Warning: Permanently added '10.128.1.62' (ECDSA) to the list of known hosts. executing program executing program executing program executing program syzkaller login: [ 89.148794][ T6810] ================================================================== [ 89.157232][ T6810] BUG: KASAN: slab-out-of-bounds in hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 89.166884][ T6810] Read of size 6 at addr ffff8880a8a3e404 by task kworker/u5:2/6810 [ 89.174950][ T6810] [ 89.177305][ T6810] CPU: 1 PID: 6810 Comm: kworker/u5:2 Not tainted 5.8.0-rc3-next-20200703-syzkaller #0 [ 89.187617][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.197666][ T6810] Workqueue: hci0 hci_rx_work [ 89.202335][ T6810] Call Trace: [ 89.205617][ T6810] dump_stack+0x18f/0x20d [ 89.209941][ T6810] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 89.216861][ T6810] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 89.224474][ T6810] print_address_description.constprop.0.cold+0xae/0x436 [ 89.231487][ T6810] ? lockdep_hardirqs_off+0x66/0xa0 [ 89.236673][ T6810] ? vprintk_func+0x97/0x1a6 [ 89.241880][ T6810] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 89.250302][ T6810] kasan_report.cold+0x1f/0x37 [ 89.255055][ T6810] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 89.261973][ T6810] check_memory_region+0x13d/0x180 [ 89.267082][ T6810] memcpy+0x20/0x60 [ 89.270875][ T6810] hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 89.277626][ T6810] ? clear_pending_adv_report+0xf0/0xf0 [ 89.283166][ T6810] hci_event_packet+0x2828/0x86fd [ 89.288186][ T6810] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 89.294152][ T6810] ? hci_cmd_complete_evt+0xc6d0/0xc6d0 [ 89.299687][ T6810] ? lock_acquire+0x1f1/0xad0 [ 89.304351][ T6810] ? skb_dequeue+0x1c/0x180 [ 89.308836][ T6810] ? find_held_lock+0x2d/0x110 [ 89.313585][ T6810] ? mark_lock+0xbc/0x1710 [ 89.317991][ T6810] ? mark_held_locks+0x9f/0xe0 [ 89.322741][ T6810] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 89.328532][ T6810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 89.334494][ T6810] ? trace_hardirqs_on+0x5f/0x220 [ 89.339502][ T6810] ? lockdep_hardirqs_on+0x6a/0xe0 [ 89.344602][ T6810] hci_rx_work+0x22e/0xb50 [ 89.349793][ T6810] process_one_work+0x94c/0x1670 [ 89.354720][ T6810] ? lock_release+0x8d0/0x8d0 [ 89.359381][ T6810] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 89.365261][ T6810] ? rwlock_bug.part.0+0x90/0x90 [ 89.370185][ T6810] ? lockdep_hardirqs_off+0x66/0xa0 [ 89.375372][ T6810] worker_thread+0x64c/0x1120 [ 89.380039][ T6810] ? __kthread_parkme+0x13f/0x1e0 [ 89.385048][ T6810] ? process_one_work+0x1670/0x1670 [ 89.390230][ T6810] kthread+0x3b5/0x4a0 [ 89.394282][ T6810] ? __kthread_bind_mask+0xc0/0xc0 [ 89.399376][ T6810] ? __kthread_bind_mask+0xc0/0xc0 [ 89.404474][ T6810] ret_from_fork+0x1f/0x30 [ 89.408879][ T6810] [ 89.411189][ T6810] Allocated by task 6824: [ 89.415501][ T6810] save_stack+0x1b/0x40 [ 89.419638][ T6810] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 89.425254][ T6810] __alloc_skb+0xae/0x550 [ 89.429566][ T6810] vhci_write+0xbd/0x450 [ 89.433790][ T6810] new_sync_write+0x422/0x650 [ 89.438447][ T6810] __vfs_write+0xc9/0x100 [ 89.442756][ T6810] vfs_write+0x268/0x5d0 [ 89.446981][ T6810] ksys_write+0x12d/0x250 [ 89.451294][ T6810] do_syscall_64+0x60/0xe0 [ 89.455691][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 89.461558][ T6810] [ 89.463868][ T6810] Freed by task 6775: [ 89.467832][ T6810] save_stack+0x1b/0x40 [ 89.471967][ T6810] __kasan_slab_free+0xf2/0x130 [ 89.476800][ T6810] kfree+0x103/0x2c0 [ 89.480680][ T6810] tomoyo_supervisor+0x350/0xeb0 [ 89.485599][ T6810] tomoyo_env_perm+0x17f/0x1f0 [ 89.490346][ T6810] tomoyo_find_next_domain+0x1438/0x1f77 [ 89.495961][ T6810] tomoyo_bprm_check_security+0x121/0x1a0 [ 89.501663][ T6810] security_bprm_check+0x45/0xa0 [ 89.506582][ T6810] __do_execve_file+0x1651/0x3030 [ 89.511589][ T6810] do_execve+0x35/0x50 [ 89.515815][ T6810] __x64_sys_execve+0x7c/0xa0 [ 89.520472][ T6810] do_syscall_64+0x60/0xe0 [ 89.524874][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 89.531090][ T6810] [ 89.533402][ T6810] The