team_slave_0 added
[ 1016.206455][T11265] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1016.213547][T11265] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1016.221745][T11265] device bridge_slave_0 entered promiscuous mode
[ 1016.234387][T11265] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1016.241587][T11265] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1016.249328][T11265] device bridge_slave_1 entered promiscuous mode
[ 1016.262796][T11264] team0: Port device team_slave_1 added
[ 1016.308294][T11261] device hsr_slave_0 entered promiscuous mode
[ 1016.365966][T11261] device hsr_slave_1 entered promiscuous mode
[ 1016.445672][T11261] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1016.507262][T11258] device hsr_slave_0 entered promiscuous mode
[ 1016.545981][T11258] device hsr_slave_1 entered promiscuous mode
[ 1016.585727][T11258] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1016.647569][T11259] device hsr_slave_0 entered promiscuous mode
[ 1016.696014][T11259] device hsr_slave_1 entered promiscuous mode
[ 1016.735705][T11259] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1016.763424][T11265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1016.794487][T11265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1016.827831][T11264] device hsr_slave_0 entered promiscuous mode
[ 1016.876074][T11264] device hsr_slave_1 entered promiscuous mode
[ 1016.915795][T11264] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1016.959906][T11265] team0: Port device team_slave_0 added
[ 1016.969231][T11265] team0: Port device team_slave_1 added
[ 1017.047907][T11265] device hsr_slave_0 entered promiscuous mode
[ 1017.105979][T11265] device hsr_slave_1 entered promiscuous mode
[ 1017.145724][T11265] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1017.173888][T11256] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1017.225275][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1017.233531][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1017.247399][T11261] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1017.258917][T11259] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1017.268659][T11256] 8021q: adding VLAN 0 to HW filter on device team0
[ 1017.278600][T11258] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1017.296836][T11261] 8021q: adding VLAN 0 to HW filter on device team0
[ 1017.308345][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1017.316883][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1017.351700][T11259] 8021q: adding VLAN 0 to HW filter on device team0
[ 1017.358956][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1017.368263][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1017.378714][T11273] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1017.389316][T11273] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1017.397679][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1017.406343][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1017.414923][T11273] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1017.422048][T11273] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1017.429591][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1017.438791][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1017.447690][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1017.456119][T11273] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1017.463207][T11273] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1017.470966][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1017.479759][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1017.488391][T11273] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1017.495609][T11273] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1017.503127][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1017.511308][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1017.520454][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1017.528570][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1017.539573][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1017.552807][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1017.578390][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1017.587869][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1017.597437][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1017.606308][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1017.615368][T11267] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1017.622697][T11267] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1017.630525][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1017.639054][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1017.647512][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1017.656231][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1017.664790][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1017.673376][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1017.682151][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1017.692009][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1017.700056][