[   69.975302][   T27] audit: type=1800 audit(1564719823.586:27): pid=10190 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   70.002224][   T27] audit: type=1800 audit(1564719823.586:28): pid=10190 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   70.700137][   T27] audit: type=1800 audit(1564719824.376:29): pid=10190 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   70.723295][   T27] audit: type=1800 audit(1564719824.386:30): pid=10190 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts.
2019/08/02 04:47:43 parsed 1 programs
2019/08/02 04:47:46 executed programs: 0
syzkaller login: [ 1512.518321][T10364] IPVS: ftp: loaded support on port[0] = 21
[ 1512.537937][T10366] IPVS: ftp: loaded support on port[0] = 21
[ 1512.628723][T10369] IPVS: ftp: loaded support on port[0] = 21
[ 1512.669640][T10371] IPVS: ftp: loaded support on port[0] = 21
[ 1512.671831][T10374] IPVS: ftp: loaded support on port[0] = 21
[ 1512.736691][T10373] IPVS: ftp: loaded support on port[0] = 21
[ 1512.787868][T10364] chnl_net:caif_netlink_parms(): no params data found
[ 1512.821206][T10366] chnl_net:caif_netlink_parms(): no params data found
[ 1512.887840][T10364] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1512.895099][T10364] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1512.902687][T10364] device bridge_slave_0 entered promiscuous mode
[ 1512.925931][T10364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1512.933756][T10364] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1512.941375][T10364] device bridge_slave_1 entered promiscuous mode
[ 1512.955050][T10366] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1512.962106][T10366] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1512.970021][T10366] device bridge_slave_0 entered promiscuous mode
[ 1512.977673][T10366] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1512.984796][T10366] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1512.992657][T10366] device bridge_slave_1 entered promiscuous mode
[ 1513.048852][T10366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1513.067594][T10364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1513.078642][T10371] chnl_net:caif_netlink_parms(): no params data found
[ 1513.096598][T10366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1513.109436][T10364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1513.134175][T10364] team0: Port device team_slave_0 added
[ 1513.142505][T10364] team0: Port device team_slave_1 added
[ 1513.224815][T10364] device hsr_slave_0 entered promiscuous mode
[ 1513.273468][T10364] device hsr_slave_1 entered promiscuous mode
[ 1513.314644][T10366] team0: Port device team_slave_0 added
[ 1513.323582][T10366] team0: Port device team_slave_1 added
[ 1513.366679][T10371] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1513.374630][T10371] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1513.382162][T10371] device bridge_slave_0 entered promiscuous mode
[ 1513.391377][T10371] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1513.398555][T10371] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1513.406416][T10371] device bridge_slave_1 entered promiscuous mode
[ 1513.420696][T10374] chnl_net:caif_netlink_parms(): no params data found
[ 1513.495315][T10366] device hsr_slave_0 entered promiscuous mode
[ 1513.533413][T10366] device hsr_slave_1 entered promiscuous mode
[ 1513.573221][T10366] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1513.626760][T10371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1513.639689][T10371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1513.682492][T10369] chnl_net:caif_netlink_parms(): no params data found
[ 1513.692446][T10371] team0: Port device team_slave_0 added
[ 1513.718972][T10374] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1513.726413][T10374] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1513.734234][T10374] device bridge_slave_0 entered promiscuous mode
[ 1513.746299][T10371] team0: Port device team_slave_1 added
[ 1513.752208][T10374] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1513.760184][T10374] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1513.768976][T10374] device bridge_slave_1 entered promiscuous mode
[ 1513.779622][T10364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1513.787214][T10364] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1513.794656][T10364] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1513.801752][T10364] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1513.827909][T10373] chnl_net:caif_netlink_parms(): no params data found
[ 1513.852191][T10377] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1513.860441][T10377] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1513.872409][T10374] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1513.945814][T10371] device hsr_slave_0 entered promiscuous mode
[ 1513.993450][T10371] device hsr_slave_1 entered promiscuous mode
[ 1514.053113][T10371] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1514.073220][T10374] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1514.117971][T10374] team0: Port device team_slave_0 added
[ 1514.130538][T10374] team0: Port device team_slave_1 added
[ 1514.137838][T10369] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1514.145366][T10369] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1514.155373][T10369] device bridge_slave_0 entered promiscuous mode
