[ 462.585617][ T397] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.758946][ T397] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.873871][ T397] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.952130][ T397] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts. [ 464.125661][ T29] audit: type=1400 audit(1608107235.162:11): avc: denied { execmem } for pid=13002 comm="syz-executor221" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 464.127718][T13003] IPVS: ftp: loaded support on port[0] = 21 [ 464.422391][ T397] device hsr_slave_0 left promiscuous mode [ 464.472420][ T397] device hsr_slave_1 left promiscuous mode [ 464.560703][ T397] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 464.568064][ T397] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 464.575897][ T397] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 464.583285][ T397] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 464.592089][ T397] device bridge_slave_1 left promiscuous mode [ 464.598488][ T397] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.631642][ T397] device bridge_slave_0 left promiscuous mode [ 464.637826][ T397] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.683992][ T397] device veth1_macvtap left promiscuous mode [ 464.691340][ T397] device veth0_macvtap left promiscuous mode [ 464.697319][ T397] device veth1_vlan left promiscuous mode [ 464.703574][ T397] device veth0_vlan left promiscuous mode [ 465.217578][T13025] ------------[ cut here ]------------ [ 465.223309][T13025] refcount_t: addition on 0; use-after-free. [ 465.229806][T13025] WARNING: CPU: 1 PID: 13025 at lib/refcount.c:25 refcount_warn_saturate+0x80/0xe0 [ 465.239529][T13025] Modules linked in: [ 465.243420][T13025] CPU: 1 PID: 13025 Comm: kworker/u5:0 Not tainted 5.10.0-syzkaller #0 [ 465.251635][T13025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 465.261675][T13025] Workqueue: hci0 hci_rx_work [ 465.266346][T13025] RIP: 0010:refcount_warn_saturate+0x80/0xe0 [ 465.272475][T13025] Code: 05 0c d8 bf 02 01 e8 5c c0 33 01 0f 0b c3 80 3d fc d7 bf 02 00 75 b8 48 c7 c7 60 8c f7 83 c6 05 ec d7 bf 02 01 e8 3d c0 33 01 <0f> 0b c3 80 3d df d7 bf 02 00 75 99 48 c7 c7 38 8c f7 83 c6 05 cf [ 465.292232][T13025] RSP: 0018:ffffc90000247cc8 EFLAGS: 00010282 [ 465.298261][T13025] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000002 [ 465.306218][T13025] RDX: 0000000080000002 RSI: ffffffff84081711 RDI: 00000000ffffffff [ 465.314178][T13025] RBP: ffff888116202800 R08: 0000000000000001 R09: 0000000000000001 [ 465.322134][T13025] R10: ffffc90000247af8 R11: ffffc90000247af0 R12: 0000000000000000 [ 465.330073][T13025] R13: 0000000000000001 R14: ffffffff848503e8 R15: 0000000000000000 [ 465.338127][T13025] FS: 0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 [ 465.347045][T13025] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 465.353618][T13025] CR2: 000055a3505eba80 CR3: 000000000448a000 CR4: 0000000000350ee0 [ 465.361576][T13025] Call Trace: [ 465.364829][T13025] l2cap_global_chan_by_psm+0x1f8/0x220 [ 465.370339][T13025] l2cap_recv_frame+0x554/0x2e40 [ 465.375348][T13025] ? hci_rx_work+0x19d/0x500 [ 465.379908][T13025] ? __mutex_unlock_slowpath+0x3e/0x2a0 [ 465.385448][T13025] hci_rx_work+0x1d3/0x500 [ 465.389844][T13025] process_one_work+0x293/0x600 [ 465.394673][T13025] ? process_one_work+0x600/0x600 [ 465.399661][T13025] worker_thread+0x38/0x380 [ 465.404141][T13025] ? process_one_work+0x600/0x600 [ 465.409126][T13025] kthread+0x145/0x170 [ 465.413178][T13025] ? kthread_bind+0x20/0x20 [ 465.417820][T13025] ret_from_fork+0x1f/0x30 [ 465.422235][T13025] Kernel panic - not syncing: panic_on_warn set ... [ 465.428872][T13025] CPU: 1 PID: 13025 Comm: kworker/u5:0 Not tainted 5.10.0-syzkaller #0 [ 465.437071][T13025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 465.447094][T13025] Workqueue: hci0 hci_rx_work [ 465.451732][T13025] Call Trace: [ 465.455177][T13025] dump_stack+0xa3/0xc8 [ 465.459380][T13025] panic+0x135/0x31a [ 465.463275][T13025] ? refcount_warn_saturate+0x80/0xe0 [ 465.468618][T13025] __warn.cold.13+0x16/0x20 [ 465.473089][T13025] ? refcount_warn_saturate+0x80/0xe0 [ 465.478424][T13025] report_bug+0xc0/0xf0 [ 465.482549][T13025] handle_bug+0x35/0x90 [ 465.486756][T13025] exc_invalid_op+0x13/0x60 [ 465.491228][T13025] asm_exc_invalid_op+0x12/0x20 [ 465.496066][T13025] RIP: 0010:refcount_warn_saturate+0x80/0xe0 [ 465.502010][T13025] Code: 05 0c d8 bf 02 01 e8 5c c0 33 01 0f 0b c3 80 3d fc d7 bf 02 00 75 b8 48 c7 c7 60 8c f7 83 c6 05 ec d7 bf 02 01 e8 3d c0 33 01 <0f> 0b c3 80 3d df d7 bf 02 00 75 99 48 c7 c7 38 8c f7 83 c6 05 cf [ 465.521687][T13025] RSP: 0018:ffffc90000247cc8 EFLAGS: 00010282 [ 465.527722][T13025] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000002 [ 465.535661][T13025] RDX: 0000000080000002 RSI: ffffffff84081711 RDI: 00000000ffffffff [ 465.543599][T13025] RBP: ffff888116202800 R08: 0000000000000001 R09: 0000000000000001 [ 465.551711][T13025] R10: ffffc90000247af8 R11: ffffc90000247af0 R12: 0000000000000000 [ 465.559948][T13025] R13: 0000000000000001 R14: ffffffff848503e8 R15: 0000000000000000 [ 465.567893][T13025] ? refcount_warn_saturate+0x80/0xe0 [ 465.573419][T13025] l2cap_global_chan_by_psm+0x1f8/0x220 [ 465.579104][T13025] l2cap_recv_frame+0x554/0x2e40 [ 465.584009][T13025] ? hci_rx_work+0x19d/0x500 [ 465.588564][T13025] ? __mutex_unlock_slowpath+0x3e/0x2a0 [ 465.594076][T13025] hci_rx_work+0x1d3/0x500 [ 465.598459][T13025] process_one_work+0x293/0x600 [ 465.603277][T13025] ? process_one_work+0x600/0x600 [ 465.608284][T13025] worker_thread+0x38/0x380 [ 465.613013][T13025] ? process_one_work+0x600/0x600 [ 465.618111][T13025] kthread+0x145/0x170 [ 465.622145][T13025] ? kthread_bind+0x20/0x20 [ 465.626701][T13025] ret_from_fork+0x1f/0x30 [ 465.635428][T13025] Kernel Offset: disabled [ 465.639972][T13025] Rebooting in 86400 seconds..