Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts. [ 70.781250][ T8461] IPVS: ftp: loaded support on port[0] = 21 executing program [ 71.034408][ T8461] ================================================================== [ 71.042620][ T8461] BUG: KASAN: slab-out-of-bounds in add_adv_patterns_monitor+0x91f/0xa90 [ 71.051048][ T8461] Read of size 1 at addr ffff88801b1dec09 by task syz-executor149/8461 [ 71.059285][ T8461] [ 71.061591][ T8461] CPU: 1 PID: 8461 Comm: syz-executor149 Not tainted 5.11.0-rc4-syzkaller #0 [ 71.070343][ T8461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.080381][ T8461] Call Trace: [ 71.083645][ T8461] dump_stack+0x107/0x163 [ 71.087974][ T8461] ? add_adv_patterns_monitor+0x91f/0xa90 [ 71.093694][ T8461] ? add_adv_patterns_monitor+0x91f/0xa90 [ 71.099397][ T8461] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 71.106412][ T8461] ? add_adv_patterns_monitor+0x91f/0xa90 [ 71.112116][ T8461] ? add_adv_patterns_monitor+0x91f/0xa90 [ 71.117825][ T8461] kasan_report.cold+0x79/0xd5 [ 71.122607][ T8461] ? ____kasan_kmalloc.constprop.0+0x20/0xa0 [ 71.128571][ T8461] ? add_adv_patterns_monitor+0x91f/0xa90 [ 71.134277][ T8461] add_adv_patterns_monitor+0x91f/0xa90 [ 71.139812][ T8461] ? add_advertising_complete+0x680/0x680 [ 71.145523][ T8461] ? lockdep_init_map_waits+0x26a/0x720 [ 71.151056][ T8461] ? get_device_flags+0x320/0x320 [ 71.156067][ T8461] hci_sock_sendmsg+0x1b98/0x21d0 [ 71.161077][ T8461] ? static_obj+0xa0/0xc0 [ 71.165392][ T8461] ? hci_sock_compat_ioctl+0x80/0x80 [ 71.170661][ T8461] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.176892][ T8461] ? hci_sock_compat_ioctl+0x80/0x80 [ 71.182161][ T8461] sock_sendmsg+0xcf/0x120 [ 71.186562][ T8461] sock_write_iter+0x289/0x3c0 [ 71.191309][ T8461] ? sock_sendmsg+0x120/0x120 [ 71.195976][ T8461] ? aa_path_link+0x2f0/0x2f0 [ 71.200640][ T8461] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.206899][ T8461] new_sync_write+0x426/0x650 [ 71.211564][ T8461] ? new_sync_read+0x6e0/0x6e0 [ 71.216319][ T8461] ? apparmor_file_permission+0x26e/0x4e0 [ 71.222035][ T8461] vfs_write+0x791/0xa30 [ 71.226269][ T8461] ksys_write+0x1ee/0x250 [ 71.230599][ T8461] ? __ia32_sys_read+0xb0/0xb0 [ 71.235350][ T8461] ? syscall_enter_from_user_mode+0x1d/0x50 [ 71.241249][ T8461] do_syscall_64+0x2d/0x70 [ 71.245651][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.251532][ T8461] RIP: 0033:0x447579 [ 71.255411][ T8461] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.274999][ T8461] RSP: 002b:00007ffe05c15e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 71.283415][ T8461] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000447579 [ 71.291385][ T8461] RDX: 0000000000000009 RSI: 0000000020000000 RDI: 0000000000000004 [ 71.299340][ T8461] RBP: 0000000002461914 R08: 0000000002461914 R09: 00007ffe05c15e00 [ 71.307311][ T8461] R10: 00007ffe05c15e20 R11: 0000000000000246 R12: 0000000000000004 [ 71.315289][ T8461] R13: 0000000000000072 R14: 0000000002461914 R15: 0000000000000000 [ 71.323256][ T8461] [ 71.325563][ T8461] Allocated by task 8461: [ 71.329869][ T8461] kasan_save_stack+0x1b/0x40 [ 71.334533][ T8461] ____kasan_kmalloc.constprop.0+0x82/0xa0 [ 71.340334][ T8461] hci_sock_sendmsg+0x9b8/0x21d0 [ 71.345312][ T8461] sock_sendmsg+0xcf/0x120 [ 71.349726][ T8461] sock_write_iter+0x289/0x3c0 [ 71.354470][ T8461] new_sync_write+0x426/0x650 [ 71.359154][ T8461] vfs_write+0x791/0xa30 [ 71.363381][ T8461] ksys_write+0x1ee/0x250 [ 71.367795][ T8461] do_syscall_64+0x2d/0x70 [ 71.372216][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.378205][ T8461] [ 71.380511][ T8461] The buggy address belongs to the object at ffff88801b1dec00 [ 71.380511][ T8461] which belongs to the cache kmalloc-16 of size 16 [ 71.394383][ T8461] The buggy address is located 9 bytes inside of [ 71.394383][ T8461] 16-byte region [ffff88801b1dec00, ffff88801b1dec10) [ 71.407391][ T8461] The buggy address belongs to the page: [ 71.413086][ T8461] page:00000000535915a4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1b1de [ 71.423217][ T8461] flags: 0xfff00000000200(slab) [ 71.428070][ T8461] raw: 00fff00000000200 ffffea000513b640 0000000300000003 ffff888010041b40 [ 71.436635][ T8461] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 71.445209][ T8461] page dumped because: kasan: bad access detected [ 71.451598][ T8461] [ 71.453904][ T8461] Memory state around the buggy address: [ 71.459523][ T8461] ffff88801b1deb00: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 71.467581][ T8461] ffff88801b1deb80: 00 00 fc fc fb fb fc fc fa fb fc fc 00 00 fc fc [ 71.475635][ T8461] >ffff88801b1dec00: 00 01 fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc [ 71.483686][ T8461] ^ [ 71.488007][ T8461] ffff88801b1dec80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 71.496049][ T8461] ffff88801b1ded00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 71.504086][ T8461] ================================================================== [ 71.512135][ T8461] Disabling lock debugging due to kernel taint [ 71.520648][ T8461] Kernel panic - not syncing: panic_on_warn set ... [ 71.527250][ T8461] CPU: 0 PID: 8461 Comm: syz-executor149 Tainted: G B 5.11.0-rc4-syzkaller #0 [ 71.537396][ T8461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.547432][ T8461] Call Trace: [ 71.550693][ T8461] dump_stack+0x107/0x163 [ 71.555012][ T8461] ? add_adv_patterns_monitor+0x830/0xa90 [ 71.560715][ T8461] panic+0x306/0x73d [ 71.564592][ T8461] ? __warn_printk+0xf3/0xf3 [ 71.569202][ T8461] ? preempt_schedule_common+0x59/0xc0 [ 71.574652][ T8461] ? add_adv_patterns_monitor+0x91f/0xa90 [ 71.580353][ T8461] ? preempt_schedule_thunk+0x16/0x18 [ 71.585713][ T8461] ? trace_hardirqs_on+0x38/0x1c0 [ 71.590721][ T8461] ? trace_hardirqs_on+0x51/0x1c0 [ 71.595748][ T8461] ? add_adv_patterns_monitor+0x91f/0xa90 [ 71.601464][ T8461] ? add_adv_patterns_monitor+0x91f/0xa90 [ 71.607180][ T8461] end_report+0x58/0x5e [ 71.611322][ T8461] kasan_report.cold+0x67/0xd5 [ 71.616071][ T8461] ? ____kasan_kmalloc.constprop.0+0x20/0xa0 [ 71.622230][ T8461] ? add_adv_patterns_monitor+0x91f/0xa90 [ 71.628047][ T8461] add_adv_patterns_monitor+0x91f/0xa90 [ 71.633592][ T8461] ? add_advertising_complete+0x680/0x680 [ 71.639303][ T8461] ? lockdep_init_map_waits+0x26a/0x720 [ 71.644834][ T8461] ? get_device_flags+0x320/0x320 [ 71.649927][ T8461] hci_sock_sendmsg+0x1b98/0x21d0 [ 71.654932][ T8461] ? static_obj+0xa0/0xc0 [ 71.659240][ T8461] ? hci_sock_compat_ioctl+0x80/0x80 [ 71.664620][ T8461] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.670873][ T8461] ? hci_sock_compat_ioctl+0x80/0x80 [ 71.676138][ T8461] sock_sendmsg+0xcf/0x120 [ 71.680536][ T8461] sock_write_iter+0x289/0x3c0 [ 71.685281][ T8461] ? sock_sendmsg+0x120/0x120 [ 71.689947][ T8461] ? aa_path_link+0x2f0/0x2f0 [ 71.694617][ T8461] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.700839][ T8461] new_sync_write+0x426/0x650 [ 71.705501][ T8461] ? new_sync_read+0x6e0/0x6e0 [ 71.710247][ T8461] ? apparmor_file_permission+0x26e/0x4e0 [ 71.715960][ T8461] vfs_write+0x791/0xa30 [ 71.720185][ T8461] ksys_write+0x1ee/0x250 [ 71.724510][ T8461] ? __ia32_sys_read+0xb0/0xb0 [ 71.729254][ T8461] ? syscall_enter_from_user_mode+0x1d/0x50 [ 71.735133][ T8461] do_syscall_64+0x2d/0x70 [ 71.739528][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.745404][ T8461] RIP: 0033:0x447579 [ 71.749365][ T8461] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.769298][ T8461] RSP: 002b:00007ffe05c15e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 71.777697][ T8461] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000447579 [ 71.785655][ T8461] RDX: 0000000000000009 RSI: 0000000020000000 RDI: 0000000000000004 [ 71.793609][ T8461] RBP: 0000000002461914 R08: 0000000002461914 R09: 00007ffe05c15e00 [ 71.801579][ T8461] R10: 00007ffe05c15e20 R11: 0000000000000246 R12: 0000000000000004 [ 71.809577][ T8461] R13: 0000000000000072 R14: 0000000002461914 R15: 0000000000000000 [ 71.818212][ T8461] Kernel Offset: disabled [ 71.822529][ T8461] Rebooting in 86400 seconds..