program:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) (async, rerun: 32)
shutdown(r1, 0x1) (rerun: 32)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) (async, rerun: 32)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040500"], 0xf) (async, rerun: 32)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'ipvlan0\x00'}) (async, rerun: 64)
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c0008000100000000001400ffff4500004000000000008490783fffffffac1414aa000000001b58941cecac95c082e3c53b8feabb45dd06cc4c263f3c60e89eb081f16bdf695466de0672033a231ba0f8bb54555291b409ffb39a02d8106eaeba7c66cda7e0f39cfe460056bd50192a4282d08df7e579321d91f7cd4cae01a5ddd7b2a07f521d5630ce2d863b6325b65af6b6e17b5a126441501edd658656906637074c3b7509", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="b4fefeff9078001c0e0302050a00000000000000000008d58803068ba1000000"], 0x4e) (rerun: 64)
[ 85.040138][ T5297] Bluetooth: hci0: command tx timeout
[ 85.176410][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 85.181798][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 85.181815][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.181823][ T4662] Workqueue: hci0 hci_rx_work
[ 85.181992][ T4662] Call Trace:
[ 85.181997][ T4662]
[ 85.182003][ T4662] dump_stack_lvl+0xe8/0x150
[ 85.182163][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 85.182246][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 85.182260][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 85.182335][ T4662] kobject_add_internal+0x62b/0xd00
[ 85.182357][ T4662] kobject_add+0x163/0x240
[ 85.182376][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 85.182406][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 85.182421][ T4662] ? get_device_parent+0x366/0x3a0
[ 85.182570][ T4662] device_add+0x408/0xb70
[ 85.182588][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 85.182618][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 85.182642][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 85.182659][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 85.182746][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 85.182761][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 85.182776][ T4662] ? skb_pull_data+0xfb/0x200
[ 85.182795][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 85.182861][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 85.182882][ T4662] hci_event_packet+0x7af/0x12c0
[ 85.182901][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 85.182931][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 85.182950][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 85.183037][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 85.183110][ T4662] hci_rx_work+0x3ee/0x1030
[ 85.183131][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 85.183151][ T4662] process_scheduled_works+0xb02/0x1830
[ 85.183229][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.183249][ T4662] ? assign_work+0x3d5/0x5e0
[ 85.183269][ T4662] worker_thread+0xa50/0xfc0
[ 85.183316][ T4662] kthread+0x388/0x470
[ 85.183328][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 85.183342][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.183354][ T4662] ret_from_fork+0x51e/0xb90
[ 85.183400][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 85.183416][ T4662] ? __switch_to+0xc7d/0x1450
[ 85.183434][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.183447][ T4662] ret_from_fork_asm+0x1a/0x30
[ 85.183500][ T4662]
[ 85.183521][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 85.287858][ T4662] Bluetooth: hci0: failed to register connection device
[ 85.293960][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 85.298669][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 85.298698][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.298708][ T4662] Workqueue: hci0 hci_rx_work
[ 85.298730][ T4662] Call Trace:
[ 85.298736][ T4662]
[ 85.298743][ T4662] dump_stack_lvl+0xe8/0x150
[ 85.298764][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 85.298782][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 85.298797][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 85.298814][ T4662] kobject_add_internal+0x62b/0xd00
[ 85.298837][ T4662] kobject_add+0x163/0x240
[ 85.298858][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 85.298875][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 85.298892][ T4662] ? get_device_parent+0x366/0x3a0
[ 85.298912][ T4662] device_add+0x408/0xb70
[ 85.298929][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 85.298947][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 85.298973][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 85.298992][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 85.299011][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 85.299027][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 85.299043][ T4662] ? skb_pull_data+0xfb/0x200
[ 85.299062][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 85.299083][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 85.299105][ T4662] hci_event_packet+0x7af/0x12c0
[ 85.299125][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 85.299144][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 85.299162][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 85.299184][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 85.299208][ T4662] hci_rx_work+0x3ee/0x1030
[ 85.299228][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 85.299247][ T4662] process_scheduled_works+0xb02/0x1830
[ 85.299280][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.299300][ T4662] ? assign_work+0x3d5/0x5e0
[ 85.299319][ T4662] worker_thread+0xa50/0xfc0
[ 85.299354][ T4662] kthread+0x388/0x470
[ 85.299367][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 85.299384][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.299398][ T4662] ret_from_fork+0x51e/0xb90
[ 85.299420][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 85.299436][ T4662] ? __switch_to+0xc7d/0x1450
[ 85.299453][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.299466][ T4662] ret_from_fork_asm+0x1a/0x30
[ 85.299496][ T4662]
[ 85.299521][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 85.414055][ T4662] Bluetooth: hci0: failed to register connection device
[ 85.419010][ T4662] Bluetooth: hci0: unexpected event 0x05 length: 12 > 4
[ 85.422109][ T4662] Bluetooth: hci0: unexpected event 0x05 length: 12 > 4
[ 85.427154][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 85.433659][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 85.433677][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.433682][ T4662] Workqueue: hci0 hci_rx_work
[ 85.433697][ T4662] Call Trace:
[ 85.433701][ T4662]
[ 85.433704][ T4662] dump_stack_lvl+0xe8/0x150
[ 85.433717][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 85.433727][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 85.433736][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 85.433746][ T4662] kobject_add_internal+0x62b/0xd00
[ 85.433760][ T4662] kobject_add+0x163/0x240
[ 85.433771][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 85.433780][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 85.433789][ T4662] ? get_device_parent+0x366/0x3a0
[ 85.433800][ T4662] device_add+0x408/0xb70
[ 85.433811][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 85.433820][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 85.433835][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 85.433846][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 85.433857][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 85.433867][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 85.433875][ T4662] ? skb_pull_data+0xfb/0x200
