program:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f00000002c0), 0x400, 0x141003)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r1, 0xc040564b, &(0x7f0000000040)={0x100, 0x0, 0x6001, 0xffff, 0x1aa, {0x0, 0x8}, 0x1})
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r0, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)
[ 85.031404][ T5286] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 85.036327][ T5286] CPU: 0 UID: 0 PID: 5286 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full)
[ 85.036345][ T5286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.036355][ T5286] Workqueue: hci0 hci_rx_work
[ 85.036476][ T5286] Call Trace:
[ 85.036487][ T5286]
[ 85.036493][ T5286] dump_stack_lvl+0xe8/0x150
[ 85.036521][ T5286] sysfs_create_dir_ns+0x271/0x2a0
[ 85.036537][ T5286] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 85.036550][ T5286] ? do_raw_spin_unlock+0x4d/0x210
[ 85.036568][ T5286] kobject_add_internal+0x62b/0xd00
[ 85.036589][ T5286] kobject_add+0x163/0x240
[ 85.036605][ T5286] ? __pfx_kobject_add+0x10/0x10
[ 85.036620][ T5286] ? _raw_spin_unlock+0x28/0x50
[ 85.036632][ T5286] ? get_device_parent+0x366/0x3a0
[ 85.036699][ T5286] device_add+0x408/0xbb0
[ 85.036714][ T5286] hci_conn_add_sysfs+0xd5/0x210
[ 85.036729][ T5286] le_conn_complete_evt+0x10e6/0x16b0
[ 85.036750][ T5286] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 85.036764][ T5286] ? __mutex_unlock_slowpath+0x1be/0x6f0
[ 85.036777][ T5286] ? __asan_memcpy+0x40/0x70
[ 85.036792][ T5286] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 85.036803][ T5286] ? skb_pull_data+0xfb/0x200
[ 85.036819][ T5286] hci_le_conn_complete_evt+0x187/0x470
[ 85.036831][ T5286] hci_event_packet+0x659/0xef0
[ 85.036843][ T5286] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 85.036852][ T5286] ? __pfx_hci_event_packet+0x10/0x10
[ 85.036862][ T5286] ? kcov_remote_start+0x49a/0x7a0
[ 85.036874][ T5286] ? hci_send_to_monitor+0xe2/0x590
[ 85.036886][ T5286] hci_rx_work+0x3ee/0x1040
[ 85.036903][ T5286] ? process_scheduled_works+0xa70/0x1860
[ 85.036916][ T5286] process_scheduled_works+0xb5d/0x1860
[ 85.036946][ T5286] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.036958][ T5286] ? assign_work+0x3d5/0x5e0
[ 85.036971][ T5286] worker_thread+0xa53/0xfc0
[ 85.036998][ T5286] kthread+0x388/0x470
[ 85.037013][ T5286] ? __pfx_worker_thread+0x10/0x10
[ 85.037023][ T5286] ? __pfx_kthread+0x10/0x10
[ 85.037039][ T5286] ret_from_fork+0x514/0xb70
[ 85.037055][ T5286] ? __pfx_ret_from_fork+0x10/0x10
[ 85.037066][ T5286] ? __switch_to+0xc79/0x1410
[ 85.037080][ T5286] ? __pfx_kthread+0x10/0x10
[ 85.037094][ T5286] ret_from_fork_asm+0x1a/0x30
[ 85.037117][ T5286]
[ 85.037317][ T5286] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 85.149732][ T5286] Bluetooth: hci0: failed to register connection device
[ 85.157861][ T5286] Oops: general protection fault, probably for non-canonical address 0xdffffc000000004c: 0000 [#1] SMP KASAN NOPTI
[ 85.163069][ T5286] KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]
[ 85.167571][ T5286] CPU: 0 UID: 0 PID: 5286 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full)
[ 85.171557][ T5286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.176041][ T5286] Workqueue: hci0 hci_rx_work
[ 85.178166][ T5286] RIP: 0010:kasan_byte_accessible+0x12/0x30
[ 85.181158][ T5286] Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e
[ 85.189406][ T5286] RSP: 0018:ffffc9000dd074d0 EFLAGS: 00010202
[ 85.192069][ T5286] RAX: dffffc0000000000 RBX: ffffffff8975f221 RCX: 0000000080000001
[ 85.195548][ T5286] RDX: 0000000000000000 RSI: ffffffff8975f221 RDI: 000000000000004c
[ 85.199057][ T5286] RBP: ffffffff8aac5cda R08: 0000000000000001 R09: 0000000000000000
