program:
r0 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000200)="91", 0x1, 0xfffffffffffffffb)
r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000340)={'syz', 0x1}, &(0x7f0000000380)="a0b59f21883aa67a874909f68b74b02db4a73d7628957e644de699c0e73497b7fccac8b1201d9f4c64cdac82ce6548cf598c70d7e8892921dc771bdeef1972c807d13422fd84ef40fc8cb541ee146969373b1aa8eb603cee27a3cd4d7afe7382f67b2603928cb919cbcaab2298654ac8a81e71f77af85903171df93d636f643fa6cb0e89f66714a17670ea473daed5177bb27e31c0d875aba8b4bdcc5c4713ac87c9c4fbbc990b27d7d66d123ec3325342848db1a28b999b760e60f5d6ced576f8a60aef4a13d80e6f6e51a8e83dac135852", 0x106, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f00000005c0)={r0, r1, r1}, 0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000680)={'poly1305-generic\x00'}})
keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000080)={r1, 0xa9, 0x6e}, &(0x7f00000000c0)={'enc=', 'pkcs1', ' hash=', {'sha256-mb\x00'}}, &(0x7f00000002c0)="84cc75da82f079e17e1ce9087f4ffd599dae682d2e9748ecd66f19bcb33c422e5c6137668b8886d0e411c12ff11f34b161182121ad300c669ef40a60a6d0a5d1fc7368f006946c5cc64467fc705e4b154f24eff85eb39a194c2b22c05cd6b17e59e95e6f380224203d8b09be381f843879645431687dfa6f288d356e0a6184ca1753f83d172b70f5d9c2ef4b445360e5e6f16b3f1a6d1662cdc160e595e7bc66b3341cdd755a764585", &(0x7f0000000200)=""/110)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x1e, 0x4, &(0x7f0000000580)=ANY=[@ANYRESHEX=r1], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
r2 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
sendmmsg(0xffffffffffffffff, &(0x7f0000004080)=[{{0x0, 0x0, &(0x7f0000002400)=[{&(0x7f0000001240)="8921e384da7cbc3352c77533881cad522c9616f91eacf773bf8eb2f814819c76a507973607a76bf0a2ad4b858682c24b03e4beeb9568ef242676c69ed3176099ab034a6c06e53c4f6c7ffffac508c9cf3a76c60f46ca985d042e03e945f5cb49403f02a253bb75e5bf699fb1fe8bf653223b5ff81d771e120fa2f7cf1ab51f2716098cc99fc871407fc25a630e029b48cbb8b5c9e94a13d52924da906bd4193102ca6ab8bff068a554e09d610202cbbc9ba922bff3951a48a4a6131bd4399643cf4082edc9630a8a7389d299e6f5b23fa8e21b65d8277e041dd30d1c2566d39e7b0da5efa071126cd2ae1bf8a1d89ed99cfb3548a6e8a7de5364e028f93f4eebbd600c1f1cd42f5befb1d7a6d9db87e77b565f250b7084ac6aa72ceb5ff34974437a9630674773770bd3ac2b1e914d4294faadb5ef798ecd115cc47ff11ebd147e737f6718524bca41f3dc21701edcceb9d36a46c3ba19fb976b0ff8ea7b53166764d470f8d156e9c3d9fbf581768f99e12fa75a90445ce3d557ae388aea26a96d3a293fd0cac08dab37c2d2ca883b04ac1c03fa8424cdf6dd45dc772def5d12db48bf2df98e2ec40fb7a6573d1e25945dfcaefbfbf7ed6e33fb0749966b6afdaddd7c55cefec83e9fe90874718f687562aa4450d6126d412fa2675f771b74eaac88ec0c14889c4a8b194f13f15bc32c9a3b827b8fce46f45dc95c82be592a3f1843cc96861d3537ebe4bb4a95b59b1483a2e247ff106d4b3df6e592fee714d9520af7303968f16d0e1cf1a92d474252af866b0b6a9879a53dc98c7fcbd032ea7a594776f3cbe0a50b1fb58e92e45015e542ec9fdc313ffa9caa4568dfc67b65f09d5744c27fee6cc30c9e981597cd80ad7e5ef31cef44167775d110771eed34a17866af02fc35fe9121dd34ba4d35298d2c25bea8bfeee60371d596e92a21e707f78809e0c1743975dc3fa180f7be9888a15805f791eb32f312a1ec4d086766d4609f01b670ddadd7d2ad05d58cbf8d380dd699ccec11d8e197b8232a90b77f7eef73e3184753ed038a05766113643fa36152d656285dc56e66a9bbe70a8dc6f705f3426bf8749ad5fb2b5e858a15c6e83b02c02ca165daddfeff90832bf86a550590acaa0a9ae1d5108fcb87b127bdbc6d70cf57b86d0f401c39161001e5bd5f55760b7c7d044b5458c12e5769aacee5b0a2ed5f9baa3309ec47aecde0d00e76f16109740b8d2eac74501e4467adf7bc4fc263b4472c5814f0f8fe8b5f0c10fa43aec53b8f674fe923a1f0a1c560812f4e2e552990c9465b56a1cf537862b49c0c933e10f38