program:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='.\x00', 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000240)=@reiserfs_2={0x4b, 0x2, {0xb}}, 0x0)
r1 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000080)=0xc)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x110, r0, 0xf03c2000)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@ipv6_delrule={0x30, 0x21, 0x1, 0x0, 0x0, {0xa, 0x10}, [@FRA_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x30}}, 0x0)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000010000000000010000003c000180060001000a000000090006006e6f6e650000000008000900640000000c0007000000000000000000080005000000000008000800000000000bb6e6467cd8dbcfe06a2374dbd26ec2d31ab48ce124cfecf6fba7946359c67b6526d6e6d0356064a379b88b8ed5e4d74006f85ff063ac3c55a0ee1b37b55b2aedb7a581a4b23cc69313a1756708ab9a0eed0df950128b346cbed7238259dc38415ad71470000b16d26818dfb6f41beba8cf86d269c591cf40697c97cd6e8aac94ae331677d518b3b8961b3e996a82071dc2522613243b2233712f3612e8c461"], 0x50}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x2c601, 0xc6)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r5, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_int(r5, 0x29, 0x38, &(0x7f0000001740)=0x6, 0x4)
recvmmsg(r5, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
syz_emit_ethernet(0x56, &(0x7f0000000300)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x20, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, @mcast2, {[@routing={0x2c, 0x0, 0x1, 0x8}], @mld={0x82, 0x0, 0x0, 0xff, 0xffff, @private1={0xfc, 0x1, '\x00', 0x1}}}}}}}, 0x0)

[   68.683151][ T5321] Bluetooth: hci0: command tx timeout
[   68.802218][ T5334] IPVS: starting estimator thread 0...
[   68.805640][ T5321] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[   68.810976][ T5321] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5321, name: kworker/u5:2
[   68.814123][ T5321] preempt_count: 0, expected: 0
[   68.816502][ T5321] RCU nest depth: 1, expected: 0
[   68.818783][ T5321] 4 locks held by kworker/u5:2/5321:
[   68.820799][ T5321]  #0: ffff88803f3f7948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   68.825159][ T5321]  #1: ffffc9000d407d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   68.830750][ T5321]  #2: ffff888042850078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   68.834949][ T5321]  #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   68.839943][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: kworker/u5:2 Not tainted 6.12.0-rc7-syzkaller #0
[   68.843391][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.847588][ T5321] Workqueue: hci0 hci_rx_work
[   68.849373][ T5321] Call Trace:
[   68.850574][ T5321]  <TASK>
[   68.851693][ T5321]  dump_stack_lvl+0x241/0x360
[   68.853433][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.855296][ T5321]  ? __pfx__printk+0x10/0x10
[   68.857038][ T5321]  __might_resched+0x5d4/0x780
[   68.858736][ T5321]  ? __mutex_lock+0x112/0xd70
[   68.860455][ T5321]  ? __pfx___might_resched+0x10/0x10
[   68.862406][ T5321]  __mutex_lock+0xc1/0xd70
[   68.864193][ T5321]  ? __pfx_lock_acquire+0x10/0x10
[   68.866143][ T5321]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   68.868567][ T5321]  ? __pfx_lock_release+0x10/0x10
[   68.870464][ T5321]  ? __pfx___mutex_lock+0x10/0x10
[   68.872653][ T5321]  ? trace_contention_end+0x3c/0x120
[   68.874918][ T5321]  ? skb_pull_data+0x112/0x230
[   68.877811][ T5321]  ? hci_conn_set_handle+0x9a/0x270
[   68.879953][ T5321]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   68.882386][ T5321]  ? __copy_skb_header+0x437/0x5b0
[   68.884478][ T5321]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   68.886814][ T5321]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   68.889216][ T5321]  ? hci_le_meta_evt+0x366/0x580
[   68.891088][ T5321]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   68.893673][ T5321]  hci_event_packet+0xa55/0x1540
[   68.895612][ T5321]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   68.897718][ T5321]  ? __pfx_hci_event_packet+0x10/0x10
