][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  441.631293][ T4252]  ret_from_fork+0x1f/0x30
[  441.635710][ T4252]  </TASK>
[  441.639119][ T4252] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  441.652436][ T4252] Bluetooth: hci1: failed to register connection device
[  441.659572][ T4252] Bluetooth: hci1: link tx timeout
[  441.664812][ T4252] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[  441.672499][ T4252] Bluetooth: hci1: link tx timeout
[  441.677675][ T4252] Bluetooth: hci1: killing stalled connection 00:00:00:00:00:00
[  441.685483][ T4252] Bluetooth: hci1: killing stalled connection 00:00:00:00:00:00
[  441.693155][ T4252] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  441.701506][ T4252] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  441.710976][ T4252] CPU: 1 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  441.718509][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  441.728573][ T4252] Workqueue: hci1 hci_rx_work
[  441.733265][ T4252] Call Trace:
[  441.736550][ T4252]  <TASK>
[  441.739477][ T4252]  dump_stack_lvl+0x188/0x250
[  441.744159][ T4252]  ? show_regs_print_info+0x20/0x20
[  441.749368][ T4252]  ? load_image+0x400/0x400
[  441.753883][ T4252]  sysfs_create_dir_ns+0x26a/0x290
[  441.759007][ T4252]  ? sysfs_warn_dup+0xa0/0xa0
[  441.763683][ T4252]  ? process_one_work+0x85f/0x1010
[  441.768822][ T4252]  ? do_raw_spin_unlock+0x11d/0x230
[  441.774038][ T4252]  kobject_add_internal+0x6e0/0xd90
[  441.779247][ T4252]  kobject_add+0x160/0x230
[  441.783683][ T4252]  ? kobject_init+0x1d0/0x1d0
[  441.788478][ T4252]  ? klist_children_get+0x50/0x50
[  441.793514][ T4252]  ? get_device_parent+0x121/0x3f0
[  441.798635][ T4252]  device_add+0x483/0xfb0
[  441.802983][ T4252]  hci_conn_add_sysfs+0xd1/0x1e0
[  441.807933][ T4252]  le_conn_complete_evt+0xc48/0x15c0
[  441.813236][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  441.818364][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  441.823927][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  441.828802][ T4252]  ? hci_event_packet+0x37b/0x1370
[  441.833923][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  441.838964][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  441.845043][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  441.850689][ T4252]  ? mark_lock+0x94/0x320
[  441.855024][ T4252]  ? mutex_unlock+0x10/0x10
[  441.859532][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  441.865523][ T4252]  ? lock_chain_count+0x20/0x20
[  441.870378][ T4252]  ? __rwlock_init+0x140/0x140
[  441.875145][ T4252]  hci_event_packet+0xe48/0x1370
[  441.880086][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  441.885308][ T4252]  ? rcu_lock_release+0x20/0x20
[  441.890167][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  441.895372][ T4252]  hci_rx_work+0x255/0xa10
[  441.899808][ T4252]  process_one_work+0x85f/0x1010
[  441.904767][ T4252]  ? worker_detach_from_pool+0x240/0x240
[  441.910466][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  441.915765][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  441.920795][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  441.926343][ T4252]  ? wq_worker_running+0x97/0x170
[  441.931373][ T4252]  worker_thread+0xaa6/0x1290
[  441.936078][ T4252]  kthread+0x436/0x520
[  441.940149][ T4252]  ? rcu_lock_release+0x20/0x20
[  441.945011][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  441.949605][ T4252]  ret_from_fork+0x1f/0x30
[  441.954039][ T4252]  </TASK>
[  441.957468][ T4252] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  441.970754][ T4252] Bluetooth: hci1: failed to register connection device
[  441.978042][ T4253] Bluetooth: hci1: link tx timeout
[  441.983374][ T4253] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[  441.996567][ T4253] Bluetooth: hci1: link tx timeout
[  442.002126][ T4253] Bluetooth: hci1: killing stalled connection 00:00:00:00:00:00
[  442.009763][ T4253] Bluetooth: hci1: killing stalled connection 00:00:00:00:00:00
[  442.021611][ T4253] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  442.326132][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  442.385333][    T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  442.454817][    T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  442.506245][    T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.258059][    T9] device hsr_slave_0 left promiscuous mode
[  443.265880][    T9] device hsr_slave_1 left promiscuous mode
[  443.273016][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  443.280406][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  443.289567][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  443.298503][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  443.307576][    T9] device bridge_slave_1 left promiscuous mode
[  443.314070][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  443.324585][    T9] device bridge_slave_0 left promiscuous mode
[  443.330800][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  443.343635][    T9] device veth1_macvtap left promiscuous mode
[  443.349680][    T9] device veth0_macvtap left promiscuous mode
[  443.357245][    T9] device veth1_vlan left promiscuous mode
[  443.363603][    T9] device veth0_vlan left promiscuous mode
[  443.526299][    T9] team0 (unregistering): Port device team_slave_1 removed
[  443.537654][    T9] team0 (unregistering): Port device team_slave_0 removed
[  443.549275][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  443.564217][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  443.606868][    T9] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.1.197' (ED25519) to the list of known hosts.
executing program
[  446.939748][ T4252] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  446.950215][ T4252] CPU: 1 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  446.957768][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  446.967817][ T4252] Workqueue: hci0 hci_rx_work
[  446.972509][ T4252] Call Trace:
[  446.975769][ T4252]  <TASK>
[  446.978682][ T4252]  dump_stack_lvl+0x188/0x250
[  446.983346][ T4252]  ? show_regs_print_info+0x20/0x20
[  446.988613][ T4252]  ? load_image+0x400/0x400
[  446.993098][ T4252]  sysfs_create_dir_ns+0x26a/0x290
[  446.998185][ T4252]  ? sysfs_warn_dup+0xa0/0xa0
[  447.002834][ T4252]  ? process_one_work+0x85f/0x1010
[  447.007924][ T4252]  ? do_raw_spin_unlock+0x11d/0x230
[  447.013097][ T4252]  kobject_add_internal+0x6e0/0xd90
[  447.018275][ T4252]  kobject_add+0x160/0x230
[  447.022669][ T4252]  ? kobject_init+0x1d0/0x1d0
[  447.027319][ T4252]  ? klist_children_get+0x50/0x50
[  447.032320][ T4252]  ? get_device_parent+0x121/0x3f0
[  447.037412][ T4252]  device_add+0x483/0xfb0
[  447.041721][ T4252]  hci_conn_add_sysfs+0xd1/0x1e0
[  447.046634][ T4252]  le_conn_complete_evt+0xc48/0x15c0
[  447.051924][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  447.057109][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  447.062648][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  447.067479][ T4252]  ? hci_event_packet+0x37b/0x1370