a2fd9df9246b4c6f9dbba713e4cc4f9bd0ca485d52a1cd40d26fc5d1150d64e7bae0cee082263dda249957cba2f451354b204850a38f0fb352cc7624da6638c7abc0fa36983ab6695649b82e9f708e63e3033e0023365be254088628f4c6485ed6c7d15bee6d90d9eeac2a600ee395966a796dc44c1caf087c3a46490d1bef5df05c4e673711feca15a14995566bf184cca843d6f07e7fc9bd445a87a8457f402f928902f2a72d32e7ff8e1d005dac2726115b0db808782a9c212b147280b94d29618c536dc6368f553b059386119e157ca2591064f0658400001b380fccca6b43b7505992546ceb1bb97664e195eb435a41876a36cc0d3afdbdb76c521210935d46510e433b3a48e47f689ac707050ed26d91e48720d302ce97812b600ccb3668018431eebc1ea54baa45b502e401a64f224deff7f41501144c2fc2bbc2b7b12e5d4e2bac5852624c259ed20f56652727d2de53a53adcd4d9c5b248cc9b97d1fb40d7382832a2456aee1e16886dd50b8e07e1e010cef4173734a61a7b65f16063d7a43e11a4d897dc0d07afe5cbed0cdc09c7d099d02d66b1f4a877d6eae1206505489b3d01a4c3c3f36987fd0adb5ba715fd14c1734ff992585ec233cfe4e5d475c400e610a9c4891fd157173c9706fb0941855b9085cd34a594006e36bb3c32cdbb55d8e002e15fc6e7182d7b439b5f557ae1baa272b8b10100d71cb96620089fddaa4fad66ba2958c7d6424bdcc3d3fc0acbfb21484b205385792207bfd7f9a9b2a3d8cd9bb27e8393b756b47f80c7a711142aa4acdfb4ffe53218bbea86a4e16c5cea045a2d24092f051554cf5c16d3c75b20d3de7dac1cfec2b31e8f1814b5dc02cef19a7a9080e997050c37689c43ae39d9f57384a530bf3313fd458fec4cf864165e9918b09ef0491edc9b3c90bc3857bd21582b644221d2161e9388cdc640500b503973a06a2337f8554ed42393056bc188e408cc4a2c5e4e3559a2137861eb82624d3e95ccb85db5d9564f6f323a101d9519260ecf68ee63068a9753396078974a5a9b7e8e4afa7c5fbb77e47694abc448a9c025ba5e8f6daccb733dd8586d98e7e55ab84f2e1134c8d08c41539d85a2b7d802db447d3a66fb98f625504f789221a0ad7625e70b9ab02d3c8a42ba27a44e51abc299cba374111fc33817f0b368878fb8992b64c6c7f40f44c83c4b9328f74f47eaeb75812735f81ca277e21a966b2cc2ed04a7c5c9b81d6175b6aa5333a1f4590211bc49a3c0429f7a20758ce5f89acf2efae5c22725a394b22a3ce0683b6fad54d051bc1bd69db989eee7d4a01f839450f31431387b35bb6bac29e59ae825134962b2ffd380374a150adb2d9e73ce5ef6da50b4bc2330d7aa056882aa768974734be733b3a749ca2713605bb4e62ce533067f5eba400356a12b0a0a58c4b11c80170611e56d80207d3d11d1ad791c6db38f424b8a38f862892afd19d0e8d187a3071151e129aeb4f2055483965c8c5122bc9b9476fe02840f66d59b0917eee5531a36554245fc600a35988307a72fa172a9a1e91ec7bc7f18a309bb55eb4040c9aa0271703e1407d4a5d68b409fa16890a2b1c7ccf3f9cc08bd43dd3bdea64d16728dd9dd8990170b386a7320cf5472dca5d902fe23510a368b34a02182c84fcf042cfe8e01ac48761e8716e4c25893b683e57700db22a49d513a08b88e8d2fb15fc5d75fb7835a7147aef8d72552b5a42309b80c1af8d38db334a51311f8739fb61d74a201b32d2492798ed1339f3a036394f6105ed3da765f7b2d7d1d11913764e8857d4dc8d12ce18b155a82486176b35f0e772431b3c382a8d35a9171d8b7efdd8080e3eb1beaeb167f8c1e1777446b64d72b47691de73c257218bf828b208bab0e9af19565cd7fef7ce563a36d639e04a2b4fdcde0d69ed16cdba167456bc1291f95ea3aea57610092933b35f89fe7cb473a50ca556b722b894318927cbd0ddd28c365fa1f1c4825e5feec8c2c730d8e1899fac61a59c5500ec1727b270ca8494d241de68912373ead27a14b617b23daf4f28d467474c1b1b00e340a337f3c150cacf8e7d52c7f6bd063d5417a3469159f9f6d2909111baad29adb8e64d7506cbd884eba62f403301aadbdd1176e757834aa459665575182e1ba40e0f41a652fa0dcae086db95e341b3d00b172944b962100b309347d56d715fd8fa581d429a3228eae6e46be9eb0474728f078b3189489b3b1cb8511536db0e605929ac32baf187e750190314787ea684594b5919fea554eae583680c77a4841a670337469afea10352e4b1df8708ed5f81f2ac4ae0cb3488e5cb415448ae17b64b2d90fa149ac60e905bc6abff5c1d5df79b53958924426c5ea0985f1e33efdedc1df36b952c06e966ac04ff25857b5e123edc0be816814e08d0f2c2be2948867e2050b7da54b3316952b1a5b5d024fbf9caad630f3e200a6b4f082704c97bf1a2267ecc232