program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @fixed}, 0xe)
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="04030b008000aaaaaaaaaa0001"], 0xe)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x5, 0xc9}}}, 0x6)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x700000000000000}, 0x0)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0xfffffffffffffc7e)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x18, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="7800000039000900000f0f0000b9000001000000040000000c000180cafc089d00000073080002"], 0x78}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x44810)
[ 68.757034][ T4671] Bluetooth: hci0: command tx timeout
[ 68.871315][ T5310] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[ 68.875179][ T5310] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5310, name: kworker/u5:2
[ 68.878176][ T5310] preempt_count: 0, expected: 0
[ 68.879849][ T5310] RCU nest depth: 1, expected: 0
[ 68.881400][ T5310] 4 locks held by kworker/u5:2/5310:
[ 68.882979][ T5310] #0: ffff8880122ed148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[ 68.887817][ T5310] #1: ffffc9000d307d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[ 68.892134][ T5310] #2: ffff88804de88078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[ 68.896883][ T5310] #3: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[ 68.901594][ T5310] CPU: 0 UID: 0 PID: 5310 Comm: kworker/u5:2 Not tainted 6.12.0-syzkaller #0
[ 68.904836][ T5310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 68.908892][ T5310] Workqueue: hci0 hci_rx_work
[ 68.910689][ T5310] Call Trace:
[ 68.912011][ T5310]
[ 68.913140][ T5310] dump_stack_lvl+0x241/0x360
[ 68.914842][ T5310] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.916700][ T5310] ? __pfx__printk+0x10/0x10
[ 68.918569][ T5310] __might_resched+0x5d4/0x780
[ 68.920330][ T5310] ? __mutex_lock+0x112/0xd70
[ 68.922085][ T5310] ? __pfx___might_resched+0x10/0x10
[ 68.923997][ T5310] __mutex_lock+0xc1/0xd70
[ 68.925754][ T5310] ? __pfx_lock_acquire+0x10/0x10
[ 68.927520][ T5310] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 68.929856][ T5310] ? __pfx_lock_release+0x10/0x10
[ 68.931825][ T5310] ? __pfx___mutex_lock+0x10/0x10
[ 68.933708][ T5310] ? trace_contention_end+0x3c/0x120
[ 68.935584][ T5310] ? skb_pull_data+0x112/0x230
[ 68.937369][ T5310] ? hci_conn_set_handle+0x9a/0x270
[ 68.939300][ T5310] hci_le_create_big_complete_evt+0x3d9/0xae0
[ 68.941404][ T5310] ? __copy_skb_header+0x437/0x5b0
[ 68.943292][ T5310] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 68.945695][ T5310] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 68.948356][ T5310] ? hci_le_meta_evt+0x366/0x580
[ 68.950316][ T5310] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 68.952926][ T5310] hci_event_packet+0xa55/0x1540
[ 68.954890][ T5310] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 68.956947][ T5310] ? __pfx_hci_event_packet+0x10/0x10
[ 68.958927][ T5310] ? do_raw_spin_unlock+0x58/0x8b0
[ 68.960947][ T5310] ? hci_send_to_monitor+0xd8/0x7f0
[ 68.963033][ T5310] ? kcov_remote_start+0x97/0x7d0
[ 68.965031][ T5310] hci_rx_work+0x3e8/0xca0
[ 68.966758][ T5310] ? process_scheduled_works+0x976/0x1850
[ 68.968909][ T5310] process_scheduled_works+0xa63/0x1850
[ 68.970984][ T5310] ? __pfx_process_scheduled_works+0x10/0x10
[ 68.973288][ T5310] ? assign_work+0x364/0x3d0
[ 68.975039][ T5310] worker_thread+0x870/0xd30
[ 68.976728][ T5310] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 68.978948][ T5310] ? __kthread_parkme+0x169/0x1d0
[ 68.980860][ T5310] ? __pfx_worker_thread+0x10/0x10
[ 68.982816][ T5310] kthread+0x2f0/0x390
[ 68.984363][ T5310] ? __pfx_worker_thread+0x10/0x10
[ 68.986262][ T5310] ? __pfx_kthread+0x10/0x10
[ 68.987917][ T5310] ret_from_fork+0x4b/0x80
[ 68.989652][ T5310] ? __pfx_kthread+0x10/0x10
