program: bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) connect$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x3, {0x40, 0x2}}, 0x10) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x2, 0x2, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x4, 0x0, 0x6e6bb6, 0x5, {0x6, 0x2b, 0x2, 0x3, 0x0, 0xe7, 0x0, @in6=@mcast2, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, @sadb_x_filter={0x5, 0x1a, @in=@rand_addr=0x64010102, @in=@multicast2, 0x1e, 0x10, 0x14}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x90}}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) [ 75.214293][ T5316] Bluetooth: hci0: command tx timeout [ 75.307716][ T5316] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562 [ 75.313402][ T5316] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5316, name: kworker/u5:2 [ 75.317051][ T5316] preempt_count: 0, expected: 0 [ 75.319813][ T5316] RCU nest depth: 1, expected: 0 [ 75.321706][ T5316] 4 locks held by kworker/u5:2/5316: [ 75.323698][ T5316] #0: ffff888040d68148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 75.328048][ T5316] #1: ffffc9000cf5fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 75.334328][ T5316] #2: ffff88804333c078 (&hdev->lock){+.+.}-{4:4}, at: hci_le_create_big_complete_evt+0xcf/0xae0 [ 75.338661][ T5316] #3: ffffffff8e93c820 (rcu_read_lock){....}-{1:3}, at: hci_le_create_big_complete_evt+0xdb/0xae0 [ 75.343232][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: kworker/u5:2 Not tainted 6.12.0-syzkaller-03657-g43fb83c17ba2 #0 [ 75.347139][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.351079][ T5316] Workqueue: hci0 hci_rx_work [ 75.352908][ T5316] Call Trace: [ 75.354225][ T5316] [ 75.355388][ T5316] dump_stack_lvl+0x241/0x360 [ 75.357196][ T5316] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.359057][ T5316] ? __pfx__printk+0x10/0x10 [ 75.360745][ T5316] __might_resched+0x5d4/0x780 [ 75.362532][ T5316] ? __mutex_lock+0x187/0xee0 [ 75.364271][ T5316] ? __pfx___might_resched+0x10/0x10 [ 75.366201][ T5316] ? __lock_acquire+0x1397/0x2100 [ 75.368075][ T5316] __mutex_lock+0x131/0xee0 [ 75.369811][ T5316] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 75.372171][ T5316] ? __pfx___mutex_lock+0x10/0x10 [ 75.374156][ T5316] ? rcu_is_watching+0x15/0xb0 [ 75.376012][ T5316] ? trace_contention_end+0x3c/0x120 [ 75.378018][ T5316] ? skb_pull_data+0x112/0x230 [ 75.379832][ T5316] ? hci_conn_set_handle+0x9a/0x270 [ 75.381775][ T5316] hci_le_create_big_complete_evt+0x3d9/0xae0 [ 75.384222][ T5316] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 75.386586][ T5316] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 75.389015][ T5316] ? hci_le_meta_evt+0x366/0x580 [ 75.390878][ T5316] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 75.393362][ T5316] hci_event_packet+0xa55/0x1540 [ 75.395210][ T5316] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 75.397180][ T5316] ? __pfx_hci_event_packet+0x10/0x10 [ 75.399194][ T5316] ? do_raw_spin_unlock+0x58/0x8b0 [ 75.401090][ T5316] ? hci_send_to_monitor+0xd8/0x7f0 [ 75.403032][ T5316] ? kcov_remote_start+0x97/0x7d0 [ 75.404958][ T5316] hci_rx_work+0x3e8/0xca0 [ 75.406634][ T5316] ? process_scheduled_works+0x976/0x1850 [ 75.408776][ T5316] process_scheduled_works+0xa63/0x1850 [ 75.410854][ T5316] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.413078][ T5316] ? assign_work+0x364/0x3d0 [ 75.414805][ T5316] worker_thread+0x870/0xd30 [ 75.416526][ T5316] ? __kthread_parkme+0x169/0x1d0 [ 75.418413][ T5316] ? __pfx_worker_thread+0x10/0x10 [ 75.420321][ T5316] kthread+0x2f0/0x390 [ 75.421819][ T5316] ? __pfx_worker_thread+0x10/0x10 [ 75.423777][ T5316] ? __pfx_kthread+0x10/0x10 [ 75.425562][ T5316] ret_from_fork+0x4b/0x80 [ 75.427242][ T5316] ? __pfx_kthread+0x10/0x10 [ 75.429020][ T5316] ret_from_fork_asm+0x1a/0x30 [ 75.430872][ T5316] [ 75.437285][ T5316] [ 75.438096][ T5316] ============================= [ 75.439777][ T5316] [ BUG: Invalid wait context ] [ 75.441501][ T5316] 6.12.0-syzkaller-03657-g43fb83c17ba2 #0 Tainted: G W [ 75.444300][ T5316] ----------------------------- [ 75.446089][ T5316] kworker/u5:2/5316 is trying to lock: [ 75.448068][ T5316] ffffffff8fe4d568 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_le_create_big_complete_evt+0x3d9/0xae0 [ 75.451970][ T5316] other info that might help us debug this: [ 75.454074][ T5316] context-{5:5} [ 75.455326][ T5316] 4 locks held by kworker/u5:2/5316: [ 75.457274][ T5316] #0: ffff888040d68148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 75.461340][ T5316] #1: ffffc9000cf5fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 75.465770][ T5316] #2: ffff88804333c078 (&hdev->lock){+.+.}-{4:4}, at: hci_le_create_big_complete_evt+0xcf/0xae0 [ 75.469648][ T5316] #3: ffffffff8e93c820 (rcu_read_lock){....}-{1:3}, at: hci_le_create_big_complete_evt+0xdb/0xae0 [ 75.473600][ T5316] stack backtrace: [ 75.475079][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: kworker/u5:2 Tainted: G W 6.12.0-syzkaller-03657-g43fb83c17ba2 #0 [ 75.479494][ T5316] Tainted: [W]=WARN [ 75.480884][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.484899][ T5316] Workqueue: hci0 hci_rx_work [ 75.486645][ T5316] Call Trace: [ 75.487894][ T5316] [ 75.489019][ T5316] dump_stack_lvl+0x241/0x360 [ 75.490858][ T5316] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.492777][ T5316] ? __pfx__printk+0x10/0x10 [ 75.494454][ T5316] __lock_acquire+0x15a8/0x2100 [ 75.496238][ T5316] lock_acquire+0x1ed/0x550 [ 75.497895][ T5316] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 75.500207][ T5316] ? __pfx_lock_acquire+0x10/0x10 [ 75.502104][ T5316] ? __mutex_lock+0x187/0xee0 [ 75.504047][ T5316] ? __pfx___might_resched+0x10/0x10 [ 75.506109][ T5316] ? __lock_acquire+0x1397/0x2100 [ 75.508007][ T5316] __mutex_lock+0x1ac/0xee0 [ 75.509745][ T5316] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 75.512106][ T5316] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 75.514310][ T5316] ? __pfx___mutex_lock+0x10/0x10 [ 75.516209][ T5316] ? rcu_is_watching+0x15/0xb0 [ 75.517944][ T5316] ? trace_contention_end+0x3c/0x120 [ 75.519943][ T5316] ? skb_pull_data+0x112/0x230 [ 75.521677][ T5316] ? hci_conn_set_handle+0x9a/0x270 [ 75.523664][ T5316] hci_le_create_big_complete_evt+0x3d9/0xae0 [ 75.525846][ T5316] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 75.527995][ T5316] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 75.530430][ T5316] ? hci_le_meta_evt+0x366/0x580 [ 75.532264][ T5316] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 75.534707][ T5316] hci_event_packet+0xa55/0x1540 [ 75.536600][ T5316] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 75.538579][ T5316] ? __pfx_hci_event_packet+0x10/0x10 [ 75.540526][ T5316] ? do_raw_spin_unlock+0x58/0x8b0 [ 75.542401][ T5316] ? hci_send_to_monitor+0xd8/0x7f0 [ 75.544446][ T5316] ? kcov_remote_start+0x97/0x7d0 [ 75.546499][ T5316] hci_rx_work+0x3e8/0xca0 [ 75.548221][ T5316] ? process_scheduled_works+0x976/0x1850 [ 75.550451][ T5316] process_scheduled_works+0xa63/0x1850 [ 75.552862][ T5316] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.555223][ T5316] ? assign_work+0x364/0x3d0 [ 75.557021][ T5316] worker_thread+0x870/0xd30 [ 75.558830][ T5316] ? __kthread_parkme+0x169/0x1d0 [ 75.560703][ T5316] ? __pfx_worker_thread+0x10/0x10 [ 75.562767][ T5316] kthread+0x2f0/0x390 [ 75.564399][ T5316] ? __pfx_worker_thread+0x10/0x10 [ 75.566306][ T5316] ? __pfx_kthread+0x10/0x10 [ 75.568039][ T5316] ret_from_fork+0x4b/0x80 [ 75.569689][ T5316] ? __pfx_kthread+0x10/0x10 [ 75.571430][ T5316] ret_from_fork_asm+0x1a/0x30 [ 75.573181][ T5316] [ 75.579460][ T5316] ================================================================== [ 75.582406][ T5316] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0 [ 75.585669][ T5316] Read of size 8 at addr ffff888040e50000 by task kworker/u5:2/5316 [ 75.588462][ T5316] [ 75.589388][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: kworker/u5:2 Tainted: G W 6.12.0-syzkaller-03657-g43fb83c17ba2 #0 [ 75.593761][ T5316] Tainted: [W]=WARN [ 75.595324][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.599704][ T5316] Workqueue: hci0 hci_rx_work [ 75.601564][ T5316] Call Trace: [ 75.602720][ T5316] [ 75.603809][ T5316] dump_stack_lvl+0x241/0x360 [ 75.605513][ T5316] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.607406][ T5316] ? __pfx__printk+0x10/0x10 [ 75.609165][ T5316] ? _printk+0xd5/0x120 [ 75.610720][ T5316] ? __virt_addr_valid+0x183/0x530 [ 75.612650][ T5316] ? __virt_addr_valid+0x183/0x530 [ 75.614586][ T5316] print_report+0x169/0x550 [ 75.616294][ T5316] ? __virt_addr_valid+0x183/0x530 [ 75.618174][ T5316] ? __virt_addr_valid+0x183/0x530 [ 75.620103][ T5316] ? __virt_addr_valid+0x45f/0x530 [ 75.622052][ T5316] ? __phys_addr+0xba/0x170 [ 75.623797][ T5316] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 75.626107][ T5316] kasan_report+0x143/0x180 [ 75.627942][ T5316] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 75.630350][ T5316] hci_le_create_big_complete_evt+0x383/0xae0 [ 75.632644][ T5316] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 75.634978][ T5316] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 75.637457][ T5316] ? hci_le_meta_evt+0x366/0x580 [ 75.639336][ T5316] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 75.641801][ T5316] hci_event_packet+0xa55/0x1540 [ 75.643682][ T5316] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 75.645702][ T5316] ? __pfx_hci_event_packet+0x10/0x10 [ 75.647792][ T5316] ? do_raw_spin_unlock+0x58/0x8b0 [ 75.649803][ T5316] ? hci_send_to_monitor+0xd8/0x7f0 [ 75.651515][ T5316] ? kcov_remote_start+0x97/0x7d0 [ 75.653334][ T5316] hci_rx_work+0x3e8/0xca0 [ 75.655049][ T5316] ? process_scheduled_works+0x976/0x1850 [ 75.657072][ T5316] process_scheduled_works+0xa63/0x1850 [ 75.659426][ T5316] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.661722][ T5316] ? assign_work+0x364/0x3d0 [ 75.663330][ T5316] worker_thread+0x870/0xd30 [ 75.664904][ T5316] ? __kthread_parkme+0x169/0x1d0 [ 75.666731][ T5316] ? __pfx_worker_thread+0x10/0x10 [ 75.668638][ T5316] kthread+0x2f0/0x390 [ 75.670143][ T5316] ? __pfx_worker_thread+0x10/0x10 [ 75.672071][ T5316] ? __pfx_kthread+0x10/0x10 [ 75.673795][ T5316] ret_from_fork+0x4b/0x80 [ 75.675522][ T5316] ? __pfx_kthread+0x10/0x10 [ 75.677263][ T5316] ret_from_fork_asm+0x1a/0x30 [ 75.679089][ T5316] [ 75.680336][ T5316] [ 75.681243][ T5316] Allocated by task 5316: [ 75.682848][ T5316] kasan_save_track+0x3f/0x80 [ 75.684578][ T5316] __kasan_kmalloc+0x98/0xb0 [ 75.686146][ T5316] __kmalloc_cache_noprof+0x19c/0x2c0 [ 75.687966][ T5316] __hci_conn_add+0x2f9/0x1850 [ 75.689461][ T5316] hci_le_big_sync_established_evt+0x414/0xc20 [ 75.691356][ T5316] hci_event_packet+0xa55/0x1540 [ 75.692960][ T5316] hci_rx_work+0x3e8/0xca0 [ 75.694353][ T5316] process_scheduled_works+0xa63/0x1850 [ 75.696329][ T5316] worker_thread+0x870/0xd30 [ 75.698076][ T5316] kthread+0x2f0/0x390 [ 75.699596][ T5316] ret_from_fork+0x4b/0x80 [ 75.701315][ T5316] ret_from_fork_asm+0x1a/0x30 [ 75.703076][ T5316] [ 75.704015][ T5316] Freed by task 5316: [ 75.705542][ T5316] kasan_save_track+0x3f/0x80 [ 75.707283][ T5316] kasan_save_free_info+0x40/0x50 [ 75.708888][ T5316] __kasan_slab_free+0x59/0x70 [ 75.710747][ T5316] kfree+0x1a0/0x440 [ 75.712086][ T5316] device_release+0x99/0x1c0 [ 75.713900][ T5316] kobject_put+0x22f/0x480 [ 75.715656][ T5316] hci_conn_del+0x8c4/0xc40 [ 75.717421][ T5316] hci_le_create_big_complete_evt+0x619/0xae0 [ 75.719680][ T5316] hci_event_packet+0xa55/0x1540 [ 75.721602][ T5316] hci_rx_work+0x3e8/0xca0 [ 75.723337][ T5316] process_scheduled_works+0xa63/0x1850 [ 75.725416][ T5316] worker_thread+0x870/0xd30 [ 75.727257][ T5316] kthread+0x2f0/0x390 [ 75.728884][ T5316] ret_from_fork+0x4b/0x80 [ 75.730624][ T5316] ret_from_fork_asm+0x1a/0x30 [ 75.732397][ T5316] [ 75.733354][ T5316] The buggy address belongs to the object at ffff888040e50000 [ 75.733354][ T5316] which belongs to the cache kmalloc-8k of size 8192 [ 75.738496][ T5316] The buggy address is located 0 bytes inside of [ 75.738496][ T5316] freed 8192-byte region [ffff888040e50000, ffff888040e52000) [ 75.743021][ T5316] [ 75.743919][ T5316] The buggy address belongs to the physical page: [ 75.746210][ T5316] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x40e50 [ 75.749398][ T5316] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 75.752717][ T5316] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 75.755723][ T5316] page_type: f5(slab) [ 75.757246][ T5316] raw: 04fff00000000040 ffff88801ac42280 0000000000000000 0000000000000001 [ 75.760546][ T5316] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000 [ 75.763518][ T5316] head: 04fff00000000040 ffff88801ac42280 0000000000000000 0000000000000001 [ 75.766239][ T5316] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000 [ 75.769218][ T5316] head: 04fff00000000003 ffffea0001039401 ffffffffffffffff 0000000000000000 [ 75.772201][ T5316] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 75.775115][ T5316] page dumped because: kasan: bad access detected [ 75.777644][ T5316] page_owner tracks the page as allocated [ 75.780164][ T5316] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5300, tgid 5300 (nohup), ts 54817135259, free_ts 54648816163 [ 75.787098][ T5316] post_alloc_hook+0x1f3/0x230 [ 75.789036][ T5316] get_page_from_freelist+0x3649/0x3790 [ 75.791173][ T5316] __alloc_pages_noprof+0x292/0x710 [ 75.793493][ T5316] alloc_pages_mpol_noprof+0x3e8/0x680 [ 75.795711][ T5316] alloc_slab_page+0x6a/0x140 [ 75.797486][ T5316] allocate_slab+0x5a/0x2f0 [ 75.799257][ T5316] ___slab_alloc+0xcd1/0x14b0 [ 75.801086][ T5316] __slab_alloc+0x58/0xa0 [ 75.802666][ T5316] __kmalloc_cache_noprof+0x1d5/0x2c0 [ 75.805055][ T5316] tomoyo_init_log+0x11cd/0x2050 [ 75.807102][ T5316] tomoyo_supervisor+0x38a/0x11f0 [ 75.809228][ T5316] tomoyo_env_perm+0x178/0x210 [ 75.811035][ T5316] tomoyo_find_next_domain+0x146e/0x1d40 [ 75.813240][ T5316] tomoyo_bprm_check_security+0x117/0x180 [ 75.815401][ T5316] security_bprm_check+0x86/0x250 [ 75.817449][ T5316] bprm_execve+0xa56/0x1770 [ 75.819402][ T5316] page last free pid 785 tgid 785 stack trace: [ 75.821767][ T5316] free_unref_page+0xdf9/0x1140 [ 75.823647][ T5316] __put_partials+0xeb/0x130 [ 75.825399][ T5316] put_cpu_partial+0x17c/0x250 [ 75.827214][ T5316] __slab_free+0x2ea/0x3d0 [ 75.828951][ T5316] qlist_free_all+0x9a/0x140 [ 75.830653][ T5316] kasan_quarantine_reduce+0x14f/0x170 [ 75.832947][ T5316] __kasan_slab_alloc+0x23/0x80 [ 75.835212][ T5316] __kmalloc_cache_noprof+0x132/0x2c0 [ 75.837602][ T5316] drm_atomic_state_alloc+0xa6/0x100 [ 75.839748][ T5316] drm_atomic_helper_dirtyfb+0xee/0xe60 [ 75.841883][ T5316] drm_fbdev_shmem_helper_fb_dirty+0x151/0x2c0 [ 75.844197][ T5316] drm_fb_helper_damage_work+0x275/0x880 [ 75.846278][ T5316] process_scheduled_works+0xa63/0x1850 [ 75.848350][ T5316] worker_thread+0x870/0xd30 [ 75.850131][ T5316] kthread+0x2f0/0x390 [ 75.851691][ T5316] ret_from_fork+0x4b/0x80 [ 75.853378][ T5316] [ 75.854269][ T5316] Memory state around the buggy address: [ 75.856353][ T5316] ffff888040e4ff00: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc [ 75.859369][ T5316] ffff888040e4ff80: 00 00 00 fc fc fc fc fc 00 00 00 00 fc fc fc fc [ 75.862389][ T5316] >ffff888040e50000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.865369][ T5316] ^ [ 75.866904][ T5316] ffff888040e50080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.869952][ T5316] ffff888040e50100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.872945][ T5316] ================================================================== [ 75.899290][ T5316] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 75.902013][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: kworker/u5:2 Tainted: G W 6.12.0-syzkaller-03657-g43fb83c17ba2 #0 [ 75.906443][ T5316] Tainted: [W]=WARN [ 75.907890][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.911917][ T5316] Workqueue: hci0 hci_rx_work [ 75.913691][ T5316] Call Trace: [ 75.914984][ T5316] [ 75.916127][ T5316] dump_stack_lvl+0x241/0x360 [ 75.917916][ T5316] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.919908][ T5316] ? __pfx__printk+0x10/0x10 [ 75.921670][ T5316] ? rcu_is_watching+0x15/0xb0 [ 75.923502][ T5316] ? preempt_schedule+0xe1/0xf0 [ 75.925295][ T5316] ? vscnprintf+0x5d/0x90 [ 75.926906][ T5316] panic+0x349/0x880 [ 75.928393][ T5316] ? check_panic_on_warn+0x21/0xb0 [ 75.930301][ T5316] ? __pfx_panic+0x10/0x10 [ 75.932001][ T5316] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 75.934288][ T5316] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.936665][ T5316] ? print_report+0x502/0x550 [ 75.938383][ T5316] check_panic_on_warn+0x86/0xb0 [ 75.940230][ T5316] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 75.942438][ T5316] end_report+0x77/0x160 [ 75.944135][ T5316] kasan_report+0x154/0x180 [ 75.945817][ T5316] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 75.948115][ T5316] hci_le_create_big_complete_evt+0x383/0xae0 [ 75.950467][ T5316] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 75.952882][ T5316] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 75.955425][ T5316] ? hci_le_meta_evt+0x366/0x580 [ 75.957271][ T5316] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 75.959705][ T5316] hci_event_packet+0xa55/0x1540 [ 75.961615][ T5316] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 75.963681][ T5316] ? __pfx_hci_event_packet+0x10/0x10 [ 75.965694][ T5316] ? do_raw_spin_unlock+0x58/0x8b0 [ 75.967655][ T5316] ? hci_send_to_monitor+0xd8/0x7f0 [ 75.969680][ T5316] ? kcov_remote_start+0x97/0x7d0 [ 75.971611][ T5316] hci_rx_work+0x3e8/0xca0 [ 75.973367][ T5316] ? process_scheduled_works+0x976/0x1850 [ 75.975650][ T5316] process_scheduled_works+0xa63/0x1850 [ 75.977803][ T5316] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.982831][ T5316] ? assign_work+0x364/0x3d0 [ 75.985527][ T5316] worker_thread+0x870/0xd30 [ 75.987310][ T5316] ? __kthread_parkme+0x169/0x1d0 [ 75.989290][ T5316] ? __pfx_worker_thread+0x10/0x10 [ 75.991123][ T5316] kthread+0x2f0/0x390 [ 75.992649][ T5316] ? __pfx_worker_thread+0x10/0x10 [ 75.994555][ T5316] ? __pfx_kthread+0x10/0x10 [ 75.996386][ T5316] ret_from_fork+0x4b/0x80 [ 75.998034][ T5316] ? __pfx_kthread+0x10/0x10 [ 75.999845][ T5316] ret_from_fork_asm+0x1a/0x30 [ 76.001716][ T5316] [ 76.003200][ T5316] Kernel Offset: disabled [ 76.004879][ T5316] Rebooting in 86400 seconds..