[  447.072571][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  447.077579][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  447.083618][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  447.089232][ T4252]  ? mark_lock+0x94/0x320
[  447.093538][ T4252]  ? mutex_unlock+0x10/0x10
[  447.098038][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  447.103996][ T4252]  ? lock_chain_count+0x20/0x20
[  447.108832][ T4252]  ? __rwlock_init+0x140/0x140
[  447.113589][ T4252]  hci_event_packet+0xe48/0x1370
[  447.118502][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  447.123680][ T4252]  ? rcu_lock_release+0x20/0x20
[  447.128508][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  447.133681][ T4252]  hci_rx_work+0x255/0xa10
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
[  447.138080][ T4252]  process_one_work+0x85f/0x1010
[  447.143008][ T4252]  ? worker_detach_from_pool+0x240/0x240
[  447.148785][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  447.154048][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  447.159059][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  447.164629][ T4252]  ? wq_worker_running+0x97/0x170
[  447.169644][ T4252]  worker_thread+0xaa6/0x1290
[  447.174323][ T4252]  kthread+0x436/0x520
[  447.178380][ T4252]  ? rcu_lock_release+0x20/0x20
[  447.183210][ T4252]  ? kthread_blkcg+0xd0/0xd0
executing program
[  447.187788][ T4252]  ret_from_fork+0x1f/0x30
[  447.192195][ T4252]  </TASK>
[  447.196581][ T4252] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  447.209935][ T4252] Bluetooth: hci0: failed to register connection device
[  447.230135][ T4252] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  447.239651][ T4252] CPU: 1 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  447.247192][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  447.257232][ T4252] Workqueue: hci0 hci_rx_work
[  447.261914][ T4252] Call Trace:
[  447.265180][ T4252]  <TASK>
[  447.268087][ T4252]  dump_stack_lvl+0x188/0x250
[  447.272744][ T4252]  ? show_regs_print_info+0x20/0x20
[  447.277925][ T4252]  ? load_image+0x400/0x400
[  447.282410][ T4252]  sysfs_create_dir_ns+0x26a/0x290
[  447.287500][ T4252]  ? sysfs_warn_dup+0xa0/0xa0
[  447.292149][ T4252]  ? process_one_work+0x85f/0x1010
[  447.297245][ T4252]  ? do_raw_spin_unlock+0x11d/0x230
[  447.302429][ T4252]  kobject_add_internal+0x6e0/0xd90
[  447.307609][ T4252]  kobject_add+0x160/0x230
[  447.312005][ T4252]  ? kobject_init+0x1d0/0x1d0
[  447.316691][ T4252]  ? klist_children_get+0x50/0x50
[  447.321698][ T4252]  ? get_device_parent+0x121/0x3f0
[  447.326790][ T4252]  device_add+0x483/0xfb0
[  447.331107][ T4252]  hci_conn_add_sysfs+0xd1/0x1e0
[  447.336024][ T4252]  le_conn_complete_evt+0xc48/0x15c0
[  447.341295][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  447.346391][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  447.351922][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  447.356760][ T4252]  ? hci_event_packet+0x37b/0x1370
[  447.361858][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  447.366874][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  447.373098][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  447.378710][ T4252]  ? mark_lock+0x94/0x320
[  447.383024][ T4252]  ? mutex_unlock+0x10/0x10
[  447.387520][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  447.393494][ T4252]  ? lock_chain_count+0x20/0x20
[  447.398331][ T4252]  ? __rwlock_init+0x140/0x140
[  447.403074][ T4252]  hci_event_packet+0xe48/0x1370
[  447.407992][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  447.413174][ T4252]  ? rcu_lock_release+0x20/0x20
[  447.418093][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  447.423270][ T4252]  hci_rx_work+0x255/0xa10
[  447.427686][ T4252]  process_one_work+0x85f/0x1010
[  447.432612][ T4252]  ? worker_detach_from_pool+0x240/0x240
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
executing program
[  447.438220][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  447.443489][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  447.448490][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  447.454009][ T4252]  ? wq_worker_running+0x97/0x170
[  447.459012][ T4252]  worker_thread+0xaa6/0x1290
[  447.463683][ T4252]  kthread+0x436/0x520
[  447.467731][ T4252]  ? rcu_lock_release+0x20/0x20
[  447.472556][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  447.477126][ T4252]  ret_from_fork+0x1f/0x30
[  447.481538][ T4252]  </TASK>
[  447.485431][ T4252] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  447.498864][ T4252] Bluetooth: hci0: failed to register connection device
[  447.516088][ T4252] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  447.525747][ T4252] CPU: 0 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  447.533277][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  447.543323][ T4252] Workqueue: hci0 hci_rx_work
[  447.547987][ T4252] Call Trace:
[  447.551421][ T4252]  <TASK>
[  447.554331][ T4252]  dump_stack_lvl+0x188/0x250
[  447.558990][ T4252]  ? show_regs_print_info+0x20/0x20
[  447.564172][ T4252]  ? load_image+0x400/0x400
[  447.568657][ T4252]  sysfs_create_dir_ns+0x26a/0x290
[  447.573749][ T4252]  ? sysfs_warn_dup+0xa0/0xa0
[  447.578401][ T4252]  ? process_one_work+0x85f/0x1010
[  447.583577][ T4252]  ? do_raw_spin_unlock+0x11d/0x230
[  447.588756][ T4252]  kobject_add_internal+0x6e0/0xd90
[  447.593938][ T4252]  kobject_add+0x160/0x230
[  447.598355][ T4252]  ? kobject_init+0x1d0/0x1d0
[  447.603010][ T4252]  ? klist_children_get+0x50/0x50
[  447.608011][ T4252]  ? get_device_parent+0x121/0x3f0
[  447.613100][ T4252]  device_add+0x483/0xfb0
[  447.617412][ T4252]  hci_conn_add_sysfs+0xd1/0x1e0
[  447.622337][ T4252]  le_conn_complete_evt+0xc48/0x15c0
[  447.627604][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  447.632724][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  447.638254][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  447.643086][ T4252]  ? hci_event_packet+0x37b/0x1370
[  447.648181][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  447.653184][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  447.659226][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  447.664834][ T4252]  ? mark_lock+0x94/0x320
[  447.669137][ T4252]  ? mutex_unlock+0x10/0x10
[  447.673616][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  447.679594][ T4252]  ? lock_chain_count+0x20/0x20
[  447.684421][ T4252]  ? __rwlock_init+0x140/0x140
[  447.689163][ T4252]  hci_event_packet+0xe48/0x1370
[  447.694073][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  447.699251][ T4252]  ? rcu_lock_release+0x20/0x20
[  447.704082][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  447.709279][ T4252]  hci_rx_work+0x255/0xa10
[  447.713679][ T4252]  process_one_work+0x85f/0x1010
[  447.718601][ T4252]  ? worker_detach_from_pool+0x240/0x240
