program: bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b80), 0xffffffffffffffff) (async, rerun: 64) r2 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x24, r1, 0x5, 0x100, 0x10000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x44005}, 0x4000000) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_PROBE_CLIENT(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x28, r1, 0x7fc13d4b9da0a005, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}}, 0x20000000) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) [ 71.217502][ T5313] Bluetooth: hci0: command tx timeout [ 71.359917][ T5313] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 [ 71.366430][ T5313] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5313, name: kworker/u5:2 [ 71.371392][ T5313] preempt_count: 0, expected: 0 [ 71.373243][ T5313] RCU nest depth: 1, expected: 0 [ 71.375328][ T5313] 4 locks held by kworker/u5:2/5313: [ 71.378937][ T5313] #0: ffff88804339c948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 71.383580][ T5313] #1: ffffc9000cf97d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 71.389786][ T5313] #2: ffff88804291c078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 [ 71.394228][ T5313] #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 [ 71.399468][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Not tainted 6.12.0-rc7-syzkaller-00070-g0a9b9d17f3a7 #0 [ 71.403880][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.408525][ T5313] Workqueue: hci0 hci_rx_work [ 71.410516][ T5313] Call Trace: [ 71.412096][ T5313] [ 71.413722][ T5313] dump_stack_lvl+0x241/0x360 [ 71.416261][ T5313] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.419070][ T5313] ? __pfx__printk+0x10/0x10 [ 71.421697][ T5313] __might_resched+0x5d4/0x780 [ 71.424238][ T5313] ? __mutex_lock+0x112/0xd70 [ 71.426745][ T5313] ? __pfx___might_resched+0x10/0x10 [ 71.429510][ T5313] __mutex_lock+0xc1/0xd70 [ 71.431872][ T5313] ? __pfx_lock_acquire+0x10/0x10 [ 71.434644][ T5313] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 71.437467][ T5313] ? __pfx_lock_release+0x10/0x10 [ 71.439554][ T5313] ? __pfx___mutex_lock+0x10/0x10 [ 71.441767][ T5313] ? trace_contention_end+0x3c/0x120 [ 71.444562][ T5313] ? skb_pull_data+0x112/0x230 [ 71.446649][ T5313] ? hci_conn_set_handle+0x9a/0x270 [ 71.448690][ T5313] hci_le_create_big_complete_evt+0x3d9/0xae0 [ 71.451114][ T5313] ? __copy_skb_header+0x437/0x5b0 [ 71.453174][ T5313] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 71.455571][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 71.458494][ T5313] ? hci_le_meta_evt+0x366/0x580 [ 71.461199][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 71.464879][ T5313] hci_event_packet+0xa55/0x1540 [ 71.466818][ T5313] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 71.468989][ T5313] ? __pfx_hci_event_packet+0x10/0x10 [ 71.471423][ T5313] ? hci_send_to_sock+0x170/0x810 [ 71.473500][ T5313] ? kcov_remote_start+0x97/0x7d0 [ 71.475638][ T5313] hci_rx_work+0x3fe/0xd80 [ 71.477507][ T5313] ? process_scheduled_works+0x976/0x1850 [ 71.480343][ T5313] process_scheduled_works+0xa63/0x1850 [ 71.483413][ T5313] ? __pfx_process_scheduled_works+0x10/0x10 [ 71.486697][ T5313] ? assign_work+0x364/0x3d0 [ 71.489169][ T5313] worker_thread+0x870/0xd30 [ 71.491765][ T5313] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 71.494864][ T5313] ? __kthread_parkme+0x169/0x1d0 [ 71.497555][ T5313] ? __pfx_worker_thread+0x10/0x10 [ 71.499371][ T5313] kthread+0x2f0/0x390 [ 71.500917][ T5313] ? __pfx_worker_thread+0x10/0x10 [ 71.502803][ T5313] ? __pfx_kthread+0x10/0x10 [ 71.504525][ T5313] ret_from_fork+0x4b/0x80 [ 71.506188][ T5313] ? __pfx_kthread+0x10/0x10 [ 71.507898][ T5313] ret_from_fork_asm+0x1a/0x30 [ 71.509638][ T5313] [ 71.518666][ T5313] [ 71.519707][ T5313] ============================= [ 71.521555][ T5313] [ BUG: Invalid wait context ] [ 71.523482][ T5313] 6.12.0-rc7-syzkaller-00070-g0a9b9d17f3a7 #0 Tainted: G W [ 71.526756][ T5313] ----------------------------- [ 71.528645][ T5313] kworker/u5:2/5313 is trying to lock: [ 71.530799][ T5313] ffffffff8fe40368 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0 [ 71.534991][ T5313] other info that might help us debug this: [ 71.537108][ T5313] context-{4:4} [ 71.538408][ T5313] 4 locks held by kworker/u5:2/5313: [ 71.540332][ T5313] #0: ffff88804339c948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 71.544242][ T5313] #1: ffffc9000cf97d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 71.548425][ T5313] #2: ffff88804291c078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 [ 71.553628][ T5313] #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 [ 71.558039][ T5313] stack backtrace: [ 71.559530][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Tainted: G W 6.12.0-rc7-syzkaller-00070-g0a9b9d17f3a7 #0 [ 71.564220][ T5313] Tainted: [W]=WARN [ 71.565750][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.569780][ T5313] Workqueue: hci0 hci_rx_work [ 71.571689][ T5313] Call Trace: [ 71.572992][ T5313] [ 71.574183][ T5313] dump_stack_lvl+0x241/0x360 [ 71.576122][ T5313] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.578111][ T5313] ? __pfx__printk+0x10/0x10 [ 71.579961][ T5313] __lock_acquire+0x154a/0x2050 [ 71.581859][ T5313] lock_acquire+0x1ed/0x550 [ 71.583704][ T5313] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 71.586057][ T5313] ? __pfx_lock_acquire+0x10/0x10 [ 71.587912][ T5313] ? __mutex_lock+0x112/0xd70 [ 71.590029][ T5313] ? __pfx___might_resched+0x10/0x10 [ 71.592151][ T5313] __mutex_lock+0x136/0xd70 [ 71.593823][ T5313] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 71.596126][ T5313] ? __pfx_lock_acquire+0x10/0x10 [ 71.597957][ T5313] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 71.600250][ T5313] ? __pfx_lock_release+0x10/0x10 [ 71.602287][ T5313] ? __pfx___mutex_lock+0x10/0x10 [ 71.604281][ T5313] ? trace_contention_end+0x3c/0x120 [ 71.606331][ T5313] ? skb_pull_data+0x112/0x230 [ 71.608255][ T5313] ? hci_conn_set_handle+0x9a/0x270 [ 71.610266][ T5313] hci_le_create_big_complete_evt+0x3d9/0xae0 [ 71.612597][ T5313] ? __copy_skb_header+0x437/0x5b0 [ 71.614549][ T5313] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 71.616912][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 71.619496][ T5313] ? hci_le_meta_evt+0x366/0x580 [ 71.621392][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 71.623789][ T5313] hci_event_packet+0xa55/0x1540 [ 71.625597][ T5313] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 71.627614][ T5313] ? __pfx_hci_event_packet+0x10/0x10 [ 71.629587][ T5313] ? hci_send_to_sock+0x170/0x810 [ 71.631490][ T5313] ? kcov_remote_start+0x97/0x7d0 [ 71.633518][ T5313] hci_rx_work+0x3fe/0xd80 [ 71.635135][ T5313] ? process_scheduled_works+0x976/0x1850 [ 71.637256][ T5313] process_scheduled_works+0xa63/0x1850 [ 71.639445][ T5313] ? __pfx_process_scheduled_works+0x10/0x10 [ 71.641756][ T5313] ? assign_work+0x364/0x3d0 [ 71.643484][ T5313] worker_thread+0x870/0xd30 [ 71.645047][ T5313] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 71.647260][ T5313] ? __kthread_parkme+0x169/0x1d0 [ 71.649750][ T5313] ? __pfx_worker_thread+0x10/0x10 [ 