[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts.
2020/08/13 07:35:49 parsed 1 programs
2020/08/13 07:35:50 executed programs: 0
syzkaller login: [ 1049.601732][ T6851] IPVS: ftp: loaded support on port[0] = 21
[ 1049.731545][ T6851] chnl_net:caif_netlink_parms(): no params data found
[ 1049.778003][ T6851] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1049.786019][ T6851] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1049.795433][ T6851] device bridge_slave_0 entered promiscuous mode
[ 1049.804560][ T6851] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1049.811659][ T6851] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1049.820197][ T6851] device bridge_slave_1 entered promiscuous mode
[ 1049.838558][ T6851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1049.849122][ T6851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1049.869324][ T6851] team0: Port device team_slave_0 added
[ 1049.876750][ T6851] team0: Port device team_slave_1 added
[ 1049.893070][ T6851] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1049.899997][ T6851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1049.926315][ T6851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1049.939010][ T6851] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1049.946387][ T6851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1049.972588][ T6851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1049.997020][ T6851] device hsr_slave_0 entered promiscuous mode
[ 1050.003906][ T6851] device hsr_slave_1 entered promiscuous mode
[ 1050.085290][ T6851] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1050.095875][ T6851] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1050.106703][ T6851] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1050.116260][ T6851] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1050.137576][ T6851] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1050.144791][ T6851] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1050.152428][ T6851] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1050.159536][ T6851] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1050.205792][ T6851] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1050.218888][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1050.228840][ T3918] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1050.238174][ T3918] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1050.246221][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1050.259665][ T6851] 8021q: adding VLAN 0 to HW filter on device team0
[ 1050.269898][ T6821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1050.278986][ T6821] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1050.286096][ T6821] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1050.303664][ T6821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1050.311996][ T6821] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1050.319105][ T6821] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1050.336510][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1050.344989][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1050.353436][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1050.361611][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1050.375929][ T6851] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1050.387221][ T6851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1050.396705][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1050.413149][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1050.420544][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1050.433968][ T6851] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1050.450336][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1050.469586][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1050.477999][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1050.486445][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1050.496874][ T6851] device veth0_vlan entered promiscuous mode
[ 1050.508546][ T6851] device veth1_vlan entered promiscuous mode
[ 1050.527031][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1050.535548][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1050.543995][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1050.554597][ T6851] device veth0_macvtap entered promiscuous mode
[ 1050.563773][ T6851] device veth1_macvtap entered promiscuous mode
[ 1050.579638][ T6851] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1050.587335][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1050.597457][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1050.608707][ T6851] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1050.616812][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1050.627947][ T6851] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1050.638124][ T6851] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1050.646903][ T6851] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1050.656090][ T6851] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1051.623133][ T2584] Bluetooth: hci0: command 0x0409 tx timeout
[ 1053.702744][ T3918] Bluetooth: hci0: command 0x041b tx timeout
2020/08/13 07:35:55 executed programs: 4
[ 1055.782315][ T2584] Bluetooth: hci0: command 0x040f tx timeout
[ 1057.861875][ T7071] Bluetooth: hci0: command 0x0419 tx timeout
2020/08/13 07:36:01 executed programs: 11
[ 1059.873779][    T0] NOHZ: local_softirq_pending 08
[ 1059.951630][ T3918] Bluetooth: hci0: command 0x0405 tx timeout
2020/08/13 07:36:06 executed programs: 18
2020/08/13 07:36:12 executed programs: 25
2020/08/13 07:36:18 executed programs: 32
[ 1080.340876][    T0] NOHZ: local_softirq_pending 08
2020/08/13 07:36:24 executed programs: 39
2020/08/13 07:36:29 executed programs: 46
2020/08/13 07:36:35 executed programs: 53
2020/08/13 07:36:41 executed programs: 60
2020/08/13 07:36:46 executed programs: 67
2020/08/13 07:36:52 executed programs: 74
[ 1111.697115][ T6821] INFO: trying to register non-static key.
[ 1111.702942][ T6821] the code is fine but needs lockdep annotation.
[ 1111.709280][ T6821] turning off the locking correctness validator.
