program:
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c00000000000000000f883816814100000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b0000000000e000000200000000001c000000000000000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f00000a0000000800786a00"/28, @ANYRES32=0x0, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0) (async)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c00000000000000000f883816814100000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b0000000000e000000200000000001c000000000000000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f00000a0000000800786a00"/28, @ANYRES32=0x0, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x700000000000000}, 0x0) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x700000000000000}, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1817c1, 0x0)
r3 = inotify_init()
inotify_add_watch(r3, &(0x7f0000000000)='./file0\x00', 0xa000032a)
readv(r3, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/256, 0x10}], 0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x37)
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0x12, 0x2, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0x12, 0x2, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r6, r5, 0x7, 0x0, 0x0, @void, @value}, 0x10) (async)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r6, r5, 0x7, 0x0, 0x0, @void, @value}, 0x10)
close(r5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r4}, &(0x7f00000000c0), &(0x7f00000002c0)=r5}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r4}, &(0x7f00000000c0), &(0x7f00000002c0)=r5}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001540)={{r6}, &(0x7f00000014c0), &(0x7f0000001500)=r5}, 0x20)
pwritev2(r2, &(0x7f0000022e80)=[{&(0x7f0000000240)="8a8fa9a4", 0x4}], 0x1, 0x0, 0x0, 0x0)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0xfffffffffffffc7e) (async)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0xfffffffffffffc7e)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c0000003e0007010000000000000000017c00000400d00031000180f90ec1cfd5ce5add4155edd01aae13d1823c55bca8f6c974fa1400bf00fc0200000000000010"], 0x4c}}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x92c0199, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90224fc60100005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0)

[   58.723303][ T4675] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562
[   58.726908][ T4675] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4675, name: kworker/u5:1
[   58.730320][ T4675] preempt_count: 0, expected: 0
[   58.732332][ T4675] RCU nest depth: 1, expected: 0
[   58.734232][ T4675] INFO: lockdep is turned off.
[   58.736126][ T4675] CPU: 0 UID: 0 PID: 4675 Comm: kworker/u5:1 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
[   58.739917][ T4675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   58.744020][ T4675] Workqueue: hci0 hci_rx_work
[   58.746081][ T4675] Call Trace:
[   58.747445][ T4675]  <TASK>
[   58.748630][ T4675]  dump_stack_lvl+0x241/0x360
[   58.750519][ T4675]  ? __pfx_dump_stack_lvl+0x10/0x10
[   58.752670][ T4675]  ? __pfx__printk+0x10/0x10
[   58.754444][ T4675]  ? rcu_is_watching+0x15/0xb0
[   58.756492][ T4675]  ? lock_acquire+0xe3/0x550
[   58.758409][ T4675]  __might_resched+0x5d4/0x780
[   58.760459][ T4675]  ? __mutex_lock+0x187/0xee0
[   58.762189][ T4675]  ? __pfx___might_resched+0x10/0x10
[   58.764240][ T4675]  ? __pfx___mutex_trylock_common+0x10/0x10
[   58.766417][ T4675]  ? rcu_is_watching+0x15/0xb0