[ 85.433885][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 85.433897][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 85.433910][ T4662] hci_event_packet+0x7af/0x12c0
[ 85.433923][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 85.433934][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 85.433944][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 85.433956][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 85.433968][ T4662] hci_rx_work+0x3ee/0x1030
[ 85.433980][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 85.433990][ T4662] process_scheduled_works+0xb02/0x1830
[ 85.434009][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.434020][ T4662] ? assign_work+0x3d5/0x5e0
[ 85.434031][ T4662] worker_thread+0xa50/0xfc0
[ 85.434050][ T4662] kthread+0x388/0x470
[ 85.434057][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 85.434066][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.434073][ T4662] ret_from_fork+0x51e/0xb90
[ 85.434084][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 85.434093][ T4662] ? __switch_to+0xc7d/0x1450
[ 85.434102][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.434109][ T4662] ret_from_fork_asm+0x1a/0x30
[ 85.434126][ T4662]
[ 85.434136][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 85.537242][ T4662] Bluetooth: hci0: failed to register connection device
[ 85.542261][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 85.546653][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 85.546677][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.546685][ T4662] Workqueue: hci0 hci_rx_work
[ 85.546708][ T4662] Call Trace:
[ 85.546713][ T4662]
[ 85.546719][ T4662] dump_stack_lvl+0xe8/0x150
[ 85.546739][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 85.546753][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 85.546761][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 85.546772][ T4662] kobject_add_internal+0x62b/0xd00
[ 85.546786][ T4662] kobject_add+0x163/0x240
[ 85.546798][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 85.546809][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 85.546818][ T4662] ? get_device_parent+0x366/0x3a0
[ 85.546831][ T4662] device_add+0x408/0xb70
[ 85.546842][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 85.546855][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 85.546876][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 85.546890][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 85.546906][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 85.546920][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 85.546932][ T4662] ? skb_pull_data+0xfb/0x200
[ 85.546948][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 85.546967][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 85.546987][ T4662] hci_event_packet+0x7af/0x12c0
[ 85.547005][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 85.547019][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 85.547036][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 85.547054][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 85.547074][ T4662] hci_rx_work+0x3ee/0x1030
[ 85.547091][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 85.547107][ T4662] process_scheduled_works+0xb02/0x1830
[ 85.547138][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.547157][ T4662] ? assign_work+0x3d5/0x5e0
[ 85.547173][ T4662] worker_thread+0xa50/0xfc0
[ 85.547203][ T4662] kthread+0x388/0x470
[ 85.547215][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 85.547229][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.547241][ T4662] ret_from_fork+0x51e/0xb90
[ 85.547258][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 85.547267][ T4662] ? __switch_to+0xc7d/0x1450
[ 85.547277][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.547284][ T4662] ret_from_fork_asm+0x1a/0x30
[ 85.547300][ T4662]
[ 85.547317][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 85.668092][ T4662] Bluetooth: hci0: failed to register connection device
[ 85.673114][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 85.677392][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 85.677410][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.677419][ T4662] Workqueue: hci0 hci_rx_work
[ 85.677439][ T4662] Call Trace:
[ 85.677445][ T4662]
[ 85.677452][ T4662] dump_stack_lvl+0xe8/0x150
[ 85.677472][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 85.677488][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 85.677502][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 85.677519][ T4662] kobject_add_internal+0x62b/0xd00
[ 85.677541][ T4662] kobject_add+0x163/0x240
[ 85.677561][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 85.677576][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 85.677590][ T4662] ? get_device_parent+0x366/0x3a0
[ 85.677607][ T4662] device_add+0x408/0xb70
[ 85.677624][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 85.677640][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 85.677662][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 85.677678][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 85.677695][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 85.677708][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 85.677721][ T4662] ? skb_pull_data+0xfb/0x200
[ 85.677736][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 85.677755][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 85.677775][ T4662] hci_event_packet+0x7af/0x12c0
[ 85.677793][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 85.677809][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 85.677826][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 85.677844][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 85.677863][ T4662] hci_rx_work+0x3ee/0x1030
[ 85.677882][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 85.677900][ T4662] process_scheduled_works+0xb02/0x1830
[ 85.677930][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.677949][ T4662] ? assign_work+0x3d5/0x5e0
[ 85.677966][ T4662] worker_thread+0xa50/0xfc0
[ 85.678003][ T4662] kthread+0x388/0x470
[ 85.678016][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 85.678031][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.678069][ T4662] ret_from_fork+0x51e/0xb90
[ 85.678088][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 85.678103][ T4662] ? __switch_to+0xc7d/0x1450
[ 85.678120][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.678131][ T4662] ret_from_fork_asm+0x1a/0x30
[ 85.678158][ T4662]
[ 85.678181][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 85.798816][ T4662] Bluetooth: hci0: failed to register connection device
[ 85.802889][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 85.807024][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 85.807041][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.807050][ T4662] Workqueue: hci0 hci_rx_work
[ 85.807072][ T4662] Call Trace:
[ 85.807077][ T4662]
[ 85.807083][ T4662] dump_stack_lvl+0xe8/0x150
[ 85.807104][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 85.807120][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 85.807134][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 85.807150][ T4662] kobject_add_internal+0x62b/0xd00
[ 85.807171][ T4662] kobject_add+0x163/0x240
