last executing test programs:
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.1.172' (ED25519) to the list of known hosts.
[ 66.426211][ T5079] cgroup: Unknown subsys name 'net'
[ 66.567277][ T5079] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 68.364999][ T5079] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 70.730138][ T5100] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 70.740946][ T5104] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 70.749286][ T5104] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 70.753937][ T5100] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 70.757719][ T5104] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 70.764118][ T5100] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 70.772042][ T5104] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 70.777793][ T5100] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 70.787243][ T5104] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 70.793491][ T5100] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 70.801281][ T5104] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 70.807640][ T5100] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 70.814164][ T5104] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 70.827187][ T5104] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 70.827644][ T5100] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 70.835526][ T5104] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 70.841580][ T5100] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 70.856759][ T5100] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 70.865364][ T5100] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 70.869841][ T5104] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 70.874076][ T5100] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 70.880709][ T5104] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 70.887277][ T5100] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 70.895091][ T5104] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 70.910050][ T5104] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 70.918674][ T5100] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 70.918695][ T5104] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 70.933839][ T5098] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 70.934463][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 70.943595][ T5104] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 70.955621][ T5103] ==================================================================
[ 70.963718][ T5103] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[ 70.971491][ T5103] Read of size 4 at addr ffff88802297b364 by task syz-executor/5103
[ 70.979485][ T5103]
[ 70.981836][ T5103] CPU: 1 PID: 5103 Comm: syz-executor Not tainted 6.10.0-rc2-syzkaller-00834-g90dc946059b7 #0
[ 70.992113][ T5103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 71.002197][ T5103] Call Trace:
[ 71.005504][ T5103]
[ 71.008456][ T5103] dump_stack_lvl+0x241/0x360
[ 71.013171][ T5103] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.018408][ T5103] ? __pfx__printk+0x10/0x10
[ 71.023028][ T5103] ? _printk+0xd5/0x120
[ 71.027213][ T5103] ? __virt_addr_valid+0x183/0x520
[ 71.032358][ T5103] ? __virt_addr_valid+0x183/0x520
[ 71.037503][ T5103] print_report+0x169/0x550
[ 71.042037][ T5103] ? __virt_addr_valid+0x183/0x520
