[   45.108759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[   45.119068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   45.128721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[   45.138601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   45.149699] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[   45.157414] batman_adv: batadv0: Interface activated: batadv_slave_1
[   45.164947] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   45.173436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.182947] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   45.192240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  398.548637] syz-executor.5 (5894) used greatest stack depth: 23096 bytes left
[  399.169751] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  399.176843] batman_adv: batadv0: Removing interface: batadv_slave_0
[  399.185496] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  399.192658] batman_adv: batadv0: Removing interface: batadv_slave_1
[  399.201974] device bridge_slave_1 left promiscuous mode
[  399.208947] bridge0: port 2(bridge_slave_1) entered disabled state
[  399.260621] device bridge_slave_0 left promiscuous mode
[  399.266457] bridge0: port 1(bridge_slave_0) entered disabled state
[  399.332981] device veth1_macvtap left promiscuous mode
[  399.339306] device veth0_macvtap left promiscuous mode
[  399.345000] device veth1_vlan left promiscuous mode
[  399.351222] device veth0_vlan left promiscuous mode
[  399.480528] device hsr_slave_1 left promiscuous mode
[  399.520009] device hsr_slave_0 left promiscuous mode
[  399.566646] team0 (unregistering): Port device team_slave_1 removed
[  399.579321] team0 (unregistering): Port device team_slave_0 removed
[  399.592390] bond0 (unregistering): Releasing backup interface bond_slave_1
[  399.643003] bond0 (unregistering): Releasing backup interface bond_slave_0
[  399.710680] bond0 (unregistering): Released all slaves
[  402.150715] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.158258] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.166584] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.173894] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.181546] device bridge_slave_1 left promiscuous mode
[  402.187075] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.218276] device bridge_slave_0 left promiscuous mode
[  402.224417] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.269562] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.277418] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.285664] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.292579] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.300750] device bridge_slave_1 left promiscuous mode
[  402.306287] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.338154] device bridge_slave_0 left promiscuous mode
[  402.344434] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.399470] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.406212] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.414509] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.421820] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.430705] device bridge_slave_1 left promiscuous mode
[  402.436255] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.468792] device bridge_slave_0 left promiscuous mode
[  402.474686] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.530165] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.537041] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.545485] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.552994] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.561192] device bridge_slave_1 left promiscuous mode
[  402.566731] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.598879] device bridge_slave_0 left promiscuous mode
[  402.604708] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.650582] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.657928] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.665644] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.672787] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.681874] device bridge_slave_1 left promiscuous mode
[  402.687785] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.728383] device bridge_slave_0 left promiscuous mode
[  402.734098] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.792695] device veth1_macvtap left promiscuous mode
[  402.798530] device veth0_macvtap left promiscuous mode
[  402.804164] device veth1_vlan left promiscuous mode
[  402.811013] device veth0_vlan left promiscuous mode
[  402.816988] device veth1_macvtap left promiscuous mode
[  402.822635] device veth0_macvtap left promiscuous mode
[  402.828220] device veth1_vlan left promiscuous mode
[  402.833763] device veth0_vlan left promiscuous mode
[  402.839968] device veth1_macvtap left promiscuous mode
[  402.845913] device veth0_macvtap left promiscuous mode