[ 1514.163752][T10369] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1514.170872][T10369] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1514.179639][T10369] device bridge_slave_1 entered promiscuous mode
[ 1514.188665][T10373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1514.195851][T10373] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1514.204233][T10373] device bridge_slave_0 entered promiscuous mode
[ 1514.211947][T10373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1514.219342][T10373] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1514.227195][T10373] device bridge_slave_1 entered promiscuous mode
[ 1514.259501][T10369] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1514.283275][T10373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1514.294395][T10369] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1514.375886][T10374] device hsr_slave_0 entered promiscuous mode
[ 1514.433530][T10374] device hsr_slave_1 entered promiscuous mode
[ 1514.474594][T10374] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1514.485139][T10373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1514.529885][T10373] team0: Port device team_slave_0 added
[ 1514.537638][T10369] team0: Port device team_slave_0 added
[ 1514.545036][T10369] team0: Port device team_slave_1 added
[ 1514.565460][T10373] team0: Port device team_slave_1 added
[ 1514.604558][T10366] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1514.645667][T10373] device hsr_slave_0 entered promiscuous mode
[ 1514.693419][T10373] device hsr_slave_1 entered promiscuous mode
[ 1514.763077][T10373] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1514.826415][T10369] device hsr_slave_0 entered promiscuous mode
[ 1514.884823][T10369] device hsr_slave_1 entered promiscuous mode
[ 1514.943171][T10369] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1514.966537][T10364] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1514.984869][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1514.994605][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1515.015717][T10374] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1515.024979][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1515.032756][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1515.042163][T10366] 8021q: adding VLAN 0 to HW filter on device team0
[ 1515.050651][T10364] 8021q: adding VLAN 0 to HW filter on device team0
[ 1515.079628][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1515.089336][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1515.098253][ T2899] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1515.105422][ T2899] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1515.117457][T10371] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1515.129781][T10387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1515.138775][T10387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1515.147656][T10387] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1515.154787][T10387] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1515.162439][T10387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1515.171083][T10387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1515.179547][T10387] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1515.186666][T10387] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1515.199707][T10374] 8021q: adding VLAN 0 to HW filter on device team0
[ 1515.214945][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1515.223360][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1515.232040][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1515.241880][T10377] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1515.249054][T10377] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1515.257183][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1515.265683][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1515.273828][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1515.282372][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1515.305328][T10371] 8021q: adding VLAN 0 to HW filter on device team0
[ 1515.325192][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1515.335401][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1515.343433][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1515.351104][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1515.360231][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1515.369029][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1515.377699][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1515.386380][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1515.394881][T10375] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1515.403743][T10375] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1515.411356][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1515.420023][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1515.428467][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1515.437190][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1515.446663][T10375] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1515.453776][T10375] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1515.461321][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1515.471814][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1515.480167][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1515.488249][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1515.509902][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1515.519405][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1515.529288][T10377] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