program:
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)={0x5c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "a7fd4531296b6353d1f3e08847"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}]}]}, @NL80211_ATTR_SSID={0x5, 0x34, @random='^'}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x5c}}, 0x0) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0x30, r2, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) (async)
sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x40, r2, 0x4, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}]}, @TIPC_NLA_NET={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x4004) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) (async)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) (async)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000240001000000000000000000000000000600030000"], 0x1c}}, 0x0) (async)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x25dfdbff, {{@in6=@loopback, @in6=@private0, 0x0, 0x0, 0x4e21, 0x0, 0x2, 0x0, 0x10, 0x3c, 0x0, 0xee01}, {0x0, 0x8, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)
[ 89.081655][ T5104] Bluetooth: hci0: command tx timeout
[ 90.534646][ T4536] Bluetooth: hci0: Invalid handle: 0x8007 > 0x0eff
[ 90.537312][ T4536] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[ 90.544398][ T4536] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4536, name: kworker/u5:1
[ 90.549164][ T4536] preempt_count: 0, expected: 0
[ 90.552052][ T4536] RCU nest depth: 1, expected: 0
[ 90.554052][ T4536] 4 locks held by kworker/u5:1/4536:
[ 90.556280][ T4536] #0: ffff88803c30f948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[ 90.562406][ T4536] #1: ffffc9000e497d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[ 90.567627][ T4536] #2: ffff888011960078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[ 90.573141][ T4536] #3: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[ 90.578863][ T4536] CPU: 0 UID: 0 PID: 4536 Comm: kworker/u5:1 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0
[ 90.584054][ T4536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 90.588097][ T4536] Workqueue: hci0 hci_rx_work
[ 90.589784][ T4536] Call Trace:
[ 90.591063][ T4536]
[ 90.592269][ T4536] dump_stack_lvl+0x241/0x360
[ 90.594135][ T4536] ? __pfx_dump_stack_lvl+0x10/0x10
[ 90.596583][ T4536] ? __pfx__printk+0x10/0x10
[ 90.598785][ T4536] __might_resched+0x5d4/0x780
[ 90.601142][ T4536] ? __wake_up_klogd+0x1c/0x110
[ 90.603043][ T4536] ? __pfx___might_resched+0x10/0x10
[ 90.604849][ T4536] __mutex_lock+0xc1/0xd70
[ 90.606488][ T4536] ? __pfx_bt_err+0x10/0x10
[ 90.608129][ T4536] ? __pfx_lock_acquire+0x10/0x10
[ 90.610019][ T4536] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 90.613033][ T4536] ? __pfx___mutex_lock+0x10/0x10
[ 90.616084][ T4536] ? hci_conn_set_handle+0x19a/0x270
[ 90.618350][ T4536] hci_le_create_big_complete_evt+0x3d9/0xae0
[ 90.620627][ T4536] ? __copy_skb_header+0x437/0x5b0
[ 90.622422][ T4536] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 90.624617][ T4536] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 90.627136][ T4536] ? hci_le_meta_evt+0x366/0x580
[ 90.629151][ T4536] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 90.631911][ T4536] hci_event_packet+0xa55/0x1540
[ 90.634002][ T4536] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 90.636709][ T4536] ? __pfx_hci_event_packet+0x10/0x10
[ 90.638974][ T4536] ? set_advertising_complete+0x6b0/0x6f0
[ 90.641131][ T4536] ? kcov_remote_start+0x97/0x7d0
[ 90.642984][ T4536] hci_rx_work+0x3fe/0xd80
[ 90.644619][ T4536] ? process_scheduled_works+0x976/0x1850