[  447.724213][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  447.729480][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  447.734484][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
executing program
[  447.740010][ T4252]  ? wq_worker_running+0x97/0x170
[  447.745050][ T4252]  worker_thread+0xaa6/0x1290
[  447.749744][ T4252]  kthread+0x436/0x520
[  447.753789][ T4252]  ? rcu_lock_release+0x20/0x20
[  447.758617][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  447.763187][ T4252]  ret_from_fork+0x1f/0x30
[  447.767589][ T4252]  </TASK>
[  447.771032][ T4252] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  447.784327][ T4252] Bluetooth: hci0: failed to register connection device
[  447.801935][ T4252] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  447.811544][ T4252] CPU: 1 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  447.819084][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  447.829122][ T4252] Workqueue: hci0 hci_rx_work
[  447.833797][ T4252] Call Trace:
[  447.837068][ T4252]  <TASK>
[  447.839989][ T4252]  dump_stack_lvl+0x188/0x250
[  447.844650][ T4252]  ? show_regs_print_info+0x20/0x20
[  447.849830][ T4252]  ? load_image+0x400/0x400
[  447.854409][ T4252]  sysfs_create_dir_ns+0x26a/0x290
[  447.859505][ T4252]  ? sysfs_warn_dup+0xa0/0xa0
[  447.864165][ T4252]  ? process_one_work+0x85f/0x1010
[  447.869296][ T4252]  ? do_raw_spin_unlock+0x11d/0x230
[  447.874498][ T4252]  kobject_add_internal+0x6e0/0xd90
[  447.879686][ T4252]  kobject_add+0x160/0x230
[  447.884085][ T4252]  ? kobject_init+0x1d0/0x1d0
[  447.888830][ T4252]  ? klist_children_get+0x50/0x50
[  447.893860][ T4252]  ? get_device_parent+0x121/0x3f0
[  447.898954][ T4252]  device_add+0x483/0xfb0
[  447.903277][ T4252]  hci_conn_add_sysfs+0xd1/0x1e0
[  447.908195][ T4252]  le_conn_complete_evt+0xc48/0x15c0
[  447.913466][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  447.918555][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  447.924079][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  447.928926][ T4252]  ? hci_event_packet+0x37b/0x1370
[  447.934038][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  447.939061][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  447.945139][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  447.950773][ T4252]  ? mark_lock+0x94/0x320
[  447.955085][ T4252]  ? mutex_unlock+0x10/0x10
[  447.959581][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  447.965631][ T4252]  ? lock_chain_count+0x20/0x20
[  447.970463][ T4252]  ? __rwlock_init+0x140/0x140
[  447.975208][ T4252]  hci_event_packet+0xe48/0x1370
[  447.980125][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  447.985302][ T4252]  ? rcu_lock_release+0x20/0x20
[  447.990132][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  447.995312][ T4252]  hci_rx_work+0x255/0xa10
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
executing program
[  447.999713][ T4252]  process_one_work+0x85f/0x1010
[  448.004636][ T4252]  ? worker_detach_from_pool+0x240/0x240
[  448.010244][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  448.015517][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  448.020519][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  448.026040][ T4252]  ? wq_worker_running+0x97/0x170
[  448.031040][ T4252]  worker_thread+0xaa6/0x1290
[  448.035716][ T4252]  kthread+0x436/0x520
[  448.039766][ T4252]  ? rcu_lock_release+0x20/0x20
[  448.044592][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  448.049160][ T4252]  ret_from_fork+0x1f/0x30
[  448.053565][ T4252]  </TASK>
[  448.057326][ T4252] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  448.070654][ T4252] Bluetooth: hci0: failed to register connection device
[  448.087618][ T4252] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  448.097239][ T4252] CPU: 0 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  448.104781][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  448.114819][ T4252] Workqueue: hci0 hci_rx_work
[  448.119483][ T4252] Call Trace:
[  448.122745][ T4252]  <TASK>
[  448.125652][ T4252]  dump_stack_lvl+0x188/0x250
[  448.130307][ T4252]  ? show_regs_print_info+0x20/0x20
[  448.135572][ T4252]  ? load_image+0x400/0x400
[  448.140142][ T4252]  sysfs_create_dir_ns+0x26a/0x290
[  448.145250][ T4252]  ? sysfs_warn_dup+0xa0/0xa0
[  448.149903][ T4252]  ? process_one_work+0x85f/0x1010
[  448.154994][ T4252]  ? do_raw_spin_unlock+0x11d/0x230
[  448.160186][ T4252]  kobject_add_internal+0x6e0/0xd90
[  448.165376][ T4252]  kobject_add+0x160/0x230
[  448.169775][ T4252]  ? kobject_init+0x1d0/0x1d0
[  448.174518][ T4252]  ? klist_children_get+0x50/0x50
[  448.179545][ T4252]  ? get_device_parent+0x121/0x3f0
[  448.184636][ T4252]  device_add+0x483/0xfb0
[  448.188954][ T4252]  hci_conn_add_sysfs+0xd1/0x1e0
[  448.193895][ T4252]  le_conn_complete_evt+0xc48/0x15c0
[  448.199166][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  448.204259][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  448.209790][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  448.214621][ T4252]  ? hci_event_packet+0x37b/0x1370
[  448.219711][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  448.224717][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  448.230849][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  448.236461][ T4252]  ? mark_lock+0x94/0x320
[  448.240768][ T4252]  ? mutex_unlock+0x10/0x10
[  448.245248][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  448.251380][ T4252]  ? lock_chain_count+0x20/0x20
[  448.256213][ T4252]  ? __rwlock_init+0x140/0x140
[  448.260960][ T4252]  hci_event_packet+0xe48/0x1370
[  448.265875][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  448.271158][ T4252]  ? rcu_lock_release+0x20/0x20
[  448.275985][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  448.281160][ T4252]  hci_rx_work+0x255/0xa10
[  448.285561][ T4252]  process_one_work+0x85f/0x1010
[  448.290483][ T4252]  ? worker_detach_from_pool+0x240/0x240
[  448.296091][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
executing program
[  448.301356][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  448.306360][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  448.311881][ T4252]  ? wq_worker_running+0x97/0x170
[  448.316882][ T4252]  worker_thread+0xaa6/0x1290
[  448.321636][ T4252]  kthread+0x436/0x520
[  448.325682][ T4252]  ? rcu_lock_release+0x20/0x20
[  448.330532][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  448.335098][ T4252]  ret_from_fork+0x1f/0x30
[  448.339499][ T4252]  </TASK>
[  448.342727][ T4252] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  448.356010][ T4252] Bluetooth: hci0: failed to register connection device
[  448.373705][ T4252] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  448.383238][ T4252] CPU: 1 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  448.390781][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  448.400821][ T4252] Workqueue: hci0 hci_rx_work
[  448.405489][ T4252] Call Trace:
