Warning: Permanently added '10.128.1.14' (ECDSA) to the list of known hosts.
executing program
[   40.599049][ T3595] Bluetooth: hci0: Unknown advertising packet type: 0x6678
[   40.599114][ T3595] ==================================================================
[   40.614446][ T3595] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x11d3/0x3b90
[   40.622253][ T3595] Read of size 1 at addr ffff888075593c0a by task kworker/u5:1/3595
[   40.630223][ T3595] 
[   40.632551][ T3595] CPU: 0 PID: 3595 Comm: kworker/u5:1 Not tainted 5.15.104-syzkaller #0
[   40.640862][ T3595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   40.650904][ T3595] Workqueue: hci0 hci_rx_work
[   40.655583][ T3595] Call Trace:
[   40.658852][ T3595]  <TASK>
[   40.661774][ T3595]  dump_stack_lvl+0x1e3/0x2cb
[   40.666447][ T3595]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   40.672070][ T3595]  ? _printk+0xd1/0x111
[   40.676217][ T3595]  ? __wake_up_klogd+0xcc/0x100
[   40.681058][ T3595]  ? panic+0x84d/0x84d
[   40.685112][ T3595]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   40.690567][ T3595]  print_address_description+0x63/0x3b0
[   40.696106][ T3595]  ? hci_le_meta_evt+0x11d3/0x3b90
[   40.701207][ T3595]  kasan_report+0x16b/0x1c0
[   40.705700][ T3595]  ? hci_le_meta_evt+0x11d3/0x3b90
[   40.710820][ T3595]  hci_le_meta_evt+0x11d3/0x3b90
[   40.715753][ T3595]  ? __mutex_lock_common+0x444/0x25a0
[   40.721119][ T3595]  ? hci_remote_host_features_evt+0x260/0x260
[   40.727193][ T3595]  ? __mutex_unlock_slowpath+0x218/0x750
[   40.732815][ T3595]  ? hci_event_packet+0x3b4/0x1480
[   40.737943][ T3595]  ? mutex_unlock+0x10/0x10
[   40.742437][ T3595]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   40.748414][ T3595]  ? print_irqtrace_events+0x210/0x210
[   40.753863][ T3595]  hci_event_packet+0xc28/0x1480
[   40.758802][ T3595]  ? rcu_lock_release+0x20/0x20
[   40.763653][ T3595]  ? hci_send_to_monitor+0x99/0x4d0
[   40.768841][ T3595]  hci_rx_work+0x240/0x7d0
[   40.773248][ T3595]  ? do_raw_spin_unlock+0x137/0x8b0
[   40.778439][ T3595]  process_one_work+0x8a1/0x10c0
[   40.783379][ T3595]  ? worker_detach_from_pool+0x260/0x260
[   40.789007][ T3595]  ? _raw_spin_lock_irqsave+0x120/0x120
[   40.794541][ T3595]  ? kthread_data+0x4e/0xc0
[   40.799033][ T3595]  ? wq_worker_running+0x97/0x170
[   40.804068][ T3595]  worker_thread+0xaca/0x1280
[   40.808752][ T3595]  kthread+0x3f6/0x4f0
[   40.812815][ T3595]  ? rcu_lock_release+0x20/0x20
[   40.817667][ T3595]  ? kthread_blkcg+0xd0/0xd0
[   40.822245][ T3595]  ret_from_fork+0x1f/0x30
[   40.826658][ T3595]  </TASK>
[   40.829663][ T3595] 
[   40.831973][ T3595] Allocated by task 3593:
[   40.836279][ T3595]  ____kasan_kmalloc+0xba/0xf0
[   40.841029][ T3595]  __kmalloc_node_track_caller+0x195/0x390
[   40.846823][ T3595]  __alloc_skb+0x12c/0x590
[   40.851239][ T3595]  vhci_write+0xbc/0x430
[   40.855469][ T3595]  vfs_write+0xacf/0xe50
[   40.859695][ T3595]  ksys_write+0x1a2/0x2c0
[   40.864008][ T3595]  do_syscall_64+0x3d/0xb0
[   40.868426][ T3595]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   40.874306][ T3595] 