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1017.708409][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1017.737372][T11264] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1017.750346][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1017.759146][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1017.767959][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1017.775039][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1017.784593][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1017.793435][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1017.801878][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1017.810600][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1017.819084][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1017.827510][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1017.836164][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1017.844647][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1017.853531][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1017.862218][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1017.873465][T11261] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1017.884909][T11261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1017.898679][T11256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1017.909971][T11258] 8021q: adding VLAN 0 to HW filter on device team0
[ 1017.924107][T11264] 8021q: adding VLAN 0 to HW filter on device team0
[ 1017.931896][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1017.941946][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1017.950403][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1017.958929][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1017.967452][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1017.975073][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1017.983475][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1018.005212][T11256] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1018.017805][T11265] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1018.034736][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1018.043914][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1018.053330][T11267] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1018.061362][T11267] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1018.069096][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1018.077939][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1018.086677][T11267] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1018.094130][T11267] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1018.101766][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1018.110343][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1018.134981][T11259] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1018.145888][T11259] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1018.168730][T11265] 8021q: adding VLAN 0 to HW filter on device team0
[ 1018.177469][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1018.185461][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1018.194690][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1018.203484][T11267] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1018.210623][T11267] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1018.219412][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1018.228409][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1018.237130][T11267] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1018.244175][T11267] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1018.252396][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1018.260897][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1018.269463][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1018.278495][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1018.287586][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1018.296083][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1018.304530][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1018.313280][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1018.321974][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1018.330664][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1018.338692][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1018.346890][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1018.355324][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1018.364584][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1018.372666][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1018.380457][T11267] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1018.390654][T11261] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1018.413941][T11258] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1018.429125][T11258] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1018.456524][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1018.465312][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1018.474495][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1018.488004][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1018.497208][ T3014] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1018.504259][ T3014] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1018.512040][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1018.520450][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1018.528884][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1018.538122][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1018.546869][ T3014] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1018.554234][ T3014] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1018.563533][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1018.573124][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1018.581075][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1018.595726][   T26] audit: type=1400 audit(1564878767.921:38): avc:  denied  { associate } for  pid=11256 comm="syz-executor.2" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[ 1018.605135][T11264] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1018.631637][T11264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1018.679398][T11259] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1018.701454][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1018.717428][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1018.756808][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1018.769202][T11291] IPVS: ftp: loaded support on port[0] = 21
[ 1018.777656][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1018.790871][T11293] IPVS: ftp: loaded support on port[0] = 21
[ 1018.798527][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1018.809043][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1018.817512][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1018.826529][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1018.834710][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1018.859738][T11264] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1018.878982][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1018.898206][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1018.911813][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1018.935365][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1018.947350][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1018.959003][T11273] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1018.972479][T11258] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1019.061167][T11311] IPVS: ftp: loaded support on port[0] = 21
[ 1019.070468][T11265] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1019.102322][T11310] IPVS: ftp: loaded support on port[0] = 21
[ 1019.108918][T11265] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1019.123940][  T135] Bluetooth: Error in BCSP hdr checksum
[ 1019.130301][T11272] Bluetooth: Error in BCSP hdr checksum
[ 1019.137385][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1019.146362][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1019.154739][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1019.163537][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1019.172021][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1019.180455][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1019.217166][ T3518] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1019.310214][T11265] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1019.327071][T11317] IPVS: ftp: loaded support on port[0] = 21
[ 1019.334740][T11316] Bluetooth: Error in BCSP hdr checksum
[ 1019.440529][T11325] IPVS: ftp: loaded support on port[0] = 21
[ 1020.886185][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1020.892330][   T12] Bluetooth: hci1: command 0x1003 tx timeout
[ 1020.893466][T11326] Bluetooth: hci0: sending frame failed (-49)
[ 1020.904983][T11326] Bluetooth: hci1: sending frame failed (-49)
[ 1021.136053][   T12] Bluetooth: hci3: command 0x1003 tx timeout
[ 1021.142207][   T12] Bluetooth: hci2: command 0x1003 tx timeout
[ 1021.142242][T11326] Bluetooth: hci3: sending frame failed (-49)
[ 1021.148735][T11327] Bluetooth: hci2: sending frame failed (-49)
[ 1021.365894][   T12] Bluetooth: hci4: command 0x1003 tx timeout
[ 1021.372031][T11327] Bluetooth: hci4: sending frame failed (-49)
[ 1021.445745][ T3518] Bluetooth: hci5: command 0x1003 tx timeout
[ 1021.452785][T11327] Bluetooth: hci5: sending frame failed (-49)
[ 1022.965842][ T3518] Bluetooth: hci1: command 0x1001 tx timeout
[ 1022.971958][ T3518] Bluetooth: hci0: command 0x1001 tx timeout
[ 1022.972019][T11327] Bluetooth: hci1: sending frame failed (-49)
[ 1022.978389][T11326] Bluetooth: hci0: sending frame failed (-49)
[ 1023.206106][ T3518] Bluetooth: hci3: command 0x1001 tx timeout
[ 1023.206170][   T12] Bluetooth: hci2: command 0x1001 tx timeout
[ 1023.212248][T11326] Bluetooth: hci3: sending frame failed (-49)
[ 1023.218656][T11327] Bluetooth: hci2: sending frame failed (-49)
[ 1023.448529][   T12] Bluetooth: hci4: command 0x1001 tx timeout
[ 1023.454656][T11327] Bluetooth: hci4: sending frame failed (-49)
[ 1023.526376][   T12] Bluetooth: hci5: command 0x1001 tx timeout
[ 1023.532498][T11327] Bluetooth: hci5: sending frame failed (-49)
