program:
r0 = getpid()
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xba, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x8001, 0x7ffffffffffffffd}, 0x0, 0x0, 0x0, 0x4, 0x1, 0x5, 0x8000, 0x0, 0x0, 0x0, 0x3}, r0, 0x0, 0xffffffffffffffff, 0x9)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffc, 0x4)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x6000003, 0x42031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000d44000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x1000000000000c, 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000001280)='./file1\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000240)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0700000000000000000000ffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001591ce47174cb084165a0000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000e3029d825f872c583bcd057b66697a0ce28e55553a398b82edd34a9bef7e0d7e9716a1189f17977fb00b383caeb92b344c0848ba30d5d6e9767b9140931f500abeb874f265b4f0589eb50fe146209f883a0bf2a747d629e4efd4e8ccb276d8a408f92f8d6f5ed8c65ad72b102759f3f8f56720a6763773f074c7b52deccb5222b1e3af36adcc9cb8f98d96"])
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f000096e000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="c4e27d21b7040000008fc8e0a2cc00c4c37d05fcdc0f01b57d0000000f01c50f78aec500000066b866000f00d8dae9660f08b94e080000b891000000ba000000000f30", 0x43}], 0x1, 0x14, &(0x7f0000000140)=[@dstype3={0x7, 0x7}, @flags={0x3, 0x810}], 0x2)
[ 68.402604][ T5313] Bluetooth: hci0: command tx timeout
[ 68.524746][ T5313] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[ 68.530184][ T5313] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5313, name: kworker/u5:2
[ 68.533777][ T5313] preempt_count: 0, expected: 0
[ 68.535615][ T5313] RCU nest depth: 1, expected: 0
[ 68.538726][ T5313] 4 locks held by kworker/u5:2/5313:
[ 68.540838][ T5313] #0: ffff8880445d3948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[ 68.546832][ T5313] #1: ffffc9000d237d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[ 68.551146][ T5313] #2: ffff88804e698078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[ 68.555472][ T5313] #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[ 68.561196][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Not tainted 6.12.0-rc7-syzkaller #0
[ 68.564557][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 68.568598][ T5313] Workqueue: hci0 hci_rx_work
[ 68.570475][ T5313] Call Trace:
[ 68.571800][ T5313]
[ 68.572983][ T5313] dump_stack_lvl+0x241/0x360
[ 68.574745][ T5313] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.576656][ T5313] ? __pfx__printk+0x10/0x10
[ 68.578311][ T5313] __might_resched+0x5d4/0x780
[ 68.580183][ T5313] ? __mutex_lock+0x112/0xd70
[ 68.582347][ T5313] ? __pfx___might_resched+0x10/0x10
[ 68.584331][ T5313] __mutex_lock+0xc1/0xd70
[ 68.586059][ T5313] ? __pfx_lock_acquire+0x10/0x10
[ 68.587955][ T5313] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 68.590312][ T5313] ? __pfx_lock_release+0x10/0x10
[ 68.592281][ T5313] ? __pfx___mutex_lock+0x10/0x10
[ 68.594120][ T5313] ? trace_contention_end+0x3c/0x120
[ 68.595943][ T5313] ? skb_pull_data+0x112/0x230
[ 68.597766][ T5313] ? hci_conn_set_handle+0x9a/0x270
[ 68.599744][ T5313] hci_le_create_big_complete_evt+0x3d9/0xae0
[ 68.602018][ T5313] ? __copy_skb_header+0x437/0x5b0
[ 68.603908][ T5313] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 68.606174][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 68.608691][ T5313] ? hci_le_meta_evt+0x366/0x580
[ 68.610651][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 68.613135][ T5313] hci_event_packet+0xa55/0x1540
[ 68.614976][ T5313] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 68.616946][ T5313] ? __pfx_hci_event_packet+0x10/0x10
