Warning: Permanently added '10.128.0.153' (ECDSA) to the list of known hosts.
2020/08/03 07:46:51 parsed 1 programs
2020/08/03 07:46:51 executed programs: 0
syzkaller login: [ 1049.073342] audit: type=1400 audit(1596440811.656:8): avc:  denied  { execmem } for  pid=6494 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 1049.112024] IPVS: ftp: loaded support on port[0] = 21
[ 1049.194242] chnl_net:caif_netlink_parms(): no params data found
[ 1049.285358] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1049.292712] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1049.301326] device bridge_slave_0 entered promiscuous mode
[ 1049.308859] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1049.316365] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1049.323613] device bridge_slave_1 entered promiscuous mode
[ 1049.343270] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 1049.352726] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 1049.372896] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 1049.380625] team0: Port device team_slave_0 added
[ 1049.386292] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 1049.395094] team0: Port device team_slave_1 added
[ 1049.411466] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1049.418139] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1049.446711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1049.460573] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1049.466930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1049.494342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1049.507349] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 1049.515668] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 1049.571880] device hsr_slave_0 entered promiscuous mode
[ 1049.619755] device hsr_slave_1 entered promiscuous mode
[ 1049.660173] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 1049.668038] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 1049.744091] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1049.751519] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1049.759934] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1049.766698] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1049.803136] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 1049.810098] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1049.818398] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 1049.828423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1049.848815] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1049.856965] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1049.866894] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1049.878379] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 1049.884620] 8021q: adding VLAN 0 to HW filter on device team0
[ 1049.894351] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1049.902193] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1049.909359] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1049.919075] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1049.927715] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1049.935110] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1049.953027] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1049.961344] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1049.972311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1049.985986] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1049.997569] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1050.008861] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 1050.015583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1050.023671] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1050.032032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1050.044711] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[ 1050.056511] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1050.064507] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1050.071746] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1050.087112] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[ 1050.097442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1050.138307] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[ 1050.146279] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[ 1050.154066] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[ 1050.164672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1050.173260] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1050.180943] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1050.190940] device veth0_vlan entered promiscuous mode
[ 1050.201315] device veth1_vlan entered promiscuous mode
[ 1050.215828] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[ 1050.225505] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
[ 1050.234417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1050.243543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1050.253318] device veth0_macvtap entered promiscuous mode
[ 1050.260827] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[ 1050.270077] device veth1_macvtap entered promiscuous mode
[ 1050.276570] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
