program:
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f00000000c0)={0x7f, 0x48, [0x4, 0x4, 0x2, 0xd6], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
[ 81.496312][ T4532] Bluetooth: hci0: command tx timeout
[ 82.576283][ T5108] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.579833][ T5108] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.608812][ T4532] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[ 82.612323][ T4532] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4532, name: kworker/u5:1
[ 82.616562][ T4532] preempt_count: 0, expected: 0
[ 82.618671][ T4532] RCU nest depth: 1, expected: 0
[ 82.620835][ T4532] 4 locks held by kworker/u5:1/4532:
[ 82.623461][ T4532] #0: ffff8880403bb148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[ 82.631045][ T4532] #1: ffffc9000cb3fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[ 82.636900][ T4532] #2: ffff88803de2c078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[ 82.641091][ T4532] #3: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[ 82.646945][ T4532] CPU: 0 UID: 0 PID: 4532 Comm: kworker/u5:1 Not tainted 6.12.0-rc1-syzkaller-00046-g7ec462100ef9 #0
[ 82.651746][ T4532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 82.655598][ T4532] Workqueue: hci0 hci_rx_work
[ 82.657551][ T4532] Call Trace:
[ 82.658883][ T4532]
[ 82.660399][ T4532] dump_stack_lvl+0x241/0x360
[ 82.662527][ T4532] ? __pfx_dump_stack_lvl+0x10/0x10
[ 82.664742][ T4532] ? __pfx__printk+0x10/0x10
[ 82.666758][ T4532] __might_resched+0x5d4/0x780
[ 82.668645][ T4532] ? __mutex_lock+0x112/0xd70
[ 82.670617][ T4532] ? __pfx___might_resched+0x10/0x10
[ 82.672801][ T4532] __mutex_lock+0xc1/0xd70
[ 82.674523][ T4532] ? __pfx_lock_acquire+0x10/0x10
[ 82.676901][ T4532] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 82.680061][ T4532] ? __pfx_lock_release+0x10/0x10
[ 82.682107][ T4532] ? __pfx___mutex_lock+0x10/0x10
[ 82.684120][ T4532] ? trace_contention_end+0x3c/0x120
[ 82.686061][ T4532] ? skb_pull_data+0x112/0x230
[ 82.687868][ T4532] ? hci_conn_set_handle+0x9a/0x270
[ 82.689815][ T4532] hci_le_create_big_complete_evt+0x3d9/0xae0
[ 82.692130][ T4532] ? __copy_skb_header+0x437/0x5b0
[ 82.694160][ T4532] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 82.697223][ T4532] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 82.700856][ T4532] ? hci_le_meta_evt+0x366/0x580
[ 82.703053][ T4532] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 82.705382][ T4532] hci_event_packet+0xa55/0x1540
[ 82.707331][ T4532] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 82.709352][ T4532] ? __pfx_hci_event_packet+0x10/0x10
[ 82.711487][ T4532] ? do_raw_spin_unlock+0x58/0x8b0
[ 82.713460][ T4532] ? hci_send_to_monitor+0xd8/0x7f0
[ 82.715486][ T4532] ? kcov_remote_start+0x97/0x7d0
[ 82.717457][ T4532] hci_rx_work+0x3e8/0xca0
[ 82.719505][ T4532] ? process_scheduled_works+0x976/0x1850
[ 82.722008][ T4532] process_scheduled_works+0xa63/0x1850
[ 82.724439][ T4532] ? __pfx_process_scheduled_works+0x10/0x10
[ 82.726843][ T4532] ? assign_work+0x364/0x3d0
