[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. syzkaller login: [ 45.685716][ T6818] IPVS: ftp: loaded support on port[0] = 21 [ 46.838354][ T1531] ================================================================== [ 46.846723][ T1531] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x7e15/0x18260 [ 46.854728][ T1531] Read of size 1 at addr ffff8880a2486a04 by task kworker/u5:0/1531 [ 46.862718][ T1531] [ 46.865074][ T1531] CPU: 1 PID: 1531 Comm: kworker/u5:0 Not tainted 5.8.0-rc7-syzkaller #0 [ 46.873525][ T1531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.883607][ T1531] Workqueue: hci0 hci_rx_work [ 46.888308][ T1531] Call Trace: [ 46.891647][ T1531] dump_stack+0x1f0/0x31e [ 46.896018][ T1531] print_address_description+0x66/0x5a0 [ 46.901603][ T1531] ? printk+0x62/0x83 [ 46.905619][ T1531] ? vprintk_emit+0x339/0x3c0 [ 46.910408][ T1531] kasan_report+0x132/0x1d0 [ 46.914930][ T1531] ? hci_event_packet+0x7e15/0x18260 [ 46.920983][ T1531] hci_event_packet+0x7e15/0x18260 [ 46.927258][ T1531] ? trace_lock_release+0x137/0x1a0 [ 46.932500][ T1531] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 46.938390][ T1531] ? lockdep_hardirqs_on+0x38/0xe0 [ 46.943536][ T1531] hci_rx_work+0x236/0x9c0 [ 46.947993][ T1531] process_one_work+0x789/0xfc0 [ 46.953400][ T1531] worker_thread+0xaa4/0x1460 [ 46.958134][ T1531] kthread+0x37e/0x3a0 [ 46.962224][ T1531] ? rcu_lock_release+0x20/0x20 [ 46.967082][ T1531] ? kthread_blkcg+0xd0/0xd0 [ 46.971701][ T1531] ret_from_fork+0x1f/0x30 [ 46.976140][ T1531] [ 46.978486][ T1531] Allocated by task 6818: [ 46.982926][ T1531] __kasan_kmalloc+0x103/0x140 [ 46.987728][ T1531] __alloc_skb+0xde/0x4f0 [ 46.992168][ T1531] vhci_write+0xb7/0x400 [ 46.996615][ T1531] vfs_write+0xa08/0xc70 [ 47.000898][ T1531] ksys_write+0x11b/0x220 [ 47.005257][ T1531] do_syscall_64+0x73/0xe0 [ 47.009735][ T1531] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.015622][ T1531] [ 47.017969][ T1531] Freed by task 6406: [ 47.022128][ T1531] __kasan_slab_free+0x114/0x170 [ 47.027151][ T1531] kfree+0x10a/0x220 [ 47.031136][ T1531] __do_execve_file+0x1f3d/0x2310 [ 47.036168][ T1531] __x64_sys_execve+0x90/0xa0 [ 47.040853][ T1531] do_syscall_64+0x73/0xe0 [ 47.045360][ T1531] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.051707][ T1531] [ 47.054040][ T1531] The buggy address belongs to the object at ffff8880a2486800 [ 47.054040][ T1531] which belongs to the cache kmalloc-512 of size 512 [ 47.068657][ T1531] The buggy address is located 4 bytes to the right of [ 47.068657][ T1531] 512-byte region [ffff8880a2486800, ffff8880a2486a00) [ 47.082473][ T1531] The buggy address belongs to the page: [ 47.088214][ T1531] page:ffffea0002892180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 47.097317][ T1531] flags: 0xfffe0000000200(slab) [ 47.102220][ T1531] raw: 00fffe0000000200 ffffea0002a1dc48 ffffea0002674908 ffff8880aa400a80 [ 47.110814][ T1531] raw: 0000000000000000 ffff8880a2486000 0000000100000004 0000000000000000 [ 47.119656][ T1531] page dumped because: kasan: bad access detected [ 47.126064][ T1531] [ 47.128411][ T1531] Memory state around the buggy address: executing program [ 47.134047][ T1531] ffff8880a2486900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.142114][ T1531] ffff8880a2486980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.150273][ T1531] >ffff8880a2486a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.158434][ T1531] ^ [ 47.162517][ T1531] ffff8880a2486a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.170582][ T1531] ffff8880a2486b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.178644][ T1531] ================================================================== [ 47.186705][ T1531] Disabling lock debugging due to kernel taint [ 47.195357][ T1531] Kernel panic - not syncing: panic_on_warn set ... [ 47.202001][ T1531] CPU: 1 PID: 1531 Comm: kworker/u5:0 Tainted: G B 5.8.0-rc7-syzkaller #0 [ 47.212251][ T1531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.222336][ T1531] Workqueue: hci0 hci_rx_work [ 47.227015][ T1531] Call Trace: [ 47.230323][ T1531] dump_stack+0x1f0/0x31e [ 47.234659][ T1531] panic+0x264/0x7a0 [ 47.238535][ T1531] ? trace_hardirqs_on+0x30/0x80 [ 47.243469][ T1531] kasan_report+0x1c9/0x1d0 [ 47.248000][ T1531] ? hci_event_packet+0x7e15/0x18260 [ 47.253369][ T1531] hci_event_packet+0x7e15/0x18260 [ 47.258498][ T1531] ? trace_lock_release+0x137/0x1a0 [ 47.264141][ T1531] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 47.270024][ T1531] ? lockdep_hardirqs_on+0x38/0xe0 [ 47.275125][ T1531] hci_rx_work+0x236/0x9c0 [ 47.279544][ T1531] process_one_work+0x789/0xfc0 [ 47.284385][ T1531] worker_thread+0xaa4/0x1460 [ 47.289069][ T1531] kthread+0x37e/0x3a0 [ 47.293128][ T1531] ? rcu_lock_release+0x20/0x20 [ 47.297987][ T1531] ? kthread_blkcg+0xd0/0xd0 [ 47.302585][ T1531] ret_from_fork+0x1f/0x30 [ 47.308207][ T1531] Kernel Offset: disabled [ 47.312546][ T1531] Rebooting in 86400 seconds..