program:
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000001080), 0x1, 0x4e2, &(0x7f0000000b80)="$eJzs3c9vG1kdAPDvTOImm81usrASPwRsWRYKqmon7m602tNyAaHVSogVJw7ZkLhRFDuOYmdpQiXS/wGJSpzgT+CAxAGpJ+7c4MalHJAKVKAGiYPRjCdpSOMkbRMb7M9HGs28eeP5vldr3nO/SfwCGFlXI2IvIq5ExMcRMVOcT4ot3u9u2XWPH91Z3n90ZzmJTuejvyV5fXYujrwm83Jxz8mI+N63I36YPB23tbO7vlSv17aKcqXd2Ky0dnZvrDWWVmurtY1qdWF+Ye7dm+9UL6yvbzR+9fBbax98/7e/+eKD3+9948dZs6aLuqP9uEjdrpcO42TGI+KDywg2AGNFf64MuiE8lzQiPhURb+bP/0yM5e/m+ZzwWAMA/wc6nZnozBwtAwDDLs1zYElaLnIB05Gm5XI3h/d6TKX1Zqt9/VZze2OlmyubjVJ6a61emytyhbNRSrLyfH78pFw9Vr4ZEa9FxE8nXsrL5eXz5xkAgIv18rH5/58T3fkfABhyk2ddsNifdgAA/XPm/A8ADB3zPwCMHvM/AIwe8z8AjB7zPwCMnmL+Hxt0OwCAvvjuhx9mW2e/+P7rlU92ttebn9xYqbXWy43t5fJyc2uzvNpsrtZr5eVm46z71ZvNzfm3Y/t2pV1rtSutnd3FRnN7o72Yf6/3Yq3Ul14BAKd57Y37f0wiYu+9l/ItjqzlYK6G4ZYOugHAwMj5w+jyLdwwuvwfHzhrLc+evyJ87zmCdX7yHC8CLtq1z8n/w6iS/4fRJf8Po0v+H0ZXp5P0WvM/PbwEABgqcvxAX3/+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAENiOt+StFysBT4daVouR7wSEbNRSm6t1WtzEfFqRPxhojSRlecH3WgA4AWlf0mK9b+uzbw1fbz2SvKviXwfET/6+Uc/u73Ubm/NZ+f/fni+fa84Xx1E+wGAsxzM0wfz+IHHj+4sH2z9bM/Db3YXF83i7hdbt2Y8xvP9ZJQiYuofSVHuyj6vjF1A/L27EfHZk/qf5LmR2WLl0+Pxs9iv9DV++l/x07yuu8/+LT79DDHPWusVRsX9bPx5/6TnL42r+X7yxMWPJ/MR6sUdjH/7T41/6eH4N9Zj/Lt63hhv/+47PevuRnx+/KT4yWH8pEf8t84Z/09f+NKbveo6v4i4FifHPxqr0m5sVlo7uzfWGkurtdXaRrW6ML8w9+7Nd6qVPEddOchUP+2v711/9bT+T/WIP3lG/796aq87EwdHv/z3xz/48inxv/6Vk9//10+Jn82JXzs1/hNLU7/uuXx3Fn+l2/+7z/r+Xz9n/Ad/3l0556UAQB+0dnbXl+r12taFHpTigm945CC5pDY7GPKD7PP4i97nM0XK7H+gO5d9MOiRCbhsTx76QbcEAAAAAAAAAAAAAADo5dL/nCgddA8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYZv8JAAD//wqryik=")
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000005c0))
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x48942, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000380)={'#! ', './file0', [{0x20, ']+'}, {}, {0x20, '^&}'}, {0x20, '\xff\xef#\xff\xff\xff'}, {0x20, 'ext4\x00\xa8\x06\x9b\xf2b+\xe1h\x95\xc9YP\xbd4\"\vX-K\x04\xee\x85\x90\xf6\xdf\x88\xe2'}, {0x20, 'ext4\x002\x86\xef\xcfw\x01\b\xe9\xfe\xda\xd5>o\xee\xd4.\xa6\x94\xf9\xfd\x84M\x8c,\xaa\xcd\xa4\xd3\x15\xb2\xac\xb9F\xcf\xbb\xa1\xc4s\xecU-7\x04\xb4'}]}, 0xff8c)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
copy_file_range(r4, &(0x7f00000001c0), r3, 0x0, 0xffffffffa003e45c, 0x700000000000000)
lseek(r2, 0x10004e9, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r2, r5, 0x0, 0x8400fffffffa)
ioctl$EXT4_IOC_MIGRATE(r1, 0x6609)

[   59.631735][ T5328] loop0: detected capacity change from 0 to 512
[   59.658506][ T5328] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   59.669081][ T5328] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.690376][ T5313] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[   59.694022][ T5313] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5313, name: kworker/u5:2
[   59.697702][ T5313] preempt_count: 0, expected: 0
[   59.699516][ T5313] RCU nest depth: 1, expected: 0
[   59.701316][ T5313] 4 locks held by kworker/u5:2/5313:
[   59.703284][ T5313]  #0: ffff888042c9c948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   59.708642][ T5313]  #1: ffffc9000d48fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   59.713094][ T5313]  #2: ffff88804dcb0078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   59.717433][ T5313]  #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   59.721513][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Not tainted 6.12.0-rc7-syzkaller-00070-g0a9b9d17f3a7 #0
[   59.725636][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.729608][ T5313] Workqueue: hci0 hci_rx_work
