Warning: Permanently added '10.128.0.33' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   35.017455] IPVS: ftp: loaded support on port[0] = 21
[   35.058937] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:200'
[   35.067841] CPU: 1 PID: 8123 Comm: kworker/u5:1 Not tainted 4.19.201-syzkaller #0
[   35.075454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.084798] Workqueue: hci0 hci_rx_work
[   35.088746] Call Trace:
[   35.091314]  dump_stack+0x1fc/0x2ef
[   35.094926]  sysfs_warn_dup.cold+0x1c/0x29
[   35.099154]  sysfs_create_dir_ns+0x228/0x280
[   35.103539]  ? sysfs_create_mount_point+0xb0/0xb0
[   35.108360]  ? lock_acquire+0x170/0x3c0
[   35.112314]  ? kobject_add_internal+0x134/0x9c0
[   35.116961]  ? lock_downgrade+0x720/0x720
[   35.121127]  ? do_raw_spin_unlock+0x171/0x230
[   35.125602]  kobject_add_internal+0x2a5/0x9c0
[   35.130081]  kobject_add+0x150/0x1c0
[   35.133823]  ? kset_create_and_add+0x1a0/0x1a0
[   35.138383]  ? kfree+0x110/0x210
[   35.141728]  ? kfree_const+0x51/0x60
[   35.145420]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   35.150000]  ? device_add+0x35c/0x16d0
[   35.153869]  device_add+0x37b/0x16d0
[   35.157565]  ? device_check_offline+0x280/0x280
[   35.162214]  ? lock_acquire+0x170/0x3c0
[   35.166170]  hci_conn_add_sysfs+0x97/0x1a0
[   35.170388]  hci_sync_conn_complete_evt.isra.0+0x9e9/0xca0
[   35.176031]  hci_event_packet+0x391f/0x7e20
[   35.180335]  ? mark_held_locks+0xf0/0xf0
[   35.184416]  ? __lock_acquire+0x6de/0x3ff0
[   35.188632]  ? hci_cmd_complete_evt+0xc280/0xc280
[   35.193454]  ? __update_load_avg_se+0x5ec/0xa00
[   35.198103]  ? debug_object_deactivate+0x1f9/0x2e0
[   35.203018]  ? mark_held_locks+0xa6/0xf0
[   35.207059]  ? _raw_spin_unlock_irqrestore+0x79/0xe0
[   35.212177]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   35.216773]  hci_rx_work+0x4ad/0xc70
[   35.220471]  process_one_work+0x864/0x1570
[   35.224686]  ? pwq_dec_nr_in_flight+0x2d0/0x2d0
[   35.229338]  worker_thread+0x64c/0x1130
[   35.233307]  ? process_one_work+0x1570/0x1570
[   35.237784]  kthread+0x33f/0x460
[   35.241130]  ? kthread_park+0x180/0x180
[   35.245089]  ret_from_fork+0x24/0x30
[   35.249672] kobject_add_internal failed for hci0:200 with -EEXIST, don't try to register things with the same name in the same directory.
[   35.262213] Bluetooth: hci0: failed to register connection device
[   35.270325] ==================================================================
[   35.277914] BUG: KASAN: use-after-free in __list_del_entry_valid+0xe0/0xf0
[   35.284923] Read of size 8 at addr ffff8880a449fb20 by task kworker/u5:1/8123
[   35.292167] 
[   35.293776] CPU: 1 PID: 8123 Comm: kworker/u5:1 Not tainted 4.19.201-syzkaller #0
[   35.301387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.310725] Workqueue: hci0 hci_rx_work
[   35.314673] Call Trace:
[   35.317244]  dump_stack+0x1fc/0x2ef
[   35.320865]  print_address_description.cold+0x54/0x219
[   35.326124]  kasan_report_error.cold+0x8a/0x1b9
[   35.330786]  ? __list_del_entry_valid+0xe0/0xf0
[   35.335433]  __asan_report_load8_noabort+0x88/0x90
[   35.340342]  ? lock_acquire+0x100/0x3c0
[   35.344295]  ? __list_del_entry_valid+0xe0/0xf0
[   35.348942]  __list_del_entry_valid+0xe0/0xf0
[   35.353430]  klist_dec_and_del+0x97/0x480
[   35.357574]  ? __device_link_free_srcu+0x110/0x110
[   35.362495]  klist_put+0x7a/0x150
[   35.365936]  device_del+0x162/0xaf0
[   35.369539]  ? klist_iter_exit+0xc/0x80
[   35.373501]  ? device_link_remove+0x100/0x100
[   35.377977]  ? _raw_spin_unlock_irqrestore+0x79/0xe0
[   35.383060]  hci_conn_del_sysfs+0xdc/0x180
[   35.387289]  hci_conn_cleanup+0x24b/0x550
[   35.391413]  hci_conn_del+0x2a0/0x780
[   35.395193]  hci_event_packet+0x11ca/0x7e20
[   35.399496]  ? hci_cmd_complete_evt+0xc280/0xc280
[   35.404319]  ? __update_load_avg_se+0x5ec/0xa00
[   35.408964]  ? debug_object_deactivate+0x1f9/0x2e0
[   35.413893]  ? mark_held_locks+0xa6/0xf0
[   35.417935]  ? _raw_spin_unlock_irqrestore+0x79/0xe0
[   35.423016]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   35.427582]  hci_rx_work+0x4ad/0xc70
[   35.431279]  process_one_work+0x864/0x1570
[   35.435496]  ? pwq_dec_nr_in_flight+0x2d0/0x2d0
[   35.440163]  worker_thread+0x64c/0x1130
[   35.444122]  ? process_one_work+0x1570/0x1570
[   35.448868]  kthread+0x33f/0x460
[   35.452211]  ? kthread_park+0x180/0x180
