[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts.
syzkaller login: [   60.326982][ T6849] IPVS: ftp: loaded support on port[0] = 21
executing program
[   61.408832][ T6875] Bluetooth: hci0: Unknown advertising packet type: 0xffff
[   61.408972][ T6875] ==================================================================
[   61.424894][ T6875] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x39eb/0x3fd0
[   61.432720][ T6875] Read of size 1 at addr ffff8880996ef609 by task kworker/u5:2/6875
[   61.440704][ T6875] 
[   61.443046][ T6875] CPU: 0 PID: 6875 Comm: kworker/u5:2 Not tainted 5.8.0-rc7-next-20200731-syzkaller #0
[   61.452687][ T6875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   61.462777][ T6875] Workqueue: hci0 hci_rx_work
[   61.467481][ T6875] Call Trace:
[   61.470798][ T6875]  dump_stack+0x18f/0x20d
[   61.475146][ T6875]  ? hci_le_meta_evt+0x39eb/0x3fd0
[   61.480885][ T6875]  ? hci_le_meta_evt+0x39eb/0x3fd0
[   61.486022][ T6875]  print_address_description.constprop.0.cold+0xae/0x497
[   61.493098][ T6875]  ? lockdep_hardirqs_off+0x7e/0xb0
[   61.498320][ T6875]  ? vprintk_func+0x97/0x1a6
[   61.502936][ T6875]  ? hci_le_meta_evt+0x39eb/0x3fd0
[   61.508068][ T6875]  ? hci_le_meta_evt+0x39eb/0x3fd0
[   61.513194][ T6875]  kasan_report.cold+0x1f/0x37
[   61.517971][ T6875]  ? hci_le_meta_evt+0x39eb/0x3fd0
[   61.523072][ T6875]  hci_le_meta_evt+0x39eb/0x3fd0
[   61.529073][ T6875]  ? mark_lock+0xbc/0x1710
[   61.533564][ T6875]  ? mark_lock+0xbc/0x1710
[   61.537970][ T6875]  ? hci_key_refresh_complete_evt.isra.0+0x10b0/0x10b0
[   61.544819][ T6875]  ? mark_lock+0xbc/0x1710
[   61.549412][ T6875]  ? __lock_acquire+0x16cb/0x5640
[   61.554427][ T6875]  ? __lock_acquire+0x16cb/0x5640
[   61.559456][ T6875]  hci_event_packet+0x2e25/0x87a8
[   61.564477][ T6875]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[   61.570443][ T6875]  ? __lock_acquire+0x16cb/0x5640
[   61.575807][ T6875]  ? hci_cmd_complete_evt+0xc6d0/0xc6d0
[   61.581349][ T6875]  ? lock_acquire+0x1f1/0xad0
[   61.586098][ T6875]  ? skb_dequeue+0x1c/0x180
[   61.590605][ T6875]  ? find_held_lock+0x2d/0x110
[   61.595357][ T6875]  ? mark_lock+0xbc/0x1710
[   61.599791][ T6875]  ? mark_held_locks+0x9f/0xe0
[   61.604631][ T6875]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   61.610422][ T6875]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[   61.616386][ T6875]  ? trace_hardirqs_on+0x5f/0x220
[   61.621396][ T6875]  ? lockdep_hardirqs_on+0x76/0xf0
[   61.626515][ T6875]  hci_rx_work+0x22e/0xb50
[   61.630944][ T6875]  process_one_work+0x94c/0x1670
[   61.635879][ T6875]  ? lock_release+0x8e0/0x8e0
[   61.640630][ T6875]  ? pwq_dec_nr_in_flight+0x2d0/0x2d0
[   61.646016][ T6875]  ? rwlock_bug.part.0+0x90/0x90
[   61.651051][ T6875]  ? lockdep_hardirqs_off+0x7e/0xb0
[   61.656461][ T6875]  worker_thread+0x64c/0x1120
[   61.661405][ T6875]  ? __kthread_parkme+0x13f/0x1e0
[   61.666503][ T6875]  ? process_one_work+0x1670/0x1670
[   61.671772][ T6875]  kthread+0x3b5/0x4a0
[   61.675831][ T6875]  ? __kthread_bind_mask+0xc0/0xc0
[   61.680926][ T6875]  ? __kthread_bind_mask+0xc0/0xc0
[   61.686028][ T6875]  ret_from_fork+0x1f/0x30
[   61.690440][ T6875] 
[   61.692757][ T6875] Allocated by task 6849:
[   61.697072][ T6875]  kasan_save_stack+0x1b/0x40
[   61.701737][ T6875]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   61.707353][ T6875]  __alloc_skb+0xae/0x550
[   61.711667][ T6875]  vhci_write+0xbd/0x450
[   61.715908][ T6875]  new_sync_write+0x422/0x650
[   61.720581][ T6875]  vfs_write+0x5ad/0x730
[   61.724806][ T6875]  ksys_write+0x12d/0x250
[   61.729123][ T6875]  do_syscall_64+0x2d/0x70
[   61.733705][ T6875]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   61.739572][ T6875] 
[   61.741890][ T6875] The buggy address belongs to the object at ffff8880996ef400
[   61.741890][ T6875]  which belongs to the cache kmalloc-512 of size 512
[   61.756122][ T6875] The buggy address is located 9 bytes to the right of
[   61.756122][ T6875]  512-byte region [ffff8880996ef400, ffff8880996ef600)
[   61.771137][ T6875] The buggy address belongs to the page:
[   61.777063][ T6875] page:000000007f37015a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x996ef
[   61.787215][ T6875] flags: 0xfffe0000000200(slab)
[   61.792077][ T6875] raw: 00fffe0000000200 ffffea00029b3088 ffffea0002a19388 ffff8880aa000600
[   61.800645][ T6875] raw: 0000000000000000 ffff8880996ef000 0000000100000004 0000000000000000
[   61.809213][ T6875] page dumped because: kasan: bad access detected
[   61.815732][ T6875] 
[   61.818040][ T6875] Memory state around the buggy address:
[   61.823655][ T6875]  ffff8880996ef500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   61.831702][ T6875]  ffff8880996ef580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   61.839754][ T6875] >ffff8880996ef600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   61.847824][ T6875]                       ^
[   61.852274][ T6875]  ffff8880996ef680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   61.860335][ T6875]  ffff8880996ef700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   61.868375][ T6875] ==================================================================
[   61.876443][ T6875] Disabling lock debugging due to kernel taint
[   61.890202][ T6875] Kernel panic - not syncing: panic_on_warn set ...
