Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts.
syzkaller login: [   63.928672][ T6828] IPVS: ftp: loaded support on port[0] = 21
executing program
[   64.040061][ T6831] Bluetooth: Wrong link type (-22)
[   64.048272][ T6828] ==================================================================
[   64.056729][ T6828] BUG: KASAN: use-after-free in hci_chan_del+0x14f/0x190
[   64.063766][ T6828] Read of size 8 at addr ffff8880a04d8618 by task syz-executor280/6828
[   64.071982][ T6828] 
[   64.074298][ T6828] CPU: 0 PID: 6828 Comm: syz-executor280 Not tainted 5.8.0-syzkaller #0
[   64.082603][ T6828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.092644][ T6828] Call Trace:
[   64.095922][ T6828]  dump_stack+0x18f/0x20d
[   64.100252][ T6828]  ? hci_chan_del+0x14f/0x190
[   64.104947][ T6828]  ? hci_chan_del+0x14f/0x190
[   64.109637][ T6828]  print_address_description.constprop.0.cold+0xae/0x497
[   64.116668][ T6828]  ? mutex_lock_io_nested+0xf60/0xf60
[   64.122040][ T6828]  ? vprintk_func+0x97/0x1a6
[   64.126633][ T6828]  ? hci_chan_del+0x14f/0x190
[   64.131294][ T6828]  ? hci_chan_del+0x14f/0x190
[   64.135966][ T6828]  kasan_report.cold+0x1f/0x37
[   64.140730][ T6828]  ? hci_chan_del+0x14f/0x190
[   64.145407][ T6828]  hci_chan_del+0x14f/0x190
[   64.149896][ T6828]  l2cap_conn_del+0x61b/0x9e0
[   64.154577][ T6828]  ? l2cap_conn_del+0x9e0/0x9e0
[   64.159413][ T6828]  l2cap_disconn_cfm+0x85/0xa0
[   64.164165][ T6828]  hci_conn_hash_flush+0x114/0x220
[   64.169265][ T6828]  hci_dev_do_close+0x5c6/0x1080
[   64.174194][ T6828]  ? hci_dev_open+0x350/0x350
[   64.178856][ T6828]  ? do_raw_read_unlock+0x70/0x70
[   64.183878][ T6828]  ? try_to_grab_pending.part.0+0x7d0/0x7d0
[   64.189769][ T6828]  hci_unregister_dev+0x1bd/0xe30
[   64.194782][ T6828]  ? fcntl_setlk+0xf60/0xf60
[   64.199371][ T6828]  ? lock_is_held_type+0xbb/0xf0
[   64.204294][ T6828]  vhci_release+0x70/0xe0
[   64.208632][ T6828]  __fput+0x285/0x920
[   64.212597][ T6828]  ? vhci_close_dev+0x50/0x50
[   64.217260][ T6828]  task_work_run+0xdd/0x190
[   64.221750][ T6828]  do_exit+0xb7d/0x29f0
[   64.225893][ T6828]  ? mm_update_next_owner+0x7a0/0x7a0
[   64.231260][ T6828]  ? vmacache_update+0xce/0x140
[   64.236099][ T6828]  ? lock_is_held_type+0xbb/0xf0
[   64.241021][ T6828]  do_group_exit+0x125/0x310
[   64.245598][ T6828]  __ia32_sys_exit_group+0x3a/0x50
[   64.250705][ T6828]  __do_fast_syscall_32+0x57/0x80
[   64.255715][ T6828]  do_fast_syscall_32+0x2f/0x70
[   64.260558][ T6828]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   64.266875][ T6828] RIP: 0023:0xf7efe549
[   64.270930][ T6828] Code: Bad RIP value.
