[ OK ] Started Regular background program processing daemon. Starting System Logging Service... [ OK ] Started Daily apt upgrade and clean activities. Starting getty on tty2-tty6 if dbus and logind are not available... [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Reached target Timers. [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. Starting Load/Save RF Kill Switch Status... [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.117' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.928081][ T6825] IPVS: ftp: loaded support on port[0] = 21 executing program [ 56.015969][ T1519] ================================================================== [ 56.024637][ T1519] BUG: KASAN: slab-out-of-bounds in hci_inquiry_result_with_rssi_evt+0x230/0x6b0 [ 56.035759][ T1519] Read of size 6 at addr ffff888097acc1fb by task kworker/u5:0/1519 [ 56.047636][ T1519] [ 56.051084][ T1519] CPU: 0 PID: 1519 Comm: kworker/u5:0 Not tainted 5.8.0-rc4-syzkaller #0 [ 56.059902][ T1519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.070209][ T1519] Workqueue: hci0 hci_rx_work [ 56.075140][ T1519] Call Trace: [ 56.078499][ T1519] dump_stack+0x18f/0x20d [ 56.083253][ T1519] ? hci_inquiry_result_with_rssi_evt+0x230/0x6b0 [ 56.091655][ T1519] ? hci_inquiry_result_with_rssi_evt+0x230/0x6b0 [ 56.100260][ T1519] print_address_description.constprop.0.cold+0xae/0x436 [ 56.107361][ T1519] ? lockdep_hardirqs_off+0x66/0xa0 [ 56.112651][ T1519] ? vprintk_func+0x97/0x1a6 [ 56.117226][ T1519] ? hci_inquiry_result_with_rssi_evt+0x230/0x6b0 [ 56.123635][ T1519] kasan_report.cold+0x1f/0x37 [ 56.128383][ T1519] ? hci_inquiry_result_with_rssi_evt+0x230/0x6b0 [ 56.134778][ T1519] check_memory_region+0x13d/0x180 [ 56.139869][ T1519] memcpy+0x20/0x60 [ 56.143670][ T1519] hci_inquiry_result_with_rssi_evt+0x230/0x6b0 [ 56.150000][ T1519] ? process_adv_report+0xe40/0xe40 [ 56.155272][ T1519] hci_event_packet+0x1e8c/0x86f5 [ 56.160279][ T1519] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.166251][ T1519] ? hci_cmd_complete_evt+0xc6e0/0xc6e0 [ 56.171789][ T1519] ? lock_acquire+0x1f1/0xad0 [ 56.176446][ T1519] ? skb_dequeue+0x1c/0x180 [ 56.181024][ T1519] ? find_held_lock+0x2d/0x110 [ 56.186314][ T1519] ? mark_lock+0xbc/0x1710 [ 56.190713][ T1519] ? mark_held_locks+0x9f/0xe0 [ 56.195629][ T1519] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 56.202977][ T1519] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 56.208936][ T1519] ? trace_hardirqs_on+0x5f/0x220 [ 56.213938][ T1519] ? lockdep_hardirqs_on+0x6a/0xe0 [ 56.219050][ T1519] hci_rx_work+0x22e/0xb10 [ 56.224078][ T1519] process_one_work+0x94c/0x1670 [ 56.229837][ T1519] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 56.235307][ T1519] ? rwlock_bug.part.0+0x90/0x90 [ 56.242585][ T1519] worker_thread+0x64c/0x1120 [ 56.247355][ T1519] ? process_one_work+0x1670/0x1670 [ 56.252628][ T1519] kthread+0x3b5/0x4a0 [ 56.256686][ T1519] ? __kthread_bind_mask+0xc0/0xc0 [ 56.261776][ T1519] ? __kthread_bind_mask+0xc0/0xc0 [ 56.266865][ T1519] ret_from_fork+0x1f/0x30 [ 56.271264][ T1519] [ 56.273569][ T1519] Allocated by task 6853: [ 56.277910][ T1519] save_stack+0x1b/0x40 [ 56.282160][ T1519] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 56.289310][ T1519] __alloc_skb+0xae/0x550 [ 56.293664][ T1519] vhci_write+0xbd/0x450 [ 56.298332][ T1519] new_sync_write+0x422/0x650 [ 56.307630][ T1519] __vfs_write+0xc9/0x100 [ 56.312842][ T1519] vfs_write+0x268/0x5d0 [ 56.317076][ T1519] ksys_write+0x12d/0x250 [ 56.321481][ T1519] do_syscall_32_irqs_on+0x3f/0x60 [ 56.326682][ T1519] do_fast_syscall_32+0x7f/0x120 [ 56.331684][ T1519] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 56.338153][ T1519] [ 56.340457][ T1519] Freed by task 4798: [ 56.344714][ T1519] save_stack+0x1b/0x40 [ 56.348865][ T1519] __kasan_slab_free+0xf5/0x140 [ 56.353713][ T1519] kfree+0x103/0x2c0 [ 56.358456][ T1519] skb_release_data+0x6d9/0x910 [ 56.363281][ T1519] consume_skb+0xc2/0x160 [ 56.367588][ T1519] netlink_unicast+0x53b/0x7d0 [ 56.372327][ T1519] netlink_sendmsg+0x856/0xd90 [ 56.377068][ T1519] sock_sendmsg+0xcf/0x120 [ 56.381462][ T1519] ____sys_sendmsg+0x6e8/0x810 [ 56.386200][ T1519] ___sys_sendmsg+0xf3/0x170 [ 56.390765][ T1519] __sys_sendmsg+0xe5/0x1b0 [ 56.403773][ T1519] do_syscall_64+0x60/0xe0 [ 56.408177][ T1519] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.414053][ T1519] [ 56.416372][ T1519] The buggy address belongs to the object at ffff888097acc000 [ 56.416372][ T1519] which belongs to the cache kmalloc-512 of size 512 [ 56.431371][ T1519] The buggy address is located 507 bytes inside of [ 56.431371][ T1519] 512-byte region [ffff888097acc000, ffff888097acc200) [ 56.444617][ T1519] The buggy address belongs to the page: [ 56.451192][ T1519] page:ffffea00025eb300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 56.461253][ T1519] flags: 0xfffe0000000200(slab) [ 56.466197][ T1519] raw: 00fffe0000000200 ffffea000279fec8 ffffea00026d24c8 ffff8880aa000a80 [ 56.474774][ T1519] raw: 0000000000000000 ffff888097acc000 0000000100000004 0000000000000000 [ 56.483333][ T1519] page dumped because: kasan: bad access detected [ 56.489732][ T1519] [ 56.492038][ T1519] Memory state around the buggy address: [ 56.497643][ T1519] ffff888097acc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.505695][ T1519] ffff888097acc180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.513732][ T1519] >ffff888097acc200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.521765][ T1519] ^ [ 56.525807][ T1519] ffff888097acc280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.533844][ T1519] ffff888097acc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.541890][ T1519] ================================================================== [ 56.550380][ T1519] Disabling lock debugging due to kernel taint [ 56.557030][ T1519] Kernel panic - not syncing: panic_on_warn set ... [ 56.563623][ T1519] CPU: 0 PID: 1519 Comm: kworker/u5:0 Tainted: G B 5.8.0-rc4-syzkaller #0 [ 56.575796][ T1519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.589507][ T1519] Workqueue: hci0 hci_rx_work [ 56.594700][ T1519] Call Trace: [ 56.598093][ T1519] dump_stack+0x18f/0x20d [ 56.602429][ T1519] ? hci_inquiry_result_with_rssi_evt+0x1c0/0x6b0 [ 56.610672][ T1519] panic+0x2e3/0x75c [ 56.616368][ T1519] ? __warn_printk+0xf3/0xf3 [ 56.622007][ T1519] ? preempt_schedule_common+0x59/0xc0 [ 56.627910][ T1519] ? hci_inquiry_result_with_rssi_evt+0x230/0x6b0 [ 56.634324][ T1519] ? preempt_schedule_thunk+0x16/0x18 [ 56.639673][ T1519] ? trace_hardirqs_on+0x55/0x220 [ 56.644693][ T1519] ? hci_inquiry_result_with_rssi_evt+0x230/0x6b0 [ 56.652125][ T1519] ? hci_inquiry_result_with_rssi_evt+0x230/0x6b0 [ 56.658514][ T1519] end_report+0x4d/0x53 [ 56.662842][ T1519] kasan_report.cold+0xd/0x37 [ 56.667509][ T1519] ? hci_inquiry_result_with_rssi_evt+0x230/0x6b0 [ 56.674861][ T1519] check_memory_region+0x13d/0x180 [ 56.679953][ T1519] memcpy+0x20/0x60 [ 56.683922][ T1519] hci_inquiry_result_with_rssi_evt+0x230/0x6b0 [ 56.690141][ T1519] ? process_adv_report+0xe40/0xe40 [ 56.696130][ T1519] hci_event_packet+0x1e8c/0x86f5 [ 56.701242][ T1519] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.707214][ T1519] ? hci_cmd_complete_evt+0xc6e0/0xc6e0 [ 56.712737][ T1519] ? lock_acquire+0x1f1/0xad0 [ 56.717389][ T1519] ? skb_dequeue+0x1c/0x180 [ 56.721866][ T1519] ? find_held_lock+0x2d/0x110 [ 56.726604][ T1519] ? mark_lock+0xbc/0x1710 [ 56.731258][ T1519] ? mark_held_locks+0x9f/0xe0 [ 56.736194][ T1519] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 56.741975][ T1519] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 56.747929][ T1519] ? trace_hardirqs_on+0x5f/0x220 [ 56.752928][ T1519] ? lockdep_hardirqs_on+0x6a/0xe0 [ 56.758020][ T1519] hci_rx_work+0x22e/0xb10 [ 56.762442][ T1519] process_one_work+0x94c/0x1670 [ 56.767712][ T1519] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 56.774099][ T1519] ? rwlock_bug.part.0+0x90/0x90 [ 56.779010][ T1519] worker_thread+0x64c/0x1120 [ 56.783754][ T1519] ? process_one_work+0x1670/0x1670 [ 56.788940][ T1519] kthread+0x3b5/0x4a0 [ 56.792999][ T1519] ? __kthread_bind_mask+0xc0/0xc0 [ 56.798099][ T1519] ? __kthread_bind_mask+0xc0/0xc0 [ 56.803209][ T1519] ret_from_fork+0x1f/0x30 [ 56.809035][ T1519] Kernel Offset: disabled [ 56.813458][ T1519] Rebooting in 86400 seconds..