Ping.
Just got another one on 4.5-rc6
==================================================================
BUG: KASAN: use-after-free in __lock_acquire+0x4864/0x49c0 at addr
ffff8800353b8c08
Read of size 8 by task kworker/u12:2/1443
=============================================================================
BUG kmalloc-512 (Not tainted): kasan: bad access detected
-----------------------------------------------------------------------------
INFO: Allocated in vhci_open+0x50/0x350 age=1048 cpu=0 pid=1394
[< none >] ___slab_alloc+0x574/0x5c0 mm/slub.c:2464
[< none >] __slab_alloc+0x66/0xc0 mm/slub.c:2493
[< inline >] slab_alloc_node mm/slub.c:2556
[< inline >] slab_alloc mm/slub.c:2598
[< none >] kmem_cache_alloc_trace+0x27c/0x350 mm/slub.c:2615
[< inline >] kmalloc include/linux/slab.h:463
[< inline >] kzalloc include/linux/slab.h:607
[< none >] vhci_open+0x50/0x350 drivers/bluetooth/hci_vhci.c:316
[< none >] misc_open+0x388/0x520 drivers/char/misc.c:153
[< none >] chrdev_open+0x22a/0x4c0 fs/char_dev.c:388
[< none >] do_dentry_open+0x6a2/0xcb0 fs/open.c:736
[< none >] vfs_open+0x17b/0x1f0 fs/open.c:853
[< inline >] do_last fs/namei.c:3258
[< none >] path_openat+0x4849/0x5840 fs/namei.c:3394
[< none >] do_filp_open+0x18e/0x250 fs/namei.c:3429
[< none >] do_sys_open+0x1fc/0x420 fs/open.c:1022
[< inline >] SYSC_open fs/open.c:1040
[< none >] SyS_open+0x2d/0x40 fs/open.c:1035
[< none >] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
INFO: Freed in vhci_release+0xae/0xe0 age=23 cpu=2 pid=1394
[< none >] __slab_free+0x1fc/0x320 mm/slub.c:2674
[< inline >] slab_free mm/slub.c:2829
[< none >] kfree+0x303/0x320 mm/slub.c:3660
[< none >] vhci_release+0xae/0xe0 drivers/bluetooth/hci_vhci.c:346
[< none >] __fput+0x236/0x780 fs/file_table.c:208
[< none >] ____fput+0x15/0x20 fs/file_table.c:244
[< none >] task_work_run+0x170/0x210 kernel/task_work.c:115
[< inline >] exit_task_work include/linux/task_work.h:21
[< none >] do_exit+0xaf0/0x2d20 kernel/exit.c:748
[< none >] do_group_exit+0x108/0x330 kernel/exit.c:878
[< none >] get_signal+0x628/0x1560 kernel/signal.c:2307
[< none >] do_signal+0x83/0x1c90 arch/x86/kernel/signal.c:712
[< none >] exit_to_usermode_loop+0x1a5/0x210
arch/x86/entry/common.c:247
[< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:282
[< none >] syscall_return_slowpath+0x2ba/0x340
arch/x86/entry/common.c:344
[< none >] int_ret_from_sys_call+0x25/0x9f
arch/x86/entry/entry_64.S:281
INFO: Slab 0xffffea0000d4ee00 objects=16 used=15 fp=0xffff8800353b8b88
flags=0x1fffc0000004080
INFO: Object 0xffff8800353b8b88 @offset=2952 fp=0x (null)
CPU: 0 PID: 1443 Comm: kworker/u12:2 Tainted: G B 4.5.0-rc6+ #335
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: hci0 hci_cmd_work
ffffffff87b4d480 ffff880031427800 ffffffff82c0664f ffffffff00d4ee00
fffffbfff0f69a90 ffff88003e804f00 ffff8800353b8b88 ffff8800353b8000
ffffea0000d4ee00 0000000000000000 ffff880031427830 ffffffff81767194
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[<ffffffff82c0664f>] dump_stack+0x12e/0x18f lib/dump_stack.c:51
[<ffffffff81767194>] print_trailer+0xf4/0x150 mm/slub.c:661
[<ffffffff8176e46f>] object_err+0x2f/0x40 mm/slub.c:691
[< inline >] print_address_description mm/kasan/report.c:138
[<ffffffff81770d96>] kasan_report_error+0x256/0x550 mm/kasan/report.c:251
[< inline >] kasan_report mm/kasan/report.c:274
[<ffffffff8177118e>] __asan_report_load8_noabort+0x3e/0x40
mm/kasan/report.c:295
[<ffffffff81460c04>] __lock_acquire+0x4864/0x49c0 kernel/locking/lockdep.c:3096
[<ffffffff81463269>] lock_acquire+0x1f9/0x460 kernel/locking/lockdep.c:3589
[< inline >] __raw_spin_lock_irqsave
include/linux/spinlock_api_smp.h:112
[<ffffffff866a1eaf>] _raw_spin_lock_irqsave+0x9f/0xd0
kernel/locking/spinlock.c:159
[<ffffffff85516c76>] skb_queue_tail+0x26/0x150 net/core/skbuff.c:2414
[<ffffffff84881fee>] vhci_send_frame+0xae/0x100 drivers/bluetooth/hci_vhci.c:84
[<ffffffff85d769b5>] hci_send_frame+0x1f5/0x310 net/bluetooth/hci_core.c:3316
[<ffffffff85d76c5f>] hci_cmd_work+0x18f/0x2e0 net/bluetooth/hci_core.c:4198
[<ffffffff813abf3b>] process_one_work+0x79b/0x1510 kernel/workqueue.c:2096
[<ffffffff813acd8b>] worker_thread+0xdb/0xfc0 kernel/workqueue.c:2230
[<ffffffff813bdd3f>] kthread+0x23f/0x2d0 drivers/block/aoe/aoecmd.c:1303
[<ffffffff866a28af>] ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468
==================================================================