[   58.768111][ T4675]  __mutex_lock+0x131/0xee0
[   58.769700][ T4675]  ? rcu_is_watching+0x15/0xb0
[   58.771453][ T4675]  ? lock_acquire+0xe3/0x550
[   58.773212][ T4675]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   58.775660][ T4675]  ? __pfx___mutex_lock+0x10/0x10
[   58.777611][ T4675]  ? rcu_is_watching+0x15/0xb0
[   58.779583][ T4675]  ? trace_contention_end+0x3c/0x120
[   58.781452][ T4675]  ? skb_pull_data+0x112/0x230
[   58.783234][ T4675]  ? hci_conn_set_handle+0x9a/0x270
[   58.785221][ T4675]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   58.787405][ T4675]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   58.790001][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   58.792504][ T4675]  ? hci_le_meta_evt+0x366/0x580
[   58.794300][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   58.796656][ T4675]  hci_event_packet+0xa55/0x1540
[   58.798514][ T4675]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   58.800639][ T4675]  ? __pfx_hci_event_packet+0x10/0x10
[   58.802688][ T4675]  ? do_raw_spin_unlock+0x58/0x8b0
[   58.804896][ T4675]  ? rcu_is_watching+0x15/0xb0
[   58.806780][ T4675]  ? hci_send_to_monitor+0xd8/0x7f0
[   58.808795][ T4675]  ? kcov_remote_start+0x97/0x7d0
[   58.810838][ T4675]  hci_rx_work+0x3e8/0xca0
[   58.812498][ T4675]  ? process_scheduled_works+0x976/0x1850
[   58.814486][ T4675]  process_scheduled_works+0xa63/0x1850
[   58.816298][ T4675]  ? __pfx_process_scheduled_works+0x10/0x10
[   58.818333][ T4675]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[   58.821061][ T4675]  ? assign_work+0x364/0x3d0
[   58.822835][ T4675]  worker_thread+0x870/0xd30
[   58.824537][ T4675]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   58.826938][ T4675]  ? __kthread_parkme+0x169/0x1d0
[   58.829165][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   58.831753][ T4675]  kthread+0x2f0/0x390
[   58.833661][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   58.835847][ T4675]  ? __pfx_kthread+0x10/0x10
[   58.837915][ T4675]  ret_from_fork+0x4b/0x80
[   58.839888][ T4675]  ? __pfx_kthread+0x10/0x10
[   58.841896][ T4675]  ret_from_fork_asm+0x1a/0x30
[   58.843906][ T4675]  </TASK>
[   58.850532][ T4675] ==================================================================
[   58.854057][ T4675] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[   58.857980][ T4675] Read of size 8 at addr ffff888042f04000 by task kworker/u5:1/4675
[   58.861378][ T4675] 
[   58.862399][ T4675] CPU: 0 UID: 0 PID: 4675 Comm: kworker/u5:1 Tainted: G        W          6.12.0-syzkaller-01782-gbf9aa14fc523 #0
[   58.867089][ T4675] Tainted: [W]=WARN
[   58.868660][ T4675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   58.873055][ T4675] Workqueue: hci0 hci_rx_work
[   58.874837][ T4675] Call Trace:
[   58.876282][ T4675]  <TASK>
[   58.877426][ T4675]  dump_stack_lvl+0x241/0x360
[   58.879381][ T4675]  ? __pfx_dump_stack_lvl+0x10/0x10
[   58.881405][ T4675]  ? __pfx__printk+0x10/0x10
[   58.883307][ T4675]  ? _printk+0xd5/0x120
[   58.884977][ T4675]  ? __virt_addr_valid+0x183/0x530
[   58.887091][ T4675]  ? __virt_addr_valid+0x183/0x530
[   58.889240][ T4675]  print_report+0x169/0x550
[   58.891149][ T4675]  ? __virt_addr_valid+0x183/0x530
[   58.893172][ T4675]  ? __virt_addr_valid+0x183/0x530
[   58.895348][ T4675]  ? __virt_addr_valid+0x45f/0x530
[   58.897531][ T4675]  ? __phys_addr+0xba/0x170
[   58.899339][ T4675]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   58.901715][ T4675]  kasan_report+0x143/0x180
