Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts. syzkaller login: [ 61.288813][ T6830] IPVS: ftp: loaded support on port[0] = 21 executing program [ 61.386196][ T1544] ================================================================== [ 61.394537][ T1544] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x3937/0x3ff0 [ 61.402503][ T1544] Read of size 1 at addr ffff8880a67b660c by task kworker/u5:0/1544 [ 61.410567][ T1544] [ 61.413006][ T1544] CPU: 1 PID: 1544 Comm: kworker/u5:0 Not tainted 5.9.0-rc2-syzkaller #0 [ 61.421578][ T1544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.432068][ T1544] Workqueue: hci0 hci_rx_work [ 61.436755][ T1544] Call Trace: [ 61.440117][ T1544] dump_stack+0x18f/0x20d [ 61.444551][ T1544] ? hci_le_meta_evt+0x3937/0x3ff0 [ 61.449798][ T1544] ? hci_le_meta_evt+0x3937/0x3ff0 [ 61.455060][ T1544] print_address_description.constprop.0.cold+0xae/0x497 [ 61.462370][ T1544] ? vprintk_func+0x97/0x1a6 [ 61.467038][ T1544] ? hci_le_meta_evt+0x3937/0x3ff0 [ 61.472142][ T1544] ? hci_le_meta_evt+0x3937/0x3ff0 [ 61.477248][ T1544] kasan_report.cold+0x1f/0x37 [ 61.482008][ T1544] ? hci_le_meta_evt+0x3937/0x3ff0 [ 61.487163][ T1544] hci_le_meta_evt+0x3937/0x3ff0 [ 61.492277][ T1544] ? mark_lock+0xbc/0x1710 [ 61.496914][ T1544] ? hci_key_refresh_complete_evt.isra.0+0x10b0/0x10b0 [ 61.503838][ T1544] ? mark_lock+0xbc/0x1710 [ 61.508264][ T1544] ? __lock_acquire+0x16cb/0x5640 [ 61.513378][ T1544] ? __lock_acquire+0x16cb/0x5640 [ 61.518449][ T1544] hci_event_packet+0x2e25/0x87a8 [ 61.523486][ T1544] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 61.529586][ T1544] ? __lock_acquire+0x16cb/0x5640 [ 61.534800][ T1544] ? hci_cmd_complete_evt+0xc6d0/0xc6d0 [ 61.540429][ T1544] ? lock_acquire+0x1f1/0xad0 [ 61.545103][ T1544] ? skb_dequeue+0x1c/0x180 [ 61.549670][ T1544] ? find_held_lock+0x2d/0x110 [ 61.554430][ T1544] ? mark_lock+0xbc/0x1710 [ 61.558860][ T1544] ? mark_held_locks+0x9f/0xe0 [ 61.563739][ T1544] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 61.569571][ T1544] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 61.575837][ T1544] ? trace_hardirqs_on+0x5f/0x220 [ 61.580966][ T1544] ? lockdep_hardirqs_on+0x76/0xf0 [ 61.586343][ T1544] hci_rx_work+0x22e/0xb50 [ 61.590785][ T1544] process_one_work+0x94c/0x1670 [ 61.596049][ T1544] ? lock_release+0x8e0/0x8e0 [ 61.600890][ T1544] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 61.606277][ T1544] ? rwlock_bug.part.0+0x90/0x90 [ 61.611385][ T1544] worker_thread+0x64c/0x1120 [ 61.616158][ T1544] ? process_one_work+0x1670/0x1670 [ 61.621370][ T1544] kthread+0x3b5/0x4a0 [ 61.625450][ T1544] ? __kthread_bind_mask+0xc0/0xc0 [ 61.630567][ T1544] ? __kthread_bind_mask+0xc0/0xc0 [ 61.635691][ T1544] ret_from_fork+0x1f/0x30 [ 61.640122][ T1544] [ 61.642452][ T1544] Allocated by task 6830: [ 61.646799][ T1544] kasan_save_stack+0x1b/0x40 [ 61.651485][ T1544] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.657199][ T1544] __alloc_skb+0xae/0x550 [ 61.661537][ T1544] vhci_write+0xbd/0x450 [ 61.665945][ T1544] new_sync_write+0x422/0x650 [ 61.670629][ T1544] vfs_write+0x5ad/0x730 [ 61.675227][ T1544] ksys_write+0x12d/0x250 [ 61.679566][ T1544] do_syscall_64+0x2d/0x70 [ 61.684076][ T1544] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.689964][ T1544] [ 61.692296][ T1544] The buggy address belongs to the object at ffff8880a67b6400 [ 61.692296][ T1544] which belongs to the cache kmalloc-512 of size 512 [ 61.706593][ T1544] The buggy address is located 12 bytes to the right of [ 61.706593][ T1544] 512-byte region [ffff8880a67b6400, ffff8880a67b6600) [ 61.720374][ T1544] The buggy address belongs to the page: [ 61.726015][ T1544] page:00000000dec90c17 