last executing test programs:
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.0.251' (ED25519) to the list of known hosts.
[ 56.210707][ T5078] cgroup: Unknown subsys name 'net'
[ 56.407495][ T5078] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 57.843427][ T5078] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 59.561815][ T5090] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 59.570146][ T5090] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 59.590696][ T5091] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 59.592114][ T5088] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 59.599518][ T5095] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 59.606153][ T5088] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 59.613838][ T5095] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 59.621586][ T5088] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 59.627537][ T5095] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 59.634641][ T5088] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 59.641234][ T5095] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 59.648179][ T5088] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 59.661881][ T5088] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 59.662251][ T5095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 59.676687][ T5094] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 59.685223][ T5094] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 59.688162][ T5088] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 59.693976][ T5094] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 59.711808][ T5092] ==================================================================
[ 59.720700][ T5092] BUG: KASAN: slab-use-after-free in sk_skb_reason_drop+0x44/0x3d0
[ 59.728836][ T5092] Read of size 4 at addr ffff888067384724 by task syz-executor/5092
[ 59.736921][ T5092]
[ 59.739265][ T5092] CPU: 0 PID: 5092 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-01207-ge19f67df9ccb #0
[ 59.749534][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[ 59.759970][ T5092] Call Trace:
[ 59.763264][ T5092]
[ 59.766223][ T5092] dump_stack_lvl+0x241/0x360
[ 59.771021][ T5092] ? __pfx_dump_stack_lvl+0x10/0x10
[ 59.776272][ T5092] ? __pfx__printk+0x10/0x10
[ 59.780893][ T5092] ? _printk+0xd5/0x120
[ 59.785073][ T5092] ? __virt_addr_valid+0x183/0x520
[ 59.790487][ T5092] ? __virt_addr_valid+0x183/0x520
[ 59.795891][ T5092] print_report+0x169/0x550
[ 59.800419][ T5092] ? __virt_addr_valid+0x183/0x520
[ 59.805646][ T5092] ? __virt_addr_valid+0x183/0x520
[ 59.811051][ T5092] ? __virt_addr_valid+0x44e/0x520
[ 59.816203][ T5092] ? __phys_addr+0xba/0x170
[ 59.821203][ T5092] ? sk_skb_reason_drop+0x44/0x3d0
[ 59.826444][ T5092] kasan_report+0x143/0x180
[ 59.830995][ T5092] ? sk_skb_reason_drop+0x44/0x3d0
[ 59.836319][ T5092] kasan_check_range+0x282/0x290
[ 59.841472][ T5092] sk_skb_reason_drop+0x44/0x3d0
[ 59.846588][ T5092] __hci_req_sync+0x631/0x950
[ 59.851298][ T5092] ? __pfx___hci_req_sync+0x10/0x10
[ 59.856714][ T5092] ? __pfx___mutex_lock+0x10/0x10
[ 59.861857][ T5092] ? __pfx_autoremove_wake_function+0x10/0x10
[ 59.868006][ T5092] ? __pfx_hci_scan_req+0x10/0x10
[ 59.873149][ T5092] hci_req_sync+0xa9/0xd0
[ 59.877521][ T5092] hci_dev_cmd+0x4c5/0xa50
[ 59.882079][ T5092] ? security_capable+0x90/0xb0
[ 59.887120][ T5092] ? __pfx_hci_dev_cmd+0x10/0x10
[ 59.892092][ T5092] ? hci_sock_ioctl+0x6c6/0xa40
[ 59.897026][ T5092] sock_do_ioctl+0x158/0x460
[ 59.901651][ T5092] ? __pfx_sock_do_ioctl+0x10/0x10
[ 59.907403][ T5092] sock_ioctl+0x629/0x8e0
[ 59.911823][ T5092] ? __pfx_sock_ioctl+0x10/0x10
[ 59.916696][ T5092] ? __fget_files+0x29/0x470
[ 59.921401][ T5092] ? __fget_files+0x3f6/0x470
[ 59.926129][ T5092] ? __fget_files+0x29/0x470
[ 59.930746][ T5092] ? bpf_lsm_file_ioctl+0x9/0x10
[ 59.936337][ T5092] ? security_file_ioctl+0x87/0xb0
[ 59.942350][ T5092] ? __pfx_sock_ioctl+0x10/0x10
[ 59.947248][ T5092] __se_sys_ioctl+0xfc/0x170
[ 59.951874][ T5092] do_syscall_64+0xf3/0x230
[ 59.956403][ T5092] ? clear_bhb_loop+0x35/0x90
