Warning: Permanently added '10.128.1.165' (ED25519) to the list of known hosts. executing program [ 45.894085][ T4023] Bluetooth: hci0: Unknown advertising packet type: 0xffff [ 45.894164][ T4023] ================================================================== [ 45.898258][ T4023] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0xdd0/0x31c0 [ 45.900265][ T4023] Read of size 1 at addr ffff0000c158ac0a by task kworker/u5:2/4023 [ 45.902311][ T4023] [ 45.902924][ T4023] CPU: 1 PID: 4023 Comm: kworker/u5:2 Not tainted 5.15.179-syzkaller #0 [ 45.905063][ T4023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 45.907569][ T4023] Workqueue: hci0 hci_rx_work [ 45.908794][ T4023] Call trace: [ 45.909621][ T4023] dump_backtrace+0x0/0x530 [ 45.910776][ T4023] show_stack+0x2c/0x3c [ 45.911788][ T4023] dump_stack_lvl+0x108/0x170 [ 45.913000][ T4023] print_address_description+0x7c/0x3f0 [ 45.914392][ T4023] kasan_report+0x174/0x1e4 [ 45.915496][ T4023] __asan_report_load1_noabort+0x44/0x50 [ 45.916966][ T4023] hci_le_meta_evt+0xdd0/0x31c0 [ 45.918149][ T4023] hci_event_packet+0xd34/0x12b4 [ 45.919374][ T4023] hci_rx_work+0x1d0/0x830 [ 45.920525][ T4023] process_one_work+0x790/0x11b8 [ 45.921797][ T4023] worker_thread+0x910/0x1034 [ 45.923015][ T4023] kthread+0x37c/0x45c [ 45.924104][ T4023] ret_from_fork+0x10/0x20 [ 45.925226][ T4023] [ 45.925774][ T4023] Allocated by task 4019: [ 45.926864][ T4023] ____kasan_kmalloc+0xbc/0xfc [ 45.928118][ T4023] __kasan_kmalloc+0x10/0x1c [ 45.929232][ T4023] __kmalloc_node_track_caller+0x234/0x448 [ 45.930702][ T4023] kmalloc_reserve+0xe8/0x270 [ 45.931843][ T4023] __alloc_skb+0x1a4/0x584 [ 45.933014][ T4023] vhci_write+0xb8/0x3b8 [ 45.934081][ T4023] vfs_write+0x884/0xb44 [ 45.935175][ T4023] ksys_write+0x15c/0x26c [ 45.936334][ T4023] __arm64_sys_write+0x7c/0x90 [ 45.937582][ T4023] invoke_syscall+0x98/0x2b8 [ 45.938726][ T4023] el0_svc_common+0x138/0x258 [ 45.939908][ T4023] do_el0_svc+0x58/0x14c [ 45.940980][ T4023] el0_svc+0x7c/0x1f0 [ 45.941996][ T4023] el0t_64_sync_handler+0x84/0xe4 [ 45.943315][ T4023] el0t_64_sync+0x1a0/0x1a4 [ 45.944472][ T4023] [ 45.945052][ T4023] The buggy address belongs to the object at ffff0000c158a800 [ 45.945052][ T4023] which belongs to the cache kmalloc-1k of size 1024 [ 45.948614][ T4023] The buggy address is located 10 bytes to the right of [ 45.948614][ T4023] 1024-byte region [ffff0000c158a800, ffff0000c158ac00) [ 45.952082][ T4023] The buggy address belongs to the page: [ 45.953551][ T4023] page:00000000d0b3a835 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101588 [ 45.956183][ T4023] head:00000000d0b3a835 order:3 compound_mapcount:0 compound_pincount:0 [ 45.958335][ T4023] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 45.960335][ T4023] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 [ 45.962530][ T4023] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 45.964651][ T4023] page dumped because: kasan: bad access detected [ 45.966283][ T4023] [ 45.966879][ T4023] Memory state around the buggy address: [ 45.968357][ T4023] ffff0000c158ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.970476][ T4023] ffff0000c158ab80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.972599][ T4023] >ffff0000c158ac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.974654][ T4023] ^ [ 45.975736][ T4023] ffff0000c158ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.977763][ T4023] ffff0000c158ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.979882][ T4023] ================================================================== [ 45.981914][ T4023] Disabling lock debugging due to kernel taint