Warning: Permanently added '10.128.1.34' (ECDSA) to the list of known hosts.
syzkaller login: [   64.685973][ T6846] IPVS: ftp: loaded support on port[0] = 21
executing program
[   64.781200][ T6852] Bluetooth: Wrong link type (-22)
[   64.789822][ T6846] ==================================================================
[   64.800494][ T6846] BUG: KASAN: use-after-free in hci_chan_del+0x14f/0x190
[   64.807491][ T6846] Read of size 8 at addr ffff8880a0b66218 by task syz-executor254/6846
[   64.815697][ T6846] 
[   64.818017][ T6846] CPU: 0 PID: 6846 Comm: syz-executor254 Not tainted 5.8.0-syzkaller #0
[   64.826310][ T6846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.836339][ T6846] Call Trace:
[   64.839607][ T6846]  dump_stack+0x18f/0x20d
[   64.843922][ T6846]  ? hci_chan_del+0x14f/0x190
[   64.848571][ T6846]  ? hci_chan_del+0x14f/0x190
[   64.853237][ T6846]  print_address_description.constprop.0.cold+0xae/0x497
[   64.860237][ T6846]  ? mutex_lock_io_nested+0xf60/0xf60
[   64.865592][ T6846]  ? vprintk_func+0x97/0x1a6
[   64.870178][ T6846]  ? hci_chan_del+0x14f/0x190
[   64.874830][ T6846]  ? hci_chan_del+0x14f/0x190
[   64.880003][ T6846]  kasan_report.cold+0x1f/0x37
[   64.884744][ T6846]  ? hci_chan_del+0x14f/0x190
[   64.889403][ T6846]  hci_chan_del+0x14f/0x190
[   64.893885][ T6846]  l2cap_conn_del+0x61b/0x9e0
[   64.898548][ T6846]  ? l2cap_conn_del+0x9e0/0x9e0
[   64.903373][ T6846]  l2cap_disconn_cfm+0x85/0xa0
[   64.908109][ T6846]  hci_conn_hash_flush+0x114/0x220
[   64.913207][ T6846]  hci_dev_do_close+0x5c6/0x1080
[   64.918121][ T6846]  ? hci_dev_open+0x350/0x350
[   64.922793][ T6846]  ? do_raw_read_unlock+0x70/0x70
[   64.927796][ T6846]  ? try_to_grab_pending.part.0+0x7d0/0x7d0
[   64.933670][ T6846]  hci_unregister_dev+0x1bd/0xe30
[   64.938667][ T6846]  ? fcntl_setlk+0xf60/0xf60
[   64.943240][ T6846]  ? lock_is_held_type+0xbb/0xf0
[   64.948154][ T6846]  vhci_release+0x70/0xe0
[   64.952460][ T6846]  __fput+0x285/0x920
[   64.956415][ T6846]  ? vhci_close_dev+0x50/0x50
[   64.961069][ T6846]  task_work_run+0xdd/0x190
[   64.965555][ T6846]  do_exit+0xb7d/0x29f0
[   64.969698][ T6846]  ? mm_update_next_owner+0x7a0/0x7a0
[   64.975059][ T6846]  ? vfs_write+0x1b0/0x730
[   64.979451][ T6846]  ? lock_is_held_type+0xbb/0xf0
[   64.984365][ T6846]  do_group_exit+0x125/0x310
[   64.988932][ T6846]  __x64_sys_exit_group+0x3a/0x50
[   64.993933][ T6846]  do_syscall_64+0x2d/0x70
[   64.998332][ T6846]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   65.004460][ T6846] RIP: 0033:0x4450a8
[   65.008332][ T6846] Code: Bad RIP value.