[ 68.619003][ T5313] ? set_advertising_complete+0x450/0x6f0
[ 68.621238][ T5313] ? kcov_remote_start+0x97/0x7d0
[ 68.623111][ T5313] hci_rx_work+0x3fe/0xd80
[ 68.624728][ T5313] ? process_scheduled_works+0x976/0x1850
[ 68.626780][ T5313] process_scheduled_works+0xa63/0x1850
[ 68.628953][ T5313] ? __pfx_process_scheduled_works+0x10/0x10
[ 68.631150][ T5313] ? assign_work+0x364/0x3d0
[ 68.632875][ T5313] worker_thread+0x870/0xd30
[ 68.634641][ T5313] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 68.636877][ T5313] ? __kthread_parkme+0x169/0x1d0
[ 68.638666][ T5313] ? __pfx_worker_thread+0x10/0x10
[ 68.640585][ T5313] kthread+0x2f0/0x390
[ 68.642250][ T5313] ? __pfx_worker_thread+0x10/0x10
[ 68.644216][ T5313] ? __pfx_kthread+0x10/0x10
[ 68.646016][ T5313] ret_from_fork+0x4b/0x80
[ 68.647713][ T5313] ? __pfx_kthread+0x10/0x10
[ 68.649481][ T5313] ret_from_fork_asm+0x1a/0x30
[ 68.651316][ T5313]
[ 68.661836][ T5313]
[ 68.662805][ T5313] =============================
[ 68.664719][ T5313] [ BUG: Invalid wait context ]
[ 68.666637][ T5313] 6.12.0-rc7-syzkaller #0 Tainted: G W
[ 68.669258][ T5313] -----------------------------
[ 68.671198][ T5313] kworker/u5:2/5313 is trying to lock:
[ 68.673288][ T5313] ffffffff8fe402a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[ 68.677207][ T5313] other info that might help us debug this:
[ 68.679341][ T5313] context-{4:4}
[ 68.680706][ T5313] 4 locks held by kworker/u5:2/5313:
[ 68.682529][ T5313] #0: ffff8880445d3948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[ 68.686539][ T5313] #1: ffffc9000d237d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[ 68.691175][ T5313] #2: ffff88804e698078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[ 68.694963][ T5313] #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[ 68.698926][ T5313] stack backtrace:
[ 68.700224][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Tainted: G W 6.12.0-rc7-syzkaller #0
[ 68.703881][ T5313] Tainted: [W]=WARN
[ 68.705232][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 68.708704][ T5313] Workqueue: hci0 hci_rx_work
[ 68.710426][ T5313] Call Trace:
[ 68.711665][ T5313]
[ 68.712909][ T5313] dump_stack_lvl+0x241/0x360
[ 68.714834][ T5313] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.717012][ T5313] ? __pfx__printk+0x10/0x10
[ 68.718879][ T5313] __lock_acquire+0x154a/0x2050
[ 68.720870][ T5313] lock_acquire+0x1ed/0x550
[ 68.722948][ T5313] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 68.725648][ T5313] ? __pfx_lock_acquire+0x10/0x10
[ 68.727914][ T5313] ? __mutex_lock+0x112/0xd70
[ 68.729919][ T5313] ? __pfx___might_resched+0x10/0x10
[ 68.732228][ T5313] __mutex_lock+0x136/0xd70
[ 68.734251][ T5313] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 68.736590][ T5313] ? __pfx_lock_acquire+0x10/0x10
[ 68.738398][ T5313] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 68.740740][ T5313] ? __pfx_lock_release+0x10/0x10
[ 68.742606][ T5313] ? __pfx___mutex_lock+0x10/0x10
[ 68.744438][ T5313] ? trace_contention_end+0x3c/0x120
[ 68.746376][ T5313] ? skb_pull_data+0x112/0x230
[ 68.748262][ T5313] ? hci_conn_set_handle+0x9a/0x270
[ 68.750125][ T5313] hci_le_create_big_complete_evt+0x3d9/0xae0
[ 68.752388][ T5313] ? __copy_skb_header+0x437/0x5b0
[ 68.754156][ T5313] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 68.756444][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 68.758795][ T5313] ? hci_le_meta_evt+0x366/0x580
[ 68.760667][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 68.763115][ T5313] hci_event_packet+0xa55/0x1540
[ 68.764887][ T5313] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 68.766708][ T5313] ? __pfx_hci_event_packet+0x10/0x10
[ 68.768584][ T5313] ? set_advertising_complete+0x450/0x6f0
[ 68.770507][ T5313] ? kcov_remote_start+0x97/0x7d0