[ 85.807188][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 85.807204][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 85.807219][ T4662] ? get_device_parent+0x366/0x3a0
[ 85.807236][ T4662] device_add+0x408/0xb70
[ 85.807252][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 85.807268][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 85.807291][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 85.807307][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 85.807322][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 85.807335][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 85.807348][ T4662] ? skb_pull_data+0xfb/0x200
[ 85.807363][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 85.807381][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 85.807401][ T4662] hci_event_packet+0x7af/0x12c0
[ 85.807420][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 85.807436][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 85.807453][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 85.807471][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 85.807490][ T4662] hci_rx_work+0x3ee/0x1030
[ 85.807508][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 85.807524][ T4662] process_scheduled_works+0xb02/0x1830
[ 85.807556][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.807575][ T4662] ? assign_work+0x3d5/0x5e0
[ 85.807593][ T4662] worker_thread+0xa50/0xfc0
[ 85.807626][ T4662] kthread+0x388/0x470
[ 85.807637][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 85.807651][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.807662][ T4662] ret_from_fork+0x51e/0xb90
[ 85.807679][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 85.807722][ T4662] ? __switch_to+0xc7d/0x1450
[ 85.807741][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.807753][ T4662] ret_from_fork_asm+0x1a/0x30
[ 85.807781][ T4662]
[ 85.807803][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 85.925632][ T5324] syz.0.0 uses obsolete (PF_INET,SOCK_PACKET)
[ 85.928552][ T4662] Bluetooth: hci0: failed to register connection device
[ 85.932575][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 85.936273][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 85.936290][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.936296][ T4662] Workqueue: hci0 hci_rx_work
[ 85.936316][ T4662] Call Trace:
[ 85.936322][ T4662]
[ 85.936328][ T4662] dump_stack_lvl+0xe8/0x150
[ 85.936348][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 85.936363][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 85.936377][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 85.936391][ T4662] kobject_add_internal+0x62b/0xd00
[ 85.936412][ T4662] kobject_add+0x163/0x240
[ 85.936432][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 85.936448][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 85.936462][ T4662] ? get_device_parent+0x366/0x3a0
[ 85.936479][ T4662] device_add+0x408/0xb70
[ 85.936495][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 85.936511][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 85.936532][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 85.936547][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 85.936563][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 85.936577][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 85.936590][ T4662] ? skb_pull_data+0xfb/0x200
[ 85.936606][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 85.936617][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 85.936630][ T4662] hci_event_packet+0x7af/0x12c0
[ 85.936668][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 85.936679][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 85.936690][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 85.936702][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 85.936718][ T4662] hci_rx_work+0x3ee/0x1030
[ 85.936734][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 85.936749][ T4662] process_scheduled_works+0xb02/0x1830
[ 85.936780][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.936797][ T4662] ? assign_work+0x3d5/0x5e0
[ 85.936816][ T4662] worker_thread+0xa50/0xfc0
[ 85.936848][ T4662] kthread+0x388/0x470
[ 85.936860][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 85.936872][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.936883][ T4662] ret_from_fork+0x51e/0xb90
[ 85.936901][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 85.936915][ T4662] ? __switch_to+0xc7d/0x1450
[ 85.936931][ T4662] ? __pfx_kthread+0x10/0x10
[ 85.936942][ T4662] ret_from_fork_asm+0x1a/0x30
[ 85.936970][ T4662]
[ 85.936990][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 86.050040][ T4662] Bluetooth: hci0: failed to register connection device
[ 86.054239][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 86.058067][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 86.058085][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 86.058096][ T4662] Workqueue: hci0 hci_rx_work
[ 86.058118][ T4662] Call Trace:
[ 86.058125][ T4662]
[ 86.058131][ T4662] dump_stack_lvl+0xe8/0x150
[ 86.058152][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 86.058166][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 86.058182][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 86.058198][ T4662] kobject_add_internal+0x62b/0xd00
[ 86.058220][ T4662] kobject_add+0x163/0x240
[ 86.058240][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 86.058259][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 86.058273][ T4662] ? get_device_parent+0x366/0x3a0
[ 86.058291][ T4662] device_add+0x408/0xb70
[ 86.058307][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 86.058323][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 86.058347][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 86.058363][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 86.058379][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 86.058390][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 86.058400][ T4662] ? skb_pull_data+0xfb/0x200
[ 86.058415][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 86.058434][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 86.058455][ T4662] hci_event_packet+0x7af/0x12c0
[ 86.058473][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 86.058489][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 86.058506][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 86.058525][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 86.058544][ T4662] hci_rx_work+0x3ee/0x1030
[ 86.058562][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 86.058579][ T4662] process_scheduled_works+0xb02/0x1830
[ 86.058612][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 86.058630][ T4662] ? assign_work+0x3d5/0x5e0
[ 86.058661][ T4662] worker_thread+0xa50/0xfc0
[ 86.058693][ T4662] kthread+0x388/0x470
[ 86.058705][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 86.058720][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.058732][ T4662] ret_from_fork+0x51e/0xb90
[ 86.058750][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 86.058764][ T4662] ? __switch_to+0xc7d/0x1450
[ 86.058779][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.058792][ T4662] ret_from_fork_asm+0x1a/0x30
[ 86.058819][ T4662]
[ 86.058845][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 86.200908][ T4662] Bluetooth: hci0: failed to register connection device
[ 86.207054][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 86.212049][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 86.212067][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 86.212076][ T4662] Workqueue: hci0 hci_rx_work
