Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 47.038228][ T6817] IPVS: ftp: loaded support on port[0] = 21 [ 47.124115][ T6821] ================================================================== [ 47.132392][ T6821] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x763b/0x17e10 [ 47.140384][ T6821] Read of size 1 at addr ffff88809f4a0a05 by task kworker/u5:1/6821 [ 47.150078][ T6821] [ 47.152393][ T6821] CPU: 1 PID: 6821 Comm: kworker/u5:1 Not tainted 5.9.0-rc2-syzkaller #0 [ 47.160801][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.170854][ T6821] Workqueue: hci0 hci_rx_work [ 47.175512][ T6821] Call Trace: [ 47.178800][ T6821] dump_stack+0x1f0/0x31e [ 47.183116][ T6821] print_address_description+0x66/0x620 [ 47.188668][ T6821] ? vprintk_emit+0x342/0x3c0 [ 47.193334][ T6821] ? printk+0x62/0x83 [ 47.197568][ T6821] ? vprintk_emit+0x339/0x3c0 [ 47.202255][ T6821] kasan_report+0x132/0x1d0 [ 47.206760][ T6821] ? hci_event_packet+0x763b/0x17e10 [ 47.212104][ T6821] hci_event_packet+0x763b/0x17e10 [ 47.217219][ T6821] ? trace_lock_release+0x137/0x1a0 [ 47.222464][ T6821] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 47.228302][ T6821] ? lockdep_hardirqs_on+0x49/0xf0 [ 47.233460][ T6821] hci_rx_work+0x246/0xa20 [ 47.237891][ T6821] process_one_work+0x789/0xfc0 [ 47.242747][ T6821] worker_thread+0xaa4/0x1460 [ 47.247436][ T6821] kthread+0x37e/0x3a0 [ 47.251511][ T6821] ? rcu_lock_release+0x20/0x20 [ 47.256360][ T6821] ? kthread_blkcg+0xd0/0xd0 [ 47.260940][ T6821] ret_from_fork+0x1f/0x30 [ 47.265349][ T6821] [ 47.267661][ T6821] Allocated by task 6817: [ 47.273667][ T6821] __kasan_kmalloc+0x100/0x130 [ 47.278521][ T6821] __alloc_skb+0xde/0x4f0 [ 47.282866][ T6821] vhci_write+0xb7/0x400 [ 47.287195][ T6821] vfs_write+0xa96/0xd10 [ 47.291426][ T6821] ksys_write+0x11b/0x220 [ 47.295780][ T6821] do_syscall_64+0x31/0x70 [ 47.300199][ T6821] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.306256][ T6821] [ 47.308571][ T6821] The buggy address belongs to the object at ffff88809f4a0800 [ 47.308571][ T6821] which belongs to the cache kmalloc-512 of size 512 [ 47.322626][ T6821] The buggy address is located 5 bytes to the right of [ 47.322626][ T6821] 512-byte region [ffff88809f4a0800, ffff88809f4a0a00) [ 47.336241][ T6821] The buggy address belongs to the page: [ 47.341895][ T6821] page:00000000f35f91a2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9f4a0 [ 47.352028][ T6821] flags: 0xfffe0000000200(slab) [ 47.356864][ T6821] raw: 00fffe0000000200 ffffea000287ebc8 ffffea0002a4d048 ffff8880aa440600 [ 47.365447][ T6821] raw: 0000000000000000 ffff88809f4a0000 0000000100000004 0000000000000000 [ 47.374113][ T6821] page dumped because: kasan: bad access detected [ 47.380527][ T6821] [ 47.382834][ T6821] Memory state around the buggy address: [ 47.388454][ T6821] ffff88809f4a0900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.396535][ T6821] ffff88809f4a0980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.404603][ T6821] >ffff88809f4a0a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.412756][ T6821] ^ [ 47.416818][ T6821] ffff88809f4a0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.424888][ T6821] ffff88809f4a0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.432955][ T6821] ================================================================== [ 47.441100][ T6821] Disabling lock debugging due to kernel taint [ 47.447768][ T6821] Kernel panic - not syncing: panic_on_warn set ... [ 47.454370][ T6821] CPU: 1 PID: 6821 Comm: kworker/u5:1 Tainted: G B 5.9.0-rc2-syzkaller #0 [ 47.464168][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.474250][ T6821] Workqueue: hci0 hci_rx_work [ 47.478906][ T6821] Call Trace: [ 47.482191][ T6821] dump_stack+0x1f0/0x31e [ 47.486516][ T6821] panic+0x264/0x7a0 [ 47.490408][ T6821] ? trace_hardirqs_on+0x30/0x80 [ 47.495328][ T6821] kasan_report+0x1c9/0x1d0 [ 47.499830][ T6821] ? hci_event_packet+0x763b/0x17e10 [ 47.505099][ T6821] hci_event_packet+0x763b/0x17e10 [ 47.510208][ T6821] ? trace_lock_release+0x137/0x1a0 [ 47.515402][ T6821] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 47.521193][ T6821] ? lockdep_hardirqs_on+0x49/0xf0 [ 47.526295][ T6821] hci_rx_work+0x246/0xa20 [ 47.530705][ T6821] process_one_work+0x789/0xfc0 [ 47.535561][ T6821] worker_thread+0xaa4/0x1460 [ 47.540343][ T6821] kthread+0x37e/0x3a0 [ 47.544399][ T6821] ? rcu_lock_release+0x20/0x20 [ 47.549247][ T6821] ? kthread_blkcg+0xd0/0xd0 [ 47.553834][ T6821] ret_from_fork+0x1f/0x30 [ 47.559400][ T6821] Kernel Offset: disabled [ 47.563769][ T6821] Rebooting in 86400 seconds..