Warning: Permanently added '10.128.0.144' (ECDSA) to the list of known hosts.
syzkaller login: [   63.934967][ T6845] IPVS: ftp: loaded support on port[0] = 21
executing program
[   65.057470][ T6870] ==================================================================
[   65.065936][ T6870] BUG: KASAN: use-after-free in hci_chan_del+0x14f/0x190
[   65.072965][ T6870] Read of size 8 at addr ffff8880a2cf8c18 by task syz-executor553/6870
[   65.081194][ T6870] 
[   65.083552][ T6870] CPU: 0 PID: 6870 Comm: syz-executor553 Not tainted 5.8.0-syzkaller #0
[   65.091891][ T6870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.101945][ T6870] Call Trace:
[   65.105255][ T6870]  dump_stack+0x18f/0x20d
[   65.109590][ T6870]  ? hci_chan_del+0x14f/0x190
[   65.114276][ T6870]  ? hci_chan_del+0x14f/0x190
[   65.118959][ T6870]  print_address_description.constprop.0.cold+0xae/0x497
[   65.125987][ T6870]  ? mutex_lock_io_nested+0xf60/0xf60
[   65.131366][ T6870]  ? vprintk_func+0x97/0x1a6
[   65.135966][ T6870]  ? hci_chan_del+0x14f/0x190
[   65.140648][ T6870]  ? hci_chan_del+0x14f/0x190
[   65.145328][ T6870]  kasan_report.cold+0x1f/0x37
[   65.150098][ T6870]  ? hci_chan_del+0x14f/0x190
[   65.154779][ T6870]  hci_chan_del+0x14f/0x190
[   65.159290][ T6870]  l2cap_conn_del+0x61b/0x9e0
[   65.163981][ T6870]  ? l2cap_conn_del+0x9e0/0x9e0
[   65.168839][ T6870]  l2cap_disconn_cfm+0x85/0xa0
[   65.173608][ T6870]  hci_conn_hash_flush+0x114/0x220
[   65.178729][ T6870]  hci_dev_do_close+0x5c6/0x1080
[   65.183675][ T6870]  ? hci_dev_open+0x350/0x350
[   65.188353][ T6870]  ? do_raw_read_unlock+0x70/0x70
[   65.193387][ T6870]  ? try_to_grab_pending.part.0+0x7d0/0x7d0
[   65.199298][ T6870]  hci_unregister_dev+0x1bd/0xe30
[   65.204329][ T6870]  ? fcntl_setlk+0xf60/0xf60
[   65.208922][ T6870]  ? lock_is_held_type+0xbb/0xf0
[   65.213867][ T6870]  vhci_release+0x70/0xe0
[   65.218197][ T6870]  __fput+0x285/0x920
[   65.222184][ T6870]  ? vhci_close_dev+0x50/0x50
[   65.226861][ T6870]  task_work_run+0xdd/0x190
[   65.231344][ T6870]  do_exit+0xb7d/0x29f0
[   65.235479][ T6870]  ? swapin_walk_pmd_entry+0x7b0/0x7b0
[   65.240915][ T6870]  ? __fget_light+0xea/0x280
[   65.245482][ T6870]  ? mm_update_next_owner+0x7a0/0x7a0
[   65.250830][ T6870]  ? lock_is_held_type+0xbb/0xf0
[   65.255743][ T6870]  ? syscall_enter_from_user_mode+0x20/0x290
[   65.261699][ T6870]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[   65.267658][ T6870]  ? trace_hardirqs_on+0x5f/0x220
[   65.272671][ T6870]  __x64_sys_exit+0x3e/0x50
[   65.277154][ T6870]  do_syscall_64+0x2d/0x70
[   65.281548][ T6870]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   65.287416][ T6870] RIP: 0033:0x402aee
[   65.291279][ T6870] Code: Bad RIP value.
