Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts.
2020/08/03 13:30:25 parsed 1 programs
2020/08/03 13:30:25 executed programs: 0
syzkaller login: [ 1048.797983][   T27] audit: type=1400 audit(1596461425.702:8): avc:  denied  { execmem } for  pid=6875 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 1048.832713][ T6876] IPVS: ftp: loaded support on port[0] = 21
[ 1048.939873][ T6876] chnl_net:caif_netlink_parms(): no params data found
[ 1048.991707][ T6876] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1049.000383][ T6876] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1049.009271][ T6876] device bridge_slave_0 entered promiscuous mode
[ 1049.018412][ T6876] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1049.026055][ T6876] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1049.034317][ T6876] device bridge_slave_1 entered promiscuous mode
[ 1049.054083][ T6876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1049.066182][ T6876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1049.089216][ T6876] team0: Port device team_slave_0 added
[ 1049.096768][ T6876] team0: Port device team_slave_1 added
[ 1049.115176][ T6876] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1049.122165][ T6876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1049.148232][ T6876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1049.160691][ T6876] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1049.167815][ T6876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1049.193898][ T6876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1049.256951][ T6876] device hsr_slave_0 entered promiscuous mode
[ 1049.324263][ T6876] device hsr_slave_1 entered promiscuous mode
[ 1049.484293][ T6876] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1049.546807][ T6876] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1049.625977][ T6876] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1049.685939][ T6876] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1049.771562][ T6876] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1049.778874][ T6876] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1049.786988][ T6876] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1049.794201][ T6876] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1049.841141][ T6876] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1049.855627][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1049.867587][ T6846] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1049.875759][ T6846] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1049.885609][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1049.899455][ T6876] 8021q: adding VLAN 0 to HW filter on device team0
[ 1049.911926][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1049.920623][ T6846] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1049.927827][ T6846] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1049.940238][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1049.949426][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1049.959154][ T6845] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1049.966594][ T6845] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1049.978421][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1050.003039][ T6876] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1050.015009][ T6876] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1050.027219][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1050.036811][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1050.046383][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1050.055465][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1050.064211][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1050.072603][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1050.081173][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1050.090064][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1050.098654][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1050.107191][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1050.115329][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1050.135499][ T7085] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1050.143014][ T7085] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1050.155417][ T6876] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1050.175909][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1050.186579][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1050.208963][ T6876] device veth0_vlan entered promiscuous mode