[ 68.772313][ T5313] hci_rx_work+0x3fe/0xd80
[ 68.774033][ T5313] ? process_scheduled_works+0x976/0x1850
[ 68.776264][ T5313] process_scheduled_works+0xa63/0x1850
[ 68.778391][ T5313] ? __pfx_process_scheduled_works+0x10/0x10
[ 68.780804][ T5313] ? assign_work+0x364/0x3d0
[ 68.782692][ T5313] worker_thread+0x870/0xd30
[ 68.784473][ T5313] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 68.787049][ T5313] ? __kthread_parkme+0x169/0x1d0
[ 68.789092][ T5313] ? __pfx_worker_thread+0x10/0x10
[ 68.791051][ T5313] kthread+0x2f0/0x390
[ 68.792606][ T5313] ? __pfx_worker_thread+0x10/0x10
[ 68.794597][ T5313] ? __pfx_kthread+0x10/0x10
[ 68.796187][ T5313] ret_from_fork+0x4b/0x80
[ 68.797864][ T5313] ? __pfx_kthread+0x10/0x10
[ 68.799613][ T5313] ret_from_fork_asm+0x1a/0x30
[ 68.801321][ T5313]
[ 68.809780][ T5313] ==================================================================
[ 68.812850][ T5313] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[ 68.816127][ T5313] Read of size 8 at addr ffff8880403a0000 by task kworker/u5:2/5313
[ 68.818864][ T5313]
[ 68.819613][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Tainted: G W 6.12.0-rc7-syzkaller #0
[ 68.823169][ T5313] Tainted: [W]=WARN
[ 68.824444][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 68.828285][ T5313] Workqueue: hci0 hci_rx_work
[ 68.830061][ T5313] Call Trace:
[ 68.831286][ T5313]
[ 68.832263][ T5313] dump_stack_lvl+0x241/0x360
[ 68.834004][ T5313] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.835983][ T5313] ? __pfx__printk+0x10/0x10
[ 68.837663][ T5313] ? _printk+0xd5/0x120
[ 68.839173][ T5313] ? __virt_addr_valid+0x183/0x530
[ 68.841107][ T5313] ? __virt_addr_valid+0x183/0x530
[ 68.843051][ T5313] print_report+0x169/0x550
[ 68.844765][ T5313] ? __virt_addr_valid+0x183/0x530
[ 68.846689][ T5313] ? __virt_addr_valid+0x183/0x530
[ 68.848641][ T5313] ? __virt_addr_valid+0x45f/0x530
[ 68.850652][ T5313] ? __phys_addr+0xba/0x170
[ 68.852498][ T5313] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 68.854949][ T5313] kasan_report+0x143/0x180
[ 68.856687][ T5313] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 68.858987][ T5313] hci_le_create_big_complete_evt+0x383/0xae0
[ 68.861262][ T5313] ? __copy_skb_header+0x437/0x5b0
[ 68.863169][ T5313] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 68.865409][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 68.867803][ T5313] ? hci_le_meta_evt+0x366/0x580
[ 68.869602][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 68.872085][ T5313] hci_event_packet+0xa55/0x1540
[ 68.874024][ T5313] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 68.876015][ T5313] ? __pfx_hci_event_packet+0x10/0x10
[ 68.878052][ T5313] ? set_advertising_complete+0x450/0x6f0
[ 68.880238][ T5313] ? kcov_remote_start+0x97/0x7d0
[ 68.882212][ T5313] hci_rx_work+0x3fe/0xd80
[ 68.883868][ T5313] ? process_scheduled_works+0x976/0x1850
[ 68.886057][ T5313] process_scheduled_works+0xa63/0x1850
[ 68.888122][ T5313] ? __pfx_process_scheduled_works+0x10/0x10
[ 68.890344][ T5313] ? assign_work+0x364/0x3d0
[ 68.892084][ T5313] worker_thread+0x870/0xd30
[ 68.893882][ T5313] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 68.896122][ T5313] ? __kthread_parkme+0x169/0x1d0
[ 68.898108][ T5313] ? __pfx_worker_thread+0x10/0x10
[ 68.900044][ T5313] kthread+0x2f0/0x390
[ 68.901619][ T5313] ? __pfx_worker_thread+0x10/0x10
[ 68.903549][ T5313] ? __pfx_kthread+0x10/0x10
[ 68.905362][ T5313] ret_from_fork+0x4b/0x80
[ 68.907106][ T5313] ? __pfx_kthread+0x10/0x10
[ 68.908875][ T5313] ret_from_fork_asm+0x1a/0x30
[ 68.910704][ T5313]
[ 68.911872][ T5313]
[ 68.912850][ T5313] Allocated by task 5313:
[ 68.914462][ T5313] kasan_save_track+0x3f/0x80
[ 68.916221][ T5313] __kasan_kmalloc+0x98/0xb0
[ 68.917946][ T5313] __kmalloc_cache_noprof+0x19c/0x2c0