e3292f8434318b9ecba1ff5e6b1aa0636ad0d948f0ee38a3619d75fda02b9b73f646568e1c73de7877a402d4a787ffdc207bff5295cef366eca9ca2062c26a22e5e8840d7a7c1c4fbe4b504549a4ede1af4d8771fc09e343c3593f9c802ec08d369b66eee0279ad24ef4853fa5fe5821cf77524f77ffac64f4f779e6cc1a8a2557a3178f85280becd4da8a17f6f6c368171e41e8e1cdb6cbcb2057c0c70a923e8d9723aa37af2bb4070f92ec0744747864e3da06ece880221e71586a9a40d4573d45bc2ba779757ec8a2a15b356d4b6c07ce3c77416f215f34092d269faee9ce27424fcae4703cbe85dfbe6081ecc6b4ef9bfd6bf09d45d4901ae23c59b8b359b7480ac5d148b8564b843b3695657aeadcedef49ddf9919a504e1d166b0353fd8778c7526b282ce5cb02e8d768c3f69076839ccb02de358e86abbe4643e39d0c892963d48f152ac3cab1fb3464cbe7f9b253019d2e9616feda89c9b51caa119b79fe07ea75ff3a0de1813a570b0596f5377c21cc3641ba8c9c8fe5795a0b1e08fe7d7fc008d623c7a1f5a8fc7b17a0ab260aac4bfcdbff21ea54700bec2099f5f6c58c8897708dfe12e410c073dfaf2be24f62b8cb9b1cecaa1c922daf32f38cf6e9e56a3834707a9a64160dfc3a2b3995ebadf2bc7ee3cdb07f22d4cf9f1d257c3cec779539dfb0352c1857fb3dbbad16a59f03e028fb2e39ea82977023266325c891b9d6a09317ba7f94a765a24af7708d32045bd32be74439460a6d4eb83b596348af99d041e9404161fad71994cc0267f5c68e871ac17e22f4ede2e66941c38d18b7e56e2b37de3648592c74d77f1d2fee6456ff51b272e4d45321370edb22e1d735deaa34d2a0c9d824cfcd0d7c7c4336f8d8ae92abab577eda82a6899d4b8e0a4e4014ba2220af548cf149d74e84fdc0158efc3d00616c260bcee53a9683ba1826c8192bad6d3aa9c9b0da1249437e3778828ab44157528090ef446cd5b7492e52e0566d5be12f4c482bf754b30459296d69d4996562044ad228865f82dcbd6b231ac86bc8983a8719cb83073443be25ce454c059ad08cecef628d7c49344a4fd6b31bed022dccc699ebe4ab9b56ffdf8e9266d2b18902da3ef84a09884d2ca8e97dc141f489e5847b67a8bacff985ea8a0ebb3f75f27d77f1a9c0e7bc0e5", 0xdc3}], 0x1}}], 0x1, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205649, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90a, 0x8000, '\x00', @ptr=0x20002000}})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
chdir(&(0x7f0000000040)='./file0\x00')

[   72.021481][ T5328] syz.0.0 (5328) used greatest stack depth: 16656 bytes left
[   71.191224][ T5312] Bluetooth: hci0: command tx timeout
[   71.276726][ T5312] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562
[   71.283085][ T5312] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5312, name: kworker/u5:2
[   71.286374][ T5312] preempt_count: 0, expected: 0
[   71.291539][ T5312] RCU nest depth: 1, expected: 0
[   71.293318][ T5312] 4 locks held by kworker/u5:2/5312:
[   71.295157][ T5312]  #0: ffff888000756948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   71.300182][ T5312]  #1: ffffc9000cf87d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   71.306752][ T5312]  #2: ffff888050ae8078 (&hdev->lock){+.+.}-{4:4}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   71.312777][ T5312]  #3: ffffffff8e93c820 (rcu_read_lock){....}-{1:3}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   71.316825][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: kworker/u5:2 Not tainted 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0
[   71.320697][ T5312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.324453][ T5312] Workqueue: hci0 hci_rx_work
[   71.326196][ T5312] Call Trace:
[   71.327428][ T5312]  <TASK>
[   71.328526][ T5312]  dump_stack_lvl+0x241/0x360
[   71.330305][ T5312]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.332106][ T5312]  ? __pfx__printk+0x10/0x10
[   71.333896][ T5312]  __might_resched+0x5d4/0x780
[   71.335767][ T5312]  ? __mutex_lock+0x187/0xee0
[   71.337557][ T5312]  ? __pfx___might_resched+0x10/0x10
