Warning: Permanently added '10.128.1.13' (ECDSA) to the list of known hosts. 2021/01/05 07:14:36 parsed 1 programs 2021/01/05 07:14:36 executed programs: 0 [ 414.574896] IPVS: ftp: loaded support on port[0] = 21 [ 414.664490] chnl_net:caif_netlink_parms(): no params data found [ 414.736919] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.743857] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.752411] device bridge_slave_0 entered promiscuous mode [ 414.759453] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.765967] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.773301] device bridge_slave_1 entered promiscuous mode [ 414.789430] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 414.798374] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 414.816530] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 414.823818] team0: Port device team_slave_0 added [ 414.829239] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 414.836630] team0: Port device team_slave_1 added [ 414.851518] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 414.857790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 414.883036] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 414.894456] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 414.900776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 414.926136] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 414.937330] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 414.945017] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 414.963564] device hsr_slave_0 entered promiscuous mode [ 414.969179] device hsr_slave_1 entered promiscuous mode [ 414.975847] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 414.983416] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 415.045323] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.051968] bridge0: port 2(bridge_slave_1) entered forwarding state [ 415.058796] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.065266] bridge0: port 1(bridge_slave_0) entered forwarding state [ 415.095201] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 415.102210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 415.111337] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 415.119492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 415.128660] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.136523] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.146541] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 415.153294] 8021q: adding VLAN 0 to HW filter on device team0 [ 415.161792] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 415.169426] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.175865] bridge0: port 1(bridge_slave_0) entered forwarding state [ 415.191623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 415.199296] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.205761] bridge0: port 2(bridge_slave_1) entered forwarding state [ 415.213062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 415.220976] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 415.234549] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 415.244975] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 415.256081] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 415.262897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 415.270932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 415.278557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 415.286565] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 415.297656] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 415.308988] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 415.316082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 415.324861] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 415.368979] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 415.380745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 415.411664] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 415.418898] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 415.426265] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 415.436055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 415.444042] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 