Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts.
syzkaller login: [   40.961903][ T6815] IPVS: ftp: loaded support on port[0] = 21
executing program
[   42.091514][ T6815] ==================================================================
[   42.099706][ T6815] BUG: KASAN: use-after-free in hci_chan_del+0x33/0x130
[   42.106634][ T6815] Read of size 8 at addr ffff8880a7b83218 by task syz-executor901/6815
[   42.114854][ T6815] 
[   42.117178][ T6815] CPU: 1 PID: 6815 Comm: syz-executor901 Not tainted 5.8.0-syzkaller #0
[   42.125489][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.135514][ T6815] Call Trace:
[   42.138776][ T6815]  dump_stack+0x1f0/0x31e
[   42.143077][ T6815]  print_address_description+0x66/0x5a0
[   42.148591][ T6815]  ? vprintk_emit+0x342/0x3c0
[   42.153236][ T6815]  ? printk+0x62/0x83
[   42.157187][ T6815]  ? vprintk_emit+0x339/0x3c0
[   42.161836][ T6815]  kasan_report+0x132/0x1d0
[   42.166317][ T6815]  ? hci_chan_del+0x33/0x130
[   42.170878][ T6815]  hci_chan_del+0x33/0x130
[   42.175264][ T6815]  l2cap_conn_del+0x4c2/0x650
[   42.179914][ T6815]  ? l2cap_connect_cfm+0x12b0/0x12b0
[   42.185252][ T6815]  hci_conn_hash_flush+0x127/0x200
[   42.190334][ T6815]  hci_dev_do_close+0xb7b/0x1040
[   42.195246][ T6815]  hci_unregister_dev+0x185/0x1590
[   42.200329][ T6815]  ? vhci_open+0x290/0x290
[   42.204719][ T6815]  vhci_release+0x73/0xc0
[   42.209020][ T6815]  __fput+0x2f0/0x750
[   42.212975][ T6815]  task_work_run+0x137/0x1c0
[   42.217574][ T6815]  do_exit+0x5f3/0x1f20
[   42.221705][ T6815]  do_group_exit+0x161/0x2d0
[   42.226262][ T6815]  ? syscall_enter_from_user_mode+0x24/0x190
[   42.232211][ T6815]  __do_sys_exit_group+0x13/0x20
[   42.237117][ T6815]  __se_sys_exit_group+0x10/0x10
[   42.242024][ T6815]  __x64_sys_exit_group+0x37/0x40
[   42.247135][ T6815]  do_syscall_64+0x31/0x70
[   42.251523][ T6815]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   42.257392][ T6815] RIP: 0033:0x445028
[   42.261253][ T6815] Code: Bad RIP value.
[   42.265289][ T6815] RSP: 002b:00007fff7752e7e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   42.273665][ T6815] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000445028
[   42.281606][ T6815] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   42.289547][ T6815] RBP: 00000000004cce10 R08: 00000000000000e7 R09: ffffffffffffffd0
[   42.297619][ T6815] R10: 00007f9b532be9d0 R11: 0000000000000246 R12: 0000000000000001
[   42.305559][ T6815] R13: 00000000006e0200 R14: 000000000248f850 R15: 0000000000000001
[   42.313506][ T6815] 
[   42.315817][ T6815] Allocated by task 6840:
[   42.320115][ T6815]  __kasan_kmalloc+0x103/0x140
[   42.324847][ T6815]  kmem_cache_alloc_trace+0x234/0x300
[   42.330211][ T6815]  hci_chan_create+0x9a/0x270
[   42.334858][ T6815]  l2cap_conn_add+0x66/0xb00
[   42.339414][ T6815]  l2cap_connect_cfm+0xdb/0x12b0
[   42.344315][ T6815]  le_conn_complete_evt+0x88d/0x1380
[   42.349567][ T6815]  hci_event_packet+0x16e3/0x17e10
[   42.354643][ T6815]  hci_rx_work+0x246/0xa20
[   42.359026][ T6815]  process_one_work+0x789/0xfc0
[   42.363843][ T6815]  worker_thread+0xaa4/0x1460
[   42.368497][ T6815]  kthread+0x37e/0x3a0
[   42.372554][ T6815]  ret_from_fork+0x1f/0x30
[   42.376950][ T6815] 
[   42.379266][ T6815] Freed by task 6840:
[   42.383248][ T6815]  __kasan_slab_free+0x114/0x170
[   42.388174][ T6815]  kfree+0x10a/0x220
[   42.392038][ T6815]  hci_event_packet+0x2018/0x17e10
[   42.397157][ T6815]  hci_rx_work+0x246/0xa20
[   42.401543][ T6815]  process_one_work+0x789/0xfc0
[   42.406357][ T6815]  worker_thread+0xaa4/0x1460
[   42.411000][ T6815]  kthread+0x37e/0x3a0
[   42.415039][ T6815]  ret_from_fork+0x1f/0x30
[   42.419418][ T6815] 
