Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts.
syzkaller login: [   51.028447][ T6827] IPVS: ftp: loaded support on port[0] = 21
executing program
[   52.203534][ T6827] ==================================================================
[   52.211816][ T6827] BUG: KASAN: use-after-free in hci_chan_del+0x33/0x130
[   52.218747][ T6827] Read of size 8 at addr ffff888096852418 by task syz-executor833/6827
[   52.226971][ T6827] 
[   52.229299][ T6827] CPU: 0 PID: 6827 Comm: syz-executor833 Not tainted 5.8.0-syzkaller #0
[   52.237604][ T6827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.247718][ T6827] Call Trace:
[   52.250980][ T6827]  dump_stack+0x1f0/0x31e
[   52.255282][ T6827]  print_address_description+0x66/0x5a0
[   52.260798][ T6827]  ? vprintk_emit+0x342/0x3c0
[   52.265445][ T6827]  ? printk+0x62/0x83
[   52.269399][ T6827]  ? vprintk_emit+0x339/0x3c0
[   52.274047][ T6827]  kasan_report+0x132/0x1d0
[   52.278527][ T6827]  ? hci_chan_del+0x33/0x130
[   52.283091][ T6827]  hci_chan_del+0x33/0x130
[   52.287494][ T6827]  l2cap_conn_del+0x4c2/0x650
[   52.292152][ T6827]  ? l2cap_connect_cfm+0x12b0/0x12b0
[   52.297406][ T6827]  hci_conn_hash_flush+0x127/0x200
[   52.302595][ T6827]  hci_dev_do_close+0xb7b/0x1040
[   52.307506][ T6827]  hci_unregister_dev+0x185/0x1590
[   52.312592][ T6827]  ? vhci_open+0x290/0x290
[   52.316978][ T6827]  vhci_release+0x73/0xc0
[   52.321281][ T6827]  __fput+0x2f0/0x750
[   52.325242][ T6827]  task_work_run+0x137/0x1c0
[   52.329829][ T6827]  do_exit+0x5f3/0x1f20
[   52.333998][ T6827]  ? __schedule+0x981/0xce0
[   52.338476][ T6827]  do_group_exit+0x161/0x2d0
[   52.343033][ T6827]  ? syscall_enter_from_user_mode+0x24/0x190
[   52.348998][ T6827]  __do_sys_exit_group+0x13/0x20
[   52.353910][ T6827]  __se_sys_exit_group+0x10/0x10
[   52.358839][ T6827]  __x64_sys_exit_group+0x37/0x40
[   52.363934][ T6827]  do_syscall_64+0x31/0x70
[   52.368322][ T6827]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   52.374203][ T6827] RIP: 0033:0x445398
[   52.378065][ T6827] Code: Bad RIP value.
[   52.382332][ T6827] RSP: 002b:00007ffc3affc428 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   52.390711][ T6827] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000445398
[   52.398662][ T6827] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   52.407067][ T6827] RBP: 00000000004cd170 R08: 00000000000000e7 R09: ffffffffffffffd0
[   52.415017][ T6827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   52.422968][ T6827] R13: 00000000006e0260 R14: 0000000000000000 R15: 0000000000000000
[   52.430919][ T6827] 
[   52.433253][ T6827] Allocated by task 6854:
[   52.437555][ T6827]  __kasan_kmalloc+0x103/0x140
[   52.442289][ T6827]  kmem_cache_alloc_trace+0x234/0x300
[   52.447631][ T6827]  hci_chan_create+0x9a/0x270
[   52.452278][ T6827]  l2cap_conn_add+0x66/0xb00
[   52.456839][ T6827]  l2cap_connect_cfm+0xdb/0x12b0
[   52.461747][ T6827]  le_conn_complete_evt+0x88d/0x1380
[   52.467004][ T6827]  hci_event_packet+0x16e3/0x17e10
[   52.472086][ T6827]  hci_rx_work+0x246/0xa20
[   52.476475][ T6827]  process_one_work+0x789/0xfc0
[   52.481393][ T6827]  worker_thread+0xaa4/0x1460
[   52.486039][ T6827]  kthread+0x37e/0x3a0
[   52.490082][ T6827]  ret_from_fork+0x1f/0x30
[   52.494473][ T6827] 
[   52.496773][ T6827] Freed by task 6854:
[   52.500725][ T6827]  __kasan_slab_free+0x114/0x170
[   52.505632][ T6827]  kfree+0x10a/0x220
[   52.509495][ T6827]  hci_event_packet+0x2018/0x17e10
[   52.514601][ T6827]  hci_rx_work+0x246/0xa20
[   52.518987][ T6827]  process_one_work+0x789/0xfc0
[   52.523804][ T6827]  worker_thread+0xaa4/0x1460
[   52.528450][ T6827]  kthread+0x37e/0x3a0
[   52.532488][ T6827]  ret_from_fork+0x1f/0x30
[   52.536868][ T6827] 