[ 68.920024][ T5313] __hci_conn_add+0x2f9/0x1850
[ 68.921816][ T5313] hci_le_big_sync_established_evt+0x414/0xc20
[ 68.924088][ T5313] hci_event_packet+0xa55/0x1540
[ 68.926022][ T5313] hci_rx_work+0x3fe/0xd80
[ 68.927749][ T5313] process_scheduled_works+0xa63/0x1850
[ 68.929814][ T5313] worker_thread+0x870/0xd30
[ 68.931568][ T5313] kthread+0x2f0/0x390
[ 68.933145][ T5313] ret_from_fork+0x4b/0x80
[ 68.934848][ T5313] ret_from_fork_asm+0x1a/0x30
[ 68.936613][ T5313]
[ 68.937520][ T5313] Freed by task 5313:
[ 68.939040][ T5313] kasan_save_track+0x3f/0x80
[ 68.940824][ T5313] kasan_save_free_info+0x40/0x50
[ 68.942754][ T5313] __kasan_slab_free+0x59/0x70
[ 68.944582][ T5313] kfree+0x1a0/0x440
[ 68.946100][ T5313] device_release+0x99/0x1c0
[ 68.947838][ T5313] kobject_put+0x22f/0x480
[ 68.949507][ T5313] hci_conn_del+0x8c4/0xc40
[ 68.951230][ T5313] hci_le_create_big_complete_evt+0x619/0xae0
[ 68.953565][ T5313] hci_event_packet+0xa55/0x1540
[ 68.955277][ T5313] hci_rx_work+0x3fe/0xd80
[ 68.956781][ T5313] process_scheduled_works+0xa63/0x1850
[ 68.958667][ T5313] worker_thread+0x870/0xd30
[ 68.960317][ T5313] kthread+0x2f0/0x390
[ 68.961692][ T5313] ret_from_fork+0x4b/0x80
[ 68.963226][ T5313] ret_from_fork_asm+0x1a/0x30
[ 68.964858][ T5313]
[ 68.965705][ T5313] The buggy address belongs to the object at ffff8880403a0000
[ 68.965705][ T5313] which belongs to the cache kmalloc-8k of size 8192
[ 68.970589][ T5313] The buggy address is located 0 bytes inside of
[ 68.970589][ T5313] freed 8192-byte region [ffff8880403a0000, ffff8880403a2000)
[ 68.975618][ T5313]
[ 68.976500][ T5313] The buggy address belongs to the physical page:
[ 68.978760][ T5313] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x403a0
[ 68.982291][ T5313] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 68.985407][ T5313] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 68.988393][ T5313] page_type: f5(slab)
[ 68.989878][ T5313] raw: 04fff00000000040 ffff88801ac42280 0000000000000000 0000000000000001
[ 68.992954][ T5313] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[ 68.996030][ T5313] head: 04fff00000000040 ffff88801ac42280 0000000000000000 0000000000000001
[ 68.999131][ T5313] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[ 69.002339][ T5313] head: 04fff00000000003 ffffea000100e801 ffffffffffffffff 0000000000000000
[ 69.005515][ T5313] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 69.008559][ T5313] page dumped because: kasan: bad access detected
[ 69.010974][ T5313] page_owner tracks the page as allocated
[ 69.013103][ T5313] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5300, tgid 5300 (nohup), ts 54220831578, free_ts 53991731223
[ 69.020577][ T5313] post_alloc_hook+0x1f3/0x230
[ 69.022387][ T5313] get_page_from_freelist+0x3649/0x3790
[ 69.024628][ T5313] __alloc_pages_noprof+0x292/0x710
[ 69.026520][ T5313] alloc_pages_mpol_noprof+0x3e8/0x680
[ 69.028521][ T5313] alloc_slab_page+0x6a/0x140
[ 69.030262][ T5313] allocate_slab+0x5a/0x2f0
[ 69.032224][ T5313] ___slab_alloc+0xcd1/0x14b0
[ 69.034242][ T5313] __slab_alloc+0x58/0xa0
[ 69.036234][ T5313] __kmalloc_cache_noprof+0x1d5/0x2c0
[ 69.038659][ T5313] tomoyo_init_log+0x11cd/0x2050
[ 69.040887][ T5313] tomoyo_supervisor+0x38a/0x11f0
[ 69.043166][ T5313] tomoyo_env_perm+0x178/0x210
[ 69.045299][ T5313] tomoyo_find_next_domain+0x146e/0x1d40
[ 69.047765][ T5313] tomoyo_bprm_check_security+0x114/0x180
[ 69.050201][ T5313] security_bprm_check+0x86/0x250
[ 69.052389][ T5313] bprm_execve+0xa56/0x1770
[ 69.054176][ T5313] page last free pid 5297 tgid 5297 stack trace:
[ 69.056531][ T5313] free_unref_page+0xcfb/0xf20
[ 69.058302][ T5313] __slab_free+0x31b/0x3d0
[ 69.060034][ T5313] qlist_free_all+0x9a/0x140
[ 69.061797][ T5313] kasan_quarantine_reduce+0x14f/0x170
[ 69.063840][ T5313] __kasan_slab_alloc+0x23/0x80