[ 1050.215984][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1050.226000][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1050.237881][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1050.246434][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1050.258512][ T6876] device veth1_vlan entered promiscuous mode
[ 1050.281030][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1050.290052][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1050.298903][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1050.308078][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1050.319579][ T6876] device veth0_macvtap entered promiscuous mode
[ 1050.329932][ T6876] device veth1_macvtap entered promiscuous mode
[ 1050.349136][ T6876] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1050.356708][ T7085] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1050.365971][ T7085] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1050.374150][ T7085] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1050.382863][ T7085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1050.395582][ T6876] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1050.406746][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1050.416052][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1053.684349][ T2703] Bluetooth: hci0: command 0x0409 tx timeout
2020/08/03 13:30:30 executed programs: 59
[ 1055.763938][ T6846] Bluetooth: hci0: command 0x041b tx timeout
[ 1057.843748][ T2703] Bluetooth: hci0: command 0x040f tx timeout
2020/08/03 13:30:35 executed programs: 196
[ 1059.923589][ T2703] Bluetooth: hci0: command 0x0419 tx timeout
2020/08/03 13:30:40 executed programs: 339
2020/08/03 13:30:45 executed programs: 488
2020/08/03 13:30:50 executed programs: 635
2020/08/03 13:30:55 executed programs: 778
2020/08/03 13:31:00 executed programs: 926
2020/08/03 13:31:05 executed programs: 1072
2020/08/03 13:31:10 executed programs: 1213
2020/08/03 13:31:15 executed programs: 1361
2020/08/03 13:31:20 executed programs: 1503
2020/08/03 13:31:25 executed programs: 1648
2020/08/03 13:31:30 executed programs: 1791
2020/08/03 13:31:36 executed programs: 1938
[ 1120.207578][ T6876] ==================================================================
[ 1120.215895][ T6876] BUG: KASAN: use-after-free in hci_chan_del+0x14f/0x190
[ 1120.222903][ T6876] Read of size 8 at addr ffff8880a7037518 by task syz-executor.0/6876
[ 1120.231044][ T6876] 
[ 1120.233353][ T6876] CPU: 0 PID: 6876 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0
[ 1120.241932][ T6876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1120.252327][ T6876] Call Trace:
[ 1120.255622][ T6876]  dump_stack+0x18f/0x20d
[ 1120.259978][ T6876]  ? hci_chan_del+0x14f/0x190
[ 1120.264680][ T6876]  ? hci_chan_del+0x14f/0x190
[ 1120.269340][ T6876]  print_address_description.constprop.0.cold+0xae/0x436
[ 1120.276412][ T6876]  ? mutex_lock_io_nested+0xf60/0xf60
[ 1120.281799][ T6876]  ? lockdep_hardirqs_off+0x66/0xa0
[ 1120.286982][ T6876]  ? vprintk_func+0x97/0x1a6
[ 1120.291556][ T6876]  ? hci_chan_del+0x14f/0x190
[ 1120.296213][ T6876]  kasan_report.cold+0x1f/0x37
[ 1120.300977][ T6876]  ? hci_chan_del+0x14f/0x190
[ 1120.305651][ T6876]  hci_chan_del+0x14f/0x190
[ 1120.310178][ T6876]  l2cap_conn_del+0x61b/0x9e0
[ 1120.314854][ T6876]  ? l2cap_conn_del+0x9e0/0x9e0
[ 1120.319700][ T6876]  l2cap_disconn_cfm+0x85/0xa0
[ 1120.324474][ T6876]  hci_conn_hash_flush+0x114/0x220
[ 1120.329612][ T6876]  ? vhci_close_dev+0x50/0x50
[ 1120.334286][ T6876]  hci_dev_do_close+0x5c6/0x1080
[ 1120.339204][ T6876]  ? do_raw_write_lock+0x11a/0x280
[ 1120.344396][ T6876]  ? hci_dev_open+0x350/0x350
[ 1120.349078][ T6876]  ? do_raw_read_unlock+0x70/0x70
[ 1120.354087][ T6876]  ? try_to_grab_pending.part.0+0x7d0/0x7d0
[ 1120.359983][ T6876]  ? fsnotify_parent+0xb7/0x2b0
[ 1120.364818][ T6876]  ? vhci_close_dev+0x50/0x50
[ 1120.369482][ T6876]  hci_unregister_dev+0x1a3/0xe20
[ 1120.374531][ T6876]  ? fcntl_setlk+0xf60/0xf60
[ 1120.379104][ T6876]  ? lock_is_held_type+0xb0/0xe0
[ 1120.384025][ T6876]  ? vhci_close_dev+0x50/0x50
[ 1120.388679][ T6876]  vhci_release+0x70/0xe0
[ 1120.393002][ T6876]  __fput+0x33c/0x880
[ 1120.396971][ T6876]  task_work_run+0xdd/0x190
[ 1120.401586][ T6876]  do_exit+0xb72/0x2a40
[ 1120.405779][ T6876]  ? mm_update_next_owner+0x7a0/0x7a0
[ 1120.411322][ T6876]  ? vfs_write+0x1b0/0x6b0
[ 1120.415742][ T6876]  ? ksys_write+0x1a5/0x250
[ 1120.420264][ T6876]  do_group_exit+0x125/0x310
[ 1120.424857][ T6876]  __x64_sys_exit_group+0x3a/0x50
[ 1120.429881][ T6876]  do_syscall_64+0x60/0xe0
[ 1120.434285][ T6876]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1120.440175][ T6876] RIP: 0033:0x45cce9
[ 1120.444133][ T6876] Code: Bad RIP value.
