Extracting prog: 1m17.891384729s
Minimizing prog: 34m58.641652701s
Simplifying prog options: 0s
Extracting C: 35.573134643s
Simplifying C: 13m3.814571255s


1 programs, timeouts [30s 1m40s 6m0s]
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-syz_init_net_socket$bt_hci-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci-mknod$loop-newfstatat-setresuid-ioctl$sock_bt_hci-syz_80211_inject_frame-socket$nl_generic-openat$kvm-sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r3=>0x0, <r4=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r4, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r2, @ANYBLOB='\x00\v', @ANYRESOCT=r3, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r2], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x0)
setresuid(0x0, r7, 0x0)
ioctl$sock_bt_hci(r6, 0x400448c9, 0x0)
syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000180)=@ctrl_frame=@cts={{}, {0x41}, @broadcast}, 0xa)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0200000000000000000002000000080026000c17000008009f000a000000"], 0x24}}, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
single: successfully extracted reproducer
found reproducer with 22 syscalls
minimizing guilty program
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-syz_init_net_socket$bt_hci-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci-mknod$loop-newfstatat-setresuid-ioctl$sock_bt_hci-syz_80211_inject_frame-socket$nl_generic-openat$kvm
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x0)
setresuid(0x0, r6, 0x0)
ioctl$sock_bt_hci(r5, 0x400448c9, 0x0)
syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000180)=@ctrl_frame=@cts={{}, {0x41}, @broadcast}, 0xa)
socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-syz_init_net_socket$bt_hci-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci-mknod$loop-newfstatat-setresuid-ioctl$sock_bt_hci-syz_80211_inject_frame-socket$nl_generic
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x0)
setresuid(0x0, r6, 0x0)
ioctl$sock_bt_hci(r5, 0x400448c9, 0x0)
syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000180)=@ctrl_frame=@cts={{}, {0x41}, @broadcast}, 0xa)
socket$nl_generic(0x10, 0x3, 0x10)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-syz_init_net_socket$bt_hci-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci-mknod$loop-newfstatat-setresuid-ioctl$sock_bt_hci-syz_80211_inject_frame
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x0)
setresuid(0x0, r6, 0x0)
ioctl$sock_bt_hci(r5, 0x400448c9, 0x0)
syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000180)=@ctrl_frame=@cts={{}, {0x41}, @broadcast}, 0xa)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-syz_init_net_socket$bt_hci-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci-mknod$loop-newfstatat-setresuid-ioctl$sock_bt_hci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x0)
setresuid(0x0, r6, 0x0)
ioctl$sock_bt_hci(r5, 0x400448c9, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-syz_init_net_socket$bt_hci-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci-mknod$loop-newfstatat-setresuid
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x0)
setresuid(0x0, r5, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-syz_init_net_socket$bt_hci-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci-mknod$loop-newfstatat
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-syz_init_net_socket$bt_hci-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci-mknod$loop
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-syz_init_net_socket$bt_hci-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-syz_init_net_socket$bt_hci-bpf$PROG_LOAD-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program did not crash
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-syz_init_net_socket$bt_hci-bpf$PROG_LOAD-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program did not crash
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-syz_init_net_socket$bt_hci-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program did not crash
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-socket$inet6_udplite-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program did not crash
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-newfstatat-ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
newfstatat(0xffffffffffffff9c, &(0x7f0000008980)='./file1\x00', &(0x7f00000089c0), 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-syz_mount_image$erofs-ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r1, @ANYBLOB='\x00\v', @ANYRESOCT=r2, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT=r1], 0x2, 0x1d1, &(0x7f0000002240)="$eJzsmT/M0kAYxp+7ln/GmLg4uDiIEaOUtqhhYcDE3QT8t0mkErSAgZoAiQNxcXF0MHF1cnNwYHJwc3PVQU1MHOzoXHPH2dYC3wfftzT53l/C26d37929d4WHBEAQxJHlx/c/315cq7UuATiOInKq/ZcW5fBY/tdXTy6+rF9//e7Lm4+DE08XyfkYgCDYfn0dwIeGBk/dB8H/o4vq2gIP9U1wXFD6NhjOKX0PHLeUdsBwV+mHMT0sKOE6xv2h23nQcx1TBEsEW4Rqsj5/ztABkFf1sVj/eDp71HZdZ5QUmeDfOitdu4r9zs9vcNRRCM9PPK87z5/Nxb2h8szY+VngsJSugqGpdA05GIYRHUls/6f16Plo2+w/DeJkORVlkEiXYMkW8YEOW075i0+ro36mpfgDCGlcAFa6Ph873MxZZQJrcyJ/YjpwHpF/6NBD/6h4/ceV8XRW7vXbXafrDGy7etW8bJpX7Io0omXcw//y8N9G31Bi/syG3CzLYtL2vJE1AbyRFd7byxhz3Ob74W85hkv/4yidXc4h3ipy27n1azD14vIqVEnbWDxBEARBEARBEARBEARBEMROnAGTv4KqP6qCDdg3ZPbfAAAA//+gfGlz")
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-fstat-ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140))
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-open-ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-sendmsg$nl_route-ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @broadcast}]}}}]}, 0x40}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_route-ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program did not crash
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program did not crash
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program did not crash
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program did not crash
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(0x0, 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program did not crash
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