[ 69.065631][ T5313] kmem_cache_alloc_noprof+0x135/0x2a0
[ 69.067476][ T5313] getname_flags+0xb7/0x540
[ 69.069132][ T5313] vfs_fstatat+0x12c/0x190
[ 69.070814][ T5313] __x64_sys_newfstatat+0x11d/0x1a0
[ 69.072765][ T5313] do_syscall_64+0xf3/0x230
[ 69.074506][ T5313] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.076688][ T5313]
[ 69.077511][ T5313] Memory state around the buggy address:
[ 69.079517][ T5313] ffff88804039ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.082491][ T5313] ffff88804039ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.085462][ T5313] >ffff8880403a0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.088238][ T5313] ^
[ 69.089724][ T5313] ffff8880403a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.092625][ T5313] ffff8880403a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.095620][ T5313] ==================================================================
[ 69.108029][ T5313] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 69.110666][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Tainted: G W 6.12.0-rc7-syzkaller #0
[ 69.114387][ T5313] Tainted: [W]=WARN
[ 69.115772][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 69.119981][ T5313] Workqueue: hci0 hci_rx_work
[ 69.121786][ T5313] Call Trace:
[ 69.122924][ T5313]
[ 69.124000][ T5313] dump_stack_lvl+0x241/0x360
[ 69.125813][ T5313] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.127846][ T5313] ? __pfx__printk+0x10/0x10
[ 69.129716][ T5313] ? rcu_is_watching+0x15/0xb0
[ 69.131625][ T5313] ? preempt_schedule+0xe1/0xf0
[ 69.133399][ T5313] ? vscnprintf+0x5d/0x90
[ 69.135001][ T5313] panic+0x349/0x880
[ 69.136373][ T5313] ? check_panic_on_warn+0x21/0xb0
[ 69.138249][ T5313] ? __pfx_panic+0x10/0x10
[ 69.139974][ T5313] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 69.142140][ T5313] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 69.144429][ T5313] ? print_report+0x502/0x550
[ 69.146131][ T5313] check_panic_on_warn+0x86/0xb0
[ 69.147953][ T5313] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 69.150253][ T5313] end_report+0x77/0x160
[ 69.151813][ T5313] kasan_report+0x154/0x180
[ 69.153516][ T5313] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 69.155836][ T5313] hci_le_create_big_complete_evt+0x383/0xae0
[ 69.158094][ T5313] ? __copy_skb_header+0x437/0x5b0
[ 69.159919][ T5313] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 69.161978][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 69.164347][ T5313] ? hci_le_meta_evt+0x366/0x580
[ 69.166231][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 69.168631][ T5313] hci_event_packet+0xa55/0x1540
[ 69.170613][ T5313] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 69.172581][ T5313] ? __pfx_hci_event_packet+0x10/0x10
[ 69.174524][ T5313] ? set_advertising_complete+0x450/0x6f0
[ 69.176587][ T5313] ? kcov_remote_start+0x97/0x7d0
[ 69.178444][ T5313] hci_rx_work+0x3fe/0xd80
[ 69.180078][ T5313] ? process_scheduled_works+0x976/0x1850
[ 69.182115][ T5313] process_scheduled_works+0xa63/0x1850
[ 69.184121][ T5313] ? __pfx_process_scheduled_works+0x10/0x10
[ 69.186233][ T5313] ? assign_work+0x364/0x3d0
[ 69.187906][ T5313] worker_thread+0x870/0xd30
[ 69.189610][ T5313] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 69.191693][ T5313] ? __kthread_parkme+0x169/0x1d0
[ 69.193510][ T5313] ? __pfx_worker_thread+0x10/0x10
[ 69.195617][ T5313] kthread+0x2f0/0x390
[ 69.197207][ T5313] ? __pfx_worker_thread+0x10/0x10
[ 69.199034][ T5313] ? __pfx_kthread+0x10/0x10
[ 69.200717][ T5313] ret_from_fork+0x4b/0x80
[ 69.202408][ T5313] ? __pfx_kthread+0x10/0x10
[ 69.204089][ T5313] ret_from_fork_asm+0x1a/0x30
[ 69.205902][ T5313]
[ 69.207162][ T5313] Kernel Offset: disabled
[ 69.208789][ T5313] Rebooting in 86400 seconds..