Warning: Permanently added '10.128.0.110' (ECDSA) to the list of known hosts.
executing program
[   52.592969][ T3589] Bluetooth: hci0: Unknown advertising packet type: 0x6678
[   52.593105][ T3589] ==================================================================
[   52.608490][ T3589] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x11d3/0x3b90
[   52.616318][ T3589] Read of size 1 at addr ffff88801dd7940a by task kworker/u5:2/3589
[   52.624280][ T3589] 
[   52.626591][ T3589] CPU: 0 PID: 3589 Comm: kworker/u5:2 Not tainted 5.15.101-syzkaller #0
[   52.634905][ T3589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   52.644968][ T3589] Workqueue: hci0 hci_rx_work
[   52.649643][ T3589] Call Trace:
[   52.652915][ T3589]  <TASK>
[   52.655846][ T3589]  dump_stack_lvl+0x1e3/0x2cb
[   52.660525][ T3589]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   52.666158][ T3589]  ? _printk+0xd1/0x111
[   52.670310][ T3589]  ? __wake_up_klogd+0xcc/0x100
[   52.675159][ T3589]  ? panic+0x84d/0x84d
[   52.679214][ T3589]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   52.684673][ T3589]  print_address_description+0x63/0x3b0
[   52.690211][ T3589]  ? hci_le_meta_evt+0x11d3/0x3b90
[   52.695332][ T3589]  kasan_report+0x16b/0x1c0
[   52.699828][ T3589]  ? hci_le_meta_evt+0x11d3/0x3b90
[   52.704930][ T3589]  hci_le_meta_evt+0x11d3/0x3b90
[   52.709863][ T3589]  ? __mutex_lock_common+0x444/0x25a0
[   52.715241][ T3589]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   52.721219][ T3589]  ? hci_remote_host_features_evt+0x260/0x260
[   52.727284][ T3589]  ? __mutex_unlock_slowpath+0x218/0x750
[   52.732907][ T3589]  ? hci_event_packet+0x3b4/0x1480
[   52.738015][ T3589]  ? mutex_unlock+0x10/0x10
[   52.742511][ T3589]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   52.748485][ T3589]  ? print_irqtrace_events+0x210/0x210
[   52.753942][ T3589]  hci_event_packet+0xc28/0x1480
[   52.758890][ T3589]  ? rcu_lock_release+0x20/0x20
[   52.763751][ T3589]  ? hci_send_to_monitor+0x99/0x4d0
[   52.768939][ T3589]  hci_rx_work+0x240/0x7d0
[   52.773353][ T3589]  ? do_raw_spin_unlock+0x137/0x8b0
[   52.778549][ T3589]  process_one_work+0x90d/0x1270
[   52.783486][ T3589]  ? worker_detach_from_pool+0x260/0x260
[   52.789123][ T3589]  ? _raw_spin_lock_irqsave+0x120/0x120
[   52.794665][ T3589]  ? kthread_data+0x4e/0xc0
[   52.799165][ T3589]  ? wq_worker_running+0x97/0x170
[   52.804182][ T3589]  worker_thread+0xaca/0x1280
[   52.808851][ T3589]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   52.814772][ T3589]  kthread+0x3f6/0x4f0
[   52.818830][ T3589]  ? rcu_lock_release+0x20/0x20
[   52.823671][ T3589]  ? kthread_blkcg+0xd0/0xd0
[   52.828269][ T3589]  ret_from_fork+0x1f/0x30
[   52.832700][ T3589]  </TASK>
[   52.835706][ T3589] 
[   52.838019][ T3589] Allocated by task 3585:
[   52.842326][ T3589]  ____kasan_kmalloc+0xba/0xf0
[   52.847080][ T3589]  __kmalloc_node_track_caller+0x188/0x310
[   52.852873][ T3589]  __alloc_skb+0x12c/0x590
[   52.857275][ T3589]  vhci_write+0xbc/0x430
[   52.861506][ T3589]  vfs_write+0xacf/0xe50
[   52.865739][ T3589]  ksys_write+0x1a2/0x2c0
[   52.870057][ T3589]  do_syscall_64+0x3d/0xb0