[   65.012384][ T6846] RSP: 002b:00007ffe542abe88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   65.020780][ T6846] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004450a8
[   65.028745][ T6846] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   65.036719][ T6846] RBP: 00000000004cce10 R08: 00000000000000e7 R09: ffffffffffffffd0
[   65.044675][ T6846] R10: 0000000000000015 R11: 0000000000000246 R12: 0000000000000001
[   65.052632][ T6846] R13: 00000000006e0200 R14: 0000000000000000 R15: 0000000000000000
[   65.060585][ T6846] 
[   65.062898][ T6846] Allocated by task 6852:
[   65.067224][ T6846]  kasan_save_stack+0x1b/0x40
[   65.071889][ T6846]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   65.077512][ T6846]  kmem_cache_alloc_trace+0x16e/0x2c0
[   65.082857][ T6846]  hci_chan_create+0x9b/0x330
[   65.087506][ T6846]  l2cap_conn_add.part.0+0x1e/0xe10
[   65.092691][ T6846]  l2cap_connect_cfm+0x23b/0x1090
[   65.097687][ T6846]  le_conn_complete_evt+0x1153/0x1740
[   65.103030][ T6846]  hci_le_meta_evt+0x745/0x3ff0
[   65.107875][ T6846]  hci_event_packet+0x2e25/0x87a8
[   65.112873][ T6846]  hci_rx_work+0x22e/0xb50
[   65.117263][ T6846]  process_one_work+0x94c/0x1670
[   65.122172][ T6846]  worker_thread+0x64c/0x1120
[   65.126823][ T6846]  kthread+0x3b5/0x4a0
[   65.130893][ T6846]  ret_from_fork+0x1f/0x30
[   65.135290][ T6846] 
[   65.137593][ T6846] Freed by task 6852:
[   65.141562][ T6846]  kasan_save_stack+0x1b/0x40
[   65.146241][ T6846]  kasan_set_track+0x1c/0x30
[   65.150806][ T6846]  kasan_set_free_info+0x1b/0x30
[   65.155728][ T6846]  __kasan_slab_free+0xd8/0x120
[   65.160574][ T6846]  kfree+0x103/0x2c0
[   65.164455][ T6846]  hci_event_packet+0x3e33/0x87a8
[   65.169466][ T6846]  hci_rx_work+0x22e/0xb50
[   65.173860][ T6846]  process_one_work+0x94c/0x1670
[   65.178770][ T6846]  worker_thread+0x64c/0x1120
[   65.183419][ T6846]  kthread+0x3b5/0x4a0
[   65.187464][ T6846]  ret_from_fork+0x1f/0x30
[   65.191857][ T6846] 
[   65.194161][ T6846] The buggy address belongs to the object at ffff8880a0b66200
[   65.194161][ T6846]  which belongs to the cache kmalloc-128 of size 128
[   65.208198][ T6846] The buggy address is located 24 bytes inside of
[   65.208198][ T6846]  128-byte region [ffff8880a0b66200, ffff8880a0b66280)
[   65.221370][ T6846] The buggy address belongs to the page:
[   65.226982][ T6846] page:00000000b3349b58 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a0b66800 pfn:0xa0b66
[   65.238403][ T6846] flags: 0xfffe0000000200(slab)
[   65.243245][ T6846] raw: 00fffe0000000200 ffffea00028ccec8 ffffea0002a35288 ffff8880aa040400
[   65.251805][ T6846] raw: ffff8880a0b66800 ffff8880a0b66000 0000000100000003 0000000000000000
[   65.260417][ T6846] page dumped because: kasan: bad access detected
[   65.266844][ T6846] 
[   65.269150][ T6846] Memory state around the buggy address:
[   65.275019][ T6846]  ffff8880a0b66100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.283059][ T6846]  ffff8880a0b66180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.291125][ T6846] >ffff8880a0b66200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.299157][ T6846]                             ^
[   65.303993][ T6846]  ffff8880a0b66280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.312028][ T6846]  ffff8880a0b66300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.320073][ T6846] ==================================================================
[   65.328201][ T6846] Disabling lock debugging due to kernel taint
[   65.334601][ T6846] Kernel panic - not syncing: panic_on_warn set ...