[  448.408752][ T4252]  <TASK>
[  448.411664][ T4252]  dump_stack_lvl+0x188/0x250
[  448.416325][ T4252]  ? show_regs_print_info+0x20/0x20
[  448.421513][ T4252]  ? load_image+0x400/0x400
[  448.426014][ T4252]  sysfs_create_dir_ns+0x26a/0x290
[  448.431113][ T4252]  ? sysfs_warn_dup+0xa0/0xa0
[  448.435768][ T4252]  ? process_one_work+0x85f/0x1010
[  448.441119][ T4252]  ? do_raw_spin_unlock+0x11d/0x230
[  448.446300][ T4252]  kobject_add_internal+0x6e0/0xd90
[  448.451488][ T4252]  kobject_add+0x160/0x230
[  448.455899][ T4252]  ? kobject_init+0x1d0/0x1d0
[  448.460555][ T4252]  ? klist_children_get+0x50/0x50
[  448.465561][ T4252]  ? get_device_parent+0x121/0x3f0
[  448.470738][ T4252]  device_add+0x483/0xfb0
[  448.475048][ T4252]  hci_conn_add_sysfs+0xd1/0x1e0
[  448.479961][ T4252]  le_conn_complete_evt+0xc48/0x15c0
[  448.485227][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  448.490412][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  448.495937][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  448.500767][ T4252]  ? hci_event_packet+0x37b/0x1370
[  448.505856][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  448.510862][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  448.516904][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  448.522512][ T4252]  ? mark_lock+0x94/0x320
[  448.526815][ T4252]  ? mutex_unlock+0x10/0x10
[  448.531292][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  448.537248][ T4252]  ? lock_chain_count+0x20/0x20
[  448.542074][ T4252]  ? __rwlock_init+0x140/0x140
[  448.546817][ T4252]  hci_event_packet+0xe48/0x1370
[  448.551733][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  448.556912][ T4252]  ? rcu_lock_release+0x20/0x20
[  448.561742][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  448.566921][ T4252]  hci_rx_work+0x255/0xa10
[  448.571321][ T4252]  process_one_work+0x85f/0x1010
[  448.576270][ T4252]  ? worker_detach_from_pool+0x240/0x240
[  448.581880][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  448.587164][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  448.592171][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  448.597694][ T4252]  ? wq_worker_running+0x97/0x170
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
executing program
[  448.602699][ T4252]  worker_thread+0xaa6/0x1290
[  448.607382][ T4252]  kthread+0x436/0x520
[  448.611426][ T4252]  ? rcu_lock_release+0x20/0x20
[  448.616254][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  448.620821][ T4252]  ret_from_fork+0x1f/0x30
[  448.625223][ T4252]  </TASK>
[  448.629006][ T4252] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  448.642244][ T4252] Bluetooth: hci0: failed to register connection device
[  448.659325][ T4252] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  448.668884][ T4252] CPU: 0 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  448.676419][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  448.686457][ T4252] Workqueue: hci0 hci_rx_work
[  448.691121][ T4252] Call Trace:
[  448.694383][ T4252]  <TASK>
[  448.697303][ T4252]  dump_stack_lvl+0x188/0x250
[  448.701962][ T4252]  ? show_regs_print_info+0x20/0x20
[  448.707141][ T4252]  ? load_image+0x400/0x400
[  448.711625][ T4252]  sysfs_create_dir_ns+0x26a/0x290
[  448.716713][ T4252]  ? sysfs_warn_dup+0xa0/0xa0
[  448.721364][ T4252]  ? process_one_work+0x85f/0x1010
[  448.726458][ T4252]  ? do_raw_spin_unlock+0x11d/0x230
[  448.731637][ T4252]  kobject_add_internal+0x6e0/0xd90
[  448.736814][ T4252]  kobject_add+0x160/0x230
[  448.741207][ T4252]  ? kobject_init+0x1d0/0x1d0
[  448.745867][ T4252]  ? klist_children_get+0x50/0x50
[  448.750868][ T4252]  ? get_device_parent+0x121/0x3f0
[  448.755956][ T4252]  device_add+0x483/0xfb0
[  448.760266][ T4252]  hci_conn_add_sysfs+0xd1/0x1e0
[  448.765196][ T4252]  le_conn_complete_evt+0xc48/0x15c0
[  448.770482][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  448.775587][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  448.781123][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  448.785952][ T4252]  ? hci_event_packet+0x37b/0x1370
[  448.791049][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  448.796058][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  448.802107][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  448.807718][ T4252]  ? mark_lock+0x94/0x320
[  448.812023][ T4252]  ? mutex_unlock+0x10/0x10
[  448.816504][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  448.822551][ T4252]  ? lock_chain_count+0x20/0x20
[  448.827420][ T4252]  ? __rwlock_init+0x140/0x140
[  448.832338][ T4252]  hci_event_packet+0xe48/0x1370
[  448.837256][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  448.842447][ T4252]  ? rcu_lock_release+0x20/0x20
[  448.847330][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  448.852509][ T4252]  hci_rx_work+0x255/0xa10
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
[  448.856916][ T4252]  process_one_work+0x85f/0x1010
[  448.861933][ T4252]  ? worker_detach_from_pool+0x240/0x240
[  448.867546][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  448.872813][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  448.877813][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  448.883339][ T4252]  ? wq_worker_running+0x97/0x170
[  448.888340][ T4252]  worker_thread+0xaa6/0x1290
[  448.893015][ T4252]  kthread+0x436/0x520
[  448.897058][ T4252]  ? rcu_lock_release+0x20/0x20
[  448.901893][ T4252]  ? kthread_blkcg+0xd0/0xd0
executing program
[  448.906482][ T4252]  ret_from_fork+0x1f/0x30
[  448.910886][ T4252]  </TASK>
[  448.914296][ T4252] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  448.922203][ T4327] Bluetooth: hci0: command 0x0409 tx timeout
[  448.927701][ T4252] Bluetooth: hci0: failed to register connection device
[  448.946821][  T146] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  448.956380][  T146] CPU: 1 PID: 146 Comm: kworker/u5:0 Not tainted syzkaller #0
[  448.963834][  T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  448.973871][  T146] Workqueue: hci0 hci_rx_work
[  448.978617][  T146] Call Trace:
[  448.981885][  T146]  <TASK>
[  448.984797][  T146]  dump_stack_lvl+0x188/0x250
[  448.989540][  T146]  ? show_regs_print_info+0x20/0x20
[  448.994725][  T146]  ? load_image+0x400/0x400
[  448.999218][  T146]  sysfs_create_dir_ns+0x26a/0x290
[  449.004310][  T146]  ? sysfs_warn_dup+0xa0/0xa0
[  449.008961][  T146]  ? process_one_work+0x85f/0x1010
[  449.014073][  T146]  ? do_raw_spin_unlock+0x11d/0x230
[  449.019250][  T146]  kobject_add_internal+0x6e0/0xd90
[  449.024433][  T146]  kobject_add+0x160/0x230
[  449.028918][  T146]  ? kobject_init+0x1d0/0x1d0
[  449.033578][  T146]  ? klist_children_get+0x50/0x50
[  449.038589][  T146]  ? get_device_parent+0x121/0x3f0
[  449.043698][  T146]  device_add+0x483/0xfb0
[  449.048104][  T146]  hci_conn_add_sysfs+0xd1/0x1e0
[  449.053026][  T146]  le_conn_complete_evt+0xc48/0x15c0
[  449.058299][  T146]  ? cs_le_create_conn+0x5e0/0x5e0
