[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 56.130668][ T26] audit: type=1800 audit(1571385766.605:25): pid=8737 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 56.169083][ T26] audit: type=1800 audit(1571385766.605:26): pid=8737 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 56.215328][ T26] audit: type=1800 audit(1571385766.605:27): pid=8737 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts.
syzkaller login: [ 1521.218191][ T8903] IPVS: ftp: loaded support on port[0] = 21
[ 1521.218197][ T8904] IPVS: ftp: loaded support on port[0] = 21
[ 1521.245471][ T8906] IPVS: ftp: loaded support on port[0] = 21
[ 1521.265834][ T8907] IPVS: ftp: loaded support on port[0] = 21
[ 1521.272996][ T8902] IPVS: ftp: loaded support on port[0] = 21
[ 1521.274780][ T8905] IPVS: ftp: loaded support on port[0] = 21
[ 1521.539228][ T8907] chnl_net:caif_netlink_parms(): no params data found
[ 1521.622821][ T8903] chnl_net:caif_netlink_parms(): no params data found
[ 1521.637238][ T8906] chnl_net:caif_netlink_parms(): no params data found
[ 1521.662106][ T8904] chnl_net:caif_netlink_parms(): no params data found
[ 1521.696032][ T8905] chnl_net:caif_netlink_parms(): no params data found
[ 1521.757004][ T8903] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1521.765677][ T8903] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1521.777299][ T8903] device bridge_slave_0 entered promiscuous mode
[ 1521.785722][ T8907] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1521.793066][ T8907] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1521.801709][ T8907] device bridge_slave_0 entered promiscuous mode
[ 1521.814795][ T8907] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1521.823765][ T8907] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1521.832640][ T8907] device bridge_slave_1 entered promiscuous mode
[ 1521.865938][ T8903] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1521.873398][ T8903] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1521.881714][ T8903] device bridge_slave_1 entered promiscuous mode
[ 1521.905542][ T8906] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1521.916383][ T8906] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1521.925550][ T8906] device bridge_slave_0 entered promiscuous mode
[ 1521.934395][ T8902] chnl_net:caif_netlink_parms(): no params data found
[ 1521.974052][ T8906] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1521.981764][ T8906] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1521.990613][ T8906] device bridge_slave_1 entered promiscuous mode
[ 1522.003752][ T8903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1522.015398][ T8907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1522.025138][ T8904] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1522.032873][ T8904] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1522.040798][ T8904] device bridge_slave_0 entered promiscuous mode
[ 1522.053393][ T8904] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1522.061137][ T8904] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1522.068906][ T8904] device bridge_slave_1 entered promiscuous mode
[ 1522.083279][ T8905] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1522.090623][ T8905] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1522.098772][ T8905] device bridge_slave_0 entered promiscuous mode
[ 1522.107954][ T8903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1522.130613][ T8907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1522.162214][ T8905] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1522.170175][ T8905] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1522.178537][ T8905] device bridge_slave_1 entered promiscuous mode
[ 1522.188574][ T8903] team0: Port device team_slave_0 added
[ 1522.197473][ T8903] team0: Port device team_slave_1 added
[ 1522.205267][ T8906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1522.230101][ T8904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1522.256904][ T8905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1522.268008][ T8906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1522.278413][ T8907] team0: Port device team_slave_0 added
[ 1522.290636][ T8902] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1522.297716][ T8902] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1522.305946][ T8902] device bridge_slave_0 entered promiscuous mode
