[   47.099936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[   47.109839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   47.120478] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[   47.127816] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.136010] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   47.144164] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   47.152940] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   47.160797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   47.169037] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   47.177004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  399.338738] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  399.346360] batman_adv: batadv0: Removing interface: batadv_slave_0
[  399.354396] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  399.361971] batman_adv: batadv0: Removing interface: batadv_slave_1
[  399.371390] device bridge_slave_1 left promiscuous mode
[  399.377649] bridge0: port 2(bridge_slave_1) entered disabled state
[  399.429709] device bridge_slave_0 left promiscuous mode
[  399.435584] bridge0: port 1(bridge_slave_0) entered disabled state
[  399.492473] device veth1_macvtap left promiscuous mode
[  399.498510] device veth0_macvtap left promiscuous mode
[  399.503819] device veth1_vlan left promiscuous mode
[  399.510185] device veth0_vlan left promiscuous mode
[  399.629627] device hsr_slave_1 left promiscuous mode
[  399.677866] device hsr_slave_0 left promiscuous mode
[  399.723033] team0 (unregistering): Port device team_slave_1 removed
[  399.736129] team0 (unregistering): Port device team_slave_0 removed
[  399.747932] bond0 (unregistering): Releasing backup interface bond_slave_1
[  399.800061] bond0 (unregistering): Releasing backup interface bond_slave_0
[  399.869196] bond0 (unregistering): Released all slaves
[  402.328232] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.336081] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.343686] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.352531] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.361215] device bridge_slave_1 left promiscuous mode
[  402.367863] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.405805] device bridge_slave_0 left promiscuous mode
[  402.411721] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.457290] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.464683] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.473555] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.481003] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.489468] device bridge_slave_1 left promiscuous mode
[  402.495563] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.545787] device bridge_slave_0 left promiscuous mode
[  402.552650] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.606767] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.613664] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.622915] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.630761] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.639246] device bridge_slave_1 left promiscuous mode
[  402.646204] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.695597] device bridge_slave_0 left promiscuous mode
[  402.701415] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.759408] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.766604] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.775943] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.783340] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.794074] device bridge_slave_1 left promiscuous mode
[  402.800837] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.855907] device bridge_slave_0 left promiscuous mode
[  402.861914] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.916776] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.923891] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.932395] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.939614] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.947958] device bridge_slave_1 left promiscuous mode
[  402.953587] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.995511] device bridge_slave_0 left promiscuous mode
[  403.001678] bridge0: port 1(bridge_slave_0) entered disabled state
[  403.042247] device veth1_macvtap left promiscuous mode
[  403.048218] device veth0_macvtap left promiscuous mode
[  403.053868] device veth1_vlan left promiscuous mode
[  403.059953] device veth0_vlan left promiscuous mode
[  403.065769] device veth1_macvtap left promiscuous mode
[  403.071482] device veth0_macvtap left promiscuous mode
[  403.077915] device veth1_vlan left promiscuous mode
[  403.082966] device veth0_vlan left promiscuous mode
[  403.089202] device veth1_macvtap left promiscuous mode
[  403.094622] device veth0_macvtap left promiscuous mode
