ame: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 415.269393][ T1998] Workqueue: hci1 hci_rx_work
[ 415.274041][ T1998] Call Trace:
[ 415.277290][ T1998]
[ 415.280190][ T1998] dump_stack_lvl+0x41/0x5e
[ 415.284658][ T1998] sysfs_warn_dup.cold+0x17/0x24
[ 415.289565][ T1998] sysfs_create_dir_ns+0x1e7/0x260
[ 415.294733][ T1998] ? sysfs_create_mount_point+0x80/0x80
[ 415.300246][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 415.305159][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 415.310420][ T1998] kobject_add_internal+0x281/0x920
[ 415.315680][ T1998] kobject_add+0x120/0x190
[ 415.320073][ T1998] ? kset_create_and_add+0x170/0x170
[ 415.325326][ T1998] ? fs_reclaim_acquire+0xb2/0x160
[ 415.330404][ T1998] ? lockdep_init_map_type+0x2c1/0x600
[ 415.335828][ T1998] ? kasan_unpoison+0x40/0x60
[ 415.340492][ T1998] ? __raw_spin_lock_init+0x36/0x110
[ 415.345742][ T1998] ? kobject_get.part.0+0x16/0x50
[ 415.350734][ T1998] device_add+0x2df/0x1b30
[ 415.355122][ T1998] ? device_initialize+0x5a0/0x5a0
[ 415.360199][ T1998] ? __fw_devlink_link_to_suppliers+0x260/0x260
[ 415.366496][ T1998] ? hci_debugfs_create_conn+0x134/0x1d0
[ 415.372099][ T1998] ? hci_debugfs_create_le+0x830/0x830
[ 415.377610][ T1998] hci_conn_add_sysfs+0x145/0x1e0
[ 415.382600][ T1998] le_conn_complete_evt+0xb71/0x1ab0
[ 415.387855][ T1998] ? hci_encrypt_change_evt.isra.0+0xed0/0xed0
[ 415.393981][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 415.399837][ T1998] ? find_held_lock+0x2d/0x110
[ 415.404564][ T1998] hci_le_meta_evt+0x71b/0x3c90
[ 415.409382][ T1998] ? __mutex_lock+0x216/0xec0
[ 415.414035][ T1998] ? le_conn_complete_evt+0x1ab0/0x1ab0
[ 415.419593][ T1998] ? mutex_lock_io_nested+0xd30/0xd30
[ 415.425050][ T1998] ? wait_for_completion+0x220/0x220
[ 415.430406][ T1998] ? hci_abort_conn+0x109/0x200
[ 415.435233][ T1998] ? find_held_lock+0x2d/0x110
[ 415.440162][ T1998] hci_event_packet+0x4c5/0x8420
[ 415.445073][ T1998] ? register_lock_class+0xbb/0x15c0
[ 415.450339][ T1998] ? find_held_lock+0x2d/0x110
[ 415.455245][ T1998] ? hci_cmd_status_evt+0x5520/0x5520
[ 415.460670][ T1998] ? register_lock_class+0xbb/0x15c0
[ 415.465922][ T1998] ? lock_downgrade+0x520/0x520
[ 415.470752][ T1998] ? find_held_lock+0x2d/0x110
[ 415.475584][ T1998] ? lock_downgrade+0x520/0x520
[ 415.480401][ T1998] ? lock_acquire+0x132/0x270
[ 415.485045][ T1998] ? skb_dequeue+0x19/0x1a0
[ 415.489527][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 415.494706][ T1998] hci_rx_work+0x3e8/0xab0
[ 415.499093][ T1998] process_one_work+0x800/0x11d0
[ 415.504012][ T1998] ? mod_delayed_work_on+0x280/0x280
[ 415.509446][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 415.514498][ T1998] ? lock_acquire+0x132/0x270
[ 415.519157][ T1998] worker_thread+0x4a0/0xdd0
[ 415.523721][ T1998] ? __kthread_parkme+0x7e/0x150
[ 415.528637][ T1998] ? rescuer_thread+0xb30/0xb30
[ 415.533587][ T1998] kthread+0x31b/0x3e0
[ 415.537643][ T1998] ? set_kthread_struct+0x100/0x100
[ 415.542824][ T1998] ret_from_fork+0x1f/0x30
[ 415.547302][ T1998]
[ 415.550541][ T1998] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 415.563747][ T1998] Bluetooth: hci1: failed to register connection device
[ 415.570870][ T1998] Bluetooth: hci1: link tx timeout
[ 415.576021][ T1998] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[ 415.583807][ T1998] Bluetooth: hci1: link tx timeout
[ 415.588998][ T1998] Bluetooth: hci1: killing stalled connection 00:00:00:00:00:00
[ 415.596622][ T1998] Bluetooth: hci1: killing stalled connection 00:00:00:00:00:00
[ 415.604427][ T1998] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[ 415.612152][ T1998] debugfs: Directory '201' with parent 'hci1' already present!
