Warning: Permanently added '10.128.0.209' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   43.026265][ T3587] Bluetooth: hci0: Unknown advertising packet type: 0x6678
[   43.026362][ T3587] ==================================================================
[   43.041713][ T3587] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x11d3/0x3b90
[   43.049522][ T3587] Read of size 1 at addr ffff88801d815c0a by task kworker/u5:1/3587
[   43.057490][ T3587] 
[   43.059811][ T3587] CPU: 1 PID: 3587 Comm: kworker/u5:1 Not tainted 5.15.104-syzkaller #0
[   43.068235][ T3587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   43.078315][ T3587] Workqueue: hci0 hci_rx_work
[   43.083009][ T3587] Call Trace:
[   43.086579][ T3587]  <TASK>
[   43.089510][ T3587]  dump_stack_lvl+0x1e3/0x2cb
[   43.094185][ T3587]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   43.099824][ T3587]  ? _printk+0xd1/0x111
[   43.103990][ T3587]  ? __wake_up_klogd+0xcc/0x100
[   43.108850][ T3587]  ? panic+0x84d/0x84d
[   43.112904][ T3587]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   43.118365][ T3587]  print_address_description+0x63/0x3b0
[   43.123903][ T3587]  ? hci_le_meta_evt+0x11d3/0x3b90
[   43.129000][ T3587]  kasan_report+0x16b/0x1c0
[   43.133492][ T3587]  ? hci_le_meta_evt+0x11d3/0x3b90
[   43.138589][ T3587]  hci_le_meta_evt+0x11d3/0x3b90
[   43.143515][ T3587]  ? __mutex_lock_common+0x444/0x25a0
[   43.148889][ T3587]  ? hci_remote_host_features_evt+0x260/0x260
[   43.155025][ T3587]  ? __mutex_unlock_slowpath+0x218/0x750
[   43.160638][ T3587]  ? hci_event_packet+0x3b4/0x1480
[   43.165742][ T3587]  ? mutex_unlock+0x10/0x10
[   43.170233][ T3587]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   43.176200][ T3587]  ? print_irqtrace_events+0x210/0x210
[   43.181674][ T3587]  hci_event_packet+0xc28/0x1480
[   43.186609][ T3587]  ? rcu_lock_release+0x20/0x20
[   43.191454][ T3587]  ? hci_send_to_monitor+0x99/0x4d0
[   43.196641][ T3587]  hci_rx_work+0x240/0x7d0
[   43.201058][ T3587]  ? do_raw_spin_unlock+0x137/0x8b0
[   43.206255][ T3587]  process_one_work+0x8a1/0x10c0
[   43.211188][ T3587]  ? worker_detach_from_pool+0x260/0x260
[   43.216809][ T3587]  ? _raw_spin_lock_irqsave+0x120/0x120
[   43.222365][ T3587]  ? kthread_data+0x4e/0xc0
[   43.226854][ T3587]  ? wq_worker_running+0x97/0x170
[   43.231876][ T3587]  worker_thread+0xaca/0x1280
[   43.236654][ T3587]  kthread+0x3f6/0x4f0
[   43.240708][ T3587]  ? rcu_lock_release+0x20/0x20
[   43.245633][ T3587]  ? kthread_blkcg+0xd0/0xd0
[   43.250338][ T3587]  ret_from_fork+0x1f/0x30
[   43.254762][ T3587]  </TASK>
[   43.257798][ T3587] 
[   43.260200][ T3587] Allocated by task 3585:
[   43.264529][ T3587]  ____kasan_kmalloc+0xba/0xf0
[   43.269298][ T3587]  __kmalloc_node_track_caller+0x195/0x390
[   43.275093][ T3587]  __alloc_skb+0x12c/0x590
[   43.279494][ T3587]  vhci_write+0xbc/0x430
[   43.283724][ T3587]  vfs_write+0xacf/0xe50
[   43.287950][ T3587]  ksys_write+0x1a2/0x2c0
[   43.292261][ T3587]  do_syscall_64+0x3d/0xb0
[   43.296754][ T3587]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   43.302659][ T3587] 
