Warning: Permanently added '10.128.0.214' (ECDSA) to the list of known hosts.
[   63.166780][ T6843] IPVS: ftp: loaded support on port[0] = 21
executing program
[   63.269741][ T6846] Bluetooth: Wrong link type (-22)
[   63.278483][ T6843] ==================================================================
[   63.286848][ T6843] BUG: KASAN: use-after-free in hci_chan_del+0x14f/0x190
[   63.293864][ T6843] Read of size 8 at addr ffff8880a6e02518 by task syz-executor336/6843
[   63.302222][ T6843] 
[   63.304555][ T6843] CPU: 0 PID: 6843 Comm: syz-executor336 Not tainted 5.8.0-syzkaller #0
[   63.312876][ T6843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.322927][ T6843] Call Trace:
[   63.326202][ T6843]  dump_stack+0x18f/0x20d
[   63.330525][ T6843]  ? hci_chan_del+0x14f/0x190
[   63.335268][ T6843]  ? hci_chan_del+0x14f/0x190
[   63.339924][ T6843]  print_address_description.constprop.0.cold+0xae/0x497
[   63.347011][ T6843]  ? mutex_lock_io_nested+0xf60/0xf60
[   63.352379][ T6843]  ? vprintk_func+0x97/0x1a6
[   63.356963][ T6843]  ? hci_chan_del+0x14f/0x190
[   63.361767][ T6843]  ? hci_chan_del+0x14f/0x190
[   63.366433][ T6843]  kasan_report.cold+0x1f/0x37
[   63.371212][ T6843]  ? hci_chan_del+0x14f/0x190
[   63.375873][ T6843]  hci_chan_del+0x14f/0x190
[   63.380381][ T6843]  l2cap_conn_del+0x61b/0x9e0
[   63.385313][ T6843]  ? l2cap_conn_del+0x9e0/0x9e0
[   63.390140][ T6843]  l2cap_disconn_cfm+0x85/0xa0
[   63.394889][ T6843]  hci_conn_hash_flush+0x114/0x220
[   63.402346][ T6843]  hci_dev_do_close+0x5c6/0x1080
[   63.407269][ T6843]  ? hci_dev_open+0x350/0x350
[   63.411923][ T6843]  ? do_raw_read_unlock+0x70/0x70
[   63.416926][ T6843]  ? try_to_grab_pending.part.0+0x7d0/0x7d0
[   63.422801][ T6843]  hci_unregister_dev+0x1bd/0xe30
[   63.428065][ T6843]  ? fcntl_setlk+0xf60/0xf60
[   63.432637][ T6843]  ? lock_is_held_type+0xbb/0xf0
[   63.437576][ T6843]  vhci_release+0x70/0xe0
[   63.441909][ T6843]  __fput+0x285/0x920
[   63.445915][ T6843]  ? vhci_close_dev+0x50/0x50
[   63.450595][ T6843]  task_work_run+0xdd/0x190
[   63.455087][ T6843]  do_exit+0xb7d/0x29f0
[   63.459227][ T6843]  ? mm_update_next_owner+0x7a0/0x7a0
[   63.464662][ T6843]  ? vmacache_update+0xce/0x140
[   63.469499][ T6843]  ? lock_is_held_type+0xbb/0xf0
[   63.474730][ T6843]  do_group_exit+0x125/0x310
[   63.479324][ T6843]  __ia32_sys_exit_group+0x3a/0x50
[   63.484517][ T6843]  __do_fast_syscall_32+0x57/0x80
[   63.489526][ T6843]  do_fast_syscall_32+0x2f/0x70
[   63.494621][ T6843]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   63.500936][ T6843] RIP: 0023:0xf7f3c549
[   63.504983][ T6843] Code: Bad RIP value.