[ 82.728618][ T4532] worker_thread+0x870/0xd30
[ 82.730353][ T4532] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 82.732505][ T4532] ? __kthread_parkme+0x169/0x1d0
[ 82.734354][ T4532] ? __pfx_worker_thread+0x10/0x10
[ 82.736540][ T4532] kthread+0x2f0/0x390
[ 82.738571][ T4532] ? __pfx_worker_thread+0x10/0x10
[ 82.740808][ T4532] ? __pfx_kthread+0x10/0x10
[ 82.742702][ T4532] ret_from_fork+0x4b/0x80
[ 82.744330][ T4532] ? __pfx_kthread+0x10/0x10
[ 82.745976][ T4532] ret_from_fork_asm+0x1a/0x30
[ 82.747745][ T4532]
[ 82.754357][ T4532]
[ 82.755248][ T4532] =============================
[ 82.756989][ T4532] [ BUG: Invalid wait context ]
[ 82.759067][ T4532] 6.12.0-rc1-syzkaller-00046-g7ec462100ef9 #0 Tainted: G W
[ 82.762973][ T4532] -----------------------------
[ 82.765370][ T4532] kworker/u5:1/4532 is trying to lock:
[ 82.767421][ T4532] ffffffff8fe3df28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[ 82.771270][ T4532] other info that might help us debug this:
[ 82.773703][ T4532] context-{4:4}
[ 82.775826][ T4532] 4 locks held by kworker/u5:1/4532:
[ 82.778744][ T4532] #0: ffff8880403bb148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[ 82.782904][ T4532] #1: ffffc9000cb3fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[ 82.787335][ T4532] #2: ffff88803de2c078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[ 82.792025][ T4532] #3: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[ 82.796648][ T4532] stack backtrace:
[ 82.798084][ T4532] CPU: 0 UID: 0 PID: 4532 Comm: kworker/u5:1 Tainted: G W 6.12.0-rc1-syzkaller-00046-g7ec462100ef9 #0
[ 82.802772][ T4532] Tainted: [W]=WARN
[ 82.804392][ T4532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 82.809070][ T4532] Workqueue: hci0 hci_rx_work
[ 82.811116][ T4532] Call Trace:
[ 82.812484][ T4532]
[ 82.813789][ T4532] dump_stack_lvl+0x241/0x360
[ 82.815725][ T4532] ? __pfx_dump_stack_lvl+0x10/0x10
[ 82.818006][ T4532] ? __pfx__printk+0x10/0x10
[ 82.819799][ T4532] __lock_acquire+0x154a/0x2050
[ 82.821671][ T4532] lock_acquire+0x1ed/0x550
[ 82.823353][ T4532] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 82.825677][ T4532] ? __pfx_lock_acquire+0x10/0x10
[ 82.827712][ T4532] ? __mutex_lock+0x112/0xd70
[ 82.829717][ T4532] ? __pfx___might_resched+0x10/0x10
[ 82.832563][ T4532] __mutex_lock+0x136/0xd70
[ 82.834293][ T4532] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 82.836612][ T4532] ? __pfx_lock_acquire+0x10/0x10
[ 82.838540][ T4532] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 82.840884][ T4532] ? __pfx_lock_release+0x10/0x10
[ 82.843233][ T4532] ? __pfx___mutex_lock+0x10/0x10
[ 82.846014][ T4532] ? trace_contention_end+0x3c/0x120
[ 82.848206][ T4532] ? skb_pull_data+0x112/0x230
[ 82.850083][ T4532] ? hci_conn_set_handle+0x9a/0x270
[ 82.852118][ T4532] hci_le_create_big_complete_evt+0x3d9/0xae0
[ 82.854485][ T4532] ? __copy_skb_header+0x437/0x5b0
[ 82.856560][ T4532] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 82.859484][ T4532] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 82.862774][ T4532] ? hci_le_meta_evt+0x366/0x580
