Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
syzkaller login: [   86.474390][ T1618] ==================================================================
[   86.482600][ T1618] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x5084/0xa931
[   86.490578][ T1618] Read of size 6 at addr ffff88809f254208 by task kworker/u5:0/1618
[   86.498573][ T1618] 
[   86.500882][ T1618] CPU: 0 PID: 1618 Comm: kworker/u5:0 Not tainted 5.6.0-rc6-syzkaller #0
[   86.509268][ T1618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   86.519323][ T1618] Workqueue: hci0 hci_rx_work
[   86.523977][ T1618] Call Trace:
[   86.527252][ T1618]  dump_stack+0x188/0x20d
[   86.531563][ T1618]  ? hci_event_packet+0x5084/0xa931
[   86.536742][ T1618]  ? hci_event_packet+0x5084/0xa931
[   86.541920][ T1618]  print_address_description.constprop.0.cold+0xd3/0x315
[   86.549053][ T1618]  ? hci_event_packet+0x5084/0xa931
[   86.554227][ T1618]  ? hci_event_packet+0x5084/0xa931
[   86.559403][ T1618]  __kasan_report.cold+0x1a/0x32
[   86.564325][ T1618]  ? hci_event_packet+0x5084/0xa931
[   86.569850][ T1618]  kasan_report+0xe/0x20
[   86.574073][ T1618]  check_memory_region+0x128/0x190
[   86.579174][ T1618]  memcpy+0x20/0x50
[   86.582965][ T1618]  hci_event_packet+0x5084/0xa931
[   86.587981][ T1618]  ? hci_cmd_complete_evt+0xc3b0/0xc3b0
[   86.593503][ T1618]  ? find_first_zero_bit+0x94/0xb0
[   86.598598][ T1618]  ? __lock_acquire+0x2413/0x3ca0
[   86.603623][ T1618]  ? find_held_lock+0x2d/0x110
[   86.608366][ T1618]  ? skb_dequeue+0x153/0x1c0
[   86.612945][ T1618]  ? mark_held_locks+0x9f/0xe0
[   86.617685][ T1618]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   86.623477][ T1618]  ? lockdep_hardirqs_on+0x417/0x5d0
[   86.628739][ T1618]  ? _raw_spin_unlock_irqrestore+0x9b/0xe0
[   86.634525][ T1618]  ? hci_rx_work+0x239/0xb20
[   86.639088][ T1618]  hci_rx_work+0x239/0xb20
[   86.643494][ T1618]  process_one_work+0x94b/0x1690
[   86.648422][ T1618]  ? pwq_dec_nr_in_flight+0x310/0x310
[   86.653779][ T1618]  ? do_raw_spin_lock+0x129/0x2e0
[   86.658798][ T1618]  worker_thread+0x96/0xe20
[   86.663296][ T1618]  ? process_one_work+0x1690/0x1690
[   86.668476][ T1618]  kthread+0x357/0x430
[   86.672534][ T1618]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   86.678279][ T1618]  ret_from_fork+0x24/0x30
[   86.682681][ T1618] 
[   86.684993][ T1618] Allocated by task 9455:
[   86.689313][ T1618]  save_stack+0x1b/0x80
[   86.693445][ T1618]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   86.699070][ T1618]  __kmalloc_reserve.isra.0+0x39/0xe0
[   86.704415][ T1618]  __alloc_skb+0xef/0x5a0
[   86.708737][ T1618]  vhci_write+0xbd/0x450
[   86.712958][ T1618]  new_sync_write+0x49c/0x700
[   86.717610][ T1618]  __vfs_write+0xc9/0x100
[   86.721913][ T1618]  vfs_write+0x262/0x5c0
[   86.726128][ T1618]  ksys_write+0x127/0x250
[   86.730432][ T1618]  do_fast_syscall_32+0x270/0xe8f
[   86.735551][ T1618]  entry_SYSENTER_compat+0x70/0x7f
[   86.740633][ T1618] 
[   86.742939][ T1618] Freed by task 8497:
[   86.746898][ T1618]  save_stack+0x1b/0x80
[   86.751026][ T1618]  __kasan_slab_free+0xf7/0x140
[   86.755851][ T1618]  kfree+0x109/0x2b0
[   86.759722][ T1618]  load_elf_binary+0x240d/0x4870
[   86.764637][ T1618]  search_binary_handler+0x16b/0x580
[   86.769897][ T1618]  __do_execve_file.isra.0+0x12fc/0x2270
[   86.775507][ T1618]  __x64_sys_execve+0x8a/0xb0
[   86.780161][ T1618]  do_syscall_64+0xf6/0x7d0
[   86.784639][ T1618]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.790500][ T1618] 
[   86.792812][ T1618] The buggy address belongs to the object at ffff88809f254000
[   86.792812][ T1618]  which belongs to the cache kmalloc-512 of size 512