[ 1522.315359][ T8904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1522.326083][ T8905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1522.341721][ T8907] team0: Port device team_slave_1 added
[ 1522.361350][ T8902] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1522.368819][ T8902] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1522.377317][ T8902] device bridge_slave_1 entered promiscuous mode
[ 1522.403410][ T8904] team0: Port device team_slave_0 added
[ 1522.461177][ T8903] device hsr_slave_0 entered promiscuous mode
[ 1522.509606][ T8903] device hsr_slave_1 entered promiscuous mode
[ 1522.571199][ T8906] team0: Port device team_slave_0 added
[ 1522.596919][ T8904] team0: Port device team_slave_1 added
[ 1522.613543][ T8906] team0: Port device team_slave_1 added
[ 1522.621077][ T8905] team0: Port device team_slave_0 added
[ 1522.628921][ T8902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1522.722406][ T8907] device hsr_slave_0 entered promiscuous mode
[ 1522.779563][ T8907] device hsr_slave_1 entered promiscuous mode
[ 1522.819488][ T8907] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1522.842156][ T8902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1522.858540][ T8905] team0: Port device team_slave_1 added
[ 1522.932184][ T8906] device hsr_slave_0 entered promiscuous mode
[ 1522.989561][ T8906] device hsr_slave_1 entered promiscuous mode
[ 1523.049229][ T8906] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1523.066040][ T8902] team0: Port device team_slave_0 added
[ 1523.112224][ T8904] device hsr_slave_0 entered promiscuous mode
[ 1523.149615][ T8904] device hsr_slave_1 entered promiscuous mode
[ 1523.192559][ T8904] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1523.223232][ T8902] team0: Port device team_slave_1 added
[ 1523.272153][ T8905] device hsr_slave_0 entered promiscuous mode
[ 1523.319483][ T8905] device hsr_slave_1 entered promiscuous mode
[ 1523.359175][ T8905] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1523.441449][ T8902] device hsr_slave_0 entered promiscuous mode
[ 1523.499556][ T8902] device hsr_slave_1 entered promiscuous mode
[ 1523.549318][ T8902] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1523.641470][ T8903] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1523.686438][ T8906] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1523.695544][ T8907] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1523.708346][ T8904] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1523.726681][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1523.735380][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1523.747092][ T8903] 8021q: adding VLAN 0 to HW filter on device team0
[ 1523.780451][ T8906] 8021q: adding VLAN 0 to HW filter on device team0
[ 1523.800984][ T8907] 8021q: adding VLAN 0 to HW filter on device team0
[ 1523.815672][ T8904] 8021q: adding VLAN 0 to HW filter on device team0
[ 1523.823524][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1523.833253][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1523.841648][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1523.849713][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1523.857949][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1523.866751][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1523.879914][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1523.888655][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1523.898014][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1523.905778][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1523.918291][ T8902] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1523.939648][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1523.947786][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1523.956959][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1523.965919][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1523.973234][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1523.982617][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1523.992371][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1524.001332][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1524.008410][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1524.016382][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1524.025621][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1524.034647][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1524.041964][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1524.049672][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1524.058444][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1524.067543][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1524.075203][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1524.093330][ T8902] 8021q: adding VLAN 0 to HW filter on device team0