[ 82.864603][ T4532] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 82.867092][ T4532] hci_event_packet+0xa55/0x1540
[ 82.869219][ T4532] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 82.871615][ T4532] ? __pfx_hci_event_packet+0x10/0x10
[ 82.874605][ T4532] ? do_raw_spin_unlock+0x58/0x8b0
[ 82.877591][ T4532] ? hci_send_to_monitor+0xd8/0x7f0
[ 82.880016][ T4532] ? kcov_remote_start+0x97/0x7d0
[ 82.881971][ T4532] hci_rx_work+0x3e8/0xca0
[ 82.883801][ T4532] ? process_scheduled_works+0x976/0x1850
[ 82.885916][ T4532] process_scheduled_works+0xa63/0x1850
[ 82.888099][ T4532] ? __pfx_process_scheduled_works+0x10/0x10
[ 82.890595][ T4532] ? assign_work+0x364/0x3d0
[ 82.892576][ T4532] worker_thread+0x870/0xd30
[ 82.894534][ T4532] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 82.897272][ T4532] ? __kthread_parkme+0x169/0x1d0
[ 82.899433][ T4532] ? __pfx_worker_thread+0x10/0x10
[ 82.901472][ T4532] kthread+0x2f0/0x390
[ 82.902987][ T4532] ? __pfx_worker_thread+0x10/0x10
[ 82.904974][ T4532] ? __pfx_kthread+0x10/0x10
[ 82.906757][ T4532] ret_from_fork+0x4b/0x80
[ 82.908550][ T4532] ? __pfx_kthread+0x10/0x10
[ 82.910435][ T4532] ret_from_fork_asm+0x1a/0x30
[ 82.912757][ T4532]
[ 82.920961][ T4532] ==================================================================
[ 82.924187][ T4532] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[ 82.928625][ T4532] Read of size 8 at addr ffff888036cf8000 by task kworker/u5:1/4532
[ 82.932748][ T4532]
[ 82.933735][ T4532] CPU: 0 UID: 0 PID: 4532 Comm: kworker/u5:1 Tainted: G W 6.12.0-rc1-syzkaller-00046-g7ec462100ef9 #0
[ 82.938584][ T4532] Tainted: [W]=WARN
[ 82.940080][ T4532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 82.944428][ T4532] Workqueue: hci0 hci_rx_work
[ 82.946844][ T4532] Call Trace:
[ 82.948504][ T4532]
[ 82.949721][ T4532] dump_stack_lvl+0x241/0x360
[ 82.951633][ T4532] ? __pfx_dump_stack_lvl+0x10/0x10
[ 82.953544][ T4532] ? __pfx__printk+0x10/0x10
[ 82.955238][ T4532] ? _printk+0xd5/0x120
[ 82.956848][ T4532] ? __virt_addr_valid+0x183/0x530
[ 82.958877][ T4532] ? __virt_addr_valid+0x183/0x530
[ 82.960869][ T4532] print_report+0x169/0x550
[ 82.962647][ T4532] ? __virt_addr_valid+0x183/0x530
[ 82.964649][ T4532] ? __virt_addr_valid+0x183/0x530
[ 82.966776][ T4532] ? __virt_addr_valid+0x45f/0x530
[ 82.969047][ T4532] ? __phys_addr+0xba/0x170
[ 82.971085][ T4532] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 82.973685][ T4532] kasan_report+0x143/0x180
[ 82.975461][ T4532] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 82.977692][ T4532] hci_le_create_big_complete_evt+0x383/0xae0
[ 82.980017][ T4532] ? __copy_skb_header+0x437/0x5b0
[ 82.982216][ T4532] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 82.985493][ T4532] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 82.988436][ T4532] ? hci_le_meta_evt+0x366/0x580
[ 82.990397][ T4532] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 82.992960][ T4532] hci_event_packet+0xa55/0x1540