[   68.899792][ T5321]  ? set_advertising_complete+0x450/0x6f0
[   68.902098][ T5321]  ? kcov_remote_start+0x97/0x7d0
[   68.904071][ T5321]  hci_rx_work+0x3fe/0xd80
[   68.905724][ T5321]  ? process_scheduled_works+0x976/0x1850
[   68.907874][ T5321]  process_scheduled_works+0xa63/0x1850
[   68.910039][ T5321]  ? __pfx_process_scheduled_works+0x10/0x10
[   68.912267][ T5321]  ? assign_work+0x364/0x3d0
[   68.913818][ T5321]  worker_thread+0x870/0xd30
[   68.915452][ T5321]  ? __kthread_parkme+0x169/0x1d0
[   68.917379][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   68.919368][ T5321]  kthread+0x2f0/0x390
[   68.921001][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   68.923000][ T5321]  ? __pfx_kthread+0x10/0x10
[   68.924751][ T5321]  ret_from_fork+0x4b/0x80
[   68.926477][ T5321]  ? __pfx_kthread+0x10/0x10
[   68.928184][ T5321]  ret_from_fork_asm+0x1a/0x30
[   68.930035][ T5321]  </TASK>
[   68.943376][ T5321] 
[   68.944227][ T5321] =============================
[   68.945822][ T5321] [ BUG: Invalid wait context ]
[   68.947634][ T5321] 6.12.0-rc7-syzkaller #0 Tainted: G        W         
[   68.950327][ T5321] -----------------------------
[   68.952140][ T5321] kworker/u5:2/5321 is trying to lock:
[   68.954149][ T5321] ffffffff8fe402a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[   68.958166][ T5321] other info that might help us debug this:
[   68.960225][ T5321] context-{4:4}
[   68.961555][ T5321] 4 locks held by kworker/u5:2/5321:
[   68.963840][ T5321]  #0: ffff88803f3f7948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   68.968300][ T5321]  #1: ffffc9000d407d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   68.972717][ T5321]  #2: ffff888042850078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   68.976505][ T5321]  #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   68.980872][ T5321] stack backtrace:
[   68.982260][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: kworker/u5:2 Tainted: G        W          6.12.0-rc7-syzkaller #0
[   68.986123][ T5321] Tainted: [W]=WARN
[   68.987546][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.991646][ T5321] Workqueue: hci0 hci_rx_work
[   68.993387][ T5321] Call Trace:
[   68.994684][ T5321]  <TASK>
[   68.995949][ T5321]  dump_stack_lvl+0x241/0x360
[   68.998058][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.000100][ T5321]  ? __pfx__printk+0x10/0x10
[   69.002039][ T5321]  __lock_acquire+0x154a/0x2050
[   69.003913][ T5321]  lock_acquire+0x1ed/0x550
[   69.005660][ T5321]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   69.008063][ T5321]  ? __pfx_lock_acquire+0x10/0x10
[   69.010004][ T5321]  ? __mutex_lock+0x112/0xd70
[   69.011989][ T5321]  ? __pfx___might_resched+0x10/0x10
[   69.014056][ T5321]  __mutex_lock+0x136/0xd70
[   69.015873][ T5321]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   69.018332][ T5321]  ? __pfx_lock_acquire+0x10/0x10
[   69.020328][ T5321]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   69.022778][ T5321]  ? __pfx_lock_release+0x10/0x10
[   69.024729][ T5321]  ? __pfx___mutex_lock+0x10/0x10
[   69.026651][ T5321]  ? trace_contention_end+0x3c/0x120
[   69.028651][ T5321]  ? skb_pull_data+0x112/0x230
[   69.030533][ T5321]  ? hci_conn_set_handle+0x9a/0x270
[   69.032568][ T5321]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   69.035023][ T5321]  ? __copy_skb_header+0x437/0x5b0
[   69.037142][ T5321]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   69.039498][ T5321]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.041953][ T5321]  ? hci_le_meta_evt+0x366/0x580
[   69.043937][ T5321]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.046464][ T5321]  hci_event_packet+0xa55/0x1540
[   69.048409][ T5321]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   69.050353][ T5321]  ? __pfx_hci_event_packet+0x10/0x10
[   69.052394][ T5321]  ? set_advertising_complete+0x450/0x6f0
[   69.054508][ T5321]  ? kcov_remote_start+0x97/0x7d0
[   69.056476][ T5321]  hci_rx_work+0x3fe/0xd80