71.651553][ T5313] kthread+0x2f0/0x390 [ 71.653002][ T5313] ? __pfx_worker_thread+0x10/0x10 [ 71.654978][ T5313] ? __pfx_kthread+0x10/0x10 [ 71.657331][ T5313] ret_from_fork+0x4b/0x80 [ 71.659130][ T5313] ? __pfx_kthread+0x10/0x10 [ 71.661225][ T5313] ret_from_fork_asm+0x1a/0x30 [ 71.663250][ T5313] [ 71.670234][ T5313] ================================================================== [ 71.673123][ T5313] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0 [ 71.676234][ T5313] Read of size 8 at addr ffff888012344000 by task kworker/u5:2/5313 [ 71.679152][ T5313] [ 71.680249][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Tainted: G W 6.12.0-rc7-syzkaller-00070-g0a9b9d17f3a7 #0 [ 71.684507][ T5313] Tainted: [W]=WARN [ 71.686041][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.690154][ T5313] Workqueue: hci0 hci_rx_work [ 71.691983][ T5313] Call Trace: [ 71.693294][ T5313] [ 71.694500][ T5313] dump_stack_lvl+0x241/0x360 [ 71.696317][ T5313] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.698279][ T5313] ? __pfx__printk+0x10/0x10 [ 71.700122][ T5313] ? _printk+0xd5/0x120 [ 71.701735][ T5313] ? __virt_addr_valid+0x183/0x530 [ 71.703752][ T5313] ? __virt_addr_valid+0x183/0x530 [ 71.705854][ T5313] print_report+0x169/0x550 [ 71.707858][ T5313] ? __virt_addr_valid+0x183/0x530 [ 71.709791][ T5313] ? __virt_addr_valid+0x183/0x530 [ 71.711683][ T5313] ? __virt_addr_valid+0x45f/0x530 [ 71.713620][ T5313] ? __phys_addr+0xba/0x170 [ 71.715280][ T5313] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 71.717609][ T5313] kasan_report+0x143/0x180 [ 71.719300][ T5313] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 71.721664][ T5313] hci_le_create_big_complete_evt+0x383/0xae0 [ 71.724352][ T5313] ? __copy_skb_header+0x437/0x5b0 [ 71.727268][ T5313] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 71.729555][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 71.731878][ T5313] ? hci_le_meta_evt+0x366/0x580 [ 71.733779][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 71.736334][ T5313] hci_event_packet+0xa55/0x1540 [ 71.738211][ T5313] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 71.740274][ T5313] ? __pfx_hci_event_packet+0x10/0x10 [ 71.742312][ T5313] ? hci_send_to_sock+0x170/0x810 [ 71.744454][ T5313] ? kcov_remote_start+0x97/0x7d0 [ 71.746650][ T5313] hci_rx_work+0x3fe/0xd80 [ 71.748267][ T5313] ? process_scheduled_works+0x976/0x1850 [ 71.750274][ T5313] process_scheduled_works+0xa63/0x1850 [ 71.752193][ T5313] ? __pfx_process_scheduled_works+0x10/0x10 [ 71.754566][ T5313] ? assign_work+0x364/0x3d0 [ 71.756416][ T5313] worker_thread+0x870/0xd30 [ 71.758525][ T5313] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 71.760971][ T5313] ? __kthread_parkme+0x169/0x1d0 [ 71.763106][ T5313] ? __pfx_worker_thread+0x10/0x10 [ 71.765129][ T5313] kthread+0x2f0/0x390 [ 71.767160][ T5313] ? __pfx_worker_thread+0x10/0x10 [ 71.769280][ T5313] ? __pfx_kthread+0x10/0x10 [ 71.771062][ T5313] ret_from_fork+0x4b/0x80 [ 71.772782][ T5313] ? __pfx_kthread+0x10/0x10 [ 71.774458][ T5313] ret_from_fork_asm+0x1a/0x30 [ 71.776172][ T5313] [ 71.777277][ T5313] [ 71.778163][ T5313] Allocated by task 5313: [ 71.779737][ T5313] kasan_save_track+0x3f/0x80 [ 71.781406][ T5313] __kasan_kmalloc+0x98/0xb0 [ 71.783244][ T5313] __kmalloc_cache_noprof+0x19c/0x2c0 [ 71.785480][ T5313] __hci_conn_add+0x2f9/0x1850 [ 71.787634][ T5313] hci_le_big_sync_established_evt+0x414/0xc20 [ 71.789862][ T5313] hci_event_packet+0xa55/0x1540 [ 71.791613][ T5313] hci_rx_work+0x3fe/0xd80 [ 71.793183][ T5313] process_scheduled_works+0xa63/0x1850 [ 