[   63.509031][ T6843] RSP: 002b:00000000ffde827c EFLAGS: 00000292 ORIG_RAX: 00000000000000fc
[   63.517425][ T6843] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000080fd318
[   63.527285][ T6843] RDX: 0000000000000000 RSI: 00000000080e32e0 RDI: 00000000080fd320
[   63.535471][ T6843] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   63.543450][ T6843] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   63.551399][ T6843] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   63.559358][ T6843] 
[   63.561665][ T6843] Allocated by task 1544:
[   63.565980][ T6843]  kasan_save_stack+0x1b/0x40
[   63.570637][ T6843]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   63.576330][ T6843]  kmem_cache_alloc_trace+0x16e/0x2c0
[   63.581675][ T6843]  hci_chan_create+0x9b/0x330
[   63.586329][ T6843]  l2cap_conn_add.part.0+0x1e/0xe10
[   63.591518][ T6843]  l2cap_connect_cfm+0x23b/0x1090
[   63.596544][ T6843]  le_conn_complete_evt+0x1153/0x1740
[   63.601892][ T6843]  hci_le_meta_evt+0x745/0x3ff0
[   63.606718][ T6843]  hci_event_packet+0x2e25/0x87a8
[   63.611714][ T6843]  hci_rx_work+0x22e/0xb50
[   63.616109][ T6843]  process_one_work+0x94c/0x1670
[   63.621021][ T6843]  worker_thread+0x64c/0x1120
[   63.626009][ T6843]  kthread+0x3b5/0x4a0
[   63.630054][ T6843]  ret_from_fork+0x1f/0x30
[   63.634440][ T6843] 
[   63.636758][ T6843] Freed by task 6846:
[   63.640732][ T6843]  kasan_save_stack+0x1b/0x40
[   63.645386][ T6843]  kasan_set_track+0x1c/0x30
[   63.650395][ T6843]  kasan_set_free_info+0x1b/0x30
[   63.655309][ T6843]  __kasan_slab_free+0xd8/0x120
[   63.660133][ T6843]  kfree+0x103/0x2c0
[   63.664009][ T6843]  hci_event_packet+0x3e33/0x87a8
[   63.669033][ T6843]  hci_rx_work+0x22e/0xb50
[   63.673425][ T6843]  process_one_work+0x94c/0x1670
[   63.678419][ T6843]  worker_thread+0x64c/0x1120
[   63.683096][ T6843]  kthread+0x3b5/0x4a0
[   63.687153][ T6843]  ret_from_fork+0x1f/0x30
[   63.691551][ T6843] 
[   63.693910][ T6843] The buggy address belongs to the object at ffff8880a6e02500
[   63.693910][ T6843]  which belongs to the cache kmalloc-128 of size 128
[   63.707972][ T6843] The buggy address is located 24 bytes inside of
[   63.707972][ T6843]  128-byte region [ffff8880a6e02500, ffff8880a6e02580)
[   63.721133][ T6843] The buggy address belongs to the page:
[   63.726753][ T6843] page:00000000cfe807a5 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a6e02900 pfn:0xa6e02
[   63.738180][ T6843] flags: 0xfffe0000000200(slab)
[   63.743009][ T6843] raw: 00fffe0000000200 ffffea0002a10cc8 ffffea0002a5ad08 ffff8880aa040400
[   63.751574][ T6843] raw: ffff8880a6e02900 ffff8880a6e02000 000000010000000c 0000000000000000
[   63.760133][ T6843] page dumped because: kasan: bad access detected
[   63.766517][ T6843] 
[   63.768822][ T6843] Memory state around the buggy address:
[   63.774431][ T6843]  ffff8880a6e02400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[   63.782482][ T6843]  ffff8880a6e02480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.790518][ T6843] >ffff8880a6e02500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   63.798575][ T6843]                             ^
[   63.803404][ T6843]  ffff8880a6e02580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.811441][ T6843]  ffff8880a6e02600: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[   63.819475][ T6843] ==================================================================
[   63.827535][ T6843] Disabling lock debugging due to kernel taint
[   63.834279][ T6843] Kernel panic - not syncing: panic_on_warn set ...