415.452068] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 415.461301] device veth0_vlan entered promiscuous mode [ 415.469675] device veth1_vlan entered promiscuous mode [ 415.476662] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 415.485464] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 415.496198] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 415.505518] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 415.513430] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 415.521153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 415.530722] device veth0_macvtap entered promiscuous mode [ 415.536836] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 415.545264] device veth1_macvtap entered promiscuous mode [ 415.554112] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 415.563343] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 415.573047] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 415.580313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 415.588358] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 415.598342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 415.605597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 415.650066] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 416.600973] Bluetooth: hci0 command 0x0409 tx timeout [ 418.680064] Bluetooth: hci0 command 0x041b tx timeout 2021/01/05 07:14:42 executed programs: 4 [ 420.760526] Bluetooth: hci0 command 0x040f tx timeout [ 422.839822] Bluetooth: hci0 command 0x0419 tx timeout 2021/01/05 07:14:47 executed programs: 10 [ 424.919790] Bluetooth: hci0 command 0x0405 tx timeout 2021/01/05 07:14:52 executed programs: 16 2021/01/05 07:14:57 executed programs: 22 2021/01/05 07:15:02 executed programs: 28 2021/01/05 07:15:07 executed programs: 34 2021/01/05 07:15:12 executed programs: 40 2021/01/05 07:15:17 executed programs: 46 2021/01/05 07:15:23 executed programs: 52 [ 460.600250] ================================================================== [ 460.607651] BUG: KASAN: use-after-free in __lock_acquire+0x2c57/0x3f20 [ 460.614303] Read of size 8 at addr ffff888091bfb6a0 by task kworker/1:2/2675 [ 460.621469] [ 460.623075] CPU: 1 PID: 2675 Comm: kworker/1:2 Not tainted 4.14.213-syzkaller #0 [ 460.630583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 460.639945] Workqueue: events l2cap_chan_timeout [ 460.644793] Call Trace: [ 460.647381] dump_stack+0x1b2/0x283 [ 460.650994] print_address_description.cold+0x54/0x1d3 [ 460.656274] kasan_report_error.cold+0x8a/0x194 [ 460.660935] ? __lock_acquire+0x2c57/0x3f20 [ 460.665250] __asan_report_load8_noabort+0x68/0x70 [ 460.670173] ? __lock_acquire+0x2c57/0x3f20 [ 460.674469] __lock_acquire+0x2c57/0x3f20 [ 460.678592] ? lock_acquire+0x170/0x3f0 [ 460.682542] ? lock_downgrade+0x740/0x740 [ 460.686665] ? trace_hardirqs_on+0x10/0x10 [ 460.690894] ? debug_object_assert_init+0x22d/0x2d0 [ 460.695952] ? debug_object_active_state+0x330/0x330 [ 460.701040] ? ret_from_fork+0x24/0x30 [ 460.704915] ? add_lock_to_list.constprop.0+0x17d/0x330 [ 460.710264] ? save_trace+0xd6/0x290 [ 460.713971] lock_acquire+0x170/0x3f0 [ 460.717754] ? lock_sock_nested+0x39/0x100 [ 460.721978] _raw_spin_lock_bh+0x2f/0x40 [ 460.726028] ? lock_sock_nested+0x39/0x100 [ 460.730238] lock_sock_nested+0x39/0x100 [ 460.734287] l2cap_sock_teardown_cb+0x93/0x650 [ 460.738871] l2cap_chan_del+0xaf/0x950 [ 460.742789] l2cap_chan_close+0x103/0x870 [ 460.746971] ? __set_monitor_timer+0x1d0/0x1d0 [ 460.751546] ? lock_acquire+0x170/0x3f0 [ 460.755514] l2cap_chan_timeout+0x143/0x2a0 [ 460.759815] process_one_work+0x793/0x14a0 [ 460.764031] ? work_busy+0x320/0x320 [ 460.767721] ? worker_thread+0x158/0xff0 [ 460.771759] ? _raw_spin_unlock_irq+0x24/0x80 [ 460.776234] worker_thread+0x5cc/0xff0 [ 460.780146] ? rescuer_thread+0xc80/0xc80 [ 460.784310] kthread+0x30d/0x420 [ 460.787683] ? kthread_create_on_node+0xd0/0xd0 [ 460.792339] ret_from_fork+0x24/0x30 [ 460.796033] [ 460.797648] Allocated by task 8289: [ 460.801254] kasan_kmalloc+0xeb/0x160 [ 460.805033] __kmalloc+0x15a/0x400 [ 460.808547] sk_prot_alloc+0x1ba/0x290 [ 460.812413] sk_alloc+0x36/0xcd0 [ 460.815755] l2cap_sock_alloc.constprop.0+0x31/0x210 [ 460.820868] l2cap_sock_create+0xf0/0x1a0 [ 460.825006] bt_sock_create+0x13b/0x280 [ 