[   71.339593][ T5312]  ? __lock_acquire+0x1397/0x2100
[   71.341308][ T5312]  __mutex_lock+0x131/0xee0
[   71.343107][ T5312]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.345439][ T5312]  ? __pfx___mutex_lock+0x10/0x10
[   71.347276][ T5312]  ? rcu_is_watching+0x15/0xb0
[   71.349057][ T5312]  ? trace_contention_end+0x3c/0x120
[   71.351047][ T5312]  ? skb_pull_data+0x112/0x230
[   71.352902][ T5312]  ? hci_conn_set_handle+0x9a/0x270
[   71.354818][ T5312]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.356974][ T5312]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   71.359105][ T5312]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.361391][ T5312]  ? hci_le_meta_evt+0x366/0x580
[   71.363063][ T5312]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.365318][ T5312]  hci_event_packet+0xa55/0x1540
[   71.367235][ T5312]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   71.369279][ T5312]  ? __pfx_hci_event_packet+0x10/0x10
[   71.371278][ T5312]  ? do_raw_spin_unlock+0x58/0x8b0
[   71.373120][ T5312]  ? hci_send_to_monitor+0xd8/0x7f0
[   71.374911][ T5312]  ? kcov_remote_start+0x97/0x7d0
[   71.376477][ T5312]  hci_rx_work+0x3e8/0xca0
[   71.378028][ T5312]  ? process_scheduled_works+0x976/0x1850
[   71.380134][ T5312]  process_scheduled_works+0xa63/0x1850
[   71.382258][ T5312]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.384495][ T5312]  ? assign_work+0x364/0x3d0
[   71.386275][ T5312]  worker_thread+0x870/0xd30
[   71.388025][ T5312]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.390190][ T5312]  ? __kthread_parkme+0x169/0x1d0
[   71.391991][ T5312]  ? __pfx_worker_thread+0x10/0x10
[   71.393881][ T5312]  kthread+0x2f0/0x390
[   71.395403][ T5312]  ? __pfx_worker_thread+0x10/0x10
[   71.397366][ T5312]  ? __pfx_kthread+0x10/0x10
[   71.399112][ T5312]  ret_from_fork+0x4b/0x80
[   71.400768][ T5312]  ? __pfx_kthread+0x10/0x10
[   71.402526][ T5312]  ret_from_fork_asm+0x1a/0x30
[   71.404450][ T5312]  </TASK>
[   71.416241][ T5312] 
[   71.417197][ T5312] =============================
[   71.419016][ T5312] [ BUG: Invalid wait context ]
[   71.420792][ T5312] 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0 Tainted: G        W         
[   71.423846][ T5312] -----------------------------
[   71.425612][ T5312] kworker/u5:2/5312 is trying to lock:
[   71.427645][ T5312] ffffffff8fe4a1a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.431387][ T5312] other info that might help us debug this:
[   71.433416][ T5312] context-{5:5}
[   71.434692][ T5312] 4 locks held by kworker/u5:2/5312:
[   71.436641][ T5312]  #0: ffff888000756948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   71.440993][ T5312]  #1: ffffc9000cf87d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   71.446213][ T5312]  #2: ffff888050ae8078 (&hdev->lock){+.+.}-{4:4}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   71.449955][ T5312]  #3: ffffffff8e93c820 (rcu_read_lock){....}-{1:3}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   71.453577][ T5312] stack backtrace:
[   71.454872][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: kworker/u5:2 Tainted: G        W          6.12.0-syzkaller-01892-g8f7c8b88bda4 #0
[   71.458910][ T5312] Tainted: [W]=WARN
[   71.460221][ T5312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.463928][ T5312] Workqueue: hci0 hci_rx_work
[   71.465616][ T5312] Call Trace:
[   71.466909][ T5312]  <TASK>
[   71.468012][ T5312]  dump_stack_lvl+0x241/0x360