[ 1120.448176][ T6876] RSP: 002b:00007fff7af90ab8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1120.456572][ T6876] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045cce9
[ 1120.464573][ T6876] RDX: 0000000000416741 RSI: 0000000000ca85f0 RDI: 0000000000000043
[ 1120.472542][ T6876] RBP: 00000000004c2983 R08: 000000000000000b R09: 0000000000000000
[ 1120.480511][ T6876] R10: 00000000011fd940 R11: 0000000000000246 R12: 0000000000000003
[ 1120.488482][ T6876] R13: 00007fff7af90c00 R14: 00000000001117c0 R15: 00007fff7af90c10
[ 1120.496461][ T6876] 
[ 1120.498771][ T6876] Allocated by task 3903:
[ 1120.503084][ T6876]  save_stack+0x1b/0x40
[ 1120.507231][ T6876]  __kasan_kmalloc.constprop.0+0xc2/0xd0
[ 1120.513281][ T6876]  kmem_cache_alloc_trace+0x14f/0x2d0
[ 1120.518637][ T6876]  kernfs_fop_open+0x957/0xd40
[ 1120.523395][ T6876]  do_dentry_open+0x501/0x1290
[ 1120.528151][ T6876]  path_openat+0x1bb9/0x2750
[ 1120.532728][ T6876]  do_filp_open+0x17e/0x3c0
[ 1120.537214][ T6876]  do_sys_openat2+0x16f/0x3b0
[ 1120.541882][ T6876]  __x64_sys_open+0x119/0x1c0
[ 1120.546555][ T6876]  do_syscall_64+0x60/0xe0
[ 1120.550951][ T6876]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1120.556827][ T6876] 
[ 1120.559132][ T6876] Freed by task 3903:
[ 1120.563107][ T6876]  save_stack+0x1b/0x40
[ 1120.567251][ T6876]  __kasan_slab_free+0xf5/0x140
[ 1120.572094][ T6876]  kfree+0x103/0x2c0
[ 1120.575983][ T6876]  kernfs_fop_release+0xe3/0x190
[ 1120.580898][ T6876]  __fput+0x33c/0x880
[ 1120.584872][ T6876]  task_work_run+0xdd/0x190
[ 1120.589353][ T6876]  __prepare_exit_to_usermode+0x1e9/0x1f0
[ 1120.595053][ T6876]  do_syscall_64+0x6c/0xe0
[ 1120.599451][ T6876]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1120.605324][ T6876] 
[ 1120.607632][ T6876] The buggy address belongs to the object at ffff8880a7037500
[ 1120.607632][ T6876]  which belongs to the cache kmalloc-128 of size 128
[ 1120.621763][ T6876] The buggy address is located 24 bytes inside of
[ 1120.621763][ T6876]  128-byte region [ffff8880a7037500, ffff8880a7037580)
[ 1120.634941][ T6876] The buggy address belongs to the page:
[ 1120.640559][ T6876] page:ffffea00029c0dc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a7037000
[ 1120.650972][ T6876] flags: 0xfffe0000000200(slab)
[ 1120.655895][ T6876] raw: 00fffe0000000200 ffffea00029d8188 ffffea00027df648 ffff8880aa000700
[ 1120.664950][ T6876] raw: ffff8880a7037000 ffff8880a7037000 0000000100000008 0000000000000000
[ 1120.673530][ T6876] page dumped because: kasan: bad access detected
[ 1120.679929][ T6876] 
[ 1120.682264][ T6876] Memory state around the buggy address:
[ 1120.687881][ T6876]  ffff8880a7037400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1120.695941][ T6876]  ffff8880a7037480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1120.704030][ T6876] >ffff8880a7037500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1120.712073][ T6876]                             ^
[ 1120.716904][ T6876]  ffff8880a7037580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1120.724955][ T6876]  ffff8880a7037600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1120.733019][ T6876] ==================================================================
[ 1120.741180][ T6876] Disabling lock debugging due to kernel taint
[ 1120.754585][ T6876] Kernel panic - not syncing: panic_on_warn set ...