[  449.063392][  T146]  ? __mutex_trylock_common+0x155/0x260
[  449.068921][  T146]  hci_le_meta_evt+0x285/0x3c90
[  449.073753][  T146]  ? hci_event_packet+0x37b/0x1370
[  449.078853][  T146]  ? __lock_acquire+0x7d10/0x7d10
[  449.083861][  T146]  ? hci_remote_host_features_evt+0x280/0x280
[  449.089914][  T146]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  449.095530][  T146]  ? mark_lock+0x94/0x320
[  449.099836][  T146]  ? mutex_unlock+0x10/0x10
[  449.104327][  T146]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  449.110287][  T146]  ? lock_chain_count+0x20/0x20
[  449.115117][  T146]  ? __rwlock_init+0x140/0x140
[  449.119878][  T146]  hci_event_packet+0xe48/0x1370
[  449.124792][  T146]  ? lockdep_hardirqs_on+0x94/0x140
[  449.129972][  T146]  ? rcu_lock_release+0x20/0x20
[  449.134806][  T146]  ? hci_send_to_monitor+0x9c/0x4a0
[  449.140072][  T146]  hci_rx_work+0x255/0xa10
[  449.144605][  T146]  process_one_work+0x85f/0x1010
[  449.149530][  T146]  ? worker_detach_from_pool+0x240/0x240
[  449.155140][  T146]  ? lockdep_hardirqs_off+0x70/0x100
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
executing program
[  449.160497][  T146]  ? _raw_spin_lock_irq+0xb7/0xf0
[  449.165496][  T146]  ? _raw_spin_lock_irqsave+0x100/0x100
[  449.171038][  T146]  ? wq_worker_running+0x97/0x170
[  449.176044][  T146]  worker_thread+0xaa6/0x1290
[  449.180712][  T146]  kthread+0x436/0x520
[  449.184757][  T146]  ? rcu_lock_release+0x20/0x20
[  449.189582][  T146]  ? kthread_blkcg+0xd0/0xd0
[  449.194153][  T146]  ret_from_fork+0x1f/0x30
[  449.198559][  T146]  </TASK>
[  449.201790][  T146] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  449.215048][  T146] Bluetooth: hci0: failed to register connection device
[  449.233147][  T146] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  449.242677][  T146] CPU: 0 PID: 146 Comm: kworker/u5:0 Not tainted syzkaller #0
[  449.250126][  T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  449.260158][  T146] Workqueue: hci0 hci_rx_work
[  449.264823][  T146] Call Trace:
[  449.268083][  T146]  <TASK>
[  449.270989][  T146]  dump_stack_lvl+0x188/0x250
[  449.275643][  T146]  ? show_regs_print_info+0x20/0x20
[  449.280818][  T146]  ? load_image+0x400/0x400
[  449.285298][  T146]  sysfs_create_dir_ns+0x26a/0x290
[  449.290382][  T146]  ? sysfs_warn_dup+0xa0/0xa0
[  449.295034][  T146]  ? process_one_work+0x85f/0x1010
[  449.300122][  T146]  ? do_raw_spin_unlock+0x11d/0x230
[  449.305381][  T146]  kobject_add_internal+0x6e0/0xd90
[  449.310568][  T146]  kobject_add+0x160/0x230
[  449.314975][  T146]  ? kobject_init+0x1d0/0x1d0
[  449.319638][  T146]  ? klist_children_get+0x50/0x50
[  449.324638][  T146]  ? get_device_parent+0x121/0x3f0
[  449.329726][  T146]  device_add+0x483/0xfb0
[  449.334042][  T146]  hci_conn_add_sysfs+0xd1/0x1e0
[  449.338960][  T146]  le_conn_complete_evt+0xc48/0x15c0
[  449.344229][  T146]  ? cs_le_create_conn+0x5e0/0x5e0
[  449.349317][  T146]  ? __mutex_trylock_common+0x155/0x260
[  449.354844][  T146]  hci_le_meta_evt+0x285/0x3c90
[  449.359673][  T146]  ? hci_event_packet+0x37b/0x1370
[  449.364766][  T146]  ? __lock_acquire+0x7d10/0x7d10
[  449.369769][  T146]  ? hci_remote_host_features_evt+0x280/0x280
[  449.375812][  T146]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  449.381429][  T146]  ? mark_lock+0x94/0x320
[  449.385739][  T146]  ? mutex_unlock+0x10/0x10
[  449.390217][  T146]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  449.396191][  T146]  ? lock_chain_count+0x20/0x20
[  449.401037][  T146]  ? __rwlock_init+0x140/0x140
[  449.405779][  T146]  hci_event_packet+0xe48/0x1370
[  449.410703][  T146]  ? lockdep_hardirqs_on+0x94/0x140
[  449.415893][  T146]  ? rcu_lock_release+0x20/0x20
[  449.420732][  T146]  ? hci_send_to_monitor+0x9c/0x4a0
[  449.425922][  T146]  hci_rx_work+0x255/0xa10
[  449.430331][  T146]  process_one_work+0x85f/0x1010
[  449.435357][  T146]  ? worker_detach_from_pool+0x240/0x240
[  449.440968][  T146]  ? lockdep_hardirqs_off+0x70/0x100
[  449.446329][  T146]  ? _raw_spin_lock_irq+0xb7/0xf0
[  449.451329][  T146]  ? _raw_spin_lock_irqsave+0x100/0x100
[  449.456851][  T146]  ? wq_worker_running+0x97/0x170
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
executing program
[  449.461860][  T146]  worker_thread+0xaa6/0x1290
[  449.466528][  T146]  kthread+0x436/0x520
[  449.470575][  T146]  ? rcu_lock_release+0x20/0x20
[  449.475403][  T146]  ? kthread_blkcg+0xd0/0xd0
[  449.479982][  T146]  ret_from_fork+0x1f/0x30
[  449.484380][  T146]  </TASK>
[  449.491503][  T146] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  449.504785][  T146] Bluetooth: hci0: failed to register connection device
[  449.519051][  T146] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  449.528740][  T146] CPU: 1 PID: 146 Comm: kworker/u5:0 Not tainted syzkaller #0
[  449.536299][  T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  449.546343][  T146] Workqueue: hci0 hci_rx_work
[  449.551016][  T146] Call Trace:
[  449.554274][  T146]  <TASK>
[  449.557197][  T146]  dump_stack_lvl+0x188/0x250
[  449.561877][  T146]  ? show_regs_print_info+0x20/0x20
[  449.567055][  T146]  ? load_image+0x400/0x400
[  449.571539][  T146]  sysfs_create_dir_ns+0x26a/0x290
[  449.576628][  T146]  ? sysfs_warn_dup+0xa0/0xa0
[  449.581279][  T146]  ? process_one_work+0x85f/0x1010
[  449.586369][  T146]  ? do_raw_spin_unlock+0x11d/0x230
[  449.591545][  T146]  kobject_add_internal+0x6e0/0xd90
[  449.596731][  T146]  kobject_add+0x160/0x230
[  449.601132][  T146]  ? kobject_init+0x1d0/0x1d0
[  449.605788][  T146]  ? klist_children_get+0x50/0x50
[  449.610798][  T146]  ? get_device_parent+0x121/0x3f0
[  449.615916][  T146]  device_add+0x483/0xfb0
[  449.620256][  T146]  hci_conn_add_sysfs+0xd1/0x1e0
[  449.625178][  T146]  le_conn_complete_evt+0xc48/0x15c0
[  449.630456][  T146]  ? cs_le_create_conn+0x5e0/0x5e0
[  449.635556][  T146]  ? __mutex_trylock_common+0x155/0x260
[  449.641080][  T146]  hci_le_meta_evt+0x285/0x3c90
[  449.645937][  T146]  ? hci_event_packet+0x37b/0x1370
[  449.651027][  T146]  ? __lock_acquire+0x7d10/0x7d10
[  449.656029][  T146]  ? hci_remote_host_features_evt+0x280/0x280
[  449.662178][  T146]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  449.667788][  T146]  ? mark_lock+0x94/0x320
[  449.672092][  T146]  ? mutex_unlock+0x10/0x10
[  449.676839][  T146]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  449.682799][  T146]  ? lock_chain_count+0x20/0x20
[  449.687627][  T146]  ? __rwlock_init+0x140/0x140
[  449.692370][  T146]  hci_event_packet+0xe48/0x1370
[  449.697285][  T146]  ? lockdep_hardirqs_on+0x94/0x140
[  449.702465][  T146]  ? rcu_lock_release+0x20/0x20
[  449.707295][  T146]  ? hci_send_to_monitor+0x9c/0x4a0
[  449.712477][  T146]  hci_rx_work+0x255/0xa10
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
[  449.716878][  T146]  process_one_work+0x85f/0x1010
[  449.721800][  T146]  ? worker_detach_from_pool+0x240/0x240
[  449.727408][  T146]  ? lockdep_hardirqs_off+0x70/0x100
[  449.732678][  T146]  ? _raw_spin_lock_irq+0xb7/0xf0
