[ 397.843166] syz-executor.0 (5773) used greatest stack depth: 24144 bytes left [ 398.542514] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 398.550806] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 398.559207] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 398.567560] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 398.577021] device bridge_slave_1 left promiscuous mode [ 398.586763] bridge0: port 2(bridge_slave_1) entered disabled state [ 398.644296] device bridge_slave_0 left promiscuous mode [ 398.650396] bridge0: port 1(bridge_slave_0) entered disabled state [ 398.696960] device veth1_macvtap left promiscuous mode [ 398.706718] device veth0_macvtap left promiscuous mode [ 398.715034] device veth1_vlan left promiscuous mode [ 398.723455] device veth0_vlan left promiscuous mode [ 398.832814] device hsr_slave_1 left promiscuous mode [ 398.873046] device hsr_slave_0 left promiscuous mode [ 398.927962] team0 (unregistering): Port device team_slave_1 removed [ 398.937638] team0 (unregistering): Port device team_slave_0 removed [ 398.948843] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 398.993299] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 399.057020] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.200' (ECDSA) to the list of known hosts. [ 400.372521] IPVS: ftp: loaded support on port[0] = 21 [ 401.131362] IPVS: ftp: loaded support on port[0] = 21 [ 401.953571] IPVS: ftp: loaded support on port[0] = 21 [ 402.606385] IPVS: ftp: loaded support on port[0] = 21 [ 403.157849] IPVS: ftp: loaded support on port[0] = 21 [ 403.772901] IPVS: ftp: loaded support on port[0] = 21 [ 404.221504] Bluetooth: hci0 command 0x0409 tx timeout [ 405.100260] Bluetooth: hci1 command 0x0409 tx timeout [ 405.739930] Bluetooth: hci2 command 0x0409 tx timeout [ 406.300542] Bluetooth: hci0 command 0x041b tx timeout [ 406.313253] Bluetooth: hci3 command 0x0409 tx timeout [ 406.859840] Bluetooth: hci4 command 0x0409 tx timeout [ 406.963919] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 406.983794] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 407.006873] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 407.029378] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.055237] device bridge_slave_1 left promiscuous mode [ 407.074223] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.131346] device bridge_slave_0 left promiscuous mode [ 407.141490] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.181865] Bluetooth: hci1 command 0x041b tx timeout [ 407.199458] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 407.222047] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 407.248146] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 407.273857] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.297996] device bridge_slave_1 left promiscuous mode [ 407.317667] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.353847] device bridge_slave_0 left promiscuous mode [ 407.359361] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.420845] Bluetooth: hci5 command 0x0409 tx timeout [ 407.428627] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 407.452637] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 407.477320] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 407.505720] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.535730] device bridge_slave_1 left promiscuous mode [ 407.553526] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.611025] device bridge_slave_0 left promiscuous mode [ 407.617929] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.686224] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 407.702427] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 407.725018] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 407.751605] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.778501] device bridge_slave_1 left promiscuous mode [ 407.797306] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.819767] Bluetooth: hci2 command 0x041b tx timeout [ 407.850740] device bridge_slave_0 left promiscuous mode [ 407.858552] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.904696] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 407.919203] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 407.949305] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 407.972460] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.995484] device bridge_slave_1 left promiscuous mode [ 408.012946] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.070721] device bridge_slave_0 left promiscuous mode [ 408.076635] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.152464] device veth1_macvtap left promiscuous mode [ 408.170841] device veth0_macvtap left promiscuous mode [ 408.186864] device veth1_vlan left promiscuous mode [ 408.202118] device veth0_vlan left promiscuous mode [ 408.220066] device veth1_macvtap left promiscuous mode [ 408.237301] device veth0_macvtap left promiscuous mode [ 408.255898] device veth1_vlan left promiscuous mode [ 408.272600] device veth0_vlan left promiscuous mode [ 408.284680] device veth1_macvtap left promiscuous mode [ 408.302485] device veth0_macvtap left promiscuous mode [ 408.321334] device veth1_vlan left promiscuous mode [ 408.331687] device veth0_vlan left promiscuous mode [ 408.344263] device veth1_macvtap left promiscuous mode [ 408.360527] device veth0_macvtap left promiscuous mode [ 408.375604] device veth1_vlan left promiscuous mode [ 408.389140] device veth0_vlan left promiscuous mode [ 408.391030] Bluetooth: hci3 command 0x041b tx timeout [ 408.403133] device veth1_macvtap left promiscuous mode [ 408.413834] Bluetooth: hci0 command 0x040f tx timeout [ 408.419240] device veth0_macvtap left promiscuous mode [ 408.437211] device veth1_vlan left promiscuous mode [ 408.452388] device veth0_vlan left promiscuous mode [ 408.950195] Bluetooth: hci4 command 0x041b tx timeout [ 409.260452] Bluetooth: hci1 command 0x040f tx timeout [ 409.412009] device hsr_slave_1 left promiscuous mode [ 409.467430] device hsr_slave_0 left promiscuous mode [ 409.499622] Bluetooth: hci5 command 0x041b tx timeout [ 409.525401] team0 (unregistering): Port device team_slave_1 removed [ 409.570793] team0 (unregistering): Port device team_slave_0 removed [ 409.604844] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 409.654994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 409.764288] bond0 (unregistering): Released all slaves [ 409.901400] Bluetooth: hci2 command 0x040f tx timeout [ 409.921931] device hsr_slave_1 left promiscuous mode [ 409.962678] device hsr_slave_0 left promiscuous mode [ 410.012759] team0 (unregistering): Port device team_slave_1 removed [ 410.048031] team0 (unregistering): Port device team_slave_0 removed [ 410.070683] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 410.114702] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 410.232393] bond0 (unregistering): Released all slaves [ 410.401980] device hsr_slave_1 left promiscuous mode [ 410.442823] device hsr_slave_0 left promiscuous mode [ 410.459643] Bluetooth: hci0 command 0x0419 tx timeout [ 410.465458] Bluetooth: hci3 command 0x040f tx timeout [ 410.529042] team0 (unregistering): Port device team_slave_1 removed [ 410.571406] team0 (unregistering): Port device team_slave_0 removed [ 410.611176] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 410.687162] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 410.833453] bond0 (unregistering): Released all slaves [ 411.019617] Bluetooth: hci4 command 0x040f tx timeout [ 411.035581] device hsr_slave_1 left promiscuous mode [ 411.093801] device hsr_slave_0 left promiscuous mode [ 411.146719] team0 (unregistering): Port device team_slave_1 removed [ 411.186960] team0 (unregistering): Port device team_slave_0 removed [ 411.217452] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 