Warning: Permanently added '10.128.0.183' (ECDSA) to the list of known hosts.
executing program
[  603.484009] IPVS: ftp: loaded support on port[0] = 21
[  605.498368] Bluetooth: hci0 command 0x0409 tx timeout
[  607.577367] Bluetooth: hci0 command 0x041b tx timeout
executing program
[  609.657314] Bluetooth: hci0 command 0x040f tx timeout
[  611.736929] Bluetooth: hci0 command 0x0419 tx timeout
executing program
[  613.816682] Bluetooth: hci0 command 0x0405 tx timeout
executing program
executing program
executing program
executing program
executing program
executing program
[  643.574367] ==================================================================
[  643.582945] BUG: KASAN: use-after-free in __lock_acquire+0x2c57/0x3f20
[  643.589726] Read of size 8 at addr ffff8880b3fc8e20 by task kworker/1:2/3447
[  643.596984] 
[  643.598596] CPU: 1 PID: 3447 Comm: kworker/1:2 Not tainted 4.14.230-syzkaller #0
[  643.608321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  643.618931] Workqueue: events l2cap_chan_timeout
[  643.624050] Call Trace:
[  643.627261]  dump_stack+0x1b2/0x281
[  643.631282]  print_address_description.cold+0x54/0x1d3
[  643.636775]  kasan_report_error.cold+0x8a/0x191
[  643.641780]  ? __lock_acquire+0x2c57/0x3f20
[  643.646585]  __asan_report_load8_noabort+0x68/0x70
[  643.652012]  ? __lock_acquire+0x2c57/0x3f20
[  643.656774]  __lock_acquire+0x2c57/0x3f20
[  643.661239]  ? lock_acquire+0x170/0x3f0
[  643.665516]  ? lock_downgrade+0x740/0x740
[  643.670181]  ? trace_hardirqs_on+0x10/0x10
[  643.674519]  ? debug_object_assert_init+0x22d/0x2d0
[  643.680018]  ? debug_object_active_state+0x330/0x330
[  643.685479]  ? ret_from_fork+0x24/0x30
[  643.690201]  ? add_lock_to_list.constprop.0+0x17d/0x330
[  643.695748]  ? save_trace+0xd6/0x290
[  643.699474]  lock_acquire+0x170/0x3f0
[  643.703421]  ? lock_sock_nested+0x39/0x100
[  643.707884]  _raw_spin_lock_bh+0x2f/0x40
[  643.712692]  ? lock_sock_nested+0x39/0x100
[  643.717153]  lock_sock_nested+0x39/0x100
[  643.721525]  l2cap_sock_teardown_cb+0x93/0x650
[  643.726968]  l2cap_chan_del+0xaf/0x950
[  643.730925]  l2cap_chan_close+0x103/0x870
[  643.735157]  ? __set_monitor_timer+0x1d0/0x1d0
[  643.740469]  ? lock_acquire+0x170/0x3f0
[  643.744735]  l2cap_chan_timeout+0x143/0x2a0
[  643.749230]  process_one_work+0x793/0x14a0
[  643.753721]  ? work_busy+0x320/0x320
[  643.757601]  ? worker_thread+0x158/0xff0
[  643.762355]  ? _raw_spin_unlock_irq+0x24/0x80
[  643.767333]  worker_thread+0x5cc/0xff0
[  643.771913]  ? rescuer_thread+0xc80/0xc80
[  643.776362]  kthread+0x30d/0x420
[  643.779911]  ? kthread_create_on_node+0xd0/0xd0
[  643.785135]  ret_from_fork+0x24/0x30
[  643.789225] 
[  643.791033] Allocated by task 7998:
[  643.795221]  kasan_kmalloc+0xeb/0x160
[  643.799365]  __kmalloc+0x15a/0x400
[  643.803188]  sk_prot_alloc+0x1ba/0x290
[  643.808020]  sk_alloc+0x36/0xcd0
[  643.811599]  l2cap_sock_alloc.constprop.0+0x31/0x210
[  643.817530]  l2cap_sock_create+0xf0/0x1a0
[  643.822728]  bt_sock_create+0x13b/0x280
[  643.827771]  __sock_create+0x303/0x620
[  643.832270]  SyS_socket+0xd1/0x1b0
[  643.836163]  do_syscall_64+0x1d5/0x640
[  643.840429]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  643.846191] 
[  643.847801] Freed by task 7998:
[  643.851156]  kasan_slab_free+0xc3/0x1a0
[  643.855356]  kfree+0xc9/0x250
[  643.858531]  __sk_destruct+0x5e3/0x760
[  643.862483]  __sk_free+0xd9/0x2d0
[  643.866016]  sk_free+0x2b/0x40
[  643.869275]  l2cap_sock_kill.part.0+0x106/0x130
[  643.874124]  l2cap_sock_release+0x1cd/0x280
[  643.878512]  __sock_release+0xcd/0x2b0
[  643.882930]  sock_close+0x15/0x20
[  643.886483]  __fput+0x25f/0x7a0
[  643.889759]  task_work_run+0x11f/0x190
[  643.893858]  do_exit+0xa44/0x2850
[  643.897391]  do_group_exit+0x100/0x2e0