[ 1050.285935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[ 1050.296490] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[ 1050.306002] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
[ 1050.314006] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1050.321647] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1050.330341] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1050.338196] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1050.347146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1050.358366] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[ 1050.366447] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1050.374077] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1050.382467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1053.621323] Bluetooth: hci0: command 0x0409 tx timeout
2020/08/03 07:46:56 executed programs: 163
[ 1055.698877] Bluetooth: hci0: command 0x041b tx timeout
[ 1057.239501] ==================================================================
[ 1057.247466] BUG: KASAN: use-after-free in hci_chan_del+0x13e/0x180
[ 1057.254731] Read of size 8 at addr ffff8880a9419258 by task syz-executor.0/6495
[ 1057.262481] 
[ 1057.264346] CPU: 1 PID: 6495 Comm: syz-executor.0 Not tainted 4.19.136-syzkaller #0
[ 1057.272341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1057.283203] Call Trace:
[ 1057.286152]  dump_stack+0x1fc/0x2fe
[ 1057.289974]  ? l2cap_conn_del+0x6b0/0x6b0
[ 1057.294225]  print_address_description.cold+0x54/0x219
[ 1057.299563]  kasan_report_error.cold+0x8a/0x1c7
[ 1057.304666]  ? hci_chan_del+0x13e/0x180
[ 1057.308700]  __asan_report_load8_noabort+0x88/0x90
[ 1057.313630]  ? hci_chan_del+0x13e/0x180
[ 1057.318304]  hci_chan_del+0x13e/0x180
[ 1057.322471]  l2cap_conn_del+0x44f/0x6b0
[ 1057.326994]  ? l2cap_conn_del+0x6b0/0x6b0
[ 1057.331148]  l2cap_disconn_cfm+0x85/0xa0
[ 1057.335533]  hci_conn_hash_flush+0x114/0x220
[ 1057.340290]  hci_dev_do_close+0x624/0xe70
[ 1057.344641]  ? hci_dev_open+0x2a0/0x2a0
[ 1057.348702]  ? hci_unregister_dev+0x62/0x7f0
[ 1057.353486]  hci_unregister_dev+0x17c/0x7f0
[ 1057.357863]  ? vhci_close_dev+0x50/0x50
[ 1057.361926]  vhci_release+0x70/0xe0
[ 1057.365832]  __fput+0x2ce/0x890
[ 1057.369172]  task_work_run+0x148/0x1c0
[ 1057.373375]  do_exit+0xbb2/0x2b70
[ 1057.377252]  ? mm_update_next_owner+0x650/0x650
[ 1057.382109]  ? vfs_write+0x393/0x540
[ 1057.386410]  ? ksys_write+0x1c8/0x2a0
[ 1057.390736]  do_group_exit+0x125/0x310
[ 1057.394624]  __x64_sys_exit_group+0x3a/0x50
[ 1057.399124]  do_syscall_64+0xf9/0x620
[ 1057.403159]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1057.408790] RIP: 0033:0x45cc79
[ 1057.412254] Code: Bad RIP value.
[ 1057.415868] RSP: 002b:00007ffd3c78e498 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1057.424325] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045cc79
[ 1057.432148] RDX: 00000000004166d1 RSI: 0000000000ca85f0 RDI: 0000000000000043
[ 1057.440154] RBP: 00000000004c2903 R08: 000000000000000b R09: 0000000000000000
[ 1057.448747] R10: 0000000002661940 R11: 0000000000000246 R12: 0000000000000002
[ 1057.456710] R13: 00007ffd3c78e5e0 R14: 00000000001021df R15: 00007ffd3c78e5f0
[ 1057.464654] 
[ 1057.466402] Allocated by task 7482:
[ 1057.470116]  kmem_cache_alloc_trace+0x12f/0x380
[ 1057.475168]  sock_alloc_inode+0x5f/0x250
[ 1057.479637]  alloc_inode+0x5d/0x180
[ 1057.483412]  new_inode_pseudo+0x14/0xe0
[ 1057.487961]  sock_alloc+0x3c/0x260
[ 1057.491493]  __sock_create+0xba/0x740
[ 1057.495570]  __sys_socket+0xef/0x200
[ 1057.499471]  __x64_sys_socket+0x6f/0xb0
[ 1057.504547]  do_syscall_64+0xf9/0x620
[ 1057.508654]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1057.514135] 
[ 1057.515832] Freed by task 18:
[ 1057.518937]  kfree+0xcc/0x210
[ 1057.522274]  rcu_process_callbacks+0xa0d/0x18b0
[ 1057.527197]  __do_softirq+0x26c/0x9a0
[ 1057.531202] 
[ 1057.532824] The buggy address belongs to the object at ffff8880a9419240
[ 1057.532824]  which belongs to the cache kmalloc-128 of size 128
[ 1057.546894] The buggy address is located 24 bytes inside of
[ 1057.546894]  128-byte region [ffff8880a9419240, ffff8880a94192c0)
[ 1057.559199] The buggy address belongs to the page:
[ 1057.564297] page:ffffea0002a50640 count:1 mapcount:0 mapping:ffff88812c39c640 index:0x0
[ 1057.572833] flags: 0xfffe0000000100(slab)
[ 1057.577492] raw: 00fffe0000000100 ffffea00023d9248 ffffea00023f0208 ffff88812c39c640
[ 1057.586132] raw: 0000000000000000 ffff8880a9419000 0000000100000015 0000000000000000
[ 1057.594161] page dumped because: kasan: bad access detected
[ 1057.600192] 
[ 1057.602194] Memory state around the buggy address:
[ 1057.607121]  ffff8880a9419100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 1057.614657]  ffff8880a9419180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1057.622400] >ffff8880a9419200: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 1057.630201]                                                     ^
[ 1057.636739]  ffff8880a9419280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 1057.645613]  ffff8880a9419300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1057.653317] ==================================================================
[ 1057.661174] Disabling lock debugging due to kernel taint
[ 1057.670736] Kernel panic - not syncing: panic_on_warn set ...
