program:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4000, 0x0, 0x0, 0x2)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000ec0)={0x2, 0x0, @remote}, 0x10) (async)
bind$inet(r1, &(0x7f0000000ec0)={0x2, 0x0, @remote}, 0x10)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg$inet(r1, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x7e1f, 0x0}, 0xee0000b0}, {{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001100)="15b26f226e2966667482d50903b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5d07d691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6bea1764fbde5500fa30c5f2459cff4d7f123ab94cfd5762d586ec7a28abc2f8c9e608f8f964b96ecb0883d60d444f317834a3d734cb304051a60d1a084a84da8f9a23a1b9d4951c0a81985c63ae193f40e9deb358b2f08553324fd6086be9e70e5061568abefebcda50e70f4dab2e4dc0cf6d85aced044d7005326922886194895267165f7f592036ebe11dcf1cad98f5cda766eaea90fb4cb5e793525126c7594f8599055192d63a81d3cd26aadd50983f1c3f1d4655c1b5f59e80f733e3abc4792b760729fd26298ef15141cf76cc4", 0xc3}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="a6", 0x1}], 0x300}}], 0x3, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x700000000000000}, 0x0)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0xfffffffffffffc7e)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r2, r2}, 0x4) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r2, r2}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r4, r4}, &(0x7f0000000600), &(0x7f0000000640)=r3}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xa0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) (async)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

[   70.900147][ T4675] Bluetooth: hci0: command tx timeout
[   71.216515][ T4675] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[   71.221449][ T4675] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4675, name: kworker/u5:1
[   71.225070][ T4675] preempt_count: 0, expected: 0
[   71.227017][ T4675] RCU nest depth: 1, expected: 0
[   71.228983][ T4675] 4 locks held by kworker/u5:1/4675:
[   71.231875][ T4675]  #0: ffff888044142948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   71.235997][ T4675]  #1: ffffc9000dabfd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   71.241354][ T4675]  #2: ffff888039cdc078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   71.245702][ T4675]  #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   71.250874][ T4675] CPU: 0 UID: 0 PID: 4675 Comm: kworker/u5:1 Not tainted 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0
[   71.255040][ T4675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.258757][ T4675] Workqueue: hci0 hci_rx_work
[   71.260487][ T4675] Call Trace:
[   71.261730][ T4675]  <TASK>
[   71.262929][ T4675]  dump_stack_lvl+0x241/0x360
[   71.264759][ T4675]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.266843][ T4675]  ? __pfx__printk+0x10/0x10
[   71.268678][ T4675]  __might_resched+0x5d4/0x780
[   71.270621][ T4675]  ? __mutex_lock+0x112/0xd70
[   71.272489][ T4675]  ? __pfx___might_resched+0x10/0x10
[   71.274513][ T4675]  __mutex_lock+0xc1/0xd70
[   71.276267][ T4675]  ? __pfx_lock_acquire+0x10/0x10
[   71.278249][ T4675]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.280720][ T4675]  ? __pfx_lock_release+0x10/0x10
[   71.282770][ T4675]  ? __pfx___mutex_lock+0x10/0x10
[   71.284726][ T4675]  ? trace_contention_end+0x3c/0x120
[   71.286817][ T4675]  ? skb_pull_data+0x112/0x230
[   71.288696][ T4675]  ? hci_conn_set_handle+0x9a/0x270
[   71.290716][ T4675]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.292849][ T4675]  ? __copy_skb_header+0x437/0x5b0
[   71.294866][ T4675]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   71.297123][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.299643][ T4675]  ? hci_le_meta_evt+0x366/0x580
[   71.301518][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.304014][ T4675]  hci_event_packet+0xa55/0x1540
[   71.305906][ T4675]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   71.307896][ T4675]  ? __pfx_hci_event_packet+0x10/0x10
[   71.309936][ T4675]  ? do_raw_spin_unlock+0x58/0x8b0
[   71.311866][ T4675]  ? hci_send_to_monitor+0xd8/0x7f0
