Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. executing program executing program executing program syzkaller login: [ 86.474390][ T1618] ================================================================== [ 86.482600][ T1618] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x5084/0xa931 [ 86.490578][ T1618] Read of size 6 at addr ffff88809f254208 by task kworker/u5:0/1618 [ 86.498573][ T1618] [ 86.500882][ T1618] CPU: 0 PID: 1618 Comm: kworker/u5:0 Not tainted 5.6.0-rc6-syzkaller #0 [ 86.509268][ T1618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.519323][ T1618] Workqueue: hci0 hci_rx_work [ 86.523977][ T1618] Call Trace: [ 86.527252][ T1618] dump_stack+0x188/0x20d [ 86.531563][ T1618] ? hci_event_packet+0x5084/0xa931 [ 86.536742][ T1618] ? hci_event_packet+0x5084/0xa931 [ 86.541920][ T1618] print_address_description.constprop.0.cold+0xd3/0x315 [ 86.549053][ T1618] ? hci_event_packet+0x5084/0xa931 [ 86.554227][ T1618] ? hci_event_packet+0x5084/0xa931 [ 86.559403][ T1618] __kasan_report.cold+0x1a/0x32 [ 86.564325][ T1618] ? hci_event_packet+0x5084/0xa931 [ 86.569850][ T1618] kasan_report+0xe/0x20 [ 86.574073][ T1618] check_memory_region+0x128/0x190 [ 86.579174][ T1618] memcpy+0x20/0x50 [ 86.582965][ T1618] hci_event_packet+0x5084/0xa931 [ 86.587981][ T1618] ? hci_cmd_complete_evt+0xc3b0/0xc3b0 [ 86.593503][ T1618] ? find_first_zero_bit+0x94/0xb0 [ 86.598598][ T1618] ? __lock_acquire+0x2413/0x3ca0 [ 86.603623][ T1618] ? find_held_lock+0x2d/0x110 [ 86.608366][ T1618] ? skb_dequeue+0x153/0x1c0 [ 86.612945][ T1618] ? mark_held_locks+0x9f/0xe0 [ 86.617685][ T1618] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 86.623477][ T1618] ? lockdep_hardirqs_on+0x417/0x5d0 [ 86.628739][ T1618] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 86.634525][ T1618] ? hci_rx_work+0x239/0xb20 [ 86.639088][ T1618] hci_rx_work+0x239/0xb20 [ 86.643494][ T1618] process_one_work+0x94b/0x1690 [ 86.648422][ T1618] ? pwq_dec_nr_in_flight+0x310/0x310 [ 86.653779][ T1618] ? do_raw_spin_lock+0x129/0x2e0 [ 86.658798][ T1618] worker_thread+0x96/0xe20 [ 86.663296][ T1618] ? process_one_work+0x1690/0x1690 [ 86.668476][ T1618] kthread+0x357/0x430 [ 86.672534][ T1618] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 86.678279][ T1618] ret_from_fork+0x24/0x30 [ 86.682681][ T1618] [ 86.684993][ T1618] Allocated by task 9455: [ 86.689313][ T1618] save_stack+0x1b/0x80 [ 86.693445][ T1618] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 86.699070][ T1618] __kmalloc_reserve.isra.0+0x39/0xe0 [ 86.704415][ T1618] __alloc_skb+0xef/0x5a0 [ 86.708737][ T1618] vhci_write+0xbd/0x450 [ 86.712958][ T1618] new_sync_write+0x49c/0x700 [ 86.717610][ T1618] __vfs_write+0xc9/0x100 [ 86.721913][ T1618] vfs_write+0x262/0x5c0 [ 86.726128][ T1618] ksys_write+0x127/0x250 [ 86.730432][ T1618] do_fast_syscall_32+0x270/0xe8f [ 86.735551][ T1618] entry_SYSENTER_compat+0x70/0x7f [ 86.740633][ T1618] [ 86.742939][ T1618] Freed by task 8497: [ 86.746898][ T1618] save_stack+0x1b/0x80 [ 86.751026][ T1618] __kasan_slab_free+0xf7/0x140 [ 86.755851][ T1618] kfree+0x109/0x2b0 [ 86.759722][ T1618] load_elf_binary+0x240d/0x4870 [ 86.764637][ T1618] search_binary_handler+0x16b/0x580 [ 86.769897][ T1618] __do_execve_file.isra.0+0x12fc/0x2270 [ 86.775507][ T1618] __x64_sys_execve+0x8a/0xb0 [ 86.780161][ T1618] do_syscall_64+0xf6/0x7d0 [ 86.784639][ T1618] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.790500][ T1618] [ 86.792812][ T1618] The buggy address belongs to the object at ffff88809f254000 [ 86.792812][ T1618] which belongs