[ 90.646902][ T4536] process_scheduled_works+0xa63/0x1850
[ 90.649478][ T4536] ? __pfx_process_scheduled_works+0x10/0x10
[ 90.652658][ T4536] ? assign_work+0x364/0x3d0
[ 90.654861][ T4536] worker_thread+0x870/0xd30
[ 90.656629][ T4536] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 90.658882][ T4536] ? __kthread_parkme+0x169/0x1d0
[ 90.660898][ T4536] ? __pfx_worker_thread+0x10/0x10
[ 90.662888][ T4536] kthread+0x2f0/0x390
[ 90.664514][ T4536] ? __pfx_worker_thread+0x10/0x10
[ 90.666750][ T4536] ? __pfx_kthread+0x10/0x10
[ 90.668976][ T4536] ret_from_fork+0x4b/0x80
[ 90.671155][ T4536] ? __pfx_kthread+0x10/0x10
[ 90.673122][ T4536] ret_from_fork_asm+0x1a/0x30
[ 90.674954][ T4536]
[ 90.681444][ T4536]
[ 90.682444][ T4536] =============================
[ 90.684515][ T4536] [ BUG: Invalid wait context ]
[ 90.687223][ T4536] 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 Tainted: G W
[ 90.691244][ T4536] -----------------------------
[ 90.693056][ T4536] kworker/u5:1/4536 is trying to lock:
[ 90.695125][ T4536] ffffffff8fe3dfe8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[ 90.699177][ T4536] other info that might help us debug this:
[ 90.701843][ T4536] context-{4:4}
[ 90.703476][ T4536] 4 locks held by kworker/u5:1/4536:
[ 90.706163][ T4536] #0: ffff88803c30f948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[ 90.710799][ T4536] #1: ffffc9000e497d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[ 90.715023][ T4536] #2: ffff888011960078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[ 90.718979][ T4536] #3: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[ 90.723579][ T4536] stack backtrace:
[ 90.725369][ T4536] CPU: 0 UID: 0 PID: 4536 Comm: kworker/u5:1 Tainted: G W 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0
[ 90.731125][ T4536] Tainted: [W]=WARN
[ 90.732697][ T4536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 90.736603][ T4536] Workqueue: hci0 hci_rx_work
[ 90.738411][ T4536] Call Trace:
[ 90.739719][ T4536]
[ 90.741025][ T4536] dump_stack_lvl+0x241/0x360
[ 90.743203][ T4536] ? __pfx_dump_stack_lvl+0x10/0x10
[ 90.745619][ T4536] ? __pfx__printk+0x10/0x10
[ 90.747859][ T4536] __lock_acquire+0x154a/0x2050
[ 90.750148][ T4536] lock_acquire+0x1ed/0x550
[ 90.752117][ T4536] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 90.754460][ T4536] ? __pfx_lock_acquire+0x10/0x10
[ 90.756378][ T4536] ? __wake_up_klogd+0x1c/0x110
[ 90.758277][ T4536] ? __pfx___might_resched+0x10/0x10
[ 90.760281][ T4536] __mutex_lock+0x136/0xd70
[ 90.762070][ T4536] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 90.764591][ T4536] ? __pfx_bt_err+0x10/0x10
[ 90.766612][ T4536] ? __pfx_lock_acquire+0x10/0x10
[ 90.768999][ T4536] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 90.771769][ T4536] ? __pfx___mutex_lock+0x10/0x10
[ 90.773734][ T4536] ? hci_conn_set_handle+0x19a/0x270
[ 90.775550][ T4536] hci_le_create_big_complete_evt+0x3d9/0xae0
[ 90.777839][ T4536] ? __copy_skb_header+0x437/0x5b0
[ 90.779842][ T4536] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 90.782564][ T4536] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 90.785618][ T4536] ? hci_le_meta_evt+0x366/0x580
[ 90.787864][ T4536] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 90.790351][ T4536] hci_event_packet+0xa55/0x1540
[ 90.792142][ T4536] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 90.794122][ T4536] ? __pfx_hci_event_packet+0x10/0x10
[ 90.796342][ T4536] ? set_advertising_complete+0x6b0/0x6f0
[ 90.798751][ T4536] ? kcov_remote_start+0x97/0x7d0
[ 90.800963][ T4536] hci_rx_work+0x3fe/0xd80
