program:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x400e, &(0x7f0000000080)={[{@i_version}, {@nobh}, {@max_batch_time={'max_batch_time', 0x3d, 0xb}}, {@nolazytime}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@acl}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x42, 0x0)
r1 = socket(0x15, 0x5, 0x0)
getsockopt(r1, 0x200000000114, 0x2710, 0x0, &(0x7f0000000040))
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
fallocate(r0, 0x3, 0xc0000, 0x8000c62)

[   78.983717][ T5091] Bluetooth: hci0: command tx timeout
[   80.371422][ T5106] loop0: detected capacity change from 0 to 512
[   80.401478][ T5106] EXT4-fs: Ignoring removed i_version option
[   80.414991][ T5106] EXT4-fs: Ignoring removed nobh option
[   80.430278][ T5106] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   80.451374][ T5106] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   80.470015][ T5106] EXT4-fs (loop0): 1 truncate cleaned up
[   80.480423][ T5106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   80.510314][ T5091] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[   80.516382][ T5091] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5091, name: kworker/u5:2
[   80.521461][ T5091] preempt_count: 0, expected: 0
[   80.524284][ T5091] RCU nest depth: 1, expected: 0
[   80.526416][ T5091] 4 locks held by kworker/u5:2/5091:
[   80.528884][ T5091]  #0: ffff888000dbf948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   80.535302][ T5091]  #1: ffffc90002f8fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   80.540192][ T5091]  #2: ffff888000ddc078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   80.547493][ T5091]  #3: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   80.552064][ T5091] CPU: 0 UID: 0 PID: 5091 Comm: kworker/u5:2 Not tainted 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0
[   80.556267][ T5091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.560319][ T5091] Workqueue: hci0 hci_rx_work
[   80.562242][ T5091] Call Trace:
[   80.563649][ T5091]  <TASK>
[   80.564961][ T5091]  dump_stack_lvl+0x241/0x360
[   80.567073][ T5091]  ? __pfx_dump_stack_lvl+0x10/0x10
[   80.569557][ T5091]  ? __pfx__printk+0x10/0x10
[   80.571687][ T5091]  __might_resched+0x5d4/0x780
[   80.573948][ T5091]  ? __mutex_lock+0x112/0xd70
[   80.575693][ T5091]  ? __pfx___might_resched+0x10/0x10
[   80.577861][ T5091]  __mutex_lock+0xc1/0xd70
[   80.579763][ T5091]  ? __pfx_lock_acquire+0x10/0x10
[   80.582357][ T5091]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   80.585853][ T5091]  ? __pfx_lock_release+0x10/0x10
[   80.587857][ T5091]  ? __pfx___mutex_lock+0x10/0x10
[   80.589792][ T5091]  ? trace_contention_end+0x3c/0x120
[   80.591836][ T5091]  ? skb_pull_data+0x112/0x230
[   80.593702][ T5091]  ? hci_conn_set_handle+0x9a/0x270
[   80.595866][ T5091]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   80.598610][ T5091]  ? __copy_skb_header+0x437/0x5b0
[   80.600999][ T5091]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   80.603435][ T5091]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   80.606010][ T5091]  ? hci_le_meta_evt+0x366/0x580
[   80.608082][ T5091]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   80.611175][ T5091]  hci_event_packet+0xa55/0x1540
[   80.613546][ T5091]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   80.615836][ T5091]  ? __pfx_hci_event_packet+0x10/0x10
[   80.617964][ T5091]  ? set_advertising_complete+0x6b0/0x6f0
[   80.620206][ T5091]  ? kcov_remote_start+0x97/0x7d0
[   80.622094][ T5091]  hci_rx_work+0x3fe/0xd80
[   80.624078][ T5091]  ? process_scheduled_works+0x976/0x1850
[   80.626688][ T5091]  process_scheduled_works+0xa63/0x1850
[   80.629271][ T5091]  ? __pfx_process_scheduled_works+0x10/0x10
[   80.631977][ T5091]  ? assign_work+0x364/0x3d0
[   80.634164][ T5091]  worker_thread+0x870/0xd30
[   80.636300][ T5091]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   80.638731][ T5091]  ? __kthread_parkme+0x169/0x1d0