1515.536436][T10377] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1515.544306][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1515.552884][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1515.561385][T10377] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1515.568482][T10377] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1515.576277][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1515.585626][T10377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1515.618111][T10366] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1515.630257][T10366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1515.638586][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1515.649808][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1515.658593][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1515.667599][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1515.676421][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1515.685381][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1515.694112][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1515.702422][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1515.711088][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1515.719680][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1515.729337][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1515.737903][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1515.746586][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1515.755222][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1515.763677][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1515.771893][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1515.780603][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1515.788889][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1515.797420][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1515.812825][T10374] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1515.824204][T10374] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1515.852165][T10369] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1515.868454][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1515.876704][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1515.884718][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1515.892481][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1515.901557][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1515.910250][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1515.918830][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1515.927340][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1515.935719][T10364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1515.950850][T10371] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1515.961742][T10371] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1515.986572][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1515.995226][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1516.003987][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1516.012317][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1516.021003][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1516.029473][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1516.038133][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1516.047278][T10374] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1516.070694][T10369] 8021q: adding VLAN 0 to HW filter on device team0
[ 1516.081056][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1516.097337][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1516.110268][T10373] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1516.124092][T10366] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1516.155591][T10373] 8021q: adding VLAN 0 to HW filter on device team0
[ 1516.172818][T10371] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1516.180814][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1516.190219][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1516.199433][ T2899] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1516.206803][ T2899] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1516.214627][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1516.224120][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1516.232476][ T2899] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1516.239631][ T2899] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1516.247476][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1516.256164][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1516.264775][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1516.272671][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1516.280981][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1516.295613][T10364] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1516.315060][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1516.335834][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1516.357174][ T2899] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1516.364339][ T2899] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1516.372809][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1516.386797][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1516.396537][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1516.404767][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1516.446112][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1516.472777][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1516.503709][T10375] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1516.510861][T10375] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1516.521865][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1516.531986][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1516.544060][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1516.559103][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1516.578181][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1516.598125][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1516.611905][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1516.628810][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1516.637495][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1516.646150][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1516.655252][T10375] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1516.666153][T10369] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1516.680244][T10369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1516.705239][T10405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1516.721988][T10405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1516.752332][T10405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1516.767555][T10405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1516.776836][T10405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1516.785291][T10405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1516.806001][T10373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1516.832264][T10369] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1516.852735][T10373] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1518.623987][T10405] Bluetooth: hci1: command 0x1003 tx timeout
[ 1518.630501][T10405] Bluetooth: hci0: command 0x1003 tx timeout
[ 1518.631262][T10460] Bluetooth: hci1: sending frame failed (-49)
[ 1518.642746][T10460] Bluetooth: hci0: sending frame failed (-49)
[ 1518.943862][T10405] Bluetooth: hci2: command 0x1003 tx timeout
[ 1518.950132][T10460] Bluetooth: hci2: sending frame failed (-49)
[ 1519.183591][T10405] Bluetooth: hci3: command 0x1003 tx timeout
[ 1519.189803][T10460] Bluetooth: hci3: sending frame failed (-49)
[ 1519.263085][ T2899] Bluetooth: hci5: command 0x1003 tx timeout
[ 1519.269276][T10460] Bluetooth: hci5: sending frame failed (-49)
[ 1519.276233][ T2899] Bluetooth: hci4: command 0x1003 tx timeout
[ 1519.282300][T10460] Bluetooth: hci4: sending frame failed (-49)
[ 1520.703464][ T2899] Bluetooth: hci0: command 0x1001 tx timeout
[ 1520.709551][ T2899] Bluetooth: hci1: command 0x1001 tx timeout
[ 1520.710488][T10460] Bluetooth: hci0: sending frame failed (-49)
[ 1520.716166][T10476] Bluetooth: hci1: sending frame failed (-49)
[ 1521.023756][ T2899] Bluetooth: hci2: command 0x1001 tx timeout
[ 1521.029916][T10476] Bluetooth: hci2: sending frame failed (-49)
[ 1521.263498][ T2899] Bluetooth: hci3: command 0x1001 tx timeout
[ 1521.270628][T10476] Bluetooth: hci3: sending frame failed (-49)
[ 1521.343099][ T2899] Bluetooth: hci5: command 0x1001 tx timeout
[ 1521.343394][T10405] Bluetooth: hci4: command 0x1001 tx timeout
[ 1521.351950][T10476] Bluetooth: hci5: sending frame failed (-49)
[ 1521.357946][T10460] Bluetooth: hci4: sending frame failed (-49)
[ 1522.783128][ T2899] Bluetooth: hci1: command 0x1009 tx timeout
[ 1522.783433][T10405] Bluetooth: hci0: command 0x1009 tx timeout
[ 1523.103150][T10405] Bluetooth: hci2: command 0x1009 tx timeout
[ 1523.343129][T10405] Bluetooth: hci3: command 0x1009 tx timeout
[ 1523.423144][ T2899] Bluetooth: hci5: command 0x1009 tx timeout
[ 1523.423245][T10405] Bluetooth: hci4: command 0x1009 tx timeout
2019/08/02 04:48:00 executed programs: 8
[ 1529.183052][   T17] Bluetooth: hci0: command 0x1003 tx timeout
[ 1529.183072][T10387] Bluetooth: hci1: command 0x1003 tx timeout
[ 1529.189326][T10460] Bluetooth: hci0: sending frame failed (-49)
[ 1529.198981][T10476] Bluetooth: hci1: sending frame failed (-49)
[ 1529.263060][T10387] Bluetooth: hci2: command 0x1003 tx timeout
[ 1529.269305][T10476] Bluetooth: hci2: sending frame failed (-49)
[ 1529.823018][   T17] Bluetooth: hci3: command 0x1003 tx timeout
[ 1529.829214][T10476] Bluetooth: hci3: sending frame failed (-49)
[ 1529.903009][   T17] Bluetooth: hci4: command 0x1003 tx timeout
[ 1529.909249][T10476] Bluetooth: hci4: sending frame failed (-49)
[ 1530.063028][   T17] Bluetooth: hci5: command 0x1003 tx timeout
[ 1530.069192][T10476] Bluetooth: hci5: sending frame failed (-49)
[ 1531.263054][   T17] Bluetooth: hci0: command 0x1001 tx timeout
[ 1531.263061][T10387] Bluetooth: hci1: command 0x1001 tx timeout
[ 1531.263138][T10476] Bluetooth: hci1: sending frame failed (-49)
[ 1531.269098][T10460] Bluetooth: hci0: sending frame failed (-49)
[ 1531.343070][T10387] Bluetooth: hci2: command 0x1001 tx timeout
[ 1531.349224][T10460] Bluetooth: hci2: sending frame failed (-49)
[ 1531.903023][T10387] Bluetooth: hci3: command 0x1001 tx timeout
[ 1531.909711][T10460] Bluetooth: hci3: sending frame failed (-49)
[ 1531.983054][T10387] Bluetooth: hci4: command 0x1001 tx timeout
[ 1531.989186][T10460] Bluetooth: hci4: sending frame failed (-49)
[ 1532.143192][T10387] Bluetooth: hci5: command 0x1001 tx timeout
[ 1532.149425][T10460] Bluetooth: hci5: sending frame failed (-49)
[ 1533.343045][   T17] Bluetooth: hci0: command 0x1009 tx timeout
[ 1533.343053][T10387] Bluetooth: hci1: command 0x1009 tx timeout
[ 1533.423156][   T17] Bluetooth: hci2: command 0x1009 tx timeout
[ 1533.983162][   T17] Bluetooth: hci3: command 0x1009 tx timeout