[ 68.991379][ T5310] ret_from_fork_asm+0x1a/0x30
[ 68.993238][ T5310]
[ 69.000679][ T5310]
[ 69.001689][ T5310] =============================
[ 69.003618][ T5310] [ BUG: Invalid wait context ]
[ 69.005562][ T5310] 6.12.0-syzkaller #0 Tainted: G W
[ 69.008069][ T5310] -----------------------------
[ 69.009830][ T5310] kworker/u5:2/5310 is trying to lock:
[ 69.011919][ T5310] ffffffff8fe406a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[ 69.015653][ T5310] other info that might help us debug this:
[ 69.017837][ T5310] context-{4:4}
[ 69.019081][ T5310] 4 locks held by kworker/u5:2/5310:
[ 69.021023][ T5310] #0: ffff8880122ed148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[ 69.025267][ T5310] #1: ffffc9000d307d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[ 69.029665][ T5310] #2: ffff88804de88078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[ 69.033654][ T5310] #3: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[ 69.037651][ T5310] stack backtrace:
[ 69.038998][ T5310] CPU: 0 UID: 0 PID: 5310 Comm: kworker/u5:2 Tainted: G W 6.12.0-syzkaller #0
[ 69.042667][ T5310] Tainted: [W]=WARN
[ 69.043937][ T5310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 69.047406][ T5310] Workqueue: hci0 hci_rx_work
[ 69.048960][ T5310] Call Trace:
[ 69.050253][ T5310]
[ 69.051475][ T5310] dump_stack_lvl+0x241/0x360
[ 69.053237][ T5310] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.055118][ T5310] ? __pfx__printk+0x10/0x10
[ 69.056669][ T5310] __lock_acquire+0x154a/0x2050
[ 69.058340][ T5310] lock_acquire+0x1ed/0x550
[ 69.059995][ T5310] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 69.062067][ T5310] ? __pfx_lock_acquire+0x10/0x10
[ 69.063895][ T5310] ? __mutex_lock+0x112/0xd70
[ 69.065644][ T5310] ? __pfx___might_resched+0x10/0x10
[ 69.067518][ T5310] __mutex_lock+0x136/0xd70
[ 69.069180][ T5310] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 69.071634][ T5310] ? __pfx_lock_acquire+0x10/0x10
[ 69.073513][ T5310] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 69.075677][ T5310] ? __pfx_lock_release+0x10/0x10
[ 69.077398][ T5310] ? __pfx___mutex_lock+0x10/0x10
[ 69.079039][ T5310] ? trace_contention_end+0x3c/0x120
[ 69.080849][ T5310] ? skb_pull_data+0x112/0x230
[ 69.082541][ T5310] ? hci_conn_set_handle+0x9a/0x270
[ 69.084399][ T5310] hci_le_create_big_complete_evt+0x3d9/0xae0
[ 69.086714][ T5310] ? __copy_skb_header+0x437/0x5b0
[ 69.088618][ T5310] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 69.090914][ T5310] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 69.093336][ T5310] ? hci_le_meta_evt+0x366/0x580
[ 69.095305][ T5310] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 69.097888][ T5310] hci_event_packet+0xa55/0x1540
[ 69.099845][ T5310] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 69.101910][ T5310] ? __pfx_hci_event_packet+0x10/0x10
[ 69.103968][ T5310] ? do_raw_spin_unlock+0x58/0x8b0
[ 69.105960][ T5310] ? hci_send_to_monitor+0xd8/0x7f0
[ 69.107797][ T5310] ? kcov_remote_start+0x97/0x7d0
[ 69.109335][ T5310] hci_rx_work+0x3e8/0xca0
[ 69.110769][ T5310] ? process_scheduled_works+0x976/0x1850
[ 69.112586][ T5310] process_scheduled_works+0xa63/0x1850
[ 69.114640][ T5310] ? __pfx_process_scheduled_works+0x10/0x10
[ 69.116842][ T5310] ? assign_work+0x364/0x3d0
[ 69.118468][ T5310] worker_thread+0x870/0xd30
[ 69.120102][ T5310] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 69.122319][ T5310] ? __kthread_parkme+0x169/0x1d0
[ 69.124068][ T5310] ? __pfx_worker_thread+0x10/0x10
[ 69.125888][ T5310] kthread+0x2f0/0x390
[ 69.127324][ T5310] ? __pfx_worker_thread+0x10/0x10
[ 69.129203][ T5310] ? __pfx_kthread+0x10/0x10
[ 69.130985][ T5310] ret_from_fork+0x4b/0x80
[ 69.132583][ T5310] ? __pfx_kthread+0x10/0x10
[ 69.134124][ T5310] ret_from_fork_asm+0x1a/0x30
[ 69.135612][ T5310]