[   40.876616][ T3595] The buggy address belongs to the object at ffff888075593800
[   40.876616][ T3595]  which belongs to the cache kmalloc-1k of size 1024
[   40.890651][ T3595] The buggy address is located 10 bytes to the right of
[   40.890651][ T3595]  1024-byte region [ffff888075593800, ffff888075593c00)
[   40.904433][ T3595] The buggy address belongs to the page:
[   40.910048][ T3595] page:ffffea0001d56400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75590
[   40.920203][ T3595] head:ffffea0001d56400 order:3 compound_mapcount:0 compound_pincount:0
[   40.928510][ T3595] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   40.936483][ T3595] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011c41dc0
[   40.945054][ T3595] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   40.953615][ T3595] page dumped because: kasan: bad access detected
[   40.960008][ T3595] page_owner tracks the page as allocated
[   40.965702][ T3595] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3593, ts 40595429987, free_ts 34562852602
[   40.984807][ T3595]  get_page_from_freelist+0x322a/0x33c0
[   40.990346][ T3595]  __alloc_pages+0x272/0x700
[   40.994929][ T3595]  new_slab+0xbb/0x4b0
[   40.998985][ T3595]  ___slab_alloc+0x6f6/0xe10
[   41.003560][ T3595]  kmem_cache_alloc_trace+0x1a0/0x290
[   41.008915][ T3595]  rxrpc_alloc_connection+0x72/0x420
[   41.014187][ T3595]  rxrpc_prealloc_service_connection+0x1f/0x5a0
[   41.020412][ T3595]  rxrpc_service_prealloc_one+0x2c5/0xf50
[   41.026119][ T3595]  rxrpc_kernel_charge_accept+0xce/0x100
[   41.031734][ T3595]  afs_charge_preallocation+0xb6/0x2b0
[   41.037195][ T3595]  afs_open_socket+0x455/0x600
[   41.041943][ T3595]  afs_net_init+0x7b5/0x990
[   41.046430][ T3595]  ops_init+0x356/0x600
[   41.050572][ T3595]  setup_net+0x358/0x9e0
[   41.054804][ T3595]  copy_net_ns+0x395/0x5d0
[   41.059236][ T3595]  create_new_namespaces+0x425/0x7a0
[   41.064509][ T3595] page last free stack trace:
[   41.069163][ T3595]  free_unref_page_prepare+0xc34/0xcf0
[   41.074607][ T3595]  free_unref_page+0x95/0x2d0
[   41.079268][ T3595]  __unfreeze_partials+0x1b7/0x210
[   41.084387][ T3595]  put_cpu_partial+0x132/0x1a0
[   41.089146][ T3595]  ___cache_free+0xe3/0x100
[   41.093638][ T3595]  qlist_free_all+0x36/0x90
[   41.098128][ T3595]  kasan_quarantine_reduce+0x162/0x180
[   41.103571][ T3595]  __kasan_slab_alloc+0x2f/0xc0
[   41.108411][ T3595]  slab_post_alloc_hook+0x53/0x380
[   41.113524][ T3595]  kmem_cache_alloc+0xf3/0x280
[   41.118273][ T3595]  getname_flags+0xb8/0x4e0
[   41.122763][ T3595]  user_path_at_empty+0x2a/0x180
[   41.127686][ T3595]  vfs_statx+0x106/0x3b0
[   41.131917][ T3595]  __x64_sys_newfstatat+0x12c/0x1b0
[   41.137103][ T3595]  do_syscall_64+0x3d/0xb0
[   41.141505][ T3595]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   41.147402][ T3595] 
[   41.149710][ T3595] Memory state around the buggy address:
[   41.155338][ T3595]  ffff888075593b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.163385][ T3595]  ffff888075593b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.171431][ T3595] >ffff888075593c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.179473][ T3595]                       ^
