[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   59.720305][   T26] audit: type=1800 audit(1570774673.798:25): pid=8736 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   59.742262][   T26] audit: type=1800 audit(1570774673.808:26): pid=8736 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   59.763664][   T26] audit: type=1800 audit(1570774673.808:27): pid=8736 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.170' (ECDSA) to the list of known hosts.
2019/10/11 06:33:46 parsed 1 programs
2019/10/11 06:33:49 executed programs: 0
syzkaller login: [ 1015.090566][ T9246] IPVS: ftp: loaded support on port[0] = 21
[ 1015.106637][ T9239] IPVS: ftp: loaded support on port[0] = 21
[ 1015.108462][ T9247] IPVS: ftp: loaded support on port[0] = 21
[ 1015.127126][ T9248] IPVS: ftp: loaded support on port[0] = 21
[ 1015.128342][ T9243] IPVS: ftp: loaded support on port[0] = 21
[ 1015.141505][ T9240] IPVS: ftp: loaded support on port[0] = 21
[ 1015.415738][ T9239] chnl_net:caif_netlink_parms(): no params data found
[ 1015.483498][ T9247] chnl_net:caif_netlink_parms(): no params data found
[ 1015.540284][ T9248] chnl_net:caif_netlink_parms(): no params data found
[ 1015.589729][ T9243] chnl_net:caif_netlink_parms(): no params data found
[ 1015.613279][ T9240] chnl_net:caif_netlink_parms(): no params data found
[ 1015.624160][ T9246] chnl_net:caif_netlink_parms(): no params data found
[ 1015.634060][ T9239] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.641143][ T9239] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.649604][ T9239] device bridge_slave_0 entered promiscuous mode
[ 1015.688275][ T9239] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1015.697147][ T9239] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1015.705377][ T9239] device bridge_slave_1 entered promiscuous mode
[ 1015.738158][ T9247] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.745467][ T9247] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.754554][ T9247] device bridge_slave_0 entered promiscuous mode
[ 1015.793167][ T9247] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1015.800889][ T9247] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1015.808824][ T9247] device bridge_slave_1 entered promiscuous mode
[ 1015.817589][ T9239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1015.830490][ T9239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1015.856569][ T9248] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.864306][ T9248] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.872437][ T9248] device bridge_slave_0 entered promiscuous mode
[ 1015.884690][ T9248] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1015.891808][ T9248] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1015.900109][ T9248] device bridge_slave_1 entered promiscuous mode
[ 1015.912914][ T9240] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.920560][ T9240] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.929334][ T9240] device bridge_slave_0 entered promiscuous mode
[ 1015.943282][ T9243] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.952082][ T9243] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.960003][ T9243] device bridge_slave_0 entered promiscuous mode
[ 1015.995948][ T9248] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1016.005501][ T9240] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1016.013234][ T9240] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1016.021884][ T9240] device bridge_slave_1 entered promiscuous mode
[ 1016.032033][ T9246] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1016.046561][ T9246] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1016.054664][ T9246] device bridge_slave_0 entered promiscuous mode
[ 1016.062211][ T9243] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1016.069286][ T9243] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1016.078241][ T9243] device bridge_slave_1 entered promiscuous mode
[ 1016.086883][ T9247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1016.099136][ T9247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1016.110532][ T9239] team0: Port device team_slave_0 added
[ 1016.117959][ T9248] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1016.134069][ T9246] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1016.141149][ T9246] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1016.149629][ T9246] device bridge_slave_1 entered promiscuous mode
[ 1016.179832][ T9239] team0: Port device team_slave_1 added
[ 1016.203450][ T9240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1016.218332][ T9240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1016.232582][ T9246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1016.249758][ T9246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1016.261965][ T9243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1016.326931][ T9239] device hsr_slave_0 entered promiscuous mode
[ 1016.385034][ T9239] device hsr_slave_1 entered promiscuous mode
[ 1016.454166][ T9247] team0: Port device team_slave_0 added
[ 1016.466167][ T9248] team0: Port device team_slave_0 added
[ 1016.474485][ T9243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1016.504426][ T9247] team0: Port device team_slave_1 added
[ 1016.517751][ T9246] team0: Port device team_slave_0 added
[ 1016.527988][ T9248] team0: Port device team_slave_1 added
[ 1016.539832][ T9240] team0: Port device team_slave_0 added
[ 1016.550104][ T9246] team0: Port device team_slave_1 added
[ 1016.557438][ T9240] team0: Port device team_slave_1 added
[ 1016.566678][ T9243] team0: Port device team_slave_0 added
[ 1016.591611][ T9243] team0: Port device team_slave_1 added
[ 1016.654065][ T9248] device hsr_slave_0 entered promiscuous mode