[   58.903501][ T4675]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   58.905815][ T4675]  hci_le_create_big_complete_evt+0x383/0xae0
[   58.908437][ T4675]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   58.911103][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   58.914009][ T4675]  ? hci_le_meta_evt+0x366/0x580
[   58.916069][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   58.918779][ T4675]  hci_event_packet+0xa55/0x1540
[   58.921098][ T4675]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   58.923343][ T4675]  ? __pfx_hci_event_packet+0x10/0x10
[   58.925543][ T4675]  ? do_raw_spin_unlock+0x58/0x8b0
[   58.927659][ T4675]  ? rcu_is_watching+0x15/0xb0
[   58.929739][ T4675]  ? hci_send_to_monitor+0xd8/0x7f0
[   58.932173][ T4675]  ? kcov_remote_start+0x97/0x7d0
[   58.934276][ T4675]  hci_rx_work+0x3e8/0xca0
[   58.936167][ T4675]  ? process_scheduled_works+0x976/0x1850
[   58.938499][ T4675]  process_scheduled_works+0xa63/0x1850
[   58.940756][ T4675]  ? __pfx_process_scheduled_works+0x10/0x10
[   58.943258][ T4675]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[   58.945363][ T4675]  ? assign_work+0x364/0x3d0
[   58.947046][ T4675]  worker_thread+0x870/0xd30
[   58.948830][ T4675]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   58.950449][ T4675]  ? __kthread_parkme+0x169/0x1d0
[   58.951998][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   58.953974][ T4675]  kthread+0x2f0/0x390
[   58.955674][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   58.957675][ T4675]  ? __pfx_kthread+0x10/0x10
[   58.959570][ T4675]  ret_from_fork+0x4b/0x80
[   58.961555][ T4675]  ? __pfx_kthread+0x10/0x10
[   58.963448][ T4675]  ret_from_fork_asm+0x1a/0x30
[   58.965450][ T4675]  </TASK>
[   58.966536][ T4675] 
[   58.967450][ T4675] Allocated by task 4675:
[   58.969023][ T4675]  kasan_save_track+0x3f/0x80
[   58.970986][ T4675]  __kasan_kmalloc+0x98/0xb0
[   58.972874][ T4675]  __kmalloc_cache_noprof+0x19c/0x2c0
[   58.975125][ T4675]  __hci_conn_add+0x2f9/0x1850
[   58.977067][ T4675]  hci_le_big_sync_established_evt+0x414/0xc20
[   58.979147][ T4675]  hci_event_packet+0xa55/0x1540
[   58.980666][ T4675]  hci_rx_work+0x3e8/0xca0
[   58.981849][ T4675]  process_scheduled_works+0xa63/0x1850
[   58.983345][ T4675]  worker_thread+0x870/0xd30
[   58.984610][ T4675]  kthread+0x2f0/0x390
[   58.985709][ T4675]  ret_from_fork+0x4b/0x80
[   58.986907][ T4675]  ret_from_fork_asm+0x1a/0x30
[   58.988223][ T4675] 
[   58.988908][ T4675] Freed by task 4675:
[   58.989988][ T4675]  kasan_save_track+0x3f/0x80
[   58.991285][ T4675]  kasan_save_free_info+0x40/0x50
[   58.992622][ T4675]  __kasan_slab_free+0x59/0x70
[   58.994019][ T4675]  kfree+0x1a0/0x440
[   58.995148][ T4675]  device_release+0x99/0x1c0
[   58.996558][ T4675]  kobject_put+0x22f/0x480
[   58.997914][ T4675]  hci_conn_del+0x8c4/0xc40
[   58.999378][ T4675]  hci_le_create_big_complete_evt+0x619/0xae0
[   59.001560][ T4675]  hci_event_packet+0xa55/0x1540
[   59.003020][ T4675]  hci_rx_work+0x3e8/0xca0
[   59.004633][ T4675]  process_scheduled_works+0xa63/0x1850
[   59.006246][ T4675]  worker_thread+0x870/0xd30
[   59.007753][ T4675]  kthread+0x2f0/0x390
[   59.009001][ T4675]  ret_from_fork+0x4b/0x80
[   59.010387][ T4675]  ret_from_fork_asm+0x1a/0x30
[   59.011865][ T4675] 
[   59.012635][ T4675] The buggy address belongs to the object at ffff888042f04000