to the cache kmalloc-512 of size 512 [ 86.806840][ T1618] The buggy address is located 8 bytes to the right of [ 86.806840][ T1618] 512-byte region [ffff88809f254000, ffff88809f254200) [ 86.820429][ T1618] The buggy address belongs to the page: [ 86.826084][ T1618] page:ffffea00027c9500 refcount:1 mapcount:0 mapping:ffff8880aa000a80 index:0x0 [ 86.835165][ T1618] flags: 0xfffe0000000200(slab) [ 86.840042][ T1618] raw: 00fffe0000000200 ffffea00027cd908 ffffea00027ebf48 ffff8880aa000a80 [ 86.848602][ T1618] raw: 0000000000000000 ffff88809f254000 0000000100000004 0000000000000000 [ 86.857156][ T1618] page dumped because: kasan: bad access detected [ 86.863539][ T1618] [ 86.865844][ T1618] Memory state around the buggy address: [ 86.871487][ T1618] ffff88809f254100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.879538][ T1618] ffff88809f254180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.887588][ T1618] >ffff88809f254200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.895663][ T1618] ^ [ 86.899973][ T1618] ffff88809f254280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.908016][ T1618] ffff88809f254300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.916057][ T1618] ================================================================== [ 86.924088][ T1618] Disabling lock debugging due to kernel taint [ 86.932441][ T1618] Kernel panic - not syncing: panic_on_warn set ... [ 86.939031][ T1618] CPU: 0 PID: 1618 Comm: kworker/u5:0 Tainted: G B 5.6.0-rc6-syzkaller #0 [ 86.948812][ T1618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.958851][ T1618] Workqueue: hci0 hci_rx_work [ 86.963498][ T1618] Call Trace: [ 86.966764][ T1618] dump_stack+0x188/0x20d [ 86.971083][ T1618] panic+0x2e3/0x75c [ 86.974955][ T1618] ? add_taint.cold+0x16/0x16 [ 86.979612][ T1618] ? preempt_schedule_common+0x5e/0xc0 [ 86.985052][ T1618] ? hci_event_packet+0x5084/0xa931 [ 86.990228][ T1618] ? ___preempt_schedule+0x16/0x18 [ 86.995326][ T1618] ? trace_hardirqs_on+0x55/0x220 [ 87.000335][ T1618] ? hci_event_packet+0x5084/0xa931 [ 87.005510][ T1618] end_report+0x43/0x49 [ 87.009653][ T1618] ? hci_event_packet+0x5084/0xa931 [ 87.014833][ T1618] __kasan_report.cold+0xd/0x32 [ 87.019712][ T1618] ? hci_event_packet+0x5084/0xa931 [ 87.024886][ T1618] kasan_report+0xe/0x20 [ 87.029105][ T1618] check_memory_region+0x128/0x190 [ 87.034192][ T1618] memcpy+0x20/0x50 [ 87.037979][ T1618] hci_event_packet+0x5084/0xa931 [ 87.042982][ T1618] ? hci_cmd_complete_evt+0xc3b0/0xc3b0 [ 87.048507][ T1618] ? find_first_zero_bit+0x94/0xb0 [ 87.053608][ T1618] ? __lock_acquire+0x2413/0x3ca0 [ 87.058628][ T1618] ? find_held_lock+0x2d/0x110 [ 87.063401][ T1618] ? skb_dequeue+0x153/0x1c0 [ 87.067970][ T1618] ? mark_held_locks+0x9f/0xe0 [ 87.072709][ T1618] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 87.078494][ T1618] ? lockdep_hardirqs_on+0x417/0x5d0 [ 87.083796][ T1618] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 87.089580][ T1618] ? hci_rx_work+0x239/0xb20 [ 87.094144][ T1618] hci_rx_work+0x239/0xb20 [ 87.098589][ T1618] process_one_work+0x94b/0x1690 [ 87.103506][ T1618] ? pwq_dec_nr_in_flight+0x310/0x310 [ 87.108851][ T1618] ? do_raw_spin_lock+0x129/0x2e0 [ 87.113875][ T1618] worker_thread+0x96/0xe20 [ 87.118359][ T1618] ? process_one_work+0x1690/0x1690 [ 87.123537][ T1618] kthread+0x357/0x430 [ 87.127582][ T1618] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 87.133275][ T1618] ret_from_fork+0x24/0x30 [ 87.138929][ T1618] Kernel Offset: disabled [ 87.143260][ T1618] Rebooting in 86400 seconds..