[ 86.212097][ T4662] Call Trace:
[ 86.212101][ T4662]
[ 86.212107][ T4662] dump_stack_lvl+0xe8/0x150
[ 86.212126][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 86.212140][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 86.212153][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 86.212171][ T4662] kobject_add_internal+0x62b/0xd00
[ 86.212194][ T4662] kobject_add+0x163/0x240
[ 86.212211][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 86.212226][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 86.212239][ T4662] ? get_device_parent+0x366/0x3a0
[ 86.212256][ T4662] device_add+0x408/0xb70
[ 86.212273][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 86.212289][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 86.212305][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 86.212319][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 86.212334][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 86.212347][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 86.212360][ T4662] ? skb_pull_data+0xfb/0x200
[ 86.212376][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 86.212394][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 86.212413][ T4662] hci_event_packet+0x7af/0x12c0
[ 86.212430][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 86.212446][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 86.212463][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 86.212480][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 86.212493][ T4662] hci_rx_work+0x3ee/0x1030
[ 86.212504][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 86.212515][ T4662] process_scheduled_works+0xb02/0x1830
[ 86.212534][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 86.212546][ T4662] ? assign_work+0x3d5/0x5e0
[ 86.212557][ T4662] worker_thread+0xa50/0xfc0
[ 86.212580][ T4662] kthread+0x388/0x470
[ 86.212591][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 86.212604][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.212615][ T4662] ret_from_fork+0x51e/0xb90
[ 86.212631][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 86.212644][ T4662] ? __switch_to+0xc7d/0x1450
[ 86.212668][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.212680][ T4662] ret_from_fork_asm+0x1a/0x30
[ 86.212709][ T4662]
[ 86.212726][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 86.336291][ T4662] Bluetooth: hci0: failed to register connection device
[ 86.341856][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 86.345885][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 86.345904][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 86.345956][ T4662] Workqueue: hci0 hci_rx_work
[ 86.345978][ T4662] Call Trace:
[ 86.345984][ T4662]
[ 86.345991][ T4662] dump_stack_lvl+0xe8/0x150
[ 86.346012][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 86.346029][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 86.346044][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 86.346060][ T4662] kobject_add_internal+0x62b/0xd00
[ 86.346081][ T4662] kobject_add+0x163/0x240
[ 86.346100][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 86.346115][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 86.346130][ T4662] ? get_device_parent+0x366/0x3a0
[ 86.346145][ T4662] device_add+0x408/0xb70
[ 86.346161][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 86.346177][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 86.346200][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 86.346217][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 86.346233][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 86.346247][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 86.346260][ T4662] ? skb_pull_data+0xfb/0x200
[ 86.346277][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 86.346295][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 86.346313][ T4662] hci_event_packet+0x7af/0x12c0
[ 86.346332][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 86.346350][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 86.346367][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 86.346381][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 86.346398][ T4662] hci_rx_work+0x3ee/0x1030
[ 86.346415][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 86.346432][ T4662] process_scheduled_works+0xb02/0x1830
[ 86.346469][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 86.346489][ T4662] ? assign_work+0x3d5/0x5e0
[ 86.346507][ T4662] worker_thread+0xa50/0xfc0
[ 86.346539][ T4662] kthread+0x388/0x470
[ 86.346551][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 86.346564][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.346580][ T4662] ret_from_fork+0x51e/0xb90
[ 86.346601][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 86.346620][ T4662] ? __switch_to+0xc7d/0x1450
[ 86.346637][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.346651][ T4662] ret_from_fork_asm+0x1a/0x30
[ 86.346682][ T4662]
[ 86.346711][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 86.471110][ T4662] Bluetooth: hci0: failed to register connection device
[ 86.474691][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 86.478370][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 86.478383][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 86.478390][ T4662] Workqueue: hci0 hci_rx_work
[ 86.478405][ T4662] Call Trace:
[ 86.478409][ T4662]
[ 86.478415][ T4662] dump_stack_lvl+0xe8/0x150
[ 86.478428][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 86.478439][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 86.478448][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 86.478459][ T4662] kobject_add_internal+0x62b/0xd00
[ 86.478473][ T4662] kobject_add+0x163/0x240
[ 86.478484][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 86.478494][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 86.478503][ T4662] ? get_device_parent+0x366/0x3a0
[ 86.478514][ T4662] device_add+0x408/0xb70
[ 86.478524][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 86.478535][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 86.478550][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 86.478563][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 86.478579][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 86.478592][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 86.478603][ T4662] ? skb_pull_data+0xfb/0x200
[ 86.478613][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 86.478624][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 86.478636][ T4662] hci_event_packet+0x7af/0x12c0
[ 86.478649][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 86.478660][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 86.478670][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 86.478683][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 86.478695][ T4662] hci_rx_work+0x3ee/0x1030
[ 86.478707][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 86.478717][ T4662] process_scheduled_works+0xb02/0x1830
[ 86.478736][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 86.478748][ T4662] ? assign_work+0x3d5/0x5e0
[ 86.478759][ T4662] worker_thread+0xa50/0xfc0
[ 86.478778][ T4662] kthread+0x388/0x470
[ 86.478785][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 86.478793][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.478800][ T4662] ret_from_fork+0x51e/0xb90
[ 86.478811][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 86.478820][ T4662] ? __switch_to+0xc7d/0x1450
