[   36.862187][   T26] audit: type=1800 audit(1556765479.121:28): pid=7461 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   37.852930][   T26] audit: type=1800 audit(1556765480.211:29): pid=7461 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   37.875457][   T26] audit: type=1800 audit(1556765480.221:30): pid=7461 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
[....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[1G[[31mFAIL[39;49m8[?25h[?0c [31mfailed![39;49m

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
syzkaller login: [   45.671757][ T7636] IPVS: ftp: loaded support on port[0] = 21
[   45.749555][ T1174] ==================================================================
[   45.757785][ T1174] BUG: KASAN: slab-out-of-bounds in bacpy+0x23/0x30
[   45.764359][ T1174] Read of size 6 at addr ffff888098e917bb by task kworker/u5:0/1174
[   45.772325][ T1174] 
[   45.774644][ T1174] CPU: 0 PID: 1174 Comm: kworker/u5:0 Not tainted 5.1.0-rc7+ #95
[   45.782338][ T1174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.792405][ T1174] Workqueue: hci0 hci_rx_work
[   45.797075][ T1174] Call Trace:
[   45.800406][ T1174]  dump_stack+0x172/0x1f0
[   45.804713][ T1174]  ? bacpy+0x23/0x30
[   45.808594][ T1174]  print_address_description.cold+0x7c/0x20d
[   45.814570][ T1174]  ? bacpy+0x23/0x30
[   45.818447][ T1174]  ? bacpy+0x23/0x30
[   45.822328][ T1174]  kasan_report.cold+0x1b/0x40
[   45.827193][ T1174]  ? hci_remove_remote_oob_data+0xe0/0x1a0
[   45.832989][ T1174]  ? bacpy+0x23/0x30
[   45.836880][ T1174]  check_memory_region+0x123/0x190
[   45.841985][ T1174]  memcpy+0x24/0x50
[   45.845799][ T1174]  bacpy+0x23/0x30
[   45.849509][ T1174]  hci_event_packet+0x4e86/0xaabf
[   45.854527][ T1174]  ? graph_lock+0x7b/0x200
[   45.858930][ T1174]  ? __lockdep_reset_lock+0x450/0x450
[   45.864293][ T1174]  ? hci_cmd_complete_evt+0xbe90/0xbe90
[   45.869914][ T1174]  ? __lock_acquire+0x2340/0x3fb0
[   45.874929][ T1174]  ? skb_dequeue+0x12e/0x180
[   45.879505][ T1174]  ? find_held_lock+0x35/0x130
[   45.884262][ T1174]  ? skb_dequeue+0x12e/0x180
[   45.888837][ T1174]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   45.894620][ T1174]  ? skb_dequeue+0x12e/0x180
[   45.899188][ T1174]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   45.904980][ T1174]  ? lockdep_hardirqs_on+0x418/0x5d0
[   45.910342][ T1174]  ? trace_hardirqs_on+0x67/0x230
[   45.915358][ T1174]  ? kasan_check_read+0x11/0x20
[   45.920198][ T1174]  hci_rx_work+0x440/0xaa0
[   45.924596][ T1174]  ? hci_rx_work+0x440/0xaa0
[   45.929441][ T1174]  process_one_work+0x98e/0x1790
[   45.934555][ T1174]  ? pwq_dec_nr_in_flight+0x320/0x320
[   45.939934][ T1174]  worker_thread+0x98/0xe40
[   45.944513][ T1174]  kthread+0x357/0x430
[   45.948565][ T1174]  ? process_one_work+0x1790/0x1790
[   45.953744][ T1174]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[   45.960142][ T1174]  ret_from_fork+0x3a/0x50
[   45.964554][ T1174] 
[   45.966872][ T1174] Allocated by task 7642:
[   45.971191][ T1174]  save_stack+0x45/0xd0
[   45.975360][ T1174]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   45.981019][ T1174]  kasan_kmalloc+0x9/0x10
[   45.987191][ T1174]  __kmalloc_node_track_caller+0x4e/0x70
[   45.992832][ T1174]  __kmalloc_reserve.isra.0+0x40/0xf0
[   45.998202][ T1174]  __alloc_skb+0x10b/0x5e0
[   46.002600][ T1174]  vhci_write+0xc4/0x470
[   46.006825][ T1174]  new_sync_write+0x4c7/0x760
[   46.011496][ T1174]  __vfs_write+0xe4/0x110
[   46.015806][ T1174]  vfs_write+0x20c/0x580
[   46.020028][ T1174]  ksys_write+0x14f/0x2d0
[   46.024381][ T1174]  __ia32_sys_write+0x71/0xb0
[   46.029045][ T1174]  do_fast_syscall_32+0x281/0xc98
[   46.034087][ T1174]  entry_SYSENTER_compat+0x70/0x7f
[   46.039176][ T1174] 
[   46.041483][ T1174] Freed by task 5966:
[   46.045451][ T1174]  save_stack+0x45/0xd0
[   46.049587][ T1174]  __kasan_slab_free+0x102/0x150
[   46.054503][ T1174]  kasan_slab_free+0xe/0x10
[   46.058988][ T1174]  kfree+0xcf/0x230
[   46.062779][ T1174]  tomoyo_find_next_domain+0x776/0x1f8a
[   46.068327][ T1174]  tomoyo_bprm_check_security+0x12a/0x1b0
[   46.074031][ T1174]  security_bprm_check+0x69/0xb0
[   46.078954][ T1174]  search_binary_handler+0x77/0x570
