Warning: Permanently added '10.128.0.222' (ECDSA) to the list of known hosts. [ 33.108876] IPVS: ftp: loaded support on port[0] = 21 executing program [ 33.229433] Bluetooth: hci0: advertising data len corrected [ 33.235214] Bluetooth: Unknown advertising packet type: 0xffff [ 33.241444] Bluetooth: hci0: advertising data len corrected [ 33.247348] Bluetooth: Unknown advertising packet type: 0xffff [ 33.253467] ================================================================== [ 33.260941] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x3728/0x3f20 [ 33.268040] Read of size 1 at addr ffff8880aa1fd293 by task kworker/u5:2/8099 [ 33.275285] [ 33.276894] CPU: 1 PID: 8099 Comm: kworker/u5:2 Not tainted 4.19.211-syzkaller #0 [ 33.284503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 33.293839] Workqueue: hci0 hci_rx_work [ 33.297815] Call Trace: [ 33.300384] dump_stack+0x1fc/0x2ef [ 33.304023] print_address_description.cold+0x54/0x219 [ 33.309378] kasan_report_error.cold+0x8a/0x1b9 [ 33.314026] ? hci_le_meta_evt+0x3728/0x3f20 [ 33.318415] __asan_report_load1_noabort+0x88/0x90 [ 33.323325] ? hci_le_meta_evt+0x3728/0x3f20 [ 33.327732] hci_le_meta_evt+0x3728/0x3f20 [ 33.331951] ? __lock_acquire+0x6de/0x3ff0 [ 33.336167] ? hci_cmd_status_evt+0x6fc0/0x6fc0 [ 33.340833] ? __lock_acquire+0x6de/0x3ff0 [ 33.345051] ? __lock_acquire+0x6de/0x3ff0 [ 33.349283] hci_event_packet+0x34ad/0x7e20 [ 33.353590] ? mark_held_locks+0xf0/0xf0 [ 33.357629] ? __lock_acquire+0x6de/0x3ff0 [ 33.361859] ? hci_cmd_complete_evt+0xc280/0xc280 [ 33.366680] ? __update_load_avg_se+0x5ec/0xa00 [ 33.371332] ? debug_object_deactivate+0x1f9/0x2e0 [ 33.376255] ? mark_held_locks+0xa6/0xf0 [ 33.380298] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 33.385380] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 33.389947] hci_rx_work+0x4ad/0xc70 [ 33.393662] process_one_work+0x864/0x1570 [ 33.397899] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 33.402554] worker_thread+0x64c/0x1130 [ 33.406515] ? __kthread_parkme+0x133/0x1e0 [ 33.410832] ? process_one_work+0x1570/0x1570 [ 33.415311] kthread+0x33f/0x460 [ 33.418657] ? kthread_park+0x180/0x180 [ 33.422629] ret_from_fork+0x24/0x30 [ 33.426335] [ 33.427960] Allocated by task 8092: [ 33.431585] __kmalloc_node_track_caller+0x4c/0x70 [ 33.436496] __alloc_skb+0xae/0x560 [ 33.440119] vhci_write+0xbd/0x450 [ 33.443637] __vfs_write+0x51b/0x770 [ 33.447437] vfs_write+0x1f3/0x540 [ 33.450958] ksys_write+0x12b/0x2a0 [ 33.454564] do_syscall_64+0xf9/0x620 [ 33.458350] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.463529] [ 33.465134] Freed by task 4750: [ 33.468395] kfree+0xcc/0x210 [ 33.471480] skb_release_data+0x6de/0x920 [ 33.475604] consume_skb+0x113/0x3d0 [ 33.479312] netlink_unicast+0x4dd/0x690 [ 33.483351] netlink_sendmsg+0x6c3/0xc50 [ 33.487390] sock_sendmsg+0xc3/0x120 [ 33.491083] ___sys_sendmsg+0x7bb/0x8e0 [ 33.495048] __x64_sys_sendmsg+0x132/0x220 [ 33.499260] do_syscall_64+0xf9/0x620 [ 33.503040] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.508206] [ 33.509813] The buggy address belongs to the object at ffff8880aa1fd080 [ 33.509813] which belongs to the cache kmalloc-512 of size 512 [ 33.522724] The buggy address is located 19 bytes to the right of [ 33.522724] 512-byte region [ffff8880aa1fd080, ffff8880aa1fd280) [ 33.535029] The buggy address belongs to the page: [ 33.539943] page:ffffea0002a87f40 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0 [ 33.548065] flags: 0xfff00000000100(slab) [ 33.552197] raw: 00fff00000000100 ffffea00028a5548 ffff88813bff1748 ffff88813bff0940 [ 33.560065] raw: 0000000000000000 ffff8880aa1fd080 0000000100000006 0000000000000000 [ 33.567922] page dumped because: kasan: bad access detected [ 33.573609] [ 33.575215] Memory state around the buggy address: [ 33.580123] ffff8880aa1fd180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.587488] ffff8880aa1fd200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.594839] >ffff8880aa1fd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.602186] ^ [ 33.606055] ffff8880aa1fd300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.613399] ffff8880aa1fd380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.620739] ================================================================== [ 33.628096] Disabling lock debugging due to kernel taint [ 33.633837] Kernel panic - not syncing: panic_on_warn set ... [ 33.633837] [ 33.641201] CPU: 1 PID: 8099 Comm: kworker/u5:2 Tainted: G B 4.19.211-syzkaller #0 [ 33.650200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 33.659556] Workqueue: hci0 hci_rx_work [ 33.663517] Call Trace: [ 33.666089] dump_stack+0x1fc/0x2ef [ 33.669715] panic+0x26a/0x50e [ 33.672900] ? __warn_printk+0xf3/0xf3 [ 33.676772] ? preempt_schedule_common+0x45/0xc0 [ 33.681527] ? ___preempt_schedule+0x16/0x18 [ 33.685927] ? trace_hardirqs_on+0x55/0x210 [ 33.690248] kasan_end_report+0x43/0x49 [ 33.694221] kasan_report_error.cold+0xa7/0x1b9 [ 33.698885] ? hci_le_meta_evt+0x3728/0x3f20 [ 33.703288] __asan_report_load1_noabort+0x88/0x90 [ 33.708201] ? hci_le_meta_evt+0x3728/0x3f20 [ 33.712591] hci_le_meta_evt+0x3728/0x3f20 [ 33.716813] ? __lock_acquire+0x6de/0x3ff0 [ 33.721025] ? hci_cmd_status_evt+0x6fc0/0x6fc0 [ 33.725674] ? __lock_acquire+0x6de/0x3ff0 [ 33.729886] ? __lock_acquire+0x6de/0x3ff0 [ 33.734114] hci_event_packet+0x34ad/0x7e20 [ 33.738432] ? mark_held_locks+0xf0/0xf0 [ 33.742494] ? __lock_acquire+0x6de/0x3ff0 [ 33.746721] ? hci_cmd_complete_evt+0xc280/0xc280 [ 33.751546] ? __update_load_avg_se+0x5ec/0xa00 [ 33.756205] ? debug_object_deactivate+0x1f9/0x2e0 [ 33.761116] ? mark_held_locks+0xa6/0xf0 [ 33.765167] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 33.770252] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 33.774816] hci_rx_work+0x4ad/0xc70 [ 33.778513] process_one_work+0x864/0x1570 [ 33.782729] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 33.787381] worker_thread+0x64c/0x1130 [ 33.791336] ? __kthread_parkme+0x133/0x1e0 [ 33.795640] ? process_one_work+0x1570/0x1570 [ 33.800114] kthread+0x33f/0x460 [ 33.803461] ? kthread_park+0x180/0x180 [ 33.807416] ret_from_fork+0x24/0x30 [ 33.811352] Kernel Offset: disabled [ 33.814970] Rebooting in 86400 seconds..