[ 82.994870][ T4532] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 82.997162][ T4532] ? __pfx_hci_event_packet+0x10/0x10
[ 82.999552][ T4532] ? do_raw_spin_unlock+0x58/0x8b0
[ 83.001978][ T4532] ? hci_send_to_monitor+0xd8/0x7f0
[ 83.004333][ T4532] ? kcov_remote_start+0x97/0x7d0
[ 83.006319][ T4532] hci_rx_work+0x3e8/0xca0
[ 83.007900][ T4532] ? process_scheduled_works+0x976/0x1850
[ 83.010089][ T4532] process_scheduled_works+0xa63/0x1850
[ 83.012367][ T4532] ? __pfx_process_scheduled_works+0x10/0x10
[ 83.015503][ T4532] ? assign_work+0x364/0x3d0
[ 83.017875][ T4532] worker_thread+0x870/0xd30
[ 83.020146][ T4532] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 83.022445][ T4532] ? __kthread_parkme+0x169/0x1d0
[ 83.024380][ T4532] ? __pfx_worker_thread+0x10/0x10
[ 83.026315][ T4532] kthread+0x2f0/0x390
[ 83.028249][ T4532] ? __pfx_worker_thread+0x10/0x10
[ 83.030902][ T4532] ? __pfx_kthread+0x10/0x10
[ 83.033164][ T4532] ret_from_fork+0x4b/0x80
[ 83.035020][ T4532] ? __pfx_kthread+0x10/0x10
[ 83.036833][ T4532] ret_from_fork_asm+0x1a/0x30
[ 83.038713][ T4532]
[ 83.039901][ T4532]
[ 83.041024][ T4532] Allocated by task 4532:
[ 83.042998][ T4532] kasan_save_track+0x3f/0x80
[ 83.044961][ T4532] __kasan_kmalloc+0x98/0xb0
[ 83.046999][ T4532] __kmalloc_cache_noprof+0x19c/0x2c0
[ 83.049415][ T4532] __hci_conn_add+0x2f9/0x1850
[ 83.051653][ T4532] hci_le_big_sync_established_evt+0x414/0xc20
[ 83.054407][ T4532] hci_event_packet+0xa55/0x1540
[ 83.056378][ T4532] hci_rx_work+0x3e8/0xca0
[ 83.058093][ T4532] process_scheduled_works+0xa63/0x1850
[ 83.060382][ T4532] worker_thread+0x870/0xd30
[ 83.062215][ T4532] kthread+0x2f0/0x390
[ 83.063760][ T4532] ret_from_fork+0x4b/0x80
[ 83.065578][ T4532] ret_from_fork_asm+0x1a/0x30
[ 83.067752][ T4532]
[ 83.068894][ T4532] Freed by task 4532:
[ 83.070930][ T4532] kasan_save_track+0x3f/0x80
[ 83.072953][ T4532] kasan_save_free_info+0x40/0x50
[ 83.075458][ T4532] __kasan_slab_free+0x59/0x70
[ 83.077746][ T4532] kfree+0x1a0/0x440
[ 83.079571][ T4532] device_release+0x99/0x1c0
[ 83.081638][ T4532] kobject_put+0x22f/0x480
[ 83.083628][ T4532] hci_conn_del+0x8c4/0xc40
[ 83.085608][ T4532] hci_le_create_big_complete_evt+0x619/0xae0
[ 83.087969][ T4532] hci_event_packet+0xa55/0x1540
[ 83.089833][ T4532] hci_rx_work+0x3e8/0xca0
[ 83.091527][ T4532] process_scheduled_works+0xa63/0x1850
[ 83.093522][ T4532] worker_thread+0x870/0xd30
[ 83.095250][ T4532] kthread+0x2f0/0x390
[ 83.096832][ T4532] ret_from_fork+0x4b/0x80
[ 83.098873][ T4532] ret_from_fork_asm+0x1a/0x30
[ 83.101122][ T4532]
[ 83.102124][ T4532] The buggy address belongs to the object at ffff888036cf8000
[ 83.102124][ T4532] which belongs to the cache kmalloc-8k of size 8192
[ 83.107142][ T4532] The buggy address is located 0 bytes inside of
[ 83.107142][ T4532] freed 8192-byte region [ffff888036cf8000, ffff888036cfa000)
[ 83.113377][ T4532]
[ 83.114512][ T4532] The buggy address belongs to the physical page:
[ 83.117128][ T4532] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36cf8