[ 415.619878][ T1998] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[ 415.629363][ T1998] CPU: 0 PID: 1998 Comm: kworker/u5:2 Not tainted syzkaller #0
[ 415.636993][ T1998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 415.647150][ T1998] Workqueue: hci1 hci_rx_work
[ 415.651874][ T1998] Call Trace:
[ 415.655144][ T1998]
[ 415.658055][ T1998] dump_stack_lvl+0x41/0x5e
[ 415.662544][ T1998] sysfs_warn_dup.cold+0x17/0x24
[ 415.667492][ T1998] sysfs_create_dir_ns+0x1e7/0x260
[ 415.672572][ T1998] ? sysfs_create_mount_point+0x80/0x80
[ 415.678088][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 415.683010][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 415.688190][ T1998] kobject_add_internal+0x281/0x920
[ 415.693392][ T1998] kobject_add+0x120/0x190
[ 415.697790][ T1998] ? kset_create_and_add+0x170/0x170
[ 415.703046][ T1998] ? fs_reclaim_acquire+0xb2/0x160
[ 415.708237][ T1998] ? lockdep_init_map_type+0x2c1/0x600
[ 415.713670][ T1998] ? kasan_unpoison+0x40/0x60
[ 415.718338][ T1998] ? __raw_spin_lock_init+0x36/0x110
[ 415.723608][ T1998] ? kobject_get.part.0+0x16/0x50
[ 415.728617][ T1998] device_add+0x2df/0x1b30
[ 415.733011][ T1998] ? device_initialize+0x5a0/0x5a0
[ 415.738107][ T1998] ? __fw_devlink_link_to_suppliers+0x260/0x260
[ 415.744476][ T1998] ? hci_debugfs_create_conn+0x134/0x1d0
[ 415.750201][ T1998] ? hci_debugfs_create_le+0x830/0x830
[ 415.755647][ T1998] hci_conn_add_sysfs+0x145/0x1e0
[ 415.760756][ T1998] le_conn_complete_evt+0xb71/0x1ab0
[ 415.766025][ T1998] ? hci_encrypt_change_evt.isra.0+0xed0/0xed0
[ 415.772158][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 415.778109][ T1998] ? find_held_lock+0x2d/0x110
[ 415.782844][ T1998] hci_le_meta_evt+0x71b/0x3c90
[ 415.787681][ T1998] ? __mutex_lock+0x216/0xec0
[ 415.792372][ T1998] ? le_conn_complete_evt+0x1ab0/0x1ab0
[ 415.797971][ T1998] ? mutex_lock_io_nested+0xd30/0xd30
[ 415.803325][ T1998] ? lock_downgrade+0x520/0x520
[ 415.808142][ T1998] ? wait_for_completion+0x220/0x220
[ 415.813423][ T1998] ? find_held_lock+0x2d/0x110
[ 415.818155][ T1998] hci_event_packet+0x4c5/0x8420
[ 415.823065][ T1998] ? register_lock_class+0xbb/0x15c0
[ 415.828326][ T1998] ? find_held_lock+0x2d/0x110
[ 415.833074][ T1998] ? hci_cmd_status_evt+0x5520/0x5520
[ 415.838493][ T1998] ? register_lock_class+0xbb/0x15c0
[ 415.843744][ T1998] ? lock_downgrade+0x520/0x520
[ 415.848572][ T1998] ? find_held_lock+0x2d/0x110
[ 415.853494][ T1998] ? lock_downgrade+0x520/0x520
[ 415.858327][ T1998] ? lock_acquire+0x132/0x270
[ 415.862971][ T1998] ? skb_dequeue+0x19/0x1a0
[ 415.867456][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 415.872644][ T1998] hci_rx_work+0x3e8/0xab0
[ 415.877047][ T1998] process_one_work+0x800/0x11d0
[ 415.881969][ T1998] ? mod_delayed_work_on+0x280/0x280
[ 415.887222][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 415.892138][ T1998] ? lock_acquire+0x132/0x270
[ 415.896806][ T1998] worker_thread+0x4a0/0xdd0
[ 415.901362][ T1998] ? __kthread_parkme+0x7e/0x150
[ 415.906264][ T1998] ? rescuer_thread+0xb30/0xb30
[ 415.911172][ T1998] kthread+0x31b/0x3e0
[ 415.915206][ T1998] ? set_kthread_struct+0x100/0x100
[ 415.920366][ T1998] ret_from_fork+0x1f/0x30
[ 415.924761][ T1998]
[ 415.927876][ T1998] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 415.941073][ T1998] Bluetooth: hci1: failed to register connection device
[ 415.948308][ T1998] Bluetooth: hci1: link tx timeout
[ 415.953472][ T1998] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[ 415.961999][ T1998] Bluetooth: hci1: link tx timeout
[ 415.967266][ T1998] Bluetooth: hci1: killing stalled connection 00:00:00:00:00:00
[ 415.974966][ T1998] Bluetooth: hci1: killing stalled connection 00:00:00:00:00:00
[ 415.982683][ T1998] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[ 415.990493][ T1998] debugfs: Directory '201' with parent 'hci1' already present!
[ 415.998155][ T1998] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[ 416.007771][ T1998] CPU: 1 PID: 1998 Comm: kworker/u5:2 Not tainted syzkaller #0
[ 416.015306][ T1998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 416.025367][ T1998] Workqueue: hci1 hci_rx_work
[ 416.030053][ T1998] Call Trace:
[ 416.033430][ T1998]
[ 416.036360][ T1998] dump_stack_lvl+0x41/0x5e
[ 416.040872][ T1998] sysfs_warn_dup.cold+0x17/0x24
[ 416.045915][ T1998] sysfs_create_dir_ns+0x1e7/0x260
[ 416.051046][ T1998] ? sysfs_create_mount_point+0x80/0x80
[ 416.056595][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 416.061546][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 416.066759][ T1998] kobject_add_internal+0x281/0x920
[ 416.071966][ T1998] kobject_add+0x120/0x190
[ 416.076481][ T1998] ? kset_create_and_add+0x170/0x170
[ 416.081764][ T1998] ? fs_reclaim_acquire+0xb2/0x160
[ 416.086883][ T1998] ? lockdep_init_map_type+0x2c1/0x600
[ 416.092339][ T1998] ? kasan_unpoison+0x40/0x60
[ 416.097021][ T1998] ? __raw_spin_lock_init+0x36/0x110
[ 416.102309][ T1998] ? kobject_get.part.0+0x16/0x50
[ 416.107337][ T1998] device_add+0x2df/0x1b30
[ 416.111748][ T1998] ? device_initialize+0x5a0/0x5a0
[ 416.116856][ T1998] ? __fw_devlink_link_to_suppliers+0x260/0x260
[ 416.123097][ T1998] ? hci_debugfs_create_conn+0x134/0x1d0
[ 416.128728][ T1998] ? hci_debugfs_create_le+0x830/0x830
[ 416.134190][ T1998] hci_conn_add_sysfs+0x145/0x1e0
[ 416.139213][ T1998] le_conn_complete_evt+0xb71/0x1ab0
[ 416.144497][ T1998] ? hci_encrypt_change_evt.isra.0+0xed0/0xed0
[ 416.150633][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 416.156513][ T1998] ? find_held_lock+0x2d/0x110
[ 416.161350][ T1998] hci_le_meta_evt+0x71b/0x3c90
[ 416.166196][ T1998] ? __mutex_lock+0x216/0xec0
[ 416.170871][ T1998] ? le_conn_complete_evt+0x1ab0/0x1ab0
[ 416.176418][ T1998] ? mutex_lock_io_nested+0xd30/0xd30
[ 416.181788][ T1998] ? lock_downgrade+0x520/0x520
[ 416.186662][ T1998] ? wait_for_completion+0x220/0x220