[ 1120.762051][ T6876] CPU: 1 PID: 6876 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc7-syzkaller #0
[ 1120.772046][ T6876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1120.782103][ T6876] Call Trace:
[ 1120.785392][ T6876]  dump_stack+0x18f/0x20d
[ 1120.789710][ T6876]  ? hci_chan_del+0x110/0x190
[ 1120.794376][ T6876]  panic+0x2e3/0x75c
[ 1120.798253][ T6876]  ? __warn_printk+0xf3/0xf3
[ 1120.802851][ T6876]  ? preempt_schedule_common+0x59/0xc0
[ 1120.808311][ T6876]  ? hci_chan_del+0x14f/0x190
[ 1120.812972][ T6876]  ? preempt_schedule_thunk+0x16/0x18
[ 1120.818354][ T6876]  ? trace_hardirqs_on+0x55/0x220
[ 1120.823365][ T6876]  ? hci_chan_del+0x14f/0x190
[ 1120.828027][ T6876]  ? hci_chan_del+0x14f/0x190
[ 1120.832702][ T6876]  end_report+0x4d/0x53
[ 1120.836859][ T6876]  kasan_report.cold+0xd/0x37
[ 1120.841529][ T6876]  ? hci_chan_del+0x14f/0x190
[ 1120.846211][ T6876]  hci_chan_del+0x14f/0x190
[ 1120.850711][ T6876]  l2cap_conn_del+0x61b/0x9e0
[ 1120.855369][ T6876]  ? l2cap_conn_del+0x9e0/0x9e0
[ 1120.860198][ T6876]  l2cap_disconn_cfm+0x85/0xa0
[ 1120.864965][ T6876]  hci_conn_hash_flush+0x114/0x220
[ 1120.870083][ T6876]  ? vhci_close_dev+0x50/0x50
[ 1120.874803][ T6876]  hci_dev_do_close+0x5c6/0x1080
[ 1120.879734][ T6876]  ? do_raw_write_lock+0x11a/0x280
[ 1120.884836][ T6876]  ? hci_dev_open+0x350/0x350
[ 1120.889509][ T6876]  ? do_raw_read_unlock+0x70/0x70
[ 1120.894517][ T6876]  ? try_to_grab_pending.part.0+0x7d0/0x7d0
[ 1120.900407][ T6876]  ? fsnotify_parent+0xb7/0x2b0
[ 1120.905241][ T6876]  ? vhci_close_dev+0x50/0x50
[ 1120.909918][ T6876]  hci_unregister_dev+0x1a3/0xe20
[ 1120.914941][ T6876]  ? fcntl_setlk+0xf60/0xf60
[ 1120.919528][ T6876]  ? lock_is_held_type+0xb0/0xe0
[ 1120.924459][ T6876]  ? vhci_close_dev+0x50/0x50
[ 1120.929112][ T6876]  vhci_release+0x70/0xe0
[ 1120.933436][ T6876]  __fput+0x33c/0x880
[ 1120.937398][ T6876]  task_work_run+0xdd/0x190
[ 1120.941893][ T6876]  do_exit+0xb72/0x2a40
[ 1120.946743][ T6876]  ? mm_update_next_owner+0x7a0/0x7a0
[ 1120.952105][ T6876]  ? vfs_write+0x1b0/0x6b0
[ 1120.956511][ T6876]  ? ksys_write+0x1a5/0x250
[ 1120.961000][ T6876]  do_group_exit+0x125/0x310
[ 1120.965767][ T6876]  __x64_sys_exit_group+0x3a/0x50
[ 1120.970794][ T6876]  do_syscall_64+0x60/0xe0
[ 1120.975205][ T6876]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1120.981092][ T6876] RIP: 0033:0x45cce9
[ 1120.984958][ T6876] Code: Bad RIP value.
[ 1120.989019][ T6876] RSP: 002b:00007fff7af90ab8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1120.997423][ T6876] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045cce9
[ 1121.005387][ T6876] RDX: 0000000000416741 RSI: 0000000000ca85f0 RDI: 0000000000000043
[ 1121.013352][ T6876] RBP: 00000000004c2983 R08: 000000000000000b R09: 0000000000000000
[ 1121.021310][ T6876] R10: 00000000011fd940 R11: 0000000000000246 R12: 0000000000000003
[ 1121.029267][ T6876] R13: 00007fff7af90c00 R14: 00000000001117c0 R15: 00007fff7af90c10
[ 1121.038231][ T6876] Kernel Offset: disabled
[ 1121.042562][ T6876] Rebooting in 86400 seconds..