[ 1025.045755][   T12] Bluetooth: hci1: command 0x1009 tx timeout
[ 1025.045877][ T3518] Bluetooth: hci0: command 0x1009 tx timeout
[ 1025.285878][ T3518] Bluetooth: hci3: command 0x1009 tx timeout
[ 1025.285932][   T12] Bluetooth: hci2: command 0x1009 tx timeout
[ 1025.525687][ T3518] Bluetooth: hci4: command 0x1009 tx timeout
[ 1025.605721][ T3518] Bluetooth: hci5: command 0x1009 tx timeout
[ 1029.207237][T11291] ==================================================================
[ 1029.215445][T11291] BUG: KASAN: use-after-free in kfree_skb+0x38/0x3c0
[ 1029.215469][T11291] Read of size 4 at addr ffff88808fb08194 by task syz-executor.2/11291
[ 1029.231173][T11291] 
[ 1029.231194][T11291] CPU: 1 PID: 11291 Comm: syz-executor.2 Not tainted 5.3.0-rc2+ #88
[ 1029.231200][T11291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1029.231204][T11291] Call Trace:
[ 1029.231306][T11291]  dump_stack+0x172/0x1f0
[ 1029.231329][T11291]  ? kfree_skb+0x38/0x3c0
[ 1029.241672][T11291]  print_address_description.cold+0xd4/0x306
[ 1029.241687][T11291]  ? kfree_skb+0x38/0x3c0
[ 1029.241698][T11291]  ? kfree_skb+0x38/0x3c0
[ 1029.241709][T11291]  __kasan_report.cold+0x1b/0x36
[ 1029.241722][T11291]  ? kfree_skb+0x38/0x3c0
[ 1029.241734][T11291]  kasan_report+0x12/0x17
[ 1029.241757][T11291]  check_memory_region+0x134/0x1a0
[ 1029.255243][T11291]  __kasan_check_read+0x11/0x20
[ 1029.263925][T11291]  kfree_skb+0x38/0x3c0
2019/08/04 00:32:58 executed programs: 6
[ 1029.274409][T11291]  bcsp_close+0xc7/0x130
[ 1029.288030][T11291]  hci_uart_tty_close+0x21e/0x280
[ 1029.297479][T11291]  ? hci_uart_close+0x50/0x50
[ 1029.297497][T11291]  tty_ldisc_close.isra.0+0x119/0x190
[ 1029.297509][T11291]  tty_ldisc_kill+0x9c/0x160
[ 1029.297521][T11291]  tty_ldisc_release+0xe9/0x2b0
[ 1029.297534][T11291]  tty_release_struct+0x1b/0x50
[ 1029.297553][T11291]  tty_release+0xbcb/0xe90
[ 1029.306590][T11291]  __fput+0x2ff/0x890
[ 1029.306605][T11291]  ? put_tty_driver+0x20/0x20
[ 1029.306618][T11291]  ____fput+0x16/0x20
[ 1029.306638][T11291]  task_work_run+0x145/0x1c0
[ 1029.315932][T11291]  exit_to_usermode_loop+0x316/0x380
[ 1029.315946][T11291]  do_syscall_64+0x5a9/0x6a0
[ 1029.316025][T11291]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1029.316045][T11291] RIP: 0033:0x4134f0
[ 1029.326133][T11291] Code: 01 f0 ff ff 0f 83 30 1b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 9d 2d 66 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff
[ 1029.326140][T11291] RSP: 002b:00007ffe8ff133c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 1029.326152][T11291] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004134f0
[ 1029.326158][T11291] RDX: 0000001b33220000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1029.326164][T11291] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffff
[ 1029.326171][T11291] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20
[ 1029.326178][T11291] R13: 0000000000000001 R14: 00000000007601f8 R15: ffffffffffffffff
[ 1029.326191][T11291] 
[ 1029.326198][T11291] Allocated by task 135:
[ 1029.326215][T11291]  save_stack+0x23/0x90
[ 1029.326227][T11291]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1029.326238][T11291]  kasan_slab_alloc+0xf/0x20
[ 1029.326249][T11291]  kmem_cache_alloc_node+0x138/0x740
[ 1029.326261][T11291]  __alloc_skb+0xd5/0x5e0
[ 1029.326283][T11291]  bcsp_recv+0x8c1/0x13a0
[ 1029.337733][T11291]  hci_uart_tty_receive+0x279/0x790
[ 1029.337749][T11291]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1029.337771][T11291]  tty_port_default_receive_buf+0x7d/0xb0
[ 1029.347060][T11291]  flush_to_ldisc+0x222/0x390
[ 1029.347074][T11291]  process_one_work+0x9af/0x1740
[ 1029.347084][T11291]  worker_thread+0x98/0xe40
[ 1029.347093][T11291]  kthread+0x361/0x430
[ 1029.347103][T11291]  ret_from_fork+0x24/0x30
[ 1029.347106][T11291] 
[ 1029.347112][T11291] Freed by task 135:
[ 1029.347123][T11291]  save_stack+0x23/0x90
[ 1029.347134][T11291]  __kasan_slab_free+0x102/0x150
[ 1029.347143][T11291]  kasan_slab_free+0xe/0x10
[ 1029.347154][T11291]  kmem_cache_free+0x86/0x320
[ 1029.347165][T11291]  kfree_skbmem+0xc5/0x150
[ 1029.347175][T11291]  kfree_skb+0x109/0x3c0
[ 1029.347186][T11291]  bcsp_recv+0x2d8/0x13a0
[ 1029.347206][T11291]  hci_uart_tty_receive+0x279/0x790
[ 1029.356283][T11291]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1029.356298][T11291]  tty_port_default_receive_buf+0x7d/0xb0
[ 1029.356319][T11291]  flush_to_ldisc+0x222/0x390
[ 1029.365306][T11291]  process_one_work+0x9af/0x1740
[ 1029.365317][T11291]  worker_thread+0x98/0xe40
[ 1029.365327][T11291]  kthread+0x361/0x430
[ 1029.365339][T11291]  ret_from_fork+0x24/0x30
[ 1029.365351][T11291] 
[ 1029.388250][T11311] kobject: 'hci2' (000000000a97895b): calling ktype release
[ 1029.388307][T11291] The buggy address belongs to the object at ffff88808fb080c0
[ 1029.388307][T11291]  which belongs to the cache skbuff_head_cache of size 224
[ 1029.421417][T11293] kobject: 'hci0' (000000007bbe98d4): kobject_uevent_env
[ 1029.424330][T11291] The buggy address is located 212 bytes inside of