[   69.058302][ T5321]  ? process_scheduled_works+0x976/0x1850
[   69.060553][ T5321]  process_scheduled_works+0xa63/0x1850
[   69.062666][ T5321]  ? __pfx_process_scheduled_works+0x10/0x10
[   69.065023][ T5321]  ? assign_work+0x364/0x3d0
[   69.066842][ T5321]  worker_thread+0x870/0xd30
[   69.068537][ T5321]  ? __kthread_parkme+0x169/0x1d0
[   69.070484][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   69.072485][ T5321]  kthread+0x2f0/0x390
[   69.074162][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   69.076165][ T5321]  ? __pfx_kthread+0x10/0x10
[   69.077986][ T5321]  ret_from_fork+0x4b/0x80
[   69.079714][ T5321]  ? __pfx_kthread+0x10/0x10
[   69.081483][ T5321]  ret_from_fork_asm+0x1a/0x30
[   69.083308][ T5321]  </TASK>
[   69.089619][ T5338] IPVS: using max 60 ests per chain, 144000 per kthread
[   69.093640][ T5321] ==================================================================
[   69.096529][ T5321] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[   69.099676][ T5321] Read of size 8 at addr ffff888011a34000 by task kworker/u5:2/5321
[   69.102487][ T5321] 
[   69.103345][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: kworker/u5:2 Tainted: G        W          6.12.0-rc7-syzkaller #0
[   69.106899][ T5321] Tainted: [W]=WARN
[   69.108252][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.111928][ T5321] Workqueue: hci0 hci_rx_work
[   69.113662][ T5321] Call Trace:
[   69.114722][ T5321]  <TASK>
[   69.115860][ T5321]  dump_stack_lvl+0x241/0x360
[   69.117602][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.119531][ T5321]  ? __pfx__printk+0x10/0x10
[   69.121370][ T5321]  ? _printk+0xd5/0x120
[   69.123039][ T5321]  ? __virt_addr_valid+0x183/0x530
[   69.124962][ T5321]  ? __virt_addr_valid+0x183/0x530
[   69.126754][ T5321]  print_report+0x169/0x550
[   69.128556][ T5321]  ? __virt_addr_valid+0x183/0x530
[   69.130497][ T5321]  ? __virt_addr_valid+0x183/0x530
[   69.132389][ T5321]  ? __virt_addr_valid+0x45f/0x530
[   69.134184][ T5321]  ? __phys_addr+0xba/0x170
[   69.135838][ T5321]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   69.137984][ T5321]  kasan_report+0x143/0x180
[   69.139639][ T5321]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   69.141858][ T5321]  hci_le_create_big_complete_evt+0x383/0xae0
[   69.144014][ T5321]  ? __copy_skb_header+0x437/0x5b0
[   69.145948][ T5321]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   69.148219][ T5321]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.150706][ T5321]  ? hci_le_meta_evt+0x366/0x580
[   69.152386][ T5321]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.154695][ T5321]  hci_event_packet+0xa55/0x1540
[   69.156544][ T5321]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   69.158747][ T5321]  ? __pfx_hci_event_packet+0x10/0x10
[   69.160809][ T5321]  ? set_advertising_complete+0x450/0x6f0
[   69.162941][ T5321]  ? kcov_remote_start+0x97/0x7d0
[   69.164866][ T5321]  hci_rx_work+0x3fe/0xd80
[   69.166575][ T5321]  ? process_scheduled_works+0x976/0x1850
[   69.168681][ T5321]  process_scheduled_works+0xa63/0x1850
[   69.170875][ T5321]  ? __pfx_process_scheduled_works+0x10/0x10
[   69.173158][ T5321]  ? assign_work+0x364/0x3d0
[   69.174890][ T5321]  worker_thread+0x870/0xd30
[   69.176673][ T5321]  ? __kthread_parkme+0x169/0x1d0
[   69.178604][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   69.180538][ T5321]  kthread+0x2f0/0x390
[   69.182105][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   69.184066][ T5321]  ? __pfx_kthread+0x10/0x10
[   69.185821][ T5321]  ret_from_fork+0x4b/0x80
[   69.187367][ T5321]  ? __pfx_kthread+0x10/0x10
[   69.189145][ T5321]  ret_from_fork_asm+0x1a/0x30
[   69.191083][ T5321]  </TASK>
[   69.192303][ T5321] 
[   69.193242][ T5321] Allocated by task 5321:
[   69.194887][ T5321]  kasan_save_track+0x3f/0x80
[   69.196718][ T5321]  __kasan_kmalloc+0x98/0xb0
[   69.198436][ T5321]  __kmalloc_cache_noprof+0x19c/0x2c0
[   69.200548][ T5321]  __hci_conn_add+0x2f9/0x1850