[ 1111.715624][ T6821] CPU: 0 PID: 6821 Comm: kworker/0:0 Not tainted 5.8.0-syzkaller #0
[ 1111.723622][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1111.733791][ T6821] Workqueue: events l2cap_chan_timeout
[ 1111.739220][ T6821] Call Trace:
[ 1111.742558][ T6821]  dump_stack+0x1f0/0x31e
[ 1111.746907][ T6821]  register_lock_class+0xf06/0x1520
[ 1111.752079][ T6821]  __lock_acquire+0xfa/0x2ab0
[ 1111.756731][ T6821]  ? lock_acquire+0x160/0x730
[ 1111.761451][ T6821]  ? debug_object_assert_init+0x6a/0x250
[ 1111.767059][ T6821]  ? trace_lock_release+0x137/0x1a0
[ 1111.772228][ T6821]  lock_acquire+0x160/0x730
[ 1111.776760][ T6821]  ? lock_sock_nested+0x43/0x110
[ 1111.781667][ T6821]  ? lock_sock_nested+0x43/0x110
[ 1111.786641][ T6821]  _raw_spin_lock_bh+0x31/0x40
[ 1111.791377][ T6821]  ? lock_sock_nested+0x43/0x110
[ 1111.796290][ T6821]  lock_sock_nested+0x43/0x110
[ 1111.801034][ T6821]  l2cap_sock_teardown_cb+0x72/0x3e0
[ 1111.806290][ T6821]  l2cap_chan_del+0xa3/0x760
[ 1111.810849][ T6821]  ? l2cap_chan_timeout+0x86/0x1e0
[ 1111.815932][ T6821]  l2cap_chan_close+0x7bf/0xae0
[ 1111.820757][ T6821]  l2cap_chan_timeout+0x125/0x1e0
[ 1111.825818][ T6821]  process_one_work+0x789/0xfc0
[ 1111.830647][ T6821]  worker_thread+0xaa4/0x1460
[ 1111.835296][ T6821]  ? _raw_spin_unlock_irqrestore+0x6f/0xd0
[ 1111.841118][ T6821]  kthread+0x37e/0x3a0
[ 1111.845159][ T6821]  ? rcu_lock_release+0x20/0x20
[ 1111.849980][ T6821]  ? kthread_blkcg+0xd0/0xd0
[ 1111.854621][ T6821]  ret_from_fork+0x1f/0x30
[ 1111.926320][ T6821] ==================================================================
[ 1111.934412][ T6821] BUG: KASAN: use-after-free in __pv_queued_spin_lock_slowpath+0x19d/0xc00
[ 1111.942971][ T6821] Read of size 4 at addr ffff88809b2b9088 by task kworker/0:0/6821
[ 1111.950829][ T6821] 
[ 1111.953137][ T6821] CPU: 0 PID: 6821 Comm: kworker/0:0 Not tainted 5.8.0-syzkaller #0
[ 1111.961167][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1111.971350][ T6821] Workqueue: events l2cap_chan_timeout
[ 1111.976780][ T6821] Call Trace:
[ 1111.980045][ T6821]  dump_stack+0x1f0/0x31e
[ 1111.984417][ T6821]  print_address_description+0x66/0x620
[ 1111.989969][ T6821]  ? vprintk_emit+0x342/0x3c0
[ 1111.994620][ T6821]  ? printk+0x62/0x83
[ 1111.998644][ T6821]  ? vprintk_emit+0x339/0x3c0
[ 1112.003292][ T6821]  kasan_report+0x132/0x1d0
[ 1112.007769][ T6821]  ? __pv_queued_spin_lock_slowpath+0x19d/0xc00
[ 1112.013980][ T6821]  check_memory_region+0x2b5/0x2f0
[ 1112.019119][ T6821]  __pv_queued_spin_lock_slowpath+0x19d/0xc00
[ 1112.025197][ T6821]  do_raw_spin_lock+0x5bf/0x800
[ 1112.030042][ T6821]  ? lock_sock_nested+0x43/0x110
[ 1112.034950][ T6821]  lock_sock_nested+0x43/0x110
[ 1112.039687][ T6821]  l2cap_sock_teardown_cb+0x72/0x3e0
[ 1112.044976][ T6821]  l2cap_chan_del+0xa3/0x760
[ 1112.049536][ T6821]  ? l2cap_chan_timeout+0x86/0x1e0
[ 1112.054617][ T6821]  l2cap_chan_close+0x7bf/0xae0
[ 1112.059441][ T6821]  l2cap_chan_timeout+0x125/0x1e0
[ 1112.064434][ T6821]  process_one_work+0x789/0xfc0
[ 1112.069259][ T6821]  worker_thread+0xaa4/0x1460
[ 1112.073910][ T6821]  ? _raw_spin_unlock_irqrestore+0x6f/0xd0
[ 1112.079698][ T6821]  kthread+0x37e/0x3a0
[ 1112.083854][ T6821]  ? rcu_lock_release+0x20/0x20
[ 1112.088675][ T6821]  ? kthread_blkcg+0xd0/0xd0
[ 1112.093233][ T6821]  ret_from_fork+0x1f/0x30
[ 1112.097633][ T6821] 
[ 1112.099934][ T6821] Allocated by task 7587:
[ 1112.104329][ T6821]  __kasan_kmalloc+0x100/0x130
[ 1112.109069][ T6821]  kmem_cache_alloc_trace+0x1f6/0x2f0
[ 1112.114460][ T6821]  l2cap_chan_create+0x4c/0x320
[ 1112.119281][ T6821]  l2cap_sock_alloc+0x136/0x1d0
[ 1112.124099][ T6821]  l2cap_sock_create+0x11f/0x550
[ 1112.129076][ T6821]  bt_sock_create+0x15b/0x220
[ 1112.133768][ T6821]  __sock_create+0x5b3/0x8c0
[ 1112.138389][ T6821]  __sys_socket+0xde/0x2d0
[ 1112.142779][ T6821]  __x64_sys_socket+0x76/0x80
[ 1112.147526][ T6821]  do_syscall_64+0x31/0x70