[   61.897026][ T6875] CPU: 0 PID: 6875 Comm: kworker/u5:2 Tainted: G    B             5.8.0-rc7-next-20200731-syzkaller #0
[   61.908044][ T6875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   61.918113][ T6875] Workqueue: hci0 hci_rx_work
[   61.922818][ T6875] Call Trace:
[   61.926131][ T6875]  dump_stack+0x18f/0x20d
[   61.930470][ T6875]  ? hci_le_meta_evt+0x3920/0x3fd0
[   61.935589][ T6875]  panic+0x2e3/0x75c
[   61.939935][ T6875]  ? __warn_printk+0xf3/0xf3
[   61.944542][ T6875]  ? preempt_schedule_common+0x59/0xc0
[   61.950101][ T6875]  ? hci_le_meta_evt+0x39eb/0x3fd0
[   61.955226][ T6875]  ? preempt_schedule_thunk+0x16/0x18
[   61.960587][ T6875]  ? trace_hardirqs_on+0x55/0x220
[   61.965596][ T6875]  ? hci_le_meta_evt+0x39eb/0x3fd0
[   61.970687][ T6875]  ? hci_le_meta_evt+0x39eb/0x3fd0
[   61.975784][ T6875]  end_report+0x4d/0x53
[   61.979928][ T6875]  kasan_report.cold+0xd/0x37
[   61.984590][ T6875]  ? hci_le_meta_evt+0x39eb/0x3fd0
[   61.989698][ T6875]  hci_le_meta_evt+0x39eb/0x3fd0
[   61.994622][ T6875]  ? mark_lock+0xbc/0x1710
[   61.999023][ T6875]  ? mark_lock+0xbc/0x1710
[   62.003432][ T6875]  ? hci_key_refresh_complete_evt.isra.0+0x10b0/0x10b0
[   62.010263][ T6875]  ? mark_lock+0xbc/0x1710
[   62.014678][ T6875]  ? __lock_acquire+0x16cb/0x5640
[   62.019686][ T6875]  ? __lock_acquire+0x16cb/0x5640
[   62.024696][ T6875]  hci_event_packet+0x2e25/0x87a8
[   62.029705][ T6875]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[   62.035671][ T6875]  ? __lock_acquire+0x16cb/0x5640
[   62.040681][ T6875]  ? hci_cmd_complete_evt+0xc6d0/0xc6d0
[   62.046218][ T6875]  ? lock_acquire+0x1f1/0xad0
[   62.050879][ T6875]  ? skb_dequeue+0x1c/0x180
[   62.055393][ T6875]  ? find_held_lock+0x2d/0x110
[   62.060199][ T6875]  ? mark_lock+0xbc/0x1710
[   62.064603][ T6875]  ? mark_held_locks+0x9f/0xe0
[   62.070999][ T6875]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   62.076789][ T6875]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[   62.082753][ T6875]  ? trace_hardirqs_on+0x5f/0x220
[   62.087764][ T6875]  ? lockdep_hardirqs_on+0x76/0xf0
[   62.092861][ T6875]  hci_rx_work+0x22e/0xb50
[   62.097284][ T6875]  process_one_work+0x94c/0x1670
[   62.102206][ T6875]  ? lock_release+0x8e0/0x8e0
[   62.106868][ T6875]  ? pwq_dec_nr_in_flight+0x2d0/0x2d0
[   62.112227][ T6875]  ? rwlock_bug.part.0+0x90/0x90
[   62.117148][ T6875]  ? lockdep_hardirqs_off+0x7e/0xb0
[   62.122331][ T6875]  worker_thread+0x64c/0x1120
[   62.126995][ T6875]  ? __kthread_parkme+0x13f/0x1e0
[   62.132004][ T6875]  ? process_one_work+0x1670/0x1670
[   62.137275][ T6875]  kthread+0x3b5/0x4a0
[   62.141327][ T6875]  ? __kthread_bind_mask+0xc0/0xc0
[   62.146421][ T6875]  ? __kthread_bind_mask+0xc0/0xc0
[   62.151516][ T6875]  ret_from_fork+0x1f/0x30
[   62.156655][ T6875] Kernel Offset: disabled
[   62.161409][ T6875] Rebooting in 86400 seconds..