[ 86.478830][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.478837][ T4662] ret_from_fork_asm+0x1a/0x30
[ 86.478853][ T4662]
[ 86.478868][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 86.597227][ T4662] Bluetooth: hci0: failed to register connection device
[ 86.601265][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 86.605201][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 86.605218][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 86.605224][ T4662] Workqueue: hci0 hci_rx_work
[ 86.605240][ T4662] Call Trace:
[ 86.605245][ T4662]
[ 86.605249][ T4662] dump_stack_lvl+0xe8/0x150
[ 86.605269][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 86.605285][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 86.605299][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 86.605312][ T4662] kobject_add_internal+0x62b/0xd00
[ 86.605327][ T4662] kobject_add+0x163/0x240
[ 86.605340][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 86.605350][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 86.605360][ T4662] ? get_device_parent+0x366/0x3a0
[ 86.605373][ T4662] device_add+0x408/0xb70
[ 86.605385][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 86.605398][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 86.605419][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 86.605435][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 86.605451][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 86.605462][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 86.605469][ T4662] ? skb_pull_data+0xfb/0x200
[ 86.605480][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 86.605491][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 86.605503][ T4662] hci_event_packet+0x7af/0x12c0
[ 86.605514][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 86.605524][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 86.605534][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 86.605546][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 86.605558][ T4662] hci_rx_work+0x3ee/0x1030
[ 86.605570][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 86.605581][ T4662] process_scheduled_works+0xb02/0x1830
[ 86.605601][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 86.605612][ T4662] ? assign_work+0x3d5/0x5e0
[ 86.605623][ T4662] worker_thread+0xa50/0xfc0
[ 86.605642][ T4662] kthread+0x388/0x470
[ 86.605650][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 86.605658][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.605665][ T4662] ret_from_fork+0x51e/0xb90
[ 86.605676][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 86.605685][ T4662] ? __switch_to+0xc7d/0x1450
[ 86.605695][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.605702][ T4662] ret_from_fork_asm+0x1a/0x30
[ 86.605721][ T4662]
[ 86.605735][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 86.721265][ T4662] Bluetooth: hci0: failed to register connection device
[ 86.724960][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 86.728692][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 86.728711][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 86.728720][ T4662] Workqueue: hci0 hci_rx_work
[ 86.728744][ T4662] Call Trace:
[ 86.728749][ T4662]
[ 86.728756][ T4662] dump_stack_lvl+0xe8/0x150
[ 86.728776][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 86.728793][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 86.728806][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 86.728823][ T4662] kobject_add_internal+0x62b/0xd00
[ 86.728846][ T4662] kobject_add+0x163/0x240
[ 86.728864][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 86.728880][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 86.728893][ T4662] ? get_device_parent+0x366/0x3a0
[ 86.728911][ T4662] device_add+0x408/0xb70
[ 86.728927][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 86.728943][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 86.728965][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 86.728982][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 86.728998][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 86.729011][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 86.729023][ T4662] ? skb_pull_data+0xfb/0x200
[ 86.729040][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 86.729057][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 86.729076][ T4662] hci_event_packet+0x7af/0x12c0
[ 86.729093][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 86.729109][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 86.729126][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 86.729144][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 86.729163][ T4662] hci_rx_work+0x3ee/0x1030
[ 86.729181][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 86.729203][ T4662] process_scheduled_works+0xb02/0x1830
[ 86.729232][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 86.729252][ T4662] ? assign_work+0x3d5/0x5e0
[ 86.729270][ T4662] worker_thread+0xa50/0xfc0
[ 86.729302][ T4662] kthread+0x388/0x470
[ 86.729313][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 86.729327][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.729338][ T4662] ret_from_fork+0x51e/0xb90
[ 86.729355][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 86.729369][ T4662] ? __switch_to+0xc7d/0x1450
[ 86.729385][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.729397][ T4662] ret_from_fork_asm+0x1a/0x30
[ 86.729423][ T4662]
[ 86.729444][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 86.839895][ T4662] Bluetooth: hci0: failed to register connection device
[ 86.844811][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 86.849215][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 86.849236][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 86.849247][ T4662] Workqueue: hci0 hci_rx_work
[ 86.849272][ T4662] Call Trace:
[ 86.849277][ T4662]
[ 86.849284][ T4662] dump_stack_lvl+0xe8/0x150
[ 86.849310][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 86.849329][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 86.849343][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 86.849365][ T4662] kobject_add_internal+0x62b/0xd00
[ 86.849392][ T4662] kobject_add+0x163/0x240
[ 86.849414][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 86.849435][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 86.849452][ T4662] ? get_device_parent+0x366/0x3a0
[ 86.849472][ T4662] device_add+0x408/0xb70
[ 86.849491][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 86.849511][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 86.849541][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 86.849563][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 86.849581][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 86.849599][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 86.849614][ T4662] ? skb_pull_data+0xfb/0x200
[ 86.849633][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 86.849674][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 86.849700][ T4662] hci_event_packet+0x7af/0x12c0
[ 86.849756][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 86.849779][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 86.849800][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 86.849823][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 86.849848][ T4662] hci_rx_work+0x3ee/0x1030
[ 86.849871][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 86.849893][ T4662] process_scheduled_works+0xb02/0x1830