[ 83.120348][ T4532] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 83.123524][ T4532] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 83.126327][ T4532] page_type: f5(slab)
[ 83.127740][ T4532] raw: 04fff00000000040 ffff88801ac42280 ffffea0000470200 0000000000000006
[ 83.131643][ T4532] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[ 83.135317][ T4532] head: 04fff00000000040 ffff88801ac42280 ffffea0000470200 0000000000000006
[ 83.138671][ T4532] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[ 83.141795][ T4532] head: 04fff00000000003 ffffea0000db3e01 ffffffffffffffff 0000000000000000
[ 83.144870][ T4532] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 83.148048][ T4532] page dumped because: kasan: bad access detected
[ 83.151206][ T4532] page_owner tracks the page as allocated
[ 83.153968][ T4532] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5087, tgid 5087 (syz-executor), ts 74935032230, free_ts 74909606731
[ 83.161678][ T4532] post_alloc_hook+0x1f3/0x230
[ 83.163598][ T4532] get_page_from_freelist+0x3045/0x3190
[ 83.165609][ T4532] __alloc_pages_noprof+0x256/0x6c0
[ 83.168022][ T4532] alloc_pages_mpol_noprof+0x3e8/0x680
[ 83.170449][ T4532] alloc_slab_page+0x6a/0x120
[ 83.172203][ T4532] allocate_slab+0x5a/0x2f0
[ 83.173816][ T4532] ___slab_alloc+0xcd1/0x14b0
[ 83.175656][ T4532] __slab_alloc+0x58/0xa0
[ 83.177400][ T4532] __kmalloc_cache_noprof+0x1d5/0x2c0
[ 83.179643][ T4532] tomoyo_init_log+0x11cd/0x2050
[ 83.181936][ T4532] tomoyo_supervisor+0x38a/0x11f0
[ 83.185082][ T4532] tomoyo_env_perm+0x178/0x210
[ 83.187225][ T4532] tomoyo_find_next_domain+0x146e/0x1d40
[ 83.189747][ T4532] tomoyo_bprm_check_security+0x114/0x180
[ 83.192139][ T4532] security_bprm_check+0x86/0x250
[ 83.194089][ T4532] bprm_execve+0xa56/0x1770
[ 83.195853][ T4532] page last free pid 5086 tgid 5086 stack trace:
[ 83.198100][ T4532] free_unref_page+0xcfb/0xf20
[ 83.200057][ T4532] __put_partials+0xeb/0x130
[ 83.201914][ T4532] put_cpu_partial+0x17c/0x250
[ 83.204435][ T4532] __slab_free+0x2ea/0x3d0
[ 83.206703][ T4532] qlist_free_all+0x9a/0x140
[ 83.208902][ T4532] kasan_quarantine_reduce+0x14f/0x170
[ 83.211126][ T4532] __kasan_slab_alloc+0x23/0x80
[ 83.213041][ T4532] __kmalloc_noprof+0x1a6/0x400
[ 83.214844][ T4532] tomoyo_supervisor+0xe0d/0x11f0
[ 83.216841][ T4532] tomoyo_path_permission+0x243/0x360
[ 83.218810][ T4532] tomoyo_check_open_permission+0x479/0x500
[ 83.221089][ T4532] security_file_open+0x777/0x990
[ 83.222827][ T4532] do_dentry_open+0x369/0x1460
[ 83.224444][ T4532] vfs_open+0x3e/0x330
[ 83.225836][ T4532] path_openat+0x2c84/0x3590
[ 83.227702][ T4532] do_filp_open+0x235/0x490
[ 83.229768][ T4532]
[ 83.230873][ T4532] Memory state around the buggy address:
[ 83.233477][ T4532] ffff888036cf7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 83.236572][ T4532] ffff888036cf7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 83.239599][ T4532] >ffff888036cf8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.242540][ T4532] ^