[   71.469748][ T5312]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.471680][ T5312]  ? __pfx__printk+0x10/0x10
[   71.473348][ T5312]  __lock_acquire+0x15a8/0x2100
[   71.475082][ T5312]  lock_acquire+0x1ed/0x550
[   71.476758][ T5312]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.479073][ T5312]  ? __pfx_lock_acquire+0x10/0x10
[   71.480976][ T5312]  ? __mutex_lock+0x187/0xee0
[   71.482797][ T5312]  ? __pfx___might_resched+0x10/0x10
[   71.484745][ T5312]  ? __lock_acquire+0x1397/0x2100
[   71.486724][ T5312]  __mutex_lock+0x1ac/0xee0
[   71.488465][ T5312]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.490906][ T5312]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.493276][ T5312]  ? __pfx___mutex_lock+0x10/0x10
[   71.495131][ T5312]  ? rcu_is_watching+0x15/0xb0
[   71.496721][ T5312]  ? trace_contention_end+0x3c/0x120
[   71.498688][ T5312]  ? skb_pull_data+0x112/0x230
[   71.500506][ T5312]  ? hci_conn_set_handle+0x9a/0x270
[   71.502392][ T5312]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.504626][ T5312]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   71.507055][ T5312]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.509559][ T5312]  ? hci_le_meta_evt+0x366/0x580
[   71.511496][ T5312]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.513979][ T5312]  hci_event_packet+0xa55/0x1540
[   71.515801][ T5312]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   71.517780][ T5312]  ? __pfx_hci_event_packet+0x10/0x10
[   71.519727][ T5312]  ? do_raw_spin_unlock+0x58/0x8b0
[   71.521654][ T5312]  ? hci_send_to_monitor+0xd8/0x7f0
[   71.523550][ T5312]  ? kcov_remote_start+0x97/0x7d0
[   71.525454][ T5312]  hci_rx_work+0x3e8/0xca0
[   71.527114][ T5312]  ? process_scheduled_works+0x976/0x1850
[   71.529240][ T5312]  process_scheduled_works+0xa63/0x1850
[   71.531291][ T5312]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.533506][ T5312]  ? assign_work+0x364/0x3d0
[   71.535166][ T5312]  worker_thread+0x870/0xd30
[   71.536848][ T5312]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.539043][ T5312]  ? __kthread_parkme+0x169/0x1d0
[   71.540910][ T5312]  ? __pfx_worker_thread+0x10/0x10
[   71.542914][ T5312]  kthread+0x2f0/0x390
[   71.544502][ T5312]  ? __pfx_worker_thread+0x10/0x10
[   71.546447][ T5312]  ? __pfx_kthread+0x10/0x10
[   71.548243][ T5312]  ret_from_fork+0x4b/0x80
[   71.550014][ T5312]  ? __pfx_kthread+0x10/0x10
[   71.551687][ T5312]  ret_from_fork_asm+0x1a/0x30
[   71.553461][ T5312]  </TASK>
[   71.559788][ T5312] ==================================================================
[   71.562756][ T5312] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[   71.566089][ T5312] Read of size 8 at addr ffff888043ee4000 by task kworker/u5:2/5312
[   71.568986][ T5312] 
[   71.569820][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: kworker/u5:2 Tainted: G        W          6.12.0-syzkaller-01892-g8f7c8b88bda4 #0
[   71.574261][ T5312] Tainted: [W]=WARN
[   71.575698][ T5312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.579691][ T5312] Workqueue: hci0 hci_rx_work
[   71.581659][ T5312] Call Trace:
[   71.582942][ T5312]  <TASK>
[   71.584079][ T5312]  dump_stack_lvl+0x241/0x360
[   71.585896][ T5312]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.587841][ T5312]  ? __pfx__printk+0x10/0x10
[   71.589526][ T5312]  ? _printk+0xd5/0x120
[   71.590988][ T5312]  ? __virt_addr_valid+0x183/0x530
[   71.592963][ T5312]  ? __virt_addr_valid+0x183/0x530