[   86.806840][ T1618] The buggy address is located 8 bytes to the right of
[   86.806840][ T1618]  512-byte region [ffff88809f254000, ffff88809f254200)
[   86.820429][ T1618] The buggy address belongs to the page:
[   86.826084][ T1618] page:ffffea00027c9500 refcount:1 mapcount:0 mapping:ffff8880aa000a80 index:0x0
[   86.835165][ T1618] flags: 0xfffe0000000200(slab)
[   86.840042][ T1618] raw: 00fffe0000000200 ffffea00027cd908 ffffea00027ebf48 ffff8880aa000a80
[   86.848602][ T1618] raw: 0000000000000000 ffff88809f254000 0000000100000004 0000000000000000
[   86.857156][ T1618] page dumped because: kasan: bad access detected
[   86.863539][ T1618] 
[   86.865844][ T1618] Memory state around the buggy address:
[   86.871487][ T1618]  ffff88809f254100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.879538][ T1618]  ffff88809f254180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.887588][ T1618] >ffff88809f254200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.895663][ T1618]                       ^
[   86.899973][ T1618]  ffff88809f254280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.908016][ T1618]  ffff88809f254300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.916057][ T1618] ==================================================================
[   86.924088][ T1618] Disabling lock debugging due to kernel taint
[   86.932441][ T1618] Kernel panic - not syncing: panic_on_warn set ...
[   86.939031][ T1618] CPU: 0 PID: 1618 Comm: kworker/u5:0 Tainted: G    B             5.6.0-rc6-syzkaller #0
[   86.948812][ T1618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   86.958851][ T1618] Workqueue: hci0 hci_rx_work
[   86.963498][ T1618] Call Trace:
[   86.966764][ T1618]  dump_stack+0x188/0x20d
[   86.971083][ T1618]  panic+0x2e3/0x75c
[   86.974955][ T1618]  ? add_taint.cold+0x16/0x16
[   86.979612][ T1618]  ? preempt_schedule_common+0x5e/0xc0
[   86.985052][ T1618]  ? hci_event_packet+0x5084/0xa931
[   86.990228][ T1618]  ? ___preempt_schedule+0x16/0x18
[   86.995326][ T1618]  ? trace_hardirqs_on+0x55/0x220
[   87.000335][ T1618]  ? hci_event_packet+0x5084/0xa931
[   87.005510][ T1618]  end_report+0x43/0x49
[   87.009653][ T1618]  ? hci_event_packet+0x5084/0xa931
[   87.014833][ T1618]  __kasan_report.cold+0xd/0x32
[   87.019712][ T1618]  ? hci_event_packet+0x5084/0xa931
[   87.024886][ T1618]  kasan_report+0xe/0x20
[   87.029105][ T1618]  check_memory_region+0x128/0x190
[   87.034192][ T1618]  memcpy+0x20/0x50
[   87.037979][ T1618]  hci_event_packet+0x5084/0xa931
[   87.042982][ T1618]  ? hci_cmd_complete_evt+0xc3b0/0xc3b0
[   87.048507][ T1618]  ? find_first_zero_bit+0x94/0xb0
[   87.053608][ T1618]  ? __lock_acquire+0x2413/0x3ca0
[   87.058628][ T1618]  ? find_held_lock+0x2d/0x110
[   87.063401][ T1618]  ? skb_dequeue+0x153/0x1c0
[   87.067970][ T1618]  ? mark_held_locks+0x9f/0xe0
[   87.072709][ T1618]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   87.078494][ T1618]  ? lockdep_hardirqs_on+0x417/0x5d0
[   87.083796][ T1618]  ? _raw_spin_unlock_irqrestore+0x9b/0xe0
[   87.089580][ T1618]  ? hci_rx_work+0x239/0xb20
[   87.094144][ T1618]  hci_rx_work+0x239/0xb20
[   87.098589][ T1618]  process_one_work+0x94b/0x1690
[   87.103506][ T1618]  ? pwq_dec_nr_in_flight+0x310/0x310
[   87.108851][ T1618]  ? do_raw_spin_lock+0x129/0x2e0
[   87.113875][ T1618]  worker_thread+0x96/0xe20
[   87.118359][ T1618]  ? process_one_work+0x1690/0x1690
[   87.123537][ T1618]  kthread+0x357/0x430
[   87.127582][ T1618]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   87.133275][ T1618]  ret_from_fork+0x24/0x30
[   87.138929][ T1618] Kernel Offset: disabled
[   87.143260][ T1618] Rebooting in 86400 seconds..