[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 56.782386][ T26] audit: type=1800 audit(1570295575.274:25): pid=8649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 56.825677][ T26] audit: type=1800 audit(1570295575.274:26): pid=8649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 56.864460][ T26] audit: type=1800 audit(1570295575.274:27): pid=8649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 67.009807][ T8815] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 67.316327][ T495] Bluetooth: Error in BCSP hdr checksum [ 67.335793][ T495] Bluetooth: Error in BCSP hdr checksum [ 67.355823][ T249] Bluetooth: Error in BCSP hdr checksum [ 67.355878][ T495] Bluetooth: Error in BCSP hdr checksum [ 67.361579][ T7] Bluetooth: Error in BCSP hdr checksum [ 67.576184][ T7] Bluetooth: Error in BCSP hdr checksum [ 67.595756][ T7] Bluetooth: Error in BCSP hdr checksum [ 67.615817][ T249] Bluetooth: Error in BCSP hdr checksum [ 67.615948][ T495] Bluetooth: Error in BCSP hdr checksum [ 67.627327][ T7] Bluetooth: Error in BCSP hdr checksum [ 67.835880][ T7] Bluetooth: Error in BCSP hdr checksum [ 67.856113][ T7] Bluetooth: Error in BCSP hdr checksum [ 67.875839][ T7] Bluetooth: Error in BCSP hdr checksum [ 67.875843][ T46] Bluetooth: Error in BCSP hdr checksum [ 67.888064][ T249] Bluetooth: Error in BCSP hdr checksum [ 68.095822][ T249] Bluetooth: Error in BCSP hdr checksum [ 68.115779][ T46] Bluetooth: Error in BCSP hdr checksum [ 68.135790][ T46] Bluetooth: Error in BCSP hdr checksum [ 68.141546][ T495] Bluetooth: Error in BCSP hdr checksum [ 68.141578][ T249] Bluetooth: Error in BCSP hdr checksum [ 68.356178][ T7] Bluetooth: Error in BCSP hdr checksum [ 68.376133][ T46] Bluetooth: Error in BCSP hdr checksum [ 68.395827][ T46] Bluetooth: Error in BCSP hdr checksum [ 68.401674][ T249] Bluetooth: Error in BCSP hdr checksum [ 68.401692][ T7] Bluetooth: Error in BCSP hdr checksum [ 68.615772][ T7] Bluetooth: Error in BCSP hdr checksum [ 68.635827][ T46] Bluetooth: Error in BCSP hdr checksum [ 68.655851][ T46] Bluetooth: Error in BCSP hdr checksum [ 68.661681][ T249] Bluetooth: Error in BCSP hdr checksum [ 68.661741][ T7] Bluetooth: Error in BCSP hdr checksum [ 68.875760][ T7] Bluetooth: Error in BCSP hdr checksum [ 68.895810][ T46] Bluetooth: Error in BCSP hdr checksum [ 68.915781][ T46] Bluetooth: Error in BCSP hdr checksum [ 68.921726][ T249] Bluetooth: Error in BCSP hdr checksum [ 68.921748][ T7] Bluetooth: Error in BCSP hdr checksum [ 69.086217][ T12] Bluetooth: hci1: command 0x1003 tx timeout [ 69.086223][ T22] Bluetooth: hci3: command 0x1003 tx timeout [ 69.090287][ T46] Bluetooth: Error in BCSP hdr checksum [ 69.092980][ T22] Bluetooth: hci2: command 0x1003 tx timeout [ 69.099385][ T7] Bluetooth: Error in BCSP hdr checksum [ 69.111487][ T8844] Bluetooth: hci2: sending frame failed (-49) [ 69.165622][ T22] Bluetooth: hci5: command 0x1003 tx timeout [ 69.171921][ T22] Bluetooth: hci4: command 0x1003 tx timeout [ 69.178195][ T22] Bluetooth: hci0: command 0x1003 tx timeout [ 69.184487][ T7] Bluetooth: Error in BCSP hdr checksum [ 69.184575][ T46] Bluetooth: Error in BCSP hdr checksum [ 69.196078][ T46] Bluetooth: Error in BCSP hdr checksum [ 69.196082][ T249] Bluetooth: Error in BCSP hdr checksum [ 69.245693][ T12] Bluetooth: hci6: command 0x1003 tx timeout [ 69.251817][ T8844] Bluetooth: hci6: sending frame failed (-49) [ 69.325574][ T22] Bluetooth: hci10: command 0x1003 tx timeout [ 69.331973][ T8844] Bluetooth: hci10: sending frame failed (-49) [ 69.338374][ T22] Bluetooth: hci9: command 0x1003 tx timeout [ 69.344467][ T8844] Bluetooth: hci9: sending frame failed (-49) [ 69.350719][ T22] Bluetooth: hci8: command 0x1003 tx timeout [ 69.356937][ T46] Bluetooth: Error in BCSP hdr checksum [ 69.362742][ T22] Bluetooth: hci7: command 0x1003 tx timeout [ 69.362788][ T8844] Bluetooth: hci8: sending frame failed (-49) [ 69.369321][ T8843] Bluetooth: hci7: sending frame failed (-49) [ 69.375475][ T46] Bluetooth: Error in BCSP hdr checksum [ 69.387851][ T46] Bluetooth: Error in BCSP hdr checksum [ 69.435857][ T46] Bluetooth: Error in BCSP hdr checksum [ 69.455903][ T249] Bluetooth: Error in BCSP hdr checksum [ 69.456020][ T46] Bluetooth: Error in BCSP hdr checksum [ 69.606189][ T7] Bluetooth: Error in BCSP hdr checksum [ 69.645878][ T249] Bluetooth: Error in BCSP hdr checksum [ 69.695918][ T46] Bluetooth: Error in BCSP hdr checksum [ 69.715888][ T249] Bluetooth: Error in BCSP hdr checksum [ 69.715941][ T46] Bluetooth: Error in BCSP hdr checksum [ 69.865876][ T46] Bluetooth: Error in BCSP hdr checksum [ 69.905826][ T249] Bluetooth: Error in BCSP hdr checksum [ 69.911672][ T249] Bluetooth: Error in BCSP hdr checksum [ 69.955790][ T46] Bluetooth: Error in BCSP hdr checksum [ 69.975835][ T7] Bluetooth: Error in BCSP hdr checksum [ 69.975970][ T46] Bluetooth: Error in BCSP hdr checksum [ 70.125809][ T46] Bluetooth: Error in BCSP hdr checksum [ 70.165799][ T249] Bluetooth: Error in BCSP hdr checksum [ 70.171638][ T249] Bluetooth: Error in BCSP hdr checksum [ 70.215760][ T249] Bluetooth: Error in BCSP hdr checksum [ 70.235793][ T249] Bluetooth: Error in BCSP hdr checksum [ 70.236032][ T7] Bluetooth: Error in BCSP hdr checksum [ 70.385808][ T7] Bluetooth: Error in BCSP hdr checksum [ 70.425791][ T46] Bluetooth: Error in BCSP hdr checksum [ 70.475907][ T46] Bluetooth: Error in BCSP hdr checksum [ 70.495796][ T46] Bluetooth: Error in BCSP hdr checksum [ 70.495881][ T249] Bluetooth: Error in BCSP hdr checksum [ 70.645781][ T7] Bluetooth: Error in BCSP hdr checksum [ 70.686014][ T7] Bluetooth: Error in BCSP hdr checksum [ 70.735966][ T249] Bluetooth: Error in BCSP hdr checksum [ 70.755887][ T46] Bluetooth: Error in BCSP hdr checksum [ 70.755891][ T249] Bluetooth: Error in BCSP hdr checksum [ 70.905908][ T46] Bluetooth: Error