program:
io_uring_setup(0x4156, &(0x7f00000001c0))
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close(0x3)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x1, @any, 0x0, 0x1}, 0xe)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r1, 0x3)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
connect$netrom(0xffffffffffffffff, &(0x7f00000002c0)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x1}, [@bcast, @bcast, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
close_range(r2, 0xffffffffffffffff, 0x0)
read$char_usb(r0, &(0x7f0000000180)=""/97, 0x61)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r3, 0x1, 0x2b, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
poll(0x0, 0x0, 0x100)
r4 = open(&(0x7f00000000c0)='./bus\x00', 0x1431c2, 0x0)
pwrite64(r4, &(0x7f0000005680)="a9a74b673822987ec60cdc60aa1ef138964740ed45d223166f6d8c37be985a21f62ea0daa9b7c1772c73f40c1ac011bae9ee7372e5d8905233f29bb3747941a2bff2720ac5bea9602bc298d7699624aebb022d44565d931ab6a0557a707e4534cc4f4ca38287c54cefd362bd4b2ffeaae9eaefb3f7a75131fcadd62d59b3aadb054a76373c17c451784d6757a3fc47b58c24f34f17db3fa054b4ea288f5a780bd75b1518555d8b3b4a3fe61644c40a4e0deb273b8833767a8ff985e356308ff18bbfd680418d1204cfce1924202febbef708a5762a61ae6b83a2c7c975f6669b9f007a5d1594fe15df9de15dc1833ba5306589dde8e62c1bf44a5be5", 0xfffffe16, 0x600000fff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1e, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000062f5aff87bc492428490633ba8b78857b7212f9bab7be3da93e8cfa3f38126bb8ea23df3d1dc2590621b2550280eb809d66acb50cfe5a40faf3f7bdc66752ea5c7d3e482f95a85e3784a50a6bbc6e204f3e770fe0020ce47562aa9f0ecb3416c29f153049aa4c0ac6b18b5ae6552c4040baaed660c"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x24, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
[ 74.820708][ T4675] Bluetooth: hci0: command tx timeout
[ 75.197858][ T5326] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 75.357796][ T5326] usb 5-1: Using ep0 maxpacket: 8
[ 75.363232][ T5326] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 75.366077][ T5326] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 75.372608][ T5326] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 75.376783][ T5326] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 75.382500][ T5326] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 75.389824][ T5326] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 75.392794][ T5326] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 75.396966][ T5326] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 75.403202][ T5326] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 75.407274][ T5326] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 75.412945][ T5326] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 75.415669][ T5326] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 75.421621][ T5326] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 75.425829][ T5326] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 75.430369][ T5326] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 75.437525][ T5326] usb 5-1: string descriptor 0 read error: -22
[ 75.442054][ T5326] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 75.445358][ T5326] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 75.473773][ T5326] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0
[ 75.671168][ T4675] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 75.674894][ T4675] CPU: 0 UID: 0 PID: 4675 Comm: kworker/u5:1 Not tainted 6.12.0-syzkaller #0
[ 75.678075][ T4675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 75.681591][ T4675] Workqueue: hci0 hci_rx_work