[   80.640947][ T5091]  ? __pfx_worker_thread+0x10/0x10
[   80.643011][ T5091]  kthread+0x2f0/0x390
[   80.644925][ T5091]  ? __pfx_worker_thread+0x10/0x10
[   80.647158][ T5091]  ? __pfx_kthread+0x10/0x10
[   80.649066][ T5091]  ret_from_fork+0x4b/0x80
[   80.650912][ T5091]  ? __pfx_kthread+0x10/0x10
[   80.652801][ T5091]  ret_from_fork_asm+0x1a/0x30
[   80.654800][ T5091]  </TASK>
[   80.665589][ T5091] 
[   80.666523][ T5091] =============================
[   80.668366][ T5091] [ BUG: Invalid wait context ]
[   80.670202][ T5091] 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0 Tainted: G        W         
[   80.673472][ T5091] -----------------------------
[   80.675686][ T5091] kworker/u5:2/5091 is trying to lock:
[   80.678603][ T5091] ffffffff8fe3dfe8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[   80.683188][ T5091] other info that might help us debug this:
[   80.685467][ T5091] context-{4:4}
[   80.686894][ T5091] 4 locks held by kworker/u5:2/5091:
[   80.688945][ T5091]  #0: ffff888000dbf948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   80.693706][ T5091]  #1: ffffc90002f8fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   80.698838][ T5091]  #2: ffff888000ddc078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   80.702820][ T5091]  #3: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   80.707945][ T5091] stack backtrace:
[   80.709649][ T5091] CPU: 0 UID: 0 PID: 5091 Comm: kworker/u5:2 Tainted: G        W          6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0
[   80.714365][ T5091] Tainted: [W]=WARN
[   80.715769][ T5091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.719343][ T5091] Workqueue: hci0 hci_rx_work
[   80.720938][ T5091] Call Trace:
[   80.722022][ T5091]  <TASK>
[   80.723170][ T5091]  dump_stack_lvl+0x241/0x360
[   80.725458][ T5091]  ? __pfx_dump_stack_lvl+0x10/0x10
[   80.727944][ T5091]  ? __pfx__printk+0x10/0x10
[   80.729943][ T5091]  __lock_acquire+0x154a/0x2050
[   80.731728][ T5091]  lock_acquire+0x1ed/0x550
[   80.733410][ T5091]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   80.735785][ T5091]  ? __pfx_lock_acquire+0x10/0x10
[   80.737756][ T5091]  ? __mutex_lock+0x112/0xd70
[   80.739781][ T5091]  ? __pfx___might_resched+0x10/0x10
[   80.742551][ T5091]  __mutex_lock+0x136/0xd70
[   80.745292][ T5091]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   80.748348][ T5091]  ? __pfx_lock_acquire+0x10/0x10
[   80.750324][ T5091]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   80.752665][ T5091]  ? __pfx_lock_release+0x10/0x10
[   80.754653][ T5091]  ? __pfx___mutex_lock+0x10/0x10
[   80.756458][ T5091]  ? trace_contention_end+0x3c/0x120
[   80.758388][ T5091]  ? skb_pull_data+0x112/0x230
[   80.760223][ T5091]  ? hci_conn_set_handle+0x9a/0x270
[   80.762313][ T5091]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   80.765360][ T5091]  ? __copy_skb_header+0x437/0x5b0
[   80.767758][ T5091]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   80.769992][ T5091]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   80.772386][ T5091]  ? hci_le_meta_evt+0x366/0x580
[   80.774332][ T5091]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   80.776950][ T5091]  hci_event_packet+0xa55/0x1540
[   80.779487][ T5091]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   80.782533][ T5091]  ? __pfx_hci_event_packet+0x10/0x10
[   80.784844][ T5091]  ? set_advertising_complete+0x6b0/0x6f0
[   80.787263][ T5091]  ? kcov_remote_start+0x97/0x7d0
[   80.789262][ T5091]  hci_rx_work+0x3fe/0xd80
[   80.790999][ T5091]  ? process_scheduled_works+0x976/0x1850
[   80.793122][ T5091]  process_scheduled_works+0xa63/0x1850
[   80.795293][ T5091]  ? __pfx_process_scheduled_works+0x10/0x10
[   80.798233][ T5091]  ? assign_work+0x364/0x3d0
[   80.800181][ T5091]  worker_thread+0x870/0xd30
[   80.801981][ T5091]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   80.804140][ T5091]  ? __kthread_parkme+0x169/0x1d0