[   71.313909][ T4675]  ? kcov_remote_start+0x97/0x7d0
[   71.315793][ T4675]  hci_rx_work+0x3e8/0xca0
[   71.317592][ T4675]  ? process_scheduled_works+0x976/0x1850
[   71.319882][ T4675]  process_scheduled_works+0xa63/0x1850
[   71.322054][ T4675]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.324330][ T4675]  ? assign_work+0x364/0x3d0
[   71.326090][ T4675]  worker_thread+0x870/0xd30
[   71.327897][ T4675]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.330052][ T4675]  ? __kthread_parkme+0x169/0x1d0
[   71.331909][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   71.333765][ T4675]  kthread+0x2f0/0x390
[   71.335255][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   71.337200][ T4675]  ? __pfx_kthread+0x10/0x10
[   71.339035][ T4675]  ret_from_fork+0x4b/0x80
[   71.340899][ T4675]  ? __pfx_kthread+0x10/0x10
[   71.343015][ T4675]  ret_from_fork_asm+0x1a/0x30
[   71.345023][ T4675]  </TASK>
[   71.358373][ T4675] 
[   71.359325][ T4675] =============================
[   71.361146][ T4675] [ BUG: Invalid wait context ]
[   71.362890][ T4675] 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0 Tainted: G        W         
[   71.366049][ T4675] -----------------------------
[   71.367855][ T4675] kworker/u5:1/4675 is trying to lock:
[   71.369910][ T4675] ffffffff8fe40568 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.373891][ T4675] other info that might help us debug this:
[   71.375814][ T4675] context-{4:4}
[   71.377066][ T4675] 4 locks held by kworker/u5:1/4675:
[   71.379042][ T4675]  #0: ffff888044142948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   71.383090][ T4675]  #1: ffffc9000dabfd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   71.387491][ T4675]  #2: ffff888039cdc078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   71.391299][ T4675]  #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   71.395168][ T4675] stack backtrace:
[   71.396540][ T4675] CPU: 0 UID: 0 PID: 4675 Comm: kworker/u5:1 Tainted: G        W          6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0
[   71.401016][ T4675] Tainted: [W]=WARN
[   71.402529][ T4675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.407081][ T4675] Workqueue: hci0 hci_rx_work
[   71.409014][ T4675] Call Trace:
[   71.410255][ T4675]  <TASK>
[   71.411330][ T4675]  dump_stack_lvl+0x241/0x360
[   71.412960][ T4675]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.414920][ T4675]  ? __pfx__printk+0x10/0x10
[   71.416678][ T4675]  __lock_acquire+0x154a/0x2050
[   71.418617][ T4675]  lock_acquire+0x1ed/0x550
[   71.420383][ T4675]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.422894][ T4675]  ? __pfx_lock_acquire+0x10/0x10
[   71.424864][ T4675]  ? __mutex_lock+0x112/0xd70
[   71.426698][ T4675]  ? __pfx___might_resched+0x10/0x10
[   71.428759][ T4675]  __mutex_lock+0x136/0xd70
[   71.430541][ T4675]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.432794][ T4675]  ? __pfx_lock_acquire+0x10/0x10
[   71.434603][ T4675]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.436786][ T4675]  ? __pfx_lock_release+0x10/0x10
[   71.438744][ T4675]  ? __pfx___mutex_lock+0x10/0x10
[   71.440722][ T4675]  ? trace_contention_end+0x3c/0x120
[   71.442731][ T4675]  ? skb_pull_data+0x112/0x230
[   71.444518][ T4675]  ? hci_conn_set_handle+0x9a/0x270
[   71.446429][ T4675]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   71.448604][ T4675]  ? __copy_skb_header+0x437/0x5b0
[   71.450629][ T4675]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   71.452819][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.455131][ T4675]  ? hci_le_meta_evt+0x366/0x580
[   71.456912][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.459517][ T4675]  hci_event_packet+0xa55/0x1540
[   71.461441][ T4675]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   71.463465][ T4675]  ? __pfx_hci_event_packet+0x10/0x10
[   71.465474][ T4675]  ? do_raw_spin_unlock+0x58/0x8b0
[   71.467447][ T4675]  ? hci_send_to_monitor+0xd8/0x7f0
[   71.469302][ T4675]  ? kcov_remote_start+0x97/0x7d0
[   71.471052][ T4675]  hci_rx_work+0x3e8/0xca0