in BCSP hdr checksum [ 70.945857][ T7] Bluetooth: Error in BCSP hdr checksum [ 70.951798][ T7] Bluetooth: Error in BCSP hdr checksum [ 70.995815][ T7] Bluetooth: Error in BCSP hdr checksum [ 71.003381][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.016145][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.016283][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.165596][ T22] Bluetooth: hci2: command 0x1001 tx timeout [ 71.165602][ T12] Bluetooth: hci3: command 0x1001 tx timeout [ 71.165637][ T12] Bluetooth: hci1: command 0x1001 tx timeout [ 71.171934][ T8843] Bluetooth: hci2: sending frame failed (-49) [ 71.178033][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.191189][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.195797][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.206788][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.247425][ T22] Bluetooth: hci0: command 0x1001 tx timeout [ 71.253495][ T22] Bluetooth: hci4: command 0x1001 tx timeout [ 71.253833][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.260315][ T22] Bluetooth: hci5: command 0x1001 tx timeout [ 71.266095][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.271767][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.282731][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.288420][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.325565][ T22] Bluetooth: hci6: command 0x1001 tx timeout [ 71.331768][ T8843] Bluetooth: hci6: sending frame failed (-49) [ 71.405585][ T22] Bluetooth: hci7: command 0x1001 tx timeout [ 71.405604][ T12] Bluetooth: hci8: command 0x1001 tx timeout [ 71.412742][ T22] Bluetooth: hci9: command 0x1001 tx timeout [ 71.418697][ T8843] Bluetooth: hci7: sending frame failed (-49) [ 71.425242][ T8844] Bluetooth: hci9: sending frame failed (-49) [ 71.431018][ T8843] Bluetooth: hci8: sending frame failed (-49) [ 71.437497][ T22] Bluetooth: hci10: command 0x1001 tx timeout [ 71.449469][ T8843] Bluetooth: hci10: sending frame failed (-49) [ 71.449623][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.456681][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.461579][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.469010][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.473103][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.505911][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.511914][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.517875][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.524057][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.535835][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.541994][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.715951][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.721727][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.725879][ T7] Bluetooth: Error in BCSP hdr checksum [ 71.733594][ T7] Bluetooth: Error in BCSP hdr checksum [ 71.765878][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.771560][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.777512][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.783250][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.795945][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.801705][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.975903][ T249] Bluetooth: Error in BCSP hdr checksum [ 71.975907][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.981684][ T46] Bluetooth: Error in BCSP hdr checksum [ 71.987723][ T249] Bluetooth: Error in BCSP hdr checksum [ 72.025833][ T249] Bluetooth: Error in BCSP hdr checksum [ 72.031668][ T249] Bluetooth: Error in BCSP hdr checksum [ 72.035892][ T46] Bluetooth: Error in BCSP hdr checksum [ 72.043054][ T46] Bluetooth: Error in BCSP hdr checksum [ 72.055856][ T249] Bluetooth: Error in BCSP hdr checksum [ 72.061516][ T249] Bluetooth: Error in BCSP hdr checksum [ 72.236015][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.241669][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.247357][ T249] Bluetooth: Error in BCSP hdr checksum [ 72.253186][ T249] Bluetooth: Error in BCSP hdr checksum [ 72.286055][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.291827][ T495] Bluetooth: Error in BCSP hdr checksum [ 72.295856][ T249] Bluetooth: Error in BCSP hdr checksum [ 72.303152][ T249] Bluetooth: Error in BCSP hdr checksum [ 72.315916][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.321563][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.496134][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.496619][ T495] Bluetooth: Error in BCSP hdr checksum [ 72.501763][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.507695][ T495] Bluetooth: Error in BCSP hdr checksum [ 72.545954][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.552078][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.557992][ T249] Bluetooth: Error in BCSP hdr checksum [ 72.563674][ T249] Bluetooth: Error in BCSP hdr checksum [ 72.575853][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.581471][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.756143][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.756640][ T495] Bluetooth: Error in BCSP hdr checksum [ 72.761766][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.769275][ T495] Bluetooth: Error in BCSP hdr checksum [ 72.805925][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.812203][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.818871][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.825285][ T7] Bluetooth: Error in BCSP hdr checksum [ 72.835940][ T495] Bluetooth: Error in BCSP hdr checksum [ 72.842317][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.016130][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.016647][ T7] Bluetooth: Error in BCSP hdr checksum [ 