[   59.731376][ T5313] Call Trace:
[   59.732595][ T5313]  <TASK>
[   59.733702][ T5313]  dump_stack_lvl+0x241/0x360
[   59.735474][ T5313]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.737414][ T5313]  ? __pfx__printk+0x10/0x10
[   59.739166][ T5313]  __might_resched+0x5d4/0x780
[   59.741053][ T5313]  ? __mutex_lock+0x112/0xd70
[   59.742836][ T5313]  ? __pfx___might_resched+0x10/0x10
[   59.744790][ T5313]  __mutex_lock+0xc1/0xd70
[   59.746531][ T5313]  ? __pfx_lock_acquire+0x10/0x10
[   59.748321][ T5313]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   59.750449][ T5313]  ? __pfx_lock_release+0x10/0x10
[   59.752105][ T5313]  ? __pfx___mutex_lock+0x10/0x10
[   59.753985][ T5313]  ? trace_contention_end+0x3c/0x120
[   59.755913][ T5313]  ? skb_pull_data+0x112/0x230
[   59.757657][ T5313]  ? hci_conn_set_handle+0x9a/0x270
[   59.759556][ T5313]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   59.761673][ T5313]  ? __copy_skb_header+0x437/0x5b0
[   59.763445][ T5313]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   59.765663][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   59.767967][ T5313]  ? hci_le_meta_evt+0x366/0x580
[   59.769751][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   59.772157][ T5313]  hci_event_packet+0xa55/0x1540
[   59.773887][ T5313]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   59.775716][ T5313]  ? __pfx_hci_event_packet+0x10/0x10
[   59.777658][ T5313]  ? hci_send_to_sock+0x170/0x810
[   59.779505][ T5313]  ? kcov_remote_start+0x97/0x7d0
[   59.781329][ T5313]  hci_rx_work+0x3fe/0xd80
[   59.783017][ T5313]  ? process_scheduled_works+0x976/0x1850
[   59.785094][ T5313]  process_scheduled_works+0xa63/0x1850
[   59.787136][ T5313]  ? __pfx_process_scheduled_works+0x10/0x10
[   59.789281][ T5313]  ? assign_work+0x364/0x3d0
[   59.790994][ T5313]  worker_thread+0x870/0xd30
[   59.792750][ T5313]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   59.794951][ T5313]  ? __kthread_parkme+0x169/0x1d0
[   59.796925][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   59.798889][ T5313]  kthread+0x2f0/0x390
[   59.800364][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   59.802156][ T5313]  ? __pfx_kthread+0x10/0x10
[   59.803885][ T5313]  ret_from_fork+0x4b/0x80
[   59.805482][ T5313]  ? __pfx_kthread+0x10/0x10
[   59.807274][ T5313]  ret_from_fork_asm+0x1a/0x30
[   59.809077][ T5313]  </TASK>
[   59.814973][ T5313] 
[   59.815916][ T5313] =============================
[   59.817667][ T5313] [ BUG: Invalid wait context ]
[   59.819489][ T5313] 6.12.0-rc7-syzkaller-00070-g0a9b9d17f3a7 #0 Tainted: G        W         
[   59.822686][ T5313] -----------------------------
[   59.824462][ T5313] kworker/u5:2/5313 is trying to lock:
[   59.826497][ T5313] ffffffff8fe40368 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[   59.830283][ T5313] other info that might help us debug this:
[   59.832388][ T5313] context-{4:4}
[   59.833615][ T5313] 4 locks held by kworker/u5:2/5313:
[   59.835561][ T5313]  #0: ffff888042c9c948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   59.839391][ T5313]  #1: ffffc9000d48fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   59.843666][ T5313]  #2: ffff88804dcb0078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   59.847651][ T5313]  #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   59.851412][ T5313] stack backtrace:
[   59.852722][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Tainted: G        W          6.12.0-rc7-syzkaller-00070-g0a9b9d17f3a7 #0
[   59.856772][ T5313] Tainted: [W]=WARN