[  449.737675][  T146]  ? _raw_spin_lock_irqsave+0x100/0x100
[  449.743198][  T146]  ? wq_worker_running+0x97/0x170
[  449.748200][  T146]  worker_thread+0xaa6/0x1290
[  449.752871][  T146]  kthread+0x436/0x520
[  449.756917][  T146]  ? rcu_lock_release+0x20/0x20
[  449.761751][  T146]  ? kthread_blkcg+0xd0/0xd0
executing program
[  449.766325][  T146]  ret_from_fork+0x1f/0x30
[  449.770733][  T146]  </TASK>
[  449.775060][  T146] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  449.788587][  T146] Bluetooth: hci0: failed to register connection device
[  449.808029][ T4252] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  449.817710][ T4252] CPU: 0 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  449.825333][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  449.835463][ T4252] Workqueue: hci0 hci_rx_work
[  449.840130][ T4252] Call Trace:
[  449.843390][ T4252]  <TASK>
[  449.846299][ T4252]  dump_stack_lvl+0x188/0x250
[  449.850960][ T4252]  ? show_regs_print_info+0x20/0x20
[  449.856138][ T4252]  ? load_image+0x400/0x400
[  449.860623][ T4252]  sysfs_create_dir_ns+0x26a/0x290
[  449.865714][ T4252]  ? sysfs_warn_dup+0xa0/0xa0
[  449.870366][ T4252]  ? process_one_work+0x85f/0x1010
[  449.875458][ T4252]  ? do_raw_spin_unlock+0x11d/0x230
[  449.880635][ T4252]  kobject_add_internal+0x6e0/0xd90
[  449.885814][ T4252]  kobject_add+0x160/0x230
[  449.890212][ T4252]  ? kobject_init+0x1d0/0x1d0
[  449.894866][ T4252]  ? klist_children_get+0x50/0x50
[  449.899868][ T4252]  ? get_device_parent+0x121/0x3f0
[  449.904959][ T4252]  device_add+0x483/0xfb0
[  449.909285][ T4252]  hci_conn_add_sysfs+0xd1/0x1e0
[  449.914232][ T4252]  le_conn_complete_evt+0xc48/0x15c0
[  449.919713][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  449.924843][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  449.930423][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  449.935267][ T4252]  ? hci_event_packet+0x37b/0x1370
[  449.940362][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  449.945376][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  449.951424][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  449.957047][ T4252]  ? mark_lock+0x94/0x320
[  449.961361][ T4252]  ? mutex_unlock+0x10/0x10
[  449.965850][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  449.971809][ T4252]  ? lock_chain_count+0x20/0x20
[  449.976656][ T4252]  ? __rwlock_init+0x140/0x140
[  449.981413][ T4252]  hci_event_packet+0xe48/0x1370
[  449.986334][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  449.991525][ T4252]  ? rcu_lock_release+0x20/0x20
[  449.996376][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  450.001558][ T4252]  hci_rx_work+0x255/0xa10
[  450.005963][ T4252]  process_one_work+0x85f/0x1010
[  450.010885][ T4252]  ? worker_detach_from_pool+0x240/0x240
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
executing program
[  450.016492][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  450.021757][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  450.026759][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  450.032285][ T4252]  ? wq_worker_running+0x97/0x170
[  450.037287][ T4252]  worker_thread+0xaa6/0x1290
[  450.041956][ T4252]  kthread+0x436/0x520
[  450.046000][ T4252]  ? rcu_lock_release+0x20/0x20
[  450.050834][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  450.055402][ T4252]  ret_from_fork+0x1f/0x30
[  450.059802][ T4252]  </TASK>
[  450.064226][ T4252] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  450.077523][ T4252] Bluetooth: hci0: failed to register connection device
[  450.091093][ T4252] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  450.100944][ T4252] CPU: 1 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  450.108477][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  450.118515][ T4252] Workqueue: hci0 hci_rx_work
[  450.123180][ T4252] Call Trace:
[  450.126447][ T4252]  <TASK>
[  450.129353][ T4252]  dump_stack_lvl+0x188/0x250
[  450.134008][ T4252]  ? show_regs_print_info+0x20/0x20
[  450.139184][ T4252]  ? load_image+0x400/0x400
[  450.143668][ T4252]  sysfs_create_dir_ns+0x26a/0x290
[  450.148756][ T4252]  ? sysfs_warn_dup+0xa0/0xa0
[  450.153406][ T4252]  ? process_one_work+0x85f/0x1010
[  450.158498][ T4252]  ? do_raw_spin_unlock+0x11d/0x230
[  450.163702][ T4252]  kobject_add_internal+0x6e0/0xd90
[  450.168890][ T4252]  kobject_add+0x160/0x230
[  450.173722][ T4252]  ? kobject_init+0x1d0/0x1d0
[  450.178390][ T4252]  ? klist_children_get+0x50/0x50
[  450.183478][ T4252]  ? get_device_parent+0x121/0x3f0
[  450.188569][ T4252]  device_add+0x483/0xfb0
[  450.192913][ T4252]  hci_conn_add_sysfs+0xd1/0x1e0
[  450.197834][ T4252]  le_conn_complete_evt+0xc48/0x15c0
[  450.203128][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  450.208410][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  450.213937][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  450.218765][ T4252]  ? hci_event_packet+0x37b/0x1370
[  450.223856][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  450.228875][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  450.234933][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  450.240555][ T4252]  ? mark_lock+0x94/0x320
[  450.244862][ T4252]  ? mutex_unlock+0x10/0x10
[  450.249360][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  450.255322][ T4252]  ? lock_chain_count+0x20/0x20
[  450.260159][ T4252]  ? __rwlock_init+0x140/0x140
[  450.264908][ T4252]  hci_event_packet+0xe48/0x1370
[  450.269999][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  450.275176][ T4252]  ? rcu_lock_release+0x20/0x20
[  450.280005][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  450.285194][ T4252]  hci_rx_work+0x255/0xa10
[  450.289591][ T4252]  process_one_work+0x85f/0x1010
[  450.294512][ T4252]  ? worker_detach_from_pool+0x240/0x240
[  450.300120][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  450.305387][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  450.310387][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  450.315905][ T4252]  ? wq_worker_running+0x97/0x170
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
executing program
[  450.320903][ T4252]  worker_thread+0xaa6/0x1290
[  450.325570][ T4252]  kthread+0x436/0x520
[  450.329613][ T4252]  ? rcu_lock_release+0x20/0x20
[  450.334434][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  450.339011][ T4252]  ret_from_fork+0x1f/0x30
[  450.343427][ T4252]  </TASK>
[  450.347438][ T4252] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  450.360719][ T4252] Bluetooth: hci0: failed to register connection device
[  450.377340][ T4252] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  450.386899][ T4252] CPU: 1 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  450.394437][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  450.404479][ T4252] Workqueue: hci0 hci_rx_work
[  450.409322][ T4252] Call Trace:
[  450.412586][ T4252]  <TASK>
[  450.415501][ T4252]  dump_stack_lvl+0x188/0x250