[   71.594872][ T5312]  print_report+0x169/0x550
[   71.596471][ T5312]  ? __virt_addr_valid+0x183/0x530
[   71.598323][ T5312]  ? __virt_addr_valid+0x183/0x530
[   71.600209][ T5312]  ? __virt_addr_valid+0x45f/0x530
[   71.602146][ T5312]  ? __phys_addr+0xba/0x170
[   71.603842][ T5312]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   71.606174][ T5312]  kasan_report+0x143/0x180
[   71.608044][ T5312]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   71.610425][ T5312]  hci_le_create_big_complete_evt+0x383/0xae0
[   71.612913][ T5312]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   71.615244][ T5312]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.617815][ T5312]  ? hci_le_meta_evt+0x366/0x580
[   71.619591][ T5312]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.622030][ T5312]  hci_event_packet+0xa55/0x1540
[   71.623985][ T5312]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   71.626118][ T5312]  ? __pfx_hci_event_packet+0x10/0x10
[   71.628160][ T5312]  ? do_raw_spin_unlock+0x58/0x8b0
[   71.630116][ T5312]  ? hci_send_to_monitor+0xd8/0x7f0
[   71.632237][ T5312]  ? kcov_remote_start+0x97/0x7d0
[   71.634326][ T5312]  hci_rx_work+0x3e8/0xca0
[   71.636064][ T5312]  ? process_scheduled_works+0x976/0x1850
[   71.638211][ T5312]  process_scheduled_works+0xa63/0x1850
[   71.640230][ T5312]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.642506][ T5312]  ? assign_work+0x364/0x3d0
[   71.644261][ T5312]  worker_thread+0x870/0xd30
[   71.646371][ T5312]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.648653][ T5312]  ? __kthread_parkme+0x169/0x1d0
[   71.650597][ T5312]  ? __pfx_worker_thread+0x10/0x10
[   71.652458][ T5312]  kthread+0x2f0/0x390
[   71.654012][ T5312]  ? __pfx_worker_thread+0x10/0x10
[   71.655937][ T5312]  ? __pfx_kthread+0x10/0x10
[   71.657655][ T5312]  ret_from_fork+0x4b/0x80
[   71.659291][ T5312]  ? __pfx_kthread+0x10/0x10
[   71.661116][ T5312]  ret_from_fork_asm+0x1a/0x30
[   71.662978][ T5312]  </TASK>
[   71.664162][ T5312] 
[   71.665109][ T5312] Allocated by task 5312:
[   71.666940][ T5312]  kasan_save_track+0x3f/0x80
[   71.668793][ T5312]  __kasan_kmalloc+0x98/0xb0
[   71.670582][ T5312]  __kmalloc_cache_noprof+0x19c/0x2c0
[   71.672611][ T5312]  __hci_conn_add+0x2f9/0x1850
[   71.674600][ T5312]  hci_le_big_sync_established_evt+0x414/0xc20
[   71.676962][ T5312]  hci_event_packet+0xa55/0x1540
[   71.678866][ T5312]  hci_rx_work+0x3e8/0xca0
[   71.680597][ T5312]  process_scheduled_works+0xa63/0x1850
[   71.682799][ T5312]  worker_thread+0x870/0xd30
[   71.684534][ T5312]  kthread+0x2f0/0x390
[   71.686158][ T5312]  ret_from_fork+0x4b/0x80
[   71.687795][ T5312]  ret_from_fork_asm+0x1a/0x30
[   71.689443][ T5312] 
[   71.690331][ T5312] Freed by task 5312:
[   71.691771][ T5312]  kasan_save_track+0x3f/0x80
[   71.693471][ T5312]  kasan_save_free_info+0x40/0x50
[   71.695227][ T5312]  __kasan_slab_free+0x59/0x70
[   71.696890][ T5312]  kfree+0x1a0/0x440
[   71.698308][ T5312]  device_release+0x99/0x1c0
[   71.699957][ T5312]  kobject_put+0x22f/0x480
[   71.701510][ T5312]  hci_conn_del+0x8c4/0xc40
[   71.703071][ T5312]  hci_le_create_big_complete_evt+0x619/0xae0
[   71.705225][ T5312]  hci_event_packet+0xa55/0x1540
[   71.707041][ T5312]  hci_rx_work+0x3e8/0xca0
[   71.708706][ T5312]  process_scheduled_works+0xa63/0x1850
[   71.710807][ T5312]  worker_thread+0x870/0xd30
[   71.712557][ T5312]  kthread+0x2f0/0x390
[   71.714115][ T5312]  ret_from_fork+0x4b/0x80
[   71.715747][ T5312]  ret_from_fork_asm+0x1a/0x30
