Warning: Permanently added '10.128.0.191' (ECDSA) to the list of known hosts.
[  604.526739] IPVS: ftp: loaded support on port[0] = 21
executing program
[  606.570913] Bluetooth: hci0 command 0x0409 tx timeout
[  608.650137] Bluetooth: hci0 command 0x041b tx timeout
executing program
[  610.730076] Bluetooth: hci0 command 0x040f tx timeout
[  612.809747] Bluetooth: hci0 command 0x0419 tx timeout
executing program
[  614.889571] Bluetooth: hci0 command 0x0405 tx timeout
executing program
executing program
executing program
executing program
executing program
executing program
[  644.887686] ==================================================================
[  644.895171] BUG: KASAN: use-after-free in __lock_acquire+0x2c57/0x3f20
[  644.901826] Read of size 8 at addr ffff8880b2ef62e0 by task kworker/1:1/8000
[  644.909116] 
[  644.910732] CPU: 1 PID: 8000 Comm: kworker/1:1 Not tainted 4.14.232-syzkaller #0
[  644.918269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  644.927616] Workqueue: events l2cap_chan_timeout
[  644.932355] Call Trace:
[  644.934931]  dump_stack+0x1b2/0x281
[  644.938674]  print_address_description.cold+0x54/0x1d3
[  644.943936]  kasan_report_error.cold+0x8a/0x191
[  644.948594]  ? __lock_acquire+0x2c57/0x3f20
[  644.952908]  __asan_report_load8_noabort+0x68/0x70
[  644.957820]  ? __lock_acquire+0x2c57/0x3f20
[  644.962126]  __lock_acquire+0x2c57/0x3f20
[  644.966258]  ? lock_acquire+0x170/0x3f0
[  644.970330]  ? lock_downgrade+0x740/0x740
[  644.974464]  ? trace_hardirqs_on+0x10/0x10
[  644.978685]  ? debug_object_assert_init+0x22d/0x2d0
[  644.983823]  ? debug_object_active_state+0x330/0x330
[  644.988996]  ? ret_from_fork+0x24/0x30
[  644.993175]  ? add_lock_to_list.constprop.0+0x17d/0x330
[  644.998613]  ? save_trace+0xd6/0x290
[  645.002409]  lock_acquire+0x170/0x3f0
[  645.006348]  ? lock_sock_nested+0x39/0x100
[  645.010577]  _raw_spin_lock_bh+0x2f/0x40
[  645.014746]  ? lock_sock_nested+0x39/0x100
[  645.018973]  lock_sock_nested+0x39/0x100
[  645.023023]  l2cap_sock_teardown_cb+0x93/0x650
[  645.027616]  l2cap_chan_del+0xaf/0x950
[  645.031618]  l2cap_chan_close+0x103/0x870
[  645.035751]  ? __set_monitor_timer+0x1d0/0x1d0
[  645.040316]  ? lock_acquire+0x170/0x3f0
[  645.044273]  l2cap_chan_timeout+0x143/0x2a0
[  645.048583]  process_one_work+0x793/0x14a0
[  645.052801]  ? work_busy+0x320/0x320
[  645.056497]  ? worker_thread+0x158/0xff0
[  645.060545]  ? _raw_spin_unlock_irq+0x24/0x80
[  645.065029]  worker_thread+0x5cc/0xff0
[  645.068904]  ? rescuer_thread+0xc80/0xc80
[  645.073041]  kthread+0x30d/0x420
[  645.076397]  ? kthread_create_on_node+0xd0/0xd0
[  645.081046]  ret_from_fork+0x24/0x30
[  645.084742] 
[  645.086359] Allocated by task 7997:
[  645.089972]  kasan_kmalloc+0xeb/0x160
[  645.093756]  __kmalloc+0x15a/0x400
[  645.097282]  sk_prot_alloc+0x1ba/0x290
[  645.101152]  sk_alloc+0x36/0xcd0
[  645.104502]  l2cap_sock_alloc.constprop.0+0x31/0x210
[  645.109588]  l2cap_sock_create+0xf0/0x1a0
[  645.113720]  bt_sock_create+0x13b/0x280
[  645.117676]  __sock_create+0x303/0x620
[  645.121548]  SyS_socket+0xd1/0x1b0
[  645.125075]  do_syscall_64+0x1d5/0x640
[  645.128947]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  645.134113] 
[  645.135721] Freed by task 7997:
[  645.139139]  kasan_slab_free+0xc3/0x1a0
[  645.143098]  kfree+0xc9/0x250
[  645.146187]  __sk_destruct+0x5e3/0x760
[  645.150057]  __sk_free+0xd9/0x2d0
[  645.153493]  sk_free+0x2b/0x40
[  645.156671]  l2cap_sock_kill.part.0+0x106/0x130
[  645.161325]  l2cap_sock_release+0x1cd/0x280
[  645.165630]  __sock_release+0xcd/0x2b0
[  645.169501]  sock_close+0x15/0x20
[  645.172938]  __fput+0x25f/0x7a0
[  645.176197]  task_work_run+0x11f/0x190
[  645.180394]  do_exit+0xa44/0x2850
[  645.183834]  do_group_exit+0x100/0x2e0