71.795115][ T5313] worker_thread+0x870/0xd30 [ 71.796740][ T5313] kthread+0x2f0/0x390 [ 71.798227][ T5313] ret_from_fork+0x4b/0x80 [ 71.799845][ T5313] ret_from_fork_asm+0x1a/0x30 [ 71.801430][ T5313] [ 71.802242][ T5313] Freed by task 5313: [ 71.803802][ T5313] kasan_save_track+0x3f/0x80 [ 71.805558][ T5313] kasan_save_free_info+0x40/0x50 [ 71.807482][ T5313] __kasan_slab_free+0x59/0x70 [ 71.809236][ T5313] kfree+0x1a0/0x440 [ 71.810686][ T5313] device_release+0x99/0x1c0 [ 71.812499][ T5313] kobject_put+0x22f/0x480 [ 71.814192][ T5313] hci_conn_del+0x8c4/0xc40 [ 71.816015][ T5313] hci_le_create_big_complete_evt+0x619/0xae0 [ 71.818209][ T5313] hci_event_packet+0xa55/0x1540 [ 71.820179][ T5313] hci_rx_work+0x3fe/0xd80 [ 71.822036][ T5313] process_scheduled_works+0xa63/0x1850 [ 71.824268][ T5313] worker_thread+0x870/0xd30 [ 71.826058][ T5313] kthread+0x2f0/0x390 [ 71.827652][ T5313] ret_from_fork+0x4b/0x80 [ 71.829609][ T5313] ret_from_fork_asm+0x1a/0x30 [ 71.831553][ T5313] [ 71.832565][ T5313] The buggy address belongs to the object at ffff888012344000 [ 71.832565][ T5313] which belongs to the cache kmalloc-8k of size 8192 [ 71.838026][ T5313] The buggy address is located 0 bytes inside of [ 71.838026][ T5313] freed 8192-byte region [ffff888012344000, ffff888012346000) [ 71.843450][ T5313] [ 71.844411][ T5313] The buggy address belongs to the physical page: [ 71.846709][ T5313] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888012340000 pfn:0x12340 [ 71.850517][ T5313] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 71.853667][ T5313] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 71.857008][ T5313] page_type: f5(slab) [ 71.858666][ T5313] raw: 00fff00000000240 ffff88801ac42280 ffff88801ac40ac8 ffff88801ac40ac8 [ 71.861981][ T5313] raw: ffff888012340000 0000000000020001 00000001f5000000 0000000000000000 [ 71.865155][ T5313] head: 00fff00000000240 ffff88801ac42280 ffff88801ac40ac8 ffff88801ac40ac8 [ 71.868328][ T5313] head: ffff888012340000 0000000000020001 00000001f5000000 0000000000000000 [ 71.871547][ T5313] head: 00fff00000000003 ffffea000048d001 ffffffffffffffff 0000000000000000 [ 71.874678][ T5313] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 71.878048][ T5313] page dumped because: kasan: bad access detected [ 71.880608][ T5313] page_owner tracks the page as allocated [ 71.882753][ T5313] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4713, tgid 4713 (init), ts 22078468661, free_ts 21631449054 [ 71.889991][ T5313] post_alloc_hook+0x1f3/0x230 [ 71.891847][ T5313] get_page_from_freelist+0x3649/0x3790 [ 71.893926][ T5313] __alloc_pages_noprof+0x292/0x710 [ 71.895885][ T5313] alloc_pages_mpol_noprof+0x3e8/0x680 [ 71.897948][ T5313] alloc_slab_page+0x6a/0x140 [ 71.899801][ T5313] allocate_slab+0x5a/0x2f0 [ 71.901593][ T5313] ___slab_alloc+0xcd1/0x14b0 [ 71.903404][ T5313] __slab_alloc+0x58/0xa0 [ 71.905007][ T5313] __kmalloc_cache_noprof+0x1d5/0x2c0 [ 71.906967][ T5313] tomoyo_init_log+0x11cd/0x2050 [ 71.908826][ T5313] tomoyo_supervisor+0x38a/0x11f0 [ 71.910751][ T5313] tomoyo_env_perm+0x178/0x210 [ 71.912538][ T5313] tomoyo_find_next_domain+0x146e/0x1d40 [ 71.914905][ T5313] tomoyo_bprm_check_security+0x114/0x180 [ 71.917090][ T5313] security_bprm_check+0x86/0x250 [ 71.918984][ T5313] bprm_execve+0xa56/0x1770 [ 71.920805][ T5313] page last free pid 1 tgid 1 stack trace: [ 71.923117][ T5313] free_unref_page+0xdf9/0x1140 [ 71.924918][ T5313] free_reserved_page+0xcc/0x120 [ 71.926690][ T5313] free_reserved_area+0x51/0xf0 [ 71.928539][ T5313] free_initmem+0x9a/0x110 [ 71.930155][ T5313] kernel_init+0x31/0x2b0 [ 71.931755][ T5313] ret_from_fork+0x4b/0x80 [ 71.933345][ T5313] ret_from_fork_asm+0x1a/0x30 [ 71.935185][ T5313] [ 71.936085][ T5313] Memory state around the buggy address: [ 71.938131][ T5313] ffff888012343f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.941240][ T5313] ffff888012343f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.944391][ T5313] >ffff888012344000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.947604][ T5313] ^ [ 71.949374][ T5313] ffff888012344080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.952632][ T5313] ffff888012344100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.955968][ T5313] ================================================================== [ 71.971692][ T5313] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 71.974435][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Tainted: G W 6.12.0-rc7-syzkaller-00070-g0a9b9d17f3a7 #0 [ 71.978915][ T5313] Tainted: [W]=WARN [ 71.980292][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.984193][ T5313] Workqueue: hci0 hci_rx_work [ 71.985939][ T5313] Call Trace: [ 71.987259][ T5313] [ 71.988369][ T5313] dump_stack_lvl+0x241/0x360 [ 71.990117][ T5313] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.992036][ T5313] ? __pfx__printk+0x10/0x10 [ 71.993807][ T5313] ? rcu_is_watching+0x15/0xb0 [ 71.995750][ T5313] ? preempt_schedule+0xe1/0xf0 [ 71.997581][ T5313] ? vscnprintf+0x5d/0x90 [ 71.999146][ T5313] panic+0x349/0x880 [ 72.000680][ T5313] ? check_panic_on_warn+0x21/0xb0 [ 72.002706][ T5313] ? __pfx_panic+0x10/0x10 [ 72.004477][ T5313] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 72.006882][ T5313] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 72.009353][ T5313] ? print_report+0x502/0x550 [ 72.011174][ T5313] check_panic_on_warn+0x86/0xb0 [ 72.013180][ T5313] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 72.015702][ T5313] end_report+0x77/0x160 [ 72.017442][ T5313] kasan_report+0x154/0x180 [ 72.019336][ T5313] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 72.021951][ T5313] hci_le_create_big_complete_evt+0x383/0xae0 [ 72.024676][ T5313] ? __copy_skb_header+0x437/0x5b0 [ 72.026844][ T5313] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 72.029679][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 72.033579][ T5313] ? hci_le_meta_evt+0x366/0x580 [ 72.036446][ T5313] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 72.040261][ T5313] hci_event_packet+0xa55/0x1540 [ 72.042680][ T5313] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 72.044930][ T5313] ? __pfx_hci_event_packet+0x10/0x10 [ 72.048039][ T5313] ? hci_send_to_sock+0x170/0x810 [ 72.050423][ T5313] ? kcov_remote_start+0x97/0x7d0 [ 72.052637][ T5313] hci_rx_work+0x3fe/0xd80 [ 72.054676][ T5313] ? process_scheduled_works+0x976/0x1850 [ 72.057250][ T5313] process_scheduled_works+0xa63/0x1850 [ 72.059787][ T5313] ? __pfx_process_scheduled_works+0x10/0x10 [ 72.062463][ T5313] ? assign_work+0x364/0x3d0 [ 72.064510][ T5313] worker_thread+0x870/0xd30 [ 72.066603][ T5313] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 72.069197][ T5313] ? __kthread_parkme+0x169/0x1d0 [ 72.071454][ T5313] ? __pfx_worker_thread+0x10/0x10 [ 72.073698][ T5313] kthread+0x2f0/0x390 [ 72.075523][ T5313] ? __pfx_worker_thread+0x10/0x10 [ 72.077820][ T5313] ? __pfx_kthread+0x10/0x10 [ 72.080012][ T5313] ret_from_fork+0x4b/0x80 [ 72.081967][ T5313] ? __pfx_kthread+0x10/0x10 [ 72.083978][ T5313] ret_from_fork_asm+0x1a/0x30 [ 72.086096][ T5313] [ 72.088184][ T5313] Kernel Offset: disabled [ 72.090046][ T5313] Rebooting in 86400 seconds..