[   65.341194][ T6846] CPU: 0 PID: 6846 Comm: syz-executor254 Tainted: G    B             5.8.0-syzkaller #0
[   65.350895][ T6846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.360938][ T6846] Call Trace:
[   65.364230][ T6846]  dump_stack+0x18f/0x20d
[   65.368564][ T6846]  ? hci_chan_del+0xa0/0x190
[   65.373141][ T6846]  panic+0x2e3/0x75c
[   65.377023][ T6846]  ? __warn_printk+0xf3/0xf3
[   65.381593][ T6846]  ? preempt_schedule_common+0x59/0xc0
[   65.387023][ T6846]  ? hci_chan_del+0x14f/0x190
[   65.391674][ T6846]  ? preempt_schedule_thunk+0x16/0x18
[   65.397018][ T6846]  ? trace_hardirqs_on+0x55/0x220
[   65.402056][ T6846]  ? hci_chan_del+0x14f/0x190
[   65.406702][ T6846]  ? hci_chan_del+0x14f/0x190
[   65.411355][ T6846]  end_report+0x4d/0x53
[   65.415917][ T6846]  kasan_report.cold+0xd/0x37
[   65.420563][ T6846]  ? hci_chan_del+0x14f/0x190
[   65.425210][ T6846]  hci_chan_del+0x14f/0x190
[   65.429696][ T6846]  l2cap_conn_del+0x61b/0x9e0
[   65.434357][ T6846]  ? l2cap_conn_del+0x9e0/0x9e0
[   65.439176][ T6846]  l2cap_disconn_cfm+0x85/0xa0
[   65.443910][ T6846]  hci_conn_hash_flush+0x114/0x220
[   65.448994][ T6846]  hci_dev_do_close+0x5c6/0x1080
[   65.453908][ T6846]  ? hci_dev_open+0x350/0x350
[   65.458559][ T6846]  ? do_raw_read_unlock+0x70/0x70
[   65.463575][ T6846]  ? try_to_grab_pending.part.0+0x7d0/0x7d0
[   65.469445][ T6846]  hci_unregister_dev+0x1bd/0xe30
[   65.474448][ T6846]  ? fcntl_setlk+0xf60/0xf60
[   65.479021][ T6846]  ? lock_is_held_type+0xbb/0xf0
[   65.483945][ T6846]  vhci_release+0x70/0xe0
[   65.488262][ T6846]  __fput+0x285/0x920
[   65.492214][ T6846]  ? vhci_close_dev+0x50/0x50
[   65.496884][ T6846]  task_work_run+0xdd/0x190
[   65.501418][ T6846]  do_exit+0xb7d/0x29f0
[   65.505558][ T6846]  ? mm_update_next_owner+0x7a0/0x7a0
[   65.510902][ T6846]  ? vfs_write+0x1b0/0x730
[   65.515305][ T6846]  ? lock_is_held_type+0xbb/0xf0
[   65.520215][ T6846]  do_group_exit+0x125/0x310
[   65.524799][ T6846]  __x64_sys_exit_group+0x3a/0x50
[   65.529804][ T6846]  do_syscall_64+0x2d/0x70
[   65.540168][ T6846]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   65.546035][ T6846] RIP: 0033:0x4450a8
[   65.549895][ T6846] Code: Bad RIP value.
[   65.554347][ T6846] RSP: 002b:00007ffe542abe88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   65.562739][ T6846] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004450a8
[   65.570691][ T6846] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   65.578746][ T6846] RBP: 00000000004cce10 R08: 00000000000000e7 R09: ffffffffffffffd0
[   65.586692][ T6846] R10: 0000000000000015 R11: 0000000000000246 R12: 0000000000000001
[   65.594640][ T6846] R13: 00000000006e0200 R14: 0000000000000000 R15: 0000000000000000
[   65.603643][ T6846] Kernel Offset: disabled
[   65.607972][ T6846] Rebooting in 86400 seconds..