[  403.604748][  T462] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.718136][  T462] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.840393][  T462] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.974045][  T462] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
Warning: Permanently added '10.128.1.123' (ECDSA) to the list of known hosts.
[  405.338995][   T28] audit: type=1400 audit(1614613213.555:11): avc:  denied  { execmem } for  pid=17449 comm="syz-executor083" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[  405.345656][T17450] IPVS: ftp: loaded support on port[0] = 21
[  405.818174][  T462] device hsr_slave_0 left promiscuous mode
[  405.855837][  T462] device hsr_slave_1 left promiscuous mode
[  405.956277][  T462] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  405.964244][  T462] batman_adv: batadv0: Removing interface: batadv_slave_0
[  405.974098][  T462] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  405.981730][  T462] batman_adv: batadv0: Removing interface: batadv_slave_1
[  405.990787][  T462] device bridge_slave_1 left promiscuous mode
[  405.997644][  T462] bridge0: port 2(bridge_slave_1) entered disabled state
[  406.048809][  T462] device bridge_slave_0 left promiscuous mode
[  406.055245][  T462] bridge0: port 1(bridge_slave_0) entered disabled state
[  406.123950][  T462] device veth1_macvtap left promiscuous mode
[  406.130306][  T462] device veth0_macvtap left promiscuous mode
[  406.137508][  T462] device veth1_vlan left promiscuous mode
[  406.143344][  T462] device veth0_vlan left promiscuous mode
[  408.601455][T17366] Bluetooth: hci0: command 0x0409 tx timeout
[  410.492890][  T462] team0 (unregistering): Port device team_slave_1 removed
[  410.510619][  T462] team0 (unregistering): Port device team_slave_0 removed
[  410.523719][  T462] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  410.571583][  T462] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  410.671060][  T462] bond0 (unregistering): Released all slaves
[  410.677395][    T5] Bluetooth: hci0: command 0x041b tx timeout
[  411.496385][ T1556] ------------[ cut here ]------------
[  411.502192][ T1556] refcount_t: addition on 0; use-after-free.
[  411.508308][ T1556] WARNING: CPU: 0 PID: 1556 at lib/refcount.c:25 refcount_warn_saturate+0xdd/0x140
[  411.517639][ T1556] Modules linked in:
[  411.521518][ T1556] CPU: 0 PID: 1556 Comm: kworker/u5:0 Not tainted 5.12.0-rc1-syzkaller #0
[  411.530022][ T1556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  411.540248][ T1556] Workqueue: hci0 hci_rx_work
[  411.544904][ T1556] RIP: 0010:refcount_warn_saturate+0xdd/0x140
[  411.550977][ T1556] Code: 30 80 e4 06 01 e8 10 f8 ed 03 0f 0b eb 9d 80 3d 1f 80 e4 06 00 75 94 48 c7 c7 e0 45 12 88 c6 05 0f 80 e4 06 01 e8 f0 f7 ed 03 <0f> 0b e9 7a ff ff ff 80 3d f9 7f e4 06 00 0f 85 6d ff ff ff 48 c7
[  411.570624][ T1556] RSP: 0018:ffffc90005027980 EFLAGS: 00010286
[  411.576687][ T1556] RAX: 0000000000000000 RBX: ffff88812a0d0018 RCX: 0000000000000000
[  411.584978][ T1556] RDX: 0000000000000002 RSI: ffffffff88127fc0 RDI: fffff52000a04f22
[  411.592962][ T1556] RBP: 0000000000000002 R08: 0000000000000001 R09: ffff8881f64310e7
[  411.601014][ T1556] R10: ffffed103ec8621c R11: 746e756f63666572 R12: dffffc0000000000
[  411.609245][ T1556] R13: 0000000000000001 R14: ffff88812a0d0021 R15: ffffffff8a20bec8
[  411.617220][ T1556] FS:  0000000000000000(0000) GS:ffff8881f6400000(0000) knlGS:0000000000000000
[  411.626153][ T1556] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  411.632798][ T1556] CR2: 0000000001320608 CR3: 0000000120414000 CR4: 0000000000350ef0
[  411.640807][ T1556] Call Trace:
[  411.644152][ T1556]  l2cap_global_chan_by_psm+0x35a/0x3c0
[  411.649701][ T1556]  ? l2cap_global_fixed_chan+0x340/0x340
[  411.655308][ T1556]  ? lock_acquire+0x212/0x850
[  411.659979][ T1556]  l2cap_recv_frame+0xa1f/0x9dd0
[  411.664904][ T1556]  ? __lock_acquire+0xbc5/0x5050
[  411.669857][ T1556]  ? lock_is_held_type+0xfa/0x130
[  411.674851][ T1556]  ? find_held_lock+0x2d/0x110
[  411.679611][ T1556]  ? check_preemption_disabled+0x36/0xd0
[  411.685216][ T1556]  ? l2cap_config_rsp.isra.0+0xf40/0xf40
[  411.690861][ T1556]  ? hci_rx_work+0x356/0x930
[  411.695443][ T1556]  ? lock_downgrade+0x7b0/0x7b0
[  411.700267][ T1556]  ? lock_is_held_type+0xfa/0x130
[  411.705261][ T1556]  ? find_held_lock+0x2d/0x110
[  411.710025][ T1556]  ? __mutex_unlock_slowpath+0xe2/0x610
[  411.715633][ T1556]  ? hci_conn_check_link_mode+0x3d0/0x3d0
[  411.721321][ T1556]  ? lockdep_hardirqs_on+0x54/0x100
[  411.726519][ T1556]  hci_rx_work+0x38f/0x930
[  411.731170][ T1556]  process_one_work+0x84c/0x13b0
[  411.736103][ T1556]  ? lock_release+0x7e0/0x7e0
[  411.740752][ T1556]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  411.746125][ T1556]  ? rwlock_bug.part.0+0x90/0x90
[  411.751054][ T1556]  worker_thread+0x598/0xf80
[  411.755644][ T1556]  ? process_one_work+0x13b0/0x13b0
[  411.760813][ T1556]  kthread+0x36f/0x450
[  411.764854][ T1556]  ? _raw_spin_unlock_irq+0x1f/0x80
[  411.770046][ T1556]  ? __kthread_bind_mask+0x90/0x90
[  411.775130][ T1556]  ret_from_fork+0x1f/0x30
[  411.779562][ T1556] Kernel panic - not syncing: panic_on_warn set ...