[   80.805885][ T5091]  ? __pfx_worker_thread+0x10/0x10
[   80.807581][ T5091]  kthread+0x2f0/0x390
[   80.809130][ T5091]  ? __pfx_worker_thread+0x10/0x10
[   80.811010][ T5091]  ? __pfx_kthread+0x10/0x10
[   80.812661][ T5091]  ret_from_fork+0x4b/0x80
[   80.814674][ T5091]  ? __pfx_kthread+0x10/0x10
[   80.817098][ T5091]  ret_from_fork_asm+0x1a/0x30
[   80.819341][ T5091]  </TASK>
[   80.829214][ T5091] ==================================================================
[   80.833678][ T5091] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[   80.837591][ T5091] Read of size 8 at addr ffff888011a74000 by task kworker/u5:2/5091
[   80.841252][ T5091] 
[   80.842458][ T5091] CPU: 0 UID: 0 PID: 5091 Comm: kworker/u5:2 Tainted: G        W          6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0
[   80.847143][ T5091] Tainted: [W]=WARN
[   80.848452][ T5091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.852381][ T5091] Workqueue: hci0 hci_rx_work
[   80.854025][ T5091] Call Trace:
[   80.855270][ T5091]  <TASK>
[   80.856383][ T5091]  dump_stack_lvl+0x241/0x360
[   80.858832][ T5091]  ? __pfx_dump_stack_lvl+0x10/0x10
[   80.861564][ T5091]  ? __pfx__printk+0x10/0x10
[   80.863711][ T5091]  ? _printk+0xd5/0x120
[   80.865314][ T5091]  ? __virt_addr_valid+0x183/0x530
[   80.867290][ T5091]  ? __virt_addr_valid+0x183/0x530
[   80.869230][ T5091]  print_report+0x169/0x550
[   80.871083][ T5091]  ? __virt_addr_valid+0x183/0x530
[   80.873206][ T5091]  ? __virt_addr_valid+0x183/0x530
[   80.875392][ T5091]  ? __virt_addr_valid+0x45f/0x530
[   80.877703][ T5091]  ? __phys_addr+0xba/0x170
[   80.879752][ T5091]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   80.882451][ T5091]  kasan_report+0x143/0x180
[   80.884289][ T5091]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   80.886791][ T5091]  hci_le_create_big_complete_evt+0x383/0xae0
[   80.889192][ T5091]  ? __copy_skb_header+0x437/0x5b0
[   80.891008][ T5091]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   80.893242][ T5091]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   80.895966][ T5091]  ? hci_le_meta_evt+0x366/0x580
[   80.898584][ T5091]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   80.901509][ T5091]  hci_event_packet+0xa55/0x1540
[   80.903596][ T5091]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   80.905651][ T5091]  ? __pfx_hci_event_packet+0x10/0x10
[   80.907660][ T5091]  ? set_advertising_complete+0x6b0/0x6f0
[   80.909775][ T5091]  ? kcov_remote_start+0x97/0x7d0
[   80.911327][ T5091]  hci_rx_work+0x3fe/0xd80
[   80.913051][ T5091]  ? process_scheduled_works+0x976/0x1850
[   80.915399][ T5091]  process_scheduled_works+0xa63/0x1850
[   80.917590][ T5091]  ? __pfx_process_scheduled_works+0x10/0x10
[   80.920186][ T5091]  ? assign_work+0x364/0x3d0
[   80.922006][ T5091]  worker_thread+0x870/0xd30
[   80.923640][ T5091]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   80.926655][ T5091]  ? __kthread_parkme+0x169/0x1d0
[   80.928751][ T5091]  ? __pfx_worker_thread+0x10/0x10
[   80.930632][ T5091]  kthread+0x2f0/0x390
[   80.932279][ T5091]  ? __pfx_worker_thread+0x10/0x10
[   80.935111][ T5091]  ? __pfx_kthread+0x10/0x10
[   80.937098][ T5091]  ret_from_fork+0x4b/0x80
[   80.938739][ T5091]  ? __pfx_kthread+0x10/0x10
[   80.940569][ T5091]  ret_from_fork_asm+0x1a/0x30
[   80.942408][ T5091]  </TASK>
[   80.943573][ T5091] 
[   80.944471][ T5091] Allocated by task 5091:
[   80.946154][ T5091]  kasan_save_track+0x3f/0x80
[   80.948188][ T5091]  __kasan_kmalloc+0x98/0xb0
[   80.950872][ T5091]  __kmalloc_cache_noprof+0x19c/0x2c0
[   80.953810][ T5091]  __hci_conn_add+0x2f9/0x1850
[   80.955628][ T5091]  hci_le_big_sync_established_evt+0x414/0xc20
[   80.957712][ T5091]  hci_event_packet+0xa55/0x1540
[   80.959346][ T5091]  hci_rx_work+0x3fe/0xd80
[   80.961036][ T5091]  process_scheduled_works+0xa63/0x1850
