Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
syzkaller login: [   66.800106][ T6935] ==================================================================
[   66.808395][ T6935] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x14ad/0x18240
[   66.816381][ T6935] Read of size 6 at addr ffff8880a03fe9fb by task kworker/u5:2/6935
[   66.824353][ T6935] 
[   66.826671][ T6935] CPU: 0 PID: 6935 Comm: kworker/u5:2 Not tainted 5.8.0-rc4-syzkaller #0
[   66.835052][ T6935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.845091][ T6935] Workqueue: hci0 hci_rx_work
[   66.849740][ T6935] Call Trace:
[   66.853010][ T6935]  dump_stack+0x1f0/0x31e
[   66.857319][ T6935]  print_address_description+0x66/0x5a0
[   66.862853][ T6935]  ? vprintk_emit+0x342/0x3c0
[   66.867509][ T6935]  ? printk+0x62/0x83
[   66.871464][ T6935]  ? rcu_read_lock_sched_held+0x2f/0xa0
[   66.876985][ T6935]  ? vprintk_emit+0x339/0x3c0
[   66.881642][ T6935]  kasan_report+0x132/0x1d0
[   66.886126][ T6935]  ? hci_event_packet+0x14ad/0x18240
[   66.891391][ T6935]  ? memcpy+0x3c/0x60
[   66.895352][ T6935]  check_memory_region+0x2b5/0x2f0
[   66.900441][ T6935]  ? hci_event_packet+0x14ad/0x18240
[   66.905706][ T6935]  memcpy+0x25/0x60
[   66.909935][ T6935]  hci_event_packet+0x14ad/0x18240
[   66.915027][ T6935]  ? trace_lock_release+0x137/0x1a0
[   66.920557][ T6935]  ? lockdep_hardirqs_on+0x38/0xe0
[   66.925650][ T6935]  hci_rx_work+0x236/0x9c0
[   66.930048][ T6935]  process_one_work+0x789/0xfc0
[   66.934886][ T6935]  worker_thread+0xaa4/0x1460
[   66.939544][ T6935]  ? _raw_spin_unlock_irqrestore+0x6f/0xd0
[   66.945338][ T6935]  kthread+0x37e/0x3a0
[   66.949381][ T6935]  ? rcu_lock_release+0x20/0x20
[   66.954205][ T6935]  ? kthread_blkcg+0xd0/0xd0
[   66.958771][ T6935]  ret_from_fork+0x1f/0x30
[   66.963168][ T6935] 
[   66.965472][ T6935] Allocated by task 6938:
[   66.969777][ T6935]  __kasan_kmalloc+0x103/0x140
[   66.974514][ T6935]  __alloc_skb+0xde/0x4f0
[   66.978817][ T6935]  vhci_write+0xb7/0x400
[   66.983037][ T6935]  __vfs_write+0x52f/0x6e0
[   66.987426][ T6935]  vfs_write+0x274/0x580
[   66.991645][ T6935]  ksys_write+0x11b/0x220
[   66.995954][ T6935]  do_syscall_64+0x73/0xe0
[   67.000352][ T6935]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   67.006215][ T6935] 
[   67.008521][ T6935] Freed by task 4964:
[   67.012483][ T6935]  __kasan_slab_free+0x114/0x170
[   67.017416][ T6935]  kfree+0x10a/0x220
[   67.021293][ T6935]  ep_eventpoll_release+0x44/0x50
[   67.026309][ T6935]  __fput+0x2f0/0x750
[   67.030282][ T6935]  task_work_run+0x137/0x1c0
[   67.034853][ T6935]  __prepare_exit_to_usermode+0x14c/0x1e0
[   67.040565][ T6935]  do_syscall_64+0x7f/0xe0
[   67.044960][ T6935]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   67.050927][ T6935] 
[   67.053247][ T6935] The buggy address belongs to the object at ffff8880a03fe800
[   67.053247][ T6935]  which belongs to the cache kmalloc-512 of size 512
[   67.067364][ T6935] The buggy address is located 507 bytes inside of
[   67.067364][ T6935]  512-byte region [ffff8880a03fe800, ffff8880a03fea00)
[   67.080607][ T6935] The buggy address belongs to the page:
[   67.086220][ T6935] page:ffffea000280ff80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   67.095316][ T6935] flags: 0xfffe0000000200(slab)
[   67.100148][ T6935] raw: 00fffe0000000200 ffffea000280cf88 ffffea0002795a88 ffff8880aa400a80
[   67.108721][ T6935] raw: 0000000000000000 ffff8880a03fe000 0000000100000004 0000000000000000
[   67.117278][ T6935] page dumped because: kasan: bad access detected
[   67.123663][ T6935] 
[   67.125967][ T6935] Memory state around the buggy address:
[   67.131585][ T6935]  ffff8880a03fe900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   67.139625][ T6935]  ffff8880a03fe980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   67.147750][ T6935] >ffff8880a03fea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.155782][ T6935]                    ^
[   67.159823][ T6935]  ffff8880a03fea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.167858][ T6935]  ffff8880a03feb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.175898][ T6935] ==================================================================
[   67.183933][ T6935] Disabling lock debugging due to kernel taint
[   67.201937][ T6935] Kernel panic - not syncing: panic_on_warn set ...
[   67.208555][ T6935] CPU: 0 PID: 6935 Comm: kworker/u5:2 Tainted: G    B             5.8.0-rc4-syzkaller #0
[   67.218371][ T6935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.228429][ T6935] Workqueue: hci0 hci_rx_work
[   67.233098][ T6935] Call Trace:
[   67.236385][ T6935]  dump_stack+0x1f0/0x31e
[   67.240712][ T6935]  panic+0x264/0x7a0
[   67.244603][ T6935]  ? trace_hardirqs_on+0x30/0x80
[   67.249538][ T6935]  kasan_report+0x1c9/0x1d0
[   67.254034][ T6935]  ? hci_event_packet+0x14ad/0x18240
[   67.259309][ T6935]  ? memcpy+0x3c/0x60
[   67.263272][ T6935]  check_memory_region+0x2b5/0x2f0
[   67.268354][ T6935]  ? hci_event_packet+0x14ad/0x18240
[   67.273706][ T6935]  memcpy+0x25/0x60
[   67.277511][ T6935]  hci_event_packet+0x14ad/0x18240
[   67.282622][ T6935]  ? trace_lock_release+0x137/0x1a0
[   67.287796][ T6935]  ? lockdep_hardirqs_on+0x38/0xe0
[   67.292885][ T6935]  hci_rx_work+0x236/0x9c0
[   67.297276][ T6935]  process_one_work+0x789/0xfc0
[   67.302129][ T6935]  worker_thread+0xaa4/0x1460
[   67.306779][ T6935]  ? _raw_spin_unlock_irqrestore+0x6f/0xd0
[   67.312556][ T6935]  kthread+0x37e/0x3a0
[   67.316598][ T6935]  ? rcu_lock_release+0x20/0x20
[   67.321417][ T6935]  ? kthread_blkcg+0xd0/0xd0
[   67.325976][ T6935]  ret_from_fork+0x1f/0x30
[   67.331555][ T6935] Kernel Offset: disabled
[   67.335863][ T6935] Rebooting in 86400 seconds..