[   59.858020][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.861983][ T5313] Workqueue: hci0 hci_rx_work
[   59.863763][ T5313] Call Trace:
[   59.865139][ T5313]  <TASK>
[   59.866344][ T5313]  dump_stack_lvl+0x241/0x360
[   59.868231][ T5313]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.870115][ T5313]  ? __pfx__printk+0x10/0x10
[   59.871924][ T5313]  __lock_acquire+0x154a/0x2050
[   59.873720][ T5313]  lock_acquire+0x1ed/0x550
[   59.875398][ T5313]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   59.877703][ T5313]  ? __pfx_lock_acquire+0x10/0x10
[   59.879503][ T5313]  ? __mutex_lock+0x112/0xd70
[   59.881147][ T5313]  ? __pfx___might_resched+0x10/0x10
[   59.883081][ T5313]  __mutex_lock+0x136/0xd70
[   59.884765][ T5313]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   59.887135][ T5313]  ? __pfx_lock_acquire+0x10/0x10
[   59.889480][ T5313]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   59.892132][ T5313]  ? __pfx_lock_release+0x10/0x10
[   59.894093][ T5313]  ? __pfx___mutex_lock+0x10/0x10
[   59.896119][ T5313]  ? trace_contention_end+0x3c/0x120
[   59.898150][ T5313]  ? skb_pull_data+0x112/0x230
[   59.900084][ T5313]  ? hci_conn_set_handle+0x9a/0x270
[   59.902070][ T5313]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   59.904402][ T5313]  ? __copy_skb_header+0x437/0x5b0
[   59.906286][ T5313]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   59.908615][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   59.911126][ T5313]  ? hci_le_meta_evt+0x366/0x580
[   59.912986][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   59.915453][ T5313]  hci_event_packet+0xa55/0x1540
[   59.917327][ T5313]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   59.919337][ T5313]  ? __pfx_hci_event_packet+0x10/0x10
[   59.921349][ T5313]  ? hci_send_to_sock+0x170/0x810
[   59.923214][ T5313]  ? kcov_remote_start+0x97/0x7d0
[   59.925106][ T5313]  hci_rx_work+0x3fe/0xd80
[   59.926833][ T5313]  ? process_scheduled_works+0x976/0x1850
[   59.928931][ T5313]  process_scheduled_works+0xa63/0x1850
[   59.931177][ T5313]  ? __pfx_process_scheduled_works+0x10/0x10
[   59.933471][ T5313]  ? assign_work+0x364/0x3d0
[   59.935236][ T5313]  worker_thread+0x870/0xd30
[   59.937355][ T5313]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   59.939731][ T5313]  ? __kthread_parkme+0x169/0x1d0
[   59.941583][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   59.943583][ T5313]  kthread+0x2f0/0x390
[   59.945080][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   59.946994][ T5313]  ? __pfx_kthread+0x10/0x10
[   59.948766][ T5313]  ret_from_fork+0x4b/0x80
[   59.950452][ T5313]  ? __pfx_kthread+0x10/0x10
[   59.952185][ T5313]  ret_from_fork_asm+0x1a/0x30
[   59.953917][ T5313]  </TASK>
[   59.959548][ T5313] ==================================================================
[   59.962510][ T5313] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[   59.965797][ T5313] Read of size 8 at addr ffff8880441f0000 by task kworker/u5:2/5313
[   59.968714][ T5313] 
[   59.969664][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Tainted: G        W          6.12.0-rc7-syzkaller-00070-g0a9b9d17f3a7 #0
[   59.974076][ T5313] Tainted: [W]=WARN
[   59.975553][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.979504][ T5313] Workqueue: hci0 hci_rx_work
[   59.981299][ T5313] Call Trace:
[   59.982544][ T5313]  <TASK>
[   59.983669][ T5313]  dump_stack_lvl+0x241/0x360
[   59.985424][ T5313]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.987428][ T5313]  ? __pfx__printk+0x10/0x10