[ 1016.701889][ T9248] device hsr_slave_1 entered promiscuous mode
[ 1016.751816][ T9248] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1016.794464][ T9247] device hsr_slave_0 entered promiscuous mode
[ 1016.831840][ T9247] device hsr_slave_1 entered promiscuous mode
[ 1016.871542][ T9247] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1016.933768][ T9243] device hsr_slave_0 entered promiscuous mode
[ 1016.971742][ T9243] device hsr_slave_1 entered promiscuous mode
[ 1017.021561][ T9243] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1017.114910][ T9240] device hsr_slave_0 entered promiscuous mode
[ 1017.171910][ T9240] device hsr_slave_1 entered promiscuous mode
[ 1017.211693][ T9240] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1017.274411][ T9246] device hsr_slave_0 entered promiscuous mode
[ 1017.311801][ T9246] device hsr_slave_1 entered promiscuous mode
[ 1017.371526][ T9246] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1017.486287][ T9239] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1017.521811][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1017.530424][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1017.540883][ T9239] 8021q: adding VLAN 0 to HW filter on device team0
[ 1017.597419][ T9248] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1017.611068][ T9247] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1017.623954][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1017.632639][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1017.642165][ T9250] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1017.651039][ T9250] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1017.659164][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1017.668335][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1017.677146][ T9250] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1017.684285][ T9250] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1017.692169][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1017.700700][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1017.709814][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1017.730205][ T9239] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1017.743579][ T9239] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1017.766795][ T9243] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1017.784619][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1017.794878][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1017.803691][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1017.812770][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1017.821175][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1017.829980][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1017.838633][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1017.847823][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1017.865718][ T9248] 8021q: adding VLAN 0 to HW filter on device team0
[ 1017.884695][ T9240] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1017.892031][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1017.899834][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1017.909647][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1017.918554][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1017.928644][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1017.937430][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1017.946053][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1017.954448][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1017.965785][ T9247] 8021q: adding VLAN 0 to HW filter on device team0
[ 1017.977626][ T9243] 8021q: adding VLAN 0 to HW filter on device team0
[ 1017.987196][ T9246] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1018.007285][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1018.016350][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1018.025476][ T9260] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1018.032593][ T9260] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1018.043715][ T9239] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1018.075435][ T9246] 8021q: adding VLAN 0 to HW filter on device team0
[ 1018.085824][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1018.098665][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1018.107555][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1018.116136][ T9260] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1018.123259][ T9260] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1018.131368][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1018.139110][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1018.147050][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1018.156022][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1018.164563][ T9260] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1018.171652][ T9260] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1018.179173][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1018.187012][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1018.194993][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1018.203901][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1018.212639][ T9260] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1018.219685][ T9260] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1018.227374][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1018.236072][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1018.245051][ T9260] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1018.252200][ T9260] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1018.260183][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1018.268697][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1018.283808][ T9240] 8021q: adding VLAN 0 to HW filter on device team0