program did not crash
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(0x0, 0x22)

program did not crash
testing program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x22)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m1.406452762s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
simplifying C reproducer
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program did not crash
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program did not crash
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=1m1.406452762s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX_80211-bpf$PROG_LOAD-syz_emit_vhci-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
reproducing took 49m55.920762647s
repro crashed as (corrupted=false):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 48, name: kworker/u5:0
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
4 locks held by kworker/u5:0/48:
 #0: ffff888040add148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
 #0: ffff888040add148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
 #1: ffffc9000062fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
 #1: ffffc9000062fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
 #2: ffff888043dc8078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 net/bluetooth/hci_event.c:6850
 #3: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #3: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #3: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 net/bluetooth/hci_event.c:6851
CPU: 0 UID: 0 PID: 48 Comm: kworker/u5:0 Not tainted 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 __might_resched+0x5d4/0x780 kernel/sched/core.c:8653
 __mutex_lock_common kernel/locking/mutex.c:585 [inline]
 __mutex_lock+0xc1/0xd70 kernel/locking/mutex.c:752
 hci_connect_cfm include/net/bluetooth/hci_core.h:1957 [inline]
 hci_le_create_big_complete_evt+0x3d9/0xae0 net/bluetooth/hci_event.c:6875
 hci_event_func net/bluetooth/hci_event.c:7440 [inline]
 hci_event_packet+0xa55/0x1540 net/bluetooth/hci_event.c:7495
 hci_rx_work+0x3fe/0xd80 net/bluetooth/hci_core.c:4031
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

=============================
[ BUG: Invalid wait context ]
6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 Tainted: G        W         
-----------------------------
kworker/u5:0/48 is trying to lock:
ffffffff8fe3fae8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1957 [inline]
ffffffff8fe3fae8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0 net/bluetooth/hci_event.c:6875
other info that might help us debug this:
context-{4:4}
4 locks held by kworker/u5:0/48:
 #0: ffff888040add148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
 #0: ffff888040add148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
 #1: ffffc9000062fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
 #1: ffffc9000062fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
 #2: ffff888043dc8078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 net/bluetooth/hci_event.c:6850
 #3: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #3: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #3: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 net/bluetooth/hci_event.c:6851
stack backtrace:
CPU: 0 UID: 0 PID: 48 Comm: kworker/u5:0 Tainted: G        W          6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4802 [inline]
 check_wait_context kernel/locking/lockdep.c:4874 [inline]
 __lock_acquire+0x154a/0x2050 kernel/locking/lockdep.c:5152
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
 hci_connect_cfm include/net/bluetooth/hci_core.h:1957 [inline]
 hci_le_create_big_complete_evt+0x3d9/0xae0 net/bluetooth/hci_event.c:6875
 hci_event_func net/bluetooth/hci_event.c:7440 [inline]
 hci_event_packet+0xa55/0x1540 net/bluetooth/hci_event.c:7495
 hci_rx_work+0x3fe/0xd80 net/bluetooth/hci_core.c:4031
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
==================================================================
BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
Read of size 8 at addr ffff888011d04000 by task kworker/u5:0/48

