Warning: Permanently added '10.128.0.128' (ECDSA) to the list of known hosts. syzkaller login: [ 33.575730] audit: type=1400 audit(1596701539.936:8): avc: denied { execmem } for pid=6350 comm="syz-executor569" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 33.799697] IPVS: ftp: loaded support on port[0] = 21 [ 34.909243] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program [ 35.715226] Bluetooth: hci0 hardware error 0x43 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 35.989926] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 36.809713] Bluetooth: hci1 hardware error 0x43 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 36.849980] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 37.679432] Bluetooth: hci2 hardware error 0x43 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 37.740518] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 38.568635] Bluetooth: hci3 hardware error 0x43 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 38.611216] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.467451] Bluetooth: hci4 hardware error 0x43 [ 39.478288] ================================================================== [ 39.485771] BUG: KASAN: use-after-free in hci_chan_del+0x131/0x180 [ 39.492089] Read of size 8 at addr ffff8880a81f7198 by task kworker/u5:6/7915 [ 39.499358] [ 39.500981] CPU: 1 PID: 7915 Comm: kworker/u5:6 Not tainted 4.14.192-syzkaller #0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.508590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.517946] Workqueue: hci4 hci_error_reset [ 39.522260] Call Trace: [ 39.524847] dump_stack+0x1b2/0x283 [ 39.528480] ? l2cap_conn_del+0x670/0x670 [ 39.532625] print_address_description.cold+0x54/0x1d3 [ 39.537911] kasan_report_error.cold+0x8a/0x194 [ 39.542577] ? hci_chan_del+0x131/0x180 [ 39.546572] __asan_report_load8_noabort+0x68/0x70 [ 39.551524] ? hci_chan_del+0x131/0x180 [ 39.555495] hci_chan_del+0x131/0x180 [ 39.559292] l2cap_conn_del+0x417/0x670 [ 39.563261] ? __mutex_unlock_slowpath+0x75/0x770 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.568100] ? l2cap_conn_del+0x670/0x670 [ 39.572241] l2cap_disconn_cfm+0x6b/0x80 [ 39.576308] hci_conn_hash_flush+0x114/0x220 [ 39.580737] hci_dev_do_close+0x542/0xc50 [ 39.584892] hci_error_reset+0x90/0xe0 [ 39.588778] process_one_work+0x793/0x14a0 [ 39.593011] ? work_busy+0x320/0x320 [ 39.596720] ? worker_thread+0x158/0xff0 [ 39.600776] ? _raw_spin_unlock_irq+0x24/0x80 [ 39.605270] worker_thread+0x5cc/0xff0 [ 39.609157] ? rescuer_thread+0xc80/0xc80 [ 39.613304] kthread+0x30d/0x420 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.616667] ? kthread_create_on_node+0xd0/0xd0 [ 39.621333] ret_from_fork+0x24/0x30 [ 39.625048] [ 39.626679] Allocated by task 6393: [ 39.630305] kasan_kmalloc+0xeb/0x160 [ 39.634117] kmem_cache_alloc_trace+0x131/0x3d0 [ 39.638783] hci_chan_create+0x7c/0x300 [ 39.642763] l2cap_conn_add.part.0+0x18/0xc20 [ 39.647255] l2cap_connect_cfm+0x1d2/0xce0 [ 39.651501] hci_le_meta_evt+0x3288/0x3fc0 [ 39.655760] hci_event_packet+0x25a7/0x7c7a [ 39.660073] hci_rx_work+0x3e6/0x970 [ 39.663782] process_one_work+0x793/0x14a0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.668010] worker_thread+0x5cc/0xff0 [ 39.671923] kthread+0x30d/0x420 [ 39.675306] ret_from_fork+0x24/0x30 [ 39.679005] [ 39.680620] Freed by task 6393: [ 39.683897] kasan_slab_free+0xc3/0x1a0 [ 39.687865] kfree+0xc9/0x250 [ 39.690970] hci_event_packet+0xeae/0x7c7a [ 39.695200] hci_rx_work+0x3e6/0x970 [ 39.698908] process_one_work+0x793/0x14a0 [ 39.703143] worker_thread+0x5cc/0xff0 [ 39.707022] kthread+0x30d/0x420 [ 39.710383] ret_from_fork+0x24/0x30 [ 39.714083] executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.715722] The buggy address belongs to the object at ffff8880a81f7180 [ 39.715722] which belongs to the cache kmalloc-128 of size 128 [ 39.728370] The buggy address is located 24 bytes inside of [ 39.728370] 128-byte region [ffff8880a81f7180, ffff8880a81f7200) [ 39.740150] The buggy address belongs to the page: [ 39.745098] page:ffffea0002a07dc0 count:1 mapcount:0 mapping:ffff8880a81f7000 index:0x0 [ 39.753235] flags: 0xfffe0000000100(slab) [ 39.757378] raw: 00fffe0000000100 ffff8880a81f7000 0000000000000000 0000000100000015 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.765278] raw: ffffea0002a0ace0 ffffea0002a65ea0 ffff88812fe52640 0000000000000000 [ 39.773151] page dumped because: kasan: bad access detected [ 39.778851] [ 39.780476] Memory state around the buggy address: [ 39.785398] ffff8880a81f7080: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 39.792753] ffff8880a81f7100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 39.800109] >ffff8880a81f7180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.807458] ^ [ 39.811601] ffff8880a81f7200: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.818999] ffff8880a81f7280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 39.826348] ================================================================== [ 39.833699] Disabling lock debugging due to kernel taint [ 39.850101] Kernel panic - not syncing: panic_on_warn set ... [ 39.850101] [ 39.857475] CPU: 1 PID: 7915 Comm: kworker/u5:6 Tainted: G B 4.14.192-syzkaller #0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.866302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.875659] Workqueue: hci4 hci_error_reset [ 39.879970] Call Trace: [ 39.882572] dump_stack+0x1b2/0x283 [ 39.886193] ? l2cap_conn_del+0x670/0x670 [ 39.890362] panic+0x1f9/0x42d [ 39.893552] ? add_taint.cold+0x16/0x16 [ 39.897550] ? ___preempt_schedule+0x16/0x18 [ 39.901956] kasan_end_report+0x43/0x49 [ 39.905922] kasan_report_error.cold+0xa7/0x194 [ 39.910581] ? hci_chan_del+0x131/0x180 [ 39.914550] __asan_report_load8_noabort+0x68/0x70 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.919479] ? hci_chan_del+0x131/0x180 [ 39.923447] hci_chan_del+0x131/0x180 [ 39.927243] l2cap_conn_del+0x417/0x670 [ 39.931213] ? __mutex_unlock_slowpath+0x75/0x770 [ 39.936046] ? l2cap_conn_del+0x670/0x670 [ 39.940185] l2cap_disconn_cfm+0x6b/0x80 [ 39.944242] hci_conn_hash_flush+0x114/0x220 [ 39.948641] hci_dev_do_close+0x542/0xc50 [ 39.952783] hci_error_reset+0x90/0xe0 [ 39.956693] process_one_work+0x793/0x14a0 [ 39.960924] ? work_busy+0x320/0x320 [ 39.964629] ? worker_thread+0x158/0xff0 executing program executing program executing program executing program executing program executing program [ 39.968684] ? _raw_spin_unlock_irq+0x24/0x80 [ 39.973171] worker_thread+0x5cc/0xff0 [ 39.977053] ? rescuer_thread+0xc80/0xc80 [ 39.981192] kthread+0x30d/0x420 [ 39.984547] ? kthread_create_on_node+0xd0/0xd0 [ 39.989208] ret_from_fork+0x24/0x30 [ 39.994030] Kernel Offset: disabled [ 39.997638] Rebooting in 86400 seconds..