Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 80.370563][ T9573] IPVS: ftp: loaded support on port[0] = 21 [ 80.438320][ T1619] ================================================================== [ 80.446536][ T1619] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x5084/0xa931 [ 80.454525][ T1619] Read of size 6 at addr ffff8880942ef208 by task kworker/u5:0/1619 [ 80.462939][ T1619] [ 80.465274][ T1619] CPU: 0 PID: 1619 Comm: kworker/u5:0 Not tainted 5.6.0-rc6-syzkaller #0 [ 80.473671][ T1619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.484087][ T1619] Workqueue: hci0 hci_rx_work [ 80.488853][ T1619] Call Trace: [ 80.492137][ T1619] dump_stack+0x188/0x20d [ 80.496557][ T1619] ? hci_event_packet+0x5084/0xa931 [ 80.501741][ T1619] ? hci_event_packet+0x5084/0xa931 [ 80.506932][ T1619] print_address_description.constprop.0.cold+0xd3/0x315 [ 80.514001][ T1619] ? hci_event_packet+0x5084/0xa931 [ 80.519325][ T1619] ? hci_event_packet+0x5084/0xa931 [ 80.524511][ T1619] __kasan_report.cold+0x1a/0x32 [ 80.529496][ T1619] ? hci_event_packet+0x5084/0xa931 [ 80.534680][ T1619] kasan_report+0xe/0x20 [ 80.538907][ T1619] check_memory_region+0x128/0x190 [ 80.544000][ T1619] memcpy+0x20/0x50 [ 80.547905][ T1619] hci_event_packet+0x5084/0xa931 [ 80.552936][ T1619] ? hci_cmd_complete_evt+0xc3b0/0xc3b0 [ 80.558469][ T1619] ? find_first_zero_bit+0x94/0xb0 [ 80.563571][ T1619] ? __lock_acquire+0x2413/0x3ca0 [ 80.568608][ T1619] ? find_held_lock+0x2d/0x110 [ 80.573355][ T1619] ? skb_dequeue+0x153/0x1c0 [ 80.577936][ T1619] ? mark_held_locks+0x9f/0xe0 [ 80.582781][ T1619] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 80.588585][ T1619] ? lockdep_hardirqs_on+0x417/0x5d0 [ 80.593853][ T1619] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 80.599660][ T1619] ? hci_rx_work+0x239/0xb20 [ 80.604246][ T1619] hci_rx_work+0x239/0xb20 [ 80.608667][ T1619] process_one_work+0x94b/0x1690 [ 80.613603][ T1619] ? __wake_up_common+0x650/0x650 [ 80.618608][ T1619] ? pwq_dec_nr_in_flight+0x310/0x310 [ 80.625152][ T1619] worker_thread+0x96/0xe20 [ 80.629655][ T1619] ? process_one_work+0x1690/0x1690 [ 80.634968][ T1619] kthread+0x357/0x430 [ 80.639128][ T1619] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 80.644843][ T1619] ret_from_fork+0x24/0x30 [ 80.649327][ T1619] [ 80.651695][ T1619] Allocated by task 9576: [ 80.656020][ T1619] save_stack+0x1b/0x80 [ 80.660310][ T1619] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 80.666106][ T1619] __kmalloc_reserve.isra.0+0x39/0xe0 [ 80.671470][ T1619] __alloc_skb+0xef/0x5a0 [ 80.675904][ T1619] vhci_write+0xbd/0x450 [ 80.680196][ T1619] new_sync_write+0x49c/0x700 [ 80.684860][ T1619] __vfs_write+0xc9/0x100 [ 80.689216][ T1619] vfs_write+0x262/0x5c0 [ 80.693604][ T1619] ksys_write+0x127/0x250 [ 80.698031][ T1619] do_syscall_64+0xf6/0x7d0 [ 80.702522][ T1619] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.708393][ T1619] [ 80.710703][ T1619] Freed by task 8654: [ 80.714680][ T1619] save_stack+0x1b/0x80 [ 80.718815][ T1619] __kasan_slab_free+0xf7/0x140 [ 80.723641][ T1619] kfree+0x109/0x2b0 [ 80.727515][ T1619] load_elf_binary+0x240d/0x4870 [ 80.732429][ T1619] search_binary_handler+0x16b/0x580 [ 80.737728][ T1619] __do_execve_file.isra.0+0x12fc/0x2270 [ 80.743339][ T1619] __x64_sys_execve+0x8a/0xb0 [ 80.748278][ T1619] do_syscall_64+0xf6/0x7d0 [ 80.752760][ T1619] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.758624][ T1619] [ 80.760947][ T1619] The buggy address belongs to the object at ffff8880942ef000 [ 80.760947][ T1619] which belongs