buggy address belongs to the object at ffff8880a8a3e000 [ 89.533402][ T6810] which belongs to the cache kmalloc-1k of size 1024 [ 89.547457][ T6810] The buggy address is located 4 bytes to the right of [ 89.547457][ T6810] 1024-byte region [ffff8880a8a3e000, ffff8880a8a3e400) [ 89.569038][ T6810] The buggy address belongs to the page: [ 89.574661][ T6810] page:ffffea0002a28f80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 89.583767][ T6810] flags: 0xfffe0000000200(slab) [ 89.588621][ T6810] raw: 00fffe0000000200 ffffea0002a3da48 ffffea00029c6348 ffff8880aa000700 [ 89.597799][ T6810] raw: 0000000000000000 ffff8880a8a3e000 0000000100000002 0000000000000000 [ 89.606361][ T6810] page dumped because: kasan: bad access detected [ 89.612841][ T6810] [ 89.615151][ T6810] Memory state around the buggy address: [ 89.620765][ T6810] ffff8880a8a3e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 89.628809][ T6810] ffff8880a8a3e380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 89.637634][ T6810] >ffff8880a8a3e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.645680][ T6810] ^ [ 89.650517][ T6810] ffff8880a8a3e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.658562][ T6810] ffff8880a8a3e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.666605][ T6810] ================================================================== [ 89.674757][ T6810] Disabling lock debugging due to kernel taint [ 89.681464][ T6810] Kernel panic - not syncing: panic_on_warn set ... [ 89.688058][ T6810] CPU: 1 PID: 6810 Comm: kworker/u5:2 Tainted: G B 5.8.0-rc3-next-20200703-syzkaller #0 [ 89.699064][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.710251][ T6810] Workqueue: hci0 hci_rx_work [ 89.714917][ T6810] Call Trace: [ 89.718204][ T6810] dump_stack+0x18f/0x20d [ 89.722534][ T6810] ? hci_extended_inquiry_result_evt.isra.0+0x130/0x5e0 [ 89.729464][ T6810] panic+0x2e3/0x75c [ 89.733356][ T6810] ? __warn_printk+0xf3/0xf3 [ 89.737944][ T6810] ? preempt_schedule_common+0x59/0xc0 [ 89.743406][ T6810] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 89.751290][ T6810] ? preempt_schedule_thunk+0x16/0x18 [ 89.756769][ T6810] ? trace_hardirqs_on+0x55/0x220 [ 89.761792][ T6810] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 89.768724][ T6810] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 89.775653][ T6810] end_report+0x4d/0x53 [ 89.779795][ T6810] kasan_report.cold+0xd/0x37 [ 89.784892][ T6810] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 89.792868][ T6810] check_memory_region+0x13d/0x180 [ 89.797964][ T6810] memcpy+0x20/0x60 [ 89.801755][ T6810] hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 89.808541][ T6810] ? clear_pending_adv_report+0xf0/0xf0 [ 89.814067][ T6810] hci_event_packet+0x2828/0x86fd [ 89.819079][ T6810] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 89.825050][ T6810] ? hci_cmd_complete_evt+0xc6d0/0xc6d0 [ 89.830572][ T6810] ? lock_acquire+0x1f1/0xad0 [ 89.835224][ T6810] ? skb_dequeue+0x1c/0x180 [ 89.839740][ T6810] ? find_held_lock+0x2d/0x110 [ 89.844483][ T6810] ? mark_lock+0xbc/0x1710 [ 89.849571][ T6810] ? mark_held_locks+0x9f/0xe0 [ 89.854394][ T6810] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 89.860262][ T6810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 89.866574][ T6810] ? trace_hardirqs_on+0x5f/0x220 [ 89.871591][ T6810] ? lockdep_hardirqs_on+0x6a/0xe0 [ 89.876684][ T6810] hci_rx_work+0x22e/0xb50 [ 89.881100][ T6810] process_one_work+0x94c/0x1670 [ 89.886108][ T6810] ? lock_release+0x8d0/0x8d0 [ 89.890762][ T6810] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 89.896109][ T6810] ? rwlock_bug.part.0+0x90/0x90 [ 89.901025][ T6810] ? lockdep_hardirqs_off+0x66/0xa0 [ 89.906198][ T6810] worker_thread+0x64c/0x1120 [ 89.910863][ T6810] ? __kthread_parkme+0x13f/0x1e0 [ 89.915874][ T6810] ? process_one_work+0x1670/0x1670 [ 89.922005][ T6810] kthread+0x3b5/0x4a0 [ 89.926049][ T6810] ? __kthread_bind_mask+0xc0/0xc0 [ 89.938081][ T6810] ? __kthread_bind_mask+0xc0/0xc0 [ 89.943189][ T6810] ret_from_fork+0x1f/0x30 [ 89.948832][ T6810] Kernel Offset: disabled [ 89.953158][ T6810] Rebooting in 86400 seconds..