[   64.274990][ T6828] RSP: 002b:00000000ffe9f49c EFLAGS: 00000296 ORIG_RAX: 00000000000000fc
[   64.283402][ T6828] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000080fd318
[   64.291369][ T6828] RDX: 0000000000000000 RSI: 00000000080e33e0 RDI: 00000000080fd320
[   64.299361][ T6828] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   64.307335][ T6828] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   64.315295][ T6828] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   64.323273][ T6828] 
[   64.325584][ T6828] Allocated by task 1544:
[   64.329909][ T6828]  kasan_save_stack+0x1b/0x40
[   64.334585][ T6828]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   64.340214][ T6828]  kmem_cache_alloc_trace+0x16e/0x2c0
[   64.345572][ T6828]  hci_chan_create+0x9b/0x330
[   64.350236][ T6828]  l2cap_conn_add.part.0+0x1e/0xe10
[   64.355434][ T6828]  l2cap_connect_cfm+0x23b/0x1090
[   64.360455][ T6828]  le_conn_complete_evt+0x1153/0x1740
[   64.365828][ T6828]  hci_le_meta_evt+0x745/0x3ff0
[   64.370669][ T6828]  hci_event_packet+0x2e25/0x87a8
[   64.375677][ T6828]  hci_rx_work+0x22e/0xb50
[   64.380087][ T6828]  process_one_work+0x94c/0x1670
[   64.385003][ T6828]  worker_thread+0x64c/0x1120
[   64.389659][ T6828]  kthread+0x3b5/0x4a0
[   64.393709][ T6828]  ret_from_fork+0x1f/0x30
[   64.398097][ T6828] 
[   64.400401][ T6828] Freed by task 6831:
[   64.404365][ T6828]  kasan_save_stack+0x1b/0x40
[   64.409031][ T6828]  kasan_set_track+0x1c/0x30
[   64.413596][ T6828]  kasan_set_free_info+0x1b/0x30
[   64.418523][ T6828]  __kasan_slab_free+0xd8/0x120
[   64.423351][ T6828]  kfree+0x103/0x2c0
[   64.427223][ T6828]  hci_event_packet+0x3e33/0x87a8
[   64.432242][ T6828]  hci_rx_work+0x22e/0xb50
[   64.436665][ T6828]  process_one_work+0x94c/0x1670
[   64.441586][ T6828]  worker_thread+0x64c/0x1120
[   64.446247][ T6828]  kthread+0x3b5/0x4a0
[   64.450398][ T6828]  ret_from_fork+0x1f/0x30
[   64.454787][ T6828] 
[   64.457093][ T6828] The buggy address belongs to the object at ffff8880a04d8600
[   64.457093][ T6828]  which belongs to the cache kmalloc-128 of size 128
[   64.471141][ T6828] The buggy address is located 24 bytes inside of
[   64.471141][ T6828]  128-byte region [ffff8880a04d8600, ffff8880a04d8680)
[   64.484306][ T6828] The buggy address belongs to the page:
[   64.489946][ T6828] page:000000009948ca60 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a04d8200 pfn:0xa04d8
[   64.501408][ T6828] flags: 0xfffe0000000200(slab)
[   64.506259][ T6828] raw: 00fffe0000000200 ffffea0002890308 ffffea000289d9c8 ffff8880aa040400
[   64.514835][ T6828] raw: ffff8880a04d8200 ffff8880a04d8000 000000010000000b 0000000000000000
[   64.523415][ T6828] page dumped because: kasan: bad access detected
[   64.530108][ T6828] 
[   64.532466][ T6828] Memory state around the buggy address:
[   64.538507][ T6828]  ffff8880a04d8500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.546560][ T6828]  ffff8880a04d8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.554668][ T6828] >ffff8880a04d8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.562736][ T6828]                             ^
[   64.567579][ T6828]  ffff8880a04d8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.575640][ T6828]  ffff8880a04d8700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.583686][ T6828] ==================================================================
[   64.591732][ T6828] Disabling lock debugging due to kernel taint
[   64.598920][ T6828] Kernel panic - not syncing: panic_on_warn set ...