[ 416.191954][ T1998] ? rcu_is_watching+0x11/0xa0
[ 416.196807][ T1998] ? find_held_lock+0x2d/0x110
[ 416.201571][ T1998] hci_event_packet+0x4c5/0x8420
[ 416.206502][ T1998] ? register_lock_class+0xbb/0x15c0
[ 416.212134][ T1998] ? find_held_lock+0x2d/0x110
[ 416.216898][ T1998] ? hci_cmd_status_evt+0x5520/0x5520
[ 416.222261][ T1998] ? register_lock_class+0xbb/0x15c0
[ 416.228155][ T1998] ? lock_downgrade+0x520/0x520
[ 416.233284][ T1998] ? find_held_lock+0x2d/0x110
[ 416.238041][ T1998] ? lock_downgrade+0x520/0x520
[ 416.242981][ T1998] ? lock_acquire+0x132/0x270
[ 416.247729][ T1998] ? skb_dequeue+0x19/0x1a0
[ 416.252232][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 416.257425][ T1998] hci_rx_work+0x3e8/0xab0
[ 416.261836][ T1998] process_one_work+0x800/0x11d0
[ 416.266760][ T1998] ? mod_delayed_work_on+0x280/0x280
[ 416.272032][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 416.276952][ T1998] ? lock_acquire+0x132/0x270
[ 416.281617][ T1998] worker_thread+0x4a0/0xdd0
[ 416.286200][ T1998] ? __kthread_parkme+0x7e/0x150
[ 416.291125][ T1998] ? rescuer_thread+0xb30/0xb30
[ 416.295956][ T1998] kthread+0x31b/0x3e0
[ 416.300092][ T1998] ? set_kthread_struct+0x100/0x100
[ 416.305280][ T1998] ret_from_fork+0x1f/0x30
[ 416.309690][ T1998]
[ 416.312900][ T1998] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 416.326767][ T1998] Bluetooth: hci1: failed to register connection device
[ 416.334004][ T1998] Bluetooth: hci1: link tx timeout
[ 416.339182][ T1998] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[ 416.346830][ T1998] Bluetooth: hci1: link tx timeout
[ 416.352139][ T1998] Bluetooth: hci1: killing stalled connection 00:00:00:00:00:00
[ 416.361749][ T1998] Bluetooth: hci1: killing stalled connection 00:00:00:00:00:00
[ 416.369449][ T1998] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[ 416.377821][ T1998] debugfs: Directory '201' with parent 'hci1' already present!
[ 416.385586][ T1998] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[ 416.395085][ T1998] CPU: 1 PID: 1998 Comm: kworker/u5:2 Not tainted syzkaller #0
[ 416.402616][ T1998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 416.412671][ T1998] Workqueue: hci1 hci_rx_work
[ 416.417343][ T1998] Call Trace:
[ 416.420628][ T1998]
[ 416.423586][ T1998] dump_stack_lvl+0x41/0x5e
[ 416.428091][ T1998] sysfs_warn_dup.cold+0x17/0x24
[ 416.433018][ T1998] sysfs_create_dir_ns+0x1e7/0x260
[ 416.438126][ T1998] ? sysfs_create_mount_point+0x80/0x80
[ 416.443662][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 416.448586][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 416.453777][ T1998] kobject_add_internal+0x281/0x920
[ 416.458960][ T1998] kobject_add+0x120/0x190
[ 416.463363][ T1998] ? kset_create_and_add+0x170/0x170
[ 416.468625][ T1998] ? fs_reclaim_acquire+0xb2/0x160
[ 416.473723][ T1998] ? lockdep_init_map_type+0x2c1/0x600
[ 416.479166][ T1998] ? kasan_unpoison+0x40/0x60
[ 416.483827][ T1998] ? __raw_spin_lock_init+0x36/0x110
[ 416.489096][ T1998] ? kobject_get.part.0+0x16/0x50
[ 416.494100][ T1998] device_add+0x2df/0x1b30
[ 416.498504][ T1998] ? device_initialize+0x5a0/0x5a0
[ 416.503601][ T1998] ? __fw_devlink_link_to_suppliers+0x260/0x260
[ 416.509829][ T1998] ? hci_debugfs_create_conn+0x134/0x1d0
[ 416.515448][ T1998] ? hci_debugfs_create_le+0x830/0x830
[ 416.520890][ T1998] hci_conn_add_sysfs+0x145/0x1e0
[ 416.525905][ T1998] le_conn_complete_evt+0xb71/0x1ab0
[ 416.531264][ T1998] ? hci_encrypt_change_evt.isra.0+0xed0/0xed0
[ 416.537407][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 416.543283][ T1998] ? find_held_lock+0x2d/0x110
[ 416.548117][ T1998] hci_le_meta_evt+0x71b/0x3c90
[ 416.552952][ T1998] ? __mutex_lock+0x216/0xec0
[ 416.557617][ T1998] ? le_conn_complete_evt+0x1ab0/0x1ab0
[ 416.563157][ T1998] ? mutex_lock_io_nested+0xd30/0xd30
[ 416.568509][ T1998] ? lock_downgrade+0x520/0x520
[ 416.573342][ T1998] ? wait_for_completion+0x220/0x220
[ 416.578612][ T1998] ? rcu_is_watching+0x11/0xa0
[ 416.583373][ T1998] ? find_held_lock+0x2d/0x110
[ 416.588118][ T1998] hci_event_packet+0x4c5/0x8420
[ 416.593039][ T1998] ? register_lock_class+0xbb/0x15c0
[ 416.598305][ T1998] ? find_held_lock+0x2d/0x110
[ 416.603051][ T1998] ? hci_cmd_status_evt+0x5520/0x5520
[ 416.608403][ T1998] ? register_lock_class+0xbb/0x15c0
[ 416.613667][ T1998] ? lock_downgrade+0x520/0x520
[ 416.618502][ T1998] ? find_held_lock+0x2d/0x110
[ 416.623259][ T1998] ? lock_downgrade+0x520/0x520
[ 416.628265][ T1998] ? lock_acquire+0x132/0x270
[ 416.632924][ T1998] ? skb_dequeue+0x19/0x1a0
[ 416.637412][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 416.642591][ T1998] hci_rx_work+0x3e8/0xab0
[ 416.647007][ T1998] process_one_work+0x800/0x11d0
[ 416.651931][ T1998] ? mod_delayed_work_on+0x280/0x280
[ 416.657198][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 416.662124][ T1998] ? lock_acquire+0x132/0x270
[ 416.666786][ T1998] worker_thread+0x4a0/0xdd0
[ 416.671374][ T1998] ? __kthread_parkme+0x7e/0x150
[ 416.676293][ T1998] ? rescuer_thread+0xb30/0xb30
[ 416.681126][ T1998] kthread+0x31b/0x3e0
[ 416.685186][ T1998] ? set_kthread_struct+0x100/0x100
[ 416.690374][ T1998] ret_from_fork+0x1f/0x30
[ 416.694779][ T1998]
[ 416.697970][ T1998] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 416.711199][ T1998] Bluetooth: hci1: failed to register connection device
[ 416.718382][ T1998] Bluetooth: hci1: link tx timeout
[ 416.723531][ T1998] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[ 416.731297][ T1998] Bluetooth: hci1: link tx timeout
[ 416.736446][ T1998] Bluetooth: hci1: killing stalled connection 00:00:00:00:00:00
[ 416.744215][ T1998] Bluetooth: hci1: killing stalled connection 00:00:00:00:00:00
[ 416.751851][ T1998] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[ 417.005868][ T151] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.1.181' (ED25519) to the list of known hosts.