[ 1018.305410][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1018.320250][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1018.329381][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1018.344450][ T9249] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1018.352215][ T9249] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1018.362697][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1018.372467][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1018.380945][ T9249] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1018.388279][ T9249] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1018.398124][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1018.407327][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1018.416137][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1018.424833][ T9249] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1018.432059][ T9249] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1018.488091][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1018.498488][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1018.508975][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1018.518565][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1018.527460][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1018.536871][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1018.546074][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1018.560439][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1018.569601][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1018.578160][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1018.586961][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1018.595836][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1018.605170][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1018.615374][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1018.624335][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1018.634919][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1018.643871][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1018.652567][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1018.661781][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1018.670514][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1018.679163][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1018.688327][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1018.696981][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1018.705985][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1018.714742][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1018.723402][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1018.733022][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1018.741575][ T3009] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1018.748855][ T3009] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1018.757361][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1018.766281][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1018.774977][ T3009] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1018.782095][ T3009] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1018.790541][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1018.798528][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1018.806524][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1018.815308][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1018.844239][ T9247] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1018.858839][ T9247] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1018.878161][ T9248] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1018.939346][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1018.950101][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1018.959540][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1018.969239][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1018.978200][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1018.987053][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1018.996031][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1019.005027][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1019.013975][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1019.023019][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1019.030803][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1019.072261][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1019.080942][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1019.093677][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1019.102570][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1019.111229][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1019.119914][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1019.128971][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1019.137759][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1019.146544][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1019.155915][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1019.164712][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1019.173552][ T9260] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1019.195135][ T9246] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1019.217092][ T9243] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1019.228145][ T9243] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1019.240156][ T9261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1019.249508][ T9261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1019.259132][ T9261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1019.267791][ T9261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1019.276248][ T9261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1019.303822][ T9247] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1019.329135][ T9240] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1019.338599][ T9248] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1019.355435][ T9246] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1019.385759][ T9243] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1020.972785][ T3009] Bluetooth: hci0: command 0x1003 tx timeout