[ 85.202666][ T5286] R10: dffffc0000000000 R11: ffffffff8aac5c90 R12: 0000000000000000
[ 85.205880][ T5286] R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001
[ 85.209035][ T5286] FS: 0000000000000000(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000
[ 85.212581][ T5286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.215411][ T5286] CR2: 00007f4e6b820700 CR3: 0000000039106000 CR4: 0000000000352ef0
[ 85.218746][ T5286] Call Trace:
[ 85.220232][ T5286]
[ 85.221615][ T5286] __kasan_check_byte+0x12/0x40
[ 85.223809][ T5286] lock_acquire+0x84/0x350
[ 85.225720][ T5286] ? __pfx___mutex_lock+0x10/0x10
[ 85.227800][ T5286] ? l2cap_global_fixed_chan+0x2ee/0x380
[ 85.230065][ T5286] lock_sock_nested+0x41/0x100
[ 85.232002][ T5286] ? l2cap_sock_new_connection_cb+0x4a/0x2e0
[ 85.234346][ T5286] l2cap_sock_new_connection_cb+0x4a/0x2e0
[ 85.236662][ T5286] l2cap_connect_cfm+0x368/0x1560
[ 85.238629][ T5286] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 85.240956][ T5286] ? __pfx_bt_err+0x10/0x10
[ 85.243039][ T5286] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 85.245470][ T5286] hci_connect_cfm+0x95/0x140
[ 85.247501][ T5286] le_conn_complete_evt+0x1134/0x16b0
[ 85.249782][ T5286] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 85.252236][ T5286] ? __mutex_unlock_slowpath+0x1be/0x6f0
[ 85.254639][ T5286] ? __asan_memcpy+0x40/0x70
[ 85.256609][ T5286] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 85.259152][ T5286] ? skb_pull_data+0xfb/0x200
[ 85.261156][ T5286] hci_le_conn_complete_evt+0x187/0x470
[ 85.263535][ T5286] hci_event_packet+0x659/0xef0
[ 85.265496][ T5286] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 85.267589][ T5286] ? __pfx_hci_event_packet+0x10/0x10
[ 85.269694][ T5286] ? kcov_remote_start+0x49a/0x7a0
[ 85.271747][ T5286] ? hci_send_to_monitor+0xe2/0x590
[ 85.273924][ T5286] hci_rx_work+0x3ee/0x1040
[ 85.275942][ T5286] ? process_scheduled_works+0xa70/0x1860
[ 85.278261][ T5286] process_scheduled_works+0xb5d/0x1860
[ 85.280410][ T5286] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.282907][ T5286] ? assign_work+0x3d5/0x5e0
[ 85.284904][ T5286] worker_thread+0xa53/0xfc0
[ 85.286931][ T5286] kthread+0x388/0x470
[ 85.288806][ T5286] ? __pfx_worker_thread+0x10/0x10
[ 85.291034][ T5286] ? __pfx_kthread+0x10/0x10
[ 85.292970][ T5286] ret_from_fork+0x514/0xb70
[ 85.294952][ T5286] ? __pfx_ret_from_fork+0x10/0x10
[ 85.297200][ T5286] ? __switch_to+0xc79/0x1410
[ 85.299307][ T5286] ? __pfx_kthread+0x10/0x10
[ 85.301332][ T5286] ret_from_fork_asm+0x1a/0x30
[ 85.303438][ T5286]
[ 85.305145][ T5286] Modules linked in:
[ 85.307337][ T5286] ---[ end trace 0000000000000000 ]---
[ 85.318147][ T5286] RIP: 0010:kasan_byte_accessible+0x12/0x30
[ 85.321351][ T5286] Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e
[ 85.329896][ T5286] RSP: 0018:ffffc9000dd074d0 EFLAGS: 00010202
[ 85.332817][ T5286] RAX: dffffc0000000000 RBX: ffffffff8975f221 RCX: 0000000080000001
[ 85.336231][ T5286] RDX: 0000000000000000 RSI: ffffffff8975f221 RDI: 000000000000004c
[ 85.339706][ T5286] RBP: ffffffff8aac5cda R08: 0000000000000001 R09: 0000000000000000
[ 85.343080][ T5286] R10: dffffc0000000000 R11: ffffffff8aac5c90 R12: 0000000000000000
[ 85.347794][ T5286] R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001
[ 85.351111][ T5286] FS: 0000000000000000(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000
[ 85.354699][ T5286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.357440][ T5286] CR2: 00007fa15bfee6b8 CR3: 0000000012199000 CR4: 0000000000352ef0
[ 85.360853][ T5286] Kernel panic - not syncing: Fatal exception
[ 85.363848][ T5286] Kernel Offset: disabled
[ 85.365759][ T5286] Rebooting in 86400 seconds..