460.828959] __sock_create+0x303/0x620 [ 460.832845] SyS_socket+0xd1/0x1b0 [ 460.836368] do_syscall_64+0x1d5/0x640 [ 460.840250] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 460.845427] [ 460.847031] Freed by task 8285: [ 460.850290] kasan_slab_free+0xc3/0x1a0 [ 460.854289] kfree+0xc9/0x250 [ 460.857414] __sk_destruct+0x5e3/0x760 [ 460.861278] __sk_free+0xd9/0x2d0 [ 460.864759] sk_free+0x2b/0x40 [ 460.867926] l2cap_sock_kill.part.0+0x106/0x130 [ 460.872576] l2cap_sock_release+0x1cd/0x280 [ 460.876877] __sock_release+0xcd/0x2b0 [ 460.880766] sock_close+0x15/0x20 [ 460.884198] __fput+0x25f/0x7a0 [ 460.887470] task_work_run+0x11f/0x190 [ 460.891346] get_signal+0x18a3/0x1ca0 [ 460.895146] do_signal+0x7c/0x1550 [ 460.898680] exit_to_usermode_loop+0x160/0x200 [ 460.903260] do_syscall_64+0x4a3/0x640 [ 460.907124] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 460.912285] [ 460.913910] The buggy address belongs to the object at ffff888091bfb600 [ 460.913910] which belongs to the cache kmalloc-2048 of size 2048 [ 460.926822] The buggy address is located 160 bytes inside of [ 460.926822] 2048-byte region [ffff888091bfb600, ffff888091bfbe00) [ 460.938779] The buggy address belongs to the page: [ 460.943701] page:ffffea000246fe80 count:1 mapcount:0 mapping:ffff888091bfa500 index:0x0 compound_mapcount: 0 [ 460.953647] flags: 0xfff00000008100(slab|head) [ 460.958223] raw: 00fff00000008100 ffff888091bfa500 0000000000000000 0000000100000003 [ 460.966099] raw: ffffea00025a63a0 ffffea0002ad5c20 ffff88813fe80c40 0000000000000000 [ 460.973953] page dumped because: kasan: bad access detected [ 460.979687] [ 460.981298] Memory state around the buggy address: [ 460.986204] ffff888091bfb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 460.993541] ffff888091bfb600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 461.000896] >ffff888091bfb680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 461.008236] ^ [ 461.012639] ffff888091bfb700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 461.019977] ffff888091bfb780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 461.027313] ================================================================== [ 461.034665] Disabling lock debugging due to kernel taint [ 461.040091] Kernel panic - not syncing: panic_on_warn set ... [ 461.040091] [ 461.047432] CPU: 1 PID: 2675 Comm: kworker/1:2 Tainted: G B 4.14.213-syzkaller #0 [ 461.056211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 461.065613] Workqueue: events l2cap_chan_timeout [ 461.070349] Call Trace: [ 461.072918] dump_stack+0x1b2/0x283 [ 461.076529] panic+0x1f9/0x42d [ 461.079702] ? add_taint.cold+0x16/0x16 [ 461.083671] ? lock_downgrade+0x740/0x740 [ 461.087810] kasan_end_report+0x43/0x49 [ 461.091769] kasan_report_error.cold+0xa7/0x194 [ 461.096431] ? __lock_acquire+0x2c57/0x3f20 [ 461.100745] __asan_report_load8_noabort+0x68/0x70 [ 461.105655] ? __lock_acquire+0x2c57/0x3f20 [ 461.109953] __lock_acquire+0x2c57/0x3f20 [ 461.114079] ? lock_acquire+0x170/0x3f0 [ 461.118027] ? lock_downgrade+0x740/0x740 [ 461.122151] ? trace_hardirqs_on+0x10/0x10 [ 461.126361] ? debug_object_assert_init+0x22d/0x2d0 [ 461.131376] ? debug_object_active_state+0x330/0x330 [ 461.136462] ? ret_from_fork+0x24/0x30 [ 461.140348] ? add_lock_to_list.constprop.0+0x17d/0x330 [ 461.145689] ? save_trace+0xd6/0x290 [ 461.149379] lock_acquire+0x170/0x3f0 [ 461.153169] ? lock_sock_nested+0x39/0x100 [ 461.157379] _raw_spin_lock_bh+0x2f/0x40 [ 461.161413] ? lock_sock_nested+0x39/0x100 [ 461.165619] lock_sock_nested+0x39/0x100 [ 461.169661] l2cap_sock_teardown_cb+0x93/0x650 [ 461.174242] l2cap_chan_del+0xaf/0x950 [ 461.178118] l2cap_chan_close+0x103/0x870 [ 461.182255] ? __set_monitor_timer+0x1d0/0x1d0 [ 461.186813] ? lock_acquire+0x170/0x3f0 [ 461.190774] l2cap_chan_timeout+0x143/0x2a0 [ 461.195068] process_one_work+0x793/0x14a0 [ 461.199291] ? work_busy+0x320/0x320 [ 461.202980] ? worker_thread+0x158/0xff0 [ 461.207021] ? _raw_spin_unlock_irq+0x24/0x80 [ 461.211525] worker_thread+0x5cc/0xff0 [ 461.215389] ? rescuer_thread+0xc80/0xc80 [ 461.219599] kthread+0x30d/0x420 [ 461.222945] ? kthread_create_on_node+0xd0/0xd0 [ 461.227591] ret_from_fork+0x24/0x30 [ 461.231838] Kernel Offset: disabled [ 461.235458] Rebooting in 86400 seconds..