[ 1534.063166][   T17] Bluetooth: hci4: command 0x1009 tx timeout
[ 1534.223100][   T17] Bluetooth: hci5: command 0x1009 tx timeout
2019/08/02 04:48:10 executed programs: 15
[ 1539.433029][T10377] Bluetooth: hci0: command 0x1003 tx timeout
[ 1539.439482][ T1518] Bluetooth: hci0: sending frame failed (-49)
[ 1539.503071][T10375] Bluetooth: hci1: command 0x1003 tx timeout
[ 1539.509372][T10375] Bluetooth: hci2: command 0x1003 tx timeout
[ 1539.509415][ T1518] Bluetooth: hci1: sending frame failed (-49)
[ 1539.520093][T10476] Bluetooth: hci2: sending frame failed (-49)
[ 1540.623001][T10375] Bluetooth: hci3: command 0x1003 tx timeout
[ 1540.629134][T10476] Bluetooth: hci3: sending frame failed (-49)
[ 1540.783063][T10377] Bluetooth: hci5: command 0x1003 tx timeout
[ 1540.789186][T10476] Bluetooth: hci5: sending frame failed (-49)
[ 1540.795523][T10377] Bluetooth: hci4: command 0x1003 tx timeout
[ 1540.802066][T10476] Bluetooth: hci4: sending frame failed (-49)
[ 1541.513052][T10375] Bluetooth: hci0: command 0x1001 tx timeout
[ 1541.519243][T10476] Bluetooth: hci0: sending frame failed (-49)
[ 1541.583071][T10377] Bluetooth: hci1: command 0x1001 tx timeout
[ 1541.583079][T10375] Bluetooth: hci2: command 0x1001 tx timeout
[ 1541.583178][T10476] Bluetooth: hci2: sending frame failed (-49)
[ 1541.589214][ T1518] Bluetooth: hci1: sending frame failed (-49)
[ 1542.703123][T10377] Bluetooth: hci3: command 0x1001 tx timeout
[ 1542.709575][ T1518] Bluetooth: hci3: sending frame failed (-49)
[ 1542.863164][T10377] Bluetooth: hci5: command 0x1001 tx timeout
[ 1542.863182][T10375] Bluetooth: hci4: command 0x1001 tx timeout
[ 1542.863279][ T1518] Bluetooth: hci4: sending frame failed (-49)
[ 1542.869878][T10476] Bluetooth: hci5: sending frame failed (-49)
[ 1543.583125][T10377] Bluetooth: hci0: command 0x1009 tx timeout
[ 1543.663885][T10375] Bluetooth: hci2: command 0x1009 tx timeout
[ 1543.664872][T10377] Bluetooth: hci1: command 0x1009 tx timeout
[ 1544.783031][T10375] Bluetooth: hci3: command 0x1009 tx timeout
[ 1544.943853][T10377] Bluetooth: hci5: command 0x1009 tx timeout
[ 1544.944420][T10375] Bluetooth: hci4: command 0x1009 tx timeout
2019/08/02 04:48:21 executed programs: 26
[ 1549.663220][ T2899] Bluetooth: hci0: command 0x1003 tx timeout
[ 1549.670555][T10441] Bluetooth: hci0: sending frame failed (-49)
[ 1549.743185][ T2899] Bluetooth: hci1: command 0x1003 tx timeout
[ 1549.749338][T10441] Bluetooth: hci1: sending frame failed (-49)
[ 1551.743072][T10375] Bluetooth: hci0: command 0x1001 tx timeout
[ 1551.749173][T10441] Bluetooth: hci0: sending frame failed (-49)
[ 1551.823226][ T2899] Bluetooth: hci1: command 0x1001 tx timeout
[ 1551.829344][T10441] Bluetooth: hci1: sending frame failed (-49)
[ 1553.823159][ T2899] Bluetooth: hci0: command 0x1009 tx timeout
[ 1553.903086][T10375] Bluetooth: hci1: command 0x1009 tx timeout
2019/08/02 04:48:31 executed programs: 42
[ 1558.103169][T10380] Bluetooth: Error in BCSP hdr checksum
[ 1558.173184][T10380] Bluetooth: Error in BCSP hdr checksum
[ 1559.823031][   T17] Bluetooth: hci3: command 0x1003 tx timeout
[ 1559.829092][   T17] Bluetooth: hci2: command 0x1003 tx timeout
[ 1559.829143][T10476] Bluetooth: hci3: sending frame failed (-49)
[ 1559.838094][ T1518] Bluetooth: hci2: sending frame failed (-49)
[ 1559.847365][   T17] Bluetooth: hci1: command 0x1003 tx timeout
[ 1559.853476][ T1518] Bluetooth: hci1: sending frame failed (-49)
[ 1559.859732][   T17] Bluetooth: hci0: command 0x1003 tx timeout
[ 1559.865798][ T1518] Bluetooth: hci0: sending frame failed (-49)
[ 1559.903023][T10387] Bluetooth: hci4: command 0x1003 tx timeout
[ 1559.909187][ T1518] Bluetooth: hci4: sending frame failed (-49)
[ 1559.983028][T10387] Bluetooth: hci5: command 0x1003 tx timeout
[ 1559.989144][ T1518] Bluetooth: hci5: sending frame failed (-49)
[ 1561.903041][T10387] Bluetooth: hci3: command 0x1001 tx timeout
[ 1561.903049][   T17] Bluetooth: hci0: command 0x1001 tx timeout
[ 1561.903078][   T17] Bluetooth: hci1: command 0x1001 tx timeout
[ 1561.915983][ T1518] Bluetooth: hci0: sending frame failed (-49)
[ 1561.921374][   T17] Bluetooth: hci2: command 0x1001 tx timeout
[ 1561.927277][T10476] Bluetooth: hci3: sending frame failed (-49)
[ 1561.934226][ T1518] Bluetooth: hci1: sending frame failed (-49)
[ 1561.940072][T10476] Bluetooth: hci2: sending frame failed (-49)
[ 1561.983128][   T17] Bluetooth: hci4: command 0x1001 tx timeout
[ 1561.989318][T10712] Bluetooth: hci4: sending frame failed (-49)
[ 1562.063173][   T17] Bluetooth: hci5: command 0x1001 tx timeout
[ 1562.069254][T10712] Bluetooth: hci5: sending frame failed (-49)
[ 1563.983157][T10387] Bluetooth: hci2: command 0x1009 tx timeout
[ 1563.983165][   T17] Bluetooth: hci1: command 0x1009 tx timeout
[ 1563.983201][   T17] Bluetooth: hci0: command 0x1009 tx timeout
[ 1563.989252][T10387] Bluetooth: hci3: command 0x1009 tx timeout
[ 1564.063026][T10387] Bluetooth: hci4: command 0x1009 tx timeout
[ 1564.143091][T10387] Bluetooth: hci5: command 0x1009 tx timeout
[ 1567.983837][T10683] ==================================================================
[ 1567.991989][T10683] BUG: KASAN: use-after-free in kfree_skb+0x38/0x3c0
[ 1567.992004][T10683] Read of size 4 at addr ffff888090fc6854 by task syz-executor.2/10683
[ 1568.006889][T10683] 
[ 1568.006906][T10683] CPU: 1 PID: 10683 Comm: syz-executor.2 Not tainted 5.3.0-rc2+ #93
[ 1568.006912][T10683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1568.006916][T10683] Call Trace:
[ 1568.007011][T10683]  dump_stack+0x172/0x1f0
