Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts.
executing program
[   55.094927][ T3500] Bluetooth: hci0: Unknown advertising packet type: 0x35
[   55.095050][ T3500] ==================================================================
[   55.110268][ T3500] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x11ed/0x3b90
[   55.118104][ T3500] Read of size 1 at addr ffff888074a71c06 by task kworker/u5:1/3500
[   55.126097][ T3500] 
[   55.128419][ T3500] CPU: 1 PID: 3500 Comm: kworker/u5:1 Not tainted 5.15.120-syzkaller #0
[   55.136742][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   55.146801][ T3500] Workqueue: hci0 hci_rx_work
[   55.151485][ T3500] Call Trace:
[   55.154764][ T3500]  <TASK>
[   55.157691][ T3500]  dump_stack_lvl+0x1e3/0x2cb
[   55.162373][ T3500]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   55.168000][ T3500]  ? _printk+0xd1/0x111
[   55.172153][ T3500]  ? __wake_up_klogd+0xcc/0x100
[   55.177003][ T3500]  ? panic+0x84d/0x84d
[   55.181066][ T3500]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   55.186526][ T3500]  print_address_description+0x63/0x3b0
[   55.192074][ T3500]  ? hci_le_meta_evt+0x11ed/0x3b90
[   55.197199][ T3500]  kasan_report+0x16b/0x1c0
[   55.201722][ T3500]  ? hci_le_meta_evt+0x11ed/0x3b90
[   55.206957][ T3500]  hci_le_meta_evt+0x11ed/0x3b90
[   55.211931][ T3500]  ? __mutex_lock_common+0x444/0x25a0
[   55.217338][ T3500]  ? hci_remote_host_features_evt+0x260/0x260
[   55.223433][ T3500]  ? __mutex_unlock_slowpath+0x218/0x750
[   55.229087][ T3500]  ? hci_event_packet+0x3b4/0x1480
[   55.234225][ T3500]  ? mutex_unlock+0x10/0x10
[   55.238740][ T3500]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   55.244727][ T3500]  ? print_irqtrace_events+0x210/0x210
[   55.250191][ T3500]  hci_event_packet+0xc28/0x1480
[   55.255140][ T3500]  ? rcu_lock_release+0x20/0x20
[   55.260014][ T3500]  ? hci_send_to_monitor+0x99/0x4d0
[   55.265235][ T3500]  hci_rx_work+0x240/0x7d0
[   55.269669][ T3500]  ? do_raw_spin_unlock+0x137/0x8b0
[   55.274884][ T3500]  process_one_work+0x8a1/0x10c0
[   55.279842][ T3500]  ? worker_detach_from_pool+0x260/0x260
[   55.285483][ T3500]  ? _raw_spin_lock_irqsave+0x120/0x120
[   55.291032][ T3500]  ? wq_worker_running+0x97/0x170
[   55.296054][ T3500]  worker_thread+0xaca/0x1280
[   55.300749][ T3500]  kthread+0x3f6/0x4f0
[   55.304815][ T3500]  ? rcu_lock_release+0x20/0x20
[   55.309674][ T3500]  ? kthread_blkcg+0xd0/0xd0
[   55.314261][ T3500]  ret_from_fork+0x1f/0x30
[   55.318686][ T3500]  </TASK>
[   55.321698][ T3500] 
[   55.324018][ T3500] Allocated by task 3498:
[   55.328337][ T3500]  ____kasan_kmalloc+0xba/0xf0
[   55.333096][ T3500]  __kmalloc_node_track_caller+0x195/0x390
[   55.338898][ T3500]  __alloc_skb+0x12c/0x590
[   55.343314][ T3500]  vhci_write+0xbc/0x430
[   55.347556][ T3500]  vfs_write+0xacf/0xe50
[   55.351790][ T3500]  ksys_write+0x1a2/0x2c0
[   55.356117][ T3500]  do_syscall_64+0x3d/0xb0
[   55.360531][ T3500]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   55.366421][ T3500] 
[   55.368734][ T3500] The buggy address belongs to the object at ffff888074a71800
[   55.368734][ T3500]  which belongs to the cache kmalloc-1k of size 1024
[   55.382779][ T3500] The buggy address is located 6 bytes to the right of
[   55.382779][ T3500]  1024-byte region [ffff888074a71800, ffff888074a71c00)
[   55.396600][ T3500] The buggy address belongs to the page:
[   55.402235][ T3500] page:ffffea0001d29c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74a70
[   55.412384][ T3500] head:ffffea0001d29c00 order:3 compound_mapcount:0 compound_pincount:0
[   55.420702][ T3500] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   55.428691][ T3500] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011c41dc0
[   55.437271][ T3500] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   55.445842][ T3500] page dumped because: kasan: bad access detected
[   55.452239][ T3500] page_owner tracks the page as allocated
[   55.457940][ T3500] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3498, ts 55090662219, free_ts 49156968547
[   55.477045][ T3500]  get_page_from_freelist+0x322a/0x33c0
[   55.482593][ T3500]  __alloc_pages+0x272/0x700
[   55.487179][ T3500]  new_slab+0xbb/0x4b0
[   55.491240][ T3500]  ___slab_alloc+0x6f6/0xe10
[   55.495822][ T3500]  kmem_cache_alloc_trace+0x1a0/0x290
[   55.501186][ T3500]  rxrpc_alloc_connection+0x72/0x420
[   55.506471][ T3500]  rxrpc_prealloc_service_connection+0x1f/0x5a0