[   59.989161][ T5313]  ? _printk+0xd5/0x120
[   59.990737][ T5313]  ? __virt_addr_valid+0x183/0x530
[   59.992576][ T5313]  ? __virt_addr_valid+0x183/0x530
[   59.994581][ T5313]  print_report+0x169/0x550
[   59.996255][ T5313]  ? __virt_addr_valid+0x183/0x530
[   59.998105][ T5313]  ? __virt_addr_valid+0x183/0x530
[   59.999914][ T5313]  ? __virt_addr_valid+0x45f/0x530
[   60.001795][ T5313]  ? __phys_addr+0xba/0x170
[   60.003493][ T5313]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   60.005768][ T5313]  kasan_report+0x143/0x180
[   60.007487][ T5313]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   60.009742][ T5313]  hci_le_create_big_complete_evt+0x383/0xae0
[   60.011939][ T5313]  ? __copy_skb_header+0x437/0x5b0
[   60.013779][ T5313]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   60.016029][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   60.018380][ T5313]  ? hci_le_meta_evt+0x366/0x580
[   60.020163][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   60.022495][ T5313]  hci_event_packet+0xa55/0x1540
[   60.024212][ T5313]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   60.026102][ T5313]  ? __pfx_hci_event_packet+0x10/0x10
[   60.028203][ T5313]  ? hci_send_to_sock+0x170/0x810
[   60.030199][ T5313]  ? kcov_remote_start+0x97/0x7d0
[   60.032080][ T5313]  hci_rx_work+0x3fe/0xd80
[   60.033867][ T5313]  ? process_scheduled_works+0x976/0x1850
[   60.036028][ T5313]  process_scheduled_works+0xa63/0x1850
[   60.038095][ T5313]  ? __pfx_process_scheduled_works+0x10/0x10
[   60.040364][ T5313]  ? assign_work+0x364/0x3d0
[   60.042097][ T5313]  worker_thread+0x870/0xd30
[   60.043830][ T5313]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   60.046062][ T5313]  ? __kthread_parkme+0x169/0x1d0
[   60.048017][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   60.050118][ T5313]  kthread+0x2f0/0x390
[   60.051595][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   60.053459][ T5313]  ? __pfx_kthread+0x10/0x10
[   60.055171][ T5313]  ret_from_fork+0x4b/0x80
[   60.056827][ T5313]  ? __pfx_kthread+0x10/0x10
[   60.058531][ T5313]  ret_from_fork_asm+0x1a/0x30
[   60.060288][ T5313]  </TASK>
[   60.061451][ T5313] 
[   60.062339][ T5313] Allocated by task 5313:
[   60.063771][ T5313]  kasan_save_track+0x3f/0x80
[   60.065374][ T5313]  __kasan_kmalloc+0x98/0xb0
[   60.067135][ T5313]  __kmalloc_cache_noprof+0x19c/0x2c0
[   60.069303][ T5313]  __hci_conn_add+0x2f9/0x1850
[   60.071169][ T5313]  hci_le_big_sync_established_evt+0x414/0xc20
[   60.073379][ T5313]  hci_event_packet+0xa55/0x1540
[   60.075291][ T5313]  hci_rx_work+0x3fe/0xd80
[   60.076967][ T5313]  process_scheduled_works+0xa63/0x1850
[   60.079037][ T5313]  worker_thread+0x870/0xd30
[   60.080794][ T5313]  kthread+0x2f0/0x390
[   60.082372][ T5313]  ret_from_fork+0x4b/0x80
[   60.084018][ T5313]  ret_from_fork_asm+0x1a/0x30
[   60.085781][ T5313] 
[   60.086772][ T5313] Freed by task 5313:
[   60.088278][ T5313]  kasan_save_track+0x3f/0x80
[   60.090030][ T5313]  kasan_save_free_info+0x40/0x50
[   60.091917][ T5313]  __kasan_slab_free+0x59/0x70
[   60.093762][ T5313]  kfree+0x1a0/0x440
[   60.095234][ T5313]  device_release+0x99/0x1c0
[   60.097036][ T5313]  kobject_put+0x22f/0x480
[   60.098764][ T5313]  hci_conn_del+0x8c4/0xc40
[   60.100437][ T5313]  hci_le_create_big_complete_evt+0x619/0xae0
[   60.102782][ T5313]  hci_event_packet+0xa55/0x1540
[   60.104655][ T5313]  hci_rx_work+0x3fe/0xd80
[   60.106502][ T5313]  process_scheduled_works+0xa63/0x1850