[   71.717535][ T5312] 
[   71.718449][ T5312] The buggy address belongs to the object at ffff888043ee4000
[   71.718449][ T5312]  which belongs to the cache kmalloc-8k of size 8192
[   71.723424][ T5312] The buggy address is located 0 bytes inside of
[   71.723424][ T5312]  freed 8192-byte region [ffff888043ee4000, ffff888043ee6000)
[   71.728442][ T5312] 
[   71.729446][ T5312] The buggy address belongs to the physical page:
[   71.731835][ T5312] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43ee0
[   71.735353][ T5312] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   71.738545][ T5312] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   71.741328][ T5312] page_type: f5(slab)
[   71.742948][ T5312] raw: 04fff00000000040 ffff88801ac42280 ffffea00010f2e00 0000000000000006
[   71.746061][ T5312] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   71.749205][ T5312] head: 04fff00000000040 ffff88801ac42280 ffffea00010f2e00 0000000000000006
[   71.752478][ T5312] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   71.755742][ T5312] head: 04fff00000000003 ffffea00010fb801 ffffffffffffffff 0000000000000000
[   71.759156][ T5312] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   71.762358][ T5312] page dumped because: kasan: bad access detected
[   71.764756][ T5312] page_owner tracks the page as allocated
[   71.766920][ T5312] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5308, tgid 5308 (syz-executor), ts 64765306205, free_ts 64765053683
[   71.778296][ T5312]  post_alloc_hook+0x1f3/0x230
[   71.780144][ T5312]  get_page_from_freelist+0x3649/0x3790
[   71.782226][ T5312]  __alloc_pages_noprof+0x292/0x710
[   71.784183][ T5312]  alloc_pages_mpol_noprof+0x3e8/0x680
[   71.786231][ T5312]  alloc_slab_page+0x6a/0x140
[   71.788007][ T5312]  allocate_slab+0x5a/0x2f0
[   71.789839][ T5312]  ___slab_alloc+0xcd1/0x14b0
[   71.791454][ T5312]  __slab_alloc+0x58/0xa0
[   71.792927][ T5312]  __kmalloc_cache_noprof+0x1d5/0x2c0
[   71.794865][ T5312]  tomoyo_init_log+0x11cd/0x2050
[   71.796708][ T5312]  tomoyo_supervisor+0x38a/0x11f0
[   71.798500][ T5312]  tomoyo_env_perm+0x178/0x210
[   71.800243][ T5312]  tomoyo_find_next_domain+0x146e/0x1d40
[   71.802326][ T5312]  tomoyo_bprm_check_security+0x117/0x180
[   71.804383][ T5312]  security_bprm_check+0x86/0x250
[   71.806308][ T5312]  bprm_execve+0xa56/0x1770
[   71.807973][ T5312] page last free pid 5308 tgid 5308 stack trace:
[   71.810321][ T5312]  free_unref_page+0xdf9/0x1140
[   71.812040][ T5312]  __put_partials+0xeb/0x130
[   71.813811][ T5312]  put_cpu_partial+0x17c/0x250
[   71.815522][ T5312]  __slab_free+0x2ea/0x3d0
[   71.817171][ T5312]  qlist_free_all+0x9a/0x140
[   71.818864][ T5312]  kasan_quarantine_reduce+0x14f/0x170
[   71.820855][ T5312]  __kasan_slab_alloc+0x23/0x80
[   71.822754][ T5312]  __kmalloc_noprof+0x1a6/0x400
[   71.824583][ T5312]  tomoyo_supervisor+0xe0d/0x11f0
[   71.826480][ T5312]  tomoyo_env_perm+0x178/0x210
[   71.828237][ T5312]  tomoyo_find_next_domain+0x146e/0x1d40
[   71.830440][ T5312]  tomoyo_bprm_check_security+0x117/0x180
[   71.832525][ T5312]  security_bprm_check+0x86/0x250
[   71.834271][ T5312]  bprm_execve+0xa56/0x1770
[   71.835938][ T5312]  do_execveat_common+0x55f/0x6f0
[   71.838058][ T5312]  __x64_sys_execve+0x92/0xb0
[   71.839806][ T5312] 
[   71.840693][ T5312] Memory state around the buggy address:
