program:
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$inet6(0xa, 0x3, 0x3c)
getpid()
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$inet6(r0, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x801)
getdents64(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r1, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
[ 89.603385][ T44] Bluetooth: hci0: command tx timeout
[ 89.688021][ T44] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 89.693634][ T44] CPU: 0 UID: 0 PID: 44 Comm: kworker/u5:0 Not tainted syzkaller #0 PREEMPT(full)
[ 89.693672][ T44] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 89.693682][ T44] Workqueue: hci0 hci_rx_work
[ 89.693796][ T44] Call Trace:
[ 89.693805][ T44]
[ 89.693811][ T44] dump_stack_lvl+0xe8/0x150
[ 89.693835][ T44] sysfs_create_dir_ns+0x271/0x2a0
[ 89.693856][ T44] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 89.693875][ T44] ? do_raw_spin_unlock+0x4d/0x210
[ 89.693893][ T44] kobject_add_internal+0x62b/0xd00
[ 89.693912][ T44] kobject_add+0x163/0x240
[ 89.693929][ T44] ? __pfx_kobject_add+0x10/0x10
[ 89.693942][ T44] ? _raw_spin_unlock+0x28/0x50
[ 89.693962][ T44] ? get_device_parent+0x366/0x3a0
[ 89.694008][ T44] device_add+0x408/0xbb0
[ 89.694024][ T44] hci_conn_add_sysfs+0xd5/0x210
[ 89.694048][ T44] le_conn_complete_evt+0x10e6/0x16b0
[ 89.694070][ T44] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 89.694084][ T44] ? __mutex_unlock_slowpath+0x1be/0x6f0
[ 89.694102][ T44] ? __asan_memcpy+0x40/0x70
[ 89.694123][ T44] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 89.694140][ T44] ? skb_pull_data+0xfb/0x200
[ 89.694157][ T44] hci_le_conn_complete_evt+0x187/0x470
[ 89.694174][ T44] hci_event_packet+0x659/0xef0
[ 89.694190][ T44] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 89.694203][ T44] ? __pfx_hci_event_packet+0x10/0x10
[ 89.694218][ T44] ? kcov_remote_start+0x49a/0x7a0
[ 89.694236][ T44] ? hci_send_to_monitor+0xe2/0x590
[ 89.694253][ T44] hci_rx_work+0x3ee/0x1040
[ 89.694276][ T44] ? process_scheduled_works+0xa70/0x1860
[ 89.694299][ T44] process_scheduled_works+0xb5d/0x1860
[ 89.694336][ T44] ? __pfx_process_scheduled_works+0x10/0x10
[ 89.694357][ T44] ? assign_work+0x3d5/0x5e0
[ 89.694378][ T44] worker_thread+0xa53/0xfc0
[ 89.694414][ T44] kthread+0x388/0x470
[ 89.694428][ T44] ? __pfx_worker_thread+0x10/0x10
[ 89.694444][ T44] ? __pfx_kthread+0x10/0x10
[ 89.694458][ T44] ret_from_fork+0x514/0xb70
[ 89.694478][ T44] ? __pfx_ret_from_fork+0x10/0x10
[ 89.694495][ T44] ? __switch_to+0xc79/0x1410
[ 89.694512][ T44] ? __pfx_kthread+0x10/0x10
[ 89.694523][ T44] ret_from_fork_asm+0x1a/0x30
[ 89.694545][ T44]
[ 89.806784][ T44] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 89.813400][ T44] Bluetooth: hci0: failed to register connection device
[ 89.827526][ T44] Oops: general protection fault, probably for non-canonical address 0xdffffc000000004c: 0000 [#1] SMP KASAN NOPTI
[ 89.833967][ T44] KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]
[ 89.838155][ T44] CPU: 0 UID: 0 PID: 44 Comm: kworker/u5:0 Not tainted syzkaller #0 PREEMPT(full)
[ 89.843002][ T44] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 89.847856][ T44] Workqueue: hci0 hci_rx_work
[ 89.850035][ T44] RIP: 0010:kasan_byte_accessible+0x12/0x30
[ 89.852547][ T44] Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e
[ 89.862012][ T44] RSP: 0018:ffffc900004674d0 EFLAGS: 00010202
[ 89.864890][ T44] RAX: dffffc0000000000 RBX: ffffffff897c90c1 RCX: 0000000080000001
[ 89.869036][ T44] RDX: 0000000000000000 RSI: ffffffff897c90c1 RDI: 000000000000004c
[ 89.872574][ T44] RBP: ffffffff8ab7d45a R08: 0000000000000001 R09: 0000000000000000