CPU: 0 UID: 0 PID: 48 Comm: kworker/u5:0 Tainted: G        W          6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:488
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 hci_le_create_big_complete_evt+0x383/0xae0
 hci_event_func net/bluetooth/hci_event.c:7440 [inline]
 hci_event_packet+0xa55/0x1540 net/bluetooth/hci_event.c:7495
 hci_rx_work+0x3fe/0xd80 net/bluetooth/hci_core.c:4031
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Allocated by task 48:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4295
 kmalloc_noprof include/linux/slab.h:878 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 __hci_conn_add+0x2f9/0x1850 net/bluetooth/hci_conn.c:935
 hci_le_big_sync_established_evt+0x414/0xc20 net/bluetooth/hci_event.c:6920
 hci_event_func net/bluetooth/hci_event.c:7440 [inline]
 hci_event_packet+0xa55/0x1540 net/bluetooth/hci_event.c:7495
 hci_rx_work+0x3fe/0xd80 net/bluetooth/hci_core.c:4031
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 48:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:2342 [inline]
 slab_free mm/slub.c:4579 [inline]
 kfree+0x1a0/0x440 mm/slub.c:4727
 device_release+0x99/0x1c0
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x22f/0x480 lib/kobject.c:737
 hci_conn_cleanup net/bluetooth/hci_conn.c:174 [inline]
 hci_conn_del+0x8c4/0xc40 net/bluetooth/hci_conn.c:1163
 hci_le_create_big_complete_evt+0x619/0xae0 net/bluetooth/hci_event.c:6877
 hci_event_func net/bluetooth/hci_event.c:7440 [inline]
 hci_event_packet+0xa55/0x1540 net/bluetooth/hci_event.c:7495
 hci_rx_work+0x3fe/0xd80 net/bluetooth/hci_core.c:4031
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff888011d04000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 0 bytes inside of
 freed 8192-byte region [ffff888011d04000, ffff888011d06000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d00
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801ac42280 0000000000000000 dead000000000001
raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
head: 00fff00000000040 ffff88801ac42280 0000000000000000 dead000000000001
head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
head: 00fff00000000003 ffffea0000474001 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4713, tgid 4713 (init), ts 23351879022, free_ts 22768822269
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x3045/0x3190 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4733
 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
 alloc_slab_page+0x6a/0x120 mm/slub.c:2412
 allocate_slab+0x5a/0x2f0 mm/slub.c:2578
 new_slab mm/slub.c:2631 [inline]
 ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3818
 __slab_alloc+0x58/0xa0 mm/slub.c:3908
 __slab_alloc_node mm/slub.c:3961 [inline]
 slab_alloc_node mm/slub.c:4122 [inline]
 __kmalloc_cache_noprof+0x1d5/0x2c0 mm/slub.c:4290
 kmalloc_noprof include/linux/slab.h:878 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_print_bprm security/tomoyo/audit.c:26 [inline]
 tomoyo_init_log+0x11cd/0x2050 security/tomoyo/audit.c:264
 tomoyo_supervisor+0x38a/0x11f0 security/tomoyo/common.c:2089
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0x178/0x210 security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x146e/0x1d40 security/tomoyo/domain.c:881
 tomoyo_bprm_check_security+0x114/0x180 security/tomoyo/tomoyo.c:102
 security_bprm_check+0x86/0x250 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve+0xa56/0x1770 fs/exec.c:1845
page last free pid 1 tgid 1 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0xcfb/0xf20 mm/page_alloc.c:2638
 free_reserved_page+0xcc/0x120 mm/page_alloc.c:5859
 free_reserved_area+0x51/0xf0 mm/page_alloc.c:5845
 free_init_pages arch/x86/mm/init.c:927 [inline]
 free_kernel_image_pages arch/x86/mm/init.c:943 [inline]
 free_initmem+0x9a/0x110 arch/x86/mm/init.c:970
 kernel_init+0x31/0x2b0 init/main.c:1478
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Memory state around the buggy address:
 ffff888011d03f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888011d03f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888011d04000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff888011d04080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888011d04100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 48, name: kworker/u5:0
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
4 locks held by kworker/u5:0/48:
 #0: ffff888040add148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
 #0: ffff888040add148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
 #1: ffffc9000062fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
 #1: ffffc9000062fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
 #2: ffff888043dc8078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 net/bluetooth/hci_event.c:6850
 #3: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #3: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #3: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 net/bluetooth/hci_event.c:6851
CPU: 0 UID: 0 PID: 48 Comm: kworker/u5:0 Not tainted 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 __might_resched+0x5d4/0x780 kernel/sched/core.c:8653
 __mutex_lock_common kernel/locking/mutex.c:585 [inline]
 __mutex_lock+0xc1/0xd70 kernel/locking/mutex.c:752
 hci_connect_cfm include/net/bluetooth/hci_core.h:1957 [inline]
 hci_le_create_big_complete_evt+0x3d9/0xae0 net/bluetooth/hci_event.c:6875
 hci_event_func net/bluetooth/hci_event.c:7440 [inline]
 hci_event_packet+0xa55/0x1540 net/bluetooth/hci_event.c:7495
 hci_rx_work+0x3fe/0xd80 net/bluetooth/hci_core.c:4031
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

=============================
[ BUG: Invalid wait context ]
6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 Tainted: G        W         
-----------------------------
kworker/u5:0/48 is trying to lock:
ffffffff8fe3fae8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1957 [inline]
ffffffff8fe3fae8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0 net/bluetooth/hci_event.c:6875
other info that might help us debug this:
context-{4:4}
4 locks held by kworker/u5:0/48:
 #0: ffff888040add148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
 #0: ffff888040add148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
 #1: ffffc9000062fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
 #1: ffffc9000062fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
 #2: ffff888043dc8078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 net/bluetooth/hci_event.c:6850
 #3: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #3: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #3: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 net/bluetooth/hci_event.c:6851
stack backtrace:
CPU: 0 UID: 0 PID: 48 Comm: kworker/u5:0 Tainted: G        W          6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4802 [inline]
 check_wait_context kernel/locking/lockdep.c:4874 [inline]
 __lock_acquire+0x154a/0x2050 kernel/locking/lockdep.c:5152
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
 hci_connect_cfm include/net/bluetooth/hci_core.h:1957 [inline]
 hci_le_create_big_complete_evt+0x3d9/0xae0 net/bluetooth/hci_event.c:6875
 hci_event_func net/bluetooth/hci_event.c:7440 [inline]
 hci_event_packet+0xa55/0x1540 net/bluetooth/hci_event.c:7495
 hci_rx_work+0x3fe/0xd80 net/bluetooth/hci_core.c:4031
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
==================================================================
BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
Read of size 8 at addr ffff888011d04000 by task kworker/u5:0/48