[   64.605531][ T6828] CPU: 0 PID: 6828 Comm: syz-executor280 Tainted: G    B             5.8.0-syzkaller #0
[   64.615272][ T6828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.625363][ T6828] Call Trace:
[   64.628659][ T6828]  dump_stack+0x18f/0x20d
[   64.632993][ T6828]  ? hci_chan_del+0x120/0x190
[   64.637684][ T6828]  panic+0x2e3/0x75c
[   64.641561][ T6828]  ? __warn_printk+0xf3/0xf3
[   64.646148][ T6828]  ? preempt_schedule_common+0x59/0xc0
[   64.651608][ T6828]  ? hci_chan_del+0x14f/0x190
[   64.656267][ T6828]  ? preempt_schedule_thunk+0x16/0x18
[   64.661623][ T6828]  ? trace_hardirqs_on+0x55/0x220
[   64.666647][ T6828]  ? hci_chan_del+0x14f/0x190
[   64.671329][ T6828]  ? hci_chan_del+0x14f/0x190
[   64.676015][ T6828]  end_report+0x4d/0x53
[   64.680212][ T6828]  kasan_report.cold+0xd/0x37
[   64.684895][ T6828]  ? hci_chan_del+0x14f/0x190
[   64.689574][ T6828]  hci_chan_del+0x14f/0x190
[   64.694063][ T6828]  l2cap_conn_del+0x61b/0x9e0
[   64.698727][ T6828]  ? l2cap_conn_del+0x9e0/0x9e0
[   64.703579][ T6828]  l2cap_disconn_cfm+0x85/0xa0
[   64.708465][ T6828]  hci_conn_hash_flush+0x114/0x220
[   64.713596][ T6828]  hci_dev_do_close+0x5c6/0x1080
[   64.718532][ T6828]  ? hci_dev_open+0x350/0x350
[   64.723188][ T6828]  ? do_raw_read_unlock+0x70/0x70
[   64.728226][ T6828]  ? try_to_grab_pending.part.0+0x7d0/0x7d0
[   64.734124][ T6828]  hci_unregister_dev+0x1bd/0xe30
[   64.739135][ T6828]  ? fcntl_setlk+0xf60/0xf60
[   64.743708][ T6828]  ? lock_is_held_type+0xbb/0xf0
[   64.748626][ T6828]  vhci_release+0x70/0xe0
[   64.752935][ T6828]  __fput+0x285/0x920
[   64.756906][ T6828]  ? vhci_close_dev+0x50/0x50
[   64.761573][ T6828]  task_work_run+0xdd/0x190
[   64.766064][ T6828]  do_exit+0xb7d/0x29f0
[   64.770197][ T6828]  ? mm_update_next_owner+0x7a0/0x7a0
[   64.775552][ T6828]  ? vmacache_update+0xce/0x140
[   64.780400][ T6828]  ? lock_is_held_type+0xbb/0xf0
[   64.785335][ T6828]  do_group_exit+0x125/0x310
[   64.789922][ T6828]  __ia32_sys_exit_group+0x3a/0x50
[   64.795017][ T6828]  __do_fast_syscall_32+0x57/0x80
[   64.800024][ T6828]  do_fast_syscall_32+0x2f/0x70
[   64.804859][ T6828]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   64.811179][ T6828] RIP: 0023:0xf7efe549
[   64.815217][ T6828] Code: Bad RIP value.
[   64.819269][ T6828] RSP: 002b:00000000ffe9f49c EFLAGS: 00000296 ORIG_RAX: 00000000000000fc
[   64.827672][ T6828] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000080fd318
[   64.835629][ T6828] RDX: 0000000000000000 RSI: 00000000080e33e0 RDI: 00000000080fd320
[   64.843582][ T6828] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   64.851552][ T6828] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   64.859509][ T6828] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   64.868582][ T6828] Kernel Offset: disabled
[   64.872929][ T6828] Rebooting in 86400 seconds..