[ 1568.007034][T10683]  ? kfree_skb+0x38/0x3c0
[ 1568.017321][T10683]  print_address_description.cold+0xd4/0x306
[ 1568.017335][T10683]  ? kfree_skb+0x38/0x3c0
[ 1568.017345][T10683]  ? kfree_skb+0x38/0x3c0
[ 1568.017357][T10683]  __kasan_report.cold+0x1b/0x36
[ 1568.017377][T10683]  ? kfree_skb+0x38/0x3c0
[ 1568.030711][T10683]  kasan_report+0x12/0x17
[ 1568.039330][T10683]  check_memory_region+0x134/0x1a0
[ 1568.049605][T10683]  __kasan_check_read+0x11/0x20
[ 1568.058838][T10683]  kfree_skb+0x38/0x3c0
[ 1568.067555][T10683]  bcsp_close+0xc7/0x130
[ 1568.077800][T10683]  hci_uart_tty_close+0x21e/0x280
[ 1568.086478][T10683]  ? hci_uart_close+0x50/0x50
[ 1568.086497][T10683]  tty_ldisc_close.isra.0+0x119/0x190
[ 1568.086512][T10683]  tty_ldisc_kill+0x9c/0x160
[ 1568.086533][T10683]  tty_ldisc_release+0xe9/0x2b0
[ 1568.097044][T10683]  tty_release_struct+0x1b/0x50
[ 1568.097055][T10683]  tty_release+0xbcb/0xe90
[ 1568.097075][T10683]  __fput+0x2ff/0x890
[ 1568.097094][T10683]  ? put_tty_driver+0x20/0x20
[ 1568.107118][T10683]  ____fput+0x16/0x20
[ 1568.107132][T10683]  task_work_run+0x145/0x1c0
[ 1568.107148][T10683]  do_exit+0x92f/0x2e50
[ 1568.107170][T10683]  ? finish_task_switch+0x4f5/0x720
[ 1568.116839][T10683]  ? trace_hardirqs_off+0x1f1/0x240
[ 1568.116854][T10683]  ? mm_update_next_owner+0x640/0x640
[ 1568.116875][T10683]  ? __kasan_check_write+0x14/0x20
[ 1568.125246][T10683]  ? lock_downgrade+0x920/0x920
[ 1568.125259][T10683]  ? rwlock_bug.part.0+0x90/0x90
[ 1568.125280][T10683]  ? get_signal+0x20e/0x2500
[ 1568.133918][T10683]  do_group_exit+0x135/0x360
2019/08/02 04:48:41 executed programs: 44
[ 1568.133934][T10683]  get_signal+0x47c/0x2500
[ 1568.133954][T10683]  ? trace_hardirqs_on+0x67/0x240
[ 1568.142693][T10683]  ? __kasan_check_read+0x11/0x20
[ 1568.153086][T10683]  ? debug_object_free+0x1f9/0x390
[ 1568.153113][T10683]  do_signal+0x87/0x1700
[ 1568.163583][T10683]  ? nanosleep_copyout+0x110/0x110
[ 1568.163600][T10683]  ? setup_sigcontext+0x7d0/0x7d0
[ 1568.163620][T10683]  ? clock_was_set_work+0x30/0x30
[ 1568.173662][T10683]  ? trace_hardirqs_on+0x67/0x240
[ 1568.173682][T10683]  exit_to_usermode_loop+0x286/0x380
[ 1568.173702][T10683]  do_syscall_64+0x5a9/0x6a0
[ 1568.182969][T10683]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1568.202523][T10683] RIP: 0033:0x457cf1
[ 1568.211868][T10683] Code: 11 47 30 48 83 c7 40 0f 11 07 0f 11 47 10 0f 11 47 20 0f 11 47 30 48 83 c7 40 0f 11 07 0f 11 47 10 0f 11 47 20 0f 11 47 30 48 <83> c7 40 0f 11 07 0f 11 47 10 0f 11 47 20 0f 11 47 30 48 83 c7 40
[ 1568.221884][T10683] RSP: 002b:00007ffc482de610 EFLAGS: 00000293 ORIG_RAX: 0000000000000023
[ 1568.232194][T10683] RAX: 0000000000000000 RBX: 000000000017c832 RCX: 0000000000457cf1
[ 1568.242659][T10683] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffc482de620
[ 1568.266170][T10683] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[ 1568.266178][T10683] R10: 00007ffc482de710 R11: 0000000000000293 R12: 000000000075bf20
[ 1568.266185][T10683] R13: 000000000075c9a0 R14: 0000000000760288 R15: ffffffffffffffff
[ 1568.266200][T10683] 
[ 1568.266210][T10683] Allocated by task 10380:
[ 1568.266232][T10683]  save_stack+0x23/0x90
[ 1568.266253][T10683]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1568.282650][T10683]  kasan_slab_alloc+0xf/0x20
[ 1568.298578][T10683]  kmem_cache_alloc_node+0x138/0x740
[ 1568.298591][T10683]  __alloc_skb+0xd5/0x5e0
[ 1568.298613][T10683]  bcsp_recv+0x8c1/0x13a0
[ 1568.314734][T10683]  hci_uart_tty_receive+0x279/0x790
[ 1568.314751][T10683]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1568.314771][T10683]  tty_port_default_receive_buf+0x7d/0xb0
[ 1568.321511][T10683]  flush_to_ldisc+0x222/0x390
[ 1568.331370][T10683]  process_one_work+0x9af/0x1740
[ 1568.341222][T10683]  worker_thread+0x98/0xe40
[ 1568.341239][T10683]  kthread+0x361/0x430
[ 1568.341259][T10683]  ret_from_fork+0x24/0x30
[ 1568.349893][T10683] 
[ 1568.360367][T10683] Freed by task 10380:
[ 1568.370787][T10683]  save_stack+0x23/0x90
[ 1568.380192][T10683]  __kasan_slab_free+0x102/0x150
[ 1568.388655][T10683]  kasan_slab_free+0xe/0x10
[ 1568.395015][T10683]  kmem_cache_free+0x86/0x320
[ 1568.395028][T10683]  kfree_skbmem+0xc5/0x150
[ 1568.395037][T10683]  kfree_skb+0x109/0x3c0
[ 1568.395051][T10683]  bcsp_recv+0x2d8/0x13a0
[ 1568.395070][T10683]  hci_uart_tty_receive+0x279/0x790
[ 1568.404137][T10683]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1568.404149][T10683]  tty_port_default_receive_buf+0x7d/0xb0
[ 1568.404165][T10683]  flush_to_ldisc+0x222/0x390
[ 1568.404186][T10683]  process_one_work+0x9af/0x1740
[ 1568.413342][T10683]  worker_thread+0x98/0xe40
[ 1568.413353][T10683]  kthread+0x361/0x430
[ 1568.413364][T10683]  ret_from_fork+0x24/0x30
[ 1568.413367][T10683] 
[ 1568.413378][T10683] The buggy address belongs to the object at ffff888090fc6780
[ 1568.413378][T10683]  which belongs to the cache skbuff_head_cache of size 224
[ 1568.413396][T10683] The buggy address is located 212 bytes inside of
[ 1568.413396][T10683]  224-byte region [ffff888090fc6780, ffff888090fc6860)
[ 1568.422721][T10683] The buggy address belongs to the page:
[ 1568.432221][T10683] page:ffffea000243f180 refcount:1 mapcount:0 mapping:ffff8880a99e9a80 index:0x0
[ 1568.443190][T10683] flags: 0x1fffc0000000200(slab)
[ 1568.443209][T10683] raw: 01fffc0000000200 ffffea00025699c8 ffffea0002581648 ffff8880a99e9a80
[ 1568.443224][T10683] raw: 0000000000000000 ffff888090fc6000 000000010000000c 0000000000000000
[ 1568.532640][T10683] page dumped because: kasan: bad access detected