executing program
[ 420.518796][ T1998] debugfs: Directory '201' with parent 'hci0' already present!
[ 420.526452][ T1998] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 420.535962][ T1998] CPU: 1 PID: 1998 Comm: kworker/u5:2 Not tainted syzkaller #0
[ 420.543592][ T1998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 420.553898][ T1998] Workqueue: hci0 hci_rx_work
[ 420.558753][ T1998] Call Trace:
[ 420.562031][ T1998]
[ 420.564983][ T1998] dump_stack_lvl+0x41/0x5e
[ 420.569463][ T1998] sysfs_warn_dup.cold+0x17/0x24
[ 420.574372][ T1998] sysfs_create_dir_ns+0x1e7/0x260
[ 420.579487][ T1998] ? sysfs_create_mount_point+0x80/0x80
[ 420.585012][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 420.589925][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 420.595116][ T1998] kobject_add_internal+0x281/0x920
[ 420.600379][ T1998] kobject_add+0x120/0x190
[ 420.604784][ T1998] ? kset_create_and_add+0x170/0x170
[ 420.610161][ T1998] ? fs_reclaim_acquire+0xb2/0x160
[ 420.615255][ T1998] ? lockdep_init_map_type+0x2c1/0x600
[ 420.620680][ T1998] ? kasan_unpoison+0x40/0x60
[ 420.625327][ T1998] ? __raw_spin_lock_init+0x36/0x110
[ 420.630580][ T1998] ? kobject_get.part.0+0x16/0x50
[ 420.635584][ T1998] device_add+0x2df/0x1b30
[ 420.640068][ T1998] ? device_initialize+0x5a0/0x5a0
[ 420.645155][ T1998] ? __fw_devlink_link_to_suppliers+0x260/0x260
[ 420.651360][ T1998] ? hci_debugfs_create_conn+0x134/0x1d0
[ 420.656955][ T1998] ? hci_debugfs_create_le+0x830/0x830
[ 420.662388][ T1998] hci_conn_add_sysfs+0x145/0x1e0
[ 420.667390][ T1998] le_conn_complete_evt+0xb71/0x1ab0
[ 420.672649][ T1998] ? kmem_cache_free+0x7e/0x470
[ 420.677481][ T1998] ? hci_encrypt_change_evt.isra.0+0xed0/0xed0
[ 420.683596][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 420.689456][ T1998] ? find_held_lock+0x2d/0x110
[ 420.694317][ T1998] hci_le_meta_evt+0x71b/0x3c90
[ 420.699157][ T1998] ? __mutex_lock+0x216/0xec0
[ 420.703811][ T1998] ? le_conn_complete_evt+0x1ab0/0x1ab0
[ 420.709328][ T1998] ? mutex_lock_io_nested+0xd30/0xd30
[ 420.714678][ T1998] ? wait_for_completion+0x220/0x220
[ 420.719941][ T1998] ? register_lock_class+0xbb/0x15c0
[ 420.725194][ T1998] ? lock_downgrade+0x520/0x520
[ 420.730020][ T1998] ? find_held_lock+0x2d/0x110
[ 420.734752][ T1998] hci_event_packet+0x4c5/0x8420
[ 420.739751][ T1998] ? lock_downgrade+0x520/0x520
[ 420.744656][ T1998] ? hci_cmd_status_evt+0x5520/0x5520
[ 420.750014][ T1998] ? register_lock_class+0xbb/0x15c0
[ 420.755260][ T1998] ? psi_show.part.0+0x50/0x4a0
[ 420.760089][ T1998] ? find_held_lock+0x2d/0x110
[ 420.764825][ T1998] ? lock_downgrade+0x520/0x520
[ 420.769642][ T1998] ? lock_acquire+0x132/0x270
[ 420.774285][ T1998] ? skb_dequeue+0x19/0x1a0
[ 420.778759][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 420.783923][ T1998] hci_rx_work+0x3e8/0xab0
[ 420.788307][ T1998] process_one_work+0x800/0x11d0
[ 420.793222][ T1998] ? mod_delayed_work_on+0x280/0x280
[ 420.798472][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 420.803383][ T1998] ? lock_acquire+0x132/0x270
[ 420.808027][ T1998] worker_thread+0x4a0/0xdd0
[ 420.812583][ T1998] ? __kthread_parkme+0x7e/0x150
the reproducer may not work as expected: 802154 injection setup failed: netlink_query_family_id failed
executing program
[ 420.817486][ T1998] ? rescuer_thread+0xb30/0xb30
[ 420.822299][ T1998] kthread+0x31b/0x3e0
[ 420.826347][ T1998] ? set_kthread_struct+0x100/0x100
[ 420.831514][ T1998] ret_from_fork+0x1f/0x30
[ 420.835900][ T1998]
[ 420.839144][ T1998] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 420.852571][ T1998] Bluetooth: hci0: failed to register connection device
[ 420.863559][ T1998] debugfs: Directory '201' with parent 'hci0' already present!
