Warning: Permanently added '10.128.1.174' (ED25519) to the list of known hosts.
executing program
[   51.391180][ T3509] ==================================================================
[   51.399434][ T3509] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x11db/0x3df0
[   51.407252][ T3509] Read of size 1 at addr ffff888147baf604 by task kworker/u5:2/3509
[   51.415217][ T3509] 
[   51.417530][ T3509] CPU: 0 PID: 3509 Comm: kworker/u5:2 Not tainted 5.15.153-syzkaller #0
[   51.425841][ T3509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[   51.435900][ T3509] Workqueue: hci0 hci_rx_work
[   51.440576][ T3509] Call Trace:
[   51.443864][ T3509]  <TASK>
[   51.446798][ T3509]  dump_stack_lvl+0x1e3/0x2cb
[   51.451486][ T3509]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   51.457114][ T3509]  ? _printk+0xd1/0x111
[   51.461260][ T3509]  ? __wake_up_klogd+0xcc/0x100
[   51.466096][ T3509]  ? panic+0x84d/0x84d
[   51.470149][ T3509]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   51.475606][ T3509]  print_address_description+0x63/0x3b0
[   51.481143][ T3509]  ? hci_le_meta_evt+0x11db/0x3df0
[   51.486237][ T3509]  kasan_report+0x16b/0x1c0
[   51.490740][ T3509]  ? hci_le_meta_evt+0x11db/0x3df0
[   51.495849][ T3509]  hci_le_meta_evt+0x11db/0x3df0
[   51.500784][ T3509]  ? __mutex_lock_common+0x444/0x25a0
[   51.506170][ T3509]  ? hci_remote_host_features_evt+0x280/0x280
[   51.512226][ T3509]  ? __mutex_unlock_slowpath+0x218/0x750
[   51.517848][ T3509]  ? hci_event_packet+0x3b4/0x1550
[   51.522952][ T3509]  ? mutex_unlock+0x10/0x10
[   51.527478][ T3509]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   51.533452][ T3509]  ? print_irqtrace_events+0x210/0x210
[   51.538903][ T3509]  hci_event_packet+0xc41/0x1550
[   51.543857][ T3509]  ? rcu_lock_release+0x20/0x20
[   51.548707][ T3509]  ? hci_send_to_monitor+0x99/0x4d0
[   51.553898][ T3509]  hci_rx_work+0x232/0x990
[   51.558310][ T3509]  process_one_work+0x8a1/0x10c0
[   51.563269][ T3509]  ? worker_detach_from_pool+0x260/0x260
[   51.568895][ T3509]  ? _raw_spin_lock_irqsave+0x120/0x120
[   51.574429][ T3509]  ? kthread_data+0x4e/0xc0
[   51.578924][ T3509]  ? wq_worker_running+0x97/0x170
[   51.583938][ T3509]  worker_thread+0xaca/0x1280
[   51.588605][ T3509]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   51.594520][ T3509]  kthread+0x3f6/0x4f0
[   51.598596][ T3509]  ? rcu_lock_release+0x20/0x20
[   51.603445][ T3509]  ? kthread_blkcg+0xd0/0xd0
[   51.608037][ T3509]  ret_from_fork+0x1f/0x30
[   51.612471][ T3509]  </TASK>
[   51.615488][ T3509] 
[   51.617798][ T3509] Allocated by task 3505:
[   51.622105][ T3509]  ____kasan_kmalloc+0xba/0xf0
[   51.626853][ T3509]  __kmalloc_node_track_caller+0x195/0x390
[   51.632648][ T3509]  __alloc_skb+0x12c/0x590
[   51.637072][ T3509]  vhci_write+0xbc/0x430
[   51.641297][ T3509]  vfs_write+0xacf/0xe50
[   51.645521][ T3509]  ksys_write+0x1a2/0x2c0
[   51.649835][ T3509]  do_syscall_64+0x3d/0xb0
[   51.654241][ T3509]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   51.660126][ T3509] 
[   51.662435][ T3509] The buggy address belongs to the object at ffff888147baf400
[   51.662435][ T3509]  which belongs to the cache kmalloc-512 of size 512
[   51.676467][ T3509] The buggy address is located 4 bytes to the right of
[   51.676467][ T3509]  512-byte region [ffff888147baf400, ffff888147baf600)
[   51.690077][ T3509] The buggy address belongs to the page:
[   51.695691][ T3509] page:ffffea00051eeb00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x147bac
[   51.705913][ T3509] head:ffffea00051eeb00 order:2 compound_mapcount:0 compound_pincount:0
[   51.714235][ T3509] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[   51.722313][ T3509] raw: 057ff00000010200 0000000000000000 0000000600000001 ffff888011c41c80
[   51.730909][ T3509] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   51.739476][ T3509] page dumped because: kasan: bad access detected
[   51.745877][ T3509] page_owner tracks the page as allocated
[   51.751575][ T3509] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 12197824402, free_ts 12120509394
[   51.770402][ T3509]  get_page_from_freelist+0x322a/0x33c0
[   51.775962][ T3509]  __alloc_pages+0x272/0x700
[   51.780554][ T3509]  alloc_page_interleave+0x22/0x1c0
[   51.785754][ T3509]  new_slab+0xbb/0x4b0
[   51.789808][ T3509]  ___slab_alloc+0x6f6/0xe10
[   51.794405][ T3509]  kmem_cache_alloc_trace+0x1a0/0x290
[   51.799852][ T3509]  device_add+0xb5/0xfd0
[   51.804093][ T3509]  device_create_with_groups+0x254/0x2e0
[   51.809715][ T3509]  misc_register+0x250/0x480