[ 1524.107209][ T8905] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1524.118311][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1524.126695][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1524.135149][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1524.144156][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1524.154748][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1524.162059][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1524.171328][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1524.180700][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1524.189060][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1524.196886][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1524.205906][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1524.214661][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1524.221796][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1524.230379][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1524.239303][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1524.266240][ T8903] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1524.277849][ T8903] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1524.306207][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1524.314719][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1524.325122][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1524.333923][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1524.343435][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1524.352649][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1524.361404][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1524.370054][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1524.378656][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1524.387535][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1524.396037][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1524.405136][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1524.413654][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1524.420785][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1524.428530][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1524.437513][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1524.445616][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1524.480571][ T8905] 8021q: adding VLAN 0 to HW filter on device team0
[ 1524.488103][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1524.500140][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1524.508914][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1524.518152][ T8920] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1524.525595][ T8920] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1524.533972][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1524.543268][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1524.551886][ T8920] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1524.559279][ T8920] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1524.567397][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1524.576539][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1524.585219][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1524.594219][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1524.603498][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1524.612494][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1524.621393][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1524.630178][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1524.639344][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1524.648113][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1524.656790][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1524.664817][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1524.673812][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1524.682416][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1524.703346][ T8906] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1524.730149][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1524.740553][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1524.749749][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1524.758381][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1524.767385][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1524.776691][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1524.785608][ T8920] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1524.792740][ T8920] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1524.800700][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1524.809751][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1524.818648][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1524.827549][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1524.836049][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1524.844752][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1524.854575][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1524.862842][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1524.871148][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1524.879725][ T8920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1524.893456][ T8903] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1524.918062][ T8906] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1524.928820][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1524.951532][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1524.960920][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1524.970427][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1524.978921][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1524.988779][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1524.998137][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1525.008530][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1525.031503][ T8904] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1525.076119][ T8907] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1525.087876][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1525.097789][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1525.107731][ T8908] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1525.114885][ T8908] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1525.123659][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1525.132726][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1525.141865][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1525.151287][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1525.160611][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1525.170108][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1525.179412][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1525.188219][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1525.197510][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1525.206381][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1525.248651][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1525.267390][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1525.277494][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1525.286846][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1525.295881][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1525.304898][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1525.318300][ T8902] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1525.332672][ T8902] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1525.343281][ T8904] 8021q: adding VLAN 0 to HW filter on device batadv0
executing program
executing program
executing program
[ 1525.387058][ T8905] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1525.423439][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1525.446705][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1525.463521][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1525.476786][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1525.521243][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1525.596767][ T8902] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1525.638861][ T8905] 8021q: adding VLAN 0 to HW filter on device batadv0
executing program
executing program
executing program
[ 1527.600800][ T8909] Bluetooth: hci2: command 0x1003 tx timeout
[ 1527.609627][ T8909] Bluetooth: hci1: command 0x1003 tx timeout
[ 1527.611384][ T8963] Bluetooth: hci2: sending frame failed (-49)
[ 1527.616930][ T8909] Bluetooth: hci0: command 0x1003 tx timeout
[ 1527.625230][ T8963] Bluetooth: hci1: sending frame failed (-49)