[ 59.961367][ T5092] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.967340][ T5092] RIP: 0033:0x7f21f7b757db
[ 59.971788][ T5092] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 59.991762][ T5092] RSP: 002b:00007ffd9b7b4610 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 60.000206][ T5092] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f21f7b757db
[ 60.008349][ T5092] RDX: 00007ffd9b7b4688 RSI: 00000000400448dd RDI: 0000000000000003
[ 60.016789][ T5092] RBP: 000055557a2654a8 R08: 0000000000000000 R09: 0000000000000000
[ 60.024782][ T5092] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002
[ 60.032857][ T5092] R13: 0000000000000002 R14: 0000000000000009 R15: 0000000000000009
[ 60.040834][ T5092]
[ 60.043873][ T5092]
[ 60.046380][ T5092] Allocated by task 5094:
[ 60.051262][ T5092] kasan_save_track+0x3f/0x80
[ 60.056682][ T5092] __kasan_slab_alloc+0x66/0x80
[ 60.062175][ T5092] kmem_cache_alloc_noprof+0x135/0x2a0
[ 60.068094][ T5092] skb_clone+0x20c/0x390
[ 60.072836][ T5092] hci_cmd_work+0x2a2/0x670
[ 60.078982][ T5092] process_scheduled_works+0xa2c/0x1830
[ 60.085512][ T5092] worker_thread+0x86d/0xd50
[ 60.091012][ T5092] kthread+0x2f0/0x390
[ 60.096316][ T5092] ret_from_fork+0x4b/0x80
[ 60.101371][ T5092] ret_from_fork_asm+0x1a/0x30
[ 60.107889][ T5092]
[ 60.110658][ T5092] Freed by task 5088:
[ 60.114734][ T5092] kasan_save_track+0x3f/0x80
[ 60.119874][ T5092] kasan_save_free_info+0x40/0x50
[ 60.124939][ T5092] poison_slab_object+0xe0/0x150
[ 60.130099][ T5092] __kasan_slab_free+0x37/0x60
[ 60.135060][ T5092] kmem_cache_free+0x145/0x350
[ 60.139942][ T5092] hci_req_sync_complete+0xe8/0x290
[ 60.145225][ T5092] hci_event_packet+0xc75/0x1540
[ 60.150289][ T5092] hci_rx_work+0x3e8/0xca0
[ 60.155402][ T5092] process_scheduled_works+0xa2c/0x1830
[ 60.163514][ T5092] worker_thread+0x86d/0xd50
[ 60.168367][ T5092] kthread+0x2f0/0x390
[ 60.172734][ T5092] ret_from_fork+0x4b/0x80
[ 60.177754][ T5092] ret_from_fork_asm+0x1a/0x30
[ 60.182518][ T5092]
[ 60.184848][ T5092] The buggy address belongs to the object at ffff888067384640
[ 60.184848][ T5092] which belongs to the cache skbuff_head_cache of size 240
[ 60.199949][ T5092] The buggy address is located 228 bytes inside of
[ 60.199949][ T5092] freed 240-byte region [ffff888067384640, ffff888067384730)
[ 60.214298][ T5092]
[ 60.216740][ T5092] The buggy address belongs to the physical page:
[ 60.223224][ T5092] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x67384
[ 60.232086][ T5092] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 60.239279][ T5092] page_type: 0xffffefff(slab)
[ 60.244492][ T5092] raw: 00fff00000000000 ffff888018aea780 dead000000000122 0000000000000000
[ 60.253672][ T5092] raw: 0000000000000000 00000000800c000c 00000001ffffefff 0000000000000000
[ 60.263141][ T5092] page dumped because: kasan: bad access detected
[ 60.269737][ T5092] page_owner tracks the page as allocated
[ 60.275547][ T5092] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4491, tgid 4491 (kworker/u9:1), ts 59709691910, free_ts 16366008544
[ 60.295653][ T5092] post_alloc_hook+0x1f3/0x230
[ 60.300446][ T5092] get_page_from_freelist+0x2e4c/0x2f10
[ 60.306087][ T5092] __alloc_pages_noprof+0x256/0x6c0
[ 60.311365][ T5092] alloc_slab_page+0x5f/0x120
[ 60.316550][ T5092] allocate_slab+0x5a/0x2f0
[ 60.321059][ T5092] ___slab_alloc+0xcd1/0x14b0
[ 60.325814][ T5092] __slab_alloc+0x58/0xa0
[ 60.330148][ T5092] kmem_cache_alloc_node_noprof+0x1fe/0x320
[ 60.336124][ T5092] __alloc_skb+0x1c3/0x440
[ 60.340660][ T5092] __hci_cmd_sync_sk+0x158/0x1130
[ 60.345672][ T5092] hci_read_current_iac_lap_sync+0x29/0x120
[ 60.351552][ T5092] hci_dev_open_sync+0x248f/0x2b60
[ 60.356660][ T5092] hci_power_on+0x1c7/0x6b0
[ 60.361246][ T5092] process_scheduled_works+0xa2c/0x1830
[ 60.366953][ T5092] worker_thread+0x86d/0xd50
[ 60.372255][ T5092] kthread+0x2f0/0x390
[ 60.376527][ T5092] page last free pid 1 tgid 1 stack trace:
[ 60.382494][ T5092] free_unref_page+0xd22/0xea0
[ 60.387256][ T5092] free_contig_range+0x9e/0x160
[ 60.392198][ T5092] destroy_args+0x8a/0x890
[ 60.396616][ T5092] debug_vm_pgtable+0x4be/0x550
[ 60.401455][ T5092] do_one_initcall+0x248/0x880