[ 75.683324][ T4675] Call Trace:
[ 75.684494][ T4675]
[ 75.685522][ T4675] dump_stack_lvl+0x241/0x360
[ 75.687049][ T4675] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.688869][ T4675] ? __pfx__printk+0x10/0x10
[ 75.690575][ T4675] ? sysfs_create_dir_ns+0x28a/0x3a0
[ 75.692433][ T4675] ? __kmalloc_cache_noprof+0x19c/0x2c0
[ 75.694433][ T4675] sysfs_create_dir_ns+0x2ce/0x3a0
[ 75.696371][ T4675] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 75.698576][ T4675] kobject_add_internal+0x435/0x8d0
[ 75.700711][ T4675] kobject_add+0x152/0x220
[ 75.702332][ T4675] ? do_raw_spin_unlock+0x58/0x8b0
[ 75.704153][ T4675] ? device_add+0x3e7/0xbf0
[ 75.705531][ T4675] ? __pfx_kobject_add+0x10/0x10
[ 75.706978][ T4675] ? _raw_spin_unlock+0x28/0x50
[ 75.708461][ T4675] ? get_device_parent+0x165/0x410
[ 75.709926][ T4675] device_add+0x4e5/0xbf0
[ 75.711227][ T4675] hci_conn_add_sysfs+0xe8/0x200
[ 75.712879][ T4675] le_conn_complete_evt+0xc9f/0x12e0
[ 75.714695][ T4675] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 75.716870][ T4675] ? __mutex_unlock_slowpath+0x21d/0x750
[ 75.719030][ T4675] ? __copy_skb_header+0x437/0x5b0
[ 75.720866][ T4675] ? skb_pull_data+0x112/0x230
[ 75.722527][ T4675] hci_le_conn_complete_evt+0x18c/0x420
[ 75.724437][ T4675] hci_event_packet+0xa55/0x1540
[ 75.726178][ T4675] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 75.728125][ T4675] ? __pfx_hci_event_packet+0x10/0x10
[ 75.730135][ T4675] ? do_raw_spin_unlock+0x58/0x8b0
[ 75.732008][ T4675] ? hci_send_to_monitor+0xd8/0x7f0
[ 75.734079][ T4675] ? kcov_remote_start+0x97/0x7d0
[ 75.735786][ T4675] hci_rx_work+0x3e8/0xca0
[ 75.737292][ T4675] ? process_scheduled_works+0x976/0x1850
[ 75.739240][ T4675] process_scheduled_works+0xa63/0x1850
[ 75.741155][ T4675] ? __pfx_process_scheduled_works+0x10/0x10
[ 75.743318][ T4675] ? assign_work+0x364/0x3d0
[ 75.744942][ T4675] worker_thread+0x870/0xd30
[ 75.746617][ T4675] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 75.748657][ T4675] ? __kthread_parkme+0x169/0x1d0
[ 75.750345][ T4675] ? __pfx_worker_thread+0x10/0x10
[ 75.752091][ T4675] kthread+0x2f0/0x390
[ 75.753721][ T4675] ? __pfx_worker_thread+0x10/0x10
[ 75.755648][ T4675] ? __pfx_kthread+0x10/0x10
[ 75.757243][ T4675] ret_from_fork+0x4b/0x80
[ 75.758816][ T4675] ? __pfx_kthread+0x10/0x10
[ 75.760474][ T4675] ret_from_fork_asm+0x1a/0x30
[ 75.762251][ T4675]
[ 75.767449][ T4675] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 75.772416][ T4675] Bluetooth: hci0: failed to register connection device
[ 75.777459][ T4675] ==================================================================
[ 75.780537][ T4675] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1f8/0x2b0
[ 75.783834][ T4675] Read of size 8 at addr ffff888042fa1580 by task kworker/u5:1/4675
[ 75.786680][ T4675]
[ 75.787522][ T4675] CPU: 0 UID: 0 PID: 4675 Comm: kworker/u5:1 Not tainted 6.12.0-syzkaller #0
[ 75.790490][ T4675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 75.794309][ T4675] Workqueue: hci0 hci_rx_work
[ 75.796072][ T4675] Call Trace:
[ 75.797341][ T4675]
[ 75.798502][ T4675] dump_stack_lvl+0x241/0x360
[ 75.800499][ T4675] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.802354][ T4675] ? __pfx__printk+0x10/0x10
[ 75.804196][ T4675] ? _printk+0xd5/0x120
[ 75.805721][ T4675] ? __virt_addr_valid+0x183/0x530
[ 75.807570][ T4675] ? __virt_addr_valid+0x183/0x530
[ 75.809450][ T4675] print_report+0x169/0x550
[ 75.811166][ T4675] ? __virt_addr_valid+0x183/0x530
[ 75.813057][ T4675] ? __virt_addr_valid+0x183/0x530
