[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   39.116411] audit: type=1800 audit(1546854915.431:25): pid=7760 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   39.162252] audit: type=1800 audit(1546854915.431:26): pid=7760 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   39.192848] audit: type=1800 audit(1546854915.431:27): pid=7760 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   49.799740] ==================================================================
[   49.807198] BUG: KASAN: slab-out-of-bounds in bacpy+0x23/0x30
[   49.813091] Read of size 6 at addr ffff8880a957a6fb by task kworker/u5:0/1171
[   49.820337] 
[   49.821965] CPU: 1 PID: 1171 Comm: kworker/u5:0 Not tainted 4.20.0+ #13
[   49.828695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.838050] Workqueue: hci0 hci_rx_work
[   49.842008] Call Trace:
[   49.844580]  dump_stack+0x1db/0x2d0
[   49.848197]  ? dump_stack_print_info.cold+0x20/0x20
[   49.853203]  ? bacpy+0x23/0x30
[   49.856383]  print_address_description.cold+0x7c/0x20d
[   49.861645]  ? bacpy+0x23/0x30
[   49.864825]  ? bacpy+0x23/0x30
[   49.868002]  kasan_report.cold+0x1b/0x40
[   49.872051]  ? bacpy+0x23/0x30
[   49.875230]  check_memory_region+0x123/0x190
[   49.879635]  memcpy+0x24/0x50
[   49.882744]  bacpy+0x23/0x30
[   49.885770]  hci_event_packet+0x3afc/0xc22e
[   49.890104]  ? hci_cmd_complete_evt+0xbe60/0xbe60
[   49.894948]  ? up_write+0x1c0/0x230
[   49.898574]  ? unwind_next_frame+0x3b/0x50
[   49.902807]  ? graph_lock+0x280/0x280
[   49.906593]  ? save_stack_trace+0x1a/0x20
[   49.910726]  ? save_trace+0xe0/0x290
[   49.914429]  ? add_lock_to_list.isra.0+0x450/0x450
[   49.919344]  ? kasan_check_read+0x11/0x20
[   49.923481]  ? __lock_acquire+0x2514/0x4a30
[   49.927785]  ? print_usage_bug+0xd0/0xd0
[   49.931833]  ? skb_dequeue+0x12e/0x180
[   49.935708]  ? mark_held_locks+0xb1/0x100
[   49.939841]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   49.944940]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   49.950044]  ? trace_hardirqs_on+0xbd/0x310
[   49.954349]  ? kasan_check_read+0x11/0x20
[   49.958481]  ? skb_dequeue+0x12e/0x180
[   49.962368]  ? trace_hardirqs_off_caller+0x300/0x300
[   49.967469]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.972993]  ? hci_send_to_monitor+0x306/0x470
[   49.977559]  ? hci_sock_release+0x3c0/0x3c0
[   49.981866]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   49.986970]  hci_rx_work+0x578/0xcd0
[   49.990669]  ? hci_rx_work+0x578/0xcd0
[   49.994538]  ? find_held_lock+0x35/0x120
[   49.998584]  ? add_lock_to_list.isra.0+0x450/0x450
[   50.003497]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.009050]  ? hci_alloc_dev+0x21a0/0x21a0
[   50.013272]  ? __lock_is_held+0xb6/0x140
[   50.017326]  process_one_work+0xd0c/0x1ce0
[   50.021544]  ? __wake_up_common_lock+0x1db/0x390
[   50.026292]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   50.030947]  ? trace_hardirqs_off+0xb8/0x310
[   50.035338]  ? kasan_check_read+0x11/0x20
[   50.039471]  ? do_raw_spin_unlock+0xa0/0x330
[   50.043873]  ? do_raw_spin_trylock+0x270/0x270
[   50.048450]  ? __wake_up_common+0x7d0/0x7d0
[   50.052769]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.058304]  ? get_work_pool_id+0x1a0/0x1a0
[   50.062621]  ? trace_hardirqs_on_caller+0x310/0x310
[   50.067639]  worker_thread+0x143/0x14a0
[   50.071634]  ? process_one_work+0x1ce0/0x1ce0