[ 89.876173][ T44] R10: dffffc0000000000 R11: ffffffff8ab7d410 R12: 0000000000000000
[ 89.880524][ T44] R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001
[ 89.884745][ T44] FS: 0000000000000000(0000) GS:ffff88808c812000(0000) knlGS:0000000000000000
[ 89.889061][ T44] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 89.892557][ T44] CR2: 00007f4183ded6b8 CR3: 0000000011f86000 CR4: 0000000000352ef0
[ 89.896252][ T44] Call Trace:
[ 89.897826][ T44]
[ 89.899301][ T44] __kasan_check_byte+0x12/0x40
[ 89.902096][ T44] lock_acquire+0x84/0x350
[ 89.904816][ T44] ? __pfx___mutex_lock+0x10/0x10
[ 89.907281][ T44] ? l2cap_global_fixed_chan+0x2ee/0x380
[ 89.909931][ T44] lock_sock_nested+0x41/0x100
[ 89.912194][ T44] ? l2cap_sock_new_connection_cb+0x4a/0x2e0
[ 89.915591][ T44] l2cap_sock_new_connection_cb+0x4a/0x2e0
[ 89.918636][ T44] l2cap_connect_cfm+0x368/0x1560
[ 89.920993][ T44] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 89.923392][ T44] ? __pfx_bt_err+0x10/0x10
[ 89.925467][ T44] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 89.928033][ T44] hci_connect_cfm+0x95/0x140
[ 89.930227][ T44] le_conn_complete_evt+0x1134/0x16b0
[ 89.932438][ T44] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 89.934835][ T44] ? __mutex_unlock_slowpath+0x1be/0x6f0
[ 89.937294][ T44] ? __asan_memcpy+0x40/0x70
[ 89.939991][ T44] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 89.943388][ T44] ? skb_pull_data+0xfb/0x200
[ 89.945610][ T44] hci_le_conn_complete_evt+0x187/0x470
[ 89.948176][ T44] hci_event_packet+0x659/0xef0
[ 89.950373][ T44] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 89.952895][ T44] ? __pfx_hci_event_packet+0x10/0x10
[ 89.955621][ T44] ? kcov_remote_start+0x49a/0x7a0
[ 89.958010][ T44] ? hci_send_to_monitor+0xe2/0x590
[ 89.960281][ T44] hci_rx_work+0x3ee/0x1040
[ 89.962364][ T44] ? process_scheduled_works+0xa70/0x1860
[ 89.965028][ T44] process_scheduled_works+0xb5d/0x1860
[ 89.968106][ T44] ? __pfx_process_scheduled_works+0x10/0x10
[ 89.971277][ T44] ? assign_work+0x3d5/0x5e0
[ 89.973429][ T44] worker_thread+0xa53/0xfc0
[ 89.975509][ T44] kthread+0x388/0x470
[ 89.977399][ T44] ? __pfx_worker_thread+0x10/0x10
[ 89.980214][ T44] ? __pfx_kthread+0x10/0x10
[ 89.982964][ T44] ret_from_fork+0x514/0xb70
[ 89.985236][ T44] ? __pfx_ret_from_fork+0x10/0x10
[ 89.987502][ T44] ? __switch_to+0xc79/0x1410
[ 89.989538][ T44] ? __pfx_kthread+0x10/0x10
[ 89.991847][ T44] ret_from_fork_asm+0x1a/0x30
[ 89.994076][ T44]
[ 89.995851][ T44] Modules linked in:
[ 89.998418][ T44] ---[ end trace 0000000000000000 ]---
[ 90.007396][ T44] RIP: 0010:kasan_byte_accessible+0x12/0x30
[ 90.010605][ T44] Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e
[ 90.020547][ T44] RSP: 0018:ffffc900004674d0 EFLAGS: 00010202
[ 90.024557][ T44] RAX: dffffc0000000000 RBX: ffffffff897c90c1 RCX: 0000000080000001
[ 90.027985][ T44] RDX: 0000000000000000 RSI: ffffffff897c90c1 RDI: 000000000000004c
[ 90.032221][ T44] RBP: ffffffff8ab7d45a R08: 0000000000000001 R09: 0000000000000000
[ 90.036189][ T44] R10: dffffc0000000000 R11: ffffffff8ab7d410 R12: 0000000000000000
[ 90.041504][ T44] R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001
[ 90.045039][ T44] FS: 0000000000000000(0000) GS:ffff88808c812000(0000) knlGS:0000000000000000
[ 90.050501][ T44] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 90.053479][ T44] CR2: 00007f41849709a0 CR3: 00000000124a2000 CR4: 0000000000352ef0
[ 90.057912][ T44] Kernel panic - not syncing: Fatal exception
[ 90.061357][ T44] Kernel Offset: disabled
[ 90.063287][ T44] Rebooting in 86400 seconds..