Warning: Permanently added '10.128.1.63' (ED25519) to the list of known hosts.
executing program
[ 51.963425][ T4171] Bluetooth: hci0: Unknown advertising packet type: 0x70
[ 51.963533][ T4171] ==================================================================
[ 51.978923][ T4171] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x12db/0x3b80
[ 51.986746][ T4171] Read of size 1 at addr ffff888020ef3604 by task kworker/u5:2/4171
[ 51.994818][ T4171]
[ 51.997141][ T4171] CPU: 0 PID: 4171 Comm: kworker/u5:2 Not tainted 5.15.185-syzkaller #0
[ 52.005445][ T4171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 52.015486][ T4171] Workqueue: hci0 hci_rx_work
[ 52.020173][ T4171] Call Trace:
[ 52.023454][ T4171]
[ 52.026372][ T4171] dump_stack_lvl+0x168/0x230
[ 52.031146][ T4171] ? show_regs_print_info+0x20/0x20
[ 52.036902][ T4171] ? load_image+0x3b0/0x3b0
[ 52.041497][ T4171] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 52.046877][ T4171] print_address_description+0x60/0x2d0
[ 52.052701][ T4171] ? hci_le_meta_evt+0x12db/0x3b80
[ 52.058366][ T4171] kasan_report+0xdf/0x130
[ 52.062776][ T4171] ? hci_le_meta_evt+0x12db/0x3b80
[ 52.067871][ T4171] hci_le_meta_evt+0x12db/0x3b80
[ 52.072925][ T4171] ? hci_event_packet+0x2e0/0x12f0
[ 52.078123][ T4171] ? hci_remote_host_features_evt+0x280/0x280
[ 52.084355][ T4171] ? __mutex_unlock_slowpath+0x19e/0x6a0
[ 52.090155][ T4171] ? mark_lock+0x94/0x320
[ 52.094561][ T4171] ? mutex_unlock+0x10/0x10
[ 52.099135][ T4171] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 52.105097][ T4171] ? lock_chain_count+0x20/0x20
[ 52.110020][ T4171] ? __rwlock_init+0x140/0x140
[ 52.114760][ T4171] hci_event_packet+0xe05/0x12f0
[ 52.119690][ T4171] ? lockdep_hardirqs_on+0x94/0x140
[ 52.124972][ T4171] ? rcu_lock_release+0x20/0x20
[ 52.129819][ T4171] ? hci_send_to_monitor+0x9c/0x4a0
[ 52.135005][ T4171] hci_rx_work+0x255/0xa10
[ 52.139495][ T4171] process_one_work+0x863/0x1000
[ 52.144427][ T4171] ? worker_detach_from_pool+0x240/0x240
[ 52.150148][ T4171] ? lockdep_hardirqs_off+0x70/0x100
[ 52.155432][ T4171] ? _raw_spin_lock_irq+0xab/0xe0
[ 52.161184][ T4171] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 52.166629][ T4171] ? wq_worker_running+0x97/0x170
[ 52.171748][ T4171] worker_thread+0xaa8/0x12a0
[ 52.176712][ T4171] ? _raw_spin_unlock_irqrestore+0x82/0x100
[ 52.182958][ T4171] ? lockdep_hardirqs_on+0x94/0x140
[ 52.188147][ T4171] ? lockdep_hardirqs_on+0x94/0x140
[ 52.193406][ T4171] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 52.199295][ T4171] kthread+0x436/0x520
[ 52.203366][ T4171] ? rcu_lock_release+0x20/0x20
[ 52.208197][ T4171] ? kthread_blkcg+0xd0/0xd0
[ 52.212768][ T4171] ret_from_fork+0x1f/0x30
[ 52.217505][ T4171]
[ 52.220601][ T4171]
[ 52.222904][ T4171] Allocated by task 4166:
[ 52.227207][ T4171] __kasan_kmalloc+0xb5/0xf0
[ 52.231809][ T4171] __alloc_skb+0x22c/0x750
[ 52.236201][ T4171] vhci_write+0xbc/0x450
[ 52.240431][ T4171] vfs_write+0x712/0xd00
[ 52.244655][ T4171] ksys_write+0x14d/0x250
[ 52.248971][ T4171] do_syscall_64+0x4c/0xa0
[ 52.253366][ T4171] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.259237][ T4171]
[ 52.261556][ T4171] The buggy address belongs to the object at ffff888020ef3400
[ 52.261556][ T4171] which belongs to the cache kmalloc-512 of size 512
[ 52.275981][ T4171] The buggy address is located 4 bytes to the right of
[ 52.275981][ T4171] 512-byte region [ffff888020ef3400, ffff888020ef3600)
[ 52.290499][ T4171] The buggy address belongs to the page:
[ 52.296131][ T4171] page:ffffea000083bc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20ef0
[ 52.306441][ T4171] head:ffffea000083bc00 order:2 compound_mapcount:0 compound_pincount:0
[ 52.314747][ T4171] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 52.323162][ T4171] raw: 00fff00000010200 0000000000000000 0000000100000001 ffff888016841c80
[ 52.332012][ T4171] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 52.340680][ T4171] page dumped because: kasan: bad access detected