[ 420.871193][ T1998] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 420.880785][ T1998] CPU: 0 PID: 1998 Comm: kworker/u5:2 Not tainted syzkaller #0
[ 420.888301][ T1998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 420.898323][ T1998] Workqueue: hci0 hci_rx_work
[ 420.902979][ T1998] Call Trace:
[ 420.906228][ T1998]
[ 420.909215][ T1998] dump_stack_lvl+0x41/0x5e
[ 420.913705][ T1998] sysfs_warn_dup.cold+0x17/0x24
[ 420.918641][ T1998] sysfs_create_dir_ns+0x1e7/0x260
[ 420.923739][ T1998] ? sysfs_create_mount_point+0x80/0x80
[ 420.929259][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 420.934168][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 420.939330][ T1998] kobject_add_internal+0x281/0x920
[ 420.944513][ T1998] kobject_add+0x120/0x190
[ 420.948899][ T1998] ? kset_create_and_add+0x170/0x170
[ 420.954147][ T1998] ? fs_reclaim_acquire+0xb2/0x160
[ 420.959226][ T1998] ? lockdep_init_map_type+0x2c1/0x600
[ 420.964756][ T1998] ? kasan_unpoison+0x40/0x60
[ 420.969399][ T1998] ? __raw_spin_lock_init+0x36/0x110
[ 420.974661][ T1998] ? kobject_get.part.0+0x16/0x50
[ 420.979647][ T1998] device_add+0x2df/0x1b30
[ 420.984027][ T1998] ? device_initialize+0x5a0/0x5a0
[ 420.989100][ T1998] ? __fw_devlink_link_to_suppliers+0x260/0x260
[ 420.995306][ T1998] ? hci_debugfs_create_conn+0x134/0x1d0
[ 421.000902][ T1998] ? hci_debugfs_create_le+0x830/0x830
[ 421.006323][ T1998] hci_conn_add_sysfs+0x145/0x1e0
[ 421.011311][ T1998] le_conn_complete_evt+0xb71/0x1ab0
[ 421.016561][ T1998] ? hci_encrypt_change_evt.isra.0+0xed0/0xed0
[ 421.022686][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 421.028557][ T1998] ? find_held_lock+0x2d/0x110
[ 421.033299][ T1998] hci_le_meta_evt+0x71b/0x3c90
[ 421.038130][ T1998] ? __mutex_lock+0x216/0xec0
[ 421.042787][ T1998] ? le_conn_complete_evt+0x1ab0/0x1ab0
[ 421.048304][ T1998] ? mutex_lock_io_nested+0xd30/0xd30
[ 421.053869][ T1998] ? wait_for_completion+0x220/0x220
[ 421.059134][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 421.064999][ T1998] ? find_held_lock+0x2d/0x110
[ 421.069738][ T1998] hci_event_packet+0x4c5/0x8420
[ 421.074649][ T1998] ? lock_downgrade+0x520/0x520
[ 421.079475][ T1998] ? hci_cmd_status_evt+0x5520/0x5520
[ 421.084817][ T1998] ? register_lock_class+0xbb/0x15c0
[ 421.090086][ T1998] ? psi_show.part.0+0x50/0x4a0
[ 421.094927][ T1998] ? find_held_lock+0x2d/0x110
[ 421.099663][ T1998] ? lock_downgrade+0x520/0x520
[ 421.104481][ T1998] ? lock_acquire+0x132/0x270
[ 421.109134][ T1998] ? skb_dequeue+0x19/0x1a0
[ 421.113719][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 421.118892][ T1998] hci_rx_work+0x3e8/0xab0
[ 421.123280][ T1998] process_one_work+0x800/0x11d0
[ 421.128189][ T1998] ? mod_delayed_work_on+0x280/0x280
[ 421.133445][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 421.138392][ T1998] ? lock_acquire+0x132/0x270
[ 421.143062][ T1998] worker_thread+0x4a0/0xdd0
[ 421.147634][ T1998] ? __kthread_parkme+0x7e/0x150
[ 421.152544][ T1998] ? rescuer_thread+0xb30/0xb30
[ 421.157360][ T1998] kthread+0x31b/0x3e0
[ 421.161427][ T1998] ? set_kthread_struct+0x100/0x100
[ 421.166600][ T1998] ret_from_fork+0x1f/0x30
the reproducer may not work as expected: 802154 injection setup failed: netlink_query_family_id failed
executing program
[ 421.170994][ T1998]
[ 421.174437][ T1998] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 421.187761][ T1998] Bluetooth: hci0: failed to register connection device
[ 421.199420][ T1998] debugfs: Directory '201' with parent 'hci0' already present!