73.022129][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.029174][ T7] Bluetooth: Error in BCSP hdr checksum [ 73.065893][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.071614][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.077544][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.077795][ T7] Bluetooth: Error in BCSP hdr checksum [ 73.088820][ T7] Bluetooth: Error in BCSP hdr checksum [ 73.095901][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.101650][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.245673][ T12] Bluetooth: hci1: command 0x1009 tx timeout [ 73.245679][ T22] Bluetooth: hci2: command 0x1009 tx timeout [ 73.245725][ T22] Bluetooth: hci3: command 0x1009 tx timeout [ 73.275975][ T249] Bluetooth: Error in BCSP hdr checksum [ 73.276002][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.276111][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.281659][ T249] Bluetooth: Error in BCSP hdr checksum [ 73.325682][ T12] Bluetooth: hci5: command 0x1009 tx timeout [ 73.331853][ T12] Bluetooth: hci4: command 0x1009 tx timeout [ 73.337958][ T12] Bluetooth: hci0: command 0x1009 tx timeout [ 73.344293][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.350268][ T249] Bluetooth: Error in BCSP hdr checksum [ 73.350367][ T7] Bluetooth: Error in BCSP hdr checksum [ 73.355911][ T249] Bluetooth: Error in BCSP hdr checksum [ 73.362316][ T7] Bluetooth: Error in BCSP hdr checksum [ 73.368025][ T46] Bluetooth: Error in BCSP hdr checksum [ 73.378978][ T46] Bluetooth: Error in BCSP hdr checksum [ 73.405691][ T12] Bluetooth: hci6: command 0x1009 tx timeout [ 73.485680][ T12] Bluetooth: hci10: command 0x1009 tx timeout [ 73.485699][ T22] Bluetooth: hci9: command 0x1009 tx timeout [ 73.498128][ T12] Bluetooth: hci8: command 0x1009 tx timeout [ 73.504128][ T12] Bluetooth: hci7: command 0x1009 tx timeout [ 73.535951][ T46] Bluetooth: Error in BCSP hdr checksum [ 73.535955][ T249] Bluetooth: Error in BCSP hdr checksum [ 73.535992][ T249] Bluetooth: Error in BCSP hdr checksum [ 73.541777][ T46] Bluetooth: Error in BCSP hdr checksum [ 73.558854][ T46] Bluetooth: Error in BCSP hdr checksum [ 73.595950][ T249] Bluetooth: Error in BCSP hdr checksum [ 73.601552][ T249] Bluetooth: Error in BCSP hdr checksum [ 73.607718][ T249] Bluetooth: Error in BCSP hdr checksum [ 73.613782][ T249] Bluetooth: Error in BCSP hdr checksum [ 73.625961][ T46] Bluetooth: Error in BCSP hdr checksum [ 73.631560][ T46] Bluetooth: Error in BCSP hdr checksum [ 73.796065][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.796069][ T46] Bluetooth: Error in BCSP hdr checksum [ 73.796111][ T46] Bluetooth: Error in BCSP hdr checksum [ 73.801681][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.855965][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.861734][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.866072][ T249] Bluetooth: Error in BCSP hdr checksum [ 73.872954][ T249] Bluetooth: Error in BCSP hdr checksum [ 73.885896][ T495] Bluetooth: Error in BCSP hdr checksum [ 73.891498][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.056093][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.056618][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.061715][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.067319][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.115946][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.121551][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.127485][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.133063][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.145914][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.151835][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.316163][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.316626][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.321786][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.327933][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.375944][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.381565][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.385927][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.392869][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.405897][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.411495][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.576127][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.576653][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.581758][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.588392][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.635920][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.641617][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.645988][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.652758][ T495] Bluetooth: Error in BCSP hdr checksum [ 74.675930][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.681560][ T249] Bluetooth: Error in BCSP hdr checksum [ 74.836013][ T46] Bluetooth: Error in BCSP hdr checksum [ 74.841641][ T46] Bluetooth: Error in BCSP hdr checksum [ 74.847409][ T7] Bluetooth: Error in BCSP hdr checksum [ 74.853148][ T7] Bluetooth: Error in BCSP hdr checksum [ 74.895938][ T7] Bluetooth: Error in BCSP hdr checksum [ 74.901680][ T7] Bluetooth: Error in BCSP hdr checksum [ 74.905970][ T46] Bluetooth: Error in BCSP hdr checksum [ 74.912903][ T46] Bluetooth: Error in BCSP hdr checksum [ 74.935906][ T7] Bluetooth: Error in BCSP hdr checksum [ 