Warning: Permanently added '10.128.0.213' (ECDSA) to the list of known hosts. syzkaller login: [ 51.004106][ T7040] IPVS: ftp: loaded support on port[0] = 21 [ 51.004850][ T7043] IPVS: ftp: loaded support on port[0] = 21 [ 51.015412][ T7042] IPVS: ftp: loaded support on port[0] = 21 [ 51.023854][ T7038] IPVS: ftp: loaded support on port[0] = 21 [ 51.023871][ T7041] IPVS: ftp: loaded support on port[0] = 21 [ 51.034549][ T7039] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 51.344825][ T12] ================================================================== [ 51.353150][ T12] BUG: KASAN: use-after-free in l2cap_chan_close+0x46/0xae0 [ 51.360432][ T12] Read of size 8 at addr ffff888091653000 by task kworker/0:1/12 [ 51.368139][ T12] [ 51.370466][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.7.0-rc5-syzkaller #0 [ 51.378625][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.388689][ T12] Workqueue: events do_enable_set executing program [ 51.393715][ T12] Call Trace: [ 51.397000][ T12] dump_stack+0x1e9/0x30e [ 51.401357][ T12] print_address_description+0x74/0x5c0 [ 51.406909][ T12] ? printk+0x62/0x83 [ 51.410899][ T12] ? vprintk_emit+0x339/0x3c0 [ 51.415579][ T12] __kasan_report+0x103/0x1a0 [ 51.420257][ T12] ? l2cap_chan_close+0x46/0xae0 [ 51.425174][ T12] ? l2cap_chan_close+0x46/0xae0 [ 51.430088][ T12] kasan_report+0x4d/0x80 [ 51.434426][ T12] ? lock_acquire+0x169/0x480 [ 51.439082][ T12] ? l2cap_chan_close+0x46/0xae0 [ 51.444000][ T12] ? do_enable_set+0x62e/0x8d0 [ 51.448746][ T12] ? rcu_read_lock_sched_held+0x106/0x170 [ 51.454445][ T12] ? process_one_work+0x76e/0xfd0 [ 51.459457][ T12] ? worker_thread+0xa7f/0x1450 [ 51.464313][ T12] ? kthread+0x353/0x380 [ 51.468531][ T12] ? rcu_lock_release+0x20/0x20 [ 51.473359][ T12] ? kthread_blkcg+0xd0/0xd0 [ 51.477928][ T12] ? ret_from_fork+0x24/0x30 [ 51.482519][ T12] [ 51.484824][ T12] Allocated by task 4078: [ 51.489131][ T12] __kasan_kmalloc+0x114/0x160 [ 51.493973][ T12] kmem_cache_alloc_trace+0x234/0x300 [ 51.499323][ T12] l2cap_chan_create+0x4c/0x320 [ 51.504152][ T12] do_enable_set+0x673/0x8d0 [ 51.508720][ T12] process_one_work+0x76e/0xfd0 [ 51.513542][ T12] worker_thread+0xa7f/0x1450 [ 51.518293][ T12] kthread+0x353/0x380 [ 51.522445][ T12] ret_from_fork+0x24/0x30 [ 51.526858][ T12] [ 51.529169][ T12] Freed by task 4078: [ 51.533132][ T12] __kasan_slab_free+0x125/0x190 [ 51.538044][ T12] kfree+0x10a/0x220 [ 51.541912][ T12] do_enable_set+0x63a/0x8d0 [ 51.546477][ T12] process_one_work+0x76e/0xfd0 [ 51.551302][ T12] worker_thread+0xa7f/0x1450 [ 51.555954][ T12] kthread+0x353/0x380 [ 51.560016][ T12] ret_from_fork+0x24/0x30 [ 51.564402][ T12] [ 51.566712][ T12] The buggy address belongs to the object at ffff888091653000 [ 51.566712][ T12] which belongs to the cache kmalloc-2k of size 2048 [ 51.580741][ T12] The buggy address is located 0 bytes inside of [ 51.580741][ T12] 2048-byte region [ffff888091653000, ffff888091653800) [ 51.593899][ T12] The buggy address belongs to the page: [ 51.599510][ T12] page:ffffea00024594c0 refcount:1 mapcount:0 mapping:000000001782b071 index:0x0 [ 51.608606][ T12] flags: 0xfffe0000000200(slab) [ 51.613459][ T12] raw: 00fffe0000000200 ffffea00022688c8 ffffea000245adc8 ffff8880aa400e00 [ 51.622030][ T12] raw: 0000000000000000 ffff888091653000 0000000100000001 0000000000000000 [ 51.630588][ T12] page dumped because: kasan: bad access detected [ 51.636971][ T12] [ 51.639277][ T12] Memory state around the buggy address: [ 51.644881][ T12] ffff888091652f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.652920][ T12] ffff888091652f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.660977][ T12] >ffff888091653000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.669027][ T12] ^ [ 51.673073][ T12] ffff888091653080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.681131][ T12] ffff888091653100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb executing program executing program executing program executing program executing program executing program executing program [ 51.689178][ T12] ================================================================== [ 51.697213][ T12] Disabling lock debugging due to kernel taint executing program executing program executing program executing program [ 51.790691][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 51.797308][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.7.0-rc5-syzkaller #0 [ 51.806927][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.817009][ T12] Workqueue: events do_enable_set [ 51.822022][ T12] Call Trace: [ 51.825311][ T12] dump_stack+0x1e9/0x30e [ 51.829640][ T12] panic+0x264/0x7a0 [ 51.833531][ T12] ? trace_hardirqs_on+0x30/0x70 executing program executing program executing program executing program [ 51.838464][ T12] __kasan_report+0x191/0x1a0 [ 51.843140][ T12] ? l2cap_chan_close+0x46/0xae0 [ 51.848072][ T12] ? l2cap_chan_close+0x46/0xae0 [ 51.853002][ T12] kasan_report+0x4d/0x80 [ 51.857328][ T12] ? lock_acquire+0x169/0x480 [ 51.861998][ T12] ? l2cap_chan_close+0x46/0xae0 [ 51.866934][ T12] ? do_enable_set+0x62e/0x8d0 [ 51.871697][ T12] ? rcu_read_lock_sched_held+0x106/0x170 [ 51.877412][ T12] ? process_one_work+0x76e/0xfd0 [ 51.882439][ T12] ? worker_thread+0xa7f/0x1450 [ 51.887285][ T12] ? kthread+0x353/0x380 [ 51.891527][ T12] ? rcu_lock_release+0x20/0x20 [ 51.896374][ T12] ? kthread_blkcg+0xd0/0xd0 [ 51.900971][ T12] ? ret_from_fork+0x24/0x30 [ 51.906775][ T12] Kernel Offset: disabled [ 51.911090][ T12] Rebooting in 86400 seconds..