[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts.
syzkaller login: [   66.547653][ T6899] IPVS: ftp: loaded support on port[0] = 21
executing program
[   67.638157][ T6925] Bluetooth: hci0: Unknown advertising packet type: 0xffff
[   67.638241][ T6925] ==================================================================
[   67.653740][ T6925] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x384e/0x3eb0
[   67.661548][ T6925] Read of size 1 at addr ffff88808e10d209 by task kworker/u5:2/6925
[   67.669609][ T6925] 
[   67.671948][ T6925] CPU: 1 PID: 6925 Comm: kworker/u5:2 Not tainted 5.8.0-rc7-syzkaller #0
[   67.680819][ T6925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.690901][ T6925] Workqueue: hci0 hci_rx_work
[   67.695586][ T6925] Call Trace:
[   67.698974][ T6925]  dump_stack+0x18f/0x20d
[   67.703329][ T6925]  ? hci_le_meta_evt+0x384e/0x3eb0
[   67.708460][ T6925]  ? hci_le_meta_evt+0x384e/0x3eb0
[   67.713847][ T6925]  print_address_description.constprop.0.cold+0xae/0x436
[   67.720886][ T6925]  ? lockdep_hardirqs_off+0x66/0xa0
[   67.726091][ T6925]  ? vprintk_func+0x97/0x1a6
[   67.730707][ T6925]  ? hci_le_meta_evt+0x384e/0x3eb0
[   67.735972][ T6925]  kasan_report.cold+0x1f/0x37
[   67.740722][ T6925]  ? hci_le_meta_evt+0x384e/0x3eb0
[   67.745905][ T6925]  hci_le_meta_evt+0x384e/0x3eb0
[   67.750843][ T6925]  ? mark_lock+0xbc/0x1710
[   67.755250][ T6925]  ? hci_key_refresh_complete_evt.isra.0+0x10b0/0x10b0
[   67.762186][ T6925]  ? mark_lock+0xbc/0x1710
[   67.766586][ T6925]  ? __lock_acquire+0x16e3/0x56e0
[   67.771603][ T6925]  ? __lock_acquire+0x16e3/0x56e0
[   67.776620][ T6925]  hci_event_packet+0x245a/0x86f5
[   67.781631][ T6925]  ? lockdep_hardirqs_on_prepare+0x590/0x590
[   67.788239][ T6925]  ? __lock_acquire+0x16e3/0x56e0
[   67.793253][ T6925]  ? hci_cmd_complete_evt+0xc6e0/0xc6e0
[   67.798958][ T6925]  ? lock_acquire+0x1f1/0xad0
[   67.803616][ T6925]  ? skb_dequeue+0x1c/0x180
[   67.808279][ T6925]  ? find_held_lock+0x2d/0x110
[   67.813122][ T6925]  ? mark_lock+0xbc/0x1710
[   67.817546][ T6925]  ? mark_held_locks+0x9f/0xe0
[   67.823080][ T6925]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   67.828885][ T6925]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   67.834863][ T6925]  ? trace_hardirqs_on+0x5f/0x220
[   67.839874][ T6925]  ? lockdep_hardirqs_on+0x6a/0xe0
[   67.844991][ T6925]  hci_rx_work+0x22e/0xb10
[   67.849397][ T6925]  process_one_work+0x94c/0x1670
[   67.854322][ T6925]  ? lock_release+0x8d0/0x8d0
[   67.859088][ T6925]  ? pwq_dec_nr_in_flight+0x2d0/0x2d0
[   67.864444][ T6925]  ? rwlock_bug.part.0+0x90/0x90
[   67.869639][ T6925]  ? lockdep_hardirqs_off+0x66/0xa0
[   67.874828][ T6925]  worker_thread+0x64c/0x1120
[   67.879561][ T6925]  ? __kthread_parkme+0x13f/0x1e0
[   67.884576][ T6925]  ? process_one_work+0x1670/0x1670
[   67.889756][ T6925]  kthread+0x3b5/0x4a0
[   67.893811][ T6925]  ? __kthread_bind_mask+0xc0/0xc0
[   67.898904][ T6925]  ? __kthread_bind_mask+0xc0/0xc0
[   67.904693][ T6925]  ret_from_fork+0x1f/0x30
[   67.909095][ T6925] 
[   67.911449][ T6925] Allocated by task 6899:
[   67.915775][ T6925]  save_stack+0x1b/0x40
[   67.919911][ T6925]  __kasan_kmalloc.constprop.0+0xc2/0xd0
[   67.925526][ T6925]  __alloc_skb+0xae/0x550
[   67.929835][ T6925]  vhci_write+0xbd/0x450
[   67.934326][ T6925]  new_sync_write+0x422/0x650
[   67.939172][ T6925]  vfs_write+0x59d/0x6b0
[   67.943503][ T6925]  ksys_write+0x12d/0x250
[   67.947815][ T6925]  do_syscall_64+0x60/0xe0
[   67.952213][ T6925]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   67.958089][ T6925] 
[   67.960409][ T6925] Freed by task 4969:
[   67.964374][ T6925]  save_stack+0x1b/0x40
[   67.968509][ T6925]  __kasan_slab_free+0xf5/0x140
[   67.973338][ T6925]  kfree+0x103/0x2c0
[   67.977403][ T6925]  kernfs_fop_release+0x120/0x190
[   67.982847][ T6925]  __fput+0x33c/0x880
[   67.986812][ T6925]  task_work_run+0xdd/0x190
[   67.991367][ T6925]  __prepare_exit_to_usermode+0x1e9/0x1f0
[   67.997252][ T6925]  do_syscall_64+0x6c/0xe0
[   68.001662][ T6925]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   68.007538][ T6925] 
[   68.009858][ T6925] The buggy address belongs to the object at ffff88808e10d000
[   68.009858][ T6925]  which belongs to the cache kmalloc-512 of size 512
[   68.023900][ T6925] The buggy address is located 9 bytes to the right of
[   68.023900][ T6925]  512-byte region [ffff88808e10d000, ffff88808e10d200)
[   68.037753][ T6925] The buggy address belongs to the page:
[   68.043369][ T6925] page:ffffea0002384340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   68.052628][ T6925] flags: 0xfffe0000000200(slab)
[   68.057480][ T6925] raw: 00fffe0000000200 ffffea00027fab08 ffffea0002a09d48 ffff8880aa000a80
[   68.066050][ T6925] raw: 0000000000000000 ffff88808e10d000 0000000100000004 0000000000000000
[   68.074696][ T6925] page dumped because: kasan: bad access detected
[   68.081184][ T6925] 
[   68.083497][ T6925] Memory state around the buggy address:
[   68.089283][ T6925]  ffff88808e10d100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   68.097586][ T6925]  ffff88808e10d180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   68.105642][ T6925] >ffff88808e10d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   68.113680][ T6925]                       ^
[   68.117990][ T6925]  ffff88808e10d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   68.126733][ T6925]  ffff88808e10d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   68.134903][ T6925] ==================================================================
[   68.143026][ T6925] Disabling lock debugging due to kernel taint
[   68.177029][ T6925] Kernel panic - not syncing: panic_on_warn set ...