[  403.101038] device veth1_vlan left promiscuous mode
[  403.107072] device veth0_vlan left promiscuous mode
[  403.112718] device veth1_macvtap left promiscuous mode
[  403.119122] device veth0_macvtap left promiscuous mode
[  403.125567] device veth1_vlan left promiscuous mode
[  403.130835] device veth0_vlan left promiscuous mode
[  403.137669] device veth1_macvtap left promiscuous mode
[  403.143254] device veth0_macvtap left promiscuous mode
[  403.149331] device veth1_vlan left promiscuous mode
[  403.154378] device veth0_vlan left promiscuous mode
[  403.420284] device hsr_slave_1 left promiscuous mode
[  403.467457] device hsr_slave_0 left promiscuous mode
[  403.512273] team0 (unregistering): Port device team_slave_1 removed
[  403.523973] team0 (unregistering): Port device team_slave_0 removed
[  403.534421] bond0 (unregistering): Releasing backup interface bond_slave_1
[  403.589099] bond0 (unregistering): Releasing backup interface bond_slave_0
[  403.634604] bond0 (unregistering): Released all slaves
[  403.748319] device hsr_slave_1 left promiscuous mode
[  403.787645] device hsr_slave_0 left promiscuous mode
[  403.842208] team0 (unregistering): Port device team_slave_1 removed
[  403.853571] team0 (unregistering): Port device team_slave_0 removed
[  403.863338] bond0 (unregistering): Releasing backup interface bond_slave_1
[  403.907774] bond0 (unregistering): Releasing backup interface bond_slave_0
[  403.974175] bond0 (unregistering): Released all slaves
[  404.077550] device hsr_slave_1 left promiscuous mode
[  404.117271] device hsr_slave_0 left promiscuous mode
[  404.181196] team0 (unregistering): Port device team_slave_1 removed
[  404.191165] team0 (unregistering): Port device team_slave_0 removed
[  404.200811] bond0 (unregistering): Releasing backup interface bond_slave_1
[  404.252953] bond0 (unregistering): Releasing backup interface bond_slave_0
[  404.303916] bond0 (unregistering): Released all slaves
[  404.409496] device hsr_slave_1 left promiscuous mode
[  404.448725] device hsr_slave_0 left promiscuous mode
[  404.492691] team0 (unregistering): Port device team_slave_1 removed
[  404.501844] team0 (unregistering): Port device team_slave_0 removed
[  404.511597] bond0 (unregistering): Releasing backup interface bond_slave_1
[  404.558507] bond0 (unregistering): Releasing backup interface bond_slave_0
[  404.614207] bond0 (unregistering): Released all slaves
[  404.726608] device hsr_slave_1 left promiscuous mode
[  404.787567] device hsr_slave_0 left promiscuous mode
[  404.852048] team0 (unregistering): Port device team_slave_1 removed
[  404.862759] team0 (unregistering): Port device team_slave_0 removed
[  404.872352] bond0 (unregistering): Releasing backup interface bond_slave_1
[  404.909470] bond0 (unregistering): Releasing backup interface bond_slave_0
[  404.963470] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.0.139' (ECDSA) to the list of known hosts.
[  473.231891] ==================================================================
[  473.239889] BUG: KASAN: use-after-free in hci_sock_bind+0x66b/0xf30
[  473.246740] Write of size 4 at addr ffff8881dda256a0 by task syz-executor879/5281
[  473.254932] 
[  473.256637] CPU: 1 PID: 5281 Comm: syz-executor879 Not tainted 4.19.170-syzkaller #0
[  473.265344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  473.275056] Call Trace:
[  473.278113]  dump_stack+0x123/0x171
[  473.282838]  print_address_description.cold.8+0x9/0x1ff
[  473.290014]  kasan_report.cold.9+0x242/0x2fe
[  473.295045]  ? hci_sock_bind+0x66b/0xf30
[  473.299476]  check_memory_region+0x13e/0x1b0
[  473.304520]  kasan_check_write+0x14/0x20
[  473.309328]  hci_sock_bind+0x66b/0xf30
[  473.313427]  ? hci_sock_ioctl+0x600/0x600
[  473.318007]  ? apparmor_socket_bind+0x81/0x110
[  473.322861]  __sys_bind+0x1e1/0x230
[  473.327079]  ? __ia32_sys_socketpair+0xf0/0xf0
[  473.331950]  ? kasan_check_read+0x11/0x20
[  473.336383]  ? __x64_sys_futex+0x1cb/0x3a0
[  473.341017]  ? fd_install+0x47/0x60
[  473.344750]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  473.350093]  ? do_syscall_64+0x21/0x4e0
[  473.354722]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  473.360601]  __x64_sys_bind+0x6e/0xb0
[  473.364806]  do_syscall_64+0xd0/0x4e0
[  473.368625]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  473.374398] RIP: 0033:0x446859
[  473.377983] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  473.398313] RSP: 002b:00007fb42d1b4db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  473.406995] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446859
[  473.415420] RDX: 0000000000000006 RSI: 0000000020000080 RDI: 0000000000000004
[  473.423476] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000
[  473.431695] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