[   51.814310][ T3509]  ucma_init+0x13/0xfe
[   51.818371][ T3509]  do_one_initcall+0x22b/0x7a0
[   51.823120][ T3509]  do_initcall_level+0x157/0x207
[   51.828042][ T3509]  do_initcalls+0x49/0x86
[   51.832368][ T3509]  kernel_init_freeable+0x425/0x5b5
[   51.837556][ T3509]  kernel_init+0x19/0x290
[   51.841986][ T3509]  ret_from_fork+0x1f/0x30
[   51.846392][ T3509] page last free stack trace:
[   51.851065][ T3509]  free_unref_page_prepare+0xc34/0xcf0
[   51.856516][ T3509]  free_unref_page+0x95/0x2d0
[   51.861183][ T3509]  stack_depot_save+0x3ef/0x440
[   51.866024][ T3509]  ____kasan_kmalloc+0xd1/0xf0
[   51.870775][ T3509]  kmem_cache_alloc_trace+0x143/0x290
[   51.876132][ T3509]  kobject_uevent_env+0x283/0x8d0
[   51.881147][ T3509]  kset_register+0x171/0x1d0
[   51.885728][ T3509]  __class_register+0x23a/0x3c0
[   51.890569][ T3509]  mISDNInit+0x4d/0x120
[   51.894714][ T3509]  do_one_initcall+0x22b/0x7a0
[   51.899466][ T3509]  do_initcall_level+0x157/0x207
[   51.904395][ T3509]  do_initcalls+0x49/0x86
[   51.908729][ T3509]  kernel_init_freeable+0x425/0x5b5
[   51.914020][ T3509]  kernel_init+0x19/0x290
[   51.918427][ T3509]  ret_from_fork+0x1f/0x30
[   51.922846][ T3509] 
[   51.925176][ T3509] Memory state around the buggy address:
[   51.930791][ T3509]  ffff888147baf500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.938841][ T3509]  ffff888147baf580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.946907][ T3509] >ffff888147baf600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.954966][ T3509]                    ^
[   51.959023][ T3509]  ffff888147baf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.967086][ T3509]  ffff888147baf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.975140][ T3509] ==================================================================
[   51.983196][ T3509] Disabling lock debugging due to kernel taint
[   51.993395][ T3509] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   52.000606][ T3509] CPU: 0 PID: 3509 Comm: kworker/u5:2 Tainted: G    B             5.15.153-syzkaller #0
[   52.010392][ T3509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[   52.020436][ T3509] Workqueue: hci0 hci_rx_work
[   52.025200][ T3509] Call Trace:
[   52.028465][ T3509]  <TASK>
[   52.031406][ T3509]  dump_stack_lvl+0x1e3/0x2cb
[   52.036112][ T3509]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   52.041745][ T3509]  ? panic+0x84d/0x84d
[   52.045827][ T3509]  ? rcu_is_watching+0x11/0xa0
[   52.050582][ T3509]  ? preempt_schedule_common+0xa6/0xd0
[   52.056032][ T3509]  panic+0x318/0x84d
[   52.059939][ T3509]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   52.066085][ T3509]  ? check_panic_on_warn+0x1d/0xa0
[   52.071186][ T3509]  ? fb_is_primary_device+0xcc/0xcc
[   52.076394][ T3509]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   52.082365][ T3509]  ? _raw_spin_unlock+0x40/0x40
[   52.087220][ T3509]  check_panic_on_warn+0x7e/0xa0
[   52.092177][ T3509]  ? hci_le_meta_evt+0x11db/0x3df0
[   52.097277][ T3509]  end_report+0x6d/0xf0
[   52.101419][ T3509]  kasan_report+0x18e/0x1c0
[   52.105922][ T3509]  ? hci_le_meta_evt+0x11db/0x3df0
[   52.111024][ T3509]  hci_le_meta_evt+0x11db/0x3df0
[   52.115954][ T3509]  ? __mutex_lock_common+0x444/0x25a0
[   52.121339][ T3509]  ? hci_remote_host_features_evt+0x280/0x280
[   52.127487][ T3509]  ? __mutex_unlock_slowpath+0x218/0x750
[   52.133116][ T3509]  ? hci_event_packet+0x3b4/0x1550
[   52.138227][ T3509]  ? mutex_unlock+0x10/0x10
[   52.142726][ T3509]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   52.149137][ T3509]  ? print_irqtrace_events+0x210/0x210
[   52.154594][ T3509]  hci_event_packet+0xc41/0x1550
[   52.159522][ T3509]  ? rcu_lock_release+0x20/0x20
[   52.164360][ T3509]  ? hci_send_to_monitor+0x99/0x4d0
[   52.169547][ T3509]  hci_rx_work+0x232/0x990
[   52.173955][ T3509]  process_one_work+0x8a1/0x10c0
[   52.178886][ T3509]  ? worker_detach_from_pool+0x260/0x260
[   52.184525][ T3509]  ? _raw_spin_lock_irqsave+0x120/0x120
[   52.190075][ T3509]  ? kthread_data+0x4e/0xc0
[   52.194563][ T3509]  ? wq_worker_running+0x97/0x170
[   52.199590][ T3509]  worker_thread+0xaca/0x1280
[   52.204258][ T3509]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   52.210154][ T3509]  kthread+0x3f6/0x4f0
[   52.214232][ T3509]  ? rcu_lock_release+0x20/0x20
[   52.219074][ T3509]  ? kthread_blkcg+0xd0/0xd0
[   52.223666][ T3509]  ret_from_fork+0x1f/0x30
[   52.228089][ T3509]  </TASK>
[   52.231406][ T3509] Kernel Offset: disabled
[   52.235726][ T3509] Rebooting in 86400 seconds..