[ 1568.539051][T10683] 
[ 1568.541365][T10683] Memory state around the buggy address:
[ 1568.547004][T10683]  ffff888090fc6700: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 1568.555069][T10683]  ffff888090fc6780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1568.563130][T10683] >ffff888090fc6800: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1568.571278][T10683]                                                  ^
[ 1568.577965][T10683]  ffff888090fc6880: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 1568.586037][T10683]  ffff888090fc6900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1568.594089][T10683] ==================================================================
[ 1568.602167][T10705] ==================================================================
[ 1568.610268][T10705] BUG: KASAN: double-free or invalid-free in skb_free_head+0x93/0xb0
[ 1568.618451][T10705] 
[ 1568.620884][T10705] CPU: 0 PID: 10705 Comm: syz-executor.4 Tainted: G    B             5.3.0-rc2+ #93
[ 1568.629584][T10683] Kernel panic - not syncing: panic_on_warn set ...
[ 1568.630273][T10705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1568.646992][T10705] Call Trace:
[ 1568.650294][T10705]  dump_stack+0x172/0x1f0
[ 1568.654630][T10705]  print_address_description.cold+0xd4/0x306
[ 1568.660615][T10705]  ? skb_free_head+0x93/0xb0
[ 1568.665215][T10705]  kasan_report_invalid_free+0x65/0xa0
[ 1568.670678][T10705]  ? skb_free_head+0x93/0xb0
[ 1568.675262][T10705]  __kasan_slab_free+0x13a/0x150
[ 1568.680199][T10705]  ? skb_free_head+0x93/0xb0
[ 1568.684786][T10705]  kasan_slab_free+0xe/0x10
[ 1568.689294][T10705]  kfree+0x10a/0x2c0
[ 1568.693183][T10705]  skb_free_head+0x93/0xb0
[ 1568.697596][T10705]  skb_release_data+0x42d/0x7c0
[ 1568.702466][T10705]  ? bcsp_close+0xc7/0x130
[ 1568.706885][T10705]  skb_release_all+0x4d/0x60
[ 1568.711488][T10705]  kfree_skb+0x101/0x3c0
[ 1568.715734][T10705]  bcsp_close+0xc7/0x130
[ 1568.719971][T10705]  hci_uart_tty_close+0x21e/0x280
[ 1568.724999][T10705]  ? hci_uart_close+0x50/0x50
[ 1568.729685][T10705]  tty_ldisc_close.isra.0+0x119/0x190
[ 1568.735054][T10705]  tty_ldisc_kill+0x9c/0x160
[ 1568.739646][T10705]  tty_ldisc_release+0xe9/0x2b0
[ 1568.744492][T10705]  tty_release_struct+0x1b/0x50
[ 1568.749342][T10705]  tty_release+0xbcb/0xe90
[ 1568.753764][T10705]  __fput+0x2ff/0x890
[ 1568.757744][T10705]  ? put_tty_driver+0x20/0x20
[ 1568.762420][T10705]  ____fput+0x16/0x20
[ 1568.766417][T10705]  task_work_run+0x145/0x1c0
[ 1568.771013][T10705]  do_exit+0x92f/0x2e50
[ 1568.775172][T10705]  ? mm_update_next_owner+0x640/0x640
[ 1568.780546][T10705]  ? __kasan_check_write+0x14/0x20
[ 1568.785666][T10705]  ? lock_downgrade+0x920/0x920
[ 1568.790513][T10705]  ? rwlock_bug.part.0+0x90/0x90
[ 1568.795453][T10705]  ? get_signal+0x20e/0x2500
[ 1568.800039][T10705]  do_group_exit+0x135/0x360
[ 1568.804627][T10705]  get_signal+0x47c/0x2500
[ 1568.809044][T10705]  ? lock_downgrade+0x920/0x920
[ 1568.813898][T10705]  ? __might_fault+0xfb/0x1e0
[ 1568.818580][T10705]  do_signal+0x87/0x1700
[ 1568.822828][T10705]  ? __kasan_check_read+0x11/0x20
[ 1568.827853][T10705]  ? _copy_to_user+0x118/0x160
[ 1568.832621][T10705]  ? setup_sigcontext+0x7d0/0x7d0
[ 1568.837653][T10705]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1568.843895][T10705]  ? do_futex+0x1dc0/0x1dc0
[ 1568.848421][T10705]  ? trace_hardirqs_on+0x67/0x240
[ 1568.853446][T10705]  exit_to_usermode_loop+0x286/0x380
[ 1568.858734][T10705]  do_syscall_64+0x5a9/0x6a0
[ 1568.863326][T10705]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1568.869221][T10705] RIP: 0033:0x459829
[ 1568.873116][T10705] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1568.892731][T10705] RSP: 002b:00007fb2cf188cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1568.901149][T10705] RAX: fffffffffffffe00 RBX: 000000000075bfd0 RCX: 0000000000459829
[ 1568.909120][T10705] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfd0
[ 1568.917114][T10705] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[ 1568.925104][T10705] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfd4
[ 1568.933082][T10705] R13: 00007ffeddec02ff R14: 00007fb2cf1899c0 R15: 000000000075bfd4
[ 1568.941059][T10705] 
[ 1568.941085][T10683] CPU: 1 PID: 10683 Comm: syz-executor.2 Tainted: G    B             5.3.0-rc2+ #93
[ 1568.943384][T10705] Allocated by task 10380:
[ 1568.952763][T10683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1568.957183][T10705]  save_stack+0x23/0x90
[ 1568.967222][T10683] Call Trace:
[ 1568.971378][T10705]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1568.974646][T10683]  dump_stack+0x172/0x1f0
[ 1568.980257][T10705]  kasan_kmalloc+0x9/0x10
[ 1568.984570][T10683]  panic+0x2dc/0x755
[ 1568.988881][T10705]  __kmalloc_node_track_caller+0x4e/0x70
[ 1568.992754][T10683]  ? add_taint.cold+0x16/0x16
[ 1568.998371][T10705]  __kmalloc_reserve.isra.0+0x40/0xf0
[ 1569.003026][T10683]  ? kfree_skb+0x38/0x3c0
[ 1569.008378][T10705]  __alloc_skb+0x10b/0x5e0
[ 1569.012695][T10683]  ? preempt_schedule+0x4b/0x60
[ 1569.017096][T10705]  bcsp_recv+0x8c1/0x13a0
[ 1569.021938][T10683]  ? ___preempt_schedule+0x16/0x20
[ 1569.026251][T10705]  hci_uart_tty_receive+0x279/0x790
[ 1569.031346][T10683]  ? trace_hardirqs_on+0x5e/0x240
[ 1569.036529][T10705]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1569.041537][T10683]  ? kfree_skb+0x38/0x3c0
[ 1569.046818][T10705]  tty_port_default_receive_buf+0x7d/0xb0
[ 1569.051130][T10683]  end_report+0x47/0x4f