[ 60.406208][ T5092] do_initcall_level+0x157/0x210
[ 60.411313][ T5092] do_initcalls+0x3f/0x80
[ 60.415749][ T5092] kernel_init_freeable+0x435/0x5d0
[ 60.420959][ T5092] kernel_init+0x1d/0x2b0
[ 60.425481][ T5092] ret_from_fork+0x4b/0x80
[ 60.429999][ T5092] ret_from_fork_asm+0x1a/0x30
[ 60.434771][ T5092]
[ 60.437190][ T5092] Memory state around the buggy address:
[ 60.442909][ T5092] ffff888067384600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 60.451076][ T5092] ffff888067384680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.459315][ T5092] >ffff888067384700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 60.467386][ T5092] ^
[ 60.472523][ T5092] ffff888067384780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.480601][ T5092] ffff888067384800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 60.488685][ T5092] ==================================================================
[ 60.497872][ T5092] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 60.505268][ T5092] CPU: 1 PID: 5092 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-01207-ge19f67df9ccb #0
[ 60.515513][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 60.525746][ T5092] Call Trace:
[ 60.529130][ T5092]
[ 60.532062][ T5092] dump_stack_lvl+0x241/0x360
[ 60.536895][ T5092] ? __pfx_dump_stack_lvl+0x10/0x10
[ 60.542647][ T5092] ? __pfx__printk+0x10/0x10
[ 60.547697][ T5092] ? preempt_schedule+0xe1/0xf0
[ 60.553064][ T5092] ? vscnprintf+0x5d/0x90
[ 60.557477][ T5092] panic+0x349/0x860
[ 60.561366][ T5092] ? check_panic_on_warn+0x21/0xb0
[ 60.566584][ T5092] ? __pfx_panic+0x10/0x10
[ 60.571543][ T5092] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 60.577752][ T5092] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 60.584356][ T5092] ? print_report+0x502/0x550
[ 60.589100][ T5092] check_panic_on_warn+0x86/0xb0
[ 60.594391][ T5092] ? sk_skb_reason_drop+0x44/0x3d0
[ 60.600124][ T5092] end_report+0x77/0x160
[ 60.604481][ T5092] kasan_report+0x154/0x180
[ 60.609421][ T5092] ? sk_skb_reason_drop+0x44/0x3d0
[ 60.614812][ T5092] kasan_check_range+0x282/0x290
[ 60.620095][ T5092] sk_skb_reason_drop+0x44/0x3d0
[ 60.625058][ T5092] __hci_req_sync+0x631/0x950
[ 60.629752][ T5092] ? __pfx___hci_req_sync+0x10/0x10
[ 60.634954][ T5092] ? __pfx___mutex_lock+0x10/0x10
[ 60.640690][ T5092] ? __pfx_autoremove_wake_function+0x10/0x10
[ 60.646768][ T5092] ? __pfx_hci_scan_req+0x10/0x10
[ 60.652347][ T5092] hci_req_sync+0xa9/0xd0
[ 60.656740][ T5092] hci_dev_cmd+0x4c5/0xa50
[ 60.661278][ T5092] ? security_capable+0x90/0xb0
[ 60.666315][ T5092] ? __pfx_hci_dev_cmd+0x10/0x10
[ 60.671445][ T5092] ? hci_sock_ioctl+0x6c6/0xa40
[ 60.676400][ T5092] sock_do_ioctl+0x158/0x460
[ 60.681077][ T5092] ? __pfx_sock_do_ioctl+0x10/0x10
[ 60.686361][ T5092] sock_ioctl+0x629/0x8e0
[ 60.690746][ T5092] ? __pfx_sock_ioctl+0x10/0x10
[ 60.695695][ T5092] ? __fget_files+0x29/0x470
[ 60.700456][ T5092] ? __fget_files+0x3f6/0x470
[ 60.705214][ T5092] ? __fget_files+0x29/0x470
[ 60.709800][ T5092] ? bpf_lsm_file_ioctl+0x9/0x10
[ 60.714873][ T5092] ? security_file_ioctl+0x87/0xb0
[ 60.720027][ T5092] ? __pfx_sock_ioctl+0x10/0x10
[ 60.724880][ T5092] __se_sys_ioctl+0xfc/0x170
[ 60.729690][ T5092] do_syscall_64+0xf3/0x230
[ 60.734246][ T5092] ? clear_bhb_loop+0x35/0x90
[ 60.739114][ T5092] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.745536][ T5092] RIP: 0033:0x7f21f7b757db
[ 60.750642][ T5092] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 60.770515][ T5092] RSP: 002b:00007ffd9b7b4610 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 60.779061][ T5092] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f21f7b757db
[ 60.787481][ T5092] RDX: 00007ffd9b7b4688 RSI: 00000000400448dd RDI: 0000000000000003
[ 60.796147][ T5092] RBP: 000055557a2654a8 R08: 0000000000000000 R09: 0000000000000000
[ 60.804295][ T5092] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002
[ 60.812798][ T5092] R13: 0000000000000002 R14: 0000000000000009 R15: 0000000000000009
[ 60.821682][ T5092]
[ 60.825071][ T5092] Kernel Offset: disabled
[ 60.829681][ T5092] Rebooting in 86400 seconds..