[   71.842770][ T5312]  ffff888043ee3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.845692][ T5312]  ffff888043ee3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.848527][ T5312] >ffff888043ee4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.851336][ T5312]                    ^
[   71.852822][ T5312]  ffff888043ee4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.855630][ T5312]  ffff888043ee4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.858529][ T5312] ==================================================================
[   71.876074][ T5312] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   71.878829][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: kworker/u5:2 Tainted: G        W          6.12.0-syzkaller-01892-g8f7c8b88bda4 #0
[   71.883561][ T5312] Tainted: [W]=WARN
[   71.884970][ T5312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.888967][ T5312] Workqueue: hci0 hci_rx_work
[   71.890763][ T5312] Call Trace:
[   71.891941][ T5312]  <TASK>
[   71.893076][ T5312]  dump_stack_lvl+0x241/0x360
[   71.894797][ T5312]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.896747][ T5312]  ? __pfx__printk+0x10/0x10
[   71.898394][ T5312]  ? rcu_is_watching+0x15/0xb0
[   71.900069][ T5312]  ? preempt_schedule+0xe1/0xf0
[   71.901826][ T5312]  ? vscnprintf+0x5d/0x90
[   71.903357][ T5312]  panic+0x349/0x880
[   71.904747][ T5312]  ? check_panic_on_warn+0x21/0xb0
[   71.906602][ T5312]  ? __pfx_panic+0x10/0x10
[   71.908188][ T5312]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   71.910335][ T5312]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   71.912449][ T5312]  ? print_report+0x502/0x550
[   71.914134][ T5312]  check_panic_on_warn+0x86/0xb0
[   71.915907][ T5312]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   71.918251][ T5312]  end_report+0x77/0x160
[   71.919750][ T5312]  kasan_report+0x154/0x180
[   71.921432][ T5312]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   71.924199][ T5312]  hci_le_create_big_complete_evt+0x383/0xae0
[   71.926962][ T5312]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   71.929692][ T5312]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.932162][ T5312]  ? hci_le_meta_evt+0x366/0x580
[   71.933902][ T5312]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.936056][ T5312]  hci_event_packet+0xa55/0x1540
[   71.937911][ T5312]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   71.939877][ T5312]  ? __pfx_hci_event_packet+0x10/0x10
[   71.941883][ T5312]  ? do_raw_spin_unlock+0x58/0x8b0
[   71.943766][ T5312]  ? hci_send_to_monitor+0xd8/0x7f0
[   71.945699][ T5312]  ? kcov_remote_start+0x97/0x7d0
[   71.947513][ T5312]  hci_rx_work+0x3e8/0xca0
[   71.949225][ T5312]  ? process_scheduled_works+0x976/0x1850
[   71.951314][ T5312]  process_scheduled_works+0xa63/0x1850
[   71.953371][ T5312]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.955583][ T5312]  ? assign_work+0x364/0x3d0
[   71.957270][ T5312]  worker_thread+0x870/0xd30
[   71.958989][ T5312]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.961221][ T5312]  ? __kthread_parkme+0x169/0x1d0
[   71.963003][ T5312]  ? __pfx_worker_thread+0x10/0x10
[   71.965160][ T5312]  kthread+0x2f0/0x390
[   71.966864][ T5312]  ? __pfx_worker_thread+0x10/0x10
[   71.968660][ T5312]  ? __pfx_kthread+0x10/0x10
[   71.970409][ T5312]  ret_from_fork+0x4b/0x80
[   71.972022][ T5312]  ? __pfx_kthread+0x10/0x10
[   71.973793][ T5312]  ret_from_fork_asm+0x1a/0x30
[   71.975375][ T5312]  </TASK>
[   71.976804][ T5312] Kernel Offset: disabled
[   71.978490][ T5312] Rebooting in 86400 seconds..