[   52.539169][ T6827] The buggy address belongs to the object at ffff888096852400
[   52.539169][ T6827]  which belongs to the cache kmalloc-128 of size 128
[   52.553188][ T6827] The buggy address is located 24 bytes inside of
[   52.553188][ T6827]  128-byte region [ffff888096852400, ffff888096852480)
[   52.566425][ T6827] The buggy address belongs to the page:
[   52.572028][ T6827] page:ffffea00025a1480 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888096852b00
[   52.582404][ T6827] flags: 0xfffe0000000200(slab)
[   52.587228][ T6827] raw: 00fffe0000000200 ffffea0002a4ba48 ffffea00027735c8 ffff8880aa400700
[   52.595781][ T6827] raw: ffff888096852b00 ffff888096852000 0000000100000008 0000000000000000
[   52.604330][ T6827] page dumped because: kasan: bad access detected
[   52.610707][ T6827] 
[   52.613004][ T6827] Memory state around the buggy address:
[   52.618603][ T6827]  ffff888096852300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.626634][ T6827]  ffff888096852380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.634680][ T6827] >ffff888096852400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.642795][ T6827]                             ^
[   52.647699][ T6827]  ffff888096852480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.655739][ T6827]  ffff888096852500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.663767][ T6827] ==================================================================
[   52.671796][ T6827] Disabling lock debugging due to kernel taint
[   52.679134][   T57] tipc: TX() has been purged, node left!
[   52.698336][ T6827] Kernel panic - not syncing: panic_on_warn set ...
[   52.704937][ T6827] CPU: 0 PID: 6827 Comm: syz-executor833 Tainted: G    B             5.8.0-syzkaller #0
[   52.714729][ T6827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.724773][ T6827] Call Trace:
[   52.728038][ T6827]  dump_stack+0x1f0/0x31e
[   52.732533][ T6827]  panic+0x264/0x7a0
[   52.736398][ T6827]  ? trace_hardirqs_on+0x30/0x80
[   52.741424][ T6827]  kasan_report+0x1c9/0x1d0
[   52.745894][ T6827]  ? hci_chan_del+0x33/0x130
[   52.750450][ T6827]  hci_chan_del+0x33/0x130
[   52.754921][ T6827]  l2cap_conn_del+0x4c2/0x650
[   52.759567][ T6827]  ? l2cap_connect_cfm+0x12b0/0x12b0
[   52.764905][ T6827]  hci_conn_hash_flush+0x127/0x200
[   52.769984][ T6827]  hci_dev_do_close+0xb7b/0x1040
[   52.774887][ T6827]  hci_unregister_dev+0x185/0x1590
[   52.779984][ T6827]  ? vhci_open+0x290/0x290
[   52.784370][ T6827]  vhci_release+0x73/0xc0
[   52.788668][ T6827]  __fput+0x2f0/0x750
[   52.792619][ T6827]  task_work_run+0x137/0x1c0
[   52.797270][ T6827]  do_exit+0x5f3/0x1f20
[   52.801395][ T6827]  ? __schedule+0x981/0xce0
[   52.805867][ T6827]  do_group_exit+0x161/0x2d0
[   52.810421][ T6827]  ? syscall_enter_from_user_mode+0x24/0x190
[   52.816374][ T6827]  __do_sys_exit_group+0x13/0x20
[   52.821277][ T6827]  __se_sys_exit_group+0x10/0x10
[   52.826182][ T6827]  __x64_sys_exit_group+0x37/0x40
[   52.831172][ T6827]  do_syscall_64+0x31/0x70
[   52.835573][ T6827]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   52.841431][ T6827] RIP: 0033:0x445398
[   52.845290][ T6827] Code: Bad RIP value.
[   52.849340][ T6827] RSP: 002b:00007ffc3affc428 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   52.857717][ T6827] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000445398
[   52.865655][ T6827] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   52.873594][ T6827] RBP: 00000000004cd170 R08: 00000000000000e7 R09: ffffffffffffffd0
[   52.881560][ T6827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   52.889500][ T6827] R13: 00000000006e0260 R14: 0000000000000000 R15: 0000000000000000
[   52.898793][ T6827] Kernel Offset: disabled
[   52.903103][ T6827] Rebooting in 86400 seconds..