Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts. executing program [ 44.517021][ T4023] Bluetooth: hci0: Unknown advertising packet type: 0x7470 [ 44.517101][ T4023] ================================================================== [ 44.520587][ T4023] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0xdd0/0x31c0 [ 44.522285][ T4023] Read of size 1 at addr ffff0000da467c0a by task kworker/u5:2/4023 [ 44.524122][ T4023] [ 44.524582][ T4023] CPU: 0 PID: 4023 Comm: kworker/u5:2 Not tainted 5.15.173-syzkaller #0 [ 44.526434][ T4023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 44.528662][ T4023] Workqueue: hci0 hci_rx_work [ 44.529637][ T4023] Call trace: [ 44.530330][ T4023] dump_backtrace+0x0/0x530 [ 44.531321][ T4023] show_stack+0x2c/0x3c [ 44.532239][ T4023] dump_stack_lvl+0x108/0x170 [ 44.533201][ T4023] print_address_description+0x7c/0x3f0 [ 44.534344][ T4023] kasan_report+0x174/0x1e4 [ 44.535312][ T4023] __asan_report_load1_noabort+0x44/0x50 [ 44.536503][ T4023] hci_le_meta_evt+0xdd0/0x31c0 [ 44.537489][ T4023] hci_event_packet+0xd34/0x12b4 [ 44.538463][ T4023] hci_rx_work+0x1c0/0x7c4 [ 44.539444][ T4023] process_one_work+0x790/0x11b8 [ 44.540561][ T4023] worker_thread+0x910/0x1034 [ 44.541565][ T4023] kthread+0x37c/0x45c [ 44.542426][ T4023] ret_from_fork+0x10/0x20 [ 44.543349][ T4023] [ 44.543770][ T4023] Allocated by task 4019: [ 44.544646][ T4023] ____kasan_kmalloc+0xbc/0xfc [ 44.545701][ T4023] __kasan_kmalloc+0x10/0x1c [ 44.546679][ T4023] __kmalloc_node_track_caller+0x234/0x448 [ 44.547880][ T4023] kmalloc_reserve+0xe8/0x270 [ 44.548920][ T4023] __alloc_skb+0x1a4/0x584 [ 44.550001][ T4023] vhci_write+0xb8/0x3b8 [ 44.550869][ T4023] vfs_write+0x884/0xb44 [ 44.551722][ T4023] ksys_write+0x15c/0x26c [ 44.552643][ T4023] __arm64_sys_write+0x7c/0x90 [ 44.553601][ T4023] invoke_syscall+0x98/0x2b8 [ 44.554475][ T4023] el0_svc_common+0x138/0x258 [ 44.555408][ T4023] do_el0_svc+0x58/0x14c [ 44.556264][ T4023] el0_svc+0x7c/0x1f0 [ 44.557277][ T4023] el0t_64_sync_handler+0x84/0xe4 [ 44.558297][ T4023] el0t_64_sync+0x1a0/0x1a4 [ 44.559272][ T4023] [ 44.559754][ T4023] The buggy address belongs to the object at ffff0000da467800 [ 44.559754][ T4023] which belongs to the cache kmalloc-1k of size 1024 [ 44.562600][ T4023] The buggy address is located 10 bytes to the right of [ 44.562600][ T4023] 1024-byte region [ffff0000da467800, ffff0000da467c00) [ 44.565576][ T4023] The buggy address belongs to the page: [ 44.566740][ T4023] page:00000000af41642b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a460 [ 44.568935][ T4023] head:00000000af41642b order:3 compound_mapcount:0 compound_pincount:0 [ 44.570646][ T4023] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 44.572343][ T4023] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 [ 44.574027][ T4023] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 44.575853][ T4023] page dumped because: kasan: bad access detected [ 44.577223][ T4023] [ 44.577693][ T4023] Memory state around the buggy address: [ 44.578971][ T4023] ffff0000da467b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.580749][ T4023] ffff0000da467b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.582291][ T4023] >ffff0000da467c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.583980][ T4023] ^ [ 44.584961][ T4023] ffff0000da467c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.586637][ T4023] ffff0000da467d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.588458][ T4023] ================================================================== [ 44.590215][ T4023] Disabling lock debugging due to kernel taint