[ 461.373050] syz-executor.0 (5928) used greatest stack depth: 22928 bytes left [ 461.881433] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 461.888177] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 461.896248] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 461.903914] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 461.912987] device bridge_slave_1 left promiscuous mode [ 461.918980] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.960187] device bridge_slave_0 left promiscuous mode [ 461.966072] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.022333] device veth1_macvtap left promiscuous mode [ 462.027685] device veth0_macvtap left promiscuous mode [ 462.033639] device veth1_vlan left promiscuous mode [ 462.038690] device veth0_vlan left promiscuous mode [ 462.142729] device hsr_slave_1 left promiscuous mode [ 462.192902] device hsr_slave_0 left promiscuous mode [ 462.238026] team0 (unregistering): Port device team_slave_1 removed [ 462.247849] team0 (unregistering): Port device team_slave_0 removed [ 462.258249] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 462.293510] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 462.348347] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.15.228' (ECDSA) to the list of known hosts. [ 463.223598] IPVS: ftp: loaded support on port[0] = 21 [ 464.602224] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 464.609616] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 464.617737] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 464.625502] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 464.634060] device bridge_slave_1 left promiscuous mode [ 464.640252] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.679825] device bridge_slave_0 left promiscuous mode [ 464.685329] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.721389] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 464.728466] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 464.737249] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 464.748139] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 464.757364] device bridge_slave_1 left promiscuous mode [ 464.764037] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.819877] device bridge_slave_0 left promiscuous mode [ 464.825405] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.862818] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 464.870777] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 464.879936] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 464.887170] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 464.897007] device bridge_slave_1 left promiscuous mode [ 464.903089] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.939997] device bridge_slave_0 left promiscuous mode [ 464.945486] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.002334] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 465.009140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 465.017525] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 465.025530] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 465.034088] device bridge_slave_1 left promiscuous mode [ 465.042110] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.072887] device bridge_slave_0 left promiscuous mode [ 465.078403] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.117748] list_del corruption, ffff8881f3cf3788->next is LIST_POISON1 (dead000000000100) [ 465.126958] ------------[ cut here ]------------ [ 465.131714] kernel BUG at lib/list_debug.c:47! [ 465.136409] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 465.141759] CPU: 1 PID: 15239 Comm: kworker/u5:2 Not tainted 4.19.161-syzkaller #0 [ 465.149438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 465.158796] Workqueue: hci0 hci_rx_work [ 465.162834] RIP: 0010:__list_del_entry_valid.cold.1+0x26/0x58 [ 465.168698] Code: 1d fe 