[   43.304967][ T3587] The buggy address belongs to the object at ffff88801d815800
[   43.304967][ T3587]  which belongs to the cache kmalloc-1k of size 1024
[   43.319012][ T3587] The buggy address is located 10 bytes to the right of
[   43.319012][ T3587]  1024-byte region [ffff88801d815800, ffff88801d815c00)
[   43.332907][ T3587] The buggy address belongs to the page:
[   43.338524][ T3587] page:ffffea0000760400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d810
[   43.348669][ T3587] head:ffffea0000760400 order:3 compound_mapcount:0 compound_pincount:0
[   43.357233][ T3587] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   43.365199][ T3587] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011c41dc0
[   43.373849][ T3587] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   43.382407][ T3587] page dumped because: kasan: bad access detected
[   43.388802][ T3587] page_owner tracks the page as allocated
[   43.394597][ T3587] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3585, ts 43022835256, free_ts 43016006820
[   43.413778][ T3587]  get_page_from_freelist+0x322a/0x33c0
[   43.419409][ T3587]  __alloc_pages+0x272/0x700
[   43.423980][ T3587]  new_slab+0xbb/0x4b0
[   43.428029][ T3587]  ___slab_alloc+0x6f6/0xe10
[   43.432599][ T3587]  kmem_cache_alloc_trace+0x1a0/0x290
[   43.437952][ T3587]  rxrpc_alloc_connection+0x72/0x420
[   43.443220][ T3587]  rxrpc_prealloc_service_connection+0x1f/0x5a0
[   43.449532][ T3587]  rxrpc_service_prealloc_one+0x2c5/0xf50
[   43.455240][ T3587]  rxrpc_kernel_charge_accept+0xce/0x100
[   43.460852][ T3587]  afs_charge_preallocation+0xb6/0x2b0
[   43.466317][ T3587]  afs_open_socket+0x455/0x600
[   43.471062][ T3587]  afs_net_init+0x7b5/0x990
[   43.475559][ T3587]  ops_init+0x356/0x600
[   43.479730][ T3587]  setup_net+0x358/0x9e0
[   43.484060][ T3587]  copy_net_ns+0x395/0x5d0
[   43.488486][ T3587]  create_new_namespaces+0x425/0x7a0
[   43.493770][ T3587] page last free stack trace:
[   43.498449][ T3587]  free_unref_page_prepare+0xc34/0xcf0
[   43.503909][ T3587]  free_unref_page+0x95/0x2d0
[   43.508581][ T3587]  __unfreeze_partials+0x1b7/0x210
[   43.513770][ T3587]  put_cpu_partial+0x132/0x1a0
[   43.518520][ T3587]  ___cache_free+0xe3/0x100
[   43.523011][ T3587]  qlist_free_all+0x36/0x90
[   43.527498][ T3587]  kasan_quarantine_reduce+0x162/0x180
[   43.533024][ T3587]  __kasan_slab_alloc+0x2f/0xc0
[   43.537855][ T3587]  slab_post_alloc_hook+0x53/0x380
[   43.542948][ T3587]  __kmalloc+0x120/0x300
[   43.547259][ T3587]  ops_init+0x8b/0x600
[   43.551313][ T3587]  setup_net+0x358/0x9e0
[   43.555547][ T3587]  copy_net_ns+0x395/0x5d0
[   43.559947][ T3587]  create_new_namespaces+0x425/0x7a0
[   43.565215][ T3587]  unshare_nsproxy_namespaces+0x11e/0x170
[   43.571178][ T3587]  ksys_unshare+0x580/0xb20
[   43.575663][ T3587] 
[   43.577971][ T3587] Memory state around the buggy address:
[   43.583579][ T3587]  ffff88801d815b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   43.591616][ T3587]  ffff88801d815b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   43.599747][ T3587] >ffff88801d815c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.607812][ T3587]                       ^
