[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   38.451072] audit: type=1800 audit(1546855050.176:25): pid=7673 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   38.488559] audit: type=1800 audit(1546855050.186:26): pid=7673 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   38.522858] audit: type=1800 audit(1546855050.186:27): pid=7673 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   46.376643] ==================================================================
[   46.384138] BUG: KASAN: slab-out-of-bounds in bacpy+0x23/0x30
[   46.390040] Read of size 6 at addr ffff888094f0bc3b by task kworker/u5:0/1171
[   46.397288] 
[   46.398901] CPU: 0 PID: 1171 Comm: kworker/u5:0 Not tainted 4.20.0+ #13
[   46.405632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.414981] Workqueue: hci0 hci_rx_work
[   46.418938] Call Trace:
[   46.421524]  dump_stack+0x1db/0x2d0
[   46.425168]  ? dump_stack_print_info.cold+0x20/0x20
[   46.430174]  ? bacpy+0x23/0x30
[   46.433369]  print_address_description.cold+0x7c/0x20d
[   46.438637]  ? bacpy+0x23/0x30
[   46.441819]  ? bacpy+0x23/0x30
[   46.445022]  kasan_report.cold+0x1b/0x40
[   46.449085]  ? bacpy+0x23/0x30
[   46.452265]  check_memory_region+0x123/0x190
[   46.456667]  memcpy+0x24/0x50
[   46.459759]  bacpy+0x23/0x30
[   46.462766]  hci_event_packet+0x3afc/0xc22e
[   46.467082]  ? hci_cmd_complete_evt+0xbe60/0xbe60
[   46.471929]  ? up_write+0x1c0/0x230
[   46.475545]  ? unwind_next_frame+0x3b/0x50
[   46.479769]  ? graph_lock+0x280/0x280
[   46.483556]  ? save_stack_trace+0x1a/0x20
[   46.487688]  ? save_trace+0xe0/0x290
[   46.491399]  ? add_lock_to_list.isra.0+0x450/0x450
[   46.496313]  ? kasan_check_read+0x11/0x20
[   46.500456]  ? __lock_acquire+0x2514/0x4a30
[   46.504766]  ? print_usage_bug+0xd0/0xd0
[   46.508829]  ? skb_dequeue+0x12e/0x180
[   46.512707]  ? mark_held_locks+0xb1/0x100
[   46.516842]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   46.521929]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   46.527033]  ? trace_hardirqs_on+0xbd/0x310
[   46.531355]  ? kasan_check_read+0x11/0x20
[   46.535501]  ? skb_dequeue+0x12e/0x180
[   46.539395]  ? trace_hardirqs_off_caller+0x300/0x300
[   46.544491]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.550017]  ? hci_send_to_monitor+0x306/0x470
[   46.554586]  ? hci_sock_release+0x3c0/0x3c0
[   46.558896]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   46.563988]  hci_rx_work+0x578/0xcd0
[   46.567690]  ? hci_rx_work+0x578/0xcd0
[   46.571562]  ? find_held_lock+0x35/0x120
[   46.575631]  ? add_lock_to_list.isra.0+0x450/0x450
[   46.580573]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.586105]  ? hci_alloc_dev+0x21a0/0x21a0
[   46.590331]  ? __lock_is_held+0xb6/0x140
[   46.594395]  process_one_work+0xd0c/0x1ce0
[   46.598623]  ? __wake_up_common_lock+0x1db/0x390
[   46.603378]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   46.608046]  ? trace_hardirqs_off+0xb8/0x310
[   46.612441]  ? kasan_check_read+0x11/0x20
[   46.616584]  ? do_raw_spin_unlock+0xa0/0x330
[   46.620995]  ? do_raw_spin_trylock+0x270/0x270
[   46.625573]  ? __wake_up_common+0x7d0/0x7d0
[   46.629878]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.635406]  ? get_work_pool_id+0x1a0/0x1a0
[   46.639729]  ? trace_hardirqs_on_caller+0x310/0x310
[   46.644771]  worker_thread+0x143/0x14a0
[   46.648753]  ? process_one_work+0x1ce0/0x1ce0
