[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts.
2020/08/03 13:34:35 parsed 1 programs
2020/08/03 13:34:36 executed programs: 0
syzkaller login: [   35.061836] audit: type=1400 audit(1596461675.994:8): avc:  denied  { execmem } for  pid=6382 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   35.358325] IPVS: ftp: loaded support on port[0] = 21
[   36.162271] chnl_net:caif_netlink_parms(): no params data found
[   36.243171] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.249950] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.258308] device bridge_slave_0 entered promiscuous mode
[   36.265475] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.272600] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.279980] device bridge_slave_1 entered promiscuous mode
[   36.297028] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   36.305777] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   36.325158] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   36.332487] team0: Port device team_slave_0 added
[   36.338596] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   36.345683] team0: Port device team_slave_1 added
[   36.360773] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.367089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.392572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.404027] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.410644] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.436130] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.447168] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   36.454658] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   36.518693] device hsr_slave_0 entered promiscuous mode
[   36.556663] device hsr_slave_1 entered promiscuous mode
[   36.617100] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   36.624224] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   36.687832] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.694300] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.701346] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.707760] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.737096] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   36.743301] 8021q: adding VLAN 0 to HW filter on device bond0
[   36.753164] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   36.762642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   36.771422] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.788897] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.799528] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   36.805623] 8021q: adding VLAN 0 to HW filter on device team0
[   36.814939] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   36.822900] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.829366] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.846871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   36.854584] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.861073] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.868761] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   36.877274] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   36.885933] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   36.899189] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   36.909327] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   36.920390] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   36.926927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   36.934631] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   36.942541] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   36.953876] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[   36.965373] 8021q: adding VLAN 0 to HW filter on device batadv0
[   36.972376] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   36.979540] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   37.030532] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   37.040602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   37.072778] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   37.080701] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   37.088475] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   37.098213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   37.105707] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   37.113221] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   37.122029] device veth0_vlan entered promiscuous mode
[   37.131115] device veth1_vlan entered promiscuous mode
[   37.137383] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[   37.145775] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[   37.154132] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   37.161631] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   37.169665] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   37.180895] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[   37.190468] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
[   37.197408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   37.205358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   37.214398] device veth0_macvtap entered promiscuous mode
[   37.221064] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[   37.230460] device veth1_macvtap entered promiscuous mode
[   37.237190] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
[   37.245409] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[   37.255020] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[   37.265071] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
[   37.272573] batman_adv: batadv0: Interface activated: batadv_slave_0
[   37.279678] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   37.287023] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   37.294120] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   37.302245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   37.313252] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[   37.320300] batman_adv: batadv0: Interface activated: batadv_slave_1
[   37.327280] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   37.335026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2020/08/03 13:34:41 executed programs: 32
[   40.524942] Bluetooth: hci0 command 0x0409 tx timeout
[   42.604082] Bluetooth: hci0 command 0x041b tx timeout
[   44.682314] Bluetooth: hci0 command 0x040f tx timeout
2020/08/03 13:34:46 executed programs: 311
[   46.761456] Bluetooth: hci0 command 0x0419 tx timeout
2020/08/03 13:34:51 executed programs: 686
2020/08/03 13:34:56 executed programs: 1206
[   56.819992] ==================================================================
[   56.827589] BUG: KASAN: use-after-free in hci_chan_del+0x131/0x180
[   56.833908] Read of size 8 at addr ffff8880a40c0618 by task syz-executor.0/6383
[   56.841357] 
[   56.842968] CPU: 1 PID: 6383 Comm: syz-executor.0 Not tainted 4.14.191-syzkaller #0
[   56.850747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.860097] Call Trace:
[   56.862684]  dump_stack+0x1b2/0x283
[   56.866311]  ? l2cap_conn_del+0x670/0x670
[   56.870456]  print_address_description.cold+0x54/0x1d3
[   56.875730]  kasan_report_error.cold+0x8a/0x194
[   56.880394]  ? hci_chan_del+0x131/0x180
[   56.884372]  __asan_report_load8_noabort+0x68/0x70
[   56.889398]  ? hci_chan_del+0x131/0x180
[   56.893384]  hci_chan_del+0x131/0x180
[   56.897186]  l2cap_conn_del+0x417/0x670
[   56.901159]  ? __mutex_unlock_slowpath+0x75/0x770
[   56.906004]  ? l2cap_conn_del+0x670/0x670
[   56.910171]  l2cap_disconn_cfm+0x6b/0x80
[   56.914504]  hci_conn_hash_flush+0x114/0x220
[   56.919360]