[ 421.206999][ T1998] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 421.216493][ T1998] CPU: 1 PID: 1998 Comm: kworker/u5:2 Not tainted syzkaller #0
[ 421.224145][ T1998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 421.234176][ T1998] Workqueue: hci0 hci_rx_work
[ 421.238831][ T1998] Call Trace:
[ 421.242097][ T1998]
[ 421.245009][ T1998] dump_stack_lvl+0x41/0x5e
[ 421.249488][ T1998] sysfs_warn_dup.cold+0x17/0x24
[ 421.254392][ T1998] sysfs_create_dir_ns+0x1e7/0x260
[ 421.259473][ T1998] ? sysfs_create_mount_point+0x80/0x80
[ 421.265209][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 421.270110][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 421.275305][ T1998] kobject_add_internal+0x281/0x920
[ 421.280472][ T1998] kobject_add+0x120/0x190
[ 421.284859][ T1998] ? kset_create_and_add+0x170/0x170
[ 421.290124][ T1998] ? fs_reclaim_acquire+0xb2/0x160
[ 421.295212][ T1998] ? lockdep_init_map_type+0x2c1/0x600
[ 421.300636][ T1998] ? kasan_unpoison+0x40/0x60
[ 421.305287][ T1998] ? __raw_spin_lock_init+0x36/0x110
[ 421.310556][ T1998] ? kobject_get.part.0+0x16/0x50
[ 421.315640][ T1998] device_add+0x2df/0x1b30
[ 421.320030][ T1998] ? device_initialize+0x5a0/0x5a0
[ 421.325136][ T1998] ? __fw_devlink_link_to_suppliers+0x260/0x260
[ 421.331418][ T1998] ? hci_debugfs_create_conn+0x134/0x1d0
[ 421.337029][ T1998] ? hci_debugfs_create_le+0x830/0x830
[ 421.342474][ T1998] hci_conn_add_sysfs+0x145/0x1e0
[ 421.347476][ T1998] le_conn_complete_evt+0xb71/0x1ab0
[ 421.352739][ T1998] ? hci_encrypt_change_evt.isra.0+0xed0/0xed0
[ 421.358877][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 421.364752][ T1998] ? find_held_lock+0x2d/0x110
[ 421.369498][ T1998] hci_le_meta_evt+0x71b/0x3c90
[ 421.374324][ T1998] ? __mutex_lock+0x216/0xec0
[ 421.379065][ T1998] ? le_conn_complete_evt+0x1ab0/0x1ab0
[ 421.384623][ T1998] ? mutex_lock_io_nested+0xd30/0xd30
[ 421.389969][ T1998] ? wait_for_completion+0x220/0x220
[ 421.395225][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 421.401093][ T1998] ? find_held_lock+0x2d/0x110
[ 421.405831][ T1998] hci_event_packet+0x4c5/0x8420
[ 421.410912][ T1998] ? lock_downgrade+0x520/0x520
[ 421.415743][ T1998] ? hci_cmd_status_evt+0x5520/0x5520
[ 421.421092][ T1998] ? register_lock_class+0xbb/0x15c0
[ 421.426359][ T1998] ? psi_show.part.0+0x50/0x4a0
[ 421.431190][ T1998] ? find_held_lock+0x2d/0x110
[ 421.435924][ T1998] ? lock_downgrade+0x520/0x520
[ 421.440744][ T1998] ? lock_acquire+0x132/0x270
[ 421.445458][ T1998] ? skb_dequeue+0x19/0x1a0
[ 421.450030][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 421.455219][ T1998] hci_rx_work+0x3e8/0xab0
[ 421.459612][ T1998] process_one_work+0x800/0x11d0
[ 421.464623][ T1998] ? mod_delayed_work_on+0x280/0x280
[ 421.469890][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 421.474808][ T1998] ? lock_acquire+0x132/0x270
[ 421.479455][ T1998] worker_thread+0x4a0/0xdd0
[ 421.484019][ T1998] ? __kthread_parkme+0x7e/0x150
[ 421.489185][ T1998] ? rescuer_thread+0xb30/0xb30
[ 421.494003][ T1998] kthread+0x31b/0x3e0
[ 421.498054][ T1998] ? set_kthread_struct+0x100/0x100
[ 421.503237][ T1998] ret_from_fork+0x1f/0x30
[ 421.507630][ T1998]
the reproducer may not work as expected: 802154 injection setup failed: netlink_query_family_id failed
executing program
[ 421.510985][ T1998] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 421.524273][ T1998] Bluetooth: hci0: failed to register connection device
[ 421.536124][ T1998] debugfs: Directory '201' with parent 'hci0' already present!
[ 421.543864][ T1998] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 421.553555][ T1998] CPU: 1 PID: 1998 Comm: kworker/u5:2 Not tainted syzkaller #0
[ 421.561086][ T1998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 421.571114][ T1998] Workqueue: hci0 hci_rx_work
[ 421.575763][ T1998] Call Trace:
[ 421.579013][ T1998]
[ 421.581916][ T1998] dump_stack_lvl+0x41/0x5e
[ 421.586421][ T1998] sysfs_warn_dup.cold+0x17/0x24
[ 421.591323][ T1998] sysfs_create_dir_ns+0x1e7/0x260
[ 421.596431][ T1998] ? sysfs_create_mount_point+0x80/0x80
[ 421.601944][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 421.606848][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 421.612014][ T1998] kobject_add_internal+0x281/0x920
[ 421.617192][ T1998] kobject_add+0x120/0x190
[ 421.621573][ T1998] ? kset_create_and_add+0x170/0x170
[ 421.626822][ T1998] ? fs_reclaim_acquire+0xb2/0x160
[ 421.631912][ T1998] ? lockdep_init_map_type+0x2c1/0x600
[ 421.637346][ T1998] ? kasan_unpoison+0x40/0x60
[ 421.642006][ T1998] ? __raw_spin_lock_init+0x36/0x110
[ 421.647401][ T1998] ? kobject_get.part.0+0x16/0x50
[ 421.652429][ T1998] device_add+0x2df/0x1b30
[ 421.656847][ T1998] ? device_initialize+0x5a0/0x5a0
[ 421.661929][ T1998] ? __fw_devlink_link_to_suppliers+0x260/0x260
[ 421.668151][ T1998] ? hci_debugfs_create_conn+0x134/0x1d0
[ 421.673755][ T1998] ? hci_debugfs_create_le+0x830/0x830
[ 421.679179][ T1998] hci_conn_add_sysfs+0x145/0x1e0
[ 421.684173][ T1998] le_conn_complete_evt+0xb71/0x1ab0
