[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[  OK  ] Started Load/Save RF Kill Switch Status.


Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   63.733146][ T1522] ==================================================================
[   63.741445][ T1522] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x6c7/0x18240
[   63.749329][ T1522] Read of size 6 at addr ffff88809a1da404 by task kworker/u5:0/1522
[   63.757294][ T1522] 
[   63.759632][ T1522] CPU: 0 PID: 1522 Comm: kworker/u5:0 Not tainted 5.8.0-rc3-syzkaller #0
[   63.768023][ T1522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.778092][ T1522] Workqueue: hci0 hci_rx_work
[   63.782828][ T1522] Call Trace:
[   63.786092][ T1522]  dump_stack+0x1f0/0x31e
[   63.790400][ T1522]  print_address_description+0x66/0x5a0
[   63.795917][ T1522]  ? vprintk_emit+0x342/0x3c0
[   63.800570][ T1522]  ? printk+0x62/0x83
[   63.804524][ T1522]  ? rcu_read_lock_sched_held+0x2f/0xa0
[   63.810055][ T1522]  ? vprintk_emit+0x339/0x3c0
[   63.814707][ T1522]  kasan_report+0x132/0x1d0
[   63.819189][ T1522]  ? hci_event_packet+0x6c7/0x18240
[   63.824361][ T1522]  ? memcpy+0x3c/0x60
[   63.828322][ T1522]  check_memory_region+0x2b5/0x2f0
[   63.833415][ T1522]  ? hci_event_packet+0x6c7/0x18240
[   63.838590][ T1522]  memcpy+0x25/0x60
[   63.842385][ T1522]  hci_event_packet+0x6c7/0x18240
[   63.847408][ T1522]  ? trace_lock_release+0x137/0x1a0
[   63.852588][ T1522]  ? lockdep_hardirqs_on+0x38/0xe0
[   63.857798][ T1522]  hci_rx_work+0x236/0x9c0
[   63.862212][ T1522]  process_one_work+0x789/0xfc0
[   63.867063][ T1522]  worker_thread+0xaa4/0x1460
[   63.871728][ T1522]  kthread+0x37e/0x3a0
[   63.875770][ T1522]  ? rcu_lock_release+0x20/0x20
[   63.880590][ T1522]  ? kthread_blkcg+0xd0/0xd0
[   63.885153][ T1522]  ret_from_fork+0x1f/0x30
[   63.889549][ T1522] 
[   63.891852][ T1522] Allocated by task 6806:
[   63.896155][ T1522]  __kasan_kmalloc+0x103/0x140
[   63.900892][ T1522]  __alloc_skb+0xde/0x4f0
[   63.905202][ T1522]  vhci_write+0xb7/0x400
[   63.909417][ T1522]  __vfs_write+0x52f/0x6e0
[   63.913805][ T1522]  vfs_write+0x274/0x580
[   63.918018][ T1522]  ksys_write+0x11b/0x220
[   63.922336][ T1522]  do_syscall_64+0x73/0xe0
[   63.926725][ T1522]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   63.932584][ T1522] 
[   63.934885][ T1522] Freed by task 1:
[   63.938581][ T1522]  __kasan_slab_free+0x114/0x170
[   63.943489][ T1522]  kfree+0x10a/0x220
[   63.947357][ T1522]  __kfree_skb+0x56/0x1c0
[   63.951659][ T1522]  skb_free_datagram+0x24/0xd0
[   63.956420][ T1522]  netlink_recvmsg+0x553/0xfe0
[   63.961157][ T1522]  ____sys_recvmsg+0x24a/0x510
[   63.965892][ T1522]  __sys_recvmsg+0x23b/0x7e0
[   63.970469][ T1522]  do_syscall_64+0x73/0xe0
[   63.974947][ T1522]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   63.980807][ T1522] 
[   63.983114][ T1522] The buggy address belongs to the object at ffff88809a1da000
[   63.983114][ T1522]  which belongs to the cache kmalloc-1k of size 1024
[   63.997224][ T1522] The buggy address is located 4 bytes to the right of
[   63.997224][ T1522]  1024-byte region [ffff88809a1da000, ffff88809a1da400)
[   64.010897][ T1522] The buggy address belongs to the page:
[   64.016505][ T1522] page:ffffea0002687680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   64.025582][ T1522] flags: 0xfffe0000000200(slab)
[   64.030426][ T1522] raw: 00fffe0000000200 ffffea00029c2a08 ffffea00027ac808 ffff8880aa400c40
[   64.038983][ T1522] raw: 0000000000000000 ffff88809a1da000 0000000100000002 0000000000000000
[   64.047533][ T1522] page dumped because: kasan: bad access detected
[   64.053913][ T1522] 
[   64.056233][ T1522] Memory state around the buggy address:
[   64.061836][ T1522]  ffff88809a1da300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.069870][ T1522]  ffff88809a1da380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.077903][ T1522] >ffff88809a1da400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.085930][ T1522]                    ^
[   64.089965][ T1522]  ffff88809a1da480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.097997][ T1522]  ffff88809a1da500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.106026][ T1522] ==================================================================
[   64.114054][ T1522] Disabling lock debugging due to kernel taint
[   64.120953][ T1522] Kernel panic - not syncing: panic_on_warn set ...
[   64.127529][ T1522] CPU: 0 PID: 1522 Comm: kworker/u5:0 Tainted: G    B             5.8.0-rc3-syzkaller #0
[   64.137316][ T1522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.147435][ T1522] Workqueue: hci0 hci_rx_work
[   64.152077][ T1522] Call Trace:
[   64.155361][ T1522]  dump_stack+0x1f0/0x31e
[   64.159660][ T1522]  panic+0x264/0x7a0
[   64.163526][ T1522]  ? trace_hardirqs_on+0x30/0x80
[   64.168437][ T1522]  kasan_report+0x1c9/0x1d0
[   64.172910][ T1522]  ? hci_event_packet+0x6c7/0x18240
[   64.178076][ T1522]  ? memcpy+0x3c/0x60
[   64.182035][ T1522]  check_memory_region+0x2b5/0x2f0
[   64.187117][ T1522]  ? hci_event_packet+0x6c7/0x18240
[   64.192285][ T1522]  memcpy+0x25/0x60
[   64.196151][ T1522]  hci_event_packet+0x6c7/0x18240
[   64.201159][ T1522]  ? trace_lock_release+0x137/0x1a0
[   64.206334][ T1522]  ? lockdep_hardirqs_on+0x38/0xe0
[   64.211417][ T1522]  hci_rx_work+0x236/0x9c0
[   64.215808][ T1522]  process_one_work+0x789/0xfc0
[   64.220633][ T1522]  worker_thread+0xaa4/0x1460
[   64.225288][ T1522]  kthread+0x37e/0x3a0
[   64.229425][ T1522]  ? rcu_lock_release+0x20/0x20
[   64.234245][ T1522]  ? kthread_blkcg+0xd0/0xd0
[   64.238912][ T1522]  ret_from_fork+0x1f/0x30
[   64.244455][ T1522] Kernel Offset: disabled
[   64.248768][ T1522] Rebooting in 86400 seconds..