[   63.840884][ T6843] CPU: 0 PID: 6843 Comm: syz-executor336 Tainted: G    B             5.8.0-syzkaller #0
[   63.850595][ T6843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.860910][ T6843] Call Trace:
[   63.864197][ T6843]  dump_stack+0x18f/0x20d
[   63.868506][ T6843]  ? hci_chan_del+0x120/0x190
[   63.873158][ T6843]  panic+0x2e3/0x75c
[   63.877029][ T6843]  ? __warn_printk+0xf3/0xf3
[   63.881592][ T6843]  ? preempt_schedule_common+0x59/0xc0
[   63.887023][ T6843]  ? hci_chan_del+0x14f/0x190
[   63.891673][ T6843]  ? preempt_schedule_thunk+0x16/0x18
[   63.897020][ T6843]  ? trace_hardirqs_on+0x55/0x220
[   63.903351][ T6843]  ? hci_chan_del+0x14f/0x190
[   63.908022][ T6843]  ? hci_chan_del+0x14f/0x190
[   63.912674][ T6843]  end_report+0x4d/0x53
[   63.916805][ T6843]  kasan_report.cold+0xd/0x37
[   63.921459][ T6843]  ? hci_chan_del+0x14f/0x190
[   63.926123][ T6843]  hci_chan_del+0x14f/0x190
[   63.930601][ T6843]  l2cap_conn_del+0x61b/0x9e0
[   63.935259][ T6843]  ? l2cap_conn_del+0x9e0/0x9e0
[   63.940087][ T6843]  l2cap_disconn_cfm+0x85/0xa0
[   63.944829][ T6843]  hci_conn_hash_flush+0x114/0x220
[   63.949916][ T6843]  hci_dev_do_close+0x5c6/0x1080
[   63.954860][ T6843]  ? hci_dev_open+0x350/0x350
[   63.959522][ T6843]  ? do_raw_read_unlock+0x70/0x70
[   63.964523][ T6843]  ? try_to_grab_pending.part.0+0x7d0/0x7d0
[   63.970521][ T6843]  hci_unregister_dev+0x1bd/0xe30
[   63.975522][ T6843]  ? fcntl_setlk+0xf60/0xf60
[   63.980436][ T6843]  ? lock_is_held_type+0xbb/0xf0
[   63.985349][ T6843]  vhci_release+0x70/0xe0
[   63.989662][ T6843]  __fput+0x285/0x920
[   63.993712][ T6843]  ? vhci_close_dev+0x50/0x50
[   63.998389][ T6843]  task_work_run+0xdd/0x190
[   64.002891][ T6843]  do_exit+0xb7d/0x29f0
[   64.007024][ T6843]  ? mm_update_next_owner+0x7a0/0x7a0
[   64.012394][ T6843]  ? vmacache_update+0xce/0x140
[   64.017220][ T6843]  ? lock_is_held_type+0xbb/0xf0
[   64.022131][ T6843]  do_group_exit+0x125/0x310
[   64.026697][ T6843]  __ia32_sys_exit_group+0x3a/0x50
[   64.031784][ T6843]  __do_fast_syscall_32+0x57/0x80
[   64.036783][ T6843]  do_fast_syscall_32+0x2f/0x70
[   64.041609][ T6843]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   64.047920][ T6843] RIP: 0023:0xf7f3c549
[   64.051956][ T6843] Code: Bad RIP value.
[   64.055995][ T6843] RSP: 002b:00000000ffde827c EFLAGS: 00000292 ORIG_RAX: 00000000000000fc
[   64.064466][ T6843] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000080fd318
[   64.072587][ T6843] RDX: 0000000000000000 RSI: 00000000080e32e0 RDI: 00000000080fd320
[   64.080535][ T6843] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   64.088501][ T6843] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   64.097141][ T6843] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   64.106239][ T6843] Kernel Offset: disabled
[   64.110558][ T6843] Rebooting in 86400 seconds..