[   68.184109][ T6925] CPU: 0 PID: 6925 Comm: kworker/u5:2 Tainted: G    B             5.8.0-rc7-syzkaller #0
[   68.194159][ T6925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.204957][ T6925] Workqueue: hci0 hci_rx_work
[   68.209628][ T6925] Call Trace:
[   68.213090][ T6925]  dump_stack+0x18f/0x20d
[   68.217414][ T6925]  ? hci_le_meta_evt+0x37f0/0x3eb0
[   68.222514][ T6925]  panic+0x2e3/0x75c
[   68.226506][ T6925]  ? __warn_printk+0xf3/0xf3
[   68.231352][ T6925]  ? preempt_schedule_common+0x59/0xc0
[   68.236968][ T6925]  ? hci_le_meta_evt+0x384e/0x3eb0
[   68.242062][ T6925]  ? preempt_schedule_thunk+0x16/0x18
[   68.247569][ T6925]  ? trace_hardirqs_on+0x55/0x220
[   68.252670][ T6925]  ? hci_le_meta_evt+0x384e/0x3eb0
[   68.257869][ T6925]  ? hci_le_meta_evt+0x384e/0x3eb0
[   68.262979][ T6925]  end_report+0x4d/0x53
[   68.267118][ T6925]  kasan_report.cold+0xd/0x37
[   68.271776][ T6925]  ? hci_le_meta_evt+0x384e/0x3eb0
[   68.276955][ T6925]  hci_le_meta_evt+0x384e/0x3eb0
[   68.281961][ T6925]  ? mark_lock+0xbc/0x1710
[   68.286885][ T6925]  ? hci_key_refresh_complete_evt.isra.0+0x10b0/0x10b0
[   68.294842][ T6925]  ? mark_lock+0xbc/0x1710
[   68.299237][ T6925]  ? __lock_acquire+0x16e3/0x56e0
[   68.304268][ T6925]  ? __lock_acquire+0x16e3/0x56e0
[   68.309276][ T6925]  hci_event_packet+0x245a/0x86f5
[   68.314449][ T6925]  ? lockdep_hardirqs_on_prepare+0x590/0x590
[   68.320427][ T6925]  ? __lock_acquire+0x16e3/0x56e0
[   68.325457][ T6925]  ? hci_cmd_complete_evt+0xc6e0/0xc6e0
[   68.330996][ T6925]  ? lock_acquire+0x1f1/0xad0
[   68.335757][ T6925]  ? skb_dequeue+0x1c/0x180
[   68.340239][ T6925]  ? find_held_lock+0x2d/0x110
[   68.344993][ T6925]  ? mark_lock+0xbc/0x1710
[   68.349403][ T6925]  ? mark_held_locks+0x9f/0xe0
[   68.354156][ T6925]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   68.359941][ T6925]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   68.365911][ T6925]  ? trace_hardirqs_on+0x5f/0x220
[   68.370916][ T6925]  ? lockdep_hardirqs_on+0x6a/0xe0
[   68.376029][ T6925]  hci_rx_work+0x22e/0xb10
[   68.380627][ T6925]  process_one_work+0x94c/0x1670
[   68.385679][ T6925]  ? lock_release+0x8d0/0x8d0
[   68.390404][ T6925]  ? pwq_dec_nr_in_flight+0x2d0/0x2d0
[   68.395777][ T6925]  ? rwlock_bug.part.0+0x90/0x90
[   68.400698][ T6925]  ? lockdep_hardirqs_off+0x66/0xa0
[   68.405878][ T6925]  worker_thread+0x64c/0x1120
[   68.410562][ T6925]  ? __kthread_parkme+0x13f/0x1e0
[   68.415853][ T6925]  ? process_one_work+0x1670/0x1670
[   68.421652][ T6925]  kthread+0x3b5/0x4a0
[   68.425701][ T6925]  ? __kthread_bind_mask+0xc0/0xc0
[   68.431444][ T6925]  ? __kthread_bind_mask+0xc0/0xc0
[   68.436535][ T6925]  ret_from_fork+0x1f/0x30
[   68.442691][ T6925] Kernel Offset: disabled
[   68.447101][ T6925] Rebooting in 86400 seconds..