[   60.108756][ T5313]  worker_thread+0x870/0xd30
[   60.110582][ T5313]  kthread+0x2f0/0x390
[   60.112075][ T5313]  ret_from_fork+0x4b/0x80
[   60.113715][ T5313]  ret_from_fork_asm+0x1a/0x30
[   60.115490][ T5313] 
[   60.116352][ T5313] The buggy address belongs to the object at ffff8880441f0000
[   60.116352][ T5313]  which belongs to the cache kmalloc-8k of size 8192
[   60.121613][ T5313] The buggy address is located 0 bytes inside of
[   60.121613][ T5313]  freed 8192-byte region [ffff8880441f0000, ffff8880441f2000)
[   60.126612][ T5313] 
[   60.127515][ T5313] The buggy address belongs to the physical page:
[   60.129912][ T5313] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x441f0
[   60.133283][ T5313] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   60.136442][ T5313] ksm flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   60.139337][ T5313] page_type: f5(slab)
[   60.140839][ T5313] raw: 04fff00000000040 ffff88801ac42280 ffffea0001107e00 0000000000000003
[   60.143897][ T5313] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   60.147121][ T5313] head: 04fff00000000040 ffff88801ac42280 ffffea0001107e00 0000000000000003
[   60.150218][ T5313] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   60.153382][ T5313] head: 04fff00000000003 ffffea0001107c01 ffffffffffffffff 0000000000000000
[   60.156693][ T5313] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   60.159920][ T5313] page dumped because: kasan: bad access detected
[   60.162305][ T5313] page_owner tracks the page as allocated
[   60.164380][ T5313] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5309, tgid 5309 (syz-executor), ts 56823470281, free_ts 56822765343
[   60.171797][ T5313]  post_alloc_hook+0x1f3/0x230
[   60.173589][ T5313]  get_page_from_freelist+0x3649/0x3790
[   60.175619][ T5313]  __alloc_pages_noprof+0x292/0x710
[   60.177524][ T5313]  alloc_pages_mpol_noprof+0x3e8/0x680
[   60.179605][ T5313]  alloc_slab_page+0x6a/0x140
[   60.181410][ T5313]  allocate_slab+0x5a/0x2f0
[   60.182971][ T5313]  ___slab_alloc+0xcd1/0x14b0
[   60.184524][ T5313]  __slab_alloc+0x58/0xa0
[   60.185922][ T5313]  __kmalloc_cache_noprof+0x1d5/0x2c0
[   60.187602][ T5313]  tomoyo_init_log+0x11cd/0x2050
[   60.189346][ T5313]  tomoyo_supervisor+0x38a/0x11f0
[   60.191198][ T5313]  tomoyo_env_perm+0x178/0x210
[   60.192947][ T5313]  tomoyo_find_next_domain+0x146e/0x1d40
[   60.194704][ T5313]  tomoyo_bprm_check_security+0x114/0x180
[   60.196667][ T5313]  security_bprm_check+0x86/0x250
[   60.198589][ T5313]  bprm_execve+0xa56/0x1770
[   60.200254][ T5313] page last free pid 5309 tgid 5309 stack trace:
[   60.202584][ T5313]  free_unref_page+0xdf9/0x1140
[   60.204384][ T5313]  __put_partials+0xeb/0x130
[   60.205980][ T5313]  put_cpu_partial+0x17c/0x250
[   60.207639][ T5313]  __slab_free+0x2ea/0x3d0
[   60.209051][ T5313]  qlist_free_all+0x9a/0x140
[   60.210819][ T5313]  kasan_quarantine_reduce+0x14f/0x170
[   60.212755][ T5313]  __kasan_slab_alloc+0x23/0x80
[   60.214647][ T5313]  __kmalloc_noprof+0x1a6/0x400
[   60.216399][ T5313]  tomoyo_supervisor+0xe0d/0x11f0
[   60.218093][ T5313]  tomoyo_env_perm+0x178/0x210
[   60.219912][ T5313]  tomoyo_find_next_domain+0x146e/0x1d40
[   60.221952][ T5313]  tomoyo_bprm_check_security+0x114/0x180
[   60.224066][ T5313]  security_bprm_check+0x86/0x250
[   60.225931][ T5313]  bprm_execve+0xa56/0x1770
[   60.227567][ T5313]  do_execveat_common+0x55f/0x6f0
[   60.229361][ T5313]  __x64_sys_execve+0x92/0xb0
[   60.231113][ T5313] 
[   60.232021][ T5313] Memory state around the buggy address:
[   60.234012][ T5313]  ffff8880441eff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.237055][ T5313]  ffff8880441eff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.240179][ T5313] >ffff8880441f0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.243474][ T5313]                    ^
[   60.245194][ T5313]  ffff8880441f0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.248064][ T5313]  ffff8880441f0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.251069][ T5313] ==================================================================
[   60.262251][ T5313] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   60.264849][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Tainted: G        W          6.12.0-rc7-syzkaller-00070-g0a9b9d17f3a7 #0
[   60.269166][ T5313] Tainted: [W]=WARN
[   60.270594][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.274425][ T5313] Workqueue: hci0 hci_rx_work
[   60.276367][ T5313] Call Trace:
[   60.277650][ T5313]  <TASK>
[   60.278761][ T5313]  dump_stack_lvl+0x241/0x360
[   60.280518][ T5313]  ? __pfx_dump_stack_lvl+0x10/0x10
[   60.282347][ T5313]  ? __pfx__printk+0x10/0x10
[   60.283957][ T5313]  ? rcu_is_watching+0x15/0xb0
[   60.285743][ T5313]  ? preempt_schedule+0xe1/0xf0
[   60.287522][ T5313]  ? vscnprintf+0x5d/0x90
[   60.289112][ T5313]  panic+0x349/0x880
[   60.290565][ T5313]  ? check_panic_on_warn+0x21/0xb0
[   60.292505][ T5313]  ? __pfx_panic+0x10/0x10
[   60.294258][ T5313]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   60.296669][ T5313]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   60.299102][ T5313]  ? print_report+0x502/0x550
[   60.300836][ T5313]  check_panic_on_warn+0x86/0xb0
[   60.302740][ T5313]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   60.305036][ T5313]  end_report+0x77/0x160
[   60.306658][ T5313]  kasan_report+0x154/0x180
[   60.308331][ T5313]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   60.310640][ T5313]  hci_le_create_big_complete_evt+0x383/0xae0
[   60.312856][ T5313]  ? __copy_skb_header+0x437/0x5b0
[   60.314625][ T5313]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   60.316806][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   60.319148][ T5313]  ? hci_le_meta_evt+0x366/0x580
[   60.320997][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   60.323300][ T5313]  hci_event_packet+0xa55/0x1540
[   60.325087][ T5313]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   60.327027][ T5313]  ? __pfx_hci_event_packet+0x10/0x10
[   60.328999][ T5313]  ? hci_send_to_sock+0x170/0x810
[   60.330890][ T5313]  ? kcov_remote_start+0x97/0x7d0
[   60.332837][ T5313]  hci_rx_work+0x3fe/0xd80
[   60.334494][ T5313]  ? process_scheduled_works+0x976/0x1850
[   60.336528][ T5313]  process_scheduled_works+0xa63/0x1850
[   60.338570][ T5313]  ? __pfx_process_scheduled_works+0x10/0x10
[   60.340676][ T5313]  ? assign_work+0x364/0x3d0
[   60.342343][ T5313]  worker_thread+0x870/0xd30
[   60.344138][ T5313]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   60.346298][ T5313]  ? __kthread_parkme+0x169/0x1d0
[   60.348141][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   60.350019][ T5313]  kthread+0x2f0/0x390
[   60.351556][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   60.353410][ T5313]  ? __pfx_kthread+0x10/0x10
[   60.355116][ T5313]  ret_from_fork+0x4b/0x80
[   60.356760][ T5313]  ? __pfx_kthread+0x10/0x10
[   60.358542][ T5313]  ret_from_fork_asm+0x1a/0x30
[   60.360391][ T5313]  </TASK>
[   60.361791][ T5313] Kernel Offset: disabled
[   60.363316][ T5313] Rebooting in 86400 seconds..