[   52.874473][ T3589]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.880361][ T3589] 
[   52.882671][ T3589] The buggy address belongs to the object at ffff88801dd79000
[   52.882671][ T3589]  which belongs to the cache kmalloc-1k of size 1024
[   52.896705][ T3589] The buggy address is located 10 bytes to the right of
[   52.896705][ T3589]  1024-byte region [ffff88801dd79000, ffff88801dd79400)
[   52.910569][ T3589] The buggy address belongs to the page:
[   52.916192][ T3589] page:ffffea0000775e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1dd78
[   52.926331][ T3589] head:ffffea0000775e00 order:3 compound_mapcount:0 compound_pincount:0
[   52.934652][ T3589] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   52.942622][ T3589] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011c41dc0
[   52.951196][ T3589] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   52.959763][ T3589] page dumped because: kasan: bad access detected
[   52.966167][ T3589] page_owner tracks the page as allocated
[   52.971865][ T3589] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3585, ts 52588876180, free_ts 46884641521
[   52.990963][ T3589]  get_page_from_freelist+0x32dd/0x3470
[   52.996512][ T3589]  __alloc_pages+0x272/0x790
[   53.001096][ T3589]  new_slab+0xbb/0x4b0
[   53.005152][ T3589]  ___slab_alloc+0x6f6/0xe10
[   53.009727][ T3589]  kmem_cache_alloc_trace+0x185/0x220
[   53.015085][ T3589]  afs_alloc_call+0x78/0x310
[   53.019661][ T3589]  afs_charge_preallocation+0xe0/0x2b0
[   53.025114][ T3589]  afs_open_socket+0x455/0x600
[   53.029862][ T3589]  afs_net_init+0x7b5/0x990
[   53.034354][ T3589]  ops_init+0x356/0x600
[   53.038501][ T3589]  setup_net+0x358/0x9e0
[   53.042772][ T3589]  copy_net_ns+0x395/0x5d0
[   53.047173][ T3589]  create_new_namespaces+0x425/0x7a0
[   53.052455][ T3589]  unshare_nsproxy_namespaces+0x11e/0x170
[   53.058185][ T3589]  ksys_unshare+0x580/0xb20
[   53.062670][ T3589]  __x64_sys_unshare+0x34/0x40
[   53.067419][ T3589] page last free stack trace:
[   53.072070][ T3589]  free_unref_page_prepare+0xcb7/0xd70
[   53.077514][ T3589]  free_unref_page+0x95/0x2d0
[   53.082178][ T3589]  __unfreeze_partials+0x1b7/0x210
[   53.087279][ T3589]  put_cpu_partial+0x132/0x1a0
[   53.092030][ T3589]  ___cache_free+0xe3/0x100
[   53.096518][ T3589]  qlist_free_all+0x36/0x90
[   53.101008][ T3589]  kasan_quarantine_reduce+0x162/0x180
[   53.106461][ T3589]  __kasan_slab_alloc+0x2f/0xc0
[   53.111317][ T3589]  slab_post_alloc_hook+0x53/0x380
[   53.116433][ T3589]  kmem_cache_alloc+0xf3/0x2e0
[   53.121181][ T3589]  alloc_buffer_head+0x20/0xf0
[   53.125932][ T3589]  alloc_page_buffers+0x3a3/0x660
[   53.130943][ T3589]  create_empty_buffers+0x3a/0x6d0
[   53.136042][ T3589]  ext4_block_write_begin+0x341/0x13a0
[   53.141495][ T3589]  ext4_da_write_begin+0x64a/0xc50
[   53.146596][ T3589]  generic_perform_write+0x2bf/0x5b0
[   53.151874][ T3589] 
[   53.154185][ T3589] Memory state around the buggy address:
[   53.159801][ T3589]  ffff88801dd79300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.167955][ T3589]  ffff88801dd79380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.176000][ T3589] >ffff88801dd79400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.184044][ T3589]                       ^
