Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts. syzkaller login: [ 42.989285][ T6811] IPVS: ftp: loaded support on port[0] = 21 executing program [ 44.078377][ T1534] Bluetooth: hci0: Unknown advertising packet type: 0xffff [ 44.078445][ T1534] ================================================================== [ 44.093810][ T1534] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x7de4/0x18240 [ 44.101782][ T1534] Read of size 1 at addr ffff8880a93fc209 by task kworker/u5:0/1534 [ 44.109767][ T1534] [ 44.112097][ T1534] CPU: 1 PID: 1534 Comm: kworker/u5:0 Not tainted 5.8.0-rc7-syzkaller #0 [ 44.120495][ T1534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.130546][ T1534] Workqueue: hci0 hci_rx_work [ 44.135222][ T1534] Call Trace: [ 44.138497][ T1534] dump_stack+0x1f0/0x31e [ 44.142814][ T1534] print_address_description+0x66/0x5a0 [ 44.148347][ T1534] ? printk+0x62/0x83 [ 44.152319][ T1534] ? vprintk_emit+0x339/0x3c0 [ 44.156983][ T1534] kasan_report+0x132/0x1d0 [ 44.161478][ T1534] ? hci_event_packet+0x7de4/0x18240 [ 44.166751][ T1534] hci_event_packet+0x7de4/0x18240 [ 44.171858][ T1534] ? trace_lock_release+0x137/0x1a0 [ 44.177049][ T1534] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 44.182856][ T1534] ? lockdep_hardirqs_on+0x38/0xe0 [ 44.187964][ T1534] hci_rx_work+0x236/0x9c0 [ 44.192378][ T1534] process_one_work+0x789/0xfc0 [ 44.197232][ T1534] worker_thread+0xaa4/0x1460 [ 44.201912][ T1534] kthread+0x37e/0x3a0 [ 44.205964][ T1534] ? rcu_lock_release+0x20/0x20 [ 44.210819][ T1534] ? kthread_blkcg+0xd0/0xd0 [ 44.215396][ T1534] ret_from_fork+0x1f/0x30 [ 44.219816][ T1534] [ 44.222128][ T1534] Allocated by task 6811: [ 44.226444][ T1534] __kasan_kmalloc+0x103/0x140 [ 44.231192][ T1534] __alloc_skb+0xde/0x4f0 [ 44.235504][ T1534] vhci_write+0xb7/0x400 [ 44.239733][ T1534] vfs_write+0xa08/0xc70 [ 44.243959][ T1534] ksys_write+0x11b/0x220 [ 44.248277][ T1534] do_syscall_64+0x73/0xe0 [ 44.252682][ T1534] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.258550][ T1534] [ 44.260861][ T1534] Freed by task 6434: [ 44.264827][ T1534] __kasan_slab_free+0x114/0x170 [ 44.269746][ T1534] kfree+0x10a/0x220 [ 44.273621][ T1534] tomoyo_supervisor+0x1080/0x1320 [ 44.278714][ T1534] tomoyo_path_perm+0x4e3/0x740 [ 44.283546][ T1534] security_inode_getattr+0xc0/0x140 [ 44.288831][ T1534] __x64_sys_newfstat+0x97/0x150 [ 44.293750][ T1534] do_syscall_64+0x73/0xe0 [ 44.298165][ T1534] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.304032][ T1534] [ 44.306346][ T1534] The buggy address belongs to the object at ffff8880a93fc000 [ 44.306346][ T1534] which belongs to the cache kmalloc-512 of size 512 [ 44.320381][ T1534] The buggy address is located 9 bytes to the right of [ 44.320381][ T1534] 512-byte region [ffff8880a93fc000, ffff8880a93fc200) [ 44.333977][ T1534] The buggy address belongs to the page: [ 44.339602][ T1534] page:ffffea0002a4ff00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 44.348687][ T1534] flags: 0xfffe0000000200(slab) [ 44.353525][ T1534] raw: 00fffe0000000200 ffffea0002a43a48 ffffea000288fa48 ffff8880aa400a80 [ 44.362094][ T1534] raw: 0000000000000000 ffff8880a93fc000 0000000100000004 0000000000000000 [ 44.370662][ T1534] page dumped because: kasan: bad access detected [ 44.377060][ T1534] [ 44.379373][ T1534] Memory state around the buggy address: [ 44.384987][ T1534] ffff8880a93fc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.393046][ T1534] ffff8880a93fc180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.401099][ T1534] >ffff8880a93fc200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.409140][ T1534] ^ [ 44.413472][ T1534] ffff8880a93fc280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.421523][ T1534] ffff8880a93fc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.429586][ T1534] ================================================================== [ 44.437627][ T1534] Disabling lock debugging due to kernel taint [ 44.445070][ T1534] Kernel panic - not syncing: panic_on_warn set ... [ 44.451662][ T1534] CPU: 1 PID: 1534 Comm: kworker/u5:0 Tainted: G B 5.8.0-rc7-syzkaller #0 [ 44.461445][ T1534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.471500][ T1534] Workqueue: hci0 hci_rx_work [ 44.476167][ T1534] Call Trace: [ 44.479446][ T1534] dump_stack+0x1f0/0x31e [ 44.483771][ T1534] panic+0x264/0x7a0 [ 44.487661][ T1534] ? trace_hardirqs_on+0x30/0x80 [ 44.492589][ T1534] kasan_report+0x1c9/0x1d0 [ 44.497085][ T1534] ? hci_event_packet+0x7de4/0x18240 [ 44.502365][ T1534] hci_event_packet+0x7de4/0x18240 [ 44.507468][ T1534] ? trace_lock_release+0x137/0x1a0 [ 44.512651][ T1534] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 44.518435][ T1534] ? lockdep_hardirqs_on+0x38/0xe0 [ 44.523540][ T1534] hci_rx_work+0x236/0x9c0 [ 44.527954][ T1534] process_one_work+0x789/0xfc0 [ 44.532789][ T1534] worker_thread+0xaa4/0x1460 [ 44.537462][ T1534] kthread+0x37e/0x3a0 [ 44.541517][ T1534] ? rcu_lock_release+0x20/0x20 [ 44.546345][ T1534] ? kthread_blkcg+0xd0/0xd0 [ 44.550926][ T1534] ret_from_fork+0x1f/0x30 [ 44.556255][ T1534] Kernel Offset: disabled [ 44.560564][ T1534] Rebooting in 86400 seconds..