[   65.295326][ T6870] RSP: 002b:00007efd3e289de0 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[   65.303797][ T6870] RAX: ffffffffffffffda RBX: 00007efd3e28a700 RCX: 0000000000402aee
[   65.311752][ T6870] RDX: 000000000000003c RSI: 00000000007fb000 RDI: 0000000000000000
[   65.319707][ T6870] RBP: 0000000000000000 R08: 00000000000000f1 R09: 00007efd3e28a700
[   65.327653][ T6870] R10: 00007efd3e28a9d0 R11: 0000000000000246 R12: 0000000000000000
[   65.335621][ T6870] R13: 00007fff6b7cd24f R14: 00007efd3e28a9c0 R15: 0000000000000001
[   65.343600][ T6870] 
[   65.345917][ T6870] Allocated by task 6869:
[   65.350224][ T6870]  kasan_save_stack+0x1b/0x40
[   65.354876][ T6870]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   65.360489][ T6870]  kmem_cache_alloc_trace+0x16e/0x2c0
[   65.365837][ T6870]  hci_chan_create+0x9b/0x330
[   65.370488][ T6870]  l2cap_conn_add.part.0+0x1e/0xe10
[   65.375660][ T6870]  l2cap_connect_cfm+0x23b/0x1090
[   65.380661][ T6870]  le_conn_complete_evt+0x1153/0x1740
[   65.386031][ T6870]  hci_le_meta_evt+0x745/0x3ff0
[   65.390871][ T6870]  hci_event_packet+0x2e25/0x87a8
[   65.396481][ T6870]  hci_rx_work+0x22e/0xb50
[   65.400885][ T6870]  process_one_work+0x94c/0x1670
[   65.405815][ T6870]  worker_thread+0x64c/0x1120
[   65.410466][ T6870]  kthread+0x3b5/0x4a0
[   65.414532][ T6870]  ret_from_fork+0x1f/0x30
[   65.418916][ T6870] 
[   65.421219][ T6870] Freed by task 6869:
[   65.425192][ T6870]  kasan_save_stack+0x1b/0x40
[   65.429842][ T6870]  kasan_set_track+0x1c/0x30
[   65.434406][ T6870]  kasan_set_free_info+0x1b/0x30
[   65.439317][ T6870]  __kasan_slab_free+0xd8/0x120
[   65.444144][ T6870]  kfree+0x103/0x2c0
[   65.448027][ T6870]  hci_event_packet+0x3e33/0x87a8
[   65.453027][ T6870]  hci_rx_work+0x22e/0xb50
[   65.457437][ T6870]  process_one_work+0x94c/0x1670
[   65.462350][ T6870]  worker_thread+0x64c/0x1120
[   65.467006][ T6870]  kthread+0x3b5/0x4a0
[   65.471056][ T6870]  ret_from_fork+0x1f/0x30
[   65.475441][ T6870] 
[   65.477748][ T6870] The buggy address belongs to the object at ffff8880a2cf8c00
[   65.477748][ T6870]  which belongs to the cache kmalloc-128 of size 128
[   65.491786][ T6870] The buggy address is located 24 bytes inside of
[   65.491786][ T6870]  128-byte region [ffff8880a2cf8c00, ffff8880a2cf8c80)
[   65.504950][ T6870] The buggy address belongs to the page:
[   65.510596][ T6870] page:0000000058783117 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a2cf8f00 pfn:0xa2cf8
[   65.522045][ T6870] flags: 0xfffe0000000200(slab)
[   65.526884][ T6870] raw: 00fffe0000000200 ffffea00025cc508 ffffea00024aa548 ffff8880aa040400
[   65.535459][ T6870] raw: ffff8880a2cf8f00 ffff8880a2cf8000 0000000100000005 0000000000000000
[   65.544029][ T6870] page dumped because: kasan: bad access detected
[   65.550436][ T6870] 
[   65.552755][ T6870] Memory state around the buggy address:
[   65.558368][ T6870]  ffff8880a2cf8b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.566414][ T6870]  ffff8880a2cf8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.574460][ T6870] >ffff8880a2cf8c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.582506][ T6870]                             ^
[   65.587344][ T6870]  ffff8880a2cf8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.595392][ T6870]  ffff8880a2cf8d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.603433][ T6870] ==================================================================
[   65.611475][ T6870] Disabling lock debugging due to kernel taint
[   65.618457][ T6870] Kernel panic - not syncing: panic_on_warn set ...