0f 0b 4c 89 e2 48 89 de 48 c7 c7 60 88 67 87 e8 76 6d 1d fe 0f 0b 4c 89 ea 48 89 de 48 c7 c7 00 88 67 87 e8 62 6d 1d fe <0f> 0b 48 89 de 48 c7 c7 20 89 67 87 e8 51 6d 1d fe 0f 0b 48 89 de [ 465.187764] RSP: 0018:ffff8881e9f276f8 EFLAGS: 00010282 [ 465.193113] RAX: 000000000000004e RBX: ffff8881f3cf3788 RCX: 0000000000000000 [ 465.200368] RDX: 0000000000000000 RSI: ffffffff87678560 RDI: ffffffff8a19ca60 [ 465.207619] RBP: ffff8881e9f27710 R08: ffffed103ed25081 R09: ffffed103ed25080 [ 465.214863] R10: ffffed103ed25080 R11: ffff8881f6928407 R12: dead000000000200 [ 465.222125] R13: dead000000000100 R14: ffff8881e2d7d940 R15: ffff8881e2d7d9c0 [ 465.229386] FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 [ 465.237585] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 465.244081] CR2: 00000000006e06c0 CR3: 000000000846d003 CR4: 00000000001606e0 [ 465.251354] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 465.259056] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 465.266387] Call Trace: [ 465.269042] l2cap_chan_put+0x49/0x1a0 [ 465.272919] l2cap_recv_frame+0xf29/0xa440 [ 465.277307] ? l2cap_ertm_init+0xa30/0xa30 [ 465.281521] ? update_curr+0x3c6/0x870 [ 465.285387] ? __lock_acquire+0x764/0x47c0 [ 465.289598] ? account_entity_enqueue+0x2fe/0x470 [ 465.294433] ? __lock_acquire+0x764/0x47c0 [ 465.298760] ? mark_held_locks+0x130/0x130 [ 465.302968] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 465.307615] ? __lock_acquire+0x764/0x47c0 [ 465.311853] ? mark_held_locks+0x130/0x130 [ 465.316080] ? __lock_acquire+0x764/0x47c0 [ 465.320313] ? hci_rx_work+0x231/0x8e0 [ 465.324179] ? lock_acquire+0x180/0x3a0 [ 465.328129] ? hci_rx_work+0x231/0x8e0 [ 465.332008] ? mark_held_locks+0x130/0x130 [ 465.336238] ? hci_rx_work+0x5b0/0x8e0 [ 465.340102] ? lock_downgrade+0x860/0x860 [ 465.344238] ? mark_held_locks+0xc7/0x130 [ 465.348383] ? kasan_check_write+0x14/0x20 [ 465.352606] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 465.357511] ? wait_for_completion_io+0x20/0x20 [ 465.362160] l2cap_recv_acldata+0x756/0x8a0 [ 465.366458] hci_rx_work+0x5e1/0x8e0 [ 465.370173] process_one_work+0x7b9/0x15a0 [ 465.374388] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 465.379035] ? lock_acquire+0x180/0x3a0 [ 465.384276] ? kasan_check_write+0x14/0x20 [ 465.388600] ? do_raw_spin_lock+0xd0/0x240 [ 465.392847] worker_thread+0x85/0xb60 [ 465.397142] ? __kthread_parkme+0x37/0x1c0 [ 465.401451] kthread+0x347/0x410 [ 465.404803] ? process_one_work+0x15a0/0x15a0 [ 465.409277] ? kthread_park+0x100/0x100 [ 465.413314] ret_from_fork+0x24/0x30 [ 465.417020] Modules linked in: [ 465.420325] ---[ end trace f211cecc898d6427 ]--- [ 465.426199] RIP: 0010:__list_del_entry_valid.cold.1+0x26/0x58 [ 465.432075] Code: 1d fe 0f 0b 4c 89 e2 48 89 de 48 c7 c7 60 88 67 87 e8 76 6d 1d fe 0f 0b 4c 89 ea 48 89 de 48 c7 c7 00 88 67 87 e8 62 6d 1d fe <0f> 0b 48 89 de 48 c7 c7 20 89 67 87 e8 51 6d 1d fe 0f 0b 48 89 de [ 465.451293] RSP: 0018:ffff8881e9f276f8 EFLAGS: 00010282 [ 465.456736] RAX: 000000000000004e RBX: ffff8881f3cf3788 RCX: 0000000000000000 [ 465.464365] RDX: 0000000000000000 RSI: ffffffff87678560 RDI: ffffffff8a19ca60 [ 465.471625] RBP: ffff8881e9f27710 R08: ffffed103ed25081 R09: ffffed103ed25080 [ 465.479170] R10: ffffed103ed25080 R11: ffff8881f6928407 R12: dead000000000200 [ 465.486677] R13: dead000000000100 R14: ffff8881e2d7d940 R15: ffff8881e2d7d9c0 [ 465.494116] FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 [ 465.502676] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 465.508774] CR2: 00000000006e06c0 CR3: 000000000846d003 CR4: 00000000001606e0 [ 465.516225] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 465.524093] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 465.531615] Kernel panic - not syncing: Fatal exception [ 465.540063] Kernel Offset: disabled [ 465.543718] Rebooting in 86400 seconds..