[ 1020.981018][ T9316] Bluetooth: hci0: sending frame failed (-49)
[ 1021.692288][ T9260] Bluetooth: hci2: command 0x1003 tx timeout
[ 1021.698943][ T9260] Bluetooth: hci1: command 0x1003 tx timeout
[ 1021.700346][ T9316] Bluetooth: hci2: sending frame failed (-49)
[ 1021.712465][ T9316] Bluetooth: hci1: sending frame failed (-49)
[ 1021.771673][ T9260] Bluetooth: hci3: command 0x1003 tx timeout
[ 1021.777822][ T9316] Bluetooth: hci3: sending frame failed (-49)
[ 1021.931650][ T9260] Bluetooth: hci5: command 0x1003 tx timeout
[ 1021.941450][ T9260] Bluetooth: hci4: command 0x1003 tx timeout
[ 1021.941491][ T9316] Bluetooth: hci5: sending frame failed (-49)
[ 1021.948960][ T9317] Bluetooth: hci4: sending frame failed (-49)
[ 1023.051784][ T9260] Bluetooth: hci0: command 0x1001 tx timeout
[ 1023.058410][ T9316] Bluetooth: hci0: sending frame failed (-49)
[ 1023.772257][ T3009] Bluetooth: hci1: command 0x1001 tx timeout
[ 1023.778337][ T3009] Bluetooth: hci2: command 0x1001 tx timeout
[ 1023.778384][ T9316] Bluetooth: hci1: sending frame failed (-49)
[ 1023.784490][ T9317] Bluetooth: hci2: sending frame failed (-49)
[ 1023.851949][ T3009] Bluetooth: hci3: command 0x1001 tx timeout
[ 1023.858070][ T9317] Bluetooth: hci3: sending frame failed (-49)
[ 1024.011906][ T9260] Bluetooth: hci4: command 0x1001 tx timeout
[ 1024.012715][ T3009] Bluetooth: hci5: command 0x1001 tx timeout
[ 1024.024109][ T9317] Bluetooth: hci4: sending frame failed (-49)
[ 1024.030985][ T9317] Bluetooth: hci5: sending frame failed (-49)
[ 1025.131651][ T3009] Bluetooth: hci0: command 0x1009 tx timeout
[ 1025.851470][ T9260] Bluetooth: hci1: command 0x1009 tx timeout
[ 1025.851612][ T3009] Bluetooth: hci2: command 0x1009 tx timeout
[ 1025.931618][ T3009] Bluetooth: hci3: command 0x1009 tx timeout
[ 1026.092170][ T3009] Bluetooth: hci4: command 0x1009 tx timeout
[ 1026.092176][ T9260] Bluetooth: hci5: command 0x1009 tx timeout
2019/10/11 06:34:03 executed programs: 6
[ 1030.271919][ T9257] Bluetooth: Error in BCSP hdr checksum
[ 1030.281680][ T9278] Bluetooth: Error in BCSP hdr checksum
[ 1030.283799][ T9257] Bluetooth: Error in BCSP hdr checksum
[ 1030.295009][ T9278] Bluetooth: Error in BCSP hdr checksum
[ 1030.322420][    T7] Bluetooth: Error in BCSP hdr checksum
[ 1031.371433][ T9249] Bluetooth: hci0: command 0x1003 tx timeout
[ 1031.377587][ T9317] Bluetooth: hci0: sending frame failed (-49)
[ 1032.091424][ T9249] Bluetooth: hci3: command 0x1003 tx timeout
[ 1032.091527][ T9323] Bluetooth: hci5: command 0x1003 tx timeout
[ 1032.098817][ T9249] Bluetooth: hci2: command 0x1003 tx timeout
[ 1032.103787][ T9317] Bluetooth: hci3: sending frame failed (-49)
[ 1032.115796][ T9316] Bluetooth: hci2: sending frame failed (-49)
[ 1032.116563][ T9317] Bluetooth: hci5: sending frame failed (-49)
[ 1032.123040][ T9249] Bluetooth: hci1: command 0x1003 tx timeout
[ 1032.129043][ T9323] Bluetooth: hci4: command 0x1003 tx timeout
[ 1032.141669][ T9317] Bluetooth: hci4: sending frame failed (-49)
[ 1032.141775][ T9316] Bluetooth: hci1: sending frame failed (-49)
[ 1033.451412][ T9323] Bluetooth: hci0: command 0x1001 tx timeout
[ 1033.458102][ T9316] Bluetooth: hci0: sending frame failed (-49)
[ 1034.171463][ T9249] Bluetooth: hci1: command 0x1001 tx timeout
[ 1034.171570][ T9323] Bluetooth: hci4: command 0x1001 tx timeout
[ 1034.177646][ T9316] Bluetooth: hci1: sending frame failed (-49)
[ 1034.190284][ T9317] Bluetooth: hci4: sending frame failed (-49)
[ 1034.190498][ T9249] Bluetooth: hci2: command 0x1001 tx timeout
[ 1034.197071][ T9323] Bluetooth: hci5: command 0x1001 tx timeout
[ 1034.202784][ T9317] Bluetooth: hci2: sending frame failed (-49)
[ 1034.211335][ T9323] Bluetooth: hci3: command 0x1001 tx timeout
[ 1034.215009][ T9316] Bluetooth: hci5: sending frame failed (-49)
[ 1034.227131][ T9317] Bluetooth: hci3: sending frame failed (-49)
[ 1035.531463][ T9249] Bluetooth: hci0: command 0x1009 tx timeout
[ 1036.251548][ T9249] Bluetooth: hci5: command 0x1009 tx timeout
[ 1036.251633][ T9323] Bluetooth: hci3: command 0x1009 tx timeout
[ 1036.257636][ T9249] Bluetooth: hci1: command 0x1009 tx timeout
[ 1036.263769][ T9323] Bluetooth: hci2: command 0x1009 tx timeout
[ 1036.275784][ T9323] Bluetooth: hci4: command 0x1009 tx timeout
2019/10/11 06:34:13 executed programs: 12
[ 1040.174657][ T9330] ==================================================================
[ 1040.183145][ T9330] BUG: KASAN: use-after-free in kfree_skb+0x38/0x3c0
[ 1040.190203][ T9330] Read of size 4 at addr ffff888090c4c194 by task syz-executor.5/9330
[ 1040.198531][ T9330] 
[ 1040.200863][ T9330] CPU: 0 PID: 9330 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0
[ 1040.208656][ T9330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1040.218710][ T9330] Call Trace:
[ 1040.222067][ T9330]  dump_stack+0x172/0x1f0
[ 1040.226914][ T9330]  ? kfree_skb+0x38/0x3c0
[ 1040.231453][ T9330]  print_address_description.constprop.0.cold+0xd4/0x30b
[ 1040.238484][ T9330]  ? kfree_skb+0x38/0x3c0
[ 1040.242906][ T9330]  ? kfree_skb+0x38/0x3c0
[ 1040.247226][ T9330]  __kasan_report.cold+0x1b/0x41
[ 1040.252150][ T9330]  ? kfree_skb+0x38/0x3c0
[ 1040.256579][ T9330]  kasan_report+0x12/0x20
[ 1040.260931][ T9330]  check_memory_region+0x134/0x1a0