[   71.472623][ T4675]  ? process_scheduled_works+0x976/0x1850
[   71.474670][ T4675]  process_scheduled_works+0xa63/0x1850
[   71.476751][ T4675]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.479096][ T4675]  ? assign_work+0x364/0x3d0
[   71.480908][ T4675]  worker_thread+0x870/0xd30
[   71.482656][ T4675]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.484821][ T4675]  ? __kthread_parkme+0x169/0x1d0
[   71.486655][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   71.488457][ T4675]  kthread+0x2f0/0x390
[   71.490018][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   71.491837][ T4675]  ? __pfx_kthread+0x10/0x10
[   71.493582][ T4675]  ret_from_fork+0x4b/0x80
[   71.495431][ T4675]  ? __pfx_kthread+0x10/0x10
[   71.497177][ T4675]  ret_from_fork_asm+0x1a/0x30
[   71.498904][ T4675]  </TASK>
[   71.504818][ T4675] ==================================================================
[   71.507812][ T4675] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[   71.511267][ T4675] Read of size 8 at addr ffff88801ed8c000 by task kworker/u5:1/4675
[   71.514309][ T4675] 
[   71.515192][ T4675] CPU: 0 UID: 0 PID: 4675 Comm: kworker/u5:1 Tainted: G        W          6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0
[   71.519549][ T4675] Tainted: [W]=WARN
[   71.520997][ T4675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.525151][ T4675] Workqueue: hci0 hci_rx_work
[   71.527026][ T4675] Call Trace:
[   71.528324][ T4675]  <TASK>
[   71.529479][ T4675]  dump_stack_lvl+0x241/0x360
[   71.531312][ T4675]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.533396][ T4675]  ? __pfx__printk+0x10/0x10
[   71.535237][ T4675]  ? _printk+0xd5/0x120
[   71.536871][ T4675]  ? __virt_addr_valid+0x183/0x530
[   71.538895][ T4675]  ? __virt_addr_valid+0x183/0x530
[   71.540880][ T4675]  print_report+0x169/0x550
[   71.542589][ T4675]  ? __virt_addr_valid+0x183/0x530
[   71.544484][ T4675]  ? __virt_addr_valid+0x183/0x530
[   71.546304][ T4675]  ? __virt_addr_valid+0x45f/0x530
[   71.548133][ T4675]  ? __phys_addr+0xba/0x170
[   71.549811][ T4675]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   71.552055][ T4675]  kasan_report+0x143/0x180
[   71.553711][ T4675]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   71.556088][ T4675]  hci_le_create_big_complete_evt+0x383/0xae0
[   71.558302][ T4675]  ? __copy_skb_header+0x437/0x5b0
[   71.560455][ T4675]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   71.563031][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.565386][ T4675]  ? hci_le_meta_evt+0x366/0x580
[   71.567298][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.569735][ T4675]  hci_event_packet+0xa55/0x1540
[   71.571598][ T4675]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   71.573463][ T4675]  ? __pfx_hci_event_packet+0x10/0x10
[   71.575377][ T4675]  ? do_raw_spin_unlock+0x58/0x8b0
[   71.577304][ T4675]  ? hci_send_to_monitor+0xd8/0x7f0
[   71.579465][ T4675]  ? kcov_remote_start+0x97/0x7d0
[   71.581621][ T4675]  hci_rx_work+0x3e8/0xca0
[   71.583309][ T4675]  ? process_scheduled_works+0x976/0x1850
[   71.585458][ T4675]  process_scheduled_works+0xa63/0x1850
[   71.587521][ T4675]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.589800][ T4675]  ? assign_work+0x364/0x3d0
[   71.591553][ T4675]  worker_thread+0x870/0xd30
[   71.593314][ T4675]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.595473][ T4675]  ? __kthread_parkme+0x169/0x1d0
[   71.597367][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   71.599188][ T4675]  kthread+0x2f0/0x390
[   71.600707][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   71.602633][ T4675]  ? __pfx_kthread+0x10/0x10
[   71.604270][ T4675]  ret_from_fork+0x4b/0x80
[   71.605851][ T4675]  ? __pfx_kthread+0x10/0x10
[   71.607601][ T4675]  ret_from_fork_asm+0x1a/0x30
[   71.609431][ T4675]  </TASK>
[   71.610634][ T4675] 
[   71.611584][ T4675] Allocated by task 4675:
[   71.613222][ T4675]  kasan_save_track+0x3f/0x80
[   71.615011][ T4675]  __kasan_kmalloc+0x98/0xb0
[   71.616791][ T4675]  __kmalloc_cache_noprof+0x19c/0x2c0
[   71.618814][ T4675]  __hci_conn_add+0x2f9/0x1850