[  473.440204] R13: 00007fff2de78d9f R14: 00007fb42d1b59c0 R15: 000000000000002d
[  473.448117] 
[  473.449874] Allocated by task 5285:
[  473.454142]  save_stack+0x43/0xd0
[  473.457645]  kasan_kmalloc+0xc7/0xe0
[  473.461543]  kmem_cache_alloc_trace+0x152/0x740
[  473.466216]  hci_alloc_dev+0x3f/0x1bd0
[  473.470379]  __vhci_create_device+0xe1/0x500
[  473.475223]  vhci_write+0x28a/0x3f0
[  473.479829]  __vfs_write+0x443/0x890
[  473.484132]  vfs_write+0x150/0x4d0
[  473.488008]  ksys_write+0x103/0x260
[  473.492664]  __x64_sys_write+0x6e/0xb0
[  473.497236]  do_syscall_64+0xd0/0x4e0
[  473.501655]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  473.507110] 
[  473.509010] Freed by task 5278:
[  473.512602]  save_stack+0x43/0xd0
[  473.516241]  __kasan_slab_free+0x102/0x150
[  473.521063]  kasan_slab_free+0xe/0x10
[  473.525132]  kfree+0xcf/0x220
[  473.528340]  bt_host_release+0x10/0x20
[  473.532663]  device_release+0x71/0x1d0
[  473.536783]  kobject_put+0x115/0x1f0
[  473.540905]  put_device+0x12/0x20
[  473.544615]  hci_free_dev+0x10/0x20
[  473.548793]  vhci_release+0x73/0xe0
[  473.553043]  __fput+0x249/0x7f0
[  473.556421]  ____fput+0x9/0x10
[  473.560063]  task_work_run+0x108/0x180
[  473.563979]  do_exit+0xa8e/0x2e10
[  473.567792]  do_group_exit+0xf4/0x2f0
[  473.572982]  __x64_sys_exit_group+0x39/0x40
[  473.577988]  do_syscall_64+0xd0/0x4e0
[  473.582316]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  473.588292] 
[  473.589930] The buggy address belongs to the object at ffff8881dda24640
[  473.589930]  which belongs to the cache kmalloc-8192 of size 8192
[  473.604714] The buggy address is located 4192 bytes inside of
[  473.604714]  8192-byte region [ffff8881dda24640, ffff8881dda26640)
[  473.621236] The buggy address belongs to the page:
[  473.626326] page:ffffea0007768900 count:1 mapcount:0 mapping:ffff8881f6402080 index:0x0 compound_mapcount: 0
[  473.637913] flags: 0x17ffe0000008100(slab|head)
[  473.643409] raw: 017ffe0000008100 ffffea0007a45808 ffffea0007ced208 ffff8881f6402080
[  473.652402] raw: 0000000000000000 ffff8881dda24640 0000000100000001 0000000000000000
[  473.661066] page dumped because: kasan: bad access detected
[  473.667136] 
[  473.668860] Memory state around the buggy address:
[  473.674503]  ffff8881dda25580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  473.682483]  ffff8881dda25600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  473.689948] >ffff8881dda25680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  473.698718]                                ^
[  473.703655]  ffff8881dda25700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  473.711439]  ffff8881dda25780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  473.719845] ==================================================================
[  473.727649] Disabling lock debugging due to kernel taint
[  476.264618] Kernel panic - not syncing: panic_on_warn set ...
[  476.264618] 
[  476.272677] CPU: 1 PID: 5281 Comm: syz-executor879 Tainted: G    B             4.19.170-syzkaller #0
[  476.282975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  476.293035] Call Trace:
[  476.295791]  dump_stack+0x123/0x171
[  476.299551]  panic+0x1cd/0x375
[  476.303045]  ? __warn_printk+0xd6/0xd6
[  476.307386]  ? ___preempt_schedule+0x16/0x18
[  476.312129]  kasan_end_report+0x47/0x4f
[  476.316226]  kasan_report.cold.9+0x76/0x2fe
[  476.320740]  ? hci_sock_bind+0x66b/0xf30
[  476.325010]  check_memory_region+0x13e/0x1b0
[  476.330230]  kasan_check_write+0x14/0x20
[  476.335082]  hci_sock_bind+0x66b/0xf30
[  476.339044]  ? hci_sock_ioctl+0x600/0x600
[  476.343762]  ? apparmor_socket_bind+0x81/0x110
[  476.348596]  __sys_bind+0x1e1/0x230
[  476.352505]  ? __ia32_sys_socketpair+0xf0/0xf0
[  476.357269]  ? kasan_check_read+0x11/0x20
[  476.361542]  ? __x64_sys_futex+0x1cb/0x3a0
[  476.365952]  ? fd_install+0x47/0x60
[  476.369747]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  476.374720]  ? do_syscall_64+0x21/0x4e0
[  476.379123]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  476.384675]  __x64_sys_bind+0x6e/0xb0
[  476.389042]  do_syscall_64+0xd0/0x4e0
[  476.393267]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  476.398735] RIP: 0033:0x446859
[  476.402834] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  476.423004] RSP: 002b:00007fb42d1b4db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  476.431122] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446859
[  476.438988] RDX: 0000000000000006 RSI: 0000000020000080 RDI: 0000000000000004
[  476.447433] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000
[  476.455635] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
[  476.463965] R13: 00007fff2de78d9f R14: 00007fb42d1b59c0 R15: 000000000000002d
[  476.474284] Kernel Offset: disabled
[  476.478333] Rebooting in 86400 seconds..