[ 1029.424330][T11291]  224-byte region [ffff88808fb080c0, ffff88808fb081a0)
[ 1029.424335][T11291] The buggy address belongs to the page:
[ 1029.424347][T11291] page:ffffea00023ec200 refcount:1 mapcount:0 mapping:ffff8880a9815700 index:0x0
[ 1029.424359][T11291] flags: 0x1fffc0000000200(slab)
[ 1029.424380][T11291] raw: 01fffc0000000200 ffffea00023aa188 ffffea00023c6548 ffff8880a9815700
[ 1029.443673][T11293] kobject: 'hci0' (000000007bbe98d4): fill_kobj_path: path = '/devices/virtual/bluetooth/hci0'
[ 1029.448888][T11291] raw: 0000000000000000 ffff88808fb080c0 000000010000000c 0000000000000000
[ 1029.448895][T11291] page dumped because: kasan: bad access detected
[ 1029.448898][T11291] 
[ 1029.448901][T11291] Memory state around the buggy address:
[ 1029.448911][T11291]  ffff88808fb08080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 1029.448920][T11291]  ffff88808fb08100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1029.448928][T11291] >ffff88808fb08180: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 1029.448933][T11291]                          ^
[ 1029.448941][T11291]  ffff88808fb08200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1029.448950][T11291]  ffff88808fb08280: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1029.448954][T11291] ==================================================================
[ 1029.456932][T11328] kobject: 'hci1' (00000000807d5a69): kobject_add_internal: parent: 'bluetooth', set: 'devices'
[ 1029.461507][T11311] kobject: 'hci2': free name
[ 1029.464694][T11328] kobject: 'hci1' (00000000807d5a69): kobject_uevent_env
[ 1029.469891][T11311] ==================================================================
[ 1029.473958][T11328] kobject: 'hci1' (00000000807d5a69): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1'
[ 1029.478300][T11311] BUG: KASAN: double-free or invalid-free in skb_free_head+0x93/0xb0
[ 1029.478304][T11311] 
[ 1029.478319][T11311] CPU: 0 PID: 11311 Comm: syz-executor.4 Tainted: G    B             5.3.0-rc2+ #88
[ 1029.478325][T11311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1029.478330][T11311] Call Trace:
[ 1029.478349][T11311]  dump_stack+0x172/0x1f0
[ 1029.478377][T11311]  print_address_description.cold+0xd4/0x306
[ 1029.478396][T11311]  ? skb_free_head+0x93/0xb0
[ 1029.488599][T11328] kobject: 'rfkill11' (0000000019220924): kobject_add_internal: parent: 'hci1', set: 'devices'
[ 1029.488737][T11311]  kasan_report_invalid_free+0x65/0xa0
[ 1029.493295][T11328] kobject: 'rfkill11' (0000000019220924): kobject_uevent_env
[ 1029.499074][T11311]  ? skb_free_head+0x93/0xb0
[ 1029.499087][T11311]  __kasan_slab_free+0x13a/0x150
[ 1029.499098][T11311]  ? skb_free_head+0x93/0xb0
[ 1029.499109][T11311]  kasan_slab_free+0xe/0x10
[ 1029.499128][T11311]  kfree+0x10a/0x2c0
[ 1029.504473][T11328] kobject: 'rfkill11' (0000000019220924): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1/rfkill11'
[ 1029.510168][T11311]  skb_free_head+0x93/0xb0
[ 1029.510182][T11311]  skb_release_data+0x42d/0x7c0
[ 1029.510200][T11311]  ? bcsp_close+0xc7/0x130
[ 1029.510220][T11311]  skb_release_all+0x4d/0x60
[ 1029.524954][T11328] kobject: 'nfs_client' (0000000009bb36ac): kobject_add_internal: parent: 'net', set: 'nfs'
[ 1029.525279][T11311]  kfree_skb+0x101/0x3c0
[ 1029.530338][T11328] kobject: 'nfs_client' (0000000009bb36ac): kobject_uevent_env
[ 1029.534941][T11311]  bcsp_close+0xc7/0x130
[ 1029.537363][T11328] kobject: 'nfs_client' (0000000009bb36ac): fill_kobj_path: path = '/fs/nfs/net/nfs_client'
[ 1029.541225][T11311]  hci_uart_tty_close+0x21e/0x280
[ 1029.548028][T11328] IPVS: ftp: loaded support on port[0] = 21
[ 1029.551436][T11311]  ? hci_uart_close+0x50/0x50
[ 1029.559932][T11328] kobject: 'lo' (0000000096fa8757): kobject_add_internal: parent: 'net', set: 'devices'
[ 1029.560644][T11311]  tty_ldisc_close.isra.0+0x119/0x190
[ 1029.565948][T11328] kobject: 'lo' (0000000096fa8757): kobject_uevent_env
[ 1029.569425][T11311]  tty_ldisc_kill+0x9c/0x160
[ 1029.573788][T11328] kobject: 'lo' (0000000096fa8757): fill_kobj_path: path = '/devices/virtual/net/lo'
[ 1029.578959][T11311]  tty_ldisc_release+0xe9/0x2b0
[ 1029.578973][T11311]  tty_release_struct+0x1b/0x50
[ 1029.578984][T11311]  tty_release+0xbcb/0xe90
[ 1029.579006][T11311]  __fput+0x2ff/0x890
[ 1029.584680][T11328] kobject: 'queues' (00000000d08451b6): kobject_add_internal: parent: 'lo', set: '<NULL>'
[ 1029.590307][T11311]  ? put_tty_driver+0x20/0x20
[ 1029.590323][T11311]  ____fput+0x16/0x20
[ 1029.590335][T11311]  task_work_run+0x145/0x1c0
[ 1029.590365][T11311]  exit_to_usermode_loop+0x316/0x380
[ 1029.595081][T11328] kobject: 'queues' (00000000d08451b6): kobject_uevent_env
[ 1029.600129][T11311]  do_syscall_64+0x5a9/0x6a0
[ 1029.600145][T11311]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1029.600156][T11311] RIP: 0033:0x4134f0
[ 1029.600176][T11311] Code: 01 f0 ff ff 0f 83 30 1b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 9d 2d 66 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff
[ 1029.604688][T11328] kobject: 'queues' (00000000d08451b6): kobject_uevent_env: filter function caused the event to drop!