[   43.612123][ T3587]  ffff88801d815c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.620164][ T3587]  ffff88801d815d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.628205][ T3587] ==================================================================
[   43.636240][ T3587] Disabling lock debugging due to kernel taint
[   43.646205][ T3587] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   43.653489][ T3587] CPU: 1 PID: 3587 Comm: kworker/u5:1 Tainted: G    B             5.15.104-syzkaller #0
[   43.663275][ T3587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   43.673332][ T3587] Workqueue: hci0 hci_rx_work
[   43.678034][ T3587] Call Trace:
[   43.681305][ T3587]  <TASK>
[   43.684218][ T3587]  dump_stack_lvl+0x1e3/0x2cb
[   43.688883][ T3587]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   43.694518][ T3587]  ? panic+0x84d/0x84d
[   43.698570][ T3587]  ? rcu_is_watching+0x11/0xa0
[   43.703327][ T3587]  ? preempt_schedule_common+0xa6/0xd0
[   43.708777][ T3587]  panic+0x318/0x84d
[   43.712662][ T3587]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   43.718803][ T3587]  ? check_panic_on_warn+0x1d/0xa0
[   43.723901][ T3587]  ? fb_is_primary_device+0xcc/0xcc
[   43.729080][ T3587]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   43.735050][ T3587]  ? _raw_spin_unlock+0x40/0x40
[   43.739878][ T3587]  check_panic_on_warn+0x7e/0xa0
[   43.744796][ T3587]  ? hci_le_meta_evt+0x11d3/0x3b90
[   43.749884][ T3587]  end_report+0x6d/0xf0
[   43.754033][ T3587]  kasan_report+0x18e/0x1c0
[   43.758510][ T3587]  ? hci_le_meta_evt+0x11d3/0x3b90
[   43.763599][ T3587]  hci_le_meta_evt+0x11d3/0x3b90
[   43.768515][ T3587]  ? __mutex_lock_common+0x444/0x25a0
[   43.773867][ T3587]  ? hci_remote_host_features_evt+0x260/0x260
[   43.779912][ T3587]  ? __mutex_unlock_slowpath+0x218/0x750
[   43.785520][ T3587]  ? hci_event_packet+0x3b4/0x1480
[   43.790628][ T3587]  ? mutex_unlock+0x10/0x10
[   43.795115][ T3587]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   43.801072][ T3587]  ? print_irqtrace_events+0x210/0x210
[   43.806506][ T3587]  hci_event_packet+0xc28/0x1480
[   43.811422][ T3587]  ? rcu_lock_release+0x20/0x20
[   43.816270][ T3587]  ? hci_send_to_monitor+0x99/0x4d0
[   43.821443][ T3587]  hci_rx_work+0x240/0x7d0
[   43.825834][ T3587]  ? do_raw_spin_unlock+0x137/0x8b0
[   43.831014][ T3587]  process_one_work+0x8a1/0x10c0
[   43.835930][ T3587]  ? worker_detach_from_pool+0x260/0x260
[   43.841537][ T3587]  ? _raw_spin_lock_irqsave+0x120/0x120
[   43.847060][ T3587]  ? kthread_data+0x4e/0xc0
[   43.851540][ T3587]  ? wq_worker_running+0x97/0x170
[   43.856545][ T3587]  worker_thread+0xaca/0x1280
[   43.861202][ T3587]  kthread+0x3f6/0x4f0
[   43.865246][ T3587]  ? rcu_lock_release+0x20/0x20
[   43.870089][ T3587]  ? kthread_blkcg+0xd0/0xd0
[   43.874741][ T3587]  ret_from_fork+0x1f/0x30
[   43.879143][ T3587]  </TASK>
[   43.882303][ T3587] Kernel Offset: disabled
[   43.886610][ T3587] Rebooting in 86400 seconds..