74.941540][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.096123][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.096657][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.101751][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.107633][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.155921][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.161695][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.167771][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.173355][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.195945][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.201564][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.356163][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.356636][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.361825][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.367606][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.415919][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.421789][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.427724][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.433315][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.455912][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.461619][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.616168][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.616640][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.621806][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.627590][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.675919][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.681547][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.687520][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.693158][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.715953][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.721581][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.876147][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.876600][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.881798][ T7] Bluetooth: Error in BCSP hdr checksum [ 75.887589][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.935911][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.941518][ T46] Bluetooth: Error in BCSP hdr checksum [ 75.946061][ T249] Bluetooth: Error in BCSP hdr checksum [ 75.952638][ T249] Bluetooth: Error in BCSP hdr checksum [ 75.975904][ T249] Bluetooth: Error in BCSP hdr checksum [ 75.981532][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.136147][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.136656][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.141762][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.147369][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.195926][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.201703][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.207721][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.213295][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.235876][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.241482][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.396124][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.396689][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.401730][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.407354][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.455916][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.461508][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.465910][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.472600][ T249] Bluetooth: Error in BCSP hdr checksum [ 76.495934][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.501526][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.656187][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.656671][ T7] Bluetooth: Error in BCSP hdr checksum [ 76.663504][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.669102][ T7] Bluetooth: Error in BCSP hdr checksum [ 76.715937][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.721603][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.727629][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.733209][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.755916][ T7] Bluetooth: Error in BCSP hdr checksum [ 76.761537][ T7] Bluetooth: Error in BCSP hdr checksum [ 76.916117][ T7] Bluetooth: Error in BCSP hdr checksum [ 76.916622][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.921762][ T7] Bluetooth: Error in BCSP hdr checksum [ 76.928375][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.975916][ T7] Bluetooth: Error in BCSP hdr checksum [ 76.981634][ T7] Bluetooth: Error in BCSP hdr checksum [ 76.987732][ T7] Bluetooth: Error in BCSP hdr checksum [ 76.987985][ T46] Bluetooth: Error in BCSP hdr checksum [ 76.999211][ T46] Bluetooth: Error in BCSP hdr checksum [ 77.015929][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.022050][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.176064][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.176068][ T46] Bluetooth: Error in BCSP hdr checksum [ 77.176106][ T46] Bluetooth: Error in BCSP hdr checksum [ 77.181683][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.235918][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.241876][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.245908][ T249] Bluetooth: Error in BCSP hdr checksum [ 77.253106][ T249] Bluetooth: Error in BCSP hdr checksum [ 77.275942][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.281586][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.436128][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.436652][ T249] Bluetooth: Error in BCSP hdr checksum [ 77.441757][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.448065][ T249] Bluetooth: Error in BCSP hdr checksum [ 77.495930][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.501732][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.507755][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.513695][ T7] Bluetooth: Error in BCSP hdr checksum [ 77.535919][ T249] Bluetooth: Error in BCSP hdr checksum [ 77.541703][ T249] Bluetooth: Error in BCSP hdr checksum executing program [ 