[ 1040.266196][ T9330]  __kasan_check_read+0x11/0x20
[ 1040.271349][ T9330]  kfree_skb+0x38/0x3c0
[ 1040.275774][ T9330]  bcsp_close+0xc7/0x130
[ 1040.280143][ T9330]  hci_uart_tty_close+0x21e/0x280
[ 1040.285874][ T9330]  ? hci_uart_close+0x50/0x50
[ 1040.290660][ T9330]  tty_ldisc_close.isra.0+0x119/0x1a0
[ 1040.296034][ T9330]  tty_ldisc_kill+0x9c/0x160
[ 1040.300970][ T9330]  tty_ldisc_release+0xe9/0x2b0
[ 1040.306169][ T9330]  tty_release_struct+0x1b/0x50
[ 1040.311006][ T9330]  tty_release+0xbcb/0xe90
[ 1040.315550][ T9330]  __fput+0x2ff/0x890
[ 1040.319739][ T9330]  ? put_tty_driver+0x20/0x20
[ 1040.324424][ T9330]  ____fput+0x16/0x20
[ 1040.328401][ T9330]  task_work_run+0x145/0x1c0
[ 1040.333829][ T9330]  exit_to_usermode_loop+0x316/0x380
[ 1040.339131][ T9330]  do_fast_syscall_32+0xb87/0xdb3
[ 1040.344314][ T9330]  entry_SYSENTER_compat+0x70/0x7f
[ 1040.349409][ T9330] RIP: 0023:0xf7f2ba29
[ 1040.353471][ T9330] Code: b8 80 96 98 00 eb cc 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 1040.373675][ T9330] RSP: 002b:00000000ffbbed0c EFLAGS: 00000296 ORIG_RAX: 0000000000000006
[ 1040.384607][ T9330] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[ 1040.394849][ T9330] RDX: 0000000000000004 RSI: 000000000816b680 RDI: 00000000000fba7f
[ 1040.403172][ T9330] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1040.411126][ T9330] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1040.419175][ T9330] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1040.427144][ T9330] 
[ 1040.429557][ T9330] Allocated by task 9278:
[ 1040.434761][ T9330]  save_stack+0x23/0x90
[ 1040.439125][ T9330]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1040.444751][ T9330]  kasan_slab_alloc+0xf/0x20
[ 1040.449448][ T9330]  kmem_cache_alloc_node+0x138/0x740
[ 1040.455214][ T9330]  __alloc_skb+0xd5/0x5e0
[ 1040.459621][ T9330]  bcsp_recv+0x8c1/0x13a0
[ 1040.463937][ T9330]  hci_uart_tty_receive+0x279/0x6e0
[ 1040.469127][ T9330]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1040.474405][ T9330]  tty_port_default_receive_buf+0x7d/0xb0
[ 1040.481500][ T9330]  flush_to_ldisc+0x222/0x390
[ 1040.486160][ T9330]  process_one_work+0x9af/0x1740
[ 1040.491601][ T9330]  worker_thread+0x98/0xe40
[ 1040.496695][ T9330]  kthread+0x361/0x430
[ 1040.500924][ T9330]  ret_from_fork+0x24/0x30
[ 1040.505323][ T9330] 
[ 1040.507633][ T9330] Freed by task 9278:
[ 1040.511663][ T9330]  save_stack+0x23/0x90
[ 1040.515825][ T9330]  __kasan_slab_free+0x102/0x150
[ 1040.520761][ T9330]  kasan_slab_free+0xe/0x10
[ 1040.525289][ T9330]  kmem_cache_free+0x86/0x320
[ 1040.529984][ T9330]  kfree_skbmem+0xc5/0x150
[ 1040.534398][ T9330]  kfree_skb+0x109/0x3c0
[ 1040.538629][ T9330]  bcsp_recv+0x2d8/0x13a0
[ 1040.542941][ T9330]  hci_uart_tty_receive+0x279/0x6e0
[ 1040.548302][ T9330]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1040.553659][ T9330]  tty_port_default_receive_buf+0x7d/0xb0
[ 1040.559839][ T9330]  flush_to_ldisc+0x222/0x390
[ 1040.564525][ T9330]  process_one_work+0x9af/0x1740
[ 1040.569455][ T9330]  worker_thread+0x98/0xe40
[ 1040.573940][ T9330]  kthread+0x361/0x430
[ 1040.578005][ T9330]  ret_from_fork+0x24/0x30
[ 1040.582396][ T9330] 
[ 1040.584730][ T9330] The buggy address belongs to the object at ffff888090c4c0c0
[ 1040.584730][ T9330]  which belongs to the cache skbuff_head_cache of size 224
[ 1040.599891][ T9330] The buggy address is located 212 bytes inside of
[ 1040.599891][ T9330]  224-byte region [ffff888090c4c0c0, ffff888090c4c1a0)
[ 1040.613138][ T9330] The buggy address belongs to the page:
[ 1040.618755][ T9330] page:ffffea0002431300 refcount:1 mapcount:0 mapping:ffff8880a99dc8c0 index:0x0
[ 1040.627842][ T9330] flags: 0x1fffc0000000200(slab)
[ 1040.632771][ T9330] raw: 01fffc0000000200 ffffea0002419d08 ffffea000268f988 ffff8880a99dc8c0
[ 1040.641425][ T9330] raw: 0000000000000000 ffff888090c4c0c0 000000010000000c 0000000000000000
[ 1040.649985][ T9330] page dumped because: kasan: bad access detected
[ 1040.656376][ T9330] 
[ 1040.658682][ T9330] Memory state around the buggy address:
[ 1040.664317][ T9330]  ffff888090c4c080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 1040.673787][ T9330]  ffff888090c4c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1040.681864][ T9330] >ffff888090c4c180: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 1040.690600][ T9330]                          ^
[ 1040.695523][ T9330]  ffff888090c4c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1040.703563][ T9330]  ffff888090c4c280: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1040.711609][ T9330] ==================================================================
[ 1040.719647][ T9330] Disabling lock debugging due to kernel taint
[ 1040.725808][ T9331] ==================================================================
[ 1040.733884][ T9331] BUG: KASAN: double-free or invalid-free in skb_free_head+0x93/0xb0
[ 1040.733886][ T9331] 
[ 1040.733901][ T9331] CPU: 1 PID: 9331 Comm: syz-executor.1 Tainted: G    B             5.4.0-rc2+ #0
[ 1040.733906][ T9331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1040.733916][ T9331] Call Trace:
[ 1040.744362][ T9331]  dump_stack+0x172/0x1f0
[ 1040.763765][ T9331]  print_address_description.constprop.0.cold+0xd4/0x30b
[ 1040.763784][ T9331]  ? skb_free_head+0x93/0xb0
[ 1040.771371][ T9331]  kasan_report_invalid_free+0x65/0xa0
[ 1040.771384][ T9331]  ? skb_free_head+0x93/0xb0
[ 1040.771395][ T9331]  __kasan_slab_free+0x13a/0x150
[ 1040.771406][ T9331]  ? skb_free_head+0x93/0xb0
[ 1040.771420][ T9331]  kasan_slab_free+0xe/0x10
[ 1040.784032][ T9331]  kfree+0x10a/0x2c0
[ 1040.784047][ T9331]  skb_free_head+0x93/0xb0
[ 1040.784058][ T9331]  skb_release_data+0x42d/0x7c0
[ 1040.784075][ T9331]  ? bcsp_close+0xc7/0x130