[ 71.047186][ T5103] ? __virt_addr_valid+0x183/0x520
[ 71.052328][ T5103] ? __virt_addr_valid+0x44e/0x520
[ 71.057474][ T5103] ? __phys_addr+0xba/0x170
[ 71.062010][ T5103] ? kfree_skb_reason+0x41/0x3b0
[ 71.067011][ T5103] kasan_report+0x143/0x180
[ 71.071556][ T5103] ? kfree_skb_reason+0x41/0x3b0
[ 71.076537][ T5103] kasan_check_range+0x282/0x290
[ 71.081513][ T5103] kfree_skb_reason+0x41/0x3b0
[ 71.086485][ T5103] __hci_req_sync+0x62f/0x950
[ 71.091194][ T5103] ? __pfx___hci_req_sync+0x10/0x10
[ 71.096427][ T5103] ? __pfx___mutex_lock+0x10/0x10
[ 71.101493][ T5103] ? __pfx_autoremove_wake_function+0x10/0x10
[ 71.107595][ T5103] ? __pfx_hci_scan_req+0x10/0x10
[ 71.112654][ T5103] hci_req_sync+0xa9/0xd0
[ 71.117042][ T5103] hci_dev_cmd+0x4c5/0xa50
[ 71.121522][ T5103] ? security_capable+0x90/0xb0
[ 71.126399][ T5103] ? __pfx_hci_dev_cmd+0x10/0x10
[ 71.131373][ T5103] ? hci_sock_ioctl+0x6c4/0xa40
[ 71.136255][ T5103] sock_do_ioctl+0x158/0x460
[ 71.140874][ T5103] ? __pfx_sock_do_ioctl+0x10/0x10
[ 71.146116][ T5103] sock_ioctl+0x629/0x8e0
[ 71.150489][ T5103] ? __pfx_sock_ioctl+0x10/0x10
[ 71.155375][ T5103] ? __fget_files+0x29/0x470
[ 71.160002][ T5103] ? __fget_files+0x3f6/0x470
[ 71.164712][ T5103] ? __fget_files+0x29/0x470
[ 71.169343][ T5103] ? bpf_lsm_file_ioctl+0x9/0x10
[ 71.174313][ T5103] ? security_file_ioctl+0x87/0xb0
[ 71.179463][ T5103] ? __pfx_sock_ioctl+0x10/0x10
[ 71.184346][ T5103] __se_sys_ioctl+0xfc/0x170
[ 71.188965][ T5103] do_syscall_64+0xf3/0x230
[ 71.193494][ T5103] ? clear_bhb_loop+0x35/0x90
[ 71.198202][ T5103] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.204143][ T5103] RIP: 0033:0x7fc1923757db
[ 71.208581][ T5103] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 71.228210][ T5103] RSP: 002b:00007ffeee021a40 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 71.236653][ T5103] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc1923757db
[ 71.244656][ T5103] RDX: 00007ffeee021ab8 RSI: 00000000400448dd RDI: 0000000000000003
[ 71.252652][ T5103] RBP: 0000555587b7d4a8 R08: 0000000000000000 R09: 0000000000000000
[ 71.260644][ T5103] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000004
[ 71.268635][ T5103] R13: 0000000000000004 R14: 0000000000000009 R15: 0000000000000009
[ 71.276640][ T5103]
[ 71.279676][ T5103]
[ 71.282009][ T5103] Allocated by task 53:
[ 71.286187][ T5103] kasan_save_track+0x3f/0x80
[ 71.290892][ T5103] __kasan_slab_alloc+0x66/0x80
[ 71.295774][ T5103] kmem_cache_alloc_noprof+0x135/0x2a0
[ 71.301271][ T5103] skb_clone+0x20c/0x390
[ 71.305544][ T5103] hci_cmd_work+0x29e/0x670
[ 71.310078][ T5103] process_scheduled_works+0xa2c/0x1830
[ 71.315646][ T5103] worker_thread+0x86d/0xd70
[ 71.320259][ T5103] kthread+0x2f0/0x390
[ 71.324351][ T5103] ret_from_fork+0x4b/0x80
[ 71.328794][ T5103] ret_from_fork_asm+0x1a/0x30
[ 71.333589][ T5103]
[ 71.335941][ T5103] Freed by task 5104:
[ 71.339930][ T5103] kasan_save_track+0x3f/0x80
[ 71.344645][ T5103] kasan_save_free_info+0x40/0x50
[ 71.349688][ T5103] poison_slab_object+0xe0/0x150
[ 71.354660][ T5103] __kasan_slab_free+0x37/0x60
[ 71.359458][ T5103] kmem_cache_free+0x145/0x350
[ 71.364243][ T5103] hci_req_sync_complete+0xe7/0x290
[ 71.369459][ T5103] hci_event_packet+0xc71/0x1540
[ 71.374427][ T5103] hci_rx_work+0x3e8/0xca0
[ 71.378874][ T5103] process_scheduled_works+0xa2c/0x1830