[   71.620625][ T4675]  hci_le_big_sync_established_evt+0x414/0xc20
[   71.622832][ T4675]  hci_event_packet+0xa55/0x1540
[   71.624568][ T4675]  hci_rx_work+0x3e8/0xca0
[   71.626271][ T4675]  process_scheduled_works+0xa63/0x1850
[   71.628392][ T4675]  worker_thread+0x870/0xd30
[   71.630136][ T4675]  kthread+0x2f0/0x390
[   71.631670][ T4675]  ret_from_fork+0x4b/0x80
[   71.633365][ T4675]  ret_from_fork_asm+0x1a/0x30
[   71.635214][ T4675] 
[   71.636119][ T4675] Freed by task 4675:
[   71.637518][ T4675]  kasan_save_track+0x3f/0x80
[   71.639271][ T4675]  kasan_save_free_info+0x40/0x50
[   71.641137][ T4675]  __kasan_slab_free+0x59/0x70
[   71.642911][ T4675]  kfree+0x1a0/0x440
[   71.644440][ T4675]  device_release+0x99/0x1c0
[   71.646194][ T4675]  kobject_put+0x22f/0x480
[   71.647896][ T4675]  hci_conn_del+0x8c4/0xc40
[   71.649644][ T4675]  hci_le_create_big_complete_evt+0x619/0xae0
[   71.651917][ T4675]  hci_event_packet+0xa55/0x1540
[   71.653732][ T4675]  hci_rx_work+0x3e8/0xca0
[   71.655367][ T4675]  process_scheduled_works+0xa63/0x1850
[   71.657539][ T4675]  worker_thread+0x870/0xd30
[   71.659368][ T4675]  kthread+0x2f0/0x390
[   71.660935][ T4675]  ret_from_fork+0x4b/0x80
[   71.662754][ T4675]  ret_from_fork_asm+0x1a/0x30
[   71.664620][ T4675] 
[   71.665569][ T4675] The buggy address belongs to the object at ffff88801ed8c000
[   71.665569][ T4675]  which belongs to the cache kmalloc-8k of size 8192
[   71.670796][ T4675] The buggy address is located 0 bytes inside of
[   71.670796][ T4675]  freed 8192-byte region [ffff88801ed8c000, ffff88801ed8e000)
[   71.675782][ T4675] 
[   71.676685][ T4675] The buggy address belongs to the physical page:
[   71.678913][ T4675] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ed88
[   71.682100][ T4675] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   71.685175][ T4675] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   71.688137][ T4675] page_type: f5(slab)
[   71.689554][ T4675] raw: 00fff00000000040 ffff88801ac42280 ffffea000047aa00 dead000000000003
[   71.692616][ T4675] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   71.695745][ T4675] head: 00fff00000000040 ffff88801ac42280 ffffea000047aa00 dead000000000003
[   71.699116][ T4675] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   71.702344][ T4675] head: 00fff00000000003 ffffea00007b6201 ffffffffffffffff 0000000000000000
[   71.705626][ T4675] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   71.708731][ T4675] page dumped because: kasan: bad access detected
[   71.711086][ T4675] page_owner tracks the page as allocated
[   71.713288][ T4675] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4714, tgid 4714 (init), ts 22505022201, free_ts 22504285576
[   71.720486][ T4675]  post_alloc_hook+0x1f3/0x230
[   71.722270][ T4675]  get_page_from_freelist+0x3649/0x3790
[   71.724376][ T4675]  __alloc_pages_noprof+0x292/0x710
[   71.726517][ T4675]  alloc_pages_mpol_noprof+0x3e8/0x680
[   71.728583][ T4675]  alloc_slab_page+0x6a/0x140
[   71.730399][ T4675]  allocate_slab+0x5a/0x2f0
[   71.732235][ T4675]  ___slab_alloc+0xcd1/0x14b0
[   71.734081][ T4675]  __slab_alloc+0x58/0xa0
[   71.735771][ T4675]  __kmalloc_cache_noprof+0x1d5/0x2c0
[   71.737664][ T4675]  tomoyo_init_log+0x11cd/0x2050
[   71.739610][ T4675]  tomoyo_supervisor+0x38a/0x11f0
[   71.741554][ T4675]  tomoyo_env_perm+0x178/0x210
[   71.743385][ T4675]  tomoyo_find_next_domain+0x146e/0x1d40
[   71.745379][ T4675]  tomoyo_bprm_check_security+0x114/0x180
[   71.747364][ T4675]  security_bprm_check+0x86/0x250
[   71.749191][ T4675]  bprm_execve+0xa56/0x1770
[   71.750904][ T4675] page last free pid 4714 tgid 4714 stack trace:
[   71.753165][ T4675]  free_unref_page+0xdf9/0x1140
[   71.755004][ T4675]  __slab_free+0x31b/0x3d0
[   71.756696][ T4675]  qlist_free_all+0x9a/0x140
[   71.758422][ T4675]  kasan_quarantine_reduce+0x14f/0x170
[   71.760585][ T4675]  __kasan_slab_alloc+0x23/0x80
[   71.762420][ T4675]  __kmalloc_noprof+0x1a6/0x400
[   71.764302][ T4675]  tomoyo_supervisor+0xe0d/0x11f0
[   71.766246][ T4675]  tomoyo_env_perm+0x178/0x210
[   71.768062][ T4675]  tomoyo_find_next_domain+0x146e/0x1d40