[ 69.140830][ T5310] ==================================================================
[ 69.143674][ T5310] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[ 69.146849][ T5310] Read of size 8 at addr ffff8880400a4000 by task kworker/u5:2/5310
[ 69.149815][ T5310]
[ 69.150761][ T5310] CPU: 0 UID: 0 PID: 5310 Comm: kworker/u5:2 Tainted: G W 6.12.0-syzkaller #0
[ 69.154630][ T5310] Tainted: [W]=WARN
[ 69.155944][ T5310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 69.159068][ T5310] Workqueue: hci0 hci_rx_work
[ 69.160500][ T5310] Call Trace:
[ 69.161537][ T5310]
[ 69.162426][ T5310] dump_stack_lvl+0x241/0x360
[ 69.164065][ T5310] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.165992][ T5310] ? __pfx__printk+0x10/0x10
[ 69.167489][ T5310] ? _printk+0xd5/0x120
[ 69.168805][ T5310] ? __virt_addr_valid+0x183/0x530
[ 69.170571][ T5310] ? __virt_addr_valid+0x183/0x530
[ 69.172189][ T5310] print_report+0x169/0x550
[ 69.173558][ T5310] ? __virt_addr_valid+0x183/0x530
[ 69.175408][ T5310] ? __virt_addr_valid+0x183/0x530
[ 69.177334][ T5310] ? __virt_addr_valid+0x45f/0x530
[ 69.179232][ T5310] ? __phys_addr+0xba/0x170
[ 69.180990][ T5310] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 69.183307][ T5310] kasan_report+0x143/0x180
[ 69.184919][ T5310] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 69.187407][ T5310] hci_le_create_big_complete_evt+0x383/0xae0
[ 69.189707][ T5310] ? __copy_skb_header+0x437/0x5b0
[ 69.191683][ T5310] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 69.194035][ T5310] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 69.196523][ T5310] ? hci_le_meta_evt+0x366/0x580
[ 69.198427][ T5310] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 69.200965][ T5310] hci_event_packet+0xa55/0x1540
[ 69.202883][ T5310] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 69.204874][ T5310] ? __pfx_hci_event_packet+0x10/0x10
[ 69.206937][ T5310] ? do_raw_spin_unlock+0x58/0x8b0
[ 69.208904][ T5310] ? hci_send_to_monitor+0xd8/0x7f0
[ 69.210918][ T5310] ? kcov_remote_start+0x97/0x7d0
[ 69.212842][ T5310] hci_rx_work+0x3e8/0xca0
[ 69.214537][ T5310] ? process_scheduled_works+0x976/0x1850
[ 69.216634][ T5310] process_scheduled_works+0xa63/0x1850
[ 69.218699][ T5310] ? __pfx_process_scheduled_works+0x10/0x10
[ 69.221160][ T5310] ? assign_work+0x364/0x3d0
[ 69.222778][ T5310] worker_thread+0x870/0xd30
[ 69.224497][ T5310] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 69.226793][ T5310] ? __kthread_parkme+0x169/0x1d0
[ 69.228700][ T5310] ? __pfx_worker_thread+0x10/0x10
[ 69.230652][ T5310] kthread+0x2f0/0x390
[ 69.232134][ T5310] ? __pfx_worker_thread+0x10/0x10
[ 69.234166][ T5310] ? __pfx_kthread+0x10/0x10
[ 69.235996][ T5310] ret_from_fork+0x4b/0x80
[ 69.237828][ T5310] ? __pfx_kthread+0x10/0x10
[ 69.239693][ T5310] ret_from_fork_asm+0x1a/0x30
[ 69.241543][ T5310]
[ 69.242757][ T5310]
[ 69.243704][ T5310] Allocated by task 5310:
[ 69.245296][ T5310] kasan_save_track+0x3f/0x80
[ 69.247071][ T5310] __kasan_kmalloc+0x98/0xb0
[ 69.248807][ T5310] __kmalloc_cache_noprof+0x19c/0x2c0
[ 69.250964][ T5310] __hci_conn_add+0x2f9/0x1850
[ 69.252870][ T5310] hci_le_big_sync_established_evt+0x414/0xc20
[ 69.255246][ T5310] hci_event_packet+0xa55/0x1540
[ 69.257147][ T5310] hci_rx_work+0x3e8/0xca0
[ 69.258919][ T5310] process_scheduled_works+0xa63/0x1850
[ 69.261111][ T5310] worker_thread+0x870/0xd30
[ 69.262915][ T5310] kthread+0x2f0/0x390
[ 69.264400][ T5310] ret_from_fork+0x4b/0x80
[ 69.265977][ T5310] ret_from_fork_asm+0x1a/0x30
[ 69.267754][ T5310]
[ 69.268673][ T5310] Freed by task 5310:
[ 69.270244][ T5310] kasan_save_track+0x3f/0x80
[ 69.272036][ T5310] kasan_save_free_info+0x40/0x50
[ 69.273960][ T5310] __kasan_slab_free+0x59/0x70
[ 69.275841][ T5310] kfree+0x1a0/0x440
[ 69.277409][ T5310] device_release+0x99/0x1c0
[ 69.279482][ T5310] kobject_put+0x22f/0x480