[ 71.384443][ T5103] worker_thread+0x86d/0xd70
[ 71.389060][ T5103] kthread+0x2f0/0x390
[ 71.393155][ T5103] ret_from_fork+0x4b/0x80
[ 71.397605][ T5103] ret_from_fork_asm+0x1a/0x30
[ 71.402401][ T5103]
[ 71.404737][ T5103] The buggy address belongs to the object at ffff88802297b280
[ 71.404737][ T5103] which belongs to the cache skbuff_head_cache of size 240
[ 71.419324][ T5103] The buggy address is located 228 bytes inside of
[ 71.419324][ T5103] freed 240-byte region [ffff88802297b280, ffff88802297b370)
[ 71.433237][ T5103]
[ 71.435580][ T5103] The buggy address belongs to the physical page:
[ 71.442010][ T5103] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2297b
[ 71.450804][ T5103] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 71.457935][ T5103] page_type: 0xffffefff(slab)
[ 71.462610][ T5103] raw: 00fff00000000000 ffff888018e9f780 dead000000000122 0000000000000000
[ 71.471190][ T5103] raw: 0000000000000000 00000000800c000c 00000001ffffefff 0000000000000000
[ 71.479769][ T5103] page dumped because: kasan: bad access detected
[ 71.486185][ T5103] page_owner tracks the page as allocated
[ 71.491892][ T5103] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5103, tgid 5103 (syz-executor), ts 70954503600, free_ts 70915614215
[ 71.511166][ T5103] post_alloc_hook+0x1f3/0x230
[ 71.515938][ T5103] get_page_from_freelist+0x2e2d/0x2ee0
[ 71.521483][ T5103] __alloc_pages_noprof+0x256/0x6c0
[ 71.526683][ T5103] alloc_slab_page+0x5f/0x120
[ 71.531388][ T5103] allocate_slab+0x5a/0x2e0
[ 71.535907][ T5103] ___slab_alloc+0xcd1/0x14b0
[ 71.540594][ T5103] __slab_alloc+0x58/0xa0
[ 71.544933][ T5103] kmem_cache_alloc_node_noprof+0x1fe/0x320
[ 71.550842][ T5103] __alloc_skb+0x1c3/0x440
[ 71.555343][ T5103] hci_prepare_cmd+0x39/0x300
[ 71.560028][ T5103] hci_req_add_ev+0xac/0x290
[ 71.564637][ T5103] hci_scan_req+0xa0/0x180
[ 71.569077][ T5103] __hci_req_sync+0x1a8/0x950
[ 71.573761][ T5103] hci_req_sync+0xa9/0xd0
[ 71.578116][ T5103] hci_dev_cmd+0x4c5/0xa50
[ 71.582538][ T5103] sock_do_ioctl+0x158/0x460
[ 71.587132][ T5103] page last free pid 5089 tgid 5089 stack trace:
[ 71.593456][ T5103] free_unref_page+0xd22/0xea0
[ 71.598253][ T5103] __put_partials+0xeb/0x130
[ 71.602849][ T5103] put_cpu_partial+0x17c/0x250
[ 71.607619][ T5103] __slab_free+0x2ea/0x3d0
[ 71.612044][ T5103] qlist_free_all+0x9e/0x140
[ 71.616644][ T5103] kasan_quarantine_reduce+0x14f/0x170
[ 71.622105][ T5103] __kasan_slab_alloc+0x23/0x80
[ 71.626962][ T5103] kmem_cache_alloc_noprof+0x135/0x2a0
[ 71.632439][ T5103] create_new_namespaces+0x34/0x7b0
[ 71.637659][ T5103] unshare_nsproxy_namespaces+0x124/0x180
[ 71.643385][ T5103] ksys_unshare+0x619/0xc10
[ 71.647895][ T5103] __x64_sys_unshare+0x38/0x40
[ 71.652666][ T5103] do_syscall_64+0xf3/0x230
[ 71.657176][ T5103] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.663076][ T5103]
[ 71.665403][ T5103] Memory state around the buggy address:
[ 71.671031][ T5103] ffff88802297b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 71.679090][ T5103] ffff88802297b280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 71.687152][ T5103] >ffff88802297b300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 71.695217][ T5103] ^
[ 71.702408][ T5103] ffff88802297b380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 71.710463][ T5103] ffff88802297b400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 71.718513][ T5103] ==================================================================