[ 1029.609375][T11311] RSP: 002b:00007ffccf189338 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 1029.609387][T11311] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004134f0
[ 1029.609393][T11311] RDX: 0000001b33a20000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1029.609399][T11311] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffff
[ 1029.609405][T11311] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20
[ 1029.609412][T11311] R13: 0000000000000001 R14: 00000000007601f8 R15: ffffffffffffffff
[ 1029.609427][T11311] 
[ 1029.614159][T11291] Kernel panic - not syncing: panic_on_warn set ...
[ 1029.616520][T11311] Allocated by task 11316:
[ 1029.623807][T11291] CPU: 1 PID: 11291 Comm: syz-executor.2 Tainted: G    B             5.3.0-rc2+ #88
[ 1029.638411][T11311]  save_stack+0x23/0x90
[ 1029.645430][T11291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1029.658719][T11311]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1029.664873][T11291] Call Trace:
[ 1029.674370][T11311]  kasan_kmalloc+0x9/0x10
[ 1029.679500][T11291]  dump_stack+0x172/0x1f0
[ 1029.688203][T11311]  __kmalloc_node_track_caller+0x4e/0x70
[ 1029.702884][T11291]  panic+0x2dc/0x755
[ 1029.711566][T11311]  __kmalloc_reserve.isra.0+0x40/0xf0
[ 1029.718227][T11291]  ? add_taint.cold+0x16/0x16
[ 1029.720557][T11311]  __alloc_skb+0x10b/0x5e0
[ 1029.726301][T11291]  ? kfree_skb+0x38/0x3c0
[ 1029.734892][T11311]  bcsp_recv+0x8c1/0x13a0
[ 1029.743055][T11291]  ? preempt_schedule+0x4b/0x60
[ 1029.751147][T11311]  hci_uart_tty_receive+0x279/0x790
[ 1029.755740][T11291]  ? ___preempt_schedule+0x16/0x20
[ 1029.763802][T11311]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1029.771871][T11291]  ? trace_hardirqs_on+0x5e/0x240
[ 1029.780108][T11311]  tty_port_default_receive_buf+0x7d/0xb0
[ 1029.790527][T11291]  ? kfree_skb+0x38/0x3c0
[ 1029.795123][T11311]  flush_to_ldisc+0x222/0x390
[ 1029.802505][T11291]  end_report+0x47/0x4f
[ 1029.810572][T11311]  process_one_work+0x9af/0x1740
[ 1029.820900][T11291]  ? kfree_skb+0x38/0x3c0
[ 1029.829166][T11311]  worker_thread+0x98/0xe40
[ 1029.831608][T11291]  __kasan_report.cold+0xe/0x36
[ 1029.841059][T11311]  kthread+0x361/0x430
[ 1029.851258][T11291]  ? kfree_skb+0x38/0x3c0
[ 1029.854556][T11311]  ret_from_fork+0x24/0x30
[ 1029.858900][T11291]  kasan_report+0x12/0x17
[ 1029.864895][T11311] 
[ 1029.869515][T11291]  check_memory_region+0x134/0x1a0
[ 1029.879830][T11311] Freed by task 11316:
[ 1029.885319][T11291]  __kasan_check_read+0x11/0x20
[ 1029.892692][T11311]  save_stack+0x23/0x90
[ 1029.897310][T11291]  kfree_skb+0x38/0x3c0
[ 1029.902343][T11311]  __kasan_slab_free+0x102/0x150
[ 1029.907721][T11291]  bcsp_close+0xc7/0x130
[ 1029.912319][T11311]  kasan_slab_free+0xe/0x10
[ 1029.916222][T11291]  hci_uart_tty_close+0x21e/0x280
[ 1029.928547][T11311]  kfree+0x10a/0x2c0
[ 1029.928568][T11311]  skb_free_head+0x93/0xb0
[ 1029.933288][T11291]  ? hci_uart_close+0x50/0x50
[ 1029.938151][T11311]  skb_release_data+0x42d/0x7c0
[ 1029.942573][T11291]  tty_ldisc_close.isra.0+0x119/0x190
[ 1029.948238][T11311]  skb_release_all+0x4d/0x60
[ 1029.959016][T11291]  tty_ldisc_kill+0x9c/0x160
[ 1029.963476][T11311]  kfree_skb+0x101/0x3c0
[ 1029.972900][T11291]  tty_ldisc_release+0xe9/0x2b0
[ 1029.977136][T11311]  bcsp_recv+0x2d8/0x13a0