[ 1527.641779][ T8963] Bluetooth: hci0: sending frame failed (-49)
[ 1527.759623][ T8921] Bluetooth: hci3: command 0x1003 tx timeout
[ 1527.767895][ T8963] Bluetooth: hci3: sending frame failed (-49)
[ 1527.999346][ T8909] Bluetooth: hci5: command 0x1003 tx timeout
[ 1528.010778][ T8909] Bluetooth: hci4: command 0x1003 tx timeout
[ 1528.010846][ T8963] Bluetooth: hci5: sending frame failed (-49)
[ 1528.017447][ T8965] Bluetooth: hci4: sending frame failed (-49)
[ 1529.679559][ T8921] Bluetooth: hci0: command 0x1001 tx timeout
[ 1529.687940][ T8921] Bluetooth: hci1: command 0x1001 tx timeout
[ 1529.687976][ T8965] Bluetooth: hci0: sending frame failed (-49)
[ 1529.700652][ T8963] Bluetooth: hci1: sending frame failed (-49)
[ 1529.710117][ T8921] Bluetooth: hci2: command 0x1001 tx timeout
[ 1529.716843][ T8963] Bluetooth: hci2: sending frame failed (-49)
[ 1529.839114][ T8909] Bluetooth: hci3: command 0x1001 tx timeout
[ 1529.849064][ T8963] Bluetooth: hci3: sending frame failed (-49)
[ 1530.079829][ T8921] Bluetooth: hci5: command 0x1001 tx timeout
[ 1530.079935][ T8909] Bluetooth: hci4: command 0x1001 tx timeout
[ 1530.094576][ T8963] Bluetooth: hci5: sending frame failed (-49)
[ 1530.096622][ T8965] Bluetooth: hci4: sending frame failed (-49)
[ 1531.759145][ T8909] Bluetooth: hci2: command 0x1009 tx timeout
[ 1531.759169][ T8921] Bluetooth: hci1: command 0x1009 tx timeout
[ 1531.769801][ T8909] Bluetooth: hci0: command 0x1009 tx timeout
[ 1531.919154][ T8921] Bluetooth: hci3: command 0x1009 tx timeout
[ 1532.159151][ T8909] Bluetooth: hci4: command 0x1009 tx timeout
[ 1532.159157][ T8921] Bluetooth: hci5: command 0x1009 tx timeout
executing program
executing program
executing program
executing program
executing program
executing program
[ 1536.429890][ T21] Bluetooth: Error in BCSP hdr checksum
[ 1536.439718][ T8916] Bluetooth: Error in BCSP hdr checksum
[ 1536.439722][ T8919] Bluetooth: Error in BCSP hdr checksum
[ 1538.239118][ T3009] Bluetooth: hci5: command 0x1003 tx timeout
[ 1538.239165][ T8966] Bluetooth: hci4: command 0x1003 tx timeout
[ 1538.245363][ T3009] Bluetooth: hci3: command 0x1003 tx timeout
[ 1538.251429][ T8965] Bluetooth: hci5: sending frame failed (-49)
[ 1538.264066][ T8965] Bluetooth: hci4: sending frame failed (-49)
[ 1538.264350][ T8963] Bluetooth: hci3: sending frame failed (-49)
[ 1538.270457][ T8966] Bluetooth: hci2: command 0x1003 tx timeout
[ 1538.276862][ T3009] Bluetooth: hci1: command 0x1003 tx timeout
[ 1538.288829][ T8963] Bluetooth: hci2: sending frame failed (-49)
[ 1538.295200][ T3009] Bluetooth: hci0: command 0x1003 tx timeout
[ 1538.295263][ T8963] Bluetooth: hci1: sending frame failed (-49)
[ 1538.301852][ T8965] Bluetooth: hci0: sending frame failed (-49)
[ 1540.319076][ T3009] Bluetooth: hci0: command 0x1001 tx timeout
[ 1540.319273][ T8966] Bluetooth: hci1: command 0x1001 tx timeout
[ 1540.326539][ T8965] Bluetooth: hci0: sending frame failed (-49)
[ 1540.331692][ T8963] Bluetooth: hci1: sending frame failed (-49)
[ 1540.337532][ T3009] Bluetooth: hci2: command 0x1001 tx timeout
[ 1540.343957][ T8966] Bluetooth: hci4: command 0x1001 tx timeout
[ 1540.356124][ T8963] Bluetooth: hci4: sending frame failed (-49)
[ 1540.356896][ T8965] Bluetooth: hci2: sending frame failed (-49)
[ 1540.362649][ T8966] Bluetooth: hci5: command 0x1001 tx timeout
[ 1540.368489][ T3009] Bluetooth: hci3: command 0x1001 tx timeout
[ 1540.380597][ T8965] Bluetooth: hci5: sending frame failed (-49)
[ 1540.386962][ T8965] Bluetooth: hci3: sending frame failed (-49)
[ 1542.399156][ T3009] Bluetooth: hci3: command 0x1009 tx timeout
[ 1542.399265][ T8966] Bluetooth: hci4: command 0x1009 tx timeout
[ 1542.405245][ T3009] Bluetooth: hci5: command 0x1009 tx timeout
[ 1542.417455][ T3009] Bluetooth: hci2: command 0x1009 tx timeout
[ 1542.418781][ T8966] Bluetooth: hci1: command 0x1009 tx timeout
[ 1542.423557][ T3009] Bluetooth: hci0: command 0x1009 tx timeout
[ 1546.325161][ T8969] ==================================================================
[ 1546.333464][ T8969] BUG: KASAN: use-after-free in kfree_skb+0x38/0x3c0
[ 1546.333482][ T8969] Read of size 4 at addr ffff8880a7ff9b94 by task syz-executor302/8969
[ 1546.333485][ T8969]
[ 1546.333504][ T8969] CPU: 1 PID: 8969 Comm: syz-executor302 Not tainted 5.4.0-rc3+ #0
[ 1546.358650][ T8969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1546.368708][ T8969] Call Trace:
executing program
executing program
[ 1546.372120][ T8969] dump_stack+0x172/0x1f0