[   59.012635][ T4675]  which belongs to the cache kmalloc-8k of size 8192
[   59.017634][ T4675] The buggy address is located 0 bytes inside of
[   59.017634][ T4675]  freed 8192-byte region [ffff888042f04000, ffff888042f06000)
[   59.021742][ T4675] 
[   59.022403][ T4675] The buggy address belongs to the physical page:
[   59.024321][ T4675] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42f00
[   59.027714][ T4675] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   59.030569][ T4675] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   59.032926][ T4675] page_type: f5(slab)
[   59.034322][ T4675] raw: 04fff00000000040 ffff88801ac42280 ffffea00010bea00 0000000000000006
[   59.037056][ T4675] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   59.040331][ T4675] head: 04fff00000000040 ffff88801ac42280 ffffea00010bea00 0000000000000006
[   59.043489][ T4675] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   59.046731][ T4675] head: 04fff00000000003 ffffea00010bc001 ffffffffffffffff 0000000000000000
[   59.050039][ T4675] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   59.053205][ T4675] page dumped because: kasan: bad access detected
[   59.055651][ T4675] page_owner tracks the page as allocated
[   59.057397][ T4675] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5309, tgid 5309 (syz-executor), ts 56132774375, free_ts 56126570143
[   59.063568][ T4675]  post_alloc_hook+0x1f3/0x230
[   59.065052][ T4675]  get_page_from_freelist+0x3649/0x3790
[   59.066778][ T4675]  __alloc_pages_noprof+0x292/0x710
[   59.068734][ T4675]  alloc_pages_mpol_noprof+0x3e8/0x680
[   59.070817][ T4675]  alloc_slab_page+0x6a/0x140
[   59.072675][ T4675]  allocate_slab+0x5a/0x2f0
[   59.074412][ T4675]  ___slab_alloc+0xcd1/0x14b0
[   59.076349][ T4675]  __slab_alloc+0x58/0xa0
[   59.078143][ T4675]  __kmalloc_cache_noprof+0x1d5/0x2c0
[   59.080245][ T4675]  tomoyo_init_log+0x11cd/0x2050
[   59.082100][ T4675]  tomoyo_supervisor+0x38a/0x11f0
[   59.084081][ T4675]  tomoyo_env_perm+0x178/0x210
[   59.085815][ T4675]  tomoyo_find_next_domain+0x146e/0x1d40
[   59.088056][ T4675]  tomoyo_bprm_check_security+0x117/0x180
[   59.090234][ T4675]  security_bprm_check+0x86/0x250
[   59.091821][ T4675]  bprm_execve+0xa56/0x1770
[   59.093456][ T4675] page last free pid 5031 tgid 5031 stack trace:
[   59.095414][ T4675]  free_unref_page+0xdf9/0x1140
[   59.099534][ T4675]  __put_partials+0xeb/0x130
[   59.101350][ T4675]  put_cpu_partial+0x17c/0x250
[   59.103288][ T4675]  __slab_free+0x2ea/0x3d0
[   59.104925][ T4675]  qlist_free_all+0x9a/0x140
[   59.106626][ T4675]  kasan_quarantine_reduce+0x14f/0x170
[   59.108770][ T4675]  __kasan_slab_alloc+0x23/0x80
[   59.110625][ T4675]  kmem_cache_alloc_node_noprof+0x16b/0x320
[   59.112922][ T4675]  __alloc_skb+0x1c3/0x440
[   59.114649][ T4675]  alloc_skb_with_frags+0xc3/0x820
[   59.116747][ T4675]  sock_alloc_send_pskb+0x91a/0xa60
[   59.119159][ T4675]  unix_dgram_sendmsg+0x6d3/0x1f80
[   59.121271][ T4675]  __sock_sendmsg+0x221/0x270
[   59.123098][ T4675]  sock_write_iter+0x2d7/0x3f0
[   59.124846][ T4675]  do_iter_readv_writev+0x600/0x880
[   59.126717][ T4675]  vfs_writev+0x376/0xba0
[   59.128411][ T4675] 
[   59.129421][ T4675] Memory state around the buggy address:
[   59.131797][ T4675]  ffff888042f03f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   59.135289][ T4675]  ffff888042f03f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   59.138710][ T4675] >ffff888042f04000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   59.141793][ T4675]                    ^