[   46.084147][ T1174]  __do_execve_file.isra.0+0x1394/0x23f0
[   46.089782][ T1174]  __x64_sys_execve+0x8f/0xc0
[   46.094488][ T1174]  do_syscall_64+0x103/0x610
[   46.099114][ T1174]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.104982][ T1174] 
[   46.107309][ T1174] The buggy address belongs to the object at ffff888098e915c0
[   46.107309][ T1174]  which belongs to the cache kmalloc-512 of size 512
[   46.121346][ T1174] The buggy address is located 507 bytes inside of
[   46.121346][ T1174]  512-byte region [ffff888098e915c0, ffff888098e917c0)
[   46.134597][ T1174] The buggy address belongs to the page:
[   46.140332][ T1174] page:ffffea000263a440 count:1 mapcount:0 mapping:ffff8880aa400940 index:0x0
[   46.149156][ T1174] flags: 0x1fffc0000000200(slab)
[   46.154089][ T1174] raw: 01fffc0000000200 ffffea00023a2c48 ffffea0002492388 ffff8880aa400940
[   46.162655][ T1174] raw: 0000000000000000 ffff888098e910c0 0000000100000006 0000000000000000
[   46.171231][ T1174] page dumped because: kasan: bad access detected
[   46.177647][ T1174] 
[   46.179960][ T1174] Memory state around the buggy address:
[   46.185572][ T1174]  ffff888098e91680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.193614][ T1174]  ffff888098e91700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.201658][ T1174] >ffff888098e91780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   46.209713][ T1174]                                            ^
[   46.215861][ T1174]  ffff888098e91800: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   46.223900][ T1174]  ffff888098e91880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.231937][ T1174] ==================================================================
[   46.239977][ T1174] Disabling lock debugging due to kernel taint
[   46.247126][ T1174] Kernel panic - not syncing: panic_on_warn set ...
[   46.253741][ T1174] CPU: 1 PID: 1174 Comm: kworker/u5:0 Tainted: G    B             5.1.0-rc7+ #95
[   46.262826][ T1174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.273071][ T1174] Workqueue: hci0 hci_rx_work
[   46.277727][ T1174] Call Trace:
[   46.280997][ T1174]  dump_stack+0x172/0x1f0
[   46.285431][ T1174]  panic+0x2cb/0x65c
[   46.289308][ T1174]  ? __warn_printk+0xf3/0xf3
[   46.293876][ T1174]  ? bacpy+0x23/0x30
[   46.297758][ T1174]  ? preempt_schedule+0x4b/0x60
[   46.302604][ T1174]  ? ___preempt_schedule+0x16/0x18
[   46.307700][ T1174]  ? trace_hardirqs_on+0x5e/0x230
[   46.312709][ T1174]  ? bacpy+0x23/0x30
[   46.316588][ T1174]  end_report+0x47/0x4f
[   46.320720][ T1174]  ? bacpy+0x23/0x30
[   46.324594][ T1174]  kasan_report.cold+0xe/0x40
[   46.329267][ T1174]  ? hci_remove_remote_oob_data+0xe0/0x1a0
[   46.335047][ T1174]  ? bacpy+0x23/0x30
[   46.338922][ T1174]  check_memory_region+0x123/0x190
[   46.344038][ T1174]  memcpy+0x24/0x50
[   46.347828][ T1174]  bacpy+0x23/0x30
[   46.351525][ T1174]  hci_event_packet+0x4e86/0xaabf
[   46.356557][ T1174]  ? graph_lock+0x7b/0x200
[   46.360969][ T1174]  ? __lockdep_reset_lock+0x450/0x450
[   46.366321][ T1174]  ? hci_cmd_complete_evt+0xbe90/0xbe90
[   46.371854][ T1174]  ? __lock_acquire+0x2340/0x3fb0
[   46.376862][ T1174]  ? skb_dequeue+0x12e/0x180
[   46.381432][ T1174]  ? find_held_lock+0x35/0x130
[   46.386174][ T1174]  ? skb_dequeue+0x12e/0x180
[   46.390744][ T1174]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   46.396525][ T1174]  ? skb_dequeue+0x12e/0x180
[   46.401660][ T1174]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   46.407454][ T1174]  ? lockdep_hardirqs_on+0x418/0x5d0
[   46.412718][ T1174]  ? trace_hardirqs_on+0x67/0x230
[   46.417728][ T1174]  ? kasan_check_read+0x11/0x20
[   46.422572][ T1174]  hci_rx_work+0x440/0xaa0
[   46.426967][ T1174]  ? hci_rx_work+0x440/0xaa0
[   46.431543][ T1174]  process_one_work+0x98e/0x1790
[   46.436459][ T1174]  ? pwq_dec_nr_in_flight+0x320/0x320
[   46.441811][ T1174]  worker_thread+0x98/0xe40
[   46.446299][ T1174]  kthread+0x357/0x430
[   46.450357][ T1174]  ? process_one_work+0x1790/0x1790
[   46.455532][ T1174]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[   46.461768][ T1174]  ret_from_fork+0x3a/0x50
[   46.467428][ T1174] Kernel Offset: disabled
[   46.478939][ T1174] Rebooting in 86400 seconds..