[ 1029.989224][T11291]  tty_release_struct+0x1b/0x50
[ 1029.994441][T11311]  hci_uart_tty_receive+0x279/0x790
[ 1030.001597][T11291]  tty_release+0xbcb/0xe90
[ 1030.007757][T11311]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1030.018352][T11291]  __fput+0x2ff/0x890
[ 1030.023911][T11311]  tty_port_default_receive_buf+0x7d/0xb0
[ 1030.033036][T11291]  ? put_tty_driver+0x20/0x20
[ 1030.037633][T11311]  flush_to_ldisc+0x222/0x390
[ 1030.047266][T11291]  ____fput+0x16/0x20
[ 1030.052125][T11311]  process_one_work+0x9af/0x1740
[ 1030.056990][T11291]  task_work_run+0x145/0x1c0
[ 1030.061590][T11311]  worker_thread+0x98/0xe40
[ 1030.065582][T11291]  exit_to_usermode_loop+0x316/0x380
[ 1030.075552][T11311]  kthread+0x361/0x430
[ 1030.080433][T11291]  do_syscall_64+0x5a9/0x6a0
[ 1030.084424][T11311]  ret_from_fork+0x24/0x30
[ 1030.089840][T11291]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1030.095121][T11311] 
[ 1030.102788][T11291] RIP: 0033:0x4134f0
[ 1030.107466][T11311] The buggy address belongs to the object at ffff888094ceccc0
[ 1030.107466][T11311]  which belongs to the cache kmalloc-8k of size 8192
[ 1030.113904][T11291] Code: 01 f0 ff ff 0f 83 30 1b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 9d 2d 66 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff
[ 1030.117799][T11311] The buggy address is located 0 bytes inside of
[ 1030.117799][T11311]  8192-byte region [ffff888094ceccc0, ffff888094ceecc0)
[ 1030.138314][T11291] RSP: 002b:00007ffe8ff133c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 1030.149344][T11311] The buggy address belongs to the page:
[ 1030.157865][T11291] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004134f0
[ 1030.165842][T11311] page:ffffea0002533b00 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0
[ 1030.174342][T11291] RDX: 0000001b33220000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1030.182327][T11311] flags: 0x1fffc0000010200(slab|head)
[ 1030.191120][T11291] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffff
[ 1030.199372][T11311] raw: 01fffc0000010200 ffffea0002533a08 ffffea000229e408 ffff8880aa4021c0
[ 1030.201788][T11291] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20
[ 1030.208376][T11311] raw: 0000000000000000 ffff888094ceccc0 0000000100000001 0000000000000000
[ 1030.212786][T11291] R13: 0000000000000001 R14: 00000000007601f8 R15: ffffffffffffffff
[ 1030.222146][T11311] page dumped because: kasan: bad access detected
[ 1030.702993][T11311] 
[ 1030.705551][T11311] Memory state around the buggy address:
[ 1030.711370][T11311]  ffff888094cecb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1030.720270][T11311]  ffff888094cecc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1030.728342][T11311] >ffff888094cecc80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 1030.736762][T11311]                                            ^
[ 1030.743659][T11311]  ffff888094cecd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1030.751734][T11311]  ffff888094cecd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1030.759886][T11311] ==================================================================
[ 1031.362535][T11291] Shutting down cpus with NMI
[ 1031.368557][T11291] Kernel Offset: disabled
[ 1031.373384][T11291] Rebooting in 86400 seconds..