[  399.563392] syz-executor.4 (5896) used greatest stack depth: 22664 bytes left
[  400.184506] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  400.191410] batman_adv: batadv0: Removing interface: batadv_slave_0
[  400.199306] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  400.206799] batman_adv: batadv0: Removing interface: batadv_slave_1
[  400.216709] device bridge_slave_1 left promiscuous mode
[  400.222862] bridge0: port 2(bridge_slave_1) entered disabled state
[  400.264377] device bridge_slave_0 left promiscuous mode
[  400.269957] bridge0: port 1(bridge_slave_0) entered disabled state
[  400.326172] device veth1_macvtap left promiscuous mode
[  400.331898] device veth0_macvtap left promiscuous mode
[  400.337228] device veth1_vlan left promiscuous mode
[  400.343050] device veth0_vlan left promiscuous mode
[  400.443941] device hsr_slave_1 left promiscuous mode
[  400.483802] device hsr_slave_0 left promiscuous mode
[  400.527820] team0 (unregistering): Port device team_slave_1 removed
[  400.539364] team0 (unregistering): Port device team_slave_0 removed
[  400.549073] bond0 (unregistering): Releasing backup interface bond_slave_1
[  400.584390] bond0 (unregistering): Releasing backup interface bond_slave_0
[  400.643153] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.15.208' (ECDSA) to the list of known hosts.
[  401.430982] IPVS: ftp: loaded support on port[0] = 21
[  402.576457] list_del corruption, ffff8881d0e4ee48->next is LIST_POISON1 (dead000000000100)
[  402.585607] ------------[ cut here ]------------
[  402.590434] kernel BUG at lib/list_debug.c:47!
[  402.595270] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  402.600783] CPU: 0 PID: 3187 Comm: kworker/u5:0 Not tainted 4.19.206-syzkaller #0
[  402.608385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  402.618085] Workqueue: hci0 hci_rx_work
[  402.622226] RIP: 0010:__list_del_entry_valid.cold.1+0x26/0x4a
[  402.628096] Code: f9 ff 0f 0b 4c 89 e2 48 89 de 48 c7 c7 60 a7 67 87 e8 ae 68 f9 ff 0f 0b 4c 89 ea 48 89 de 48 c7 c7 00 a7 67 87 e8 9a 68 f9 ff <0f> 0b 48 89 de 48 c7 c7 20 a8 67 87 e8 89 68 f9 ff 0f 0b 48 89 de
[  402.647060] RSP: 0018:ffff8881edf576f8 EFLAGS: 00010282
[  402.652679] RAX: 000000000000004e RBX: ffff8881d0e4ee48 RCX: 0000000000000000
[  402.659924] RDX: 0000000000000000 RSI: ffffffff8767a460 RDI: ffffffff8a19faa0
[  402.667166] RBP: ffff8881edf57710 R08: ffffed103ed05091 R09: ffffed103ed05090
[  402.674419] R10: ffffed103ed05090 R11: ffff8881f6828487 R12: dead000000000200
[  402.681840] R13: dead000000000100 R14: ffff8881d410a0c0 R15: ffff8881d410a140
[  402.689087] FS:  0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000
[  402.697290] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  402.703229] CR2: 00007fbaa97b71f8 CR3: 000000000846d001 CR4: 00000000001606f0
[  402.710512] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  402.717771] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  402.725228] Call Trace:
[  402.727801]  l2cap_chan_put+0x49/0x1a0
[  402.731850]  l2cap_recv_frame+0xf29/0xa430
[  402.736062]  ? l2cap_ertm_init+0xa30/0xa30
[  402.740328]  ? __lock_acquire+0x764/0x47c0
[  402.744536]  ? update_group_capacity+0xb60/0xb60
[  402.749355]  ? mark_held_locks+0x130/0x130
[  402.753568]  ? __lock_acquire+0x764/0x47c0
[  402.757777]  ? lock_repin_lock+0x5d0/0x5d0
[  402.762079]  ? __lock_acquire+0x764/0x47c0
[  402.766286]  ? hci_rx_work+0x231/0x8f0
[  402.770175]  ? lock_acquire+0x180/0x3a0
[  402.774124]  ? hci_rx_work+0x231/0x8f0
[  402.777995]  ? mark_held_locks+0x130/0x130
[  402.782206]  ? hci_rx_work+0x5a1/0x8f0
[  402.786154]  ? lock_downgrade+0x860/0x860
[  402.790549]  ? mark_held_locks+0xc7/0x130
[  402.794687]  ? kasan_check_write+0x14/0x20
[  402.798897]  ? __mutex_unlock_slowpath+0xe8/0x6a0
[  402.803712]  ? wait_for_completion_io+0x20/0x20
[  402.808358]  l2cap_recv_acldata+0x756/0x8a0
[  402.812827]  hci_rx_work+0x5d6/0x8f0
[  402.816538]  process_one_work+0x7b9/0x15a0
[  402.820924]  ? pwq_dec_nr_in_flight+0x2c0/0x2c0
[  402.825576]  ? lock_acquire+0x180/0x3a0
[  402.829525]  ? kasan_check_write+0x14/0x20
[  402.833832]  ? do_raw_spin_lock+0xd0/0x240
[  402.838130]  worker_thread+0x85/0xb60
[  402.842259]  ? __kthread_parkme+0x37/0x1c0
[  402.846491]  kthread+0x347/0x410
[  402.849862]  ? process_one_work+0x15a0/0x15a0
[  402.854337]  ? __kthread_cancel_work+0x170/0x170
[  402.859074]  ret_from_fork+0x24/0x30
[  402.862763] Modules linked in:
[  402.866376] ---[ end trace 717d6a22050f7290 ]---
[  402.871135] RIP: 0010:__list_del_entry_valid.cold.1+0x26/0x4a
[  402.877089] Code: f9 ff 0f 0b 4c 89 e2 48 89 de 48 c7 c7 60 a7 67 87 e8 ae 68 f9 ff 0f 0b 4c 89 ea 48 89 de 48 c7 c7 00 a7 67 87 e8 9a 68 f9 ff <0f> 0b 48 89 de 48 c7 c7 20 a8 67 87 e8 89 68 f9 ff 0f 0b 48 89 de
[  402.896479] RSP: 0018:ffff8881edf576f8 EFLAGS: 00010282
[  402.901910] RAX: 000000000000004e RBX: ffff8881d0e4ee48 RCX: 0000000000000000
[  402.909158] RDX: 0000000000000000 RSI: ffffffff8767a460 RDI: ffffffff8a19faa0
[  402.916423] RBP: ffff8881edf57710 R08: ffffed103ed05091 R09: ffffed103ed05090
[  402.923684] R10: ffffed103ed05090 R11: ffff8881f6828487 R12: dead000000000200
[  402.930930] R13: dead000000000100 R14: ffff8881d410a0c0 R15: ffff8881d410a140
[  402.938191] FS:  0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000
[  402.946496] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  402.952462] CR2: 00007fbaa97b71f8 CR3: 000000000846d001 CR4: 00000000001606f0
[  402.959890] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  402.967245] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  402.974515] Kernel panic - not syncing: Fatal exception
[  402.980880] Kernel Offset: disabled
[  402.984697] Rebooting in 86400 seconds..