[ 1040.794157][ T9331]  skb_release_all+0x4d/0x60
[ 1040.794168][ T9331]  kfree_skb+0x101/0x3c0
[ 1040.794180][ T9331]  bcsp_close+0xc7/0x130
[ 1040.794196][ T9331]  hci_uart_tty_close+0x21e/0x280
[ 1040.804035][ T9331]  ? hci_uart_close+0x50/0x50
[ 1040.804052][ T9331]  tty_ldisc_close.isra.0+0x119/0x1a0
[ 1040.804069][ T9331]  tty_ldisc_kill+0x9c/0x160
[ 1040.812428][ T9331]  tty_ldisc_release+0xe9/0x2b0
[ 1040.812441][ T9331]  tty_release_struct+0x1b/0x50
[ 1040.812455][ T9331]  tty_release+0xbcb/0xe90
[ 1040.822212][ T9331]  __fput+0x2ff/0x890
[ 1040.822225][ T9331]  ? put_tty_driver+0x20/0x20
[ 1040.822240][ T9331]  ____fput+0x16/0x20
[ 1040.831414][ T9331]  task_work_run+0x145/0x1c0
[ 1040.831432][ T9331]  exit_to_usermode_loop+0x316/0x380
[ 1040.831451][ T9331]  do_fast_syscall_32+0xb87/0xdb3
[ 1040.839985][ T9331]  entry_SYSENTER_compat+0x70/0x7f
[ 1040.839993][ T9331] RIP: 0023:0xf7f4ea29
[ 1040.840010][ T9331] Code: b8 80 96 98 00 eb cc 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 1040.849748][ T9331] RSP: 002b:00000000fffac0ec EFLAGS: 00000292 ORIG_RAX: 0000000000000006
[ 1040.849759][ T9331] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[ 1040.849771][ T9331] RDX: 0000000000000004 RSI: 000000000816b680 RDI: 00000000000fba81
[ 1040.859872][ T9331] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1040.859878][ T9331] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1040.859885][ T9331] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1040.859897][ T9331] 
[ 1040.869551][ T9331] Allocated by task 7:
[ 1040.869566][ T9331]  save_stack+0x23/0x90
[ 1040.869582][ T9331]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1040.877926][ T9331]  kasan_kmalloc+0x9/0x10
[ 1040.877938][ T9331]  __kmalloc_node_track_caller+0x4e/0x70
[ 1040.877957][ T9331]  __kmalloc_reserve.isra.0+0x40/0xf0
[ 1040.887277][ T9331]  __alloc_skb+0x10b/0x5e0
[ 1040.887294][ T9331]  bcsp_recv+0x8c1/0x13a0
[ 1040.897396][ T9331]  hci_uart_tty_receive+0x279/0x6e0
[ 1040.897408][ T9331]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1040.897424][ T9331]  tty_port_default_receive_buf+0x7d/0xb0
[ 1040.908573][ T9331]  flush_to_ldisc+0x222/0x390
[ 1040.908593][ T9331]  process_one_work+0x9af/0x1740
[ 1040.932401][ T9331]  worker_thread+0x98/0xe40
[ 1040.932412][ T9331]  kthread+0x361/0x430
[ 1040.932425][ T9331]  ret_from_fork+0x24/0x30
[ 1040.932427][ T9331] 
[ 1040.932438][ T9331] Freed by task 7:
[ 1040.941383][ T9324] kobject: 'hci1' (00000000db56c281): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1'
[ 1040.949246][ T9331]  save_stack+0x23/0x90
[ 1040.949255][ T9331]  __kasan_slab_free+0x102/0x150
[ 1040.949269][ T9331]  kasan_slab_free+0xe/0x10
[ 1040.957571][ T9327] kobject: 'hci2' (000000001b8e76ed): kobject_cleanup, parent 0000000056c6e577
[ 1040.965524][ T9331]  kfree+0x10a/0x2c0
[ 1040.965538][ T9331]  skb_free_head+0x93/0xb0
[ 1040.965547][ T9331]  skb_release_data+0x42d/0x7c0
[ 1040.965554][ T9331]  skb_release_all+0x4d/0x60
[ 1040.965567][ T9331]  kfree_skb+0x101/0x3c0
[ 1040.973792][ T9328] kobject: 'hci3' (000000002d922d42): fill_kobj_path: path = '/devices/virtual/bluetooth/hci3'
[ 1040.981556][ T9331]  bcsp_recv+0x2d8/0x13a0
[ 1040.981567][ T9331]  hci_uart_tty_receive+0x279/0x6e0
[ 1040.981579][ T9331]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1040.981596][ T9331]  tty_port_default_receive_buf+0x7d/0xb0
[ 1040.984251][ T9324] kobject: 'hci1' (00000000db56c281): kobject_cleanup, parent 0000000056c6e577
[ 1040.987959][ T9331]  flush_to_ldisc+0x222/0x390
[ 1040.987971][ T9331]  process_one_work+0x9af/0x1740
[ 1040.987986][ T9331]  worker_thread+0x98/0xe40
[ 1040.992265][ T9327] kobject: 'hci2' (000000001b8e76ed): calling ktype release
[ 1040.997724][ T9331]  kthread+0x361/0x430
[ 1040.997735][ T9331]  ret_from_fork+0x24/0x30
[ 1040.997743][ T9331] 
[ 1041.002323][ T9328] kobject: 'hci3' (000000002d922d42): kobject_cleanup, parent 0000000056c6e577
[ 1041.007745][ T9331] The buggy address belongs to the object at ffff8880917ec000
[ 1041.007745][ T9331]  which belongs to the cache kmalloc-8k of size 8192
[ 1041.007755][ T9331] The buggy address is located 0 bytes inside of
[ 1041.007755][ T9331]  8192-byte region [ffff8880917ec000, ffff8880917ee000)
[ 1041.007763][ T9331] The buggy address belongs to the page:
[ 1041.013450][ T9324] kobject: 'hci1' (00000000db56c281): calling ktype release
[ 1041.017626][ T9331] page:ffffea000245fb00 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0
[ 1041.017640][ T9331] flags: 0x1fffc0000010200(slab|head)
[ 1041.017656][ T9331] raw: 01fffc0000010200 ffffea00026dfb08 ffffea0002645708 ffff8880aa4021c0
[ 1041.022165][ T9327] kobject: 'hci2': free name
[ 1041.027150][ T9331] raw: 0000000000000000 ffff8880917ec000 0000000100000001 0000000000000000
[ 1041.027155][ T9331] page dumped because: kasan: bad access detected
[ 1041.027158][ T9331] 
[ 1041.027161][ T9331] Memory state around the buggy address:
[ 1041.027173][ T9331]  ffff8880917ebf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1041.032607][ T9328] kobject: 'hci3' (000000002d922d42): calling ktype release
[ 1041.038222][ T9331]  ffff8880917ebf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1041.038230][ T9331] >ffff8880917ec000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1041.038235][ T9331]                    ^
[ 1041.038246][ T9331]  ffff8880917ec080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1041.043086][ T9324] kobject: 'hci1': free name
[ 1041.047909][ T9331]  ffff8880917ec100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1041.047913][ T9331] ==================================================================
[ 1041.047924][ T9331] Kernel panic - not syncing: panic_on_warn set ...