[   50.076127]  ? __kthread_parkme+0xc3/0x1b0
[   50.080348]  ? lock_acquire+0x1db/0x570
[   50.084322]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   50.089419]  ? lockdep_hardirqs_on+0x415/0x5d0
[   50.093997]  ? trace_hardirqs_on+0xbd/0x310
[   50.098310]  ? kasan_check_read+0x11/0x20
[   50.102454]  ? __kthread_parkme+0xc3/0x1b0
[   50.106673]  ? trace_hardirqs_off_caller+0x300/0x300
[   50.111764]  ? do_raw_spin_trylock+0x270/0x270
[   50.116330]  ? schedule+0x108/0x350
[   50.119947]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   50.125037]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   50.130565]  ? __kthread_parkme+0xfb/0x1b0
[   50.134785]  kthread+0x357/0x430
[   50.138138]  ? process_one_work+0x1ce0/0x1ce0
[   50.142614]  ? kthread_stop+0x920/0x920
[   50.146576]  ret_from_fork+0x3a/0x50
[   50.150279] 
[   50.151891] Allocated by task 7918:
[   50.155500]  save_stack+0x45/0xd0
[   50.158935]  kasan_kmalloc+0xcf/0xe0
[   50.162631]  __kmalloc_node_track_caller+0x4e/0x70
[   50.167543]  __kmalloc_reserve.isra.0+0x40/0xe0
[   50.172194]  __alloc_skb+0x12d/0x730
[   50.175892]  vhci_write+0xc4/0x470
[   50.179424]  __vfs_write+0x764/0xb40
[   50.183128]  vfs_write+0x20c/0x580
[   50.186648]  ksys_write+0x105/0x260
[   50.190270]  __x64_sys_write+0x73/0xb0
[   50.194140]  do_syscall_64+0x1a3/0x800
[   50.198010]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   50.203174] 
[   50.204780] Freed by task 3864:
[   50.208042]  save_stack+0x45/0xd0
[   50.211479]  __kasan_slab_free+0x102/0x150
[   50.215696]  kasan_slab_free+0xe/0x10
[   50.219479]  kfree+0xcf/0x230
[   50.222585]  kernfs_fop_release+0x129/0x1a0
[   50.226889]  __fput+0x3c5/0xb10
[   50.230151]  ____fput+0x16/0x20
[   50.233415]  task_work_run+0x1f4/0x2b0
[   50.237290]  exit_to_usermode_loop+0x32a/0x3b0
[   50.241869]  do_syscall_64+0x696/0x800
[   50.245743]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   50.250913] 
[   50.252522] The buggy address belongs to the object at ffff8880a957a500
[   50.252522]  which belongs to the cache kmalloc-512 of size 512
[   50.265160] The buggy address is located 507 bytes inside of
[   50.265160]  512-byte region [ffff8880a957a500, ffff8880a957a700)
[   50.277008] The buggy address belongs to the page:
[   50.281920] page:ffffea0002a55e80 count:1 mapcount:0 mapping:ffff88812c3f0940 index:0x0
[   50.290048] flags: 0x1fffc0000000200(slab)
[   50.294280] raw: 01fffc0000000200 ffffea000278ef88 ffffea00028e2388 ffff88812c3f0940
[   50.302149] raw: 0000000000000000 ffff8880a957a000 0000000100000006 0000000000000000
[   50.310022] page dumped because: kasan: bad access detected
[   50.315707] 
[   50.317318] Memory state around the buggy address:
[   50.322245]  ffff8880a957a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   50.329588]  ffff8880a957a680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   50.336928] >ffff8880a957a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   50.344273]                    ^
[   50.347621]  ffff8880a957a780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.355071]  ffff8880a957a800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.362405] ==================================================================
[   50.370437] Disabling lock debugging due to kernel taint
[   50.376379] Kernel panic - not syncing: panic_on_warn set ...