[   80.963143][ T5091]  worker_thread+0x870/0xd30
[   80.965261][ T5091]  kthread+0x2f0/0x390
[   80.966978][ T5091]  ret_from_fork+0x4b/0x80
[   80.968730][ T5091]  ret_from_fork_asm+0x1a/0x30
[   80.970728][ T5091] 
[   80.971749][ T5091] Freed by task 5091:
[   80.973462][ T5091]  kasan_save_track+0x3f/0x80
[   80.975462][ T5091]  kasan_save_free_info+0x40/0x50
[   80.977503][ T5091]  __kasan_slab_free+0x59/0x70
[   80.979374][ T5091]  kfree+0x1a0/0x440
[   80.980814][ T5091]  device_release+0x99/0x1c0
[   80.982720][ T5091]  kobject_put+0x22f/0x480
[   80.984573][ T5091]  hci_conn_del+0x8c4/0xc40
[   80.986676][ T5091]  hci_le_create_big_complete_evt+0x619/0xae0
[   80.989432][ T5091]  hci_event_packet+0xa55/0x1540
[   80.991798][ T5091]  hci_rx_work+0x3fe/0xd80
[   80.993574][ T5091]  process_scheduled_works+0xa63/0x1850
[   80.995533][ T5091]  worker_thread+0x870/0xd30
[   80.997219][ T5091]  kthread+0x2f0/0x390
[   80.998762][ T5091]  ret_from_fork+0x4b/0x80
[   81.000494][ T5091]  ret_from_fork_asm+0x1a/0x30
[   81.002396][ T5091] 
[   81.003474][ T5091] The buggy address belongs to the object at ffff888011a74000
[   81.003474][ T5091]  which belongs to the cache kmalloc-8k of size 8192
[   81.009221][ T5091] The buggy address is located 0 bytes inside of
[   81.009221][ T5091]  freed 8192-byte region [ffff888011a74000, ffff888011a76000)
[   81.014067][ T5091] 
[   81.014925][ T5091] The buggy address belongs to the physical page:
[   81.017118][ T5091] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a70
[   81.020484][ T5091] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   81.024067][ T5091] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   81.027689][ T5091] page_type: f5(slab)
[   81.029536][ T5091] raw: 00fff00000000040 ffff88801ac42280 ffffea00007bdc00 dead000000000004
[   81.032557][ T5091] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   81.035694][ T5091] head: 00fff00000000040 ffff88801ac42280 ffffea00007bdc00 dead000000000004
[   81.038828][ T5091] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   81.041966][ T5091] head: 00fff00000000003 ffffea0000469c01 ffffffffffffffff 0000000000000000
[   81.047157][ T5091] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   81.050958][ T5091] page dumped because: kasan: bad access detected
[   81.053110][ T5091] page_owner tracks the page as allocated
[   81.055304][ T5091] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5086, tgid 5086 (sh), ts 62695139871, free_ts 61753528186
[   81.062457][ T5091]  post_alloc_hook+0x1f3/0x230
[   81.064249][ T5091]  get_page_from_freelist+0x3045/0x3190
[   81.066588][ T5091]  __alloc_pages_noprof+0x256/0x6c0
[   81.069116][ T5091]  alloc_pages_mpol_noprof+0x3e8/0x680
[   81.071922][ T5091]  alloc_slab_page+0x6a/0x120
[   81.073685][ T5091]  allocate_slab+0x5a/0x2f0
[   81.075373][ T5091]  ___slab_alloc+0xcd1/0x14b0
[   81.076895][ T5091]  __slab_alloc+0x58/0xa0
[   81.078447][ T5091]  __kmalloc_cache_noprof+0x1d5/0x2c0
[   81.080442][ T5091]  tomoyo_init_log+0x11cd/0x2050
[   81.082360][ T5091]  tomoyo_supervisor+0x38a/0x11f0
[   81.084404][ T5091]  tomoyo_env_perm+0x178/0x210
[   81.086512][ T5091]  tomoyo_find_next_domain+0x146e/0x1d40
[   81.089161][ T5091]  tomoyo_bprm_check_security+0x114/0x180
[   81.091447][ T5091]  security_bprm_check+0x86/0x250
[   81.093519][ T5091]  bprm_execve+0xa56/0x1770
[   81.095196][ T5091] page last free pid 5078 tgid 5078 stack trace:
[   81.097312][ T5091]  free_unref_page+0xcfb/0xf20
[   81.099157][ T5091]  skb_release_data+0x6dc/0x8a0
[   81.100825][ T5091]  kfree_skb_list_reason+0x2ee/0x750
[   81.102591][ T5091]  skb_release_data+0x5cc/0x8a0
[   81.104498][ T5091]  skb_attempt_defer_free+0x42f/0x5c0
[   81.106595][ T5091]  tcp_recvmsg_locked+0x2995/0x3c80
[   81.108868][ T5091]  tcp_recvmsg+0x25d/0x920
[   81.110754][ T5091]  inet_recvmsg+0x150/0x2d0
[   81.112675][ T5091]  sock_recvmsg+0x1ae/0x280
[   81.114287][ T5091]  sock_read_iter+0x2c4/0x3d0
