[ 39.801834] audit: type=1400 audit(1575424109.719:37): avc: denied { map } for pid=6727 comm="syz-fuzzer" path="/root/syzkaller-shm760317543" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 40.020918] IPVS: ftp: loaded support on port[0] = 21 [ 41.194228] can: request_module (can-proto-0) failed. [ 41.204043] can: request_module (can-proto-0) failed. [ 41.352724] audit: type=1400 audit(1575424111.269:38): avc: denied { create } for pid=6727 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 41.377149] audit: type=1400 audit(1575424111.269:39): avc: denied { create } for pid=6727 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 41.401233] audit: type=1400 audit(1575424111.269:40): avc: denied { create } for pid=6727 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 41.659779] random: sshd: uninitialized urandom read (32 bytes read) [ 42.362615] random: sshd: uninitialized urandom read (32 bytes read) [ 42.540467] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.72' (ECDSA) to the list of known hosts. 2019/12/04 01:48:38 parsed 1 programs 2019/12/04 01:48:39 executed programs: 0 [ 49.450932] IPVS: ftp: loaded support on port[0] = 21 [ 50.294435] chnl_net:caif_netlink_parms(): no params data found [ 50.301247] IPVS: ftp: loaded support on port[0] = 21 [ 50.349975] IPVS: ftp: loaded support on port[0] = 21 [ 50.364254] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.371613] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.378764] device bridge_slave_0 entered promiscuous mode [ 50.403762] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.410860] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.418147] device bridge_slave_1 entered promiscuous mode [ 50.455123] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.465978] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.479378] chnl_net:caif_netlink_parms(): no params data found [ 50.495246] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.502581] team0: Port device team_slave_0 added [ 50.522928] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.531446] team0: Port device team_slave_1 added [ 50.548245] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.561682] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.568192] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.575996] device bridge_slave_0 entered promiscuous mode [ 50.583331] IPVS: ftp: loaded support on port[0] = 21 [ 50.591943] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.601749] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.608102] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.615685] device bridge_slave_1 entered promiscuous mode [ 50.682323] device hsr_slave_0 entered promiscuous mode [ 50.720401] device hsr_slave_1 entered promiscuous mode [ 50.804393] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.815061] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.823532] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.830631] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.881577] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.888629] team0: Port device team_slave_0 added [ 50.894050] chnl_net:caif_netlink_parms(): no params data found [ 50.908142] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.915846] team0: Port device team_slave_1 added [ 50.922858] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.932143] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.938567] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.945683] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.952081] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.967113] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.985112] IPVS: ftp: loaded support on port[0] = 21 [ 51.052313] device hsr_slave_0 entered promiscuous mode [ 51.090421] device hsr_slave_1 entered promiscuous mode [ 51.133160] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.147510] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.217167] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.224100] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.231598] device bridge_slave_0 entered promiscuous mode [ 51.242115] chnl_net:caif_netlink_parms(): no params data found [ 51.258068] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.264497] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.271142] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.277471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.286183] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.293344] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.300576] device bridge_slave_1 entered promiscuous mode [ 51.337083] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.344331] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.352176] device bridge_slave_0 entered promiscuous mode [ 51.361728] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.379681] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.387956] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.388217] IPVS: ftp: loaded support on port[0] = 21 [ 51.401560] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.408667] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.418045] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.424614] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.431920] device bridge_slave_1 entered promiscuous mode [ 51.452830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.460498] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.474270] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.487952] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.500447] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.536145] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.554028] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.561571] team0: Port device team_slave_0 added [ 51.571776] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.592264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.600438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.613213] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.620491] team0: Port device team_slave_0 added [ 51.626468] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.634015] team0: Port device team_slave_1 added [ 