[ 1546.376463][ T8969] ? kfree_skb+0x38/0x3c0
[ 1546.380812][ T8969] print_address_description.constprop.0.cold+0xd4/0x30b
[ 1546.387861][ T8969] ? kfree_skb+0x38/0x3c0
[ 1546.392231][ T8969] ? kfree_skb+0x38/0x3c0
[ 1546.396583][ T8969] __kasan_report.cold+0x1b/0x41
[ 1546.396605][ T8969] ? kfree_skb+0x38/0x3c0
[ 1546.405835][ T8969] kasan_report+0x12/0x20
[ 1546.405851][ T8969] check_memory_region+0x134/0x1a0
[ 1546.405871][ T8969] __kasan_check_read+0x11/0x20
[ 1546.405883][ T8969] kfree_skb+0x38/0x3c0
[ 1546.405956][ T8969] bcsp_close+0xc7/0x130
[ 1546.415409][ T8969] hci_uart_tty_close+0x21e/0x280
[ 1546.415421][ T8969] ? hci_uart_close+0x50/0x50
[ 1546.415438][ T8969] tty_ldisc_close.isra.0+0x119/0x1a0
[ 1546.415455][ T8969] tty_ldisc_kill+0x9c/0x160
[ 1546.424425][ T8969] tty_ldisc_release+0xe9/0x2b0
[ 1546.424446][ T8969] tty_release_struct+0x1b/0x50
[ 1546.433669][ T8969] tty_release+0xbcb/0xe90
[ 1546.433692][ T8969] __fput+0x2ff/0x890
[ 1546.433709][ T8969] ? put_tty_driver+0x20/0x20
[ 1546.433725][ T8969] ____fput+0x16/0x20
[ 1546.443721][ T8969] task_work_run+0x145/0x1c0
[ 1546.443743][ T8969] exit_to_usermode_loop+0x316/0x380
[ 1546.443761][ T8969] do_syscall_64+0x65f/0x760
[ 1546.443812][ T8969] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1546.443827][ T8969] RIP: 0033:0x408251
[ 1546.453238][ T8969] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[ 1546.453246][ T8969] RSP: 002b:00007ffc227fa3c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1546.453259][ T8969] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000408251
[ 1546.453266][ T8969] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1546.453274][ T8969] RBP: 00000000006e5a0c R08: 00000000004b21dd R09: 00000000004b21dd
[ 1546.453286][ T8969] R10: 00007ffc227fa3f0 R11: 0000000000000293 R12: 00000000006e5a00
[ 1546.462502][ T8969] R13: 0000000000000000 R14: 000000000000002d R15: 20c49ba5e353f7cf
[ 1546.462522][ T8969]
[ 1546.462530][ T8969] Allocated by task 8919:
[ 1546.462546][ T8969] save_stack+0x23/0x90
[ 1546.462558][ T8969] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1546.462573][ T8969] kasan_slab_alloc+0xf/0x20
[ 1546.471362][ T8969] kmem_cache_alloc_node+0x138/0x740
[ 1546.471374][ T8969] __alloc_skb+0xd5/0x5e0
[ 1546.471390][ T8969] bcsp_recv+0x8c1/0x13a0
[ 1546.479952][ T8969] hci_uart_tty_receive+0x279/0x6e0
[ 1546.479965][ T8969] tty_ldisc_receive_buf+0x15f/0x1c0
[ 1546.479981][ T8969] tty_port_default_receive_buf+0x7d/0xb0
[ 1546.489813][ T8969] flush_to_ldisc+0x222/0x390
[ 1546.489829][ T8969] process_one_work+0x9af/0x1740
[ 1546.489840][ T8969] worker_thread+0x98/0xe40
[ 1546.489851][ T8969] kthread+0x361/0x430
[ 1546.489863][ T8969] ret_from_fork+0x24/0x30
[ 1546.489871][ T8969]
[ 1546.519218][ T8969] Freed by task 8919:
[ 1546.519235][ T8969] save_stack+0x23/0x90
[ 1546.519246][ T8969] __kasan_slab_free+0x102/0x150
[ 1546.519256][ T8969] kasan_slab_free+0xe/0x10
[ 1546.519266][ T8969] kmem_cache_free+0x86/0x320
[ 1546.519278][ T8969] kfree_skbmem+0xc5/0x150
[ 1546.519290][ T8969] kfree_skb+0x109/0x3c0
[ 1546.519305][ T8969] bcsp_recv+0x2d8/0x13a0
[ 1546.519314][ T8969] hci_uart_tty_receive+0x279/0x6e0
[ 1546.519325][ T8969] tty_ldisc_receive_buf+0x15f/0x1c0
[ 1546.535754][ T8969] tty_port_default_receive_buf+0x7d/0xb0
[ 1546.535766][ T8969] flush_to_ldisc+0x222/0x390
[ 1546.535780][ T8969] process_one_work+0x9af/0x1740
[ 1546.535796][ T8969] worker_thread+0x98/0xe40
[ 1546.567643][ T8969] kthread+0x361/0x430
[ 1546.567656][ T8969] ret_from_fork+0x24/0x30
[ 1546.567666][ T8969]
[ 1546.578429][ T8969] The buggy address belongs to the object at ffff8880a7ff9ac0
[ 1546.578429][ T8969] which belongs to the cache skbuff_head_cache of size 224
[ 1546.578440][ T8969] The buggy address is located 212 bytes inside of
[ 1546.578440][ T8969] 224-byte region [ffff8880a7ff9ac0, ffff8880a7ff9ba0)
[ 1546.578445][ T8969] The buggy address belongs to the page:
[ 1546.578460][ T8969] page:ffffea00029ffe40 refcount:1 mapcount:0 mapping:ffff8880a9955a80 index:0x0
[ 1546.598236][ T8969] flags: 0x1fffc0000000200(slab)
[ 1546.598254][ T8969] raw: 01fffc0000000200 ffffea0002a2e348 ffffea000266fe48 ffff8880a9955a80
[ 1546.598273][ T8969] raw: 0000000000000000 ffff8880a7ff90c0 000000010000000c 0000000000000000
[ 1546.787149][ T8969] page dumped because: kasan: bad access detected
[ 1546.793542][ T8969]
[ 1546.795851][ T8969] Memory state around the buggy address:
