Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts.
[   40.717126][ T6791] IPVS: ftp: loaded support on port[0] = 21
executing program
[   41.853593][ T6791] ==================================================================
[   41.861817][ T6791] BUG: KASAN: use-after-free in hci_chan_del+0x33/0x130
[   41.868866][ T6791] Read of size 8 at addr ffff888091c47c18 by task syz-executor802/6791
[   41.877072][ T6791] 
[   41.879379][ T6791] CPU: 0 PID: 6791 Comm: syz-executor802 Not tainted 5.8.0-rc7-syzkaller #0
[   41.888034][ T6791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.898088][ T6791] Call Trace:
[   41.901366][ T6791]  dump_stack+0x1f0/0x31e
[   41.905671][ T6791]  print_address_description+0x66/0x5a0
[   41.911255][ T6791]  ? printk+0x62/0x83
[   41.915275][ T6791]  ? vprintk_emit+0x339/0x3c0
[   41.919941][ T6791]  kasan_report+0x132/0x1d0
[   41.924432][ T6791]  ? hci_chan_del+0x33/0x130
[   41.928997][ T6791]  hci_chan_del+0x33/0x130
[   41.933388][ T6791]  l2cap_conn_del+0x4c2/0x650
[   41.938041][ T6791]  ? l2cap_connect_cfm+0x12b0/0x12b0
[   41.943294][ T6791]  hci_conn_hash_flush+0x127/0x200
[   41.948378][ T6791]  hci_dev_do_close+0xb7b/0x1040
[   41.953288][ T6791]  ? hci_unregister_dev+0x159/0x1590
[   41.958593][ T6791]  hci_unregister_dev+0x16d/0x1590
[   41.963678][ T6791]  ? vhci_open+0x290/0x290
[   41.968080][ T6791]  vhci_release+0x73/0xc0
[   41.972380][ T6791]  __fput+0x2f0/0x750
[   41.976336][ T6791]  task_work_run+0x137/0x1c0
[   41.980994][ T6791]  do_exit+0x601/0x1f80
[   41.985119][ T6791]  ? call_rcu+0x509/0x840
[   41.989423][ T6791]  do_group_exit+0x161/0x2d0
[   41.993988][ T6791]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   42.000034][ T6791]  __do_sys_exit_group+0x13/0x20
[   42.004939][ T6791]  __se_sys_exit_group+0x10/0x10
[   42.009847][ T6791]  __x64_sys_exit_group+0x37/0x40
[   42.014856][ T6791]  do_syscall_64+0x73/0xe0
[   42.019341][ T6791]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   42.025204][ T6791] RIP: 0033:0x445038
[   42.029076][ T6791] Code: Bad RIP value.
[   42.033111][ T6791] RSP: 002b:00007fff926a8a78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   42.041506][ T6791] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000445038
[   42.049449][ T6791] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   42.057390][ T6791] RBP: 00000000004cce10 R08: 00000000000000e7 R09: ffffffffffffffd0
[   42.065333][ T6791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   42.073291][ T6791] R13: 00000000006e0200 R14: 0000000000000000 R15: 0000000000000000
[   42.081240][ T6791] 
[   42.083538][ T6791] Allocated by task 6818:
[   42.087856][ T6791]  __kasan_kmalloc+0x103/0x140
[   42.092590][ T6791]  kmem_cache_alloc_trace+0x234/0x300
[   42.098038][ T6791]  hci_chan_create+0x9a/0x270
[   42.102697][ T6791]  l2cap_conn_add+0x66/0xb00
[   42.107273][ T6791]  l2cap_connect_cfm+0xdb/0x12b0
[   42.112179][ T6791]  le_conn_complete_evt+0x88d/0x1380
[   42.117433][ T6791]  hci_event_packet+0x784a/0x18260
[   42.122512][ T6791]  hci_rx_work+0x236/0x9c0
[   42.126898][ T6791]  process_one_work+0x789/0xfc0
[   42.131717][ T6791]  worker_thread+0xaa4/0x1460
[   42.136362][ T6791]  kthread+0x37e/0x3a0
[   42.140402][ T6791]  ret_from_fork+0x1f/0x30
[   42.144782][ T6791] 
[   42.147088][ T6791] Freed by task 6818:
[   42.151039][ T6791]  __kasan_slab_free+0x114/0x170
[   42.155941][ T6791]  kfree+0x10a/0x220
[   42.159805][ T6791]  hci_event_packet+0x304e/0x18260
[   42.164988][ T6791]  hci_rx_work+0x236/0x9c0
[   42.169390][ T6791]  process_one_work+0x789/0xfc0
[   42.174208][ T6791]  worker_thread+0xaa4/0x1460
[   42.178851][ T6791]  kthread+0x37e/0x3a0
[   42.182900][ T6791]  ret_from_fork+0x1f/0x30
[   42.187279][ T6791] 
