Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 61.400102][ T7036] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program [ 61.623847][ T1622] ================================================================== [ 61.632124][ T1622] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x4d38/0xabff [ 61.640024][ T1622] Read of size 6 at addr ffff88809e6f2e08 by task kworker/u5:0/1622 [ 61.648002][ T1622] [ 61.650338][ T1622] CPU: 1 PID: 1622 Comm: kworker/u5:0 Not tainted 5.6.0-next-20200411-syzkaller #0 [ 61.660151][ T1622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.670249][ T1622] Workqueue: hci0 hci_rx_work [ 61.674939][ T1622] Call Trace: [ 61.678259][ T1622] dump_stack+0x188/0x20d [ 61.682603][ T1622] print_address_description.constprop.0.cold+0xd3/0x315 [ 61.689639][ T1622] ? hci_event_packet+0x4d38/0xabff [ 61.694841][ T1622] __kasan_report.cold+0x35/0x4d [ 61.699781][ T1622] ? hci_event_packet+0x4d38/0xabff [ 61.704987][ T1622] ? hci_event_packet+0x4d38/0xabff [ 61.710184][ T1622] kasan_report+0x33/0x50 [ 61.714521][ T1622] check_memory_region+0x141/0x190 [ 61.719647][ T1622] memcpy+0x20/0x60 [ 61.723463][ T1622] hci_event_packet+0x4d38/0xabff [ 61.728513][ T1622] ? hci_cmd_complete_evt+0xc950/0xc950 [ 61.734063][ T1622] ? mark_held_locks+0xe0/0xe0 [ 61.738830][ T1622] ? __lock_acquire+0x2ed1/0x4c50 [ 61.743867][ T1622] ? mark_lock+0x12b/0xf10 [ 61.748291][ T1622] ? find_held_lock+0x2d/0x110 [ 61.753059][ T1622] ? skb_dequeue+0x153/0x1c0 [ 61.757666][ T1622] ? print_usage_bug+0x240/0x240 [ 61.762612][ T1622] ? lock_downgrade+0x840/0x840 [ 61.767475][ T1622] ? mark_held_locks+0x9f/0xe0 [ 61.772253][ T1622] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 61.778061][ T1622] ? lockdep_hardirqs_on+0x463/0x620 [ 61.783347][ T1622] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 61.789158][ T1622] ? hci_rx_work+0x239/0xb30 [ 61.793743][ T1622] hci_rx_work+0x239/0xb30 [ 61.798169][ T1622] ? _raw_spin_unlock_irq+0x1f/0x80 [ 61.803389][ T1622] process_one_work+0x965/0x16a0 [ 61.808351][ T1622] ? __wake_up_common_lock+0xde/0x130 [ 61.813726][ T1622] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.819118][ T1622] ? rwlock_bug.part.0+0x90/0x90 [ 61.824070][ T1622] ? del_timer_sync+0xe6/0x280 [ 61.828857][ T1622] worker_thread+0x96/0xe20 [ 61.833380][ T1622] ? process_one_work+0x16a0/0x16a0 [ 61.838723][ T1622] kthread+0x388/0x470 [ 61.842808][ T1622] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.848554][ T1622] ret_from_fork+0x24/0x30 [ 61.852992][ T1622] [ 61.855329][ T1622] Allocated by task 7088: [ 61.859663][ T1622] save_stack+0x1b/0x40 [ 61.863826][ T1622] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.869474][ T1622] __kmalloc_reserve.isra.0+0x39/0xe0 [ 61.874867][ T1622] __alloc_skb+0xef/0x5a0 [ 61.879209][ T1622] vhci_write+0xbd/0x450 [ 61.883463][ T1622] new_sync_write+0x4a2/0x700 [ 61.888156][ T1622] __vfs_write+0xc9/0x100 [ 61.892495][ T1622] vfs_write+0x268/0x5d0 [ 61.896759][ T1622] ksys_write+0x12d/0x250 [ 61.901100][ T1622] do_syscall_64+0xf6/0x7d0 [ 61.905612][ T1622] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.911510][ T1622] [ 61.913842][ T1622] Freed by task 5031: [ 61.917829][ T1622] save_stack+0x1b/0x40 [ 61.921990][ T1622] __kasan_slab_free+0xf7/0x140 [ 61.926841][ T1622] kfree+0x109/0x2b0 [ 61.930733][ T1622] kernfs_fop_release+0x124/0x190 [ 61.935752][ T1622] __fput+0x33e/0x880 [ 61.939729][ T1622] task_work_run+0xf4/0x1b0 [ 61.944242][ T1622] exit_to_usermode_loop+0x2fa/0x360 [ 61.949535][ T1622] do_syscall_64+0x6b1/0x7d0 [ 61.954138][ T1622] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.960017][ T1622] [ 61.962341][ T1622] The buggy address belongs to the object at ffff88809e6f2c00 [ 61.962341][ T1622] which belongs to the cache kmalloc-512 of size 512 [ 61.976406][ T1622] The buggy address is located 8 bytes to the right of [ 61.976406][ T1622] 512-byte region [ffff88809e6f2c00, ffff88809e6f2e00) [ 61.990030][ T1622] The buggy address belongs to the page: [ 61.995678][ T1622] page:ffffea000279bc80 refcount:1 mapcount:0 mapping:0000000079d2ef2a index:0x0 [ 62.004784][ T1622] flags: 0xfffe0000000200(slab) [ 62.009657][ T1622] raw: 00fffe0000000200 ffffea0002a3e8c8 ffffea0002a3eb88 ffff8880aa000a80 [ 62.018236][ T1622] raw: 0000000000000000 ffff88809e6f2000 0000000100000004 0000000000000000 [ 62.026828][ T1622] page dumped because: kasan: bad access detected [ 62.033236][ T1622] [ 62.035555][ T1622] Memory state around the buggy address: [ 62.041190][ T1622] ffff88809e6f2d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.049256][ T1622] ffff88809e6f2d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.057315][ T1622] >ffff88809e6f2e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.065373][ T1622] ^ [ 62.069705][ T1622] ffff88809e6f2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.077875][ T1622] ffff88809e6f2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.086130][ T1622] ================================================================== [ 62.094191][ T1622] Disabling lock debugging due to kernel taint [ 62.101639][ T1622] Kernel panic - not syncing: panic_on_warn set ... [ 62.108250][ T1622] CPU: 1 PID: 1622 Comm: kworker/u5:0 Tainted: G B 5.6.0-next-20200411-syzkaller #0 [ 62.118915][ T1622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.128991][ T1622] Workqueue: hci0 hci_rx_work [ 62.133664][ T1622] Call Trace: [ 62.136956][ T1622] dump_stack+0x188/0x20d [ 62.141302][ T1622] panic+0x2e3/0x75c [ 62.145201][ T1622] ? add_taint.cold+0x16/0x16 [ 62.149899][ T1622] ? preempt_schedule_common+0x5e/0xc0 [ 62.155536][ T1622] ? hci_event_packet+0x4d38/0xabff [ 62.160737][ T1622] ? preempt_schedule_thunk+0x16/0x18 [ 62.166108][ T1622] ? trace_hardirqs_on+0x55/0x220 [ 62.171135][ T1622] ? hci_event_packet+0x4d38/0xabff [ 62.176337][ T1622] end_report+0x4d/0x53 [ 62.180489][ T1622] __kasan_report.cold+0xd/0x4d [ 62.185340][ T1622] ? hci_event_packet+0x4d38/0xabff [ 62.190538][ T1622] ? hci_event_packet+0x4d38/0xabff [ 62.196083][ T1622] kasan_report+0x33/0x50 [ 62.200421][ T1622] check_memory_region+0x141/0x190 [ 62.205538][ T1622] memcpy+0x20/0x60 [ 62.209357][ T1622] hci_event_packet+0x4d38/0xabff [ 62.214396][ T1622] ? hci_cmd_complete_evt+0xc950/0xc950 [ 62.219949][ T1622] ? mark_held_locks+0xe0/0xe0 [ 62.224711][ T1622] ? __lock_acquire+0x2ed1/0x4c50 [ 62.229741][ T1622] ? mark_lock+0x12b/0xf10 [ 62.234154][ T1622] ? find_held_lock+0x2d/0x110 [ 62.238930][ T1622] ? skb_dequeue+0x153/0x1c0 [ 62.243888][ T1622] ? print_usage_bug+0x240/0x240 [ 62.248823][ T1622] ? lock_downgrade+0x840/0x840 [ 62.253680][ T1622] ? mark_held_locks+0x9f/0xe0 [ 62.258442][ T1622] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 62.264255][ T1622] ? lockdep_hardirqs_on+0x463/0x620 [ 62.269540][ T1622] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 62.275357][ T1622] ? hci_rx_work+0x239/0xb30 [ 62.279964][ T1622] hci_rx_work+0x239/0xb30 [ 62.285002][ T1622] ? _raw_spin_unlock_irq+0x1f/0x80 [ 62.290377][ T1622] process_one_work+0x965/0x16a0 [ 62.295313][ T1622] ? __wake_up_common_lock+0xde/0x130 [ 62.300684][ T1622] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.306054][ T1622] ? rwlock_bug.part.0+0x90/0x90 [ 62.310983][ T1622] ? del_timer_sync+0xe6/0x280 [ 62.315743][ T1622] worker_thread+0x96/0xe20 [ 62.320245][ T1622] ? process_one_work+0x16a0/0x16a0 [ 62.325437][ T1622] kthread+0x388/0x470 [ 62.329508][ T1622] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.335236][ T1622] ret_from_fork+0x24/0x30 [ 62.340849][ T1622] Kernel Offset: disabled [ 62.345182][ T1622] Rebooting in 86400 seconds..