[   41.183784][ T3595]  ffff888075593c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.191829][ T3595]  ffff888075593d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.199873][ T3595] ==================================================================
[   41.207916][ T3595] Disabling lock debugging due to kernel taint
[   41.214242][ T3595] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   41.221432][ T3595] CPU: 0 PID: 3595 Comm: kworker/u5:1 Tainted: G    B             5.15.104-syzkaller #0
[   41.231142][ T3595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   41.241179][ T3595] Workqueue: hci0 hci_rx_work
[   41.245841][ T3595] Call Trace:
[   41.249102][ T3595]  <TASK>
[   41.252015][ T3595]  dump_stack_lvl+0x1e3/0x2cb
[   41.256674][ T3595]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   41.262282][ T3595]  ? panic+0x84d/0x84d
[   41.266422][ T3595]  ? rcu_is_watching+0x11/0xa0
[   41.271161][ T3595]  ? preempt_schedule_common+0xa6/0xd0
[   41.276596][ T3595]  panic+0x318/0x84d
[   41.280809][ T3595]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   41.286964][ T3595]  ? check_panic_on_warn+0x1d/0xa0
[   41.292076][ T3595]  ? fb_is_primary_device+0xcc/0xcc
[   41.297257][ T3595]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   41.303215][ T3595]  ? _raw_spin_unlock+0x40/0x40
[   41.308041][ T3595]  check_panic_on_warn+0x7e/0xa0
[   41.312972][ T3595]  ? hci_le_meta_evt+0x11d3/0x3b90
[   41.318098][ T3595]  end_report+0x6d/0xf0
[   41.322232][ T3595]  kasan_report+0x18e/0x1c0
[   41.326709][ T3595]  ? hci_le_meta_evt+0x11d3/0x3b90
[   41.331798][ T3595]  hci_le_meta_evt+0x11d3/0x3b90
[   41.336730][ T3595]  ? __mutex_lock_common+0x444/0x25a0
[   41.342097][ T3595]  ? hci_remote_host_features_evt+0x260/0x260
[   41.348139][ T3595]  ? __mutex_unlock_slowpath+0x218/0x750
[   41.353749][ T3595]  ? hci_event_packet+0x3b4/0x1480
[   41.358839][ T3595]  ? mutex_unlock+0x10/0x10
[   41.363318][ T3595]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   41.369299][ T3595]  ? print_irqtrace_events+0x210/0x210
[   41.374741][ T3595]  hci_event_packet+0xc28/0x1480
[   41.379664][ T3595]  ? rcu_lock_release+0x20/0x20
[   41.384497][ T3595]  ? hci_send_to_monitor+0x99/0x4d0
[   41.389686][ T3595]  hci_rx_work+0x240/0x7d0
[   41.394082][ T3595]  ? do_raw_spin_unlock+0x137/0x8b0
[   41.399260][ T3595]  process_one_work+0x8a1/0x10c0
[   41.404178][ T3595]  ? worker_detach_from_pool+0x260/0x260
[   41.409789][ T3595]  ? _raw_spin_lock_irqsave+0x120/0x120
[   41.415337][ T3595]  ? kthread_data+0x4e/0xc0
[   41.419819][ T3595]  ? wq_worker_running+0x97/0x170
[   41.424818][ T3595]  worker_thread+0xaca/0x1280
[   41.429481][ T3595]  kthread+0x3f6/0x4f0
[   41.433538][ T3595]  ? rcu_lock_release+0x20/0x20
[   41.438366][ T3595]  ? kthread_blkcg+0xd0/0xd0
[   41.442942][ T3595]  ret_from_fork+0x1f/0x30
[   41.447344][ T3595]  </TASK>
[   41.450744][ T3595] Kernel Offset: disabled
[   41.455087][ T3595] Rebooting in 86400 seconds..