[ 83.244057][ T4532] ffff888036cf8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.247530][ T4532] ffff888036cf8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.251646][ T4532] ==================================================================
[ 83.267117][ T4532] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 83.270492][ T4532] CPU: 0 UID: 0 PID: 4532 Comm: kworker/u5:1 Tainted: G W 6.12.0-rc1-syzkaller-00046-g7ec462100ef9 #0
[ 83.274783][ T4532] Tainted: [W]=WARN
[ 83.276184][ T4532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 83.279981][ T4532] Workqueue: hci0 hci_rx_work
[ 83.282298][ T4532] Call Trace:
[ 83.283859][ T4532]
[ 83.285255][ T4532] dump_stack_lvl+0x241/0x360
[ 83.287421][ T4532] ? __pfx_dump_stack_lvl+0x10/0x10
[ 83.289829][ T4532] ? __pfx__printk+0x10/0x10
[ 83.291723][ T4532] ? rcu_is_watching+0x15/0xb0
[ 83.293491][ T4532] ? preempt_schedule+0xe1/0xf0
[ 83.295305][ T4532] ? vscnprintf+0x5d/0x90
[ 83.296812][ T4532] panic+0x349/0x880
[ 83.298191][ T4532] ? check_panic_on_warn+0x21/0xb0
[ 83.300042][ T4532] ? __pfx_panic+0x10/0x10
[ 83.301695][ T4532] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 83.303983][ T4532] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 83.306707][ T4532] ? print_report+0x502/0x550
[ 83.308932][ T4532] check_panic_on_warn+0x86/0xb0
[ 83.311059][ T4532] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 83.313274][ T4532] end_report+0x77/0x160
[ 83.314785][ T4532] kasan_report+0x154/0x180
[ 83.316491][ T4532] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 83.318656][ T4532] hci_le_create_big_complete_evt+0x383/0xae0
[ 83.320955][ T4532] ? __copy_skb_header+0x437/0x5b0
[ 83.322941][ T4532] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 83.325280][ T4532] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 83.328237][ T4532] ? hci_le_meta_evt+0x366/0x580
[ 83.329872][ T4532] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 83.332185][ T4532] hci_event_packet+0xa55/0x1540
[ 83.334106][ T4532] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 83.336242][ T4532] ? __pfx_hci_event_packet+0x10/0x10
[ 83.338448][ T4532] ? do_raw_spin_unlock+0x58/0x8b0
[ 83.340728][ T4532] ? hci_send_to_monitor+0xd8/0x7f0
[ 83.343124][ T4532] ? kcov_remote_start+0x97/0x7d0
[ 83.345404][ T4532] hci_rx_work+0x3e8/0xca0
[ 83.347244][ T4532] ? process_scheduled_works+0x976/0x1850
[ 83.349229][ T4532] process_scheduled_works+0xa63/0x1850
[ 83.351240][ T4532] ? __pfx_process_scheduled_works+0x10/0x10
[ 83.353444][ T4532] ? assign_work+0x364/0x3d0
[ 83.354976][ T4532] worker_thread+0x870/0xd30
[ 83.356640][ T4532] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 83.358844][ T4532] ? __kthread_parkme+0x169/0x1d0
[ 83.361285][ T4532] ? __pfx_worker_thread+0x10/0x10
[ 83.363831][ T4532] kthread+0x2f0/0x390
[ 83.365603][ T4532] ? __pfx_worker_thread+0x10/0x10
[ 83.367614][ T4532] ? __pfx_kthread+0x10/0x10
[ 83.369360][ T4532] ret_from_fork+0x4b/0x80
[ 83.371004][ T4532] ? __pfx_kthread+0x10/0x10
[ 83.372625][ T4532] ret_from_fork_asm+0x1a/0x30
[ 83.374382][ T4532]
[ 83.375815][ T4532] Kernel Offset: disabled
[ 83.377461][ T4532] Rebooting in 86400 seconds..