[   69.202431][ T5321]  hci_le_big_sync_established_evt+0x414/0xc20
[   69.204841][ T5321]  hci_event_packet+0xa55/0x1540
[   69.206664][ T5321]  hci_rx_work+0x3fe/0xd80
[   69.208401][ T5321]  process_scheduled_works+0xa63/0x1850
[   69.210496][ T5321]  worker_thread+0x870/0xd30
[   69.212274][ T5321]  kthread+0x2f0/0x390
[   69.213831][ T5321]  ret_from_fork+0x4b/0x80
[   69.215545][ T5321]  ret_from_fork_asm+0x1a/0x30
[   69.217318][ T5321] 
[   69.218255][ T5321] Freed by task 5321:
[   69.219800][ T5321]  kasan_save_track+0x3f/0x80
[   69.221598][ T5321]  kasan_save_free_info+0x40/0x50
[   69.223547][ T5321]  __kasan_slab_free+0x59/0x70
[   69.225460][ T5321]  kfree+0x1a0/0x440
[   69.226923][ T5321]  device_release+0x99/0x1c0
[   69.228754][ T5321]  kobject_put+0x22f/0x480
[   69.230459][ T5321]  hci_conn_del+0x8c4/0xc40
[   69.232240][ T5321]  hci_le_create_big_complete_evt+0x619/0xae0
[   69.234820][ T5321]  hci_event_packet+0xa55/0x1540
[   69.237001][ T5321]  hci_rx_work+0x3fe/0xd80
[   69.238785][ T5321]  process_scheduled_works+0xa63/0x1850
[   69.240864][ T5321]  worker_thread+0x870/0xd30
[   69.242569][ T5321]  kthread+0x2f0/0x390
[   69.244062][ T5321]  ret_from_fork+0x4b/0x80
[   69.245766][ T5321]  ret_from_fork_asm+0x1a/0x30
[   69.247502][ T5321] 
[   69.248434][ T5321] The buggy address belongs to the object at ffff888011a34000
[   69.248434][ T5321]  which belongs to the cache kmalloc-8k of size 8192
[   69.253592][ T5321] The buggy address is located 0 bytes inside of
[   69.253592][ T5321]  freed 8192-byte region [ffff888011a34000, ffff888011a36000)
[   69.258627][ T5321] 
[   69.259579][ T5321] The buggy address belongs to the physical page:
[   69.261948][ T5321] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a30
[   69.265236][ T5321] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   69.268397][ T5321] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   69.271423][ T5321] page_type: f5(slab)
[   69.272762][ T5321] raw: 00fff00000000040 ffff88801ac42280 0000000000000000 dead000000000001
[   69.275831][ T5321] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   69.279156][ T5321] head: 00fff00000000040 ffff88801ac42280 0000000000000000 dead000000000001
[   69.282381][ T5321] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   69.285609][ T5321] head: 00fff00000000003 ffffea0000468c01 ffffffffffffffff 0000000000000000
[   69.288858][ T5321] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   69.292114][ T5321] page dumped because: kasan: bad access detected
[   69.294685][ T5321] page_owner tracks the page as allocated
[   69.296837][ T5321] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5033, tgid 5033 (dhcpcd), ts 40108965474, free_ts 40097486542
[   69.304571][ T5321]  post_alloc_hook+0x1f3/0x230
[   69.306452][ T5321]  get_page_from_freelist+0x3649/0x3790
[   69.308624][ T5321]  __alloc_pages_noprof+0x292/0x710
[   69.310656][ T5321]  alloc_pages_mpol_noprof+0x3e8/0x680
[   69.312714][ T5321]  alloc_slab_page+0x6a/0x140
[   69.314524][ T5321]  allocate_slab+0x5a/0x2f0
[   69.316260][ T5321]  ___slab_alloc+0xcd1/0x14b0
[   69.318059][ T5321]  __slab_alloc+0x58/0xa0
[   69.319779][ T5321]  __kmalloc_node_track_caller_noprof+0x281/0x440
[   69.322245][ T5321]  kmalloc_reserve+0x111/0x2a0
[   69.324066][ T5321]  __alloc_skb+0x1f3/0x440
[   69.325755][ T5321]  netlink_dump+0x1f7/0xd80
[   69.327443][ T5321]  netlink_recvmsg+0x6bb/0x11d0
[   69.329211][ T5321]  sock_recvmsg+0x22f/0x280
[   69.330934][ T5321]  ____sys_recvmsg+0x1c6/0x480
[   69.332718][ T5321]  __sys_recvmsg+0x2e6/0x3d0
[   69.334433][ T5321] page last free pid 5121 tgid 5121 stack trace:
[   69.336820][ T5321]  free_unref_page+0xcfb/0xf20
[   69.338657][ T5321]  __put_partials+0xeb/0x130
[   69.341293][ T5321]  put_cpu_partial+0x17c/0x250
[   69.343099][ T5321]  __slab_free+0x2ea/0x3d0
[   69.344817][ T5321]  qlist_free_all+0x9a/0x140
[   69.346619][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   69.348699][ T5321]  __kasan_slab_alloc+0x23/0x80
