program:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r0, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)
[ 85.386125][ T44] Bluetooth: hci0: command tx timeout
[ 85.463565][ T44] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 85.484525][ T44] CPU: 0 UID: 0 PID: 44 Comm: kworker/u5:0 Not tainted syzkaller #0 PREEMPT(full)
[ 85.484549][ T44] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.484559][ T44] Workqueue: hci0 hci_rx_work
[ 85.484690][ T44] Call Trace:
[ 85.484698][ T44]
[ 85.484707][ T44] dump_stack_lvl+0xe8/0x150
[ 85.484730][ T44] sysfs_create_dir_ns+0x271/0x2a0
[ 85.484749][ T44] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 85.484765][ T44] ? do_raw_spin_unlock+0x4d/0x210
[ 85.484783][ T44] kobject_add_internal+0x62b/0xd00
[ 85.484803][ T44] kobject_add+0x163/0x240
[ 85.494989][ T44] ? __pfx_kobject_add+0x10/0x10
[ 85.495033][ T44] ? _raw_spin_unlock+0x28/0x50
[ 85.495053][ T44] ? get_device_parent+0x366/0x3a0
[ 85.495129][ T44] device_add+0x408/0xb70
[ 85.495149][ T44] hci_conn_add_sysfs+0xd5/0x210
[ 85.495170][ T44] le_conn_complete_evt+0x10e6/0x16b0
[ 85.495194][ T44] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 85.495208][ T44] ? __mutex_unlock_slowpath+0x1be/0x6f0
[ 85.495225][ T44] ? __asan_memcpy+0x40/0x70
[ 85.495251][ T44] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 85.495270][ T44] ? skb_pull_data+0xfb/0x200
[ 85.495291][ T44] hci_le_conn_complete_evt+0x187/0x470
[ 85.495314][ T44] hci_event_packet+0x659/0xef0
[ 85.495331][ T44] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 85.495344][ T44] ? __pfx_hci_event_packet+0x10/0x10
[ 85.495357][ T44] ? kcov_remote_start+0x49a/0x7a0
[ 85.495372][ T44] ? hci_send_to_monitor+0xe2/0x590
[ 85.495387][ T44] hci_rx_work+0x3ee/0x1040
[ 85.495404][ T44] ? process_scheduled_works+0xa70/0x1860
[ 85.495422][ T44] process_scheduled_works+0xb5d/0x1860
[ 85.495455][ T44] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.495475][ T44] ? assign_work+0x3d5/0x5e0
[ 85.495492][ T44] worker_thread+0xa53/0xfc0
[ 85.495524][ T44] kthread+0x388/0x470
[ 85.495538][ T44] ? __pfx_worker_thread+0x10/0x10
[ 85.495552][ T44] ? __pfx_kthread+0x10/0x10
[ 85.495565][ T44] ret_from_fork+0x514/0xb70
[ 85.495585][ T44] ? __pfx_ret_from_fork+0x10/0x10
[ 85.495604][ T44] ? __switch_to+0xc79/0x1410
[ 85.495619][ T44] ? __pfx_kthread+0x10/0x10
[ 85.495632][ T44] ret_from_fork_asm+0x1a/0x30
[ 85.495655][ T44]
[ 85.762411][ T44] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 85.777197][ T44] Bluetooth: hci0: failed to register connection device
[ 85.797951][ T44] Oops: general protection fault, probably for non-canonical address 0xdffffc000000004c: 0000 [#1] SMP KASAN NOPTI
[ 85.804582][ T44] KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]
[ 85.819499][ T44] CPU: 0 UID: 0 PID: 44 Comm: kworker/u5:0 Not tainted syzkaller #0 PREEMPT(full)
[ 85.827166][ T44] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.836617][ T44] Workqueue: hci0 hci_rx_work
[ 85.840867][ T44] RIP: 0010:kasan_byte_accessible+0x12/0x30
[ 85.847212][ T44] Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e
[ 85.862224][ T44] RSP: 0018:ffffc900004674d0 EFLAGS: 00010202
[ 85.867642][ T44] RAX: dffffc0000000000 RBX: ffffffff89791171 RCX: 0000000080000001
[ 85.874276][ T44] RDX: 0000000000000000 RSI: ffffffff89791171 RDI: 000000000000004c
[ 85.879495][ T44] RBP: ffffffff8ab4550a R08: 0000000000000001 R09: 0000000000000000
[ 85.883278][ T44] R10: dffffc0000000000 R11: ffffffff8ab454c0 R12: 0000000000000000