[ 86.849924][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 86.849943][ T4662] ? assign_work+0x3d5/0x5e0
[ 86.849965][ T4662] worker_thread+0xa50/0xfc0
[ 86.849994][ T4662] kthread+0x388/0x470
[ 86.850029][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 86.850042][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.850054][ T4662] ret_from_fork+0x51e/0xb90
[ 86.850069][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 86.850080][ T4662] ? __switch_to+0xc7d/0x1450
[ 86.850093][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.850106][ T4662] ret_from_fork_asm+0x1a/0x30
[ 86.850135][ T4662]
[ 86.948769][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 86.954301][ T4662] Bluetooth: hci0: failed to register connection device
[ 86.958196][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 86.962021][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 86.962039][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 86.962049][ T4662] Workqueue: hci0 hci_rx_work
[ 86.962071][ T4662] Call Trace:
[ 86.962076][ T4662]
[ 86.962082][ T4662] dump_stack_lvl+0xe8/0x150
[ 86.962101][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 86.962116][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 86.962130][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 86.962145][ T4662] kobject_add_internal+0x62b/0xd00
[ 86.962168][ T4662] kobject_add+0x163/0x240
[ 86.962188][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 86.962204][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 86.962219][ T4662] ? get_device_parent+0x366/0x3a0
[ 86.962231][ T4662] device_add+0x408/0xb70
[ 86.962241][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 86.962251][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 86.962269][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 86.962285][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 86.962301][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 86.962315][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 86.962328][ T4662] ? skb_pull_data+0xfb/0x200
[ 86.962344][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 86.962357][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 86.962369][ T4662] hci_event_packet+0x7af/0x12c0
[ 86.962380][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 86.962390][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 86.962406][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 86.962425][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 86.962445][ T4662] hci_rx_work+0x3ee/0x1030
[ 86.962462][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 86.962478][ T4662] process_scheduled_works+0xb02/0x1830
[ 86.962511][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 86.962527][ T4662] ? assign_work+0x3d5/0x5e0
[ 86.962538][ T4662] worker_thread+0xa50/0xfc0
[ 86.962558][ T4662] kthread+0x388/0x470
[ 86.962567][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 86.962576][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.962583][ T4662] ret_from_fork+0x51e/0xb90
[ 86.962595][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 86.962605][ T4662] ? __switch_to+0xc7d/0x1450
[ 86.962614][ T4662] ? __pfx_kthread+0x10/0x10
[ 86.962621][ T4662] ret_from_fork_asm+0x1a/0x30
[ 86.962657][ T4662]
[ 86.962678][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 87.083322][ T4662] Bluetooth: hci0: failed to register connection device
[ 87.086618][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 87.090994][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 87.091012][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 87.091021][ T4662] Workqueue: hci0 hci_rx_work
[ 87.091042][ T4662] Call Trace:
[ 87.091047][ T4662]
[ 87.091053][ T4662] dump_stack_lvl+0xe8/0x150
[ 87.091072][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 87.091088][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 87.091102][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 87.091118][ T4662] kobject_add_internal+0x62b/0xd00
[ 87.091141][ T4662] kobject_add+0x163/0x240
[ 87.091160][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 87.091173][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 87.091182][ T4662] ? get_device_parent+0x366/0x3a0
[ 87.091198][ T4662] device_add+0x408/0xb70
[ 87.091213][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 87.091230][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 87.091255][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 87.091271][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 87.091287][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 87.091301][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 87.091313][ T4662] ? skb_pull_data+0xfb/0x200
[ 87.091328][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 87.091345][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 87.091364][ T4662] hci_event_packet+0x7af/0x12c0
[ 87.091381][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 87.091397][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 87.091413][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 87.091431][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 87.091450][ T4662] hci_rx_work+0x3ee/0x1030
[ 87.091468][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 87.091484][ T4662] process_scheduled_works+0xb02/0x1830
[ 87.091516][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 87.091535][ T4662] ? assign_work+0x3d5/0x5e0
[ 87.091553][ T4662] worker_thread+0xa50/0xfc0
[ 87.091584][ T4662] kthread+0x388/0x470
[ 87.091596][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 87.091609][ T4662] ? __pfx_kthread+0x10/0x10
[ 87.091621][ T4662] ret_from_fork+0x51e/0xb90
[ 87.091646][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 87.091662][ T4662] ? __switch_to+0xc7d/0x1450
[ 87.091710][ T4662] ? __pfx_kthread+0x10/0x10
[ 87.091723][ T4662] ret_from_fork_asm+0x1a/0x30
[ 87.091752][ T4662]
[ 87.091772][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 87.209778][ T5297] ==================================================================
[ 87.213286][ T5297] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2a0
[ 87.216344][ T5297] Write of size 4 at addr ffff88801fc94010 by task kworker/u5:2/5297
[ 87.219707][ T5297]
[ 87.220801][ T5297] CPU: 0 UID: 0 PID: 5297 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full)
[ 87.220816][ T5297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 87.220824][ T5297] Workqueue: hci0 hci_cmd_sync_work
[ 87.220844][ T5297] Call Trace:
[ 87.220851][ T5297]
[ 87.220856][ T5297] dump_stack_lvl+0xe8/0x150
[ 87.220873][ T5297] print_report+0xba/0x230
[ 87.220886][ T5297] ? hci_conn_drop+0x34/0x2a0
[ 87.220898][ T5297] kasan_report+0x117/0x150
[ 87.220911][ T5297] ? hci_conn_drop+0x34/0x2a0
[ 87.220920][ T5297] kasan_check_range+0x264/0x2c0
[ 87.220936][ T5297] hci_conn_drop+0x34/0x2a0
[ 87.220949][ T5297] ? __pfx_le_read_features_complete+0x10/0x10
[ 87.220960][ T5297] hci_cmd_sync_work+0x262/0x400
[ 87.220973][ T5297] ? process_scheduled_works+0xa25/0x1830
[ 87.220988][ T5297] process_scheduled_works+0xb02/0x1830
[ 87.221006][ T5297] ? __pfx_process_scheduled_works+0x10/0x10
[ 87.221020][ T5297] ? assign_work+0x3d5/0x5e0
[ 87.221034][ T5297] worker_thread+0xa50/0xfc0
[ 87.221052][ T5297] kthread+0x388/0x470
[ 87.221062][ T5297] ? __pfx_worker_thread+0x10/0x10
[ 87.221077][ T5297] ? __pfx_kthread+0x10/0x10
[ 87.221087][ T5297] ret_from_fork+0x51e/0xb90
[ 87.221102][ T5297] ? __pfx_ret_from_fork+0x10/0x10