[   50.382286] CPU: 1 PID: 1171 Comm: kworker/u5:0 Tainted: G    B             4.20.0+ #13
[   50.390404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.399756] Workqueue: hci0 hci_rx_work
[   50.403708] Call Trace:
[   50.406280]  dump_stack+0x1db/0x2d0
[   50.409900]  ? dump_stack_print_info.cold+0x20/0x20
[   50.414919]  panic+0x2cb/0x65c
[   50.418109]  ? add_taint.cold+0x16/0x16
[   50.422067]  ? bacpy+0x23/0x30
[   50.425254]  ? preempt_schedule+0x4b/0x60
[   50.429399]  ? ___preempt_schedule+0x16/0x18
[   50.433804]  ? trace_hardirqs_on+0xb4/0x310
[   50.438109]  ? bacpy+0x23/0x30
[   50.441316]  end_report+0x47/0x4f
[   50.444756]  ? bacpy+0x23/0x30
[   50.447934]  kasan_report.cold+0xe/0x40
[   50.451910]  ? bacpy+0x23/0x30
[   50.455106]  check_memory_region+0x123/0x190
[   50.459500]  memcpy+0x24/0x50
[   50.462590]  bacpy+0x23/0x30
[   50.465593]  hci_event_packet+0x3afc/0xc22e
[   50.469902]  ? hci_cmd_complete_evt+0xbe60/0xbe60
[   50.474734]  ? up_write+0x1c0/0x230
[   50.478349]  ? unwind_next_frame+0x3b/0x50
[   50.482571]  ? graph_lock+0x280/0x280
[   50.486356]  ? save_stack_trace+0x1a/0x20
[   50.490485]  ? save_trace+0xe0/0x290
[   50.494178]  ? add_lock_to_list.isra.0+0x450/0x450
[   50.499091]  ? kasan_check_read+0x11/0x20
[   50.503227]  ? __lock_acquire+0x2514/0x4a30
[   50.507562]  ? print_usage_bug+0xd0/0xd0
[   50.511614]  ? skb_dequeue+0x12e/0x180
[   50.515497]  ? mark_held_locks+0xb1/0x100
[   50.519635]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   50.524762]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   50.529849]  ? trace_hardirqs_on+0xbd/0x310
[   50.534153]  ? kasan_check_read+0x11/0x20
[   50.538285]  ? skb_dequeue+0x12e/0x180
[   50.542155]  ? trace_hardirqs_off_caller+0x300/0x300
[   50.547253]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.552774]  ? hci_send_to_monitor+0x306/0x470
[   50.557335]  ? hci_sock_release+0x3c0/0x3c0
[   50.561642]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   50.566727]  hci_rx_work+0x578/0xcd0
[   50.570429]  ? hci_rx_work+0x578/0xcd0
[   50.574296]  ? find_held_lock+0x35/0x120
[   50.578338]  ? add_lock_to_list.isra.0+0x450/0x450
[   50.583260]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.588784]  ? hci_alloc_dev+0x21a0/0x21a0
[   50.593024]  ? __lock_is_held+0xb6/0x140
[   50.597072]  process_one_work+0xd0c/0x1ce0
[   50.601305]  ? __wake_up_common_lock+0x1db/0x390
[   50.606046]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   50.610698]  ? trace_hardirqs_off+0xb8/0x310
[   50.615088]  ? kasan_check_read+0x11/0x20
[   50.619219]  ? do_raw_spin_unlock+0xa0/0x330
[   50.623616]  ? do_raw_spin_trylock+0x270/0x270
[   50.628184]  ? __wake_up_common+0x7d0/0x7d0
[   50.632503]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.638024]  ? get_work_pool_id+0x1a0/0x1a0
[   50.642330]  ? trace_hardirqs_on_caller+0x310/0x310
[   50.647332]  worker_thread+0x143/0x14a0
[   50.651309]  ? process_one_work+0x1ce0/0x1ce0
[   50.655791]  ? __kthread_parkme+0xc3/0x1b0
[   50.660019]  ? lock_acquire+0x1db/0x570
[   50.663976]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   50.669063]  ? lockdep_hardirqs_on+0x415/0x5d0
[   50.673640]  ? trace_hardirqs_on+0xbd/0x310
[   50.677949]  ? kasan_check_read+0x11/0x20
[   50.682082]  ? __kthread_parkme+0xc3/0x1b0
[   50.686300]  ? trace_hardirqs_off_caller+0x300/0x300
[   50.691384]  ? do_raw_spin_trylock+0x270/0x270
[   50.695946]  ? schedule+0x108/0x350
[   50.699574]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   50.704658]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   50.710178]  ? __kthread_parkme+0xfb/0x1b0
[   50.714395]  kthread+0x357/0x430
[   50.717744]  ? process_one_work+0x1ce0/0x1ce0
[   50.722225]  ? kthread_stop+0x920/0x920
[   50.726190]  ret_from_fork+0x3a/0x50
[   50.730858] Kernel Offset: disabled
[   50.734480] Rebooting in 86400 seconds..