Warning: Permanently added '10.128.1.8' (ED25519) to the list of known hosts.
executing program
[   42.002418][ T3969] ==================================================================
[   42.004813][ T3969] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0xdf0/0x30dc
[   42.006921][ T3969] Read of size 1 at addr ffff0000d236c604 by task kworker/u5:2/3969
[   42.009147][ T3969] 
[   42.009772][ T3969] CPU: 1 PID: 3969 Comm: kworker/u5:2 Not tainted 5.15.158-syzkaller #0
[   42.012124][ T3969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   42.014837][ T3969] Workqueue: hci0 hci_rx_work
[   42.016068][ T3969] Call trace:
[   42.016886][ T3969]  dump_backtrace+0x0/0x530
[   42.018093][ T3969]  show_stack+0x2c/0x3c
[   42.019198][ T3969]  dump_stack_lvl+0x108/0x170
[   42.020522][ T3969]  print_address_description+0x7c/0x3f0
[   42.022117][ T3969]  kasan_report+0x174/0x1e4
[   42.023314][ T3969]  __asan_report_load1_noabort+0x44/0x50
[   42.024950][ T3969]  hci_le_meta_evt+0xdf0/0x30dc
[   42.026170][ T3969]  hci_event_packet+0xd34/0x12b4
[   42.027525][ T3969]  hci_rx_work+0x1c0/0x7c4
[   42.028723][ T3969]  process_one_work+0x790/0x11b8
[   42.030077][ T3969]  worker_thread+0x910/0x1034
[   42.031331][ T3969]  kthread+0x37c/0x45c
[   42.032479][ T3969]  ret_from_fork+0x10/0x20
[   42.033681][ T3969] 
[   42.034309][ T3969] Allocated by task 3966:
[   42.035574][ T3969]  ____kasan_kmalloc+0xbc/0xfc
[   42.036903][ T3969]  __kasan_kmalloc+0x10/0x1c
[   42.038290][ T3969]  __kmalloc_node_track_caller+0x234/0x448
[   42.039891][ T3969]  kmalloc_reserve+0xe8/0x270
[   42.041160][ T3969]  __alloc_skb+0x1a4/0x584
[   42.042429][ T3969]  vhci_write+0xb8/0x3b8
[   42.043644][ T3969]  vfs_write+0x87c/0xb3c
[   42.044857][ T3969]  ksys_write+0x15c/0x26c
[   42.046071][ T3969]  __arm64_sys_write+0x7c/0x90
[   42.047341][ T3969]  invoke_syscall+0x98/0x2b8
[   42.048588][ T3969]  el0_svc_common+0x138/0x258
[   42.049789][ T3969]  do_el0_svc+0x58/0x14c
[   42.050988][ T3969]  el0_svc+0x7c/0x1f0
[   42.052124][ T3969]  el0t_64_sync_handler+0x84/0xe4
[   42.053497][ T3969]  el0t_64_sync+0x1a0/0x1a4
[   42.054743][ T3969] 
[   42.055404][ T3969] Last potentially related work creation:
[   42.056863][ T3969]  kasan_save_stack+0x38/0x68
[   42.058088][ T3969]  kasan_record_aux_stack+0xd4/0x11c
[   42.059538][ T3969]  kvfree_call_rcu+0xb8/0x684
[   42.060823][ T3969]  ops_init+0x2a4/0x548
[   42.061958][ T3969]  register_pernet_operations+0x268/0x700
[   42.063616][ T3969]  register_pernet_subsys+0x38/0x58
[   42.064962][ T3969]  tcf_register_action+0xe0/0x2e0
[   42.066313][ T3969]  ct_init_module+0x88/0xdc
[   42.067688][ T3969]  do_one_initcall+0x234/0x990
[   42.068990][ T3969]  do_initcall_level+0x154/0x214
[   42.070317][ T3969]  do_initcalls+0x58/0xac
[   42.071529][ T3969]  do_basic_setup+0x8c/0xa0
[   42.072791][ T3969]  kernel_init_freeable+0x460/0x640
[   42.074246][ T3969]  kernel_init+0x24/0x294
[   42.075469][ T3969]  ret_from_fork+0x10/0x20
[   42.076714][ T3969] 
[   42.077290][ T3969] The buggy address belongs to the object at ffff0000d236c400
[   42.077290][ T3969]  which belongs to the cache kmalloc-512 of size 512
[   42.081151][ T3969] The buggy address is located 4 bytes to the right of
[   42.081151][ T3969]  512-byte region [ffff0000d236c400, ffff0000d236c600)
[   42.084926][ T3969] The buggy address belongs to the page:
[   42.086374][ T3969] page:00000000e52b015f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11236c
[   42.089262][ T3969] head:00000000e52b015f order:2 compound_mapcount:0 compound_pincount:0
[   42.091483][ T3969] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   42.093560][ T3969] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600
[   42.095997][ T3969] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   42.098334][ T3969] page dumped because: kasan: bad access detected
[   42.100100][ T3969] 
[   42.100718][ T3969] Memory state around the buggy address:
[   42.102223][ T3969]  ffff0000d236c500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.104436][ T3969]  ffff0000d236c580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.106524][ T3969] >ffff0000d236c600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.108800][ T3969]                    ^
[   42.109933][ T3969]  ffff0000d236c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.112104][ T3969]  ffff0000d236c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.114240][ T3969] ==================================================================
[   42.116337][ T3969] Disabling lock debugging due to kernel taint
[   42.118269][ T3969] Bluetooth: hci0: Unknown advertising packet type: 0x3a30
[   42.118287][ T3969] Bluetooth: hci0: Unknown advertising packet type: 0x6975
[   42.120174][ T3969] Bluetooth: hci0: Unknown advertising packet type: 0x3553
[   42.122155][ T3969] Bluetooth: hci0: Unknown advertising packet type: 0x3030
[   42.124099][ T3969] Bluetooth: hci0: Unknown advertising packet type: 0x6970
[   42.126089][ T3969] Bluetooth: hci0: Unknown advertising packet type: 0x6e72
[   42.127888][ T3969] Bluetooth: hci0: Unknown advertising packet type: 0x2f76
[   42.129790][ T3969] Bluetooth: hci0: Unknown advertising packet type: 0x7e00