[   46.653235]  ? __kthread_parkme+0xc3/0x1b0
[   46.657457]  ? lock_acquire+0x1db/0x570
[   46.661426]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   46.666530]  ? lockdep_hardirqs_on+0x415/0x5d0
[   46.671107]  ? trace_hardirqs_on+0xbd/0x310
[   46.675439]  ? kasan_check_read+0x11/0x20
[   46.679582]  ? __kthread_parkme+0xc3/0x1b0
[   46.683804]  ? trace_hardirqs_off_caller+0x300/0x300
[   46.688894]  ? do_raw_spin_trylock+0x270/0x270
[   46.693460]  ? schedule+0x108/0x350
[   46.697109]  ? do_raw_spin_trylock+0x270/0x270
[   46.701683]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   46.706804]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   46.712337]  ? __kthread_parkme+0xfb/0x1b0
[   46.716566]  kthread+0x357/0x430
[   46.719918]  ? process_one_work+0x1ce0/0x1ce0
[   46.724402]  ? kthread_stop+0x920/0x920
[   46.728362]  ret_from_fork+0x3a/0x50
[   46.732069] 
[   46.733680] Allocated by task 7831:
[   46.737290]  save_stack+0x45/0xd0
[   46.740726]  kasan_kmalloc+0xcf/0xe0
[   46.744424]  __kmalloc_node_track_caller+0x4e/0x70
[   46.749338]  __kmalloc_reserve.isra.0+0x40/0xe0
[   46.753989]  __alloc_skb+0x12d/0x730
[   46.757689]  vhci_write+0xc4/0x470
[   46.761214]  __vfs_write+0x764/0xb40
[   46.764920]  vfs_write+0x20c/0x580
[   46.768458]  ksys_write+0x105/0x260
[   46.772069]  __x64_sys_write+0x73/0xb0
[   46.775941]  do_syscall_64+0x1a3/0x800
[   46.779812]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.784977] 
[   46.786588] Freed by task 5970:
[   46.789850]  save_stack+0x45/0xd0
[   46.793299]  __kasan_slab_free+0x102/0x150
[   46.797518]  kasan_slab_free+0xe/0x10
[   46.801313]  kfree+0xcf/0x230
[   46.804412]  load_elf_binary+0x25dd/0x5580
[   46.808698]  search_binary_handler+0x17f/0x570
[   46.813265]  __do_execve_file.isra.0+0x14f3/0x2700
[   46.818179]  __x64_sys_execve+0x8f/0xc0
[   46.822137]  do_syscall_64+0x1a3/0x800
[   46.826039]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.831245] 
[   46.832858] The buggy address belongs to the object at ffff888094f0ba40
[   46.832858]  which belongs to the cache kmalloc-512 of size 512
[   46.845495] The buggy address is located 507 bytes inside of
[   46.845495]  512-byte region [ffff888094f0ba40, ffff888094f0bc40)
[   46.857348] The buggy address belongs to the page:
[   46.862259] page:ffffea000253c2c0 count:1 mapcount:0 mapping:ffff88812c3f0940 index:0x0
[   46.870401] flags: 0x1fffc0000000200(slab)
[   46.874621] raw: 01fffc0000000200 ffffea00025dbf08 ffffea000253ca88 ffff88812c3f0940
[   46.882487] raw: 0000000000000000 ffff888094f0b040 0000000100000006 0000000000000000
[   46.890351] page dumped because: kasan: bad access detected
[   46.896076] 
[   46.897695] Memory state around the buggy address:
[   46.902613]  ffff888094f0bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.909977]  ffff888094f0bb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.917321] >ffff888094f0bc00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   46.924661]                                            ^
[   46.930093]  ffff888094f0bc80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   46.937434]  ffff888094f0bd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   46.944773] ==================================================================
[   46.952109] Disabling lock debugging due to kernel taint
[   46.957974] Kernel panic - not syncing: panic_on_warn set ...