[   42.189754][ T6791] The buggy address belongs to the object at ffff888091c47c00
[   42.189754][ T6791]  which belongs to the cache kmalloc-128 of size 128
[   42.203777][ T6791] The buggy address is located 24 bytes inside of
[   42.203777][ T6791]  128-byte region [ffff888091c47c00, ffff888091c47c80)
[   42.216928][ T6791] The buggy address belongs to the page:
[   42.222534][ T6791] page:ffffea00024711c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888091c47700
[   42.232921][ T6791] flags: 0xfffe0000000200(slab)
[   42.237756][ T6791] raw: 00fffe0000000200 ffffea00027c6a88 ffffea00024a2548 ffff8880aa400700
[   42.246310][ T6791] raw: ffff888091c47700 ffff888091c47000 0000000100000005 0000000000000000
[   42.255036][ T6791] page dumped because: kasan: bad access detected
[   42.261427][ T6791] 
[   42.263724][ T6791] Memory state around the buggy address:
[   42.269323][ T6791]  ffff888091c47b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   42.277352][ T6791]  ffff888091c47b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.285382][ T6791] >ffff888091c47c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   42.293410][ T6791]                             ^
[   42.298226][ T6791]  ffff888091c47c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.306314][ T6791]  ffff888091c47d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   42.314364][ T6791] ==================================================================
[   42.322606][ T6791] Disabling lock debugging due to kernel taint
[   42.355625][ T6791] Kernel panic - not syncing: panic_on_warn set ...
[   42.362228][ T6791] CPU: 0 PID: 6791 Comm: syz-executor802 Tainted: G    B             5.8.0-rc7-syzkaller #0
[   42.372253][ T6791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.382278][ T6791] Call Trace:
[   42.385555][ T6791]  dump_stack+0x1f0/0x31e
[   42.389855][ T6791]  panic+0x264/0x7a0
[   42.393978][ T6791]  ? trace_hardirqs_on+0x30/0x80
[   42.398886][ T6791]  kasan_report+0x1c9/0x1d0
[   42.403358][ T6791]  ? hci_chan_del+0x33/0x130
[   42.407914][ T6791]  hci_chan_del+0x33/0x130
[   42.412299][ T6791]  l2cap_conn_del+0x4c2/0x650
[   42.416952][ T6791]  ? l2cap_connect_cfm+0x12b0/0x12b0
[   42.422205][ T6791]  hci_conn_hash_flush+0x127/0x200
[   42.427285][ T6791]  hci_dev_do_close+0xb7b/0x1040
[   42.432193][ T6791]  ? hci_unregister_dev+0x159/0x1590
[   42.437463][ T6791]  hci_unregister_dev+0x16d/0x1590
[   42.442543][ T6791]  ? vhci_open+0x290/0x290
[   42.446924][ T6791]  vhci_release+0x73/0xc0
[   42.451270][ T6791]  __fput+0x2f0/0x750
[   42.455227][ T6791]  task_work_run+0x137/0x1c0
[   42.459785][ T6791]  do_exit+0x601/0x1f80
[   42.463925][ T6791]  ? call_rcu+0x509/0x840
[   42.468222][ T6791]  do_group_exit+0x161/0x2d0
[   42.472875][ T6791]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   42.478919][ T6791]  __do_sys_exit_group+0x13/0x20
[   42.483824][ T6791]  __se_sys_exit_group+0x10/0x10
[   42.488742][ T6791]  __x64_sys_exit_group+0x37/0x40
[   42.493746][ T6791]  do_syscall_64+0x73/0xe0
[   42.498133][ T6791]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   42.503992][ T6791] RIP: 0033:0x445038
[   42.507874][ T6791] Code: Bad RIP value.
[   42.511907][ T6791] RSP: 002b:00007fff926a8a78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   42.520282][ T6791] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000445038
[   42.528223][ T6791] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   42.536163][ T6791] RBP: 00000000004cce10 R08: 00000000000000e7 R09: ffffffffffffffd0
[   42.544124][ T6791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   42.552064][ T6791] R13: 00000000006e0200 R14: 0000000000000000 R15: 0000000000000000
[   42.561348][ T6791] Kernel Offset: disabled
[   42.565668][ T6791] Rebooting in 86400 seconds..