[ 87.221114][ T5297] ? __switch_to+0xc7d/0x1450
[ 87.221126][ T5297] ? __pfx_kthread+0x10/0x10
[ 87.221136][ T5297] ret_from_fork_asm+0x1a/0x30
[ 87.221155][ T5297]
[ 87.221159][ T5297]
[ 87.281612][ T5297] Allocated by task 5297:
[ 87.283582][ T5297] kasan_save_track+0x3e/0x80
[ 87.285710][ T5297] __kasan_kmalloc+0x93/0xb0
[ 87.288207][ T5297] __kmalloc_cache_noprof+0x31c/0x660
[ 87.291045][ T5297] __hci_conn_add+0x3c4/0x1e00
[ 87.293545][ T5297] le_conn_complete_evt+0x706/0x1430
[ 87.296183][ T5297] hci_le_enh_conn_complete_evt+0x189/0x490
[ 87.298925][ T5297] hci_event_packet+0x7af/0x12c0
[ 87.301291][ T5297] hci_rx_work+0x3ee/0x1030
[ 87.303559][ T5297] process_scheduled_works+0xb02/0x1830
[ 87.305961][ T5297] worker_thread+0xa50/0xfc0
[ 87.307919][ T5297] kthread+0x388/0x470
[ 87.309650][ T5297] ret_from_fork+0x51e/0xb90
[ 87.311472][ T5297] ret_from_fork_asm+0x1a/0x30
[ 87.313494][ T5297]
[ 87.314530][ T5297] Freed by task 4662:
[ 87.316189][ T5297] kasan_save_track+0x3e/0x80
[ 87.318224][ T5297] kasan_save_free_info+0x46/0x50
[ 87.320507][ T5297] __kasan_slab_free+0x5c/0x80
[ 87.322649][ T5297] kfree+0x1c1/0x630
[ 87.324403][ T5297] device_release+0x9e/0x1d0
[ 87.326305][ T5297] kobject_put+0x228/0x560
[ 87.328020][ T5297] hci_conn_del+0xc36/0x1230
[ 87.329886][ T5297] hci_disconn_complete_evt+0x64e/0x950
[ 87.332085][ T5297] hci_event_packet+0x805/0x12c0
[ 87.334035][ T5297] hci_rx_work+0x3ee/0x1030
[ 87.335724][ T5297] process_scheduled_works+0xb02/0x1830
[ 87.337868][ T5297] worker_thread+0xa50/0xfc0
[ 87.339734][ T5297] kthread+0x388/0x470
[ 87.341454][ T5297] ret_from_fork+0x51e/0xb90
[ 87.343402][ T5297] ret_from_fork_asm+0x1a/0x30
[ 87.345692][ T5297]
[ 87.346779][ T5297] The buggy address belongs to the object at ffff88801fc94000
[ 87.346779][ T5297] which belongs to the cache kmalloc-8k of size 8192
[ 87.352581][ T5297] The buggy address is located 16 bytes inside of
[ 87.352581][ T5297] freed 8192-byte region [ffff88801fc94000, ffff88801fc96000)
[ 87.358084][ T5297]
[ 87.359028][ T5297] The buggy address belongs to the physical page:
[ 87.361673][ T5297] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1fc90
[ 87.365289][ T5297] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 87.368454][ T5297] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 87.371230][ T5297] page_type: f5(slab)
[ 87.372719][ T5297] raw: 00fff00000000040 ffff88801a842280 dead000000000122 0000000000000000
[ 87.376302][ T5297] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 87.379798][ T5297] head: 00fff00000000040 ffff88801a842280 dead000000000122 0000000000000000
[ 87.383594][ T5297] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 87.387398][ T5297] head: 00fff00000000003 ffffea00007f2401 00000000ffffffff 00000000ffffffff
[ 87.391223][ T5297] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 87.394995][ T5297] page dumped because: kasan: bad access detected
[ 87.397593][ T5297] page_owner tracks the page as allocated
[ 87.399885][ T5297] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5297, tgid 5297 (kworker/u5:2), ts 85171722980, free_ts 66767870437
[ 87.408561][ T5297] post_alloc_hook+0x231/0x280
[ 87.410522][ T5297] get_page_from_freelist+0x24dc/0x2580
[ 87.412803][ T5297] __alloc_frozen_pages_noprof+0x18d/0x380
[ 87.415125][ T5297] allocate_slab+0x77/0x660
[ 87.416959][ T5297] refill_objects+0x331/0x3c0
[ 87.418969][ T5297] __pcs_replace_empty_main+0x2b9/0x620
[ 87.421105][ T5297] __kmalloc_cache_noprof+0x392/0x660
[ 87.423110][ T5297] __hci_conn_add+0x3c4/0x1e00
[ 87.424949][ T5297] le_conn_complete_evt+0x706/0x1430
[ 87.426904][ T5297] hci_le_enh_conn_complete_evt+0x189/0x490
[ 87.429180][ T5297] hci_event_packet+0x7af/0x12c0
[ 87.430900][ T5297] hci_rx_work+0x3ee/0x1030
[ 87.432714][ T5297] process_scheduled_works+0xb02/0x1830
[ 87.434692][ T5297] worker_thread+0xa50/0xfc0
[ 87.436737][ T5297] kthread+0x388/0x470
[ 87.438470][ T5297] ret_from_fork+0x51e/0xb90
[ 87.440387][ T5297] page last free pid 5216 tgid 5216 stack trace:
[ 87.442844][ T5297] free_unref_folios+0xd38/0x14c0
[ 87.444848][ T5297] folios_put_refs+0x789/0x8d0
[ 87.446865][ T5297] free_pages_and_swap_cache+0x2e7/0x5b0
[ 87.449036][ T5297] tlb_flush_mmu+0x6d3/0xa30
[ 87.450661][ T5297] tlb_finish_mmu+0xf9/0x230
[ 87.452398][ T5297] exit_mmap+0x453/0xdb0
[ 87.454026][ T5297] __mmput+0x118/0x430
[ 87.455709][ T5297] exit_mm+0x168/0x220
[ 87.457426][ T5297] do_exit+0x62e/0x2320
[ 87.459052][ T5297] do_group_exit+0x21b/0x2d0
[ 87.460870][ T5297] __x64_sys_exit_group+0x3f/0x40
[ 87.463003][ T5297] x64_sys_call+0x221a/0x2240
[ 87.464962][ T5297] do_syscall_64+0x14d/0xf80
[ 87.466687][ T5297] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.469140][ T5297]
[ 87.470198][ T5297] Memory state around the buggy address:
[ 87.472474][ T5297] ffff88801fc93f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 87.475622][ T5297] ffff88801fc93f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 87.478762][ T5297] >ffff88801fc94000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.481948][ T5297] ^
[ 87.483820][ T5297] ffff88801fc94080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.486998][ T5297] ffff88801fc94100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.490118][ T5297] ==================================================================
[ 87.500261][ T4662] Bluetooth: hci0: failed to register connection device
[ 87.503803][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 87.508058][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 87.508077][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 87.508086][ T4662] Workqueue: hci0 hci_rx_work
[ 87.508107][ T4662] Call Trace:
[ 87.508112][ T4662]
[ 87.508118][ T4662] dump_stack_lvl+0xe8/0x150
[ 87.508139][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 87.508155][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 87.508169][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 87.508185][ T4662] kobject_add_internal+0x62b/0xd00
[ 87.508207][ T4662] kobject_add+0x163/0x240
[ 87.508225][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 87.508241][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 87.508254][ T4662] ? get_device_parent+0x366/0x3a0
[ 87.508271][ T4662] device_add+0x408/0xb70
[ 87.508288][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 87.508305][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 87.508329][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 87.508346][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 87.508362][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 87.508376][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 87.508388][ T4662] ? skb_pull_data+0xfb/0x200
[ 87.508404][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 87.508422][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 87.508442][ T4662] hci_event_packet+0x7af/0x12c0
[ 87.508461][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 87.508473][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 87.508489][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 87.508507][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 87.508526][ T4662] hci_rx_work+0x3ee/0x1030
[ 87.508545][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 87.508561][ T4662] process_scheduled_works+0xb02/0x1830
[ 87.508582][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 87.508595][ T4662] ? assign_work+0x3d5/0x5e0
[ 87.508611][ T4662] worker_thread+0xa50/0xfc0
[ 87.508641][ T4662] kthread+0x388/0x470