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa67b6 [ 61.736260][ T1544] flags: 0xfffe0000000200(slab) [ 61.741119][ T1544] raw: 00fffe0000000200 ffffea000270f908 ffffea00026aac88 ffff8880aa040600 [ 61.749924][ T1544] raw: 0000000000000000 ffff8880a67b6000 0000000100000004 0000000000000000 [ 61.758750][ T1544] page dumped because: kasan: bad access detected [ 61.765162][ T1544] [ 61.767660][ T1544] Memory state around the buggy address: [ 61.773303][ T1544] ffff8880a67b6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 61.781634][ T1544] ffff8880a67b6580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 61.789878][ T1544] >ffff8880a67b6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.798435][ T1544] ^ [ 61.802770][ T1544] ffff8880a67b6680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.811096][ T1544] ffff8880a67b6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.819160][ T1544] ================================================================== [ 61.827543][ T1544] Disabling lock debugging due to kernel taint [ 61.837293][ T1544] Kernel panic - not syncing: panic_on_warn set ... [ 61.843910][ T1544] CPU: 1 PID: 1544 Comm: kworker/u5:0 Tainted: G B 5.9.0-rc2-syzkaller #0 [ 61.854061][ T1544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.864269][ T1544] Workqueue: hci0 hci_rx_work [ 61.869096][ T1544] Call Trace: [ 61.872635][ T1544] dump_stack+0x18f/0x20d [ 61.877307][ T1544] ? hci_le_meta_evt+0x38c0/0x3ff0 [ 61.882424][ T1544] panic+0x2e3/0x75c [ 61.886631][ T1544] ? __warn_printk+0xf3/0xf3 [ 61.891453][ T1544] ? preempt_schedule_common+0x59/0xc0 [ 61.897028][ T1544] ? hci_le_meta_evt+0x3937/0x3ff0 [ 61.902133][ T1544] ? preempt_schedule_thunk+0x16/0x18 [ 61.907494][ T1544] ? trace_hardirqs_on+0x55/0x220 [ 61.912595][ T1544] ? hci_le_meta_evt+0x3937/0x3ff0 [ 61.917750][ T1544] ? hci_le_meta_evt+0x3937/0x3ff0 [ 61.922854][ T1544] end_report+0x4d/0x53 [ 61.927001][ T1544] kasan_report.cold+0xd/0x37 [ 61.931667][ T1544] ? hci_le_meta_evt+0x3937/0x3ff0 [ 61.936778][ T1544] hci_le_meta_evt+0x3937/0x3ff0 [ 61.941855][ T1544] ? mark_lock+0xbc/0x1710 [ 61.947134][ T1544] ? hci_key_refresh_complete_evt.isra.0+0x10b0/0x10b0 [ 61.954118][ T1544] ? mark_lock+0xbc/0x1710 [ 61.958582][ T1544] ? __lock_acquire+0x16cb/0x5640 [ 61.963603][ T1544] ? __lock_acquire+0x16cb/0x5640 [ 61.968801][ T1544] hci_event_packet+0x2e25/0x87a8 [ 61.973822][ T1544] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 61.980204][ T1544] ? __lock_acquire+0x16cb/0x5640 [ 61.985434][ T1544] ? hci_cmd_complete_evt+0xc6d0/0xc6d0 [ 61.991593][ T1544] ? lock_acquire+0x1f1/0xad0 [ 61.996616][ T1544] ? skb_dequeue+0x1c/0x180 [ 62.001108][ T1544] ? find_held_lock+0x2d/0x110 [ 62.006068][ T1544] ? mark_lock+0xbc/0x1710 [ 62.010613][ T1544] ? mark_held_locks+0x9f/0xe0 [ 62.015782][ T1544] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 62.021804][ T1544] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 62.027908][ T1544] ? trace_hardirqs_on+0x5f/0x220 [ 62.033266][ T1544] ? lockdep_hardirqs_on+0x76/0xf0 [ 62.038497][ T1544] hci_rx_work+0x22e/0xb50 [ 62.042907][ T1544] process_one_work+0x94c/0x1670 [ 62.048097][ T1544] ? lock_release+0x8e0/0x8e0 [ 62.052981][ T1544] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 62.058526][ T1544] ? rwlock_bug.part.0+0x90/0x90 [ 62.063459][ T1544] worker_thread+0x64c/0x1120 [ 62.068404][ T1544] ? process_one_work+0x1670/0x1670 [ 62.073602][ T1544] kthread+0x3b5/0x4a0 [ 62.077897][ T1544] ? __kthread_bind_mask+0xc0/0xc0 [ 62.083126][ T1544] ? __kthread_bind_mask+0xc0/0xc0 [ 62.088404][ T1544] ret_from_fork+0x1f/0x30 [ 62.094599][ T1544] Kernel Offset: disabled [ 62.099084][ T1544] Rebooting in 86400 seconds..