to the cache kmalloc-512 of size 512 [ 80.774979][ T1619] The buggy address is located 8 bytes to the right of [ 80.774979][ T1619] 512-byte region [ffff8880942ef000, ffff8880942ef200) [ 80.788673][ T1619] The buggy address belongs to the page: [ 80.794299][ T1619] page:ffffea000250bbc0 refcount:1 mapcount:0 mapping:ffff8880aa000a80 index:0x0 [ 80.803504][ T1619] flags: 0xfffe0000000200(slab) [ 80.808368][ T1619] raw: 00fffe0000000200 ffffea00027cb448 ffffea00028d1bc8 ffff8880aa000a80 [ 80.816949][ T1619] raw: 0000000000000000 ffff8880942ef000 0000000100000004 0000000000000000 [ 80.825514][ T1619] page dumped because: kasan: bad access detected [ 80.832015][ T1619] [ 80.834336][ T1619] Memory state around the buggy address: [ 80.839950][ T1619] ffff8880942ef100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 80.848001][ T1619] ffff8880942ef180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 80.856041][ T1619] >ffff8880942ef200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.864081][ T1619] ^ [ 80.868400][ T1619] ffff8880942ef280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.876443][ T1619] ffff8880942ef300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.884481][ T1619] ================================================================== [ 80.892537][ T1619] Disabling lock debugging due to kernel taint [ 80.899298][ T1619] Kernel panic - not syncing: panic_on_warn set ... [ 80.905902][ T1619] CPU: 0 PID: 1619 Comm: kworker/u5:0 Tainted: G B 5.6.0-rc6-syzkaller #0 [ 80.915832][ T1619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.926028][ T1619] Workqueue: hci0 hci_rx_work [ 80.930688][ T1619] Call Trace: [ 80.933964][ T1619] dump_stack+0x188/0x20d [ 80.939077][ T1619] panic+0x2e3/0x75c [ 80.942962][ T1619] ? add_taint.cold+0x16/0x16 [ 80.947709][ T1619] ? preempt_schedule_common+0x5e/0xc0 [ 80.953507][ T1619] ? hci_event_packet+0x5084/0xa931 [ 80.958709][ T1619] ? ___preempt_schedule+0x16/0x18 [ 80.963880][ T1619] ? trace_hardirqs_on+0x55/0x220 [ 80.969055][ T1619] ? hci_event_packet+0x5084/0xa931 [ 80.974255][ T1619] end_report+0x43/0x49 [ 80.978542][ T1619] ? hci_event_packet+0x5084/0xa931 [ 80.983730][ T1619] __kasan_report.cold+0xd/0x32 [ 80.988740][ T1619] ? hci_event_packet+0x5084/0xa931 [ 80.993925][ T1619] kasan_report+0xe/0x20 [ 80.998152][ T1619] check_memory_region+0x128/0x190 [ 81.003251][ T1619] memcpy+0x20/0x50 [ 81.007065][ T1619] hci_event_packet+0x5084/0xa931 [ 81.012130][ T1619] ? hci_cmd_complete_evt+0xc3b0/0xc3b0 [ 81.017666][ T1619] ? find_first_zero_bit+0x94/0xb0 [ 81.022768][ T1619] ? __lock_acquire+0x2413/0x3ca0 [ 81.027789][ T1619] ? find_held_lock+0x2d/0x110 [ 81.032634][ T1619] ? skb_dequeue+0x153/0x1c0 [ 81.037341][ T1619] ? mark_held_locks+0x9f/0xe0 [ 81.042115][ T1619] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 81.047909][ T1619] ? lockdep_hardirqs_on+0x417/0x5d0 [ 81.053250][ T1619] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 81.059061][ T1619] ? hci_rx_work+0x239/0xb20 [ 81.063638][ T1619] hci_rx_work+0x239/0xb20 [ 81.068047][ T1619] process_one_work+0x94b/0x1690 [ 81.072976][ T1619] ? __wake_up_common+0x650/0x650 [ 81.077992][ T1619] ? pwq_dec_nr_in_flight+0x310/0x310 [ 81.083350][ T1619] worker_thread+0x96/0xe20 [ 81.087849][ T1619] ? process_one_work+0x1690/0x1690 [ 81.093037][ T1619] kthread+0x357/0x430 [ 81.097096][ T1619] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 81.102815][ T1619] ret_from_fork+0x24/0x30 [ 81.108662][ T1619] Kernel Offset: disabled [ 81.112989][ T1619] Rebooting in 86400 seconds..