[  645.187703]  get_signal+0x38d/0x1ca0
[  645.191412]  do_signal+0x7c/0x1550
[  645.194941]  exit_to_usermode_loop+0x160/0x200
[  645.199740]  do_syscall_64+0x4a3/0x640
[  645.203614]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  645.208876] 
[  645.210489] The buggy address belongs to the object at ffff8880b2ef6240
[  645.210489]  which belongs to the cache kmalloc-2048 of size 2048
[  645.223301] The buggy address is located 160 bytes inside of
[  645.223301]  2048-byte region [ffff8880b2ef6240, ffff8880b2ef6a40)
[  645.235330] The buggy address belongs to the page:
[  645.240333] page:ffffea0002cbbd80 count:1 mapcount:0 mapping:ffff8880b2ef6240 index:0x0 compound_mapcount: 0
[  645.250480] flags: 0xfff00000008100(slab|head)
[  645.255047] raw: 00fff00000008100 ffff8880b2ef6240 0000000000000000 0000000100000003
[  645.262912] raw: ffffea0002cdc1a0 ffffea00025581a0 ffff88813fe80c40 0000000000000000
[  645.270772] page dumped because: kasan: bad access detected
[  645.276466] 
[  645.278160] Memory state around the buggy address:
[  645.283072]  ffff8880b2ef6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  645.290497]  ffff8880b2ef6200: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  645.297962] >ffff8880b2ef6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  645.305306]                                                        ^
[  645.311866]  ffff8880b2ef6300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  645.319210]  ffff8880b2ef6380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  645.326784] ==================================================================
[  645.334123] Disabling lock debugging due to kernel taint
[  645.339769] Kernel panic - not syncing: panic_on_warn set ...
[  645.339769] 
[  645.347117] CPU: 1 PID: 8000 Comm: kworker/1:1 Tainted: G    B           4.14.232-syzkaller #0
[  645.355842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  645.365182] Workqueue: events l2cap_chan_timeout
[  645.369919] Call Trace:
[  645.372494]  dump_stack+0x1b2/0x281
[  645.376104]  panic+0x1f9/0x42d
[  645.379311]  ? add_taint.cold+0x16/0x16
[  645.383269]  ? lock_downgrade+0x740/0x740
[  645.387457]  kasan_end_report+0x43/0x49
[  645.391417]  kasan_report_error.cold+0xa7/0x191
[  645.396073]  ? __lock_acquire+0x2c57/0x3f20
[  645.400502]  __asan_report_load8_noabort+0x68/0x70
[  645.405418]  ? __lock_acquire+0x2c57/0x3f20
[  645.409856]  __lock_acquire+0x2c57/0x3f20
[  645.414139]  ? lock_acquire+0x170/0x3f0
[  645.418193]  ? lock_downgrade+0x740/0x740
[  645.422334]  ? trace_hardirqs_on+0x10/0x10
[  645.426639]  ? debug_object_assert_init+0x22d/0x2d0
[  645.431742]  ? debug_object_active_state+0x330/0x330
[  645.436832]  ? ret_from_fork+0x24/0x30
[  645.440790]  ? add_lock_to_list.constprop.0+0x17d/0x330
[  645.446136]  ? save_trace+0xd6/0x290
[  645.449831]  lock_acquire+0x170/0x3f0
[  645.453631]  ? lock_sock_nested+0x39/0x100
[  645.457868]  _raw_spin_lock_bh+0x2f/0x40
[  645.461916]  ? lock_sock_nested+0x39/0x100
[  645.466130]  lock_sock_nested+0x39/0x100
[  645.470314]  l2cap_sock_teardown_cb+0x93/0x650
[  645.475120]  l2cap_chan_del+0xaf/0x950
[  645.478998]  l2cap_chan_close+0x103/0x870
[  645.483146]  ? __set_monitor_timer+0x1d0/0x1d0
[  645.487714]  ? lock_acquire+0x170/0x3f0
[  645.491675]  l2cap_chan_timeout+0x143/0x2a0
[  645.495979]  process_one_work+0x793/0x14a0
[  645.500198]  ? work_busy+0x320/0x320
[  645.503981]  ? worker_thread+0x158/0xff0
[  645.508162]  ? _raw_spin_unlock_irq+0x24/0x80
[  645.512727]  worker_thread+0x5cc/0xff0
[  645.516598]  ? rescuer_thread+0xc80/0xc80
[  645.520727]  kthread+0x30d/0x420
[  645.524085]  ? kthread_create_on_node+0xd0/0xd0
[  645.529112]  ret_from_fork+0x24/0x30
[  645.533265] Kernel Offset: disabled
[  645.536884] Rebooting in 86400 seconds..