[ 1569.056960][T10705]  flush_to_ldisc+0x222/0x390
[ 1569.061105][T10683]  ? kfree_skb+0x38/0x3c0
[ 1569.065778][T10705]  process_one_work+0x9af/0x1740
[ 1569.070092][T10683]  __kasan_report.cold+0xe/0x36
[ 1569.075018][T10705]  worker_thread+0x98/0xe40
[ 1569.079859][T10683]  ? kfree_skb+0x38/0x3c0
[ 1569.084360][T10705]  kthread+0x361/0x430
[ 1569.088665][T10683]  kasan_report+0x12/0x17
[ 1569.092717][T10705]  ret_from_fork+0x24/0x30
[ 1569.097032][T10683]  check_memory_region+0x134/0x1a0
[ 1569.101505][T10705] 
[ 1569.106642][T10683]  __kasan_check_read+0x11/0x20
[ 1569.108947][T10705] Freed by task 10380:
[ 1569.113790][T10683]  kfree_skb+0x38/0x3c0
[ 1569.118143][T10705]  save_stack+0x23/0x90
[ 1569.122380][T10683]  bcsp_close+0xc7/0x130
[ 1569.126523][T10705]  __kasan_slab_free+0x102/0x150
[ 1569.130748][T10683]  hci_uart_tty_close+0x21e/0x280
[ 1569.135671][T10705]  kasan_slab_free+0xe/0x10
[ 1569.140674][T10683]  ? hci_uart_close+0x50/0x50
[ 1569.145157][T10705]  kfree+0x10a/0x2c0
[ 1569.149848][T10683]  tty_ldisc_close.isra.0+0x119/0x190
[ 1569.153722][T10705]  skb_free_head+0x93/0xb0
[ 1569.159077][T10683]  tty_ldisc_kill+0x9c/0x160
[ 1569.163475][T10705]  skb_release_data+0x42d/0x7c0
[ 1569.168051][T10683]  tty_ldisc_release+0xe9/0x2b0
[ 1569.172879][T10705]  skb_release_all+0x4d/0x60
[ 1569.172902][T10705]  kfree_skb+0x101/0x3c0
[ 1569.178358][T10683]  tty_release_struct+0x1b/0x50
[ 1569.182934][T10705]  bcsp_recv+0x2d8/0x13a0
[ 1569.187167][T10683]  tty_release+0xbcb/0xe90
[ 1569.192010][T10705]  hci_uart_tty_receive+0x279/0x790
[ 1569.196327][T10683]  __fput+0x2ff/0x890
[ 1569.200723][T10705]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1569.205902][T10683]  ? put_tty_driver+0x20/0x20
[ 1569.209868][T10705]  tty_port_default_receive_buf+0x7d/0xb0
[ 1569.215137][T10683]  ____fput+0x16/0x20
[ 1569.219791][T10705]  flush_to_ldisc+0x222/0x390
[ 1569.225537][T10683]  task_work_run+0x145/0x1c0
[ 1569.229510][T10705]  process_one_work+0x9af/0x1740
[ 1569.234179][T10683]  do_exit+0x92f/0x2e50
[ 1569.238754][T10705]  worker_thread+0x98/0xe40
[ 1569.243686][T10683]  ? finish_task_switch+0x4f5/0x720
[ 1569.247817][T10705]  kthread+0x361/0x430
[ 1569.252306][T10683]  ? trace_hardirqs_off+0x1f1/0x240
[ 1569.257485][T10705]  ret_from_fork+0x24/0x30
[ 1569.261544][T10683]  ? mm_update_next_owner+0x640/0x640
[ 1569.266711][T10705] 
[ 1569.271135][T10683]  ? __kasan_check_write+0x14/0x20
[ 1569.276476][T10705] The buggy address belongs to the object at ffff88809419c140
[ 1569.276476][T10705]  which belongs to the cache kmalloc-8k of size 8192
[ 1569.278800][T10683]  ? lock_downgrade+0x920/0x920
[ 1569.283884][T10705] The buggy address is located 0 bytes inside of
[ 1569.283884][T10705]  8192-byte region [ffff88809419c140, ffff88809419e140)
[ 1569.297945][T10683]  ? rwlock_bug.part.0+0x90/0x90
[ 1569.302768][T10705] The buggy address belongs to the page:
[ 1569.315971][T10683]  ? get_signal+0x20e/0x2500
[ 1569.320891][T10705] page:ffffea0002506700 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0
[ 1569.326526][T10683]  do_group_exit+0x135/0x360
[ 1569.331092][T10705] flags: 0x1fffc0000010200(slab|head)
[ 1569.342193][T10683]  get_signal+0x47c/0x2500
[ 1569.346760][T10705] raw: 01fffc0000010200 ffffea00022ad408 ffffea0002514608 ffff8880aa4021c0
[ 1569.352123][T10683]  ? trace_hardirqs_on+0x67/0x240
[ 1569.356523][T10705] raw: 0000000000000000 ffff88809419c140 0000000100000001 0000000000000000
[ 1569.365434][T10683]  ? __kasan_check_read+0x11/0x20
[ 1569.370432][T10705] page dumped because: kasan: bad access detected
[ 1569.379027][T10683]  ? debug_object_free+0x1f9/0x390
[ 1569.384016][T10705] 
[ 1569.390433][T10683]  do_signal+0x87/0x1700
[ 1569.395512][T10705] Memory state around the buggy address:
[ 1569.397844][T10683]  ? nanosleep_copyout+0x110/0x110
[ 1569.402059][T10705]  ffff88809419c000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1569.407715][T10683]  ? setup_sigcontext+0x7d0/0x7d0
[ 1569.412793][T10705]  ffff88809419c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1569.420863][T10683]  ? clock_was_set_work+0x30/0x30
[ 1569.425853][T10705] >ffff88809419c100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 1569.434011][T10683]  ? trace_hardirqs_on+0x67/0x240
[ 1569.439016][T10705]                                            ^
[ 1569.447088][T10683]  exit_to_usermode_loop+0x286/0x380
[ 1569.452082][T10705]  ffff88809419c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1569.458239][T10683]  do_syscall_64+0x5a9/0x6a0
[ 1569.463614][T10705]  ffff88809419c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1569.471679][T10683]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1569.476242][T10705] ==================================================================
[ 1569.484310][T10683] RIP: 0033:0x457cf1
[ 1569.502104][T10683] Code: Bad RIP value.
[ 1569.506165][T10683] RSP: 002b:00007ffc482de610 EFLAGS: 00000293 ORIG_RAX: 0000000000000023
[ 1569.514565][T10683] RAX: 0000000000000000 RBX: 000000000017c832 RCX: 0000000000457cf1
[ 1569.522897][T10683] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffc482de620
[ 1569.530875][T10683] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[ 1569.539224][T10683] R10: 00007ffc482de710 R11: 0000000000000293 R12: 000000000075bf20
[ 1569.547210][T10683] R13: 000000000075c9a0 R14: 0000000000760288 R15: ffffffffffffffff
[ 1570.680108][T10683] Shutting down cpus with NMI
[ 1570.686168][T10683] Kernel Offset: disabled
[ 1570.690512][T10683] Rebooting in 86400 seconds..