[   71.770191][ T4675]  tomoyo_bprm_check_security+0x114/0x180
[   71.772310][ T4675]  security_bprm_check+0x86/0x250
[   71.774253][ T4675]  bprm_execve+0xa56/0x1770
[   71.775984][ T4675]  do_execveat_common+0x55f/0x6f0
[   71.777922][ T4675]  __x64_sys_execve+0x92/0xb0
[   71.779783][ T4675]  do_syscall_64+0xf3/0x230
[   71.781567][ T4675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.784046][ T4675] 
[   71.785024][ T4675] Memory state around the buggy address:
[   71.787061][ T4675]  ffff88801ed8bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.790120][ T4675]  ffff88801ed8bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.793209][ T4675] >ffff88801ed8c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.796214][ T4675]                    ^
[   71.797736][ T4675]  ffff88801ed8c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.800715][ T4675]  ffff88801ed8c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.803714][ T4675] ==================================================================
[   71.819260][ T4675] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   71.821925][ T4675] CPU: 0 UID: 0 PID: 4675 Comm: kworker/u5:1 Tainted: G        W          6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0
[   71.826387][ T4675] Tainted: [W]=WARN
[   71.827707][ T4675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.831738][ T4675] Workqueue: hci0 hci_rx_work
[   71.833559][ T4675] Call Trace:
[   71.834904][ T4675]  <TASK>
[   71.836020][ T4675]  dump_stack_lvl+0x241/0x360
[   71.837796][ T4675]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.839846][ T4675]  ? __pfx__printk+0x10/0x10
[   71.841725][ T4675]  ? rcu_is_watching+0x15/0xb0
[   71.843525][ T4675]  ? preempt_schedule+0xe1/0xf0
[   71.845406][ T4675]  ? vscnprintf+0x5d/0x90
[   71.847087][ T4675]  panic+0x349/0x880
[   71.848617][ T4675]  ? check_panic_on_warn+0x21/0xb0
[   71.850526][ T4675]  ? __pfx_panic+0x10/0x10
[   71.852207][ T4675]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   71.854508][ T4675]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   71.856802][ T4675]  ? print_report+0x502/0x550
[   71.858682][ T4675]  check_panic_on_warn+0x86/0xb0
[   71.860591][ T4675]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   71.863000][ T4675]  end_report+0x77/0x160
[   71.864604][ T4675]  kasan_report+0x154/0x180
[   71.866429][ T4675]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   71.868811][ T4675]  hci_le_create_big_complete_evt+0x383/0xae0
[   71.871056][ T4675]  ? __copy_skb_header+0x437/0x5b0
[   71.873034][ T4675]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   71.875432][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.877981][ T4675]  ? hci_le_meta_evt+0x366/0x580
[   71.879947][ T4675]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   71.882387][ T4675]  hci_event_packet+0xa55/0x1540
[   71.884462][ T4675]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   71.886463][ T4675]  ? __pfx_hci_event_packet+0x10/0x10
[   71.888483][ T4675]  ? do_raw_spin_unlock+0x58/0x8b0
[   71.890529][ T4675]  ? hci_send_to_monitor+0xd8/0x7f0
[   71.892610][ T4675]  ? kcov_remote_start+0x97/0x7d0
[   71.894521][ T4675]  hci_rx_work+0x3e8/0xca0
[   71.896210][ T4675]  ? process_scheduled_works+0x976/0x1850
[   71.898327][ T4675]  process_scheduled_works+0xa63/0x1850
[   71.900449][ T4675]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.902721][ T4675]  ? assign_work+0x364/0x3d0
[   71.904535][ T4675]  worker_thread+0x870/0xd30
[   71.906368][ T4675]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.909001][ T4675]  ? __kthread_parkme+0x169/0x1d0
[   71.910933][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   71.912881][ T4675]  kthread+0x2f0/0x390
[   71.914477][ T4675]  ? __pfx_worker_thread+0x10/0x10
[   71.916435][ T4675]  ? __pfx_kthread+0x10/0x10
[   71.918194][ T4675]  ret_from_fork+0x4b/0x80
[   71.919942][ T4675]  ? __pfx_kthread+0x10/0x10
[   71.921677][ T4675]  ret_from_fork_asm+0x1a/0x30
[   71.923523][ T4675]  </TASK>
[   71.924848][ T4675] Kernel Offset: disabled
[   71.926569][ T4675] Rebooting in 86400 seconds..