[   59.143306][ T4675]  ffff888042f04080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   59.146270][ T4675]  ffff888042f04100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   59.148903][ T4675] ==================================================================
[   59.163754][ T4675] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   59.166469][ T4675] CPU: 0 UID: 0 PID: 4675 Comm: kworker/u5:1 Tainted: G        W          6.12.0-syzkaller-01782-gbf9aa14fc523 #0
[   59.170837][ T4675] Tainted: [W]=WARN
[   59.172313][ T4675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.176751][ T4675] Workqueue: hci0 hci_rx_work
[   59.178797][ T4675] Call Trace:
[   59.180083][ T4675]  <TASK>
[   59.181219][ T4675]  dump_stack_lvl+0x241/0x360
[   59.183063][ T4675]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.185452][ T4675]  ? __pfx__printk+0x10/0x10
[   59.187198][ T4675]  ? rcu_is_watching+0x15/0xb0
[   59.189242][ T4675]  ? preempt_schedule+0xe1/0xf0
[   59.191149][ T4675]  ? vscnprintf+0x5d/0x90
[   59.192960][ T4675]  panic+0x349/0x880
[   59.194486][ T4675]  ? check_panic_on_warn+0x21/0xb0
[   59.196684][ T4675]  ? __pfx_panic+0x10/0x10
[   59.198368][ T4675]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   59.200718][ T4675]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   59.203198][ T4675]  ? print_report+0x502/0x550
[   59.205147][ T4675]  check_panic_on_warn+0x86/0xb0
[   59.207288][ T4675]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   59.209633][ T4675]  end_report+0x77/0x160
[   59.211616][ T4675]  kasan_report+0x154/0x180
[   59.213355][ T4675]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   59.215816][ T4675]  hci_le_create_big_complete_evt+0x383/0xae0
[   59.218137][ T4675]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   59.220756][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   59.223416][ T4675]  ? hci_le_meta_evt+0x366/0x580
[   59.225404][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   59.228056][ T4675]  hci_event_packet+0xa55/0x1540
[   59.230054][ T4675]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   59.232053][ T4675]  ? __pfx_hci_event_packet+0x10/0x10
[   59.234450][ T4675]  ? do_raw_spin_unlock+0x58/0x8b0
[   59.236577][ T4675]  ? rcu_is_watching+0x15/0xb0
[   59.238404][ T4675]  ? hci_send_to_monitor+0xd8/0x7f0
[   59.240396][ T4675]  ? kcov_remote_start+0x97/0x7d0
[   59.242275][ T4675]  hci_rx_work+0x3e8/0xca0
[   59.244014][ T4675]  ? process_scheduled_works+0x976/0x1850
[   59.246181][ T4675]  process_scheduled_works+0xa63/0x1850
[   59.248370][ T4675]  ? __pfx_process_scheduled_works+0x10/0x10
[   59.250641][ T4675]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[   59.253667][ T4675]  ? assign_work+0x364/0x3d0
[   59.255772][ T4675]  worker_thread+0x870/0xd30
[   59.258267][ T4675]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   59.260522][ T4675]  ? __kthread_parkme+0x169/0x1d0
[   59.262497][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   59.264450][ T4675]  kthread+0x2f0/0x390
[   59.266128][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   59.268178][ T4675]  ? __pfx_kthread+0x10/0x10
[   59.270363][ T4675]  ret_from_fork+0x4b/0x80
[   59.272105][ T4675]  ? __pfx_kthread+0x10/0x10
[   59.273868][ T4675]  ret_from_fork_asm+0x1a/0x30
[   59.275673][ T4675]  </TASK>
[   59.277074][ T4675] Kernel Offset: disabled
[   59.278679][ T4675] Rebooting in 86400 seconds..