77.687320][ T8825] ================================================================== [ 77.695506][ T8825] BUG: KASAN: use-after-free in kfree_skb+0x38/0x3c0 [ 77.702180][ T8825] Read of size 4 at addr ffff8880a070ea54 by task syz-executor226/8825 [ 77.710400][ T8825] [ 77.712859][ T8825] CPU: 1 PID: 8825 Comm: syz-executor226 Not tainted 5.4.0-rc1+ #0 [ 77.720746][ T8825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.730792][ T8825] Call Trace: [ 77.734251][ T8825] dump_stack+0x172/0x1f0 [ 77.738583][ T8825] ? kfree_skb+0x38/0x3c0 [ 77.742903][ T8825] print_address_description.constprop.0.cold+0xd4/0x30b [ 77.749992][ T8825] ? kfree_skb+0x38/0x3c0 [ 77.754311][ T8825] ? kfree_skb+0x38/0x3c0 [ 77.758626][ T8825] __kasan_report.cold+0x1b/0x41 [ 77.763547][ T8825] ? kfree_skb+0x38/0x3c0 [ 77.767860][ T8825] kasan_report+0x12/0x20 [ 77.772184][ T8825] check_memory_region+0x134/0x1a0 [ 77.779539][ T8825] __kasan_check_read+0x11/0x20 [ 77.784374][ T8825] kfree_skb+0x38/0x3c0 [ 77.788513][ T8825] bcsp_close+0xc7/0x130 [ 77.792743][ T8825] hci_uart_tty_close+0x21e/0x280 [ 77.797755][ T8825] ? hci_uart_close+0x50/0x50 [ 77.802421][ T8825] tty_ldisc_close.isra.0+0x119/0x1a0 [ 77.807777][ T8825] tty_ldisc_kill+0x9c/0x160 [ 77.812351][ T8825] tty_ldisc_release+0xe9/0x2b0 [ 77.817185][ T8825] tty_release_struct+0x1b/0x50 [ 77.822041][ T8825] tty_release+0xbcb/0xe90 [ 77.826447][ T8825] __fput+0x2ff/0x890 [ 77.830416][ T8825] ? put_tty_driver+0x20/0x20 [ 77.835120][ T8825] ____fput+0x16/0x20 [ 77.839395][ T8825] task_work_run+0x145/0x1c0 [ 77.843986][ T8825] do_exit+0x904/0x2e60 [ 77.848159][ T8825] ? mm_update_next_owner+0x640/0x640 [ 77.853613][ T8825] ? lock_downgrade+0x920/0x920 [ 77.858569][ T8825] ? _raw_spin_unlock_irq+0x28/0x90 [ 77.863765][ T8825] ? get_signal+0x392/0x2500 [ 77.868357][ T8825] ? _raw_spin_unlock_irq+0x28/0x90 [ 77.873545][ T8825] do_group_exit+0x135/0x360 [ 77.878137][ T8825] get_signal+0x47c/0x2500 [ 77.882633][ T8825] ? debug_smp_processor_id+0x3c/0x214 [ 77.888104][ T8825] do_signal+0x87/0x1700 [ 77.892338][ T8825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 77.898564][ T8825] ? debug_smp_processor_id+0x3c/0x214 [ 77.904010][ T8825] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 77.910168][ T8825] ? setup_sigcontext+0x7d0/0x7d0 [ 77.915194][ T8825] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 77.921420][ T8825] ? exit_to_usermode_loop+0x43/0x380 [ 77.926808][ T8825] ? do_syscall_64+0x65f/0x760 [ 77.931557][ T8825] ? exit_to_usermode_loop+0x43/0x380 [ 77.938566][ T8825] ? lockdep_hardirqs_on+0x421/0x5e0 [ 77.943977][ T8825] ? trace_hardirqs_on+0x67/0x240 [ 77.949012][ T8825] exit_to_usermode_loop+0x286/0x380 [ 77.954291][ T8825] do_syscall_64+0x65f/0x760 [ 77.958892][ T8825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.964769][ T8825] RIP: 0033:0x446949 [ 77.968654][ T8825] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 77.988259][ T8825] RSP: 002b:00007fb09083edb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 77.996743][ T8825] RAX: fffffffffffffe00 RBX: 00000000006dbc58 RCX: 0000000000446949 [ 78.004877][ T8825] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc58 [ 78.012834][ T8825] RBP: 00000000006dbc50 R08: 0000000000000000 R09: 0000000000000000 [ 78.020790][ T8825] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc5c [ 78.028784][ T8825] R13: 00007fffc77e5caf R14: 00007fb09083f9c0 R15: 0000000000000000 [ 78.036768][ T8825] [ 78.039105][ T8825] Allocated by task 249: [ 78.043390][ T8825] save_stack+0x23/0x90 [ 78.047549][ T8825] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 78.053170][ T8825] kasan_slab_alloc+0xf/0x20 [ 78.057758][ T8825] kmem_cache_alloc_node+0x138/0x740 [ 78.063024][ T8825] __alloc_skb+0xd5/0x5e0 [ 78.067336][ T8825] bcsp_recv+0x8c1/0x13a0 [ 78.071644][ T8825] hci_uart_tty_receive+0x279/0x6e0 [ 78.076834][ T8825] tty_ldisc_receive_buf+0x15f/0x1c0 [ 78.082112][ T8825] tty_port_default_receive_buf+0x7d/0xb0 [ 78.087816][ T8825] flush_to_ldisc+0x222/0x390 [ 78.092583][ T8825] process_one_work+0x9af/0x1740 [ 78.097515][ T8825] worker_thread+0x98/0xe40 [ 78.102002][ T8825] kthread+0x361/0x430 [ 78.106065][ T8825] ret_from_fork+0x24/0x30 [ 78.110458][ T8825] [ 78.112770][ T8825] Freed by task 249: [ 78.116656][ T8825] save_stack+0x23/0x90 [ 78.120797][ T8825] __kasan_slab_free+0x102/0x150 [ 78.125712][ T8825] kasan_slab_free+0xe/0x10 [ 78.130294][ T8825] kmem_cache_free+0x86/0x320 [ 78.134964][ T8825] kfree_skbmem+0xc5/0x150 [ 78.139359][ T8825] kfree_skb+0x109/0x3c0 [ 78.143605][ T8825] bcsp_recv+0x2d8/0x13a0 [ 78.147927][ T8825] hci_uart_tty_receive+0x279/0x6e0 [ 78.153105][ T8825] tty_ldisc_receive_buf+0x15f/0x1c0 [ 78.158387][ T8825] tty_port_default_receive_buf+0x7d/0xb0 [ 78.164103][ T8825] flush_to_ldisc+0x222/0x390 [ 78.169035][ T8825] process_one_work+0x9af/0x1740 [ 78.173953][ T8825] worker_thread+0x98/0xe40 [ 78.178436][ T8825] kthread+0x361/0x430 [ 78.182488][ T8825] ret_from_fork+0x24/0x30 [ 78.186880][ T8825] [ 78.189191][ T8825] The buggy address belongs to the object at ffff8880a070e980 [ 78.189191][ T8825] which belongs to the cache skbuff_head_cache of size 224 [ 78.204531][ T8825] The buggy address is located 212 bytes inside of [ 78.204531][ T8825] 224-byte region [ffff8880a070e980, ffff8880a070ea60) [ 78.217786][ T8825] The buggy address belongs to the page: [ 78.223406][ T8825] page:ffffea000281c380 refcount:1 mapcount:0 mapping:ffff8880a99ac8c0 index:0x0 [ 78.233123][ T8825] flags: 0x1fffc0000000200(slab) [ 78.238048][ T8825] raw: 01fffc0000000200 ffffea0002a46cc8 ffffea0002439d88 ffff8880a99ac8c0 [ 78.246617][ T8825] raw: 0000000000000000 ffff8880a070e0c0 000000010000000c 0000000000000000 [ 78.255176][ T8825] page dumped because: kasan: bad access detected [ 78.261562][ T8825] [ 78.263868][ T8825] Memory