[ 1041.052568][ T9327] ==================================================================
[ 1041.056477][ T9331] CPU: 1 PID: 9331 Comm: syz-executor.1 Tainted: G    B             5.4.0-rc2+ #0
[ 1041.062427][ T9327] BUG: KASAN: double-free or invalid-free in skb_free_head+0x93/0xb0
[ 1041.062434][ T9327] 
[ 1041.064740][ T9331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1041.415986][ T9331] Call Trace:
[ 1041.419288][ T9331]  dump_stack+0x172/0x1f0
[ 1041.423701][ T9331]  panic+0x2e3/0x75c
[ 1041.427591][ T9331]  ? add_taint.cold+0x16/0x16
[ 1041.432277][ T9331]  ? skb_free_head+0x93/0xb0
[ 1041.436850][ T9331]  ? trace_hardirqs_off+0x62/0x240
[ 1041.442642][ T9331]  ? trace_hardirqs_off+0x59/0x240
[ 1041.447747][ T9331]  ? skb_free_head+0x93/0xb0
[ 1041.452323][ T9331]  end_report+0x47/0x4f
[ 1041.456465][ T9331]  kasan_report_invalid_free+0x82/0xa0
[ 1041.461908][ T9331]  ? skb_free_head+0x93/0xb0
[ 1041.466570][ T9331]  __kasan_slab_free+0x13a/0x150
[ 1041.471496][ T9331]  ? skb_free_head+0x93/0xb0
[ 1041.476070][ T9331]  kasan_slab_free+0xe/0x10
[ 1041.480817][ T9331]  kfree+0x10a/0x2c0
[ 1041.485054][ T9331]  skb_free_head+0x93/0xb0
[ 1041.489651][ T9331]  skb_release_data+0x42d/0x7c0
[ 1041.494837][ T9331]  ? bcsp_close+0xc7/0x130
[ 1041.499240][ T9331]  skb_release_all+0x4d/0x60
[ 1041.503824][ T9331]  kfree_skb+0x101/0x3c0
[ 1041.508064][ T9331]  bcsp_close+0xc7/0x130
[ 1041.512476][ T9331]  hci_uart_tty_close+0x21e/0x280
[ 1041.517498][ T9331]  ? hci_uart_close+0x50/0x50
[ 1041.522173][ T9331]  tty_ldisc_close.isra.0+0x119/0x1a0
[ 1041.528314][ T9331]  tty_ldisc_kill+0x9c/0x160
[ 1041.532892][ T9331]  tty_ldisc_release+0xe9/0x2b0
[ 1041.537739][ T9331]  tty_release_struct+0x1b/0x50
[ 1041.542691][ T9331]  tty_release+0xbcb/0xe90
[ 1041.547110][ T9331]  __fput+0x2ff/0x890
[ 1041.551271][ T9331]  ? put_tty_driver+0x20/0x20
[ 1041.556889][ T9331]  ____fput+0x16/0x20
[ 1041.560867][ T9331]  task_work_run+0x145/0x1c0
[ 1041.565449][ T9331]  exit_to_usermode_loop+0x316/0x380
[ 1041.570820][ T9331]  do_fast_syscall_32+0xb87/0xdb3
[ 1041.575843][ T9331]  entry_SYSENTER_compat+0x70/0x7f
[ 1041.580935][ T9331] RIP: 0023:0xf7f4ea29
[ 1041.585079][ T9331] Code: b8 80 96 98 00 eb cc 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 1041.605150][ T9331] RSP: 002b:00000000fffac0ec EFLAGS: 00000292 ORIG_RAX: 0000000000000006
[ 1041.613552][ T9331] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[ 1041.621878][ T9331] RDX: 0000000000000004 RSI: 000000000816b680 RDI: 00000000000fba81
[ 1041.629834][ T9331] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1041.638485][ T9331] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1041.646458][ T9331] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1041.654452][ T9327] CPU: 0 PID: 9327 Comm: syz-executor.3 Tainted: G    B             5.4.0-rc2+ #0
[ 1041.663744][ T9327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1041.674303][ T9327] Call Trace:
[ 1041.677592][ T9327]  dump_stack+0x172/0x1f0
[ 1041.682727][ T9327]  print_address_description.constprop.0.cold+0xd4/0x30b
[ 1041.689928][ T9327]  ? skb_free_head+0x93/0xb0
[ 1041.694510][ T9327]  kasan_report_invalid_free+0x65/0xa0
[ 1041.699953][ T9327]  ? skb_free_head+0x93/0xb0
[ 1041.705565][ T9327]  __kasan_slab_free+0x13a/0x150
[ 1041.710500][ T9327]  ? skb_free_head+0x93/0xb0
[ 1041.715139][ T9327]  kasan_slab_free+0xe/0x10
[ 1041.719638][ T9327]  kfree+0x10a/0x2c0
[ 1041.723518][ T9327]  skb_free_head+0x93/0xb0
[ 1041.727926][ T9327]  skb_release_data+0x42d/0x7c0
[ 1041.732768][ T9327]  ? bcsp_close+0xc7/0x130
[ 1041.737181][ T9327]  skb_release_all+0x4d/0x60
[ 1041.741750][ T9327]  kfree_skb+0x101/0x3c0
[ 1041.745989][ T9327]  bcsp_close+0xc7/0x130
[ 1041.750432][ T9327]  hci_uart_tty_close+0x21e/0x280
[ 1041.755445][ T9327]  ? hci_uart_close+0x50/0x50
[ 1041.760112][ T9327]  tty_ldisc_close.isra.0+0x119/0x1a0
[ 1041.765645][ T9327]  tty_ldisc_kill+0x9c/0x160
[ 1041.770228][ T9327]  tty_ldisc_release+0xe9/0x2b0
[ 1041.775085][ T9327]  tty_release_struct+0x1b/0x50
[ 1041.780043][ T9327]  tty_release+0xbcb/0xe90
[ 1041.784628][ T9327]  __fput+0x2ff/0x890
[ 1041.788611][ T9327]  ? put_tty_driver+0x20/0x20
[ 1041.793445][ T9327]  ____fput+0x16/0x20