[ 75.814839][ T4675] ? __virt_addr_valid+0x45f/0x530
[ 75.816723][ T4675] ? __phys_addr+0xba/0x170
[ 75.818446][ T4675] ? l2cap_sock_new_connection_cb+0x1f8/0x2b0
[ 75.820716][ T4675] kasan_report+0x143/0x180
[ 75.822335][ T4675] ? l2cap_sock_new_connection_cb+0x1f8/0x2b0
[ 75.824604][ T4675] l2cap_sock_new_connection_cb+0x1f8/0x2b0
[ 75.826759][ T4675] l2cap_connect_cfm+0x377/0x1220
[ 75.828467][ T4675] ? hci_connect_cfm+0x24/0x150
[ 75.830231][ T4675] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 75.832267][ T4675] ? device_add+0x460/0xbf0
[ 75.834054][ T4675] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 75.836141][ T4675] hci_connect_cfm+0xa2/0x150
[ 75.837761][ T4675] le_conn_complete_evt+0xd3e/0x12e0
[ 75.839756][ T4675] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 75.841940][ T4675] ? __mutex_unlock_slowpath+0x21d/0x750
[ 75.844071][ T4675] ? __copy_skb_header+0x437/0x5b0
[ 75.846071][ T4675] ? skb_pull_data+0x112/0x230
[ 75.847868][ T4675] hci_le_conn_complete_evt+0x18c/0x420
[ 75.849980][ T4675] hci_event_packet+0xa55/0x1540
[ 75.851860][ T4675] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 75.853871][ T4675] ? __pfx_hci_event_packet+0x10/0x10
[ 75.855845][ T4675] ? do_raw_spin_unlock+0x58/0x8b0
[ 75.857747][ T4675] ? hci_send_to_monitor+0xd8/0x7f0
[ 75.859691][ T4675] ? kcov_remote_start+0x97/0x7d0
[ 75.861607][ T4675] hci_rx_work+0x3e8/0xca0
[ 75.863291][ T4675] ? process_scheduled_works+0x976/0x1850
[ 75.865410][ T4675] process_scheduled_works+0xa63/0x1850
[ 75.867458][ T4675] ? __pfx_process_scheduled_works+0x10/0x10
[ 75.869657][ T4675] ? assign_work+0x364/0x3d0
[ 75.871363][ T4675] worker_thread+0x870/0xd30
[ 75.873071][ T4675] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 75.875199][ T4675] ? __kthread_parkme+0x169/0x1d0
[ 75.877108][ T4675] ? __pfx_worker_thread+0x10/0x10
[ 75.879024][ T4675] kthread+0x2f0/0x390
[ 75.880524][ T4675] ? __pfx_worker_thread+0x10/0x10
[ 75.882384][ T4675] ? __pfx_kthread+0x10/0x10
[ 75.884104][ T4675] ret_from_fork+0x4b/0x80
[ 75.885719][ T4675] ? __pfx_kthread+0x10/0x10
[ 75.887487][ T4675] ret_from_fork_asm+0x1a/0x30
[ 75.889345][ T4675]
[ 75.890601][ T4675]
[ 75.891647][ T4675] Allocated by task 4675:
[ 75.893377][ T4675] kasan_save_track+0x3f/0x80
[ 75.895242][ T4675] __kasan_kmalloc+0x98/0xb0
[ 75.897061][ T4675] __kmalloc_noprof+0x1fc/0x400
[ 75.898896][ T4675] sk_prot_alloc+0xe0/0x210
[ 75.900531][ T4675] sk_alloc+0x38/0x370
[ 75.902089][ T4675] bt_sock_alloc+0x3c/0x340
[ 75.903874][ T4675] l2cap_sock_new_connection_cb+0xe1/0x2b0
[ 75.906019][ T4675] l2cap_connect_cfm+0x377/0x1220
[ 75.907873][ T4675] hci_connect_cfm+0xa2/0x150
[ 75.909661][ T4675] le_conn_complete_evt+0xd3e/0x12e0
[ 75.911599][ T4675] hci_le_conn_complete_evt+0x18c/0x420
[ 75.913467][ T4675] hci_event_packet+0xa55/0x1540
[ 75.915085][ T4675] hci_rx_work+0x3e8/0xca0
[ 75.916740][ T4675] process_scheduled_works+0xa63/0x1850
[ 75.918721][ T4675] worker_thread+0x870/0xd30
[ 75.920327][ T4675] kthread+0x2f0/0x390
[ 75.921837][ T4675] ret_from_fork+0x4b/0x80
[ 75.923573][ T4675] ret_from_fork_asm+0x1a/0x30
[ 75.925164][ T4675]
[ 75.925914][ T4675] Freed by task 5329:
[ 75.927333][ T4675] kasan_save_track+0x3f/0x80
[ 75.929308][ T4675] kasan_save_free_info+0x40/0x50
[ 75.931437][ T4675] __kasan_slab_free+0x59/0x70
[ 75.933275][ T4675] kfree+0x1a0/0x440
[ 75.934885][ T4675] __sk_destruct+0x479/0x5f0
[ 75.936630][ T4675] l2cap_sock_cleanup_listen+0xdd/0x3c0
[ 75.938625][ T4675] l2cap_sock_release+0x5d/0x1d0
[ 75.940498][ T4675] sock_close+0xbc/0x240
[ 75.942256][ T4675] __fput+0x23f/0x880