[ 71.729854][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.736524][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.750635][ T5103] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 71.757861][ T5103] CPU: 1 PID: 5103 Comm: syz-executor Not tainted 6.10.0-rc2-syzkaller-00834-g90dc946059b7 #0
[ 71.768106][ T5103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 71.778168][ T5103] Call Trace:
[ 71.781451][ T5103]
[ 71.784385][ T5103] dump_stack_lvl+0x241/0x360
[ 71.789072][ T5103] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.794281][ T5103] ? __pfx__printk+0x10/0x10
[ 71.798872][ T5103] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 71.804861][ T5103] ? vscnprintf+0x5d/0x90
[ 71.809199][ T5103] panic+0x349/0x860
[ 71.813098][ T5103] ? check_panic_on_warn+0x21/0xb0
[ 71.818216][ T5103] ? __pfx_panic+0x10/0x10
[ 71.822723][ T5103] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 71.828707][ T5103] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 71.835041][ T5103] check_panic_on_warn+0x86/0xb0
[ 71.839991][ T5103] ? kfree_skb_reason+0x41/0x3b0
[ 71.844933][ T5103] end_report+0x77/0x160
[ 71.849199][ T5103] kasan_report+0x154/0x180
[ 71.853717][ T5103] ? kfree_skb_reason+0x41/0x3b0
[ 71.858663][ T5103] kasan_check_range+0x282/0x290
[ 71.863612][ T5103] kfree_skb_reason+0x41/0x3b0
[ 71.868391][ T5103] __hci_req_sync+0x62f/0x950
[ 71.873094][ T5103] ? __pfx___hci_req_sync+0x10/0x10
[ 71.878302][ T5103] ? __pfx___mutex_lock+0x10/0x10
[ 71.883335][ T5103] ? __pfx_autoremove_wake_function+0x10/0x10
[ 71.889406][ T5103] ? __pfx_hci_scan_req+0x10/0x10
[ 71.894438][ T5103] hci_req_sync+0xa9/0xd0
[ 71.898769][ T5103] hci_dev_cmd+0x4c5/0xa50
[ 71.903186][ T5103] ? security_capable+0x90/0xb0
[ 71.908040][ T5103] ? __pfx_hci_dev_cmd+0x10/0x10
[ 71.914112][ T5103] ? hci_sock_ioctl+0x6c4/0xa40
[ 71.918967][ T5103] sock_do_ioctl+0x158/0x460
[ 71.923563][ T5103] ? __pfx_sock_do_ioctl+0x10/0x10
[ 71.928681][ T5103] sock_ioctl+0x629/0x8e0
[ 71.933019][ T5103] ? __pfx_sock_ioctl+0x10/0x10
[ 71.937881][ T5103] ? __fget_files+0x29/0x470
[ 71.942479][ T5103] ? __fget_files+0x3f6/0x470
[ 71.947175][ T5103] ? __fget_files+0x29/0x470
[ 71.951776][ T5103] ? bpf_lsm_file_ioctl+0x9/0x10
[ 71.956720][ T5103] ? security_file_ioctl+0x87/0xb0
[ 71.961836][ T5103] ? __pfx_sock_ioctl+0x10/0x10
[ 71.966695][ T5103] __se_sys_ioctl+0xfc/0x170
[ 71.971292][ T5103] do_syscall_64+0xf3/0x230
[ 71.975797][ T5103] ? clear_bhb_loop+0x35/0x90
[ 71.980496][ T5103] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.986393][ T5103] RIP: 0033:0x7fc1923757db
[ 71.990806][ T5103] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 72.010410][ T5103] RSP: 002b:00007ffeee021a40 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 72.018827][ T5103] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc1923757db
[ 72.026982][ T5103] RDX: 00007ffeee021ab8 RSI: 00000000400448dd RDI: 0000000000000003
[ 72.034952][ T5103] RBP: 0000555587b7d4a8 R08: 0000000000000000 R09: 0000000000000000
[ 72.042927][ T5103] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000004
[ 72.050894][ T5103] R13: 0000000000000004 R14: 0000000000000009 R15: 0000000000000009
[ 72.058886][ T5103]
[ 72.062203][ T5103] Kernel Offset: disabled
[ 72.066527][ T5103] Rebooting in 86400 seconds..