[ 421.689425][ T1998] ? hci_encrypt_change_evt.isra.0+0xed0/0xed0
[ 421.695642][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 421.701503][ T1998] ? find_held_lock+0x2d/0x110
[ 421.706277][ T1998] hci_le_meta_evt+0x71b/0x3c90
[ 421.711095][ T1998] ? __mutex_lock+0x216/0xec0
[ 421.715739][ T1998] ? le_conn_complete_evt+0x1ab0/0x1ab0
[ 421.721251][ T1998] ? mutex_lock_io_nested+0xd30/0xd30
[ 421.726705][ T1998] ? wait_for_completion+0x220/0x220
[ 421.731976][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 421.737876][ T1998] ? find_held_lock+0x2d/0x110
[ 421.742607][ T1998] hci_event_packet+0x4c5/0x8420
[ 421.747521][ T1998] ? lock_downgrade+0x520/0x520
[ 421.752347][ T1998] ? hci_cmd_status_evt+0x5520/0x5520
[ 421.757702][ T1998] ? register_lock_class+0xbb/0x15c0
[ 421.762952][ T1998] ? psi_show.part.0+0x50/0x4a0
[ 421.767768][ T1998] ? find_held_lock+0x2d/0x110
[ 421.772495][ T1998] ? lock_downgrade+0x520/0x520
[ 421.777327][ T1998] ? lock_acquire+0x132/0x270
[ 421.781970][ T1998] ? skb_dequeue+0x19/0x1a0
[ 421.786614][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 421.791783][ T1998] hci_rx_work+0x3e8/0xab0
[ 421.796168][ T1998] process_one_work+0x800/0x11d0
[ 421.801083][ T1998] ? mod_delayed_work_on+0x280/0x280
[ 421.806346][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 421.811279][ T1998] ? lock_acquire+0x132/0x270
[ 421.815928][ T1998] worker_thread+0x4a0/0xdd0
the reproducer may not work as expected: 802154 injection setup failed: netlink_query_family_id failed
[ 421.820484][ T1998] ? __kthread_parkme+0x7e/0x150
[ 421.825385][ T1998] ? rescuer_thread+0xb30/0xb30
[ 421.830200][ T1998] kthread+0x31b/0x3e0
[ 421.834246][ T1998] ? set_kthread_struct+0x100/0x100
[ 421.839532][ T1998] ret_from_fork+0x1f/0x30
[ 421.844017][ T1998]
[ 421.847133][ T1998] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 421.860397][ T1998] Bluetooth: hci0: failed to register connection device
[ 421.867958][ T1998] ==================================================================
[ 421.876024][ T1998] BUG: KASAN: use-after-free in l2cap_connect_cfm+0xb3a/0xd50
[ 421.883469][ T1998] Read of size 8 at addr ffff8880707e7488 by task kworker/u5:2/1998
[ 421.891413][ T1998]
[ 421.893711][ T1998] CPU: 0 PID: 1998 Comm: kworker/u5:2 Not tainted syzkaller #0
[ 421.901220][ T1998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 421.911430][ T1998] Workqueue: hci0 hci_rx_work
[ 421.916077][ T1998] Call Trace:
[ 421.919329][ T1998]
[ 421.922247][ T1998] dump_stack_lvl+0x41/0x5e
[ 421.926717][ T1998] print_address_description.constprop.0.cold+0x6c/0x309
[ 421.933703][ T1998] ? l2cap_connect_cfm+0xb3a/0xd50
[ 421.938776][ T1998] ? l2cap_connect_cfm+0xb3a/0xd50
[ 421.943936][ T1998] kasan_report.cold+0x83/0xdf
[ 421.948682][ T1998] ? l2cap_connect_cfm+0xb3a/0xd50
[ 421.953758][ T1998] l2cap_connect_cfm+0xb3a/0xd50
[ 421.958659][ T1998] ? l2cap_chan_connect+0x1b60/0x1b60
[ 421.963994][ T1998] ? hci_debugfs_create_le+0x830/0x830
[ 421.969421][ T1998] le_conn_complete_evt+0x11f0/0x1ab0
[ 421.974761][ T1998] ? hci_encrypt_change_evt.isra.0+0xed0/0xed0
[ 421.980894][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 421.986769][ T1998] ? find_held_lock+0x2d/0x110
[ 421.991538][ T1998] hci_le_meta_evt+0x71b/0x3c90
[ 421.996369][ T1998] ? __mutex_lock+0x216/0xec0
[ 422.001019][ T1998] ? le_conn_complete_evt+0x1ab0/0x1ab0
[ 422.006708][ T1998] ? mutex_lock_io_nested+0xd30/0xd30
[ 422.012047][ T1998] ? wait_for_completion+0x220/0x220
[ 422.017301][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30
[ 422.023334][ T1998] ? find_held_lock+0x2d/0x110
[ 422.028064][ T1998] hci_event_packet+0x4c5/0x8420
[ 422.032975][ T1998] ? lock_downgrade+0x520/0x520
[ 422.037809][ T1998] ? hci_cmd_status_evt+0x5520/0x5520
[ 422.043162][ T1998] ? register_lock_class+0xbb/0x15c0
[ 422.048430][ T1998] ? psi_show.part.0+0x50/0x4a0
[ 422.053255][ T1998] ? find_held_lock+0x2d/0x110
[ 422.057989][ T1998] ? lock_downgrade+0x520/0x520
[ 422.062824][ T1998] ? lock_acquire+0x132/0x270
[ 422.067468][ T1998] ? skb_dequeue+0x19/0x1a0
[ 422.071942][ T1998] ? do_raw_spin_unlock+0x171/0x230
[ 422.077110][ T1998] hci_rx_work+0x3e8/0xab0
[ 422.081505][ T1998] process_one_work+0x800/0x11d0
[ 422.086421][ T1998] ? mod_delayed_work_on+0x280/0x280
[ 422.091674][ T1998] ? rwlock_bug.part.0+0x90/0x90
[ 422.096574][ T1998] ? lock_acquire+0x132/0x270
[ 422.101217][ T1998] worker_thread+0x4a0/0xdd0
[ 422.105795][ T1998] ? __kthread_parkme+0x7e/0x150
[ 422.110695][ T1998] ? rescuer_thread+0xb30/0xb30
[ 422.115509][ T1998] kthread+0x31b/0x3e0
[ 422.119544][ T1998] ? set_kthread_struct+0x100/0x100
[ 422.124707][ T1998] ret_from_fork+0x1f/0x30
[ 422.129092][ T1998]
[ 422.132084][ T1998]
[ 422.134378][ T1998] Allocated by task 1998:
[ 422.138680][ T1998] kasan_save_stack+0x1b/0x40
[ 422.143325][ T1998] __kasan_kmalloc+0x7c/0x90
[ 422.147969][ T1998] l2cap_chan_create+0x39/0x8f0
[ 422.152786][ T1998] l2cap_sock_alloc.constprop.0+0x177/0x250
[ 422.158648][ T1998] l2cap_sock_new_connection_cb+0xd5/0x1e0
