         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.106' (ECDSA) to the list of known hosts.
syzkaller login: [   61.010530][ T6873] IPVS: ftp: loaded support on port[0] = 21
executing program
[   64.205313][   T17] Bluetooth: hci0: command 0x0409 tx timeout
[   66.284346][   T12] Bluetooth: hci0: command 0x041b tx timeout
executing program
[   67.148299][ T6900] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
[   67.160078][ T6900] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
[   67.168467][ T6900] CPU: 1 PID: 6900 Comm: kworker/u5:2 Not tainted 5.8.0-rc7-next-20200731-syzkaller #0
[   67.178072][ T6900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.188109][ T6900] Workqueue: hci0 hci_rx_work
[   67.192775][ T6900] RIP: 0010:hci_phy_link_complete_evt.isra.0+0x23e/0x790
[   67.199771][ T6900] Code: 48 c1 ea 03 80 3c 02 00 0f 85 3e 05 00 00 48 8b 9d 30 09 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 da 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b
[   67.219354][ T6900] RSP: 0018:ffffc90005327a38 EFLAGS: 00010202
[   67.225398][ T6900] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8722a583
[   67.233438][ T6900] RDX: 0000000000000002 RSI: ffffffff8722a590 RDI: 0000000000000010
[   67.241400][ T6900] RBP: ffff8880965fa000 R08: 0000000000000001 R09: ffff888095672948
[   67.249350][ T6900] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[   67.257817][ T6900] R13: ffff88808e3a9138 R14: ffff8880a90a300b R15: 0000000000000000
[   67.265765][ T6900] FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[   67.274670][ T6900] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   67.281265][ T6900] CR2: 00000000006e06c0 CR3: 00000000a6f8c000 CR4: 00000000001506e0
[   67.289222][ T6900] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   67.297189][ T6900] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   67.305132][ T6900] Call Trace:
[   67.308405][ T6900]  hci_event_packet+0x4696/0x87a8
[   67.313405][ T6900]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[   67.319357][ T6900]  ? __lock_acquire+0x16cb/0x5640
[   67.324356][ T6900]  ? hci_cmd_complete_evt+0xc6d0/0xc6d0
[   67.329874][ T6900]  ? lock_acquire+0x1f1/0xad0
[   67.334523][ T6900]  ? skb_dequeue+0x1c/0x180
[   67.338997][ T6900]  ? find_held_lock+0x2d/0x110
[   67.343744][ T6900]  ? mark_lock+0xbc/0x1710
[   67.348133][ T6900]  ? mark_held_locks+0x9f/0xe0
[   67.352869][ T6900]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   67.358661][ T6900]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[   67.364614][ T6900]  ? trace_hardirqs_on+0x5f/0x220
[   67.369610][ T6900]  ? lockdep_hardirqs_on+0x76/0xf0
[   67.374694][ T6900]  hci_rx_work+0x22e/0xb50
[   67.379087][ T6900]  process_one_work+0x94c/0x1670
[   67.384003][ T6900]  ? lock_release+0x8e0/0x8e0
[   67.388660][ T6900]  ? pwq_dec_nr_in_flight+0x2d0/0x2d0
[   67.394025][ T6900]  ? rwlock_bug.part.0+0x90/0x90
[   67.398939][ T6900]  ? lockdep_hardirqs_off+0x7e/0xb0
[   67.404111][ T6900]  worker_thread+0x64c/0x1120
[   67.408760][ T6900]  ? __kthread_parkme+0x13f/0x1e0
[   67.413755][ T6900]  ? process_one_work+0x1670/0x1670
[   67.418925][ T6900]  kthread+0x3b5/0x4a0
[   67.422979][ T6900]  ? __kthread_bind_mask+0xc0/0xc0
[   67.428080][ T6900]  ? __kthread_bind_mask+0xc0/0xc0
[   67.433164][ T6900]  ret_from_fork+0x1f/0x30
[   67.437558][ T6900] Modules linked in:
[   67.454036][ T6900] ---[ end trace 34f6ee42dbb5952a ]---
[   67.459526][ T6900] RIP: 0010:hci_phy_link_complete_evt.isra.0+0x23e/0x790
[   67.466614][ T6900] Code: 48 c1 ea 03 80 3c 02 00 0f 85 3e 05 00 00 48 8b 9d 30 09 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 da 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b
[   67.486910][ T6900] RSP: 0018:ffffc90005327a38 EFLAGS: 00010202
[   67.492991][ T6900] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8722a583
[   67.501033][ T6900] RDX: 0000000000000002 RSI: ffffffff8722a590 RDI: 0000000000000010
[   67.509080][ T6900] RBP: ffff8880965fa000 R08: 0000000000000001 R09: ffff888095672948
[   67.517122][ T6900] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[   67.525166][ T6900] R13: ffff88808e3a9138 R14: ffff8880a90a300b R15: 0000000000000000
[   67.533131][ T6900] FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[   67.542101][ T6900] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   67.548795][ T6900] CR2: 00007f16244b8000 CR3: 0000000093792000 CR4: 00000000001506e0
[   67.556786][ T6900] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   67.565024][ T6900] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   67.572999][ T6900] Kernel panic - not syncing: Fatal exception
[   67.580249][ T6900] Kernel Offset: disabled
[   67.584566][ T6900] Rebooting in 86400 seconds..