[ 1546.801474][ T8969] ffff8880a7ff9a80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 1546.809513][ T8969] ffff8880a7ff9b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1546.817557][ T8969] >ffff8880a7ff9b80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 1546.825599][ T8969] ^
[ 1546.830171][ T8969] ffff8880a7ff9c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1546.838213][ T8969] ffff8880a7ff9c80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1546.846249][ T8969] ==================================================================
[ 1546.854284][ T8969] Disabling lock debugging due to kernel taint
[ 1546.860414][ T8967] ==================================================================
[ 1546.868483][ T8967] BUG: KASAN: double-free or invalid-free in skb_free_head+0x93/0xb0
[ 1546.876525][ T8967]
[ 1546.876540][ T8967] CPU: 0 PID: 8967 Comm: syz-executor302 Tainted: G B 5.4.0-rc3+ #0
[ 1546.876545][ T8967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1546.876549][ T8967] Call Trace:
[ 1546.876565][ T8967] dump_stack+0x172/0x1f0
[ 1546.876581][ T8967] print_address_description.constprop.0.cold+0xd4/0x30b
[ 1546.876601][ T8967] ? skb_free_head+0x93/0xb0
[ 1546.897092][ T8969] Kernel panic - not syncing: panic_on_warn set ...
[ 1546.898226][ T8967] kasan_report_invalid_free+0x65/0xa0
[ 1546.929358][ T8967] ? skb_free_head+0x93/0xb0
[ 1546.934048][ T8967] __kasan_slab_free+0x13a/0x150
[ 1546.938973][ T8967] ? skb_free_head+0x93/0xb0
[ 1546.943548][ T8967] kasan_slab_free+0xe/0x10
[ 1546.948040][ T8967] kfree+0x10a/0x2c0
[ 1546.951919][ T8967] skb_free_head+0x93/0xb0
[ 1546.956319][ T8967] skb_release_data+0x42d/0x7c0
[ 1546.961156][ T8967] ? bcsp_close+0xc7/0x130
[ 1546.965555][ T8967] skb_release_all+0x4d/0x60
[ 1546.970133][ T8967] kfree_skb+0x101/0x3c0
[ 1546.974363][ T8967] bcsp_close+0xc7/0x130
[ 1546.978589][ T8967] hci_uart_tty_close+0x21e/0x280
[ 1546.983599][ T8967] ? hci_uart_close+0x50/0x50
[ 1546.988265][ T8967] tty_ldisc_close.isra.0+0x119/0x1a0
[ 1546.993626][ T8967] tty_ldisc_kill+0x9c/0x160
[ 1546.998205][ T8967] tty_ldisc_release+0xe9/0x2b0
[ 1547.003048][ T8967] tty_release_struct+0x1b/0x50
[ 1547.007888][ T8967] tty_release+0xbcb/0xe90
[ 1547.012297][ T8967] __fput+0x2ff/0x890
[ 1547.016265][ T8967] ? put_tty_driver+0x20/0x20
[ 1547.020926][ T8967] ____fput+0x16/0x20
[ 1547.024979][ T8967] task_work_run+0x145/0x1c0
[ 1547.029647][ T8967] exit_to_usermode_loop+0x316/0x380
[ 1547.035027][ T8967] do_syscall_64+0x65f/0x760
[ 1547.039634][ T8967] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1547.045514][ T8967] RIP: 0033:0x408251
[ 1547.049402][ T8967] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[ 1547.069011][ T8967] RSP: 002b:00007ffc227fa3c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1547.077421][ T8967] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000408251
[ 1547.085384][ T8967] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1547.093360][ T8967] RBP: 00000000006e5a0c R08: 00000000004b21dd R09: 00000000004b21dd
[ 1547.101323][ T8967] R10: 00007ffc227fa3f0 R11: 0000000000000293 R12: 00000000006e5a00
[ 1547.109284][ T8967] R13: 0000000000000000 R14: 000000000000002d R15: 20c49ba5e353f7cf
[ 1547.117245][ T8967]
[ 1547.117263][ T8969] CPU: 1 PID: 8969 Comm: syz-executor302 Tainted: G B 5.4.0-rc3+ #0
[ 1547.119558][ T8967] Allocated by task 8916:
[ 1547.128831][ T8969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1547.133199][ T8967] save_stack+0x23/0x90
[ 1547.143234][ T8969] Call Trace:
[ 1547.147386][ T8967] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1547.150648][ T8969] dump_stack+0x172/0x1f0
[ 1547.156367][ T8967] kasan_kmalloc+0x9/0x10
[ 1547.160670][ T8969] panic+0x2e3/0x75c
[ 1547.164982][ T8967] __kmalloc_node_track_caller+0x4e/0x70
[ 1547.169388][ T8969] ? add_taint.cold+0x16/0x16
[ 1547.176308][ T8967] __kmalloc_reserve.isra.0+0x40/0xf0
[ 1547.181062][ T8969] ? kfree_skb+0x38/0x3c0
[ 1547.187790][ T8967] __alloc_skb+0x10b/0x5e0
[ 1547.192093][ T8969] ? preempt_schedule+0x4b/0x60
[ 1547.196569][ T8967] bcsp_recv+0x8c1/0x13a0
[ 1547.201398][ T8969] ? ___preempt_schedule+0x16/0x20
[ 1547.205981][ T8967] hci_uart_tty_receive+0x279/0x6e0
[ 1547.211503][ T8969] ? trace_hardirqs_on+0x5e/0x240
[ 1547.217051][ T8967] tty_ldisc_receive_buf+0x15f/0x1c0
[ 1547.222047][ T8969] ? kfree_skb+0x38/0x3c0
[ 1547.227304][ T8967] tty_port_default_receive_buf+0x7d/0xb0
[ 1547.231705][ T8969] end_report+0x47/0x4f