[ 69.281079][ T5310] hci_conn_del+0x8c4/0xc40
[ 69.282609][ T5310] hci_le_create_big_complete_evt+0x619/0xae0
[ 69.284908][ T5310] hci_event_packet+0xa55/0x1540
[ 69.286762][ T5310] hci_rx_work+0x3e8/0xca0
[ 69.288523][ T5310] process_scheduled_works+0xa63/0x1850
[ 69.290529][ T5310] worker_thread+0x870/0xd30
[ 69.292229][ T5310] kthread+0x2f0/0x390
[ 69.293811][ T5310] ret_from_fork+0x4b/0x80
[ 69.295519][ T5310] ret_from_fork_asm+0x1a/0x30
[ 69.297382][ T5310]
[ 69.298322][ T5310] The buggy address belongs to the object at ffff8880400a4000
[ 69.298322][ T5310] which belongs to the cache kmalloc-8k of size 8192
[ 69.303616][ T5310] The buggy address is located 0 bytes inside of
[ 69.303616][ T5310] freed 8192-byte region [ffff8880400a4000, ffff8880400a6000)
[ 69.308742][ T5310]
[ 69.309564][ T5310] The buggy address belongs to the physical page:
[ 69.312057][ T5310] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x400a0
[ 69.315028][ T5310] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 69.317961][ T5310] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 69.320699][ T5310] page_type: f5(slab)
[ 69.321932][ T5310] raw: 04fff00000000040 ffff88801ac42280 ffffea00010cce00 0000000000000004
[ 69.324843][ T5310] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 69.327812][ T5310] head: 04fff00000000040 ffff88801ac42280 ffffea00010cce00 0000000000000004
[ 69.330791][ T5310] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 69.333741][ T5310] head: 04fff00000000003 ffffea0001002801 ffffffffffffffff 0000000000000000
[ 69.337002][ T5310] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 69.340343][ T5310] page dumped because: kasan: bad access detected
[ 69.342706][ T5310] page_owner tracks the page as allocated
[ 69.344911][ T5310] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5306, tgid 5306 (sh), ts 64397660897, free_ts 64356401139
[ 69.352514][ T5310] post_alloc_hook+0x1f3/0x230
[ 69.354447][ T5310] get_page_from_freelist+0x3649/0x3790
[ 69.356580][ T5310] __alloc_pages_noprof+0x292/0x710
[ 69.358538][ T5310] alloc_pages_mpol_noprof+0x3e8/0x680
[ 69.360590][ T5310] alloc_slab_page+0x6a/0x140
[ 69.362418][ T5310] allocate_slab+0x5a/0x2f0
[ 69.364275][ T5310] ___slab_alloc+0xcd1/0x14b0
[ 69.366021][ T5310] __slab_alloc+0x58/0xa0
[ 69.367456][ T5310] __kmalloc_cache_noprof+0x1d5/0x2c0
[ 69.369240][ T5310] tomoyo_init_log+0x11cd/0x2050
[ 69.371013][ T5310] tomoyo_supervisor+0x38a/0x11f0
[ 69.372866][ T5310] tomoyo_env_perm+0x178/0x210
[ 69.374741][ T5310] tomoyo_find_next_domain+0x146e/0x1d40
[ 69.376893][ T5310] tomoyo_bprm_check_security+0x114/0x180
[ 69.379083][ T5310] security_bprm_check+0x86/0x250
[ 69.380967][ T5310] bprm_execve+0xa56/0x1770
[ 69.382755][ T5310] page last free pid 5298 tgid 5298 stack trace:
[ 69.385181][ T5310] free_unref_page+0xdf9/0x1140
[ 69.387012][ T5310] vfree+0x186/0x2e0
[ 69.388257][ T5310] kcov_close+0x28/0x50
[ 69.389747][ T5310] __fput+0x23f/0x880
[ 69.391282][ T5310] __x64_sys_close+0x7f/0x110
[ 69.392991][ T5310] do_syscall_64+0xf3/0x230
[ 69.394646][ T5310] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.396961][ T5310]
[ 69.397901][ T5310] Memory state around the buggy address:
[ 69.400007][ T5310] ffff8880400a3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 69.402953][ T5310] ffff8880400a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 69.406155][ T5310] >ffff8880400a4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.408817][ T5310] ^
[ 69.410372][ T5310] ffff8880400a4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.413242][ T5310] ffff8880400a4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.416115][ T5310] ==================================================================
[ 69.429520][ T5325] netlink: 76 bytes leftover after parsing attributes in process `syz.0.0'.
