Warning: Permanently added '10.128.1.147' (ED25519) to the list of known hosts.
executing program
[   55.384417][ T3504] Bluetooth: hci0: Unknown advertising packet type: 0x35
[   55.384719][ T3504] ==================================================================
[   55.399890][ T3504] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x1279/0x3cf0
[   55.407710][ T3504] Read of size 1 at addr ffff88807ea40c06 by task kworker/u5:2/3504
[   55.415675][ T3504] 
[   55.417992][ T3504] CPU: 1 PID: 3504 Comm: kworker/u5:2 Not tainted 5.15.143-syzkaller #0
[   55.426309][ T3504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   55.436361][ T3504] Workqueue: hci0 hci_rx_work
[   55.441049][ T3504] Call Trace:
[   55.444323][ T3504]  <TASK>
[   55.447251][ T3504]  dump_stack_lvl+0x1e3/0x2cb
[   55.451933][ T3504]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   55.457562][ T3504]  ? _printk+0xd1/0x111
[   55.461714][ T3504]  ? __wake_up_klogd+0xcc/0x100
[   55.466561][ T3504]  ? panic+0x84d/0x84d
[   55.470626][ T3504]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   55.476091][ T3504]  print_address_description+0x63/0x3b0
[   55.481636][ T3504]  ? hci_le_meta_evt+0x1279/0x3cf0
[   55.486742][ T3504]  kasan_report+0x16b/0x1c0
[   55.491245][ T3504]  ? hci_le_meta_evt+0x1279/0x3cf0
[   55.496482][ T3504]  hci_le_meta_evt+0x1279/0x3cf0
[   55.501431][ T3504]  ? __mutex_lock_common+0x444/0x25a0
[   55.506819][ T3504]  ? hci_remote_host_features_evt+0x280/0x280
[   55.512881][ T3504]  ? __mutex_unlock_slowpath+0x218/0x750
[   55.518505][ T3504]  ? hci_event_packet+0x3b4/0x1550
[   55.523618][ T3504]  ? mutex_unlock+0x10/0x10
[   55.528120][ T3504]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   55.534105][ T3504]  ? print_irqtrace_events+0x210/0x210
[   55.539562][ T3504]  hci_event_packet+0xc41/0x1550
[   55.544508][ T3504]  ? rcu_lock_release+0x20/0x20
[   55.549377][ T3504]  ? hci_send_to_monitor+0x99/0x4d0
[   55.554569][ T3504]  hci_rx_work+0x232/0x990
[   55.558987][ T3504]  process_one_work+0x8a1/0x10c0
[   55.563952][ T3504]  ? worker_detach_from_pool+0x260/0x260
[   55.569592][ T3504]  ? _raw_spin_lock_irqsave+0x120/0x120
[   55.575129][ T3504]  ? kthread_data+0x4e/0xc0
[   55.579623][ T3504]  ? wq_worker_running+0x97/0x170
[   55.584642][ T3504]  worker_thread+0xaca/0x1280
[   55.589328][ T3504]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   55.595243][ T3504]  kthread+0x3f6/0x4f0
[   55.599309][ T3504]  ? rcu_lock_release+0x20/0x20
[   55.604159][ T3504]  ? kthread_blkcg+0xd0/0xd0
[   55.608770][ T3504]  ret_from_fork+0x1f/0x30
[   55.613203][ T3504]  </TASK>
[   55.616214][ T3504] 
[   55.618526][ T3504] Allocated by task 3500:
[   55.622841][ T3504]  ____kasan_kmalloc+0xba/0xf0
[   55.627597][ T3504]  __kmalloc_node_track_caller+0x195/0x390
[   55.633394][ T3504]  __alloc_skb+0x12c/0x590
[   55.637807][ T3504]  vhci_write+0xbc/0x430
[   55.642043][ T3504]  vfs_write+0xacf/0xe50
[   55.646284][ T3504]  ksys_write+0x1a2/0x2c0
[   55.650608][ T3504]  do_syscall_64+0x3d/0xb0
[   55.655023][ T3504]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   55.661123][ T3504] 
[   55.663446][ T3504] The buggy address belongs to the object at ffff88807ea40800
[   55.663446][ T3504]  which belongs to the cache kmalloc-1k of size 1024
[   55.677506][ T3504] The buggy address is located 6 bytes to the right of
[   55.677506][ T3504]  1024-byte region [ffff88807ea40800, ffff88807ea40c00)
[   55.691215][ T3504] The buggy address belongs to the page:
[   55.696838][ T3504] page:ffffea0001fa9000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ea40
[   55.706976][ T3504] head:ffffea0001fa9000 order:3 compound_mapcount:0 compound_pincount:0
[   55.715281][ T3504] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   55.723262][ T3504] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011c41dc0
[   55.731840][ T3504] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   55.740416][ T3504] page dumped because: kasan: bad access detected
[   55.746825][ T3504] page_owner tracks the page as allocated
[   55.752538][ T3504] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3497, ts 55384032611, free_ts 43574584424
[   55.771723][ T3504]  get_page_from_freelist+0x322a/0x33c0
[   55.777273][ T3504]  __alloc_pages+0x272/0x700
[   55.781854][ T3504]  new_slab+0xbb/0x4b0
[   55.785914][ T3504]  ___slab_alloc+0x6f6/0xe10
[   55.790495][ T3504]  __kmalloc_node_track_caller+0x1f6/0x390
[   55.796296][ T3504]  __alloc_skb+0x12c/0x590