[  402.851675] device veth1_vlan left promiscuous mode
[  402.858078] device veth0_vlan left promiscuous mode
[  402.864159] device veth1_macvtap left promiscuous mode
[  402.870146] device veth0_macvtap left promiscuous mode
[  402.875703] device veth1_vlan left promiscuous mode
[  402.880939] device veth0_vlan left promiscuous mode
[  402.886519] device veth1_macvtap left promiscuous mode
[  402.892435] device veth0_macvtap left promiscuous mode
[  402.898201] device veth1_vlan left promiscuous mode
[  402.903346] device veth0_vlan left promiscuous mode
[  403.170663] device hsr_slave_1 left promiscuous mode
[  403.210339] device hsr_slave_0 left promiscuous mode
[  403.254821] team0 (unregistering): Port device team_slave_1 removed
[  403.265254] team0 (unregistering): Port device team_slave_0 removed
[  403.274517] bond0 (unregistering): Releasing backup interface bond_slave_1
[  403.312299] bond0 (unregistering): Releasing backup interface bond_slave_0
[  403.376032] bond0 (unregistering): Released all slaves
[  403.461055] device hsr_slave_1 left promiscuous mode
[  403.499824] device hsr_slave_0 left promiscuous mode
[  403.555247] team0 (unregistering): Port device team_slave_1 removed
[  403.564448] team0 (unregistering): Port device team_slave_0 removed
[  403.574733] bond0 (unregistering): Releasing backup interface bond_slave_1
[  403.611661] bond0 (unregistering): Releasing backup interface bond_slave_0
[  403.677036] bond0 (unregistering): Released all slaves
[  403.789874] device hsr_slave_1 left promiscuous mode
[  403.839876] device hsr_slave_0 left promiscuous mode
[  403.883422] team0 (unregistering): Port device team_slave_1 removed
[  403.893156] team0 (unregistering): Port device team_slave_0 removed
[  403.902952] bond0 (unregistering): Releasing backup interface bond_slave_1
[  403.949958] bond0 (unregistering): Releasing backup interface bond_slave_0
[  404.025618] bond0 (unregistering): Released all slaves
[  404.143746] device hsr_slave_1 left promiscuous mode
[  404.200880] device hsr_slave_0 left promiscuous mode
[  404.273764] team0 (unregistering): Port device team_slave_1 removed
[  404.283256] team0 (unregistering): Port device team_slave_0 removed
[  404.294134] bond0 (unregistering): Releasing backup interface bond_slave_1
[  404.340825] bond0 (unregistering): Releasing backup interface bond_slave_0
[  404.405597] bond0 (unregistering): Released all slaves
[  404.512238] device hsr_slave_1 left promiscuous mode
[  404.571016] device hsr_slave_0 left promiscuous mode
[  404.615300] team0 (unregistering): Port device team_slave_1 removed
[  404.624702] team0 (unregistering): Port device team_slave_0 removed
[  404.634758] bond0 (unregistering): Releasing backup interface bond_slave_1
[  404.671785] bond0 (unregistering): Releasing backup interface bond_slave_0
Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts.
[  404.736497] bond0 (unregistering): Released all slaves
[  456.500066] ==================================================================
[  456.507908] BUG: KASAN: use-after-free in hci_sock_bind+0x66b/0xf30
[  456.514404] Write of size 4 at addr ffff8881c3bcaae0 by task syz-executor685/5549
[  456.522289] 
[  456.523920] CPU: 0 PID: 5549 Comm: syz-executor685 Not tainted 4.19.177-syzkaller #0
[  456.531881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  456.541411] Call Trace:
[  456.544148]  dump_stack+0x123/0x171
[  456.548634]  print_address_description.cold.8+0x9/0x1ff
[  456.554412]  kasan_report.cold.9+0x242/0x2fe
[  456.559082]  ? hci_sock_bind+0x66b/0xf30
[  456.563325]  check_memory_region+0x13e/0x1b0
[  456.567736]  kasan_check_write+0x14/0x20
[  456.571796]  hci_sock_bind+0x66b/0xf30
[  456.575896]  ? hci_sock_ioctl+0x600/0x600
[  456.580226]  ? apparmor_socket_bind+0x81/0x110
[  456.585026]  __sys_bind+0x1e1/0x230
[  456.588800]  ? __ia32_sys_socketpair+0xf0/0xf0
[  456.593639]  ? kasan_check_read+0x11/0x20
[  456.598080]  ? __x64_sys_futex+0x1cb/0x3a0
[  456.602508]  ? fd_install+0x47/0x60
[  456.606141]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  456.610989]  ? do_syscall_64+0x21/0x4e0
[  456.615171]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  456.620628]  __x64_sys_bind+0x6e/0xb0
[  456.624974]  do_syscall_64+0xd0/0x4e0
[  456.628911]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  456.634194] RIP: 0033:0x445809
[  456.637585] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  456.656801] RSP: 002b:00007efdc129f318 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  456.664689] RAX: ffffffffffffffda RBX: 00000000004ca428 RCX: 0000000000445809
[  456.672256] RDX: 0000000000000006 RSI: 0000000020000080 RDI: 0000000000000004
[  456.680052] RBP: 00000000004ca420 R08: 0000000000000000 R09: 0000000000000000
[  456.687584] R10: 0000000000000000 R11: 0000000000000246 R12: 6368762f7665642f
[  456.694859] R13: 00007ffc06faea7f R14: 00007efdc129f400 R15: 0000000000022000