[ 1041.797415][ T9327]  task_work_run+0x145/0x1c0
[ 1041.802002][ T9327]  exit_to_usermode_loop+0x316/0x380
[ 1041.807280][ T9327]  do_fast_syscall_32+0xb87/0xdb3
[ 1041.812293][ T9327]  entry_SYSENTER_compat+0x70/0x7f
[ 1041.817481][ T9327] RIP: 0023:0xf7f6ea29
[ 1041.821573][ T9327] Code: b8 80 96 98 00 eb cc 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 1041.841186][ T9327] RSP: 002b:00000000ffd912ac EFLAGS: 00000296 ORIG_RAX: 0000000000000006
[ 1041.849670][ T9327] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[ 1041.857624][ T9327] RDX: 0000000000000004 RSI: 000000000816b680 RDI: 00000000000fba6c
[ 1041.865574][ T9327] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1041.873525][ T9327] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1041.881591][ T9327] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1041.889553][ T9327] 
[ 1041.891864][ T9327] Allocated by task 9257:
[ 1041.897397][ T9327]  save_stack+0x23/0x90
[ 1041.901538][ T9327]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1041.907167][ T9327]  kasan_kmalloc+0x9/0x10
[ 1041.911746][ T9327]  __kmalloc_node_track_caller+0x4e/0x70
[ 1041.917369][ T9327]  __kmalloc_reserve.isra.0+0x40/0xf0
[ 1041.922721][ T9327]  __alloc_skb+0x10b/0x5e0
[ 1041.927209][ T9327]  bcsp_recv+0x8c1/0x13a0
[ 1041.931518][ T9327]  hci_uart_tty_receive+0x279/0x6e0
[ 1041.936710][ T9327]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1041.941977][ T9327]  tty_port_default_receive_buf+0x7d/0xb0
[ 1041.947678][ T9327]  flush_to_ldisc+0x222/0x390
[ 1041.952337][ T9327]  process_one_work+0x9af/0x1740
[ 1041.958037][ T9327]  worker_thread+0x98/0xe40
[ 1041.962536][ T9327]  kthread+0x361/0x430
[ 1041.966590][ T9327]  ret_from_fork+0x24/0x30
[ 1041.970979][ T9327] 
[ 1041.973287][ T9327] Freed by task 9257:
[ 1041.977249][ T9327]  save_stack+0x23/0x90
[ 1041.981497][ T9327]  __kasan_slab_free+0x102/0x150
[ 1041.986518][ T9327]  kasan_slab_free+0xe/0x10
[ 1041.991026][ T9327]  kfree+0x10a/0x2c0
[ 1041.995062][ T9327]  skb_free_head+0x93/0xb0
[ 1041.999475][ T9327]  skb_release_data+0x42d/0x7c0
[ 1042.004309][ T9327]  skb_release_all+0x4d/0x60
[ 1042.008880][ T9327]  kfree_skb+0x101/0x3c0
[ 1042.013108][ T9327]  bcsp_recv+0x2d8/0x13a0
[ 1042.017437][ T9327]  hci_uart_tty_receive+0x279/0x6e0
[ 1042.022622][ T9327]  tty_ldisc_receive_buf+0x15f/0x1c0
[ 1042.027896][ T9327]  tty_port_default_receive_buf+0x7d/0xb0
[ 1042.033635][ T9327]  flush_to_ldisc+0x222/0x390
[ 1042.038308][ T9327]  process_one_work+0x9af/0x1740
[ 1042.043230][ T9327]  worker_thread+0x98/0xe40
[ 1042.047729][ T9327]  kthread+0x361/0x430
[ 1042.051790][ T9327]  ret_from_fork+0x24/0x30
[ 1042.056202][ T9327] 
[ 1042.058516][ T9327] The buggy address belongs to the object at ffff88809915c000
[ 1042.058516][ T9327]  which belongs to the cache kmalloc-8k of size 8192
[ 1042.072557][ T9327] The buggy address is located 0 bytes inside of
[ 1042.072557][ T9327]  8192-byte region [ffff88809915c000, ffff88809915e000)
[ 1042.085732][ T9327] The buggy address belongs to the page:
[ 1042.091386][ T9327] page:ffffea0002645700 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0
[ 1042.103193][ T9327] flags: 0x1fffc0000010200(slab|head)
[ 1042.108558][ T9327] raw: 01fffc0000010200 ffffea000245fb08 ffffea00026b8d08 ffff8880aa4021c0
[ 1042.117144][ T9327] raw: 0000000000000000 ffff88809915c000 0000000100000001 0000000000000000
[ 1042.125822][ T9327] page dumped because: kasan: bad access detected
[ 1042.132234][ T9327] 
[ 1042.134559][ T9327] Memory state around the buggy address:
[ 1042.140191][ T9327]  ffff88809915bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1042.148239][ T9327]  ffff88809915bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1042.156286][ T9327] >ffff88809915c000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1042.164325][ T9327]                    ^
[ 1042.168430][ T9327]  ffff88809915c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1042.176494][ T9327]  ffff88809915c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1042.184541][ T9327] ==================================================================
[ 1042.786089][ T9331] Shutting down cpus with NMI
[ 1042.791584][ T9331] Kernel Offset: disabled
[ 1042.795969][ T9331] Rebooting in 86400 seconds..