Bluetooth: hci1: command 0x0c1a tx timeout
Bluetooth: hci3: command 0x0c1a tx timeout
Bluetooth: hci2: command 0x0406 tx timeout
==================================================================
BUG: KASAN: wild-memory-access in instrument_atomic_read include/linux/instrumented.h:82 [inline]
BUG: KASAN: wild-memory-access in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
BUG: KASAN: wild-memory-access in l2cap_chan_lock include/net/bluetooth/l2cap.h:826 [inline]
BUG: KASAN: wild-memory-access in l2cap_conn_ready net/bluetooth/l2cap_core.c:1618 [inline]
BUG: KASAN: wild-memory-access in l2cap_connect_cfm+0x7c0/0x1050 net/bluetooth/l2cap_core.c:7323
Read of size 4 at addr deacfffffffffc8c by task kworker/u33:1/5292

CPU: 1 UID: 0 PID: 5292 Comm: kworker/u33:1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: hci3 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 kasan_report+0xdf/0x1e0 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:186 [inline]
 kasan_check_range+0x10f/0x1e0 mm/kasan/generic.c:200
 instrument_atomic_read include/linux/instrumented.h:82 [inline]
 atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
 l2cap_chan_lock include/net/bluetooth/l2cap.h:826 [inline]
 l2cap_conn_ready net/bluetooth/l2cap_core.c:1618 [inline]
 l2cap_connect_cfm+0x7c0/0x1050 net/bluetooth/l2cap_core.c:7323
 hci_connect_cfm include/net/bluetooth/hci_core.h:2139 [inline]
 le_conn_complete_evt+0x195c/0x1f40 net/bluetooth/hci_event.c:5847
 hci_le_conn_complete_evt+0x23c/0x3a0 net/bluetooth/hci_event.c:5873
 hci_le_meta_evt+0x34a/0x5f0 net/bluetooth/hci_event.c:7473
 hci_event_func net/bluetooth/hci_event.c:7781 [inline]
 hci_event_packet+0x682/0x11c0 net/bluetooth/hci_event.c:7838
 hci_rx_work+0x451/0xfc0 net/bluetooth/hci_core.c:4077
 process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
 process_scheduled_works kernel/workqueue.c:3358 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3439
 kthread+0x370/0x450 kernel/kthread.c:467
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
==================================================================