[   55.512706][ T3500]  rxrpc_service_prealloc_one+0x2c5/0xf50
[   55.518420][ T3500]  rxrpc_kernel_charge_accept+0xce/0x100
[   55.524044][ T3500]  afs_charge_preallocation+0xb6/0x2b0
[   55.529499][ T3500]  afs_open_socket+0x455/0x600
[   55.534254][ T3500]  afs_net_init+0x7b5/0x990
[   55.538753][ T3500]  ops_init+0x356/0x600
[   55.542909][ T3500]  setup_net+0x358/0x9e0
[   55.547146][ T3500]  copy_net_ns+0x395/0x5d0
[   55.551555][ T3500]  create_new_namespaces+0x425/0x7a0
[   55.556840][ T3500] page last free stack trace:
[   55.561502][ T3500]  free_unref_page_prepare+0xc34/0xcf0
[   55.566958][ T3500]  free_unref_page+0x95/0x2d0
[   55.571633][ T3500]  skb_release_data+0x411/0x8a0
[   55.576479][ T3500]  __kfree_skb+0x4c/0x60
[   55.580757][ T3500]  tcp_recvmsg_locked+0x1629/0x29b0
[   55.585954][ T3500]  tcp_recvmsg+0x24e/0x7f0
[   55.590366][ T3500]  inet_recvmsg+0x157/0x280
[   55.594874][ T3500]  sock_read_iter+0x353/0x480
[   55.599545][ T3500]  vfs_read+0xa9f/0xe10
[   55.603703][ T3500]  ksys_read+0x1a2/0x2c0
[   55.607939][ T3500]  do_syscall_64+0x3d/0xb0
[   55.612349][ T3500]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   55.618247][ T3500] 
[   55.620562][ T3500] Memory state around the buggy address:
[   55.626269][ T3500]  ffff888074a71b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.634323][ T3500]  ffff888074a71b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.642378][ T3500] >ffff888074a71c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.650426][ T3500]                    ^
[   55.654481][ T3500]  ffff888074a71c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.662552][ T3500]  ffff888074a71d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.670602][ T3500] ==================================================================
[   55.678656][ T3500] Disabling lock debugging due to kernel taint
[   55.685113][ T3500] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   55.692317][ T3500] CPU: 1 PID: 3500 Comm: kworker/u5:1 Tainted: G    B             5.15.120-syzkaller #0
[   55.702051][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   55.712106][ T3500] Workqueue: hci0 hci_rx_work
[   55.716786][ T3500] Call Trace:
[   55.720049][ T3500]  <TASK>
[   55.722966][ T3500]  dump_stack_lvl+0x1e3/0x2cb
[   55.727639][ T3500]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   55.733257][ T3500]  ? panic+0x84d/0x84d
[   55.737312][ T3500]  ? rcu_is_watching+0x11/0xa0
[   55.742062][ T3500]  ? preempt_schedule_common+0xa6/0xd0
[   55.747511][ T3500]  panic+0x318/0x84d
[   55.751388][ T3500]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   55.757528][ T3500]  ? check_panic_on_warn+0x1d/0xa0
[   55.762626][ T3500]  ? fb_is_primary_device+0xcc/0xcc
[   55.767815][ T3500]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   55.773781][ T3500]  ? _raw_spin_unlock+0x40/0x40
[   55.778618][ T3500]  check_panic_on_warn+0x7e/0xa0
[   55.783545][ T3500]  ? hci_le_meta_evt+0x11ed/0x3b90
[   55.788645][ T3500]  end_report+0x6d/0xf0
[   55.792791][ T3500]  kasan_report+0x18e/0x1c0
[   55.797284][ T3500]  ? hci_le_meta_evt+0x11ed/0x3b90
[   55.802384][ T3500]  hci_le_meta_evt+0x11ed/0x3b90
[   55.807312][ T3500]  ? __mutex_lock_common+0x444/0x25a0
[   55.812678][ T3500]  ? hci_remote_host_features_evt+0x260/0x260
[   55.818748][ T3500]  ? __mutex_unlock_slowpath+0x218/0x750
[   55.824365][ T3500]  ? hci_event_packet+0x3b4/0x1480
[   55.829465][ T3500]  ? mutex_unlock+0x10/0x10
[   55.833954][ T3500]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   55.839921][ T3500]  ? print_irqtrace_events+0x210/0x210
[   55.845367][ T3500]  hci_event_packet+0xc28/0x1480
[   55.850295][ T3500]  ? rcu_lock_release+0x20/0x20
[   55.855135][ T3500]  ? hci_send_to_monitor+0x99/0x4d0
[   55.860320][ T3500]  hci_rx_work+0x240/0x7d0
[   55.864730][ T3500]  ? do_raw_spin_unlock+0x137/0x8b0
[   55.869916][ T3500]  process_one_work+0x8a1/0x10c0
[   55.874844][ T3500]  ? worker_detach_from_pool+0x260/0x260
[   55.880464][ T3500]  ? _raw_spin_lock_irqsave+0x120/0x120
[   55.886017][ T3500]  ? wq_worker_running+0x97/0x170
[   55.891032][ T3500]  worker_thread+0xaca/0x1280
[   55.895702][ T3500]  kthread+0x3f6/0x4f0
[   55.899756][ T3500]  ? rcu_lock_release+0x20/0x20
[   55.904591][ T3500]  ? kthread_blkcg+0xd0/0xd0
[   55.909165][ T3500]  ret_from_fork+0x1f/0x30
[   55.913573][ T3500]  </TASK>
[   55.916859][ T3500] Kernel Offset: disabled
[   55.921175][ T3500] Rebooting in 86400 seconds..