[ 90.802750][ T4536] ? process_scheduled_works+0x976/0x1850
[ 90.804964][ T4536] process_scheduled_works+0xa63/0x1850
[ 90.807204][ T4536] ? __pfx_process_scheduled_works+0x10/0x10
[ 90.809660][ T4536] ? assign_work+0x364/0x3d0
[ 90.811945][ T4536] worker_thread+0x870/0xd30
[ 90.814316][ T4536] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 90.817173][ T4536] ? __kthread_parkme+0x169/0x1d0
[ 90.819102][ T4536] ? __pfx_worker_thread+0x10/0x10
[ 90.820963][ T4536] kthread+0x2f0/0x390
[ 90.822511][ T4536] ? __pfx_worker_thread+0x10/0x10
[ 90.824411][ T4536] ? __pfx_kthread+0x10/0x10
[ 90.826120][ T4536] ret_from_fork+0x4b/0x80
[ 90.827974][ T4536] ? __pfx_kthread+0x10/0x10
[ 90.830000][ T4536] ret_from_fork_asm+0x1a/0x30
[ 90.832156][ T4536]
[ 90.838903][ T4536] ==================================================================
[ 90.841983][ T4536] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[ 90.845472][ T4536] Read of size 8 at addr ffff888041400000 by task kworker/u5:1/4536
[ 90.849026][ T4536]
[ 90.850292][ T4536] CPU: 0 UID: 0 PID: 4536 Comm: kworker/u5:1 Tainted: G W 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0
[ 90.855600][ T4536] Tainted: [W]=WARN
[ 90.857092][ T4536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 90.860803][ T4536] Workqueue: hci0 hci_rx_work
[ 90.862744][ T4536] Call Trace:
[ 90.864177][ T4536]
[ 90.865630][ T4536] dump_stack_lvl+0x241/0x360
[ 90.867915][ T4536] ? __pfx_dump_stack_lvl+0x10/0x10
[ 90.870174][ T4536] ? __pfx__printk+0x10/0x10
[ 90.872092][ T4536] ? _printk+0xd5/0x120
[ 90.873726][ T4536] ? __virt_addr_valid+0x183/0x530
[ 90.875607][ T4536] ? __virt_addr_valid+0x183/0x530
[ 90.877345][ T4536] print_report+0x169/0x550
[ 90.879035][ T4536] ? __virt_addr_valid+0x183/0x530
[ 90.881265][ T4536] ? __virt_addr_valid+0x183/0x530
[ 90.883655][ T4536] ? __virt_addr_valid+0x45f/0x530
[ 90.886124][ T4536] ? __phys_addr+0xba/0x170
[ 90.887700][ T4536] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 90.889871][ T4536] kasan_report+0x143/0x180
[ 90.891663][ T4536] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 90.893973][ T4536] hci_le_create_big_complete_evt+0x383/0xae0
[ 90.896351][ T4536] ? __copy_skb_header+0x437/0x5b0
[ 90.898341][ T4536] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 90.900704][ T4536] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 90.903127][ T4536] ? hci_le_meta_evt+0x366/0x580
[ 90.904856][ T4536] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 90.907086][ T4536] hci_event_packet+0xa55/0x1540
[ 90.908975][ T4536] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 90.910838][ T4536] ? __pfx_hci_event_packet+0x10/0x10
[ 90.912715][ T4536] ? set_advertising_complete+0x6b0/0x6f0
[ 90.914759][ T4536] ? kcov_remote_start+0x97/0x7d0
[ 90.916669][ T4536] hci_rx_work+0x3fe/0xd80
[ 90.918336][ T4536] ? process_scheduled_works+0x976/0x1850
[ 90.920472][ T4536] process_scheduled_works+0xa63/0x1850
[ 90.922507][ T4536] ? __pfx_process_scheduled_works+0x10/0x10
[ 90.924912][ T4536] ? assign_work+0x364/0x3d0
[ 90.927016][ T4536] worker_thread+0x870/0xd30
[ 90.928967][ T4536] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 90.931474][ T4536] ? __kthread_parkme+0x169/0x1d0
[ 90.933473][ T4536] ? __pfx_worker_thread+0x10/0x10
[ 90.935305][ T4536] kthread+0x2f0/0x390
[ 90.936939][ T4536] ? __pfx_worker_thread+0x10/0x10
[ 90.938881][ T4536] ? __pfx_kthread+0x10/0x10
[ 90.940510][ T4536] ret_from_fork+0x4b/0x80
[ 90.942215][ T4536] ? __pfx_kthread+0x10/0x10
[ 90.943978][ T4536] ret_from_fork_asm+0x1a/0x30
[ 90.945860][ T4536]
[ 90.947064][ T4536]
[ 90.947936][ T4536] Allocated by task 4536:
[ 90.949586][ T4536] kasan_save_track+0x3f/0x80
[ 90.951436][ T4536] __kasan_kmalloc+0x98/0xb0
[ 90.953257][ T4536] __kmalloc_cache_noprof+0x19c/0x2c0
[ 90.955237][ T4536] __hci_conn_add+0x2f9/0x1850
[ 90.956945][ T4536] hci_le_big_sync_established_evt+0x414/0xc20
[ 90.958985][ T4536] hci_event_packet+0xa55/0x1540
[ 90.960856][ T4536] hci_rx_work+0x3fe/0xd80
[ 90.962541][ T4536] process_scheduled_works+0xa63/0x1850
[ 90.964624][ T4536] worker_thread+0x870/0xd30
[ 90.966383][ T4536] kthread+0x2f0/0x390
[ 90.967903][ T4536] ret_from_fork+0x4b/0x80
[ 90.969591][ T4536] ret_from_fork_asm+0x1a/0x30
[ 90.971353][ T4536]
[ 90.972286][ T4536] Freed by task 4536:
[ 90.973758][ T4536] kasan_save_track+0x3f/0x80
[ 90.975545][ T4536] kasan_save_free_info+0x40/0x50
[ 90.977088][ T4536] __kasan_slab_free+0x59/0x70
[ 90.978669][ T4536] kfree+0x1a0/0x440
[ 90.980185][ T4536] device_release+0x99/0x1c0
[ 90.981923][ T4536] kobject_put+0x22f/0x480
[ 90.983517][ T4536] hci_conn_del+0x8c4/0xc40
[ 90.985167][ T4536] hci_le_create_big_complete_evt+0x619/0xae0
[ 90.987384][ T4536] hci_event_packet+0xa55/0x1540
[ 90.989231][ T4536] hci_rx_work+0x3fe/0xd80
[ 90.990837][ T4536] process_scheduled_works+0xa63/0x1850
[ 90.992768][ T4536] worker_thread+0x870/0xd30
[ 90.994318][ T4536] kthread+0x2f0/0x390
[ 90.995704][ T4536] ret_from_fork+0x4b/0x80
[ 90.997286][ T4536] ret_from_fork_asm+0x1a/0x30
[ 90.999033][ T4536]
[ 90.999942][ T4536] The buggy address belongs to the object at ffff888041400000
[ 90.999942][ T4536] which belongs to the cache kmalloc-8k of size 8192
[ 91.005131][ T4536] The buggy address is located 0 bytes inside of
[ 91.005131][ T4536] freed 8192-byte region [ffff888041400000, ffff888041402000)
[ 91.009987][ T4536]
[ 91.010921][ T4536] The buggy address belongs to the physical page:
[ 91.013251][ T4536] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x41400
[ 91.016427][ T4536] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 91.019793][ T4536] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 91.022404][ T4536] page_type: f5(slab)
[ 91.023826][ T4536] raw: 04fff00000000040 ffff88801ac42280 ffffea0000f8fe00 0000000000000004
[ 91.026858][ T4536] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 91.030052][ T4536] head: 04fff00000000040 ffff88801ac42280 ffffea0000f8fe00 0000000000000004
[ 91.033254][ T4536] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 91.036396][ T4536] head: 04fff00000000003 ffffea0001050001 ffffffffffffffff 0000000000000000
[ 91.039274][ T4536] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 91.042542][ T4536] page dumped because: kasan: bad access detected
[ 91.044979][ T4536] page_owner tracks the page as allocated
[ 91.047126][ T4536] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5100, tgid 5100 (sh), ts 81587565692, free_ts 0
[ 91.053892][ T4536] post_alloc_hook+0x1f3/0x230
[ 91.055701][ T4536] get_page_from_freelist+0x3045/0x3190
[ 91.057642][ T4536] __alloc_pages_noprof+0x256/0x6c0
[ 91.059627][ T4536] alloc_pages_mpol_noprof+0x3e8/0x680
[ 91.061695][ T4536] alloc_slab_page+0x6a/0x120
[ 91.063255][ T4536] allocate_slab+0x5a/0x2f0
[ 91.064897][ T4536] ___slab_alloc+0xcd1/0x14b0
[ 91.066655][ T4536] __slab_alloc+0x58/0xa0
[ 91.068132][ T4536] __kmalloc_cache_noprof+0x1d5/0x2c0
[ 91.070209][ T4536] tomoyo_init_log+0x11cd/0x2050
[ 91.072206][ T4536] tomoyo_supervisor+0x38a/0x11f0
[ 91.074035][ T4536] tomoyo_env_perm+0x178/0x210
[ 91.075757][ T4536] tomoyo_find_next_domain+0x146e/0x1d40
[ 91.077805][ T4536] tomoyo_bprm_check_security+0x114/0x180
[ 91.079784][ T4536] security_bprm_check+0x86/0x250