[ 422.164427][ T1998] l2cap_connect_cfm+0x3d6/0xd50
[ 422.169347][ T1998] le_conn_complete_evt+0x11f0/0x1ab0
[ 422.174683][ T1998] hci_le_meta_evt+0x71b/0x3c90
[ 422.179497][ T1998] hci_event_packet+0x4c5/0x8420
[ 422.184405][ T1998] hci_rx_work+0x3e8/0xab0
[ 422.188821][ T1998] process_one_work+0x800/0x11d0
[ 422.193741][ T1998] worker_thread+0x4a0/0xdd0
[ 422.198302][ T1998] kthread+0x31b/0x3e0
[ 422.202352][ T1998] ret_from_fork+0x1f/0x30
[ 422.206756][ T1998]
[ 422.209054][ T1998] Freed by task 6428:
[ 422.213017][ T1998] kasan_save_stack+0x1b/0x40
[ 422.217662][ T1998] kasan_set_track+0x1c/0x30
[ 422.222233][ T1998] kasan_set_free_info+0x20/0x30
[ 422.227147][ T1998] __kasan_slab_free+0xe0/0x110
[ 422.231987][ T1998] kfree+0xd0/0x4e0
[ 422.235783][ T1998] l2cap_sock_cleanup_listen+0x45/0x230
[ 422.241303][ T1998] l2cap_sock_release+0x56/0x200
[ 422.246323][ T1998] __sock_release+0xbb/0x270
[ 422.250929][ T1998] sock_close+0xf/0x20
[ 422.254963][ T1998] __fput+0x1f2/0x9a0
[ 422.258909][ T1998] task_work_run+0xb8/0x140
[ 422.263447][ T1998] exit_to_user_mode_prepare+0x1a2/0x1b0
[ 422.269062][ T1998] syscall_exit_to_user_mode+0x12/0x30
[ 422.274516][ T1998] do_syscall_64+0x40/0x80
[ 422.278901][ T1998] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 422.284759][ T1998]
[ 422.287055][ T1998] The buggy address belongs to the object at ffff8880707e7000
[ 422.287055][ T1998] which belongs to the cache kmalloc-2k of size 2048
[ 422.301171][ T1998] The buggy address is located 1160 bytes inside of
[ 422.301171][ T1998] 2048-byte region [ffff8880707e7000, ffff8880707e7800)
[ 422.314592][ T1998] The buggy address belongs to the page:
[ 422.320190][ T1998] page:ffffea0001c1f800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x707e0
[ 422.330308][ T1998] head:ffffea0001c1f800 order:3 compound_mapcount:0 compound_pincount:0
[ 422.338594][ T1998] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 422.346661][ T1998] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88800e042000
[ 422.355210][ T1998] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 422.363764][ T1998] page dumped because: kasan: bad access detected
[ 422.370151][ T1998] page_owner tracks the page as allocated
[ 422.375847][ T1998] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 6426, ts 420863283705, free_ts 420516940080
[ 422.394433][ T1998] get_page_from_freelist+0x13cc/0x3270
[ 422.399948][ T1998] __alloc_pages+0x1b2/0x440
[ 422.404523][ T1998] allocate_slab+0x2eb/0x430
[ 422.409082][ T1998] ___slab_alloc+0xc94/0x10f0
[ 422.413724][ T1998] __slab_alloc.constprop.0+0x45/0x80
[ 422.419060][ T1998] __kmalloc+0x386/0x3c0
[ 422.423263][ T1998] sk_prot_alloc+0xee/0x200
[ 422.427729][ T1998] sk_alloc+0x27/0x570
[ 422.431762][ T1998] l2cap_sock_alloc.constprop.0+0x24/0x250
[ 422.437532][ T1998] l2cap_sock_create+0xc8/0x160
[ 422.442353][ T1998] bt_sock_create+0x11a/0x250
[ 422.446992][ T1998] __sock_create+0x20f/0x4f0
[ 422.451645][ T1998] __sys_socket+0xd6/0x1a0
[ 422.456036][ T1998] __x64_sys_socket+0x6a/0xb0
[ 422.460686][ T1998] do_syscall_64+0x33/0x80
[ 422.465076][ T1998] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 422.470933][ T1998] page last free stack trace:
[ 422.475595][ T1998] free_pcp_prepare+0x379/0x850
[ 422.480433][ T1998] free_unref_page+0x19/0x510
[ 422.485098][ T1998] __unfreeze_partials+0x30b/0x320
[ 422.490177][ T1998] qlist_free_all+0x68/0x110
[ 422.494817][ T1998] kasan_quarantine_reduce+0x180/0x1f0
[ 422.500237][ T1998] __kasan_slab_alloc+0x73/0x80
[ 422.505054][ T1998] kmem_cache_alloc_trace+0x224/0x350
[ 422.510384][ T1998] tomoyo_init_log+0x180/0x1df0
[ 422.515195][ T1998] tomoyo_supervisor+0x2ea/0xea0
[ 422.517513][ T1618] Bluetooth: hci0: command 0x0409 tx timeout
[ 422.520108][ T1998] tomoyo_path_number_perm+0x34c/0x420
[ 422.531523][ T1998] tomoyo_path_mkdir+0x81/0xd0
[ 422.536305][ T1998] security_path_mkdir+0xc0/0x130
[ 422.541305][ T1998] do_mkdirat+0x109/0x280
[ 422.545695][ T1998] __x64_sys_mkdir+0xd0/0x120
[ 422.550353][ T1998] do_syscall_64+0x33/0x80
[ 422.554790][ T1998] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 422.560666][ T1998]
[ 422.562967][ T1998] Memory state around the buggy address:
[ 422.568568][ T1998] ffff8880707e7380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 422.576600][ T1998] ffff8880707e7400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 422.584641][ T1998] >ffff8880707e7480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 422.592670][ T1998] ^
[ 422.596966][ T1998] ffff8880707e7500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 422.604992][ T1998] ffff8880707e7580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 422.613047][ T1998] ==================================================================
[ 422.621181][ T1998] Disabling lock debugging due to kernel taint
executing program
[ 422.627639][ T1998] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 422.635040][ T1998] Kernel Offset: disabled
[ 422.639344][ T1998] Rebooting in 86400 seconds..