[ 69.433979][ T5310] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 69.436835][ T5310] CPU: 0 UID: 0 PID: 5310 Comm: kworker/u5:2 Tainted: G W 6.12.0-syzkaller #0
[ 69.440946][ T5310] Tainted: [W]=WARN
[ 69.442467][ T5310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 69.446704][ T5310] Workqueue: hci0 hci_rx_work
[ 69.448842][ T5310] Call Trace:
[ 69.450260][ T5310]
[ 69.451561][ T5310] dump_stack_lvl+0x241/0x360
[ 69.453414][ T5310] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.455361][ T5310] ? __pfx__printk+0x10/0x10
[ 69.457080][ T5310] ? rcu_is_watching+0x15/0xb0
[ 69.458801][ T5310] ? preempt_schedule+0xe1/0xf0
[ 69.460541][ T5310] ? vscnprintf+0x5d/0x90
[ 69.462032][ T5310] panic+0x349/0x880
[ 69.463409][ T5310] ? check_panic_on_warn+0x21/0xb0
[ 69.465325][ T5310] ? __pfx_panic+0x10/0x10
[ 69.466939][ T5310] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 69.469134][ T5310] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 69.471303][ T5310] ? print_report+0x502/0x550
[ 69.472817][ T5310] check_panic_on_warn+0x86/0xb0
[ 69.474615][ T5310] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 69.476924][ T5310] end_report+0x77/0x160
[ 69.478587][ T5310] kasan_report+0x154/0x180
[ 69.480313][ T5310] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 69.482609][ T5310] hci_le_create_big_complete_evt+0x383/0xae0
[ 69.484815][ T5310] ? __copy_skb_header+0x437/0x5b0
[ 69.486753][ T5310] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 69.489073][ T5310] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 69.491584][ T5310] ? hci_le_meta_evt+0x366/0x580
[ 69.493363][ T5310] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 69.495693][ T5310] hci_event_packet+0xa55/0x1540
[ 69.497395][ T5310] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 69.499275][ T5310] ? __pfx_hci_event_packet+0x10/0x10
[ 69.501227][ T5310] ? do_raw_spin_unlock+0x58/0x8b0
[ 69.503127][ T5310] ? hci_send_to_monitor+0xd8/0x7f0
[ 69.505169][ T5310] ? kcov_remote_start+0x97/0x7d0
[ 69.507065][ T5310] hci_rx_work+0x3e8/0xca0
[ 69.508736][ T5310] ? process_scheduled_works+0x976/0x1850
[ 69.510911][ T5310] process_scheduled_works+0xa63/0x1850
[ 69.513089][ T5310] ? __pfx_process_scheduled_works+0x10/0x10
[ 69.515365][ T5310] ? assign_work+0x364/0x3d0
[ 69.517018][ T5310] worker_thread+0x870/0xd30
[ 69.518562][ T5310] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 69.520738][ T5310] ? __kthread_parkme+0x169/0x1d0
[ 69.522698][ T5310] ? __pfx_worker_thread+0x10/0x10
[ 69.524688][ T5310] kthread+0x2f0/0x390
[ 69.526254][ T5310] ? __pfx_worker_thread+0x10/0x10
[ 69.528242][ T5310] ? __pfx_kthread+0x10/0x10
[ 69.530055][ T5310] ret_from_fork+0x4b/0x80
[ 69.531728][ T5310] ? __pfx_kthread+0x10/0x10
[ 69.533555][ T5310] ret_from_fork_asm+0x1a/0x30
[ 69.535501][ T5310]
[ 69.537035][ T5310] Kernel Offset: disabled
[ 69.538544][ T5310] Rebooting in 86400 seconds..