[ 91.081787][ T4536] bprm_execve+0xa56/0x1770
[ 91.083529][ T4536] page_owner free stack trace missing
[ 91.085617][ T4536]
[ 91.086546][ T4536] Memory state around the buggy address:
[ 91.088787][ T4536] ffff8880413fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 91.091947][ T4536] ffff8880413fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 91.095032][ T4536] >ffff888041400000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 91.098002][ T4536] ^
[ 91.099442][ T4536] ffff888041400080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 91.102451][ T4536] ffff888041400100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 91.105154][ T4536] ==================================================================
[ 91.129482][ T4536] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 91.132735][ T4536] CPU: 0 UID: 0 PID: 4536 Comm: kworker/u5:1 Tainted: G W 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0
[ 91.137516][ T4536] Tainted: [W]=WARN
[ 91.139008][ T4536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 91.143157][ T4536] Workqueue: hci0 hci_rx_work
[ 91.145125][ T4536] Call Trace:
[ 91.146462][ T4536]
[ 91.147829][ T4536] dump_stack_lvl+0x241/0x360
[ 91.150439][ T4536] ? __pfx_dump_stack_lvl+0x10/0x10
[ 91.152855][ T4536] ? __pfx__printk+0x10/0x10
[ 91.154829][ T4536] ? rcu_is_watching+0x15/0xb0
[ 91.156791][ T4536] ? preempt_schedule+0xe1/0xf0
[ 91.158773][ T4536] ? vscnprintf+0x5d/0x90
[ 91.160597][ T4536] panic+0x349/0x880
[ 91.162258][ T4536] ? check_panic_on_warn+0x21/0xb0
[ 91.164405][ T4536] ? __pfx_panic+0x10/0x10
[ 91.166394][ T4536] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 91.169668][ T4536] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 91.172631][ T4536] ? print_report+0x502/0x550
[ 91.174405][ T4536] check_panic_on_warn+0x86/0xb0
[ 91.176445][ T4536] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 91.178781][ T4536] end_report+0x77/0x160
[ 91.180694][ T4536] kasan_report+0x154/0x180
[ 91.182672][ T4536] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 91.186211][ T4536] hci_le_create_big_complete_evt+0x383/0xae0
[ 91.189181][ T4536] ? __copy_skb_header+0x437/0x5b0
[ 91.191204][ T4536] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 91.193250][ T4536] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 91.195029][ T4536] ? hci_le_meta_evt+0x366/0x580
[ 91.196470][ T4536] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 91.198711][ T4536] hci_event_packet+0xa55/0x1540
[ 91.200707][ T4536] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 91.202833][ T4536] ? __pfx_hci_event_packet+0x10/0x10
[ 91.205127][ T4536] ? set_advertising_complete+0x6b0/0x6f0
[ 91.207331][ T4536] ? kcov_remote_start+0x97/0x7d0
[ 91.209285][ T4536] hci_rx_work+0x3fe/0xd80
[ 91.211177][ T4536] ? process_scheduled_works+0x976/0x1850
[ 91.213481][ T4536] process_scheduled_works+0xa63/0x1850
[ 91.215638][ T4536] ? __pfx_process_scheduled_works+0x10/0x10
[ 91.218393][ T4536] ? assign_work+0x364/0x3d0
[ 91.220294][ T4536] worker_thread+0x870/0xd30
[ 91.222425][ T4536] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 91.225427][ T4536] ? __kthread_parkme+0x169/0x1d0
[ 91.227633][ T4536] ? __pfx_worker_thread+0x10/0x10
[ 91.229646][ T4536] kthread+0x2f0/0x390
[ 91.231356][ T4536] ? __pfx_worker_thread+0x10/0x10
[ 91.233512][ T4536] ? __pfx_kthread+0x10/0x10
[ 91.235517][ T4536] ret_from_fork+0x4b/0x80
[ 91.237565][ T4536] ? __pfx_kthread+0x10/0x10
[ 91.240374][ T4536] ret_from_fork_asm+0x1a/0x30
[ 91.242610][ T4536]
[ 91.243979][ T4536] Kernel Offset: disabled
[ 91.245611][ T4536] Rebooting in 86400 seconds..