[  456.702140] 
[  456.703829] Allocated by task 5548:
[  456.707543]  save_stack+0x43/0xd0
[  456.710998]  kasan_kmalloc+0xc7/0xe0
[  456.714727]  kmem_cache_alloc_trace+0x152/0x740
[  456.720043]  hci_alloc_dev+0x3f/0x1bd0
[  456.723933]  __vhci_create_device+0xe1/0x500
[  456.728339]  vhci_write+0x28a/0x3f0
[  456.731967]  __vfs_write+0x443/0x890
[  456.735682]  vfs_write+0x150/0x4d0
[  456.739422]  ksys_write+0x103/0x260
[  456.743220]  __x64_sys_write+0x6e/0xb0
[  456.747283]  do_syscall_64+0xd0/0x4e0
[  456.751172]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  456.757321] 
[  456.758994] Freed by task 5548:
[  456.762470]  save_stack+0x43/0xd0
[  456.766127]  __kasan_slab_free+0x102/0x150
[  456.770364]  kasan_slab_free+0xe/0x10
[  456.774261]  kfree+0xcf/0x220
[  456.777630]  bt_host_release+0x10/0x20
[  456.781640]  device_release+0x71/0x1d0
[  456.785527]  kobject_put+0x115/0x1f0
[  456.789249]  put_device+0x12/0x20
[  456.793716]  hci_free_dev+0x10/0x20
[  456.797442]  vhci_release+0x73/0xe0
[  456.801523]  __fput+0x249/0x7f0
[  456.804804]  ____fput+0x9/0x10
[  456.808145]  task_work_run+0x108/0x180
[  456.812033]  do_exit+0xa6b/0x2da0
[  456.815488]  do_group_exit+0xf4/0x2f0
[  456.819287]  get_signal+0x316/0x19e0
[  456.823002]  do_signal+0x87/0x1960
[  456.826540]  exit_to_usermode_loop+0x114/0x200
[  456.831121]  do_syscall_64+0x413/0x4e0
[  456.835200]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  456.840390] 
[  456.842038] The buggy address belongs to the object at ffff8881c3bc9a80
[  456.842038]  which belongs to the cache kmalloc-8192 of size 8192
[  456.854992] The buggy address is located 4192 bytes inside of
[  456.854992]  8192-byte region [ffff8881c3bc9a80, ffff8881c3bcba80)
[  456.867461] The buggy address belongs to the page:
[  456.872417] page:ffffea00070ef200 count:1 mapcount:0 mapping:ffff8881f6402080 index:0x0 compound_mapcount: 0
[  456.883001] flags: 0x17ffe0000008100(slab|head)
[  456.887845] raw: 017ffe0000008100 ffffea0007598b08 ffffea0007662008 ffff8881f6402080
[  456.895845] raw: 0000000000000000 ffff8881c3bc9a80 0000000100000001 0000000000000000
[  456.904303] page dumped because: kasan: bad access detected
[  456.910070] 
[  456.911727] Memory state around the buggy address:
[  456.916667]  ffff8881c3bca980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  456.924120]  ffff8881c3bcaa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  456.931485] >ffff8881c3bcaa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  456.939418]                                                        ^
[  456.945912]  ffff8881c3bcab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  456.953365]  ffff8881c3bcab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  456.960834] ==================================================================
[  456.968599] Disabling lock debugging due to kernel taint
[  459.101430] Kernel panic - not syncing: panic_on_warn set ...
[  459.101430] 
[  459.109577] CPU: 1 PID: 5549 Comm: syz-executor685 Tainted: G    B             4.19.177-syzkaller #0
[  459.119526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  459.129318] Call Trace:
[  459.132260]  dump_stack+0x123/0x171
[  459.136591]  panic+0x1cd/0x375
[  459.140123]  ? __warn_printk+0xd6/0xd6
[  459.144108]  ? ___preempt_schedule+0x16/0x18
[  459.148702]  kasan_end_report+0x47/0x4f
[  459.152860]  kasan_report.cold.9+0x76/0x2fe
[  459.157376]  ? hci_sock_bind+0x66b/0xf30
[  459.161634]  check_memory_region+0x13e/0x1b0
[  459.166218]  kasan_check_write+0x14/0x20
[  459.170481]  hci_sock_bind+0x66b/0xf30
[  459.174604]  ? hci_sock_ioctl+0x600/0x600
[  459.179109]  ? apparmor_socket_bind+0x81/0x110
[  459.184905]  __sys_bind+0x1e1/0x230
[  459.189000]  ? __ia32_sys_socketpair+0xf0/0xf0
[  459.193760]  ? kasan_check_read+0x11/0x20
[  459.198150]  ? __x64_sys_futex+0x1cb/0x3a0
[  459.202383]  ? fd_install+0x47/0x60
[  459.206355]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  459.211398]  ? do_syscall_64+0x21/0x4e0
[  459.215552]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  459.221482]  __x64_sys_bind+0x6e/0xb0
[  459.225405]  do_syscall_64+0xd0/0x4e0
[  459.229209]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  459.234567] RIP: 0033:0x445809
[  459.237844] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  459.257676] RSP: 002b:00007efdc129f318 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  459.265397] RAX: ffffffffffffffda RBX: 00000000004ca428 RCX: 0000000000445809
[  459.272680] RDX: 0000000000000006 RSI: 0000000020000080 RDI: 0000000000000004
[  459.279948] RBP: 00000000004ca420 R08: 0000000000000000 R09: 0000000000000000
[  459.287716] R10: 0000000000000000 R11: 0000000000000246 R12: 6368762f7665642f
[  459.295350] R13: 00007ffc06faea7f R14: 00007efdc129f400 R15: 0000000000022000
[  459.304983] Kernel Offset: disabled
[  459.308812] Rebooting in 86400 seconds..