state around the buggy address: [ 78.269480][ T8825] ffff8880a070e900: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 78.277522][ T8825] ffff8880a070e980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.285577][ T8825] >ffff8880a070ea00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 78.293616][ T8825] ^ [ 78.300273][ T8825] ffff8880a070ea80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 78.308317][ T8825] ffff8880a070eb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.316352][ T8825] ================================================================== [ 78.324391][ T8825] Disabling lock debugging due to kernel taint [ 78.330544][ T8836] ================================================================== [ 78.338615][ T8836] BUG: KASAN: double-free or invalid-free in skb_free_head+0x93/0xb0 [ 78.338618][ T8836] [ 78.338638][ T8836] CPU: 0 PID: 8836 Comm: syz-executor226 Tainted: G B 5.4.0-rc1+ #0 [ 78.349089][ T8836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.368371][ T8836] Call Trace: [ 78.368390][ T8836] dump_stack+0x172/0x1f0 [ 78.368410][ T8836] print_address_description.constprop.0.cold+0xd4/0x30b [ 78.376450][ T8836] ? skb_free_head+0x93/0xb0 [ 78.376464][ T8836] kasan_report_invalid_free+0x65/0xa0 [ 78.376481][ T8836] ? skb_free_head+0x93/0xb0 [ 78.389994][ T8836] __kasan_slab_free+0x13a/0x150 [ 78.400005][ T8836] ? skb_free_head+0x93/0xb0 [ 78.400015][ T8836] kasan_slab_free+0xe/0x10 [ 78.400023][ T8836] kfree+0x10a/0x2c0 [ 78.400039][ T8836] skb_free_head+0x93/0xb0 [ 78.409532][ T8836] skb_release_data+0x42d/0x7c0 [ 78.409548][ T8836] ? bcsp_close+0xc7/0x130 [ 78.409563][ T8836] skb_release_all+0x4d/0x60 [ 78.417942][ T8836] kfree_skb+0x101/0x3c0 [ 78.417956][ T8836] bcsp_close+0xc7/0x130 [ 78.417968][ T8836] hci_uart_tty_close+0x21e/0x280 [ 78.417982][ T8836] ? hci_uart_close+0x50/0x50 [ 78.427212][ T8836] tty_ldisc_close.isra.0+0x119/0x1a0 [ 78.427225][ T8836] tty_ldisc_kill+0x9c/0x160 [ 78.427242][ T8836] tty_ldisc_release+0xe9/0x2b0 [ 78.436235][ T8836] tty_release_struct+0x1b/0x50 [ 78.436252][ T8836] tty_release+0xbcb/0xe90 [ 78.444721][ T8836] __fput+0x2ff/0x890 [ 78.454381][ T8836] ? put_tty_driver+0x20/0x20 [ 78.454393][ T8836] ____fput+0x16/0x20 [ 78.454410][ T8836] task_work_run+0x145/0x1c0 [ 78.464341][ T8836] do_exit+0x904/0x2e60 [ 78.464360][ T8836] ? mm_update_next_owner+0x640/0x640 [ 78.474035][ T8836] ? lock_downgrade+0x920/0x920 [ 78.474053][ T8836] ? _raw_spin_unlock_irq+0x28/0x90 [ 78.482672][ T8836] ? get_signal+0x392/0x2500 [ 78.482690][ T8836] ? _raw_spin_unlock_irq+0x28/0x90 [ 78.491298][ T8836] do_group_exit+0x135/0x360 [ 78.491314][ T8836] get_signal+0x47c/0x2500 [ 78.500037][ T8836] ? do_vfs_ioctl+0x120/0x13e0 [ 78.500056][ T8836] do_signal+0x87/0x1700 [ 78.510256][ T8836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 78.510268][ T8836] ? debug_smp_processor_id+0x3c/0x214 [ 78.510289][ T8836] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 78.520074][ T8836] ? setup_sigcontext+0x7d0/0x7d0 [ 78.520096][ T8836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 78.529832][ T8836] ? exit_to_usermode_loop+0x43/0x380 [ 78.529844][ T8836] ? do_syscall_64+0x65f/0x760 [ 78.529861][ T8836] ? exit_to_usermode_loop+0x43/0x380 [ 78.539003][ T8836] ? lockdep_hardirqs_on+0x421/0x5e0 [ 78.539015][ T8836] ? trace_hardirqs_on+0x67/0x240 [ 78.539035][ T8836] exit_to_usermode_loop+0x286/0x380 [ 78.549509][ T8836] do_syscall_64+0x65f/0x760 [ 78.549530][ T8836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.561119][ T8836] RIP: 0033:0x446949 [ 78.572363][ T8836] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 78.582453][ T8836] RSP: 002b:00007fb09081ddb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 78.582465][ T8836] RAX: fffffffffffffe00 RBX: 00000000006dbc68 RCX: 0000000000446949 [ 78.582471][ T8836] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc68 [ 78.582483][ T8836] RBP: 00000000006dbc60 R08: 0000000000000000 R09: 0000000000000000 [ 78.593089][ T8836] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc6c [ 78.593096][ T8836] R13: 00007fffc77e5caf R14: 00007fb09081e9c0 R15: 0000000000000001 [ 78.593109][ T8836] [ 78.603367][ T8836] Allocated by task 7: [ 78.603382][ T8836] save_stack+0x23/0x90 [ 78.603398][ T8836] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 78.613827][ T8836] kasan_kmalloc+0x9/0x10 [ 78.613837][ T8836] __kmalloc_node_track_caller+0x4e/0x70 [ 78.613855][ T8836] __kmalloc_reserve.isra.0+0x40/0xf0 [ 78.637501][ T8836] __alloc_skb+0x10b/0x5e0 [ 78.637513][ T8836] bcsp_recv+0x8c1/0x13a0 [ 78.637527][ T8836] hci_uart_tty_receive+0x279/0x6e0 [ 78.637540][ T8836] tty_ldisc_receive_buf+0x15f/0x1c0 [ 78.637559][ T8836] tty_port_default_receive_buf+0x7d/0xb0 [ 78.653922][ T8836] flush_to_ldisc+0x222/0x390 [ 78.653935][ T8836] process_one_work+0x9af/0x1740 [ 78.653951][ T8836] worker_thread+0x98/0xe40 [ 78.756673][ T8836] kthread+0x361/0x430 [ 78.760843][ T8836] ret_from_fork+0x24/0x30 [ 78.765247][ T8836] [ 78.767571][ T8836] Freed by task 7: [ 78.771274][ T8836] save_stack+0x23/0x90 [ 78.775414][ T8836] __kasan_slab_free+0x102/0x150 [ 78.780328][ T8836] kasan_slab_free+0xe/0x10 [ 78.784824][ T8836] kfree+0x10a/0x2c0 [ 78.788705][ T8836] skb_free_head+0x93/0xb0 [ 78.793130][ T8836] skb_release_data+0x42d/0x7c0 [ 78.797968][ T8836] skb_release_all+0x4d/0x60 [ 78.802971][ T8836] kfree_skb+0x101/0x3c0 [ 78.807209][ T8836] bcsp_recv+0x2d8/0x13a0 [ 78.811530][ T8836] hci_uart_tty_receive+0x279/0x6e0 [ 78.816720][ T8836] tty_ldisc_receive_buf+0x15f/0x1c0 [ 78.821998][ T8836] tty_port_default_receive_buf+0x7d/0xb0 [ 78.827710][ T8836] flush_to_ldisc+0x222/0x390 [ 78.832627][ T8836] process_one_work+0x9af/0x1740 [ 78.837571][ T8836] worker_thread+0x98/0xe40 [ 78.842060][ T8836] kthread+0x361/0x430 [ 78.846474][ T8836] ret_from_fork+0x24/0x30 [ 78.850865][ T8836] [ 78.853177][ T8836] The buggy address belongs to the object at ffff88808f5cc580 [ 78.853177][ T8836] which belongs to the cache kmalloc-8k of size 8192 [ 78.868347][ T8836] The buggy address is located 0 bytes inside of [ 78.868347][ T8836] 8192-byte region [ffff88808f5cc580, ffff88808f5ce580) [ 78.881872][ T8836] The buggy address belongs to the page: [ 78.887516][ T8836] page:ffffea00023d7300 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0 [ 78.898430][ T8836] flags: 0x1fffc0000010200(slab|head) [ 78.903787][ T8836] raw: 01fffc0000010200 ffffea00023d7208 ffffea00026b6808 ffff8880aa4021c0 [ 78.912556][ T8836] raw: 0000000000000000 ffff88808f5cc580 0000000100000001 0000000000000000 [ 78.921721][ T8836] page dumped because: kasan: bad access detected [ 78.928107][ T8836] [ 78.930411][ T8836] Memory state around the buggy address: [ 78.936023][ T8836] ffff88808f5cc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.944061][ T8836] ffff88808f5cc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.952105][ T8836] >ffff88808f5cc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.960155][ T8836] ^ [ 78.964226][ T8836] ffff88808f5cc600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.972285][ T8836] ffff88808f5cc680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.980319][ T8836] ================================================================== [ 78.988371][ T8836] Kernel panic - not syncing: panic_on_warn set ... [ 78.988375][ T8837] ================================================================== [ 78.988398][ T8837] BUG: KASAN: double-free or invalid-free in skb_free_head+0x93/0xb0 [ 78.994950][ T8836] CPU: 0 PID: 8836 Comm: syz-executor226 Tainted: G B 5.4.0-rc1+ #0 [ 79.002987][ T8837] [ 79.011024][ T8836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.032608][ T8836] Call Trace: [ 79.035890][ T8836] dump_stack+0x172/0x1f0 [ 79.040204][ T8836] panic+0x2dc/0x755 [ 79.044085][ T8836] ? add_taint.cold+0x16/0x16 [ 79.048751][ T8836] ? skb_free_head+0x93/0xb0 [ 79.053332][ T8836] ? trace_hardirqs_off+0x62/0x240 [ 79.058426][ T8836] ? trace_hardirqs_off+0x59/0x240 [ 79.063564][ T8836] ? skb_free_head+0x93/0xb0 [ 79.068154][ T8836] end_report+0x47/0x4f [ 79.072293][ T8836] kasan_report_invalid_free+0x82/0xa0 [ 79.077737][ T8836] ? skb_free_head+0x93/0xb0 [ 79.082313][ T8836] __kasan_slab_free+0x13a/0x150 [ 79.087241][ T8836] ? skb_free_head+0x93/0xb0 [ 79.091816][ T8836] kasan_slab_free+0xe/0x10 [ 79.096388][ T8836] kfree+0x10a/0x2c0 [ 79.100284][ T8836] skb_free_head+0x93/0xb0 [ 79.104716][ T8836] skb_release_data+0x42d/0x7c0 [ 79.109567][ T8836] ? bcsp_close+0xc7/0x130 [ 79.113978][ T8836] skb_release_all+0x4d/0x60 [ 79.118559][ T8836] kfree_skb+0x101/0x3c0 [ 79.122789][ T8836] bcsp_close+0xc7/0x130 [ 79.127025][ T8836] hci_uart_tty_close+0x21e/0x280 [ 79.132052][ T8836] ? hci_uart_close+0x50/0x50 [ 79.136743][ T8836] tty_ldisc_close.isra.0+0x119/0x1a0 [ 79.142118][ T8836] tty_ldisc_kill+0x9c/0x160 [ 79.146759][ T8836] tty_ldisc_release+0xe9/0x2b0 [ 79.151608][ T8836] tty_release_struct+0x1b/0x50 [ 79.156449][ T8836] tty_release+0xbcb/0xe90 [ 79.160859][ T8836] __fput+0x2ff/0x890 [ 79.164829][ T8836] ? put_tty_driver+0x20/0x20 [ 79.169503][ T8836] ____fput+0x16/0x20 [ 79.173474][ T8836] task_work_run+0x145/0x1c0 [ 79.178075][ T8836] do_exit+0x904/0x2e60 [ 79.182232][ T8836] ? mm_update_next_owner+0x640/0x640 [ 79.187603][ T8836] ? lock_downgrade+0x920/0x920 [ 79.192457][ T8836] ? _raw_spin_unlock_irq+0x28/0x90 [ 79.197816][ T8836] ? get_signal+0x392/0x2500 [ 79.202394][ T8836] ? _raw_spin_unlock_irq+0x28/0x90 [ 79.207600][ T8836] do_group_exit+0x135/0x360 [ 79.212182][ T8836] get_signal+0x47c/0x2500 [ 79.219452][ T8836] ? do_vfs_ioctl+0x120/0x13e0 [ 79.224212][ T8836] do_signal+0x87/0x1700 [ 79.228445][ T8836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.234671][ T8836] ? debug_smp_processor_id+0x3c/0x214 [ 79.240136][ T8836] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 79.246287][ T8836] ? setup_sigcontext+0x7d0/0x7d0 [ 79.251301][ T8836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 79.257527][ T8836] ? exit_to_usermode_loop+0x43/0x380 [ 79.262884][ T8836] ? do_syscall_64+0x65f/0x760 [ 79.267634][ T8836] ? exit_to_usermode_loop+0x43/0x380 [ 79.272991][ T8836] ? lockdep_hardirqs_on+0x421/0x5e0 [ 79.278262][ T8836] ? trace_hardirqs_on+0x67/0x240 [ 79.284055][ T8836] exit_to_usermode_loop+0x286/0x380 [ 79.289327][ T8836] do_syscall_64+0x65f/0x760 [ 79.293909][ T8836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.299786][ T8836] RIP: 0033:0x446949 [ 79.303671][ T8836] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 79.323436][ T8836] RSP: 002b:00007fb09081ddb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 79.331874][ T8836] RAX: fffffffffffffe00 RBX: 00000000006dbc68 RCX: 0000000000446949 [ 79.339834][ T8836] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc68 [ 79.347801][ T8836] RBP: 00000000006dbc60 R08: 0000000000000000 R09: 0000000000000000 [ 79.355787][ T8836] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc6c [ 79.363748][ T8836] R13: 00007fffc77e5caf R14: 00007fb09081e9c0 R15: 0000000000000001 [ 79.372158][ T8837] CPU: 1 PID: 8837 Comm: syz-executor226 Tainted: G B 5.4.0-rc1+ #0 [ 79.381518][ T8837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.391916][ T8837] Call Trace: [ 79.395197][ T8837] dump_stack+0x172/0x1f0 [ 79.399516][ T8837] print_address_description.constprop.0.cold+0xd4/0x30b [ 79.406537][ T8837] ? skb_free_head+0x93/0xb0 [ 79.411111][ T8837] kasan_report_invalid_free+0x65/0xa0 [ 79.416553][ T8837] ? skb_free_head+0x93/0xb0 [ 79.421124][ T8837] __kasan_slab_free+0x13a/0x150 [ 79.426044][ T8837] ? skb_free_head+0x93/0xb0 [ 79.430630][ T8837] kasan_slab_free+0xe/0x10 [ 79.435115][ T8837] kfree+0x10a/0x2c0 [ 79.438999][ T8837] skb_free_head+0x93/0xb0 [ 79.443399][ T8837] skb_release_data+0x42d/0x7c0 [ 79.448235][ T8837] ? bcsp_close+0xc7/0x130 [ 79.452636][ T8837] skb_release_all+0x4d/0x60 [ 79.457218][ T8837] kfree_skb+0x101/0x3c0 [ 79.461445][ T8837] bcsp_close+0xc7/0x130 [ 79.465673][ T8837] hci_uart_tty_close+0x21e/0x280 [ 79.470696][ T8837] ? hci_uart_close+0x50/0x50 [ 79.475378][ T8837] tty_ldisc_close.isra.0+0x119/0x1a0 [ 79.480735][ T8837] tty_ldisc_kill+0x9c/0x160 [ 79.485313][ T8837] tty_ldisc_release+0xe9/0x2b0 [ 79.490156][ T8837] tty_release_struct+0x1b/0x50 [ 79.494988][ T8837] tty_release+0xbcb/0xe90 [ 79.499395][ T8837] __fput+0x2ff/0x890 [ 79.503363][ T8837] ? put_tty_driver+0x20/0x20 [ 79.508021][ T8837] ____fput+0x16/0x20 [ 79.511990][ T8837] task_work_run+0x145/0x1c0 [ 79.516564][ T8837] do_exit+0x904/0x2e60 [ 79.520712][ T8837] ? mm_update_next_owner+0x640/0x640 [ 79.526068][ T8837] ? lock_downgrade+0x920/0x920 [ 79.530902][ T8837] ? _raw_spin_unlock_irq+0x28/0x90 [ 79.536187][ T8837] ? get_signal+0x392/0x2500 [ 79.540762][ T8837] ? _raw_spin_unlock_irq+0x28/0x90 [ 79.545974][ T8837] do_group_exit+0x135/0x360 [ 79.550555][ T8837] get_signal+0x47c/0x2500 [ 79.554981][ T8837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.561208][ T8837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.567700][ T8837] do_signal+0x87/0x1700 [ 79.571935][ T8837] ? do_sys_ftruncate+0x41e/0x550 [ 79.576945][ T8837] ? setup_sigcontext+0x7d0/0x7d0 [ 79.582057][ T8837] ? exit_to_usermode_loop+0x43/0x380 [ 79.588625][ T8837] ? do_syscall_64+0x65f/0x760 [ 79.593370][ T8837] ? exit_to_usermode_loop+0x43/0x380 [ 79.599337][ T8837] ? lockdep_hardirqs_on+0x421/0x5e0 [ 79.604625][ T8837] ? trace_hardirqs_on+0x67/0x240 [ 79.609653][ T8837] exit_to_usermode_loop+0x286/0x380 [ 79.614934][ T8837] do_syscall_64+0x65f/0x760 [ 79.619516][ T8837] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.625406][ T8837] RIP: 0033:0x446949 [ 79.629286][ T8837] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 79.648872][ T8837] RSP: 002b:00007fb09081ddb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 79.657406][ T8837] RAX: 0000000000000001 RBX: 00000000006dbc68 RCX: 0000000000446949 [ 79.665370][ T8837] RDX: 0000000000446949 RSI: 0000000000000081 RDI: 00000000006dbc6c [ 79.673340][ T8837] RBP: 00000000006dbc60 R08: 0000000000000000 R09: 0000000000000000 [ 79.681296][ T8837] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc6c [ 79.689263][ T8837] R13: 00007fffc77e5caf R14: 00007fb09081e9c0 R15: 0000000000000001 [ 79.697222][ T8837] [ 79.699549][ T8837] Allocated by task 7: [ 79.703607][ T8837] save_stack+0x23/0x90 [ 79.707746][ T8837] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 79.713370][ T8837] kasan_kmalloc+0x9/0x10 [ 79.717679][ T8837] __kmalloc_node_track_caller+0x4e/0x70 [ 79.723296][ T8837] __kmalloc_reserve.isra.0+0x40/0xf0 [ 79.728660][ T8837] __alloc_skb+0x10b/0x5e0 [ 79.733060][ T8837] bcsp_recv+0x8c1/0x13a0 [ 79.737405][ T8837] hci_uart_tty_receive+0x279/0x6e0 [ 79.742585][ T8837] tty_ldisc_receive_buf+0x15f/0x1c0 [ 79.747855][ T8837] tty_port_default_receive_buf+0x7d/0xb0 [ 79.753557][ T8837] flush_to_ldisc+0x222/0x390 [ 79.758216][ T8837] process_one_work+0x9af/0x1740 [ 79.763138][ T8837] worker_thread+0x98/0xe40 [ 79.767622][ T8837] kthread+0x361/0x430 [ 79.771672][ T8837] ret_from_fork+0x24/0x30 [ 79.776060][ T8837] [ 79.778370][ T8837] Freed by task 7: [ 79.782086][ T8837] save_stack+0x23/0x90 [ 79.786573][ T8837] __kasan_slab_free+0x102/0x150 [ 79.791510][ T8837] kasan_slab_free+0xe/0x10 [ 79.796006][ T8837] kfree+0x10a/0x2c0 [ 79.799895][ T8837] skb_free_head+0x93/0xb0 [ 79.804291][ T8837] skb_release_data+0x42d/0x7c0 [ 79.809134][ T8837] skb_release_all+0x4d/0x60 [ 79.813726][ T8837] kfree_skb+0x101/0x3c0 [ 79.817959][ T8837] bcsp_recv+0x2d8/0x13a0 [ 79.822278][ T8837] hci_uart_tty_receive+0x279/0x6e0 [ 79.827491][ T8837] tty_ldisc_receive_buf+0x15f/0x1c0 [ 79.832760][ T8837] tty_port_default_receive_buf+0x7d/0xb0 [ 79.838547][ T8837] flush_to_ldisc+0x222/0x390 [ 79.843209][ T8837] process_one_work+0x9af/0x1740 [ 79.848144][ T8837] worker_thread+0x98/0xe40 [ 79.852799][ T8837] kthread+0x361/0x430 [ 79.856853][ T8837] ret_from_fork+0x24/0x30 [ 79.861243][ T8837] [ 79.863711][ T8837] The buggy address belongs to the object at ffff88808f5c04c0 [ 79.863711][ T8837] which belongs to the cache kmalloc-8k of size 8192 [ 79.877744][ T8837] The buggy address is located 0 bytes inside of [ 79.877744][ T8837] 8192-byte region [ffff88808f5c04c0, ffff88808f5c24c0) [ 79.890989][ T8837] The buggy address belongs to the page: [ 79.896607][ T8837] page:ffffea00023d7000 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0 [ 79.907521][ T8837] flags: 0x1fffc0000010200(slab|head) [ 79.912881][ T8837] raw: 01fffc0000010200 ffffea00023a2308 ffffea00023d7108 ffff8880aa4021c0 [ 79.921453][ T8837] raw: 0000000000000000 ffff88808f5c04c0 0000000100000001 0000000000000000 [ 79.930013][ T8837] page dumped because: kasan: bad access detected [ 79.936400][ T8837] [ 79.938708][ T8837] Memory state around the buggy address: [ 79.944318][ T8837] ffff88808f5c0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 79.952363][ T8837] ffff88808f5c0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 79.960404][ T8837] >ffff88808f5c0480: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 79.968444][ T8837] ^ [ 79.974594][ T8837] ffff88808f5c0500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.982638][ T8837] ffff88808f5c0580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.990678][ T8837] ================================================================== [ 80.531786][ T8836] Shutting down cpus with NMI [ 80.541856][ T8836] Kernel Offset: disabled [ 80.547191][ T8836] Rebooting in 86400 seconds..