[   42.421717][ T6815] The buggy address belongs to the object at ffff8880a7b83200
[   42.421717][ T6815]  which belongs to the cache kmalloc-128 of size 128
[   42.435737][ T6815] The buggy address is located 24 bytes inside of
[   42.435737][ T6815]  128-byte region [ffff8880a7b83200, ffff8880a7b83280)
[   42.448885][ T6815] The buggy address belongs to the page:
[   42.454488][ T6815] page:ffffea00029ee0c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a7b83b00
[   42.464859][ T6815] flags: 0xfffe0000000200(slab)
[   42.469687][ T6815] raw: 00fffe0000000200 ffffea00028bdcc8 ffffea000285be88 ffff8880aa400700
[   42.478239][ T6815] raw: ffff8880a7b83b00 ffff8880a7b83000 0000000100000003 0000000000000000
[   42.486784][ T6815] page dumped because: kasan: bad access detected
[   42.493160][ T6815] 
[   42.495453][ T6815] Memory state around the buggy address:
[   42.501052][ T6815]  ffff8880a7b83100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   42.509080][ T6815]  ffff8880a7b83180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.517106][ T6815] >ffff8880a7b83200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   42.525130][ T6815]                             ^
[   42.529948][ T6815]  ffff8880a7b83280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.537976][ T6815]  ffff8880a7b83300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   42.546002][ T6815] ==================================================================
[   42.554027][ T6815] Disabling lock debugging due to kernel taint
[   42.560745][ T6815] Kernel panic - not syncing: panic_on_warn set ...
[   42.567331][ T6815] CPU: 1 PID: 6815 Comm: syz-executor901 Tainted: G    B             5.8.0-syzkaller #0
[   42.577024][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.587065][ T6815] Call Trace:
[   42.590343][ T6815]  dump_stack+0x1f0/0x31e
[   42.594662][ T6815]  panic+0x264/0x7a0
[   42.598538][ T6815]  ? trace_hardirqs_on+0x30/0x80
[   42.603442][ T6815]  kasan_report+0x1c9/0x1d0
[   42.607911][ T6815]  ? hci_chan_del+0x33/0x130
[   42.612466][ T6815]  hci_chan_del+0x33/0x130
[   42.616847][ T6815]  l2cap_conn_del+0x4c2/0x650
[   42.621490][ T6815]  ? l2cap_connect_cfm+0x12b0/0x12b0
[   42.626737][ T6815]  hci_conn_hash_flush+0x127/0x200
[   42.631815][ T6815]  hci_dev_do_close+0xb7b/0x1040
[   42.636717][ T6815]  hci_unregister_dev+0x185/0x1590
[   42.641795][ T6815]  ? vhci_open+0x290/0x290
[   42.646174][ T6815]  vhci_release+0x73/0xc0
[   42.650469][ T6815]  __fput+0x2f0/0x750
[   42.654417][ T6815]  task_work_run+0x137/0x1c0
[   42.658973][ T6815]  do_exit+0x5f3/0x1f20
[   42.663097][ T6815]  do_group_exit+0x161/0x2d0
[   42.667655][ T6815]  ? syscall_enter_from_user_mode+0x24/0x190
[   42.673599][ T6815]  __do_sys_exit_group+0x13/0x20
[   42.678501][ T6815]  __se_sys_exit_group+0x10/0x10
[   42.683402][ T6815]  __x64_sys_exit_group+0x37/0x40
[   42.688393][ T6815]  do_syscall_64+0x31/0x70
[   42.692776][ T6815]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   42.698632][ T6815] RIP: 0033:0x445028
[   42.702489][ T6815] Code: Bad RIP value.
[   42.706529][ T6815] RSP: 002b:00007fff7752e7e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   42.714913][ T6815] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000445028
[   42.722851][ T6815] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   42.730787][ T6815] RBP: 00000000004cce10 R08: 00000000000000e7 R09: ffffffffffffffd0
[   42.738725][ T6815] R10: 00007f9b532be9d0 R11: 0000000000000246 R12: 0000000000000001
[   42.746676][ T6815] R13: 00000000006e0200 R14: 000000000248f850 R15: 0000000000000001
[   42.755789][ T6815] Kernel Offset: disabled
[   42.760097][ T6815] Rebooting in 86400 seconds..