51.640590] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.648170] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.663674] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.669772] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.677198] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.688390] team0: Port device team_slave_1 added [ 51.694519] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.702072] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.716190] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.723950] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.739654] chnl_net:caif_netlink_parms(): no params data found [ 51.750698] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.757378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.765308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.773141] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.779637] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.786532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.793537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.806972] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.863972] device hsr_slave_0 entered promiscuous mode [ 51.900502] device hsr_slave_1 entered promiscuous mode [ 51.940845] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.949449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.957354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.965026] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.971410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.022172] device hsr_slave_0 entered promiscuous mode [ 52.060369] device hsr_slave_1 entered promiscuous mode [ 52.104068] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.111745] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.121832] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.127913] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.135396] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.143065] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.161699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.177765] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.185679] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.196640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.205047] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.216946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.224787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.233139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.240881] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.247199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.255923] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.278243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.286342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.297591] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.305627] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.321982] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.331730] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.341085] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.347974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.356014] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.363885] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.370276] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.377172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.385786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.393423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.401142] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.418103] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.425149] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.432348] device bridge_slave_0 entered promiscuous mode [ 52.439208] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.445774] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.452643] device bridge_slave_1 entered promiscuous mode [ 52.465630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.474347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.482097] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.489770] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.523642] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.533738] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.544180] chnl_net:caif_netlink_parms(): no params data found [ 52.556815] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.564631] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.572651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.581149] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.589538] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.600746] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.608865] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.619435] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.625812] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.639265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.647195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.655932] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.668923] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.681362] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.697316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.705743] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.729394] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.737063] team0: Port device team_slave_0 added [ 52.744186] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.756256] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.765455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.775419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.784295] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.793126] team0: Port device team_slave_1 added [ 52.799894] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.822171] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.828232] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.835691] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.844061] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.852681] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.865043] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.872756] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.884313] device bridge_slave_0 entered promiscuous mode [ 