[  411.786118][ T1556] CPU: 0 PID: 1556 Comm: kworker/u5:0 Not tainted 5.12.0-rc1-syzkaller #0
[  411.794581][ T1556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  411.804607][ T1556] Workqueue: hci0 hci_rx_work
[  411.809261][ T1556] Call Trace:
[  411.812517][ T1556]  dump_stack+0x10c/0x14b
[  411.816819][ T1556]  panic+0x28c/0x559
[  411.820686][ T1556]  ? __warn_printk+0xee/0xee
[  411.825251][ T1556]  ? refcount_warn_saturate+0xdd/0x140
[  411.830680][ T1556]  __warn.cold+0x2b/0x35
[  411.834890][ T1556]  ? refcount_warn_saturate+0xdd/0x140
[  411.840317][ T1556]  report_bug+0x15a/0x1b0
[  411.844617][ T1556]  handle_bug+0x38/0x90
[  411.848743][ T1556]  ? __warn_printk+0xc1/0xee
[  411.853299][ T1556]  exc_invalid_op+0x14/0x40
[  411.857769][ T1556]  asm_exc_invalid_op+0x12/0x20
[  411.862594][ T1556] RIP: 0010:refcount_warn_saturate+0xdd/0x140
[  411.868630][ T1556] Code: 30 80 e4 06 01 e8 10 f8 ed 03 0f 0b eb 9d 80 3d 1f 80 e4 06 00 75 94 48 c7 c7 e0 45 12 88 c6 05 0f 80 e4 06 01 e8 f0 f7 ed 03 <0f> 0b e9 7a ff ff ff 80 3d f9 7f e4 06 00 0f 85 6d ff ff ff 48 c7
[  411.888204][ T1556] RSP: 0018:ffffc90005027980 EFLAGS: 00010286
[  411.894414][ T1556] RAX: 0000000000000000 RBX: ffff88812a0d0018 RCX: 0000000000000000
[  411.902355][ T1556] RDX: 0000000000000002 RSI: ffffffff88127fc0 RDI: fffff52000a04f22
[  411.910298][ T1556] RBP: 0000000000000002 R08: 0000000000000001 R09: ffff8881f64310e7
[  411.918240][ T1556] R10: ffffed103ec8621c R11: 746e756f63666572 R12: dffffc0000000000
[  411.926181][ T1556] R13: 0000000000000001 R14: ffff88812a0d0021 R15: ffffffff8a20bec8
[  411.934133][ T1556]  l2cap_global_chan_by_psm+0x35a/0x3c0
[  411.939652][ T1556]  ? l2cap_global_fixed_chan+0x340/0x340
[  411.945255][ T1556]  ? lock_acquire+0x212/0x850
[  411.949919][ T1556]  l2cap_recv_frame+0xa1f/0x9dd0
[  411.954827][ T1556]  ? __lock_acquire+0xbc5/0x5050
[  411.959734][ T1556]  ? lock_is_held_type+0xfa/0x130
[  411.964728][ T1556]  ? find_held_lock+0x2d/0x110
[  411.969460][ T1556]  ? check_preemption_disabled+0x36/0xd0
[  411.975060][ T1556]  ? l2cap_config_rsp.isra.0+0xf40/0xf40
[  411.980661][ T1556]  ? hci_rx_work+0x356/0x930
[  411.985219][ T1556]  ? lock_downgrade+0x7b0/0x7b0
[  411.990037][ T1556]  ? lock_is_held_type+0xfa/0x130
[  411.995028][ T1556]  ? find_held_lock+0x2d/0x110
[  411.999762][ T1556]  ? __mutex_unlock_slowpath+0xe2/0x610
[  412.005285][ T1556]  ? hci_conn_check_link_mode+0x3d0/0x3d0
[  412.010975][ T1556]  ? lockdep_hardirqs_on+0x54/0x100
[  412.016148][ T1556]  hci_rx_work+0x38f/0x930
[  412.020542][ T1556]  process_one_work+0x84c/0x13b0
[  412.025627][ T1556]  ? lock_release+0x7e0/0x7e0
[  412.030271][ T1556]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  412.035613][ T1556]  ? rwlock_bug.part.0+0x90/0x90
[  412.040523][ T1556]  worker_thread+0x598/0xf80
[  412.045087][ T1556]  ? process_one_work+0x13b0/0x13b0
[  412.050269][ T1556]  kthread+0x36f/0x450
[  412.054317][ T1556]  ? _raw_spin_unlock_irq+0x1f/0x80
[  412.059481][ T1556]  ? __kthread_bind_mask+0x90/0x90
[  412.064565][ T1556]  ret_from_fork+0x1f/0x30
[  412.073410][ T1556] Kernel Offset: disabled
[  412.078081][ T1556] Rebooting in 86400 seconds..