[  643.901561]  get_signal+0x38d/0x1ca0
[  643.905700]  do_signal+0x7c/0x1550
[  643.909467]  exit_to_usermode_loop+0x160/0x200
[  643.914387]  do_syscall_64+0x4a3/0x640
[  643.918432]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  643.923618] 
[  643.925320] The buggy address belongs to the object at ffff8880b3fc8d80
[  643.925320]  which belongs to the cache kmalloc-2048 of size 2048
[  643.939764] The buggy address is located 160 bytes inside of
[  643.939764]  2048-byte region [ffff8880b3fc8d80, ffff8880b3fc9580)
[  643.952667] The buggy address belongs to the page:
[  643.957699] page:ffffea0002cff200 count:1 mapcount:0 mapping:ffff8880b3fc8500 index:0x0 compound_mapcount: 0
[  643.968117] flags: 0xfff00000008100(slab|head)
[  643.973523] raw: 00fff00000008100 ffff8880b3fc8500 0000000000000000 0000000100000003
[  643.982195] raw: ffffea0002ce3020 ffffea00025537a0 ffff88813fe80c40 0000000000000000
[  643.990345] page dumped because: kasan: bad access detected
[  643.996141] 
[  643.997761] Memory state around the buggy address:
[  644.003081]  ffff8880b3fc8d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  644.010725]  ffff8880b3fc8d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  644.018482] >ffff8880b3fc8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  644.026090]                                ^
[  644.030862]  ffff8880b3fc8e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  644.038303]  ffff8880b3fc8f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  644.045928] ==================================================================
[  644.053529] Disabling lock debugging due to kernel taint
[  644.059161] Kernel panic - not syncing: panic_on_warn set ...
[  644.059161] 
[  644.066696] CPU: 1 PID: 3447 Comm: kworker/1:2 Tainted: G    B           4.14.230-syzkaller #0
[  644.076571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  644.087277] Workqueue: events l2cap_chan_timeout
[  644.092051] Call Trace:
[  644.094819]  dump_stack+0x1b2/0x281
[  644.099061]  panic+0x1f9/0x42d
[  644.102342]  ? add_taint.cold+0x16/0x16
[  644.106408]  ? lock_downgrade+0x740/0x740
[  644.110850]  kasan_end_report+0x43/0x49
[  644.114988]  kasan_report_error.cold+0xa7/0x191
[  644.120279]  ? __lock_acquire+0x2c57/0x3f20
[  644.125027]  __asan_report_load8_noabort+0x68/0x70
[  644.130033]  ? __lock_acquire+0x2c57/0x3f20
[  644.135008]  __lock_acquire+0x2c57/0x3f20
[  644.139342]  ? lock_acquire+0x170/0x3f0
[  644.143394]  ? lock_downgrade+0x740/0x740
[  644.147836]  ? trace_hardirqs_on+0x10/0x10
[  644.152159]  ? debug_object_assert_init+0x22d/0x2d0
[  644.157451]  ? debug_object_active_state+0x330/0x330
[  644.162740]  ? ret_from_fork+0x24/0x30
[  644.166829]  ? add_lock_to_list.constprop.0+0x17d/0x330
[  644.172782]  ? save_trace+0xd6/0x290
[  644.176489]  lock_acquire+0x170/0x3f0
[  644.181440]  ? lock_sock_nested+0x39/0x100
[  644.185759]  _raw_spin_lock_bh+0x2f/0x40
[  644.190105]  ? lock_sock_nested+0x39/0x100
[  644.194712]  lock_sock_nested+0x39/0x100
[  644.199073]  l2cap_sock_teardown_cb+0x93/0x650
[  644.203748]  l2cap_chan_del+0xaf/0x950
[  644.207919]  l2cap_chan_close+0x103/0x870
[  644.212059]  ? __set_monitor_timer+0x1d0/0x1d0
[  644.216841]  ? lock_acquire+0x170/0x3f0
[  644.220962]  l2cap_chan_timeout+0x143/0x2a0
[  644.225716]  process_one_work+0x793/0x14a0
[  644.230184]  ? work_busy+0x320/0x320
[  644.234157]  ? worker_thread+0x158/0xff0
[  644.238295]  ? _raw_spin_unlock_irq+0x24/0x80
[  644.243048]  worker_thread+0x5cc/0xff0
[  644.247236]  ? rescuer_thread+0xc80/0xc80
[  644.251473]  kthread+0x30d/0x420
[  644.254982]  ? kthread_create_on_node+0xd0/0xd0
[  644.259673]  ret_from_fork+0x24/0x30
[  644.265171] Kernel Offset: disabled
[  644.268813] Rebooting in 86400 seconds..