52.899112] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.911208] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.918963] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.926478] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.933830] device bridge_slave_1 entered promiscuous mode [ 52.951184] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.957455] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.964517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.972010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.982628] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.989497] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.055318] ================================================================== [ 53.063124] BUG: KASAN: slab-out-of-bounds in bacpy+0xe/0x10 [ 53.068907] Read of size 6 at addr ffff88809c0eabfb by task kworker/u5:0/1141 [ 53.076174] [ 53.077813] CPU: 0 PID: 1141 Comm: kworker/u5:0 Not tainted 4.14.157-syzkaller #0 [ 53.085503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.085513] Workqueue: hci0 hci_rx_work [ 53.085517] Call Trace: [ 53.085526] dump_stack+0xf7/0x13b [ 53.085532] ? bacpy+0xe/0x10 [ 53.085540] print_address_description.cold.7+0x9/0x1c9 [ 53.085544] ? bacpy+0xe/0x10 [ 53.085549] kasan_report.cold.8+0x11a/0x2d3 [ 53.085555] check_memory_region+0x13e/0x1b0 [ 53.085562] memcpy+0x23/0x50 [ 53.098869] bacpy+0xe/0x10 [ 53.098874] hci_event_packet+0x1f26/0x9c3d [ 53.098885] ? hci_cmd_complete_evt+0x96c0/0x96c0 [ 53.105064] ? __save_stack_trace+0x6e/0xd0 [ 53.105073] ? ret_from_fork+0x3a/0x50 [ 53.105083] ? add_lock_to_list.isra.32+0x193/0x340 [ 53.113516] ? save_trace+0xe0/0x290 [ 53.113524] ? __lock_acquire+0x24af/0x4500 [ 53.113536] ? trace_hardirqs_on+0x10/0x10 [ 53.113540] ? __lock_acquire+0x24af/0x4500 [ 53.113545] ? trace_hardirqs_off+0x10/0x10 [ 53.113548] ? trace_hardirqs_off+0x10/0x10 [ 53.113559] ? find_held_lock+0x36/0x1d0 [ 53.121045] ? mark_held_locks+0xc7/0x130 [ 53.121053] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 53.121059] ? trace_hardirqs_on_caller+0x40c/0x580 [ 53.121064] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 53.121072] hci_rx_work+0x342/0x890 [ 53.121076] ? hci_rx_work+0x342/0x890 [ 53.128564] process_one_work+0x7a3/0x16c0 [ 53.128580] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 53.135899] worker_thread+0xcc/0xee0 [ 53.135912] kthread+0x33b/0x410 [ 53.145127] ? process_one_work+0x16c0/0x16c0 [ 53.145131] ? kthread_create_on_node+0xa0/0xa0 [ 53.145139] ret_from_fork+0x3a/0x50 [ 53.145150] [ 53.154011] Allocated by task 6861: [ 53.154018] save_stack_trace+0x16/0x20 [ 53.154023] save_stack+0x43/0xd0 [ 53.154026] kasan_kmalloc+0xc7/0xe0 [ 53.154032] __kmalloc_node_track_caller+0x50/0x70 [ 53.154038] __kmalloc_reserve.isra.36+0x2c/0xc0 [ 53.154042] __alloc_skb+0xc1/0x500 [ 53.154048] vhci_write+0xa8/0x3e2 [ 53.154055] __vfs_write+0x41b/0x850 [ 53.162069] vfs_write+0x150/0x4f0 [ 53.162074] SyS_write+0x100/0x250 [ 53.162079] do_syscall_64+0x1c9/0x5b0 [ 53.162087] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 53.166558] device hsr_slave_0 entered promiscuous mode [ 53.170617] [ 53.170620] Freed by task 0: [ 53.170622] (stack is not available) [ 53.170624] [ 53.170628] The buggy address belongs to the object at ffff88809c0eaa00 [ 53.170628] which belongs to the cache kmalloc-512 of size 512 [ 53.170632] The buggy address is located 507 bytes inside of [ 53.170632] 512-byte region [ffff88809c0eaa00, ffff88809c0eac00) [ 53.170634] The buggy address belongs to the page: [ 53.170638] page:ffffea0002703a80 count:1 mapcount:0 mapping:ffff88809c0ea000 index:0x0 [ 53.170644] flags: 0x1fffc0000000100(slab) [ 53.170651] raw: 01fffc0000000100 ffff88809c0ea000 0000000000000000 0000000100000006 [ 53.170655] raw: ffffea0001fc2020 ffff8880aa801748 ffff8880aa800940 0000000000000000 [ 53.170657] page dumped because: kasan: bad access detected [ 53.170659] [ 53.170661] Memory state around the buggy address: [ 53.170666] ffff88809c0eab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.386443] ffff88809c0eab80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.393834] >ffff88809c0eac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.401191] ^ [ 53.404540] ffff88809c0eac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.411898] ffff88809c0ead00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.419322] ================================================================== [ 53.426666] Disabling lock debugging due to kernel taint [ 53.434095] Kernel panic - not syncing: panic_on_warn set ... [ 53.434095] [ 53.441470] CPU: 0 PID: 1141 Comm: kworker/u5:0 Tainted: G B 4.14.157-syzkaller #0 [ 53.450474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.460057] Workqueue: hci0 hci_rx_work [ 53.464021] Call Trace: [ 53.466595] dump_stack+0xf7/0x13b [ 53.470117] ? bacpy+0xe/0x10 [ 53.473340] panic+0x1b0/0x36a [ 53.476519] ? add_taint.cold.5+0x11/0x11 [ 53.480792] ? ___preempt_schedule+0x16/0x18 [ 53.485185] ? bacpy+0xe/0x10 [ 53.488292] kasan_end_report+0x47/0x4f [ 53.492447] kasan_report.cold.8+0x76/0x2d3 [ 53.496750] check_memory_region+0x13e/0x1b0 [ 53.501279] memcpy+0x23/0x50 [ 53.504469] bacpy+0xe/0x10 [ 53.507384] hci_event_packet+0x1f26/0x9c3d [ 53.511768] ? hci_cmd_complete_evt+0x96c0/0x96c0 [ 53.516713] ? __save_stack_trace+0x6e/0xd0 [ 53.521014] ? ret_from_fork+0x3a/0x50 [ 53.525153] ? add_lock_to_list.isra.32+0x193/0x340 [ 53.530162] ? save_trace+0xe0/0x290 [ 53.533947] ? __lock_acquire+0x24af/0x4500 [ 53.538421] ? trace_hardirqs_on+0x10/0x10 [ 53.542642] ? __lock_acquire+0x24af/0x4500 [ 53.546955] ? trace_hardirqs_off+0x10/0x10 [ 53.551251] ? trace_hardirqs_off+0x10/0x10 [ 53.556090] ? find_held_lock+0x36/0x1d0 [ 53.560147] ? mark_held_locks+0xc7/0x130 [ 53.564281] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 53.569362] ? trace_hardirqs_on_caller+0x40c/0x580 [ 53.574364] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 53.579443] hci_rx_work+0x342/0x890 [ 53.583131] ? hci_rx_work+0x342/0x890 [ 53.587018] process_one_work+0x7a3/0x16c0 [ 53.591229] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 53.595879] worker_thread+0xcc/0xee0 [ 53.599658] kthread+0x33b/0x410 [ 53.603001] ? process_one_work+0x16c0/0x16c0 [ 53.607478] ? kthread_create_on_node+0xa0/0xa0 [ 53.612128] ret_from_fork+0x3a/0x50 [ 53.617477] Kernel Offset: disabled [ 53.621182] Rebooting in 86400 seconds..