[ 1057.670736] 
[ 1057.678746] CPU: 0 PID: 6495 Comm: syz-executor.0 Tainted: G    B             4.19.136-syzkaller #0
[ 1057.688091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1057.698063] Call Trace:
[ 1057.700665]  dump_stack+0x1fc/0x2fe
[ 1057.704438]  ? l2cap_conn_del+0x6b0/0x6b0
[ 1057.708587]  panic+0x26a/0x50e
[ 1057.712408]  ? __warn_printk+0xf3/0xf3
[ 1057.716611]  ? l2cap_conn_del+0x6b0/0x6b0
[ 1057.720762]  ? preempt_schedule_common+0x45/0xc0
[ 1057.725793]  ? ___preempt_schedule+0x16/0x18
[ 1057.730304]  ? trace_hardirqs_on+0x55/0x210
[ 1057.734816]  ? l2cap_conn_del+0x6b0/0x6b0
[ 1057.739046]  kasan_end_report+0x43/0x49
[ 1057.743055]  kasan_report_error.cold+0xa7/0x1c7
[ 1057.747767]  ? hci_chan_del+0x13e/0x180
[ 1057.751852]  __asan_report_load8_noabort+0x88/0x90
[ 1057.756864]  ? hci_chan_del+0x13e/0x180
[ 1057.760867]  hci_chan_del+0x13e/0x180
[ 1057.764796]  l2cap_conn_del+0x44f/0x6b0
[ 1057.769119]  ? l2cap_conn_del+0x6b0/0x6b0
[ 1057.773342]  l2cap_disconn_cfm+0x85/0xa0
[ 1057.777499]  hci_conn_hash_flush+0x114/0x220
[ 1057.782000]  hci_dev_do_close+0x624/0xe70
[ 1057.786489]  ? hci_dev_open+0x2a0/0x2a0
[ 1057.791364]  ? hci_unregister_dev+0x62/0x7f0
[ 1057.795940]  hci_unregister_dev+0x17c/0x7f0
[ 1057.800373]  ? vhci_close_dev+0x50/0x50
[ 1057.804431]  vhci_release+0x70/0xe0
[ 1057.808225]  __fput+0x2ce/0x890
[ 1057.811501]  task_work_run+0x148/0x1c0
[ 1057.815385]  do_exit+0xbb2/0x2b70
[ 1057.819100]  ? mm_update_next_owner+0x650/0x650
[ 1057.823851]  ? vfs_write+0x393/0x540
[ 1057.827668]  ? ksys_write+0x1c8/0x2a0
[ 1057.831586]  do_group_exit+0x125/0x310
[ 1057.835558]  __x64_sys_exit_group+0x3a/0x50
[ 1057.839973]  do_syscall_64+0xf9/0x620
[ 1057.843926]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1057.849540] RIP: 0033:0x45cc79
[ 1057.853408] Code: Bad RIP value.
[ 1057.857087] RSP: 002b:00007ffd3c78e498 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1057.865338] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045cc79
[ 1057.872929] RDX: 00000000004166d1 RSI: 0000000000ca85f0 RDI: 0000000000000043
[ 1057.880702] RBP: 00000000004c2903 R08: 000000000000000b R09: 0000000000000000
[ 1057.888318] R10: 0000000002661940 R11: 0000000000000246 R12: 0000000000000002
[ 1057.895876] R13: 00007ffd3c78e5e0 R14: 00000000001021df R15: 00007ffd3c78e5f0
[ 1057.905585] Kernel Offset: disabled
[ 1057.909227] Rebooting in 86400 seconds..