[   81.115897][ T5091]  vfs_read+0x9bb/0xbc0
[   81.117332][ T5091]  ksys_read+0x183/0x2b0
[   81.118752][ T5091]  do_syscall_64+0xf3/0x230
[   81.120552][ T5091]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.123330][ T5091] 
[   81.124504][ T5091] Memory state around the buggy address:
[   81.126945][ T5091]  ffff888011a73f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.129883][ T5091]  ffff888011a73f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.132684][ T5091] >ffff888011a74000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   81.135668][ T5091]                    ^
[   81.137442][ T5091]  ffff888011a74080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   81.140883][ T5091]  ffff888011a74100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   81.143905][ T5091] ==================================================================
[   81.170040][ T5091] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   81.173329][ T5091] CPU: 0 UID: 0 PID: 5091 Comm: kworker/u5:2 Tainted: G        W          6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0
[   81.177950][ T5091] Tainted: [W]=WARN
[   81.179304][ T5091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   81.183193][ T5091] Workqueue: hci0 hci_rx_work
[   81.185191][ T5091] Call Trace:
[   81.186724][ T5091]  <TASK>
[   81.188055][ T5091]  dump_stack_lvl+0x241/0x360
[   81.189989][ T5091]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.191912][ T5091]  ? __pfx__printk+0x10/0x10
[   81.193753][ T5091]  ? rcu_is_watching+0x15/0xb0
[   81.195909][ T5091]  ? preempt_schedule+0xe1/0xf0
[   81.198247][ T5091]  ? vscnprintf+0x5d/0x90
[   81.200236][ T5091]  panic+0x349/0x880
[   81.202147][ T5091]  ? check_panic_on_warn+0x21/0xb0
[   81.204759][ T5091]  ? __pfx_panic+0x10/0x10
[   81.206577][ T5091]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   81.209023][ T5091]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   81.211126][ T5091]  ? print_report+0x502/0x550
[   81.212865][ T5091]  check_panic_on_warn+0x86/0xb0
[   81.214909][ T5091]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   81.217437][ T5091]  end_report+0x77/0x160
[   81.219645][ T5091]  kasan_report+0x154/0x180
[   81.221697][ T5091]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   81.224368][ T5091]  hci_le_create_big_complete_evt+0x383/0xae0
[   81.226773][ T5091]  ? __copy_skb_header+0x437/0x5b0
[   81.228699][ T5091]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   81.231163][ T5091]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   81.234008][ T5091]  ? hci_le_meta_evt+0x366/0x580
[   81.236365][ T5091]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   81.239742][ T5091]  hci_event_packet+0xa55/0x1540
[   81.241858][ T5091]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   81.243761][ T5091]  ? __pfx_hci_event_packet+0x10/0x10
[   81.245960][ T5091]  ? set_advertising_complete+0x6b0/0x6f0
[   81.248381][ T5091]  ? kcov_remote_start+0x97/0x7d0
[   81.250799][ T5091]  hci_rx_work+0x3fe/0xd80
[   81.252915][ T5091]  ? process_scheduled_works+0x976/0x1850
[   81.255484][ T5091]  process_scheduled_works+0xa63/0x1850
[   81.257340][ T5091]  ? __pfx_process_scheduled_works+0x10/0x10
[   81.259480][ T5091]  ? assign_work+0x364/0x3d0
[   81.261126][ T5091]  worker_thread+0x870/0xd30
[   81.262806][ T5091]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   81.265084][ T5091]  ? __kthread_parkme+0x169/0x1d0
[   81.267207][ T5091]  ? __pfx_worker_thread+0x10/0x10
[   81.269384][ T5091]  kthread+0x2f0/0x390
[   81.270928][ T5091]  ? __pfx_worker_thread+0x10/0x10
[   81.272616][ T5091]  ? __pfx_kthread+0x10/0x10
[   81.274289][ T5091]  ret_from_fork+0x4b/0x80
[   81.275961][ T5091]  ? __pfx_kthread+0x10/0x10
[   81.277610][ T5091]  ret_from_fork_asm+0x1a/0x30
[   81.279413][ T5091]  </TASK>
[   81.280857][ T5091] Kernel Offset: disabled
[   81.282935][ T5091] Rebooting in 86400 seconds..