[   69.350550][ T5321]  kmem_cache_alloc_noprof+0x135/0x2a0
[   69.352598][ T5321]  vm_area_alloc+0x24/0x1d0
[   69.354338][ T5321]  mmap_region+0x113b/0x23f0
[   69.356072][ T5321]  do_mmap+0x8f0/0x1000
[   69.357639][ T5321]  vm_mmap_pgoff+0x1dd/0x3d0
[   69.359382][ T5321]  ksys_mmap_pgoff+0x4eb/0x720
[   69.361160][ T5321]  do_syscall_64+0xf3/0x230
[   69.362868][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.365172][ T5321] 
[   69.366086][ T5321] Memory state around the buggy address:
[   69.368208][ T5321]  ffff888011a33f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   69.371036][ T5321]  ffff888011a33f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   69.373817][ T5321] >ffff888011a34000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   69.376606][ T5321]                    ^
[   69.378049][ T5321]  ffff888011a34080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   69.380805][ T5321]  ffff888011a34100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   69.383585][ T5321] ==================================================================
[   69.407973][ T5321] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.410756][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: kworker/u5:2 Tainted: G        W          6.12.0-rc7-syzkaller #0
[   69.414652][ T5321] Tainted: [W]=WARN
[   69.416119][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.420203][ T5321] Workqueue: hci0 hci_rx_work
[   69.422064][ T5321] Call Trace:
[   69.423403][ T5321]  <TASK>
[   69.424575][ T5321]  dump_stack_lvl+0x241/0x360
[   69.426398][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.428424][ T5321]  ? __pfx__printk+0x10/0x10
[   69.430167][ T5321]  ? rcu_is_watching+0x15/0xb0
[   69.432011][ T5321]  ? preempt_schedule+0xe1/0xf0
[   69.433933][ T5321]  ? vscnprintf+0x5d/0x90
[   69.435766][ T5321]  panic+0x349/0x880
[   69.437256][ T5321]  ? check_panic_on_warn+0x21/0xb0
[   69.439255][ T5321]  ? __pfx_panic+0x10/0x10
[   69.441072][ T5321]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   69.443357][ T5321]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.445734][ T5321]  ? print_report+0x502/0x550
[   69.447540][ T5321]  check_panic_on_warn+0x86/0xb0
[   69.449391][ T5321]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   69.451675][ T5321]  end_report+0x77/0x160
[   69.453245][ T5321]  kasan_report+0x154/0x180
[   69.454894][ T5321]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   69.457257][ T5321]  hci_le_create_big_complete_evt+0x383/0xae0
[   69.459484][ T5321]  ? __copy_skb_header+0x437/0x5b0
[   69.461250][ T5321]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   69.463602][ T5321]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.466161][ T5321]  ? hci_le_meta_evt+0x366/0x580
[   69.468143][ T5321]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.470630][ T5321]  hci_event_packet+0xa55/0x1540
[   69.472598][ T5321]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   69.474726][ T5321]  ? __pfx_hci_event_packet+0x10/0x10
[   69.476727][ T5321]  ? set_advertising_complete+0x450/0x6f0
[   69.478877][ T5321]  ? kcov_remote_start+0x97/0x7d0
[   69.480845][ T5321]  hci_rx_work+0x3fe/0xd80
[   69.482616][ T5321]  ? process_scheduled_works+0x976/0x1850
[   69.484847][ T5321]  process_scheduled_works+0xa63/0x1850
[   69.486990][ T5321]  ? __pfx_process_scheduled_works+0x10/0x10
[   69.489361][ T5321]  ? assign_work+0x364/0x3d0
[   69.491149][ T5321]  worker_thread+0x870/0xd30
[   69.492983][ T5321]  ? __kthread_parkme+0x169/0x1d0
[   69.495027][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   69.497288][ T5321]  kthread+0x2f0/0x390
[   69.498855][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   69.500741][ T5321]  ? __pfx_kthread+0x10/0x10
[   69.502382][ T5321]  ret_from_fork+0x4b/0x80
[   69.504105][ T5321]  ? __pfx_kthread+0x10/0x10
[   69.505817][ T5321]  ret_from_fork_asm+0x1a/0x30
[   69.507696][ T5321]  </TASK>
[   69.509137][ T5321] Kernel Offset: disabled
[   69.510699][ T5321] Rebooting in 86400 seconds..