program: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r1 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f00000001c0)={r0, 0x1, 0x2}) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000180)={0x2, &(0x7f0000000100)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @remote}]}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x400448ca, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r4, 0x400448c9, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7) r5 = syz_clone(0x98000900, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={r5, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) [ 74.687283][ T4666] Bluetooth: hci0: command tx timeout [ 74.846558][ T5326] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 74.851218][ T5326] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 74.854315][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.13.0-rc6-syzkaller-00038-g09a0fa92e5b4 #0 [ 74.858297][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.862395][ T5326] RIP: 0010:klist_remove+0x1e8/0x480 [ 74.864407][ T5326] Code: 3c 06 00 74 08 4c 89 ff e8 45 9d 47 f6 4d 8b 27 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 1d 9d 47 f6 4d 8b 6c 24 58 4c 89 e7 e8 50 4e [ 74.871278][ T5326] RSP: 0018:ffffc9000d4b7900 EFLAGS: 00010202 [ 74.873459][ T5326] RAX: 000000000000000b RBX: ffffffff90005fe8 RCX: dffffc0000000000 [ 74.876361][ T5326] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058 [ 74.879051][ T5326] RBP: ffffc9000d4b79f0 R08: ffffffff90005f83 R09: 1ffffffff2000bf0 [ 74.882052][ T5326] R10: dffffc0000000000 R11: fffffbfff2000bf1 R12: 0000000000000000 [ 74.885064][ T5326] R13: ffffffff90005fe0 R14: 1ffff11007d9688c R15: ffff88803ecb4460 [ 74.887943][ T5326] FS: 00007fc119c146c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 74.891248][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.893844][ T5326] CR2: 000056093744f1b8 CR3: 0000000043d20000 CR4: 0000000000352ef0 [ 74.896832][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.899857][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.902913][ T5326] Call Trace: [ 74.904239][ T5326] [ 74.905396][ T5326] ? __die_body+0x5f/0xb0 [ 74.907099][ T5326] ? die_addr+0xb0/0xe0 [ 74.908732][ T5326] ? exc_general_protection+0x3dd/0x5d0 [ 74.910894][ T5326] ? do_raw_spin_lock+0x14f/0x370 [ 74.912820][ T5326] ? asm_exc_general_protection+0x26/0x30 [ 74.914970][ T5326] ? klist_remove+0x1e8/0x480 [ 74.916741][ T5326] ? __pfx_klist_remove+0x10/0x10 [ 74.918735][ T5326] ? __pfx_kobject_move+0x10/0x10 [ 74.920473][ T5326] ? get_device_parent+0x25d/0x410 [ 74.922509][ T5326] device_move+0x1b4/0x710 [ 74.924300][ T5326] ? kasan_quarantine_put+0xdc/0x230 [ 74.926353][ T5326] hci_conn_del_sysfs+0xac/0x160 [ 74.928298][ T5326] hci_conn_del+0x8c4/0xc40 [ 74.930107][ T5326] hci_conn_hash_flush+0x258/0x350 [ 74.932201][ T5326] ? __pfx_hci_conn_hash_flush+0x10/0x10 [ 74.934295][ T5326] ? _raw_spin_unlock_irq+0x2e/0x50 [ 74.936308][ T5326] ? drain_workqueue+0x2d3/0x3a0 [ 74.938193][ T5326] ? hci_inquiry_cache_flush+0x181/0x220 [ 74.940218][ T5326] ? hci_discovery_set_state+0x57/0x180 [ 74.942174][ T5326] hci_dev_close_sync+0xa42/0x11c0 [ 74.944188][ T5326] hci_dev_close+0x112/0x210 [ 74.946045][ T5326] sock_do_ioctl+0x158/0x460 [ 74.947883][ T5326] ? __pfx_sock_do_ioctl+0x10/0x10 [ 74.949820][ T5326] sock_ioctl+0x626/0x8e0 [ 74.951493][ T5326] ? __pfx_sock_ioctl+0x10/0x10 [ 74.953421][ T5326] ? __fget_files+0x2a/0x410 [ 74.955301][ T5326] ? __fget_files+0x2a/0x410 [ 74.957063][ T5326] ? __pfx_sock_ioctl+0x10/0x10 [ 74.958895][ T5326] __se_sys_ioctl+0xf5/0x170 [ 74.960695][ T5326] do_syscall_64+0xf3/0x230 [ 74.962352][ T5326] ? clear_bhb_loop+0x35/0x90 [ 74.964126][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.966331][ T5326] RIP: 0033:0x7fc118d85d29 [ 74.968045][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.975053][ T5326] RSP: 002b:00007fc119c14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.977969][ T5326] RAX: ffffffffffffffda RBX: 00007fc118f75fa0 RCX: 00007fc118d85d29 [ 74.981174][ T5326] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000007 [ 74.984282][ T5326] RBP: 00007fc118e01b08 R08: 0000000000000000 R09: 0000000000000000 [ 74.987269][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.990044][ T5326] R13: 0000000000000000 R14: 00007fc118f75fa0 R15: 00007ffcd3250f28 [ 74.992522][ T5326] [ 74.993611][ T5326] Modules linked in: [ 74.995097][ T5326] ---[ end trace 0000000000000000 ]--- [ 75.014580][ T5326] RIP: 0010:klist_remove+0x1e8/0x480 [ 75.016556][ T5326] Code: 3c 06 00 74 08 4c 89 ff e8 45 9d 47 f6 4d 8b 27 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 1d 9d 47 f6 4d 8b 6c 24 58 4c 89 e7 e8 50 4e [ 75.024747][ T5326] RSP: 0018:ffffc9000d4b7900 EFLAGS: 00010202 [ 75.027037][ T5326] RAX: 000000000000000b RBX: ffffffff90005fe8 RCX: dffffc0000000000 [ 75.030663][ T5326] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058 [ 75.033692][ T5326] RBP: ffffc9000d4b79f0 R08: ffffffff90005f83 R09: 1ffffffff2000bf0 [ 75.036697][ T5326] R10: dffffc0000000000 R11: fffffbfff2000bf1 R12: 0000000000000000 [ 75.040467][ T5326] R13: ffffffff90005fe0 R14: 1ffff11007d9688c R15: ffff88803ecb4460 [ 75.043571][ T5326] FS: 00007fc119c146c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 75.047248][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.050204][ T5326] CR2: 00007fc119bf2fe0 CR3: 0000000043d20000 CR4: 0000000000352ef0 [ 75.053292][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.056732][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.060829][ T5326] Kernel panic - not syncing: Fatal exception [ 75.063359][ T5326] Kernel Offset: disabled [ 75.065195][ T5326] Rebooting in 86400 seconds..