[   65.625057][ T6870] CPU: 0 PID: 6870 Comm: syz-executor553 Tainted: G    B             5.8.0-syzkaller #0
[   65.634763][ T6870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.644831][ T6870] Call Trace:
[   65.648126][ T6870]  dump_stack+0x18f/0x20d
[   65.652472][ T6870]  ? hci_chan_del+0xf0/0x190
[   65.657066][ T6870]  panic+0x2e3/0x75c
[   65.660948][ T6870]  ? __warn_printk+0xf3/0xf3
[   65.665530][ T6870]  ? preempt_schedule_common+0x59/0xc0
[   65.671830][ T6870]  ? hci_chan_del+0x14f/0x190
[   65.676485][ T6870]  ? preempt_schedule_thunk+0x16/0x18
[   65.681831][ T6870]  ? trace_hardirqs_on+0x55/0x220
[   65.686833][ T6870]  ? hci_chan_del+0x14f/0x190
[   65.691482][ T6870]  ? hci_chan_del+0x14f/0x190
[   65.696131][ T6870]  end_report+0x4d/0x53
[   65.700273][ T6870]  kasan_report.cold+0xd/0x37
[   65.704926][ T6870]  ? hci_chan_del+0x14f/0x190
[   65.709591][ T6870]  hci_chan_del+0x14f/0x190
[   65.714087][ T6870]  l2cap_conn_del+0x61b/0x9e0
[   65.718741][ T6870]  ? l2cap_conn_del+0x9e0/0x9e0
[   65.723570][ T6870]  l2cap_disconn_cfm+0x85/0xa0
[   65.728409][ T6870]  hci_conn_hash_flush+0x114/0x220
[   65.733503][ T6870]  hci_dev_do_close+0x5c6/0x1080
[   65.738430][ T6870]  ? hci_dev_open+0x350/0x350
[   65.743101][ T6870]  ? do_raw_read_unlock+0x70/0x70
[   65.748102][ T6870]  ? try_to_grab_pending.part.0+0x7d0/0x7d0
[   65.753971][ T6870]  hci_unregister_dev+0x1bd/0xe30
[   65.758969][ T6870]  ? fcntl_setlk+0xf60/0xf60
[   65.763542][ T6870]  ? lock_is_held_type+0xbb/0xf0
[   65.768462][ T6870]  vhci_release+0x70/0xe0
[   65.772808][ T6870]  __fput+0x285/0x920
[   65.776771][ T6870]  ? vhci_close_dev+0x50/0x50
[   65.781425][ T6870]  task_work_run+0xdd/0x190
[   65.785908][ T6870]  do_exit+0xb7d/0x29f0
[   65.790042][ T6870]  ? swapin_walk_pmd_entry+0x7b0/0x7b0
[   65.795496][ T6870]  ? __fget_light+0xea/0x280
[   65.800093][ T6870]  ? mm_update_next_owner+0x7a0/0x7a0
[   65.805444][ T6870]  ? lock_is_held_type+0xbb/0xf0
[   65.810361][ T6870]  ? syscall_enter_from_user_mode+0x20/0x290
[   65.816331][ T6870]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[   65.822300][ T6870]  ? trace_hardirqs_on+0x5f/0x220
[   65.827303][ T6870]  __x64_sys_exit+0x3e/0x50
[   65.831788][ T6870]  do_syscall_64+0x2d/0x70
[   65.836186][ T6870]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   65.842051][ T6870] RIP: 0033:0x402aee
[   65.845915][ T6870] Code: Bad RIP value.
[   65.849967][ T6870] RSP: 002b:00007efd3e289de0 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[   65.858354][ T6870] RAX: ffffffffffffffda RBX: 00007efd3e28a700 RCX: 0000000000402aee
[   65.866306][ T6870] RDX: 000000000000003c RSI: 00000000007fb000 RDI: 0000000000000000
[   65.874357][ T6870] RBP: 0000000000000000 R08: 00000000000000f1 R09: 00007efd3e28a700
[   65.882321][ T6870] R10: 00007efd3e28a9d0 R11: 0000000000000246 R12: 0000000000000000
[   65.890288][ T6870] R13: 00007fff6b7cd24f R14: 00007efd3e28a9c0 R15: 0000000000000001
[   65.899268][ T6870] Kernel Offset: disabled
[   65.903586][ T6870] Rebooting in 86400 seconds..