[  450.420168][ T4252]  ? show_regs_print_info+0x20/0x20
[  450.425365][ T4252]  ? load_image+0x400/0x400
[  450.429871][ T4252]  sysfs_create_dir_ns+0x26a/0x290
[  450.435064][ T4252]  ? sysfs_warn_dup+0xa0/0xa0
[  450.439738][ T4252]  ? process_one_work+0x85f/0x1010
[  450.444842][ T4252]  ? do_raw_spin_unlock+0x11d/0x230
[  450.450126][ T4252]  kobject_add_internal+0x6e0/0xd90
[  450.455316][ T4252]  kobject_add+0x160/0x230
[  450.459731][ T4252]  ? kobject_init+0x1d0/0x1d0
[  450.464408][ T4252]  ? klist_children_get+0x50/0x50
[  450.469423][ T4252]  ? get_device_parent+0x121/0x3f0
[  450.474521][ T4252]  device_add+0x483/0xfb0
[  450.478844][ T4252]  hci_conn_add_sysfs+0xd1/0x1e0
[  450.483773][ T4252]  le_conn_complete_evt+0xc48/0x15c0
[  450.489077][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  450.494182][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  450.499716][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  450.504552][ T4252]  ? hci_event_packet+0x37b/0x1370
[  450.509647][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  450.514659][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  450.520705][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  450.526328][ T4252]  ? mark_lock+0x94/0x320
[  450.530727][ T4252]  ? mutex_unlock+0x10/0x10
[  450.535222][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  450.541183][ T4252]  ? lock_chain_count+0x20/0x20
[  450.546015][ T4252]  ? __rwlock_init+0x140/0x140
[  450.550764][ T4252]  hci_event_packet+0xe48/0x1370
[  450.555680][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  450.560865][ T4252]  ? rcu_lock_release+0x20/0x20
[  450.565710][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  450.570888][ T4252]  hci_rx_work+0x255/0xa10
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
executing program
[  450.575293][ T4252]  process_one_work+0x85f/0x1010
[  450.580223][ T4252]  ? worker_detach_from_pool+0x240/0x240
[  450.585842][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  450.591119][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  450.596130][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  450.601660][ T4252]  ? wq_worker_running+0x97/0x170
[  450.606667][ T4252]  worker_thread+0xaa6/0x1290
[  450.611345][ T4252]  kthread+0x436/0x520
[  450.615393][ T4252]  ? rcu_lock_release+0x20/0x20
[  450.620236][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  450.624809][ T4252]  ret_from_fork+0x1f/0x30
[  450.629219][ T4252]  </TASK>
[  450.632944][ T4252] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  450.646211][ T4252] Bluetooth: hci0: failed to register connection device
[  450.659788][ T4252] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  450.669552][ T4252] CPU: 0 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  450.677081][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  450.687293][ T4252] Workqueue: hci0 hci_rx_work
[  450.691958][ T4252] Call Trace:
[  450.695216][ T4252]  <TASK>
[  450.698124][ T4252]  dump_stack_lvl+0x188/0x250
[  450.702781][ T4252]  ? show_regs_print_info+0x20/0x20
[  450.707958][ T4252]  ? load_image+0x400/0x400
[  450.712445][ T4252]  sysfs_create_dir_ns+0x26a/0x290
[  450.717533][ T4252]  ? sysfs_warn_dup+0xa0/0xa0
[  450.722181][ T4252]  ? process_one_work+0x85f/0x1010
[  450.727267][ T4252]  ? do_raw_spin_unlock+0x11d/0x230
[  450.732445][ T4252]  kobject_add_internal+0x6e0/0xd90
[  450.737625][ T4252]  kobject_add+0x160/0x230
[  450.742036][ T4252]  ? kobject_init+0x1d0/0x1d0
[  450.746729][ T4252]  ? klist_children_get+0x50/0x50
[  450.751739][ T4252]  ? get_device_parent+0x121/0x3f0
[  450.756835][ T4252]  device_add+0x483/0xfb0
[  450.761153][ T4252]  hci_conn_add_sysfs+0xd1/0x1e0
[  450.766094][ T4252]  le_conn_complete_evt+0xc48/0x15c0
[  450.771385][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  450.776493][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  450.782025][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  450.786893][ T4252]  ? hci_event_packet+0x37b/0x1370
[  450.791983][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  450.797100][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  450.803239][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  450.808847][ T4252]  ? mark_lock+0x94/0x320
[  450.813151][ T4252]  ? mutex_unlock+0x10/0x10
[  450.817630][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  450.823589][ T4252]  ? lock_chain_count+0x20/0x20
[  450.828416][ T4252]  ? __rwlock_init+0x140/0x140
[  450.833271][ T4252]  hci_event_packet+0xe48/0x1370
[  450.838211][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  450.843403][ T4252]  ? rcu_lock_release+0x20/0x20
[  450.848243][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  450.853436][ T4252]  hci_rx_work+0x255/0xa10
[  450.857841][ T4252]  process_one_work+0x85f/0x1010
[  450.862763][ T4252]  ? worker_detach_from_pool+0x240/0x240
[  450.868373][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  450.873654][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
the reproducer may not work as expected: 802154 injection setup failed: NL802154_CMD_SET_SHORT_ADDR failed
[  450.878657][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  450.884188][ T4252]  ? wq_worker_running+0x97/0x170
[  450.889190][ T4252]  worker_thread+0xaa6/0x1290
[  450.893860][ T4252]  kthread+0x436/0x520
[  450.897902][ T4252]  ? rcu_lock_release+0x20/0x20
[  450.902727][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  450.907292][ T4252]  ret_from_fork+0x1f/0x30
[  450.911701][ T4252]  </TASK>
[  450.915019][ T4252] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  450.928458][ T4252] Bluetooth: hci0: failed to register connection device
[  450.938283][ T4252] ==================================================================
[  450.946583][ T4252] BUG: KASAN: use-after-free in l2cap_connect_cfm+0x6ff/0x10f0
[  450.954136][ T4252] Read of size 8 at addr ffff8881413d3488 by task kworker/u5:1/4252
[  450.962095][ T4252] 
[  450.964412][ T4252] CPU: 1 PID: 4252 Comm: kworker/u5:1 Not tainted syzkaller #0
[  450.971939][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  450.981981][ T4252] Workqueue: hci0 hci_rx_work
[  450.986653][ T4252] Call Trace:
[  450.989911][ T4252]  <TASK>
[  450.992848][ T4252]  dump_stack_lvl+0x188/0x250
[  450.997524][ T4252]  ? show_regs_print_info+0x20/0x20
[  451.002704][ T4252]  ? load_image+0x400/0x400
[  451.007179][ T4252]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  451.012613][ T4252]  ? __mutex_unlock_slowpath+0x658/0x6c0
[  451.018223][ T4252]  print_address_description+0x60/0x2d0
[  451.023758][ T4252]  ? l2cap_connect_cfm+0x6ff/0x10f0
[  451.028949][ T4252]  kasan_report+0xdf/0x130
[  451.031680][ T4291] Bluetooth: hci0: command 0x041b tx timeout
[  451.033356][ T4252]  ? l2cap_connect_cfm+0x6ff/0x10f0
[  451.044493][ T4252]  l2cap_connect_cfm+0x6ff/0x10f0
[  451.049504][ T4252]  ? l2cap_ertm_resend+0x10d0/0x10d0
[  451.054766][ T4252]  ? l2cap_ertm_resend+0x10d0/0x10d0