[ 52.347395][ T4171] page_owner tracks the page as allocated
[ 52.353246][ T4171] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1094, ts 6593717114, free_ts 0
[ 52.371384][ T4171] get_page_from_freelist+0x1b77/0x1c60
[ 52.377125][ T4171] __alloc_pages+0x1e1/0x470
[ 52.381789][ T4171] new_slab+0xc0/0x4b0
[ 52.385839][ T4171] ___slab_alloc+0x81e/0xdf0
[ 52.390420][ T4171] kmem_cache_alloc_trace+0x1a5/0x2a0
[ 52.395968][ T4171] alloc_bprm+0x56/0x6a0
[ 52.400551][ T4171] kernel_execve+0x49/0x900
[ 52.405168][ T4171] call_usermodehelper_exec_async+0x207/0x350
[ 52.411322][ T4171] ret_from_fork+0x1f/0x30
[ 52.415847][ T4171] page_owner free stack trace missing
[ 52.421195][ T4171]
[ 52.423501][ T4171] Memory state around the buggy address:
[ 52.429117][ T4171] ffff888020ef3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.437155][ T4171] ffff888020ef3580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.445196][ T4171] >ffff888020ef3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.453348][ T4171] ^
[ 52.457506][ T4171] ffff888020ef3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.465563][ T4171] ffff888020ef3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.473902][ T4171] ==================================================================
[ 52.482042][ T4171] Disabling lock debugging due to kernel taint
[ 52.489278][ T4171] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 52.496771][ T4171] CPU: 0 PID: 4171 Comm: kworker/u5:2 Tainted: G B 5.15.185-syzkaller #0
[ 52.506904][ T4171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 52.517549][ T4171] Workqueue: hci0 hci_rx_work
[ 52.522325][ T4171] Call Trace:
[ 52.525589][ T4171]
[ 52.528509][ T4171] dump_stack_lvl+0x168/0x230
[ 52.533177][ T4171] ? show_regs_print_info+0x20/0x20
[ 52.538382][ T4171] ? load_image+0x3b0/0x3b0
[ 52.542964][ T4171] panic+0x2c9/0x7f0
[ 52.546849][ T4171] ? bpf_jit_dump+0xd0/0xd0
[ 52.551335][ T4171] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 52.557220][ T4171] ? _raw_spin_unlock+0x40/0x40
[ 52.562154][ T4171] ? hci_le_meta_evt+0x12db/0x3b80
[ 52.567242][ T4171] check_panic_on_warn+0x80/0xa0
[ 52.572163][ T4171] ? hci_le_meta_evt+0x12db/0x3b80
[ 52.577250][ T4171] end_report+0x6d/0xf0
[ 52.581382][ T4171] kasan_report+0x102/0x130
[ 52.585863][ T4171] ? hci_le_meta_evt+0x12db/0x3b80
[ 52.591036][ T4171] hci_le_meta_evt+0x12db/0x3b80
[ 52.595953][ T4171] ? hci_event_packet+0x2e0/0x12f0
[ 52.601037][ T4171] ? hci_remote_host_features_evt+0x280/0x280
[ 52.607087][ T4171] ? __mutex_unlock_slowpath+0x19e/0x6a0
[ 52.612809][ T4171] ? mark_lock+0x94/0x320
[ 52.617135][ T4171] ? mutex_unlock+0x10/0x10
[ 52.621617][ T4171] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 52.627587][ T4171] ? lock_chain_count+0x20/0x20
[ 52.632643][ T4171] ? __rwlock_init+0x140/0x140
[ 52.637397][ T4171] hci_event_packet+0xe05/0x12f0
[ 52.642314][ T4171] ? lockdep_hardirqs_on+0x94/0x140
[ 52.647509][ T4171] ? rcu_lock_release+0x20/0x20
[ 52.652350][ T4171] ? hci_send_to_monitor+0x9c/0x4a0
[ 52.657578][ T4171] hci_rx_work+0x255/0xa10
[ 52.662090][ T4171] process_one_work+0x863/0x1000
[ 52.667013][ T4171] ? worker_detach_from_pool+0x240/0x240
[ 52.672648][ T4171] ? lockdep_hardirqs_off+0x70/0x100
[ 52.678116][ T4171] ? _raw_spin_lock_irq+0xab/0xe0
[ 52.683156][ T4171] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 52.688697][ T4171] ? wq_worker_running+0x97/0x170
[ 52.693708][ T4171] worker_thread+0xaa8/0x12a0
[ 52.698361][ T4171] ? _raw_spin_unlock_irqrestore+0x82/0x100
[ 52.704243][ T4171] ? lockdep_hardirqs_on+0x94/0x140
[ 52.709482][ T4171] ? lockdep_hardirqs_on+0x94/0x140
[ 52.714757][ T4171] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 52.720816][ T4171] kthread+0x436/0x520
[ 52.724862][ T4171] ? rcu_lock_release+0x20/0x20
[ 52.729682][ T4171] ? kthread_blkcg+0xd0/0xd0
[ 52.734244][ T4171] ret_from_fork+0x1f/0x30
[ 52.738644][ T4171]
[ 52.742035][ T4171] Kernel Offset: disabled
[ 52.746442][ T4171] Rebooting in 86400 seconds..