[ 85.886828][ T44] R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001
[ 85.890666][ T44] FS: 0000000000000000(0000) GS:ffff88808c826000(0000) knlGS:0000000000000000
[ 85.897800][ T44] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.902084][ T44] CR2: 00007fa7d90027f0 CR3: 0000000012106000 CR4: 0000000000352ef0
[ 85.909568][ T44] Call Trace:
[ 85.913484][ T44]
[ 85.915690][ T44] __kasan_check_byte+0x12/0x40
[ 85.919231][ T44] lock_acquire+0x84/0x350
[ 85.922473][ T44] ? __pfx___mutex_lock+0x10/0x10
[ 85.925955][ T44] ? l2cap_global_fixed_chan+0x2ee/0x380
[ 85.929913][ T44] lock_sock_nested+0x41/0x100
[ 85.933168][ T44] ? l2cap_sock_new_connection_cb+0x4a/0x2e0
[ 85.937052][ T44] l2cap_sock_new_connection_cb+0x4a/0x2e0
[ 85.942317][ T44] l2cap_connect_cfm+0x368/0x1560
[ 85.955826][ T44] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 85.958764][ T44] ? __pfx_bt_err+0x10/0x10
[ 85.960922][ T44] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 85.963539][ T44] hci_connect_cfm+0x95/0x140
[ 85.976042][ T44] le_conn_complete_evt+0x1134/0x16b0
[ 85.978668][ T44] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 85.981320][ T44] ? __mutex_unlock_slowpath+0x1be/0x6f0
[ 85.984178][ T44] ? __asan_memcpy+0x40/0x70
[ 85.986569][ T44] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 85.989791][ T44] ? skb_pull_data+0xfb/0x200
[ 85.992279][ T44] hci_le_conn_complete_evt+0x187/0x470
[ 85.994766][ T44] hci_event_packet+0x659/0xef0
[ 86.007022][ T44] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 86.009288][ T44] ? __pfx_hci_event_packet+0x10/0x10
[ 86.011874][ T44] ? kcov_remote_start+0x49a/0x7a0
[ 86.014659][ T44] ? hci_send_to_monitor+0xe2/0x590
[ 86.037453][ T44] hci_rx_work+0x3ee/0x1040
[ 86.040447][ T44] ? process_scheduled_works+0xa70/0x1860
[ 86.044938][ T44] process_scheduled_works+0xb5d/0x1860
[ 86.047524][ T44] ? __pfx_process_scheduled_works+0x10/0x10
[ 86.049978][ T44] ? assign_work+0x3d5/0x5e0
[ 86.051731][ T44] worker_thread+0xa53/0xfc0
[ 86.053548][ T44] kthread+0x388/0x470
[ 86.070634][ T44] ? __pfx_worker_thread+0x10/0x10
[ 86.073985][ T44] ? __pfx_kthread+0x10/0x10
[ 86.077546][ T44] ret_from_fork+0x514/0xb70
[ 86.087214][ T44] ? __pfx_ret_from_fork+0x10/0x10
[ 86.090804][ T44] ? __switch_to+0xc79/0x1410
[ 86.095214][ T44] ? __pfx_kthread+0x10/0x10
[ 86.107669][ T44] ret_from_fork_asm+0x1a/0x30
[ 86.111400][ T44]
[ 86.114442][ T44] Modules linked in:
[ 86.118753][ T44] ---[ end trace 0000000000000000 ]---
[ 86.168061][ T44] RIP: 0010:kasan_byte_accessible+0x12/0x30
[ 86.194126][ T44] Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e
[ 86.226968][ T44] RSP: 0018:ffffc900004674d0 EFLAGS: 00010202
[ 86.229783][ T44] RAX: dffffc0000000000 RBX: ffffffff89791171 RCX: 0000000080000001
[ 86.245255][ T44] RDX: 0000000000000000 RSI: ffffffff89791171 RDI: 000000000000004c
[ 86.248558][ T44] RBP: ffffffff8ab4550a R08: 0000000000000001 R09: 0000000000000000
[ 86.252121][ T44] R10: dffffc0000000000 R11: ffffffff8ab454c0 R12: 0000000000000000
[ 86.279009][ T44] R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001
[ 86.284658][ T44] FS: 0000000000000000(0000) GS:ffff88808c826000(0000) knlGS:0000000000000000
[ 86.292471][ T44] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 86.299594][ T44] CR2: 00007fbedb999d20 CR3: 0000000012ba4000 CR4: 0000000000352ef0
[ 86.318287][ T44] Kernel panic - not syncing: Fatal exception
[ 86.321354][ T44] Kernel Offset: disabled
[ 86.323324][ T44] Rebooting in 86400 seconds..