[ 75.943712][ T4675] task_work_run+0x24f/0x310
[ 75.945431][ T4675] syscall_exit_to_user_mode+0x168/0x370
[ 75.947536][ T4675] do_syscall_64+0x100/0x230
[ 75.949355][ T4675] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.951466][ T4675]
[ 75.952358][ T4675] The buggy address belongs to the object at ffff888042fa1000
[ 75.952358][ T4675] which belongs to the cache kmalloc-2k of size 2048
[ 75.957466][ T4675] The buggy address is located 1408 bytes inside of
[ 75.957466][ T4675] freed 2048-byte region [ffff888042fa1000, ffff888042fa1800)
[ 75.962260][ T4675]
[ 75.963155][ T4675] The buggy address belongs to the physical page:
[ 75.965376][ T4675] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42fa0
[ 75.968463][ T4675] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 75.971507][ T4675] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 75.974231][ T4675] page_type: f5(slab)
[ 75.975717][ T4675] raw: 04fff00000000040 ffff88801ac42000 dead000000000100 dead000000000122
[ 75.978730][ T4675] raw: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000
[ 75.981835][ T4675] head: 04fff00000000040 ffff88801ac42000 dead000000000100 dead000000000122
[ 75.985046][ T4675] head: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000
[ 75.988313][ T4675] head: 04fff00000000003 ffffea00010be801 ffffffffffffffff 0000000000000000
[ 75.991394][ T4675] head: ffff888000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 75.994650][ T4675] page dumped because: kasan: bad access detected
[ 75.997008][ T4675] page_owner tracks the page as allocated
[ 75.999071][ T4675] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5031, tgid 5031 (dhcpcd), ts 38161719088, free_ts 38055778636
[ 76.006305][ T4675] post_alloc_hook+0x1f3/0x230
[ 76.008055][ T4675] get_page_from_freelist+0x3649/0x3790
[ 76.010063][ T4675] __alloc_pages_noprof+0x292/0x710
[ 76.011939][ T4675] alloc_pages_mpol_noprof+0x3e8/0x680
[ 76.013948][ T4675] alloc_slab_page+0x6a/0x140
[ 76.015720][ T4675] allocate_slab+0x5a/0x2f0
[ 76.017449][ T4675] ___slab_alloc+0xcd1/0x14b0
[ 76.019233][ T4675] __slab_alloc+0x58/0xa0
[ 76.020870][ T4675] __kmalloc_node_track_caller_noprof+0x281/0x440
[ 76.023249][ T4675] kmalloc_reserve+0x111/0x2a0
[ 76.025159][ T4675] pskb_expand_head+0x1f0/0x1380
[ 76.027013][ T4675] netlink_trim+0x183/0x220
[ 76.028733][ T4675] netlink_broadcast_filtered+0x76/0x12a0
[ 76.030778][ T4675] nlmsg_notify+0xfb/0x1c0
[ 76.032497][ T4675] __dev_notify_flags+0xf7/0x400
[ 76.034400][ T4675] dev_change_flags+0xf0/0x1a0
[ 76.036212][ T4675] page last free pid 5110 tgid 5110 stack trace:
[ 76.038599][ T4675] free_unref_page+0xdf9/0x1140
[ 76.040394][ T4675] __put_partials+0xeb/0x130
[ 76.042148][ T4675] put_cpu_partial+0x17c/0x250
[ 76.043984][ T4675] __slab_free+0x2ea/0x3d0
[ 76.045703][ T4675] qlist_free_all+0x9a/0x140
[ 76.047444][ T4675] kasan_quarantine_reduce+0x14f/0x170
[ 76.049428][ T4675] __kasan_slab_alloc+0x23/0x80
[ 76.051257][ T4675] __kmalloc_cache_noprof+0x132/0x2c0
[ 76.053294][ T4675] tomoyo_init_log+0x1ca/0x2050
[ 76.055122][ T4675] tomoyo_supervisor+0x38a/0x11f0
[ 76.057028][ T4675] tomoyo_path_permission+0x243/0x360
[ 76.059063][ T4675] tomoyo_path_perm+0x480/0x740
[ 76.060984][ T4675] security_inode_getattr+0x130/0x330
[ 76.063054][ T4675] vfs_getattr+0x45/0x430
[ 76.064736][ T4675] vfs_fstatat+0xe4/0x190
[ 76.066219][ T4675] __x64_sys_newfstatat+0x11d/0x1a0
[ 76.068008][ T4675]
[ 76.068836][ T4675] Memory state around the buggy address:
[ 76.070746][ T4675] ffff888042fa1480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.073576][ T4675] ffff888042fa1500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.076341][ T4675] >ffff888042fa1580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.079285][ T4675] ^
[ 76.080733][ T4675] ffff888042fa1600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.083481][ T4675] ffff888042fa1680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.086461][ T4675] ==================================================================
[ 76.119511][ T4675] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 76.122244][ T4675] CPU: 0 UID: 0 PID: 4675 Comm: kworker/u5:1 Not tainted 6.12.0-syzkaller #0
[ 76.125535][ T4675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 76.129635][ T4675] Workqueue: hci0 hci_rx_work
[ 76.131401][ T4675] Call Trace:
[ 76.132666][ T4675]
[ 76.133795][ T4675] dump_stack_lvl+0x241/0x360
[ 76.135562][ T4675] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.137654][ T4675] ? __pfx__printk+0x10/0x10
[ 76.139417][ T4675] ? preempt_schedule+0xe1/0xf0
[ 76.141249][ T4675] ? vscnprintf+0x5d/0x90
[ 76.142824][ T4675] panic+0x349/0x880
[ 76.144300][ T4675] ? check_panic_on_warn+0x21/0xb0
[ 76.146199][ T4675] ? __pfx_panic+0x10/0x10
[ 76.147872][ T4675] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 76.150111][ T4675] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 76.152485][ T4675] ? print_report+0x502/0x550
[ 76.154322][ T4675] check_panic_on_warn+0x86/0xb0
[ 76.156230][ T4675] ? l2cap_sock_new_connection_cb+0x1f8/0x2b0
[ 76.158488][ T4675] end_report+0x77/0x160
[ 76.160087][ T4675] kasan_report+0x154/0x180
[ 76.161819][ T4675] ? l2cap_sock_new_connection_cb+0x1f8/0x2b0
[ 76.164378][ T4675] l2cap_sock_new_connection_cb+0x1f8/0x2b0
[ 76.166666][ T4675] l2cap_connect_cfm+0x377/0x1220
[ 76.168561][ T4675] ? hci_connect_cfm+0x24/0x150
[ 76.170343][ T4675] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 76.172307][ T4675] ? device_add+0x460/0xbf0
[ 76.174007][ T4675] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 76.176111][ T4675] hci_connect_cfm+0xa2/0x150
[ 76.177910][ T4675] le_conn_complete_evt+0xd3e/0x12e0
[ 76.179899][ T4675] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 76.182037][ T4675] ? __mutex_unlock_slowpath+0x21d/0x750
[ 76.184159][ T4675] ? __copy_skb_header+0x437/0x5b0
[ 76.186115][ T4675] ? skb_pull_data+0x112/0x230
[ 76.187935][ T4675] hci_le_conn_complete_evt+0x18c/0x420
[ 76.190019][ T4675] hci_event_packet+0xa55/0x1540
[ 76.191912][ T4675] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 76.193870][ T4675] ? __pfx_hci_event_packet+0x10/0x10
[ 76.195900][ T4675] ? do_raw_spin_unlock+0x58/0x8b0
[ 76.197818][ T4675] ? hci_send_to_monitor+0xd8/0x7f0
[ 76.199842][ T4675] ? kcov_remote_start+0x97/0x7d0
[ 76.201703][ T4675] hci_rx_work+0x3e8/0xca0
[ 76.203362][ T4675] ? process_scheduled_works+0x976/0x1850
[ 76.205511][ T4675] process_scheduled_works+0xa63/0x1850
[ 76.207552][ T4675] ? __pfx_process_scheduled_works+0x10/0x10
[ 76.209828][ T4675] ? assign_work+0x364/0x3d0
[ 76.211539][ T4675] worker_thread+0x870/0xd30
[ 76.213342][ T4675] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 76.215627][ T4675] ? __kthread_parkme+0x169/0x1d0
[ 76.217535][ T4675] ? __pfx_worker_thread+0x10/0x10
[ 76.219411][ T4675] kthread+0x2f0/0x390
[ 76.220909][ T4675] ? __pfx_worker_thread+0x10/0x10
[ 76.222872][ T4675] ? __pfx_kthread+0x10/0x10
[ 76.224603][ T4675] ret_from_fork+0x4b/0x80
[ 76.226297][ T4675] ? __pfx_kthread+0x10/0x10
[ 76.228003][ T4675] ret_from_fork_asm+0x1a/0x30
[ 76.229815][ T4675]
[ 76.231237][ T4675] Kernel Offset: disabled
[ 76.232898][ T4675] Rebooting in 86400 seconds..