CPU: 0 UID: 0 PID: 48 Comm: kworker/u5:0 Tainted: G        W          6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:488
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 hci_le_create_big_complete_evt+0x383/0xae0
 hci_event_func net/bluetooth/hci_event.c:7440 [inline]
 hci_event_packet+0xa55/0x1540 net/bluetooth/hci_event.c:7495
 hci_rx_work+0x3fe/0xd80 net/bluetooth/hci_core.c:4031
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Allocated by task 48:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4295
 kmalloc_noprof include/linux/slab.h:878 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 __hci_conn_add+0x2f9/0x1850 net/bluetooth/hci_conn.c:935
 hci_le_big_sync_established_evt+0x414/0xc20 net/bluetooth/hci_event.c:6920
 hci_event_func net/bluetooth/hci_event.c:7440 [inline]
 hci_event_packet+0xa55/0x1540 net/bluetooth/hci_event.c:7495
 hci_rx_work+0x3fe/0xd80 net/bluetooth/hci_core.c:4031
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 48:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:2342 [inline]
 slab_free mm/slub.c:4579 [inline]
 kfree+0x1a0/0x440 mm/slub.c:4727
 device_release+0x99/0x1c0
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x22f/0x480 lib/kobject.c:737
 hci_conn_cleanup net/bluetooth/hci_conn.c:174 [inline]
 hci_conn_del+0x8c4/0xc40 net/bluetooth/hci_conn.c:1163
 hci_le_create_big_complete_evt+0x619/0xae0 net/bluetooth/hci_event.c:6877
 hci_event_func net/bluetooth/hci_event.c:7440 [inline]
 hci_event_packet+0xa55/0x1540 net/bluetooth/hci_event.c:7495
 hci_rx_work+0x3fe/0xd80 net/bluetooth/hci_core.c:4031
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff888011d04000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 0 bytes inside of
 freed 8192-byte region [ffff888011d04000, ffff888011d06000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d00
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801ac42280 0000000000000000 dead000000000001
raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
head: 00fff00000000040 ffff88801ac42280 0000000000000000 dead000000000001
head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
head: 00fff00000000003 ffffea0000474001 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4713, tgid 4713 (init), ts 23351879022, free_ts 22768822269
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x3045/0x3190 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4733
 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
 alloc_slab_page+0x6a/0x120 mm/slub.c:2412
 allocate_slab+0x5a/0x2f0 mm/slub.c:2578
 new_slab mm/slub.c:2631 [inline]
 ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3818
 __slab_alloc+0x58/0xa0 mm/slub.c:3908
 __slab_alloc_node mm/slub.c:3961 [inline]
 slab_alloc_node mm/slub.c:4122 [inline]
 __kmalloc_cache_noprof+0x1d5/0x2c0 mm/slub.c:4290
 kmalloc_noprof include/linux/slab.h:878 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_print_bprm security/tomoyo/audit.c:26 [inline]
 tomoyo_init_log+0x11cd/0x2050 security/tomoyo/audit.c:264
 tomoyo_supervisor+0x38a/0x11f0 security/tomoyo/common.c:2089
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0x178/0x210 security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x146e/0x1d40 security/tomoyo/domain.c:881
 tomoyo_bprm_check_security+0x114/0x180 security/tomoyo/tomoyo.c:102
 security_bprm_check+0x86/0x250 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve+0xa56/0x1770 fs/exec.c:1845
page last free pid 1 tgid 1 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0xcfb/0xf20 mm/page_alloc.c:2638
 free_reserved_page+0xcc/0x120 mm/page_alloc.c:5859
 free_reserved_area+0x51/0xf0 mm/page_alloc.c:5845
 free_init_pages arch/x86/mm/init.c:927 [inline]
 free_kernel_image_pages arch/x86/mm/init.c:943 [inline]
 free_initmem+0x9a/0x110 arch/x86/mm/init.c:970
 kernel_init+0x31/0x2b0 init/main.c:1478
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Memory state around the buggy address:
 ffff888011d03f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888011d03f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888011d04000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff888011d04080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888011d04100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================