[ 87.508652][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 87.508664][ T4662] ? __pfx_kthread+0x10/0x10
[ 87.508676][ T4662] ret_from_fork+0x51e/0xb90
[ 87.508693][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 87.508707][ T4662] ? __switch_to+0xc7d/0x1450
[ 87.508720][ T4662] ? __pfx_kthread+0x10/0x10
[ 87.508727][ T4662] ret_from_fork_asm+0x1a/0x30
[ 87.508745][ T4662]
[ 87.508760][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 87.611608][ T4662] Bluetooth: hci0: failed to register connection device
[ 87.615048][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 87.621953][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 87.621966][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 87.621974][ T4662] Workqueue: hci0 hci_rx_work
[ 87.621994][ T4662] Call Trace:
[ 87.621999][ T4662]
[ 87.622007][ T4662] dump_stack_lvl+0xe8/0x150
[ 87.622027][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 87.622041][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 87.622050][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 87.622063][ T4662] kobject_add_internal+0x62b/0xd00
[ 87.622084][ T4662] kobject_add+0x163/0x240
[ 87.622103][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 87.622119][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 87.622134][ T4662] ? get_device_parent+0x366/0x3a0
[ 87.622149][ T4662] device_add+0x408/0xb70
[ 87.622159][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 87.622169][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 87.622184][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 87.622194][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 87.622204][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 87.622214][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 87.622223][ T4662] ? skb_pull_data+0xfb/0x200
[ 87.622233][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 87.622245][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 87.622256][ T4662] hci_event_packet+0x7af/0x12c0
[ 87.622267][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 87.622278][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 87.622288][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 87.622300][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 87.622312][ T4662] hci_rx_work+0x3ee/0x1030
[ 87.622324][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 87.622335][ T4662] process_scheduled_works+0xb02/0x1830
[ 87.622355][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 87.622367][ T4662] ? assign_work+0x3d5/0x5e0
[ 87.622378][ T4662] worker_thread+0xa50/0xfc0
[ 87.622398][ T4662] kthread+0x388/0x470
[ 87.622409][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 87.622423][ T4662] ? __pfx_kthread+0x10/0x10
[ 87.622433][ T4662] ret_from_fork+0x51e/0xb90
[ 87.622447][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 87.622456][ T4662] ? __switch_to+0xc7d/0x1450
[ 87.622466][ T4662] ? __pfx_kthread+0x10/0x10
[ 87.622473][ T4662] ret_from_fork_asm+0x1a/0x30
[ 87.622490][ T4662]
[ 87.622504][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 87.728753][ T4662] Bluetooth: hci0: failed to register connection device
[ 87.732537][ T4662] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 87.737030][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 87.737049][ T4662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 87.737060][ T4662] Workqueue: hci0 hci_rx_work
[ 87.737084][ T4662] Call Trace:
[ 87.737089][ T4662]
[ 87.737095][ T4662] dump_stack_lvl+0xe8/0x150
[ 87.737118][ T4662] sysfs_create_dir_ns+0x271/0x2a0
[ 87.737134][ T4662] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 87.737150][ T4662] ? do_raw_spin_unlock+0x4d/0x210
[ 87.737166][ T4662] kobject_add_internal+0x62b/0xd00
[ 87.737191][ T4662] kobject_add+0x163/0x240
[ 87.737212][ T4662] ? __pfx_kobject_add+0x10/0x10
[ 87.737230][ T4662] ? _raw_spin_unlock+0x28/0x50
[ 87.737243][ T4662] ? get_device_parent+0x366/0x3a0
[ 87.737261][ T4662] device_add+0x408/0xb70
[ 87.737278][ T4662] hci_conn_add_sysfs+0xd5/0x210
[ 87.737303][ T4662] le_conn_complete_evt+0xf1d/0x1430
[ 87.737327][ T4662] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 87.737342][ T4662] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 87.737359][ T4662] ? __pfx___mutex_lock+0x10/0x10
[ 87.737372][ T4662] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 87.737384][ T4662] ? skb_pull_data+0xfb/0x200
[ 87.737400][ T4662] hci_le_enh_conn_complete_evt+0x189/0x490
[ 87.737418][ T4662] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 87.737437][ T4662] hci_event_packet+0x7af/0x12c0
[ 87.737455][ T4662] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 87.737470][ T4662] ? __pfx_hci_event_packet+0x10/0x10
[ 87.737486][ T4662] ? kcov_remote_start+0x49a/0x7a0
[ 87.737505][ T4662] ? hci_send_to_monitor+0xe2/0x590
[ 87.737524][ T4662] hci_rx_work+0x3ee/0x1030
[ 87.737543][ T4662] ? process_scheduled_works+0xa25/0x1830
[ 87.737560][ T4662] process_scheduled_works+0xb02/0x1830
[ 87.737590][ T4662] ? __pfx_process_scheduled_works+0x10/0x10
[ 87.737610][ T4662] ? assign_work+0x3d5/0x5e0
[ 87.737628][ T4662] worker_thread+0xa50/0xfc0
[ 87.737664][ T4662] kthread+0x388/0x470
[ 87.737676][ T4662] ? __pfx_worker_thread+0x10/0x10
[ 87.737692][ T4662] ? __pfx_kthread+0x10/0x10
[ 87.737704][ T4662] ret_from_fork+0x51e/0xb90
[ 87.737723][ T4662] ? __pfx_ret_from_fork+0x10/0x10
[ 87.737737][ T4662] ? __switch_to+0xc7d/0x1450
[ 87.737753][ T4662] ? __pfx_kthread+0x10/0x10
[ 87.737765][ T4662] ret_from_fork_asm+0x1a/0x30
[ 87.737791][ T4662]
[ 87.737812][ T4662] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 87.841435][ T5297] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 87.844206][ T5297] CPU: 0 UID: 0 PID: 5297 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full)
[ 87.848035][ T5297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 87.852506][ T5297] Workqueue: hci0 hci_cmd_sync_work
[ 87.854785][ T5297] Call Trace:
[ 87.856166][ T5297]
[ 87.857424][ T5297] vpanic+0x56c/0xa60
[ 87.859168][ T5297] ? __pfx_vpanic+0x10/0x10
[ 87.861196][ T5297] panic+0xc5/0xd0
[ 87.863062][ T5297] ? __pfx_panic+0x10/0x10
[ 87.865111][ T5297] ? preempt_schedule_thunk+0x16/0x30
[ 87.867486][ T5297] ? preempt_schedule_thunk+0x16/0x30
[ 87.869965][ T5297] ? hci_conn_drop+0x34/0x2a0
[ 87.872086][ T5297] check_panic_on_warn+0x89/0xb0
[ 87.874313][ T5297] ? hci_conn_drop+0x34/0x2a0
[ 87.876570][ T5297] end_report+0x73/0x180
[ 87.878177][ T5297] ? hci_conn_drop+0x34/0x2a0
[ 87.879994][ T5297] kasan_report+0x128/0x150
[ 87.882101][ T5297] ? hci_conn_drop+0x34/0x2a0
[ 87.884307][ T5297] kasan_check_range+0x264/0x2c0
[ 87.886493][ T5297] hci_conn_drop+0x34/0x2a0
[ 87.888627][ T5297] ? __pfx_le_read_features_complete+0x10/0x10
[ 87.891243][ T5297] hci_cmd_sync_work+0x262/0x400
[ 87.893437][ T5297] ? process_scheduled_works+0xa25/0x1830
[ 87.895574][ T5297] process_scheduled_works+0xb02/0x1830
[ 87.897835][ T5297] ? __pfx_process_scheduled_works+0x10/0x10
[ 87.900472][ T5297] ? assign_work+0x3d5/0x5e0
[ 87.902364][ T5297] worker_thread+0xa50/0xfc0
[ 87.904392][ T5297] kthread+0x388/0x470
[ 87.906135][ T5297] ? __pfx_worker_thread+0x10/0x10
[ 87.908251][ T5297] ? __pfx_kthread+0x10/0x10
[ 87.910064][ T5297] ret_from_fork+0x51e/0xb90
[ 87.911691][ T5297] ? __pfx_ret_from_fork+0x10/0x10
[ 87.913552][ T5297] ? __switch_to+0xc7d/0x1450
[ 87.915305][ T5297] ? __pfx_kthread+0x10/0x10
[ 87.917125][ T5297] ret_from_fork_asm+0x1a/0x30
[ 87.919136][ T5297]
[ 87.920872][ T5297] Kernel Offset: disabled
[ 87.922634][ T5297] Rebooting in 86400 seconds..