[   55.800709][ T3504]  sk_stream_alloc_skb+0x1fc/0xac0
[   55.805813][ T3504]  tcp_sendmsg_locked+0xd34/0x3a90
[   55.810917][ T3504]  tcp_sendmsg+0x2c/0x40
[   55.815155][ T3504]  sock_write_iter+0x39b/0x530
[   55.819906][ T3504]  vfs_write+0xacf/0xe50
[   55.824141][ T3504]  ksys_write+0x1a2/0x2c0
[   55.828463][ T3504]  do_syscall_64+0x3d/0xb0
[   55.832876][ T3504]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   55.838766][ T3504] page last free stack trace:
[   55.843421][ T3504]  free_unref_page_prepare+0xc34/0xcf0
[   55.848871][ T3504]  free_unref_page+0x95/0x2d0
[   55.853541][ T3504]  skb_release_data+0x411/0x8a0
[   55.858384][ T3504]  __kfree_skb+0x4c/0x60
[   55.862627][ T3504]  tcp_recvmsg_locked+0x1629/0x29b0
[   55.867816][ T3504]  tcp_recvmsg+0x24e/0x7f0
[   55.872226][ T3504]  inet_recvmsg+0x157/0x280
[   55.876725][ T3504]  sock_read_iter+0x353/0x480
[   55.881390][ T3504]  vfs_read+0xa9f/0xe10
[   55.885540][ T3504]  ksys_read+0x1a2/0x2c0
[   55.889769][ T3504]  do_syscall_64+0x3d/0xb0
[   55.894176][ T3504]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   55.900150][ T3504] 
[   55.902461][ T3504] Memory state around the buggy address:
[   55.908078][ T3504]  ffff88807ea40b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.916130][ T3504]  ffff88807ea40b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.924178][ T3504] >ffff88807ea40c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.932223][ T3504]                    ^
[   55.936287][ T3504]  ffff88807ea40c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.944338][ T3504]  ffff88807ea40d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.952390][ T3504] ==================================================================
[   55.960435][ T3504] Disabling lock debugging due to kernel taint
[   55.970851][ T3504] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   55.978069][ T3504] CPU: 0 PID: 3504 Comm: kworker/u5:2 Tainted: G    B             5.15.143-syzkaller #0
[   55.987774][ T3504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   55.997810][ T3504] Workqueue: hci0 hci_rx_work
[   56.002478][ T3504] Call Trace:
[   56.005750][ T3504]  <TASK>
[   56.008666][ T3504]  dump_stack_lvl+0x1e3/0x2cb
[   56.013352][ T3504]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   56.019002][ T3504]  ? panic+0x84d/0x84d
[   56.023076][ T3504]  ? rcu_is_watching+0x11/0xa0
[   56.027828][ T3504]  ? preempt_schedule_common+0xa6/0xd0
[   56.033277][ T3504]  panic+0x318/0x84d
[   56.037155][ T3504]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   56.043292][ T3504]  ? check_panic_on_warn+0x1d/0xa0
[   56.048387][ T3504]  ? fb_is_primary_device+0xcc/0xcc
[   56.053584][ T3504]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   56.059547][ T3504]  ? _raw_spin_unlock+0x40/0x40
[   56.064378][ T3504]  check_panic_on_warn+0x7e/0xa0
[   56.069298][ T3504]  ? hci_le_meta_evt+0x1279/0x3cf0
[   56.074392][ T3504]  end_report+0x6d/0xf0
[   56.078537][ T3504]  kasan_report+0x18e/0x1c0
[   56.083030][ T3504]  ? hci_le_meta_evt+0x1279/0x3cf0
[   56.088126][ T3504]  hci_le_meta_evt+0x1279/0x3cf0
[   56.093051][ T3504]  ? __mutex_lock_common+0x444/0x25a0
[   56.098413][ T3504]  ? hci_remote_host_features_evt+0x280/0x280
[   56.104465][ T3504]  ? __mutex_unlock_slowpath+0x218/0x750
[   56.110104][ T3504]  ? hci_event_packet+0x3b4/0x1550
[   56.115200][ T3504]  ? mutex_unlock+0x10/0x10
[   56.119686][ T3504]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   56.125654][ T3504]  ? print_irqtrace_events+0x210/0x210
[   56.131101][ T3504]  hci_event_packet+0xc41/0x1550
[   56.136034][ T3504]  ? rcu_lock_release+0x20/0x20
[   56.140873][ T3504]  ? hci_send_to_monitor+0x99/0x4d0
[   56.146073][ T3504]  hci_rx_work+0x232/0x990
[   56.150480][ T3504]  process_one_work+0x8a1/0x10c0
[   56.155407][ T3504]  ? worker_detach_from_pool+0x260/0x260
[   56.161043][ T3504]  ? _raw_spin_lock_irqsave+0x120/0x120
[   56.166577][ T3504]  ? kthread_data+0x4e/0xc0
[   56.171071][ T3504]  ? wq_worker_running+0x97/0x170
[   56.176081][ T3504]  worker_thread+0xaca/0x1280
[   56.180749][ T3504]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   56.186635][ T3504]  kthread+0x3f6/0x4f0
[   56.190691][ T3504]  ? rcu_lock_release+0x20/0x20
[   56.195700][ T3504]  ? kthread_blkcg+0xd0/0xd0
[   56.200274][ T3504]  ret_from_fork+0x1f/0x30
[   56.204684][ T3504]  </TASK>
[   56.207985][ T3504] Kernel Offset: disabled
[   56.212306][ T3504] Rebooting in 86400 seconds..