[ 1547.237853][ T8967] flush_to_ldisc+0x222/0x390
[ 1547.242095][ T8969] ? kfree_skb+0x38/0x3c0
[ 1547.249957][ T8967] process_one_work+0x9af/0x1740
[ 1547.254263][ T8969] __kasan_report.cold+0xe/0x41
[ 1547.259459][ T8967] worker_thread+0x98/0xe40
[ 1547.264299][ T8969] ? kfree_skb+0x38/0x3c0
[ 1547.268812][ T8967] kthread+0x361/0x430
[ 1547.273123][ T8969] kasan_report+0x12/0x20
[ 1547.277169][ T8967] ret_from_fork+0x24/0x30
[ 1547.281824][ T8969] check_memory_region+0x134/0x1a0
[ 1547.286285][ T8967]
[ 1547.291371][ T8969] __kasan_check_read+0x11/0x20
[ 1547.291383][ T8969] kfree_skb+0x38/0x3c0
[ 1547.291401][ T8969] bcsp_close+0xc7/0x130
[ 1547.293884][ T8967] Freed by task 8916:
[ 1547.298711][ T8969] hci_uart_tty_close+0x21e/0x280
[ 1547.302855][ T8967] save_stack+0x23/0x90
[ 1547.302869][ T8967] __kasan_slab_free+0x102/0x150
[ 1547.307196][ T8969] ? hci_uart_close+0x50/0x50
[ 1547.311142][ T8967] kasan_slab_free+0xe/0x10
[ 1547.311154][ T8967] kfree+0x10a/0x2c0
[ 1547.316157][ T8969] tty_ldisc_close.isra.0+0x119/0x1a0
[ 1547.320484][ T8967] skb_free_head+0x93/0xb0
[ 1547.325413][ T8969] tty_ldisc_kill+0x9c/0x160
[ 1547.330238][ T8967] skb_release_data+0x42d/0x7c0
[ 1547.334726][ T8969] tty_ldisc_release+0xe9/0x2b0
[ 1547.338593][ T8967] skb_release_all+0x4d/0x60
[ 1547.343953][ T8969] tty_release_struct+0x1b/0x50
[ 1547.348774][ T8967] kfree_skb+0x101/0x3c0
[ 1547.354480][ T8969] tty_release+0xbcb/0xe90
[ 1547.360016][ T8967] bcsp_recv+0x2d8/0x13a0
[ 1547.364852][ T8969] __fput+0x2ff/0x890
[ 1547.369430][ T8967] hci_uart_tty_receive+0x279/0x6e0
[ 1547.374326][ T8969] ? put_tty_driver+0x20/0x20
[ 1547.378629][ T8967] tty_ldisc_receive_buf+0x15f/0x1c0
[ 1547.383199][ T8969] ____fput+0x16/0x20
[ 1547.387680][ T8967] tty_port_default_receive_buf+0x7d/0xb0
[ 1547.391634][ T8969] task_work_run+0x145/0x1c0
[ 1547.396806][ T8967] flush_to_ldisc+0x222/0x390
[ 1547.401458][ T8969] exit_to_usermode_loop+0x316/0x380
[ 1547.407064][ T8967] process_one_work+0x9af/0x1740
[ 1547.411018][ T8969] do_syscall_64+0x65f/0x760
[ 1547.416717][ T8967] worker_thread+0x98/0xe40
[ 1547.421284][ T8969] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1547.425929][ T8967] kthread+0x361/0x430
[ 1547.431184][ T8969] RIP: 0033:0x408251
[ 1547.436269][ T8967] ret_from_fork+0x24/0x30
[ 1547.440852][ T8969] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[ 1547.445343][ T8967]
[ 1547.451220][ T8969] RSP: 002b:00007ffc227fa3c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1547.455983][ T8967] The buggy address belongs to the object at ffff8880992c4000
[ 1547.455983][ T8967] which belongs to the cache kmalloc-8k of size 8192
[ 1547.459955][ T8969] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000408251
[ 1547.464350][ T8967] The buggy address is located 0 bytes inside of
[ 1547.464350][ T8967] 8192-byte region [ffff8880992c4000, ffff8880992c6000)
[ 1547.484104][ T8969] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1547.486494][ T8967] The buggy address belongs to the page:
[ 1547.494880][ T8969] RBP: 00000000006e5a0c R08: 00000000004b21dd R09: 00000000004b21dd
[ 1547.509007][ T8967] page:ffffea000264b100 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0
[ 1547.516955][ T8969] R10: 00007ffc227fa3f0 R11: 0000000000000293 R12: 00000000006e5a00
[ 1547.530114][ T8967] flags: 0x1fffc0000010200(slab|head)
[ 1547.538064][ T8969] R13: 0000000000000000 R14: 000000000000002d R15: 20c49ba5e353f7cf
[ 1547.543675][ T8967] raw: 01fffc0000010200 ffffea00024dfa08 ffffea00024e2b08 ffff8880aa4021c0
[ 1547.592355][ T8967] raw: 0000000000000000 ffff8880992c4000 0000000100000001 0000000000000000
[ 1547.600920][ T8967] page dumped because: kasan: bad access detected
[ 1547.607311][ T8967]
[ 1547.609625][ T8967] Memory state around the buggy address:
[ 1547.615263][ T8967] ffff8880992c3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1547.623315][ T8967] ffff8880992c3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1547.631361][ T8967] >ffff8880992c4000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1547.639424][ T8967] ^
[ 1547.643476][ T8967] ffff8880992c4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1547.651541][ T8967] ffff8880992c4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1547.659592][ T8967] ==================================================================
[ 1548.681380][ T8969] Shutting down cpus with NMI
[ 1548.687761][ T8969] Kernel Offset: disabled
[ 1548.692149][ T8969] Rebooting in 86400 seconds..