[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.63' (ECDSA) to the list of known hosts. syzkaller login: [ 41.731258][ T6787] IPVS: ftp: loaded support on port[0] = 21 executing program [ 42.832192][ T6814] Bluetooth: hci0: unknown advertising packet type: 0x2b [ 42.832248][ T6814] ================================================================== [ 42.847482][ T6814] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x79a9/0x18260 [ 42.855460][ T6814] Read of size 1 at addr ffff88809fded205 by task kworker/u5:2/6814 [ 42.863689][ T6814] [ 42.866036][ T6814] CPU: 0 PID: 6814 Comm: kworker/u5:2 Not tainted 5.8.0-rc7-syzkaller #0 [ 42.874442][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.884509][ T6814] Workqueue: hci0 hci_rx_work [ 42.889307][ T6814] Call Trace: [ 42.892601][ T6814] dump_stack+0x1f0/0x31e [ 42.896945][ T6814] print_address_description+0x66/0x5a0 [ 42.902498][ T6814] ? printk+0x62/0x83 [ 42.906477][ T6814] ? vprintk_emit+0x339/0x3c0 [ 42.911141][ T6814] kasan_report+0x132/0x1d0 [ 42.915644][ T6814] ? hci_event_packet+0x79a9/0x18260 [ 42.920916][ T6814] hci_event_packet+0x79a9/0x18260 [ 42.926007][ T6814] ? trace_lock_release+0x137/0x1a0 [ 42.931187][ T6814] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 42.936969][ T6814] ? lockdep_hardirqs_on+0x38/0xe0 [ 42.942057][ T6814] hci_rx_work+0x236/0x9c0 [ 42.946457][ T6814] process_one_work+0x789/0xfc0 [ 42.951304][ T6814] worker_thread+0xaa4/0x1460 [ 42.955961][ T6814] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 42.961760][ T6814] kthread+0x37e/0x3a0 [ 42.965803][ T6814] ? rcu_lock_release+0x20/0x20 [ 42.970628][ T6814] ? kthread_blkcg+0xd0/0xd0 [ 42.975194][ T6814] ret_from_fork+0x1f/0x30 [ 42.979587][ T6814] [ 42.981892][ T6814] Allocated by task 6787: [ 42.986200][ T6814] __kasan_kmalloc+0x103/0x140 [ 42.990950][ T6814] __alloc_skb+0xde/0x4f0 [ 42.995258][ T6814] vhci_write+0xb7/0x400 [ 42.999473][ T6814] vfs_write+0xa08/0xc70 [ 43.003689][ T6814] ksys_write+0x11b/0x220 [ 43.008008][ T6814] do_syscall_64+0x73/0xe0 [ 43.012403][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.018264][ T6814] [ 43.020592][ T6814] Freed by task 6376: [ 43.024559][ T6814] __kasan_slab_free+0x114/0x170 [ 43.029486][ T6814] kfree+0x10a/0x220 [ 43.033376][ T6814] tomoyo_supervisor+0x1080/0x1320 [ 43.038571][ T6814] tomoyo_check_open_permission+0x3f7/0x900 [ 43.044451][ T6814] security_file_open+0x50/0xc0 [ 43.049274][ T6814] do_dentry_open+0x3cd/0x1070 [ 43.054017][ T6814] path_openat+0x278d/0x37f0 [ 43.058682][ T6814] do_filp_open+0x191/0x3a0 [ 43.063160][ T6814] do_sys_openat2+0x463/0x770 [ 43.067811][ T6814] __x64_sys_open+0x1af/0x1e0 [ 43.072474][ T6814] do_syscall_64+0x73/0xe0 [ 43.076876][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.082737][ T6814] [ 43.089314][ T6814] The buggy address belongs to the object at ffff88809fded000 [ 43.089314][ T6814] which belongs to the cache kmalloc-512 of size 512 [ 43.103339][ T6814] The buggy address is located 5 bytes to the right of [ 43.103339][ T6814] 512-byte region [ffff88809fded000, ffff88809fded200) [ 43.116939][ T6814] The buggy address belongs to the page: [ 43.122558][ T6814] page:ffffea00027f7b40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 43.132160][ T6814] flags: 0xfffe0000000200(slab) [ 43.137345][ T6814] raw: 00fffe0000000200 ffffea000248b948 ffffea00029dbc88 ffff8880aa400a80 [ 43.145903][ T6814] raw: 0000000000000000 ffff88809fded000 0000000100000004 0000000000000000 [ 43.154457][ T6814] page dumped because: kasan: bad access detected [ 43.160850][ T6814] [ 43.163164][ T6814] Memory state around the buggy address: [ 43.168769][ T6814] ffff88809fded100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.176804][ T6814] ffff88809fded180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.184851][ T6814] >ffff88809fded200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.192884][ T6814] ^ [ 43.196927][ T6814] ffff88809fded280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.204968][ T6814] ffff88809fded300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.213007][ T6814] ================================================================== [ 43.221044][ T6814] Disabling lock debugging due to kernel taint [ 43.228430][ T6814] Kernel panic - not syncing: panic_on_warn set ... [ 43.235023][ T6814] CPU: 0 PID: 6814 Comm: kworker/u5:2 Tainted: G B 5.8.0-rc7-syzkaller #0 [ 43.244810][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.254873][ T6814] Workqueue: hci0 hci_rx_work [ 43.259539][ T6814] Call Trace: [ 43.262823][ T6814] dump_stack+0x1f0/0x31e [ 43.267150][ T6814] panic+0x264/0x7a0 [ 43.271041][ T6814] ? trace_hardirqs_on+0x30/0x80 [ 43.275980][ T6814] kasan_report+0x1c9/0x1d0 [ 43.280732][ T6814] ? hci_event_packet+0x79a9/0x18260 [ 43.286010][ T6814] hci_event_packet+0x79a9/0x18260 [ 43.291099][ T6814] ? trace_lock_release+0x137/0x1a0 [ 43.296275][ T6814] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 43.302234][ T6814] ? lockdep_hardirqs_on+0x38/0xe0 [ 43.307326][ T6814] hci_rx_work+0x236/0x9c0 [ 43.311717][ T6814] process_one_work+0x789/0xfc0 [ 43.316668][ T6814] worker_thread+0xaa4/0x1460 [ 43.322223][ T6814] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 43.328125][ T6814] kthread+0x37e/0x3a0 [ 43.332350][ T6814] ? rcu_lock_release+0x20/0x20 [ 43.337170][ T6814] ? kthread_blkcg+0xd0/0xd0 [ 43.341732][ T6814] ret_from_fork+0x1f/0x30 [ 43.347707][ T6814] Kernel Offset: disabled [ 43.352033][ T6814] Rebooting in 86400 seconds..