[   35.456167]  ret_from_fork+0x24/0x30
[   35.459859] 
[   35.461466] Allocated by task 8123:
[   35.465082]  kmem_cache_alloc_trace+0x12f/0x380
[   35.469730]  device_add+0xe5a/0x16d0
[   35.473421]  hci_conn_add_sysfs+0x97/0x1a0
[   35.477647]  hci_event_packet+0x2647/0x7e20
[   35.481948]  hci_rx_work+0x4ad/0xc70
[   35.485641]  process_one_work+0x864/0x1570
[   35.489851]  worker_thread+0x64c/0x1130
[   35.493814]  kthread+0x33f/0x460
[   35.497158]  ret_from_fork+0x24/0x30
[   35.500844] 
[   35.502448] Freed by task 8123:
[   35.505706]  kfree+0xcc/0x210
[   35.508791]  device_add+0x713/0x16d0
[   35.512481]  hci_conn_add_sysfs+0x97/0x1a0
[   35.516694]  hci_sync_conn_complete_evt.isra.0+0x9e9/0xca0
[   35.522295]  hci_event_packet+0x391f/0x7e20
[   35.526593]  hci_rx_work+0x4ad/0xc70
[   35.530284]  process_one_work+0x864/0x1570
[   35.534513]  worker_thread+0x64c/0x1130
[   35.538474]  kthread+0x33f/0x460
[   35.541816]  ret_from_fork+0x24/0x30
[   35.545499] 
[   35.547102] The buggy address belongs to the object at ffff8880a449fac0
[   35.547102]  which belongs to the cache kmalloc-256 of size 256
[   35.559733] The buggy address is located 96 bytes inside of
[   35.559733]  256-byte region [ffff8880a449fac0, ffff8880a449fbc0)
[   35.571499] The buggy address belongs to the page:
[   35.576424] page:ffffea00029127c0 count:1 mapcount:0 mapping:ffff88813bff07c0 index:0xffff8880a449f200
[   35.585872] flags: 0xfff00000000100(slab)
[   35.590024] raw: 00fff00000000100 ffffea0002d488c8 ffffea0002917c48 ffff88813bff07c0
[   35.597887] raw: ffff8880a449f200 ffff8880a449f0c0 0000000100000007 0000000000000000
[   35.605742] page dumped because: kasan: bad access detected
[   35.611424] 
[   35.613024] Memory state around the buggy address:
[   35.618104]  ffff8880a449fa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.625442]  ffff8880a449fa80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   35.632779] >ffff8880a449fb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.640113]                                ^
[   35.644508]  ffff8880a449fb80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   35.651844]  ffff8880a449fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.659178] ==================================================================
[   35.666527] Disabling lock debugging due to kernel taint
[   35.672187] Kernel panic - not syncing: panic_on_warn set ...
[   35.672187] 
[   35.679559] CPU: 1 PID: 8123 Comm: kworker/u5:1 Tainted: G    B             4.19.201-syzkaller #0
[   35.688571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.697924] Workqueue: hci0 hci_rx_work
[   35.701887] Call Trace:
[   35.704466]  dump_stack+0x1fc/0x2ef
[   35.708081]  panic+0x26a/0x50e
[   35.711251]  ? __warn_printk+0xf3/0xf3
[   35.715118]  ? trace_hardirqs_on+0x55/0x210
[   35.719418]  kasan_end_report+0x43/0x49
[   35.723370]  kasan_report_error.cold+0xa7/0x1b9
[   35.728029]  ? __list_del_entry_valid+0xe0/0xf0
[   35.732674]  __asan_report_load8_noabort+0x88/0x90
[   35.737579]  ? lock_acquire+0x100/0x3c0
[   35.741551]  ? __list_del_entry_valid+0xe0/0xf0
[   35.746199]  __list_del_entry_valid+0xe0/0xf0
[   35.750674]  klist_dec_and_del+0x97/0x480
[   35.754810]  ? __device_link_free_srcu+0x110/0x110
[   35.759724]  klist_put+0x7a/0x150
[   35.763156]  device_del+0x162/0xaf0
[   35.766759]  ? klist_iter_exit+0xc/0x80
[   35.770723]  ? device_link_remove+0x100/0x100
[   35.775194]  ? _raw_spin_unlock_irqrestore+0x79/0xe0
[   35.780276]  hci_conn_del_sysfs+0xdc/0x180
[   35.784503]  hci_conn_cleanup+0x24b/0x550
[   35.788626]  hci_conn_del+0x2a0/0x780
[   35.792404]  hci_event_packet+0x11ca/0x7e20
[   35.796715]  ? hci_cmd_complete_evt+0xc280/0xc280
[   35.801539]  ? __update_load_avg_se+0x5ec/0xa00
[   35.806185]  ? debug_object_deactivate+0x1f9/0x2e0
[   35.811106]  ? mark_held_locks+0xa6/0xf0
[   35.815144]  ? _raw_spin_unlock_irqrestore+0x79/0xe0
[   35.820225]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   35.824798]  hci_rx_work+0x4ad/0xc70
[   35.828493]  process_one_work+0x864/0x1570
[   35.832710]  ? pwq_dec_nr_in_flight+0x2d0/0x2d0
[   35.837358]  worker_thread+0x64c/0x1130
[   35.841327]  ? process_one_work+0x1570/0x1570
[   35.845812]  kthread+0x33f/0x460
[   35.849153]  ? kthread_park+0x180/0x180
[   35.853109]  ret_from_fork+0x24/0x30
[   35.858003] Kernel Offset: disabled
[   35.861615] Rebooting in 86400 seconds..