[   53.188357][ T3589]  ffff88801dd79480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.196496][ T3589]  ffff88801dd79500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.204541][ T3589] ==================================================================
[   53.212592][ T3589] Disabling lock debugging due to kernel taint
[   53.219024][ T3589] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   53.226232][ T3589] CPU: 0 PID: 3589 Comm: kworker/u5:2 Tainted: G    B             5.15.101-syzkaller #0
[   53.235956][ T3589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   53.245999][ T3589] Workqueue: hci0 hci_rx_work
[   53.250673][ T3589] Call Trace:
[   53.253936][ T3589]  <TASK>
[   53.256848][ T3589]  dump_stack_lvl+0x1e3/0x2cb
[   53.261512][ T3589]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   53.267132][ T3589]  ? panic+0x84d/0x84d
[   53.271193][ T3589]  ? preempt_schedule_common+0xa6/0xd0
[   53.276641][ T3589]  panic+0x318/0x84d
[   53.280523][ T3589]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   53.286662][ T3589]  ? check_panic_on_warn+0x1d/0xa0
[   53.291760][ T3589]  ? fb_is_primary_device+0xcc/0xcc
[   53.296948][ T3589]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   53.302913][ T3589]  ? _raw_spin_unlock+0x40/0x40
[   53.307750][ T3589]  check_panic_on_warn+0x7e/0xa0
[   53.312675][ T3589]  ? hci_le_meta_evt+0x11d3/0x3b90
[   53.317771][ T3589]  end_report+0xc2/0x150
[   53.322006][ T3589]  kasan_report+0x18e/0x1c0
[   53.326511][ T3589]  ? hci_le_meta_evt+0x11d3/0x3b90
[   53.331618][ T3589]  hci_le_meta_evt+0x11d3/0x3b90
[   53.336558][ T3589]  ? __mutex_lock_common+0x444/0x25a0
[   53.341924][ T3589]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   53.347902][ T3589]  ? hci_remote_host_features_evt+0x260/0x260
[   53.353950][ T3589]  ? __mutex_unlock_slowpath+0x218/0x750
[   53.359576][ T3589]  ? hci_event_packet+0x3b4/0x1480
[   53.364674][ T3589]  ? mutex_unlock+0x10/0x10
[   53.369164][ T3589]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   53.375135][ T3589]  ? print_irqtrace_events+0x210/0x210
[   53.380585][ T3589]  hci_event_packet+0xc28/0x1480
[   53.385516][ T3589]  ? rcu_lock_release+0x20/0x20
[   53.390356][ T3589]  ? hci_send_to_monitor+0x99/0x4d0
[   53.395545][ T3589]  hci_rx_work+0x240/0x7d0
[   53.399955][ T3589]  ? do_raw_spin_unlock+0x137/0x8b0
[   53.405144][ T3589]  process_one_work+0x90d/0x1270
[   53.410074][ T3589]  ? worker_detach_from_pool+0x260/0x260
[   53.415693][ T3589]  ? _raw_spin_lock_irqsave+0x120/0x120
[   53.421237][ T3589]  ? kthread_data+0x4e/0xc0
[   53.425732][ T3589]  ? wq_worker_running+0x97/0x170
[   53.430745][ T3589]  worker_thread+0xaca/0x1280
[   53.435409][ T3589]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   53.441294][ T3589]  kthread+0x3f6/0x4f0
[   53.445346][ T3589]  ? rcu_lock_release+0x20/0x20
[   53.450201][ T3589]  ? kthread_blkcg+0xd0/0xd0
[   53.454794][ T3589]  ret_from_fork+0x1f/0x30
[   53.459199][ T3589]  </TASK>
[   53.462497][ T3589] Kernel Offset: disabled
[   53.466809][ T3589] Rebooting in 86400 seconds..