[ 1112.151924][ T6821]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1112.157786][ T6821] 
[ 1112.160089][ T6821] Freed by task 7587:
[ 1112.164050][ T6821]  kasan_set_track+0x3d/0x70
[ 1112.168697][ T6821]  kasan_set_free_info+0x17/0x30
[ 1112.173605][ T6821]  __kasan_slab_free+0xdd/0x110
[ 1112.178427][ T6821]  kfree+0x10a/0x220
[ 1112.182302][ T6821]  l2cap_sock_release+0x154/0x190
[ 1112.189120][ T6821]  sock_close+0xd8/0x260
[ 1112.193846][ T6821]  __fput+0x34f/0x7b0
[ 1112.197802][ T6821]  task_work_run+0x137/0x1c0
[ 1112.202401][ T6821]  get_signal+0x15ab/0x1d30
[ 1112.207065][ T6821]  arch_do_signal+0x33/0x610
[ 1112.211665][ T6821]  exit_to_user_mode_prepare+0x8d/0x1c0
[ 1112.217189][ T6821]  syscall_exit_to_user_mode+0x5e/0x1a0
[ 1112.222709][ T6821]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1112.228567][ T6821] 
[ 1112.230869][ T6821] The buggy address belongs to the object at ffff88809b2b9000
[ 1112.230869][ T6821]  which belongs to the cache kmalloc-2k of size 2048
[ 1112.244889][ T6821] The buggy address is located 136 bytes inside of
[ 1112.244889][ T6821]  2048-byte region [ffff88809b2b9000, ffff88809b2b9800)
[ 1112.258214][ T6821] The buggy address belongs to the page:
[ 1112.263824][ T6821] page:000000009376a887 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9b2b9
[ 1112.274374][ T6821] flags: 0xfffe0000000200(slab)
[ 1112.279201][ T6821] raw: 00fffe0000000200 ffffea000269d408 ffffea00027df348 ffff8880aa440800
[ 1112.287755][ T6821] raw: 0000000000000000 ffff88809b2b9000 0000000100000001 0000000000000000
[ 1112.296310][ T6821] page dumped because: kasan: bad access detected
[ 1112.302702][ T6821] 
[ 1112.305006][ T6821] Memory state around the buggy address:
[ 1112.310653][ T6821]  ffff88809b2b8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1112.318684][ T6821]  ffff88809b2b9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1112.330631][ T6821] >ffff88809b2b9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1112.338798][ T6821]                       ^
[ 1112.343115][ T6821]  ffff88809b2b9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1112.351189][ T6821]  ffff88809b2b9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1112.359221][ T6821] ==================================================================
[ 1112.367312][ T6821] Kernel panic - not syncing: panic_on_warn set ...
[ 1112.373896][ T6821] CPU: 0 PID: 6821 Comm: kworker/0:0 Tainted: G    B             5.8.0-syzkaller #0
[ 1112.383258][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1112.393309][ T6821] Workqueue: events l2cap_chan_timeout
[ 1112.398801][ T6821] Call Trace:
[ 1112.402074][ T6821]  dump_stack+0x1f0/0x31e
[ 1112.406457][ T6821]  panic+0x264/0x7a0
[ 1112.410368][ T6821]  ? trace_hardirqs_on+0x30/0x80
[ 1112.415284][ T6821]  ? _raw_spin_unlock_irqrestore+0xa5/0xd0
[ 1112.421065][ T6821]  kasan_report+0x1c9/0x1d0
[ 1112.425540][ T6821]  ? __pv_queued_spin_lock_slowpath+0x19d/0xc00
[ 1112.431752][ T6821]  check_memory_region+0x2b5/0x2f0
[ 1112.436836][ T6821]  __pv_queued_spin_lock_slowpath+0x19d/0xc00
[ 1112.442888][ T6821]  do_raw_spin_lock+0x5bf/0x800
[ 1112.448758][ T6821]  ? lock_sock_nested+0x43/0x110
[ 1112.453721][ T6821]  lock_sock_nested+0x43/0x110
[ 1112.458467][ T6821]  l2cap_sock_teardown_cb+0x72/0x3e0
[ 1112.463772][ T6821]  l2cap_chan_del+0xa3/0x760
[ 1112.468334][ T6821]  ? l2cap_chan_timeout+0x86/0x1e0
[ 1112.473419][ T6821]  l2cap_chan_close+0x7bf/0xae0
[ 1112.478254][ T6821]  l2cap_chan_timeout+0x125/0x1e0
[ 1112.483262][ T6821]  process_one_work+0x789/0xfc0
[ 1112.488089][ T6821]  worker_thread+0xaa4/0x1460
[ 1112.492741][ T6821]  ? _raw_spin_unlock_irqrestore+0x6f/0xd0
[ 1112.498523][ T6821]  kthread+0x37e/0x3a0
[ 1112.502562][ T6821]  ? rcu_lock_release+0x20/0x20
[ 1112.507471][ T6821]  ? kthread_blkcg+0xd0/0xd0
[ 1112.512030][ T6821]  ret_from_fork+0x1f/0x30
[ 1112.517823][ T6821] Kernel Offset: disabled
[ 1112.522153][ T6821] Rebooting in 86400 seconds..