[   46.963877] CPU: 0 PID: 1171 Comm: kworker/u5:0 Tainted: G    B             4.20.0+ #13
[   46.972013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.981367] Workqueue: hci0 hci_rx_work
[   46.985336] Call Trace:
[   46.987910]  dump_stack+0x1db/0x2d0
[   46.991522]  ? dump_stack_print_info.cold+0x20/0x20
[   46.996526]  panic+0x2cb/0x65c
[   46.999703]  ? add_taint.cold+0x16/0x16
[   47.003665]  ? bacpy+0x23/0x30
[   47.006876]  ? preempt_schedule+0x4b/0x60
[   47.011016]  ? ___preempt_schedule+0x16/0x18
[   47.015416]  ? trace_hardirqs_on+0xb4/0x310
[   47.019722]  ? bacpy+0x23/0x30
[   47.022901]  end_report+0x47/0x4f
[   47.026334]  ? bacpy+0x23/0x30
[   47.029510]  kasan_report.cold+0xe/0x40
[   47.033481]  ? bacpy+0x23/0x30
[   47.036668]  check_memory_region+0x123/0x190
[   47.041086]  memcpy+0x24/0x50
[   47.044175]  bacpy+0x23/0x30
[   47.047175]  hci_event_packet+0x3afc/0xc22e
[   47.051483]  ? hci_cmd_complete_evt+0xbe60/0xbe60
[   47.056312]  ? up_write+0x1c0/0x230
[   47.059925]  ? unwind_next_frame+0x3b/0x50
[   47.064146]  ? graph_lock+0x280/0x280
[   47.067931]  ? save_stack_trace+0x1a/0x20
[   47.072059]  ? save_trace+0xe0/0x290
[   47.075754]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.080684]  ? kasan_check_read+0x11/0x20
[   47.084812]  ? __lock_acquire+0x2514/0x4a30
[   47.089116]  ? print_usage_bug+0xd0/0xd0
[   47.093177]  ? skb_dequeue+0x12e/0x180
[   47.097069]  ? mark_held_locks+0xb1/0x100
[   47.101205]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   47.106290]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   47.111396]  ? trace_hardirqs_on+0xbd/0x310
[   47.115718]  ? kasan_check_read+0x11/0x20
[   47.119859]  ? skb_dequeue+0x12e/0x180
[   47.123742]  ? trace_hardirqs_off_caller+0x300/0x300
[   47.128831]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.134353]  ? hci_send_to_monitor+0x306/0x470
[   47.138939]  ? hci_sock_release+0x3c0/0x3c0
[   47.143250]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   47.148348]  hci_rx_work+0x578/0xcd0
[   47.152043]  ? hci_rx_work+0x578/0xcd0
[   47.155913]  ? find_held_lock+0x35/0x120
[   47.159976]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.164891]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.170415]  ? hci_alloc_dev+0x21a0/0x21a0
[   47.174635]  ? __lock_is_held+0xb6/0x140
[   47.178695]  process_one_work+0xd0c/0x1ce0
[   47.182928]  ? __wake_up_common_lock+0x1db/0x390
[   47.187686]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   47.192338]  ? trace_hardirqs_off+0xb8/0x310
[   47.196726]  ? kasan_check_read+0x11/0x20
[   47.200854]  ? do_raw_spin_unlock+0xa0/0x330
[   47.205258]  ? do_raw_spin_trylock+0x270/0x270
[   47.209829]  ? __wake_up_common+0x7d0/0x7d0
[   47.214131]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.219658]  ? get_work_pool_id+0x1a0/0x1a0
[   47.223959]  ? trace_hardirqs_on_caller+0x310/0x310
[   47.228977]  worker_thread+0x143/0x14a0
[   47.232941]  ? process_one_work+0x1ce0/0x1ce0
[   47.237420]  ? __kthread_parkme+0xc3/0x1b0
[   47.241636]  ? lock_acquire+0x1db/0x570
[   47.245610]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   47.250694]  ? lockdep_hardirqs_on+0x415/0x5d0
[   47.255257]  ? trace_hardirqs_on+0xbd/0x310
[   47.259559]  ? kasan_check_read+0x11/0x20
[   47.263687]  ? __kthread_parkme+0xc3/0x1b0
[   47.267903]  ? trace_hardirqs_off_caller+0x300/0x300
[   47.272990]  ? do_raw_spin_trylock+0x270/0x270
[   47.277565]  ? schedule+0x108/0x350
[   47.281187]  ? do_raw_spin_trylock+0x270/0x270
[   47.285750]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   47.290834]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   47.296352]  ? __kthread_parkme+0xfb/0x1b0
[   47.300587]  kthread+0x357/0x430
[   47.303938]  ? process_one_work+0x1ce0/0x1ce0
[   47.308414]  ? kthread_stop+0x920/0x920
[   47.312371]  ret_from_fork+0x3a/0x50
[   47.316991] Kernel Offset: disabled
[   47.320616] Rebooting in 86400 seconds..