411.263747] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 411.340767] Bluetooth: hci1 command 0x0419 tx timeout [ 411.365716] bond0 (unregistering): Released all slaves [ 411.523136] device hsr_slave_1 left promiscuous mode [ 411.573142] device hsr_slave_0 left promiscuous mode [ 411.581940] Bluetooth: hci5 command 0x040f tx timeout [ 411.653061] team0 (unregistering): Port device team_slave_1 removed [ 411.683772] team0 (unregistering): Port device team_slave_0 removed [ 411.714219] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 411.773961] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 411.888473] bond0 (unregistering): Released all slaves [ 411.979582] Bluetooth: hci2 command 0x0419 tx timeout [ 412.539451] Bluetooth: hci3 command 0x0419 tx timeout [ 413.099417] Bluetooth: hci4 command 0x0419 tx timeout [ 413.659497] Bluetooth: hci5 command 0x0419 tx timeout [ 425.112066] list_del corruption, ffff8881c5f0b8e8->next is LIST_POISON1 (dead000000000100) [ 425.122991] ------------[ cut here ]------------ [ 425.128192] kernel BUG at lib/list_debug.c:47! [ 425.133523] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 425.140167] Modules linked in: [ 425.143522] CPU: 1 PID: 7242 Comm: kworker/u5:4 Not tainted 4.14.231-syzkaller #0 [ 425.151468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 425.161104] Workqueue: hci2 hci_rx_work [ 425.165196] task: ffff8881d485c4c0 task.stack: ffff8881d49a8000 [ 425.171582] RIP: 0010:__list_del_entry_valid.cold.1+0x26/0x4a [ 425.177992] RSP: 0018:ffff8881d49af7e0 EFLAGS: 00010282 [ 425.183692] RAX: 000000000000004e RBX: ffff8881c5f0b8e8 RCX: 0000000000000000 [ 425.191173] RDX: 000000000000004e RSI: ffffffff86cbeca0 RDI: ffffed103a935ef3 [ 425.198782] RBP: ffff8881d49af7f8 R08: ffff8881d485cdb8 R09: 0000000000000000 [ 425.206659] R10: 0000000000000000 R11: dffffc0000000000 R12: dead000000000200 [ 425.214785] R13: dead000000000100 R14: ffff8881c9237200 R15: ffff8881c9237280 [ 425.222919] FS: 0000000000000000(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000 [ 425.231795] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 425.238033] CR2: 0000000001bf0608 CR3: 0000000007e6a001 CR4: 00000000001606e0 [ 425.245458] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 425.253560] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 425.261070] Call Trace: [ 425.263652] l2cap_chan_put+0x49/0x1a0 [ 425.268298] l2cap_recv_frame+0xeca/0x9e10 [ 425.273209] ? __lock_acquire+0x701/0x42d0 [ 425.277770] ? unwind_next_frame.part.6+0x1a3/0xa40 [ 425.282968] ? l2cap_ertm_init+0xb60/0xb60 [ 425.287192] ? __lock_acquire+0x701/0x42d0 [ 425.291589] ? trace_hardirqs_on+0x10/0x10 [ 425.295891] ? __lock_acquire+0x701/0x42d0 [ 425.300100] ? retint_kernel+0x2d/0x2d [ 425.304409] ? __lock_acquire+0x701/0x42d0 [ 425.308970] ? lock_acquire+0x17e/0x3e0 [ 425.313110] ? hci_rx_work+0x224/0x8e0 [ 425.317068] ? hci_rx_work+0x594/0x8e0 [ 425.321369] ? lock_downgrade+0x7f0/0x7f0 [ 425.325602] ? __mutex_unlock_slowpath+0x7d/0x7e0 [ 425.330509] ? wait_for_completion_io+0x20/0x20 [ 425.335243] l2cap_recv_acldata+0x756/0x8a0 [ 425.339669] hci_rx_work+0x5c9/0x8e0 [ 425.343583] process_one_work+0x74f/0x1620 [ 425.348243] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 425.353413] worker_thread+0xcc/0xee0 [ 425.357454] kthread+0x338/0x400 [ 425.361234] ? process_one_work+0x1620/0x1620 [ 425.366050] ? kthread_create_on_node+0xa0/0xa0 [ 425.370980] ret_from_fork+0x24/0x30 [ 425.374683] Code: 83 f9 ff 0f 0b 4c 89 e2 48 89 de 48 c7 c7 20 22 04 87 e8 f7 82 f9 ff 0f 0b 4c 89 ea 48 89 de 48 c7 c7 c0 21 04 87 e8 e3 82 f9 ff <0f> 0b 48 89 de 48 c7 c7 e0 22 04 87 e8 d2 82 f9 ff 0f 0b 48 89 [ 425.394919] RIP: __list_del_entry_valid.cold.1+0x26/0x4a RSP: ffff8881d49af7e0 [ 425.402765] ---[ end trace a7c62970fc4676ac ]--- [ 425.407684] Kernel panic - not syncing: Fatal exception [ 425.415885] Kernel Offset: disabled [ 425.420067] Rebooting in 86400 seconds..