[  451.060035][ T4252]  le_conn_complete_evt+0xd42/0x15c0
[  451.065307][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  451.070399][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  451.075922][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  451.080759][ T4252]  ? hci_event_packet+0x37b/0x1370
[  451.085850][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  451.090883][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  451.096930][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  451.102546][ T4252]  ? mark_lock+0x94/0x320
[  451.106850][ T4252]  ? mutex_unlock+0x10/0x10
[  451.111328][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  451.117286][ T4252]  ? lock_chain_count+0x20/0x20
[  451.122113][ T4252]  ? __rwlock_init+0x140/0x140
[  451.126854][ T4252]  hci_event_packet+0xe48/0x1370
[  451.131769][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  451.136946][ T4252]  ? rcu_lock_release+0x20/0x20
[  451.141773][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  451.147027][ T4252]  hci_rx_work+0x255/0xa10
[  451.151438][ T4252]  process_one_work+0x85f/0x1010
[  451.156370][ T4252]  ? worker_detach_from_pool+0x240/0x240
[  451.161985][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  451.167346][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  451.172341][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  451.177861][ T4252]  ? wq_worker_running+0x97/0x170
[  451.182860][ T4252]  worker_thread+0xaa6/0x1290
[  451.187530][ T4252]  kthread+0x436/0x520
[  451.191570][ T4252]  ? rcu_lock_release+0x20/0x20
[  451.196406][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  451.200970][ T4252]  ret_from_fork+0x1f/0x30
[  451.205371][ T4252]  </TASK>
[  451.208365][ T4252] 
[  451.210663][ T4252] Allocated by task 4252:
[  451.214960][ T4252]  __kasan_kmalloc+0xb5/0xf0
[  451.219526][ T4252]  l2cap_chan_create+0x4c/0x730
[  451.224438][ T4252]  l2cap_sock_alloc+0x13a/0x200
[  451.229260][ T4252]  l2cap_sock_new_connection_cb+0xd1/0x1c0
[  451.235134][ T4252]  l2cap_connect_cfm+0x35d/0x10f0
[  451.240135][ T4252]  le_conn_complete_evt+0xd42/0x15c0
[  451.245390][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  451.250218][ T4252]  hci_event_packet+0xe48/0x1370
[  451.255218][ T4252]  hci_rx_work+0x255/0xa10
[  451.259606][ T4252]  process_one_work+0x85f/0x1010
[  451.264515][ T4252]  worker_thread+0xaa6/0x1290
[  451.269167][ T4252]  kthread+0x436/0x520
[  451.273205][ T4252]  ret_from_fork+0x1f/0x30
[  451.277599][ T4252] 
[  451.279895][ T4252] Freed by task 8597:
[  451.283843][ T4252]  kasan_set_track+0x4b/0x70
[  451.288405][ T4252]  kasan_set_free_info+0x1f/0x40
[  451.293320][ T4252]  ____kasan_slab_free+0xd5/0x110
[  451.298314][ T4252]  slab_free_freelist_hook+0xea/0x170
[  451.303659][ T4252]  kfree+0xef/0x2a0
[  451.307439][ T4252]  l2cap_sock_cleanup_listen+0xea/0x270
[  451.312956][ T4252]  l2cap_sock_release+0x66/0x1e0
[  451.317866][ T4252]  sock_close+0xd5/0x240
[  451.322077][ T4252]  __fput+0x234/0x930
[  451.326030][ T4252]  task_work_run+0x125/0x1a0
[  451.330599][ T4252]  exit_to_user_mode_loop+0x10f/0x130
[  451.335940][ T4252]  exit_to_user_mode_prepare+0xee/0x180
[  451.341460][ T4252]  syscall_exit_to_user_mode+0x16/0x40
[  451.346900][ T4252]  do_syscall_64+0x58/0xa0
[  451.351291][ T4252]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  451.357157][ T4252] 
[  451.359454][ T4252] Last potentially related work creation:
[  451.365139][ T4252]  kasan_save_stack+0x35/0x60
[  451.369789][ T4252]  kasan_record_aux_stack+0xb8/0x100
[  451.375053][ T4252]  call_rcu+0x189/0x950
[  451.379181][ T4252]  addrconf_ifdown+0x1742/0x19c0
[  451.384090][ T4252]  addrconf_notify+0x445/0xf00
[  451.388852][ T4252]  raw_notifier_call_chain+0xcb/0x160
[  451.394196][ T4252]  unregister_netdevice_many+0x1049/0x19f0
[  451.400007][ T4252]  ip_tunnel_delete_nets+0x320/0x370
[  451.405265][ T4252]  cleanup_net+0x791/0xba0
[  451.409756][ T4252]  process_one_work+0x85f/0x1010
[  451.414669][ T4252]  worker_thread+0xaa6/0x1290
[  451.419319][ T4252]  kthread+0x436/0x520
[  451.423359][ T4252]  ret_from_fork+0x1f/0x30
[  451.427751][ T4252] 
[  451.430047][ T4252] The buggy address belongs to the object at ffff8881413d3000
[  451.430047][ T4252]  which belongs to the cache kmalloc-2k of size 2048
[  451.444073][ T4252] The buggy address is located 1160 bytes inside of
[  451.444073][ T4252]  2048-byte region [ffff8881413d3000, ffff8881413d3800)
[  451.457492][ T4252] The buggy address belongs to the page:
[  451.463195][ T4252] page:ffffea000504f400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1413d0
[  451.473585][ T4252] head:ffffea000504f400 order:3 compound_mapcount:0 compound_pincount:0
[  451.481882][ T4252] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[  451.489941][ T4252] raw: 057ff00000010200 0000000000000000 0000000500000001 ffff888016c42000
[  451.498501][ T4252] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[  451.507055][ T4252] page dumped because: kasan: bad access detected
[  451.513448][ T4252] page_owner tracks the page as allocated
[  451.519133][ T4252] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 3484705970, free_ts 0
[  451.537086][ T4252]  get_page_from_freelist+0x1bbd/0x1ca0
[  451.542628][ T4252]  __alloc_pages+0x1ee/0x480
[  451.547200][ T4252]  alloc_page_interleave+0x24/0x1e0
[  451.552464][ T4252]  new_slab+0xc0/0x4b0
[  451.556510][ T4252]  ___slab_alloc+0x80a/0xdd0
[  451.561073][ T4252]  kmem_cache_alloc_trace+0x1a5/0x2a0
[  451.566452][ T4252]  acpi_ds_create_walk_state+0xe2/0x270
[  451.571976][ T4252]  acpi_ps_execute_method+0x21c/0x7b0
[  451.577332][ T4252]  acpi_ns_evaluate+0x617/0x9d0
[  451.582164][ T4252]  acpi_ut_evaluate_object+0x12f/0x490
[  451.587606][ T4252]  acpi_ut_execute_STA+0x44/0x130
[  451.592681][ T4252]  acpi_ns_get_device_callback+0x210/0x4b0
[  451.598464][ T4252]  acpi_ns_walk_namespace+0x235/0x680
[  451.603809][ T4252]  acpi_get_devices+0x108/0x170
[  451.608702][ T4252]  pnpacpi_init+0x7e/0x120
[  451.613094][ T4252]  do_one_initcall+0x272/0x730
[  451.617831][ T4252] page_owner free stack trace missing
[  451.623287][ T4252] 
[  451.625591][ T4252] Memory state around the buggy address:
executing program
[  451.631364][ T4252]  ffff8881413d3380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  451.639401][ T4252]  ffff8881413d3400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  451.647521][ T4252] >ffff8881413d3480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  451.655574][ T4252]                       ^
[  451.659873][ T4252]  ffff8881413d3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  451.667905][ T4252]  ffff8881413d3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  451.675941][ T4252] ==================================================================
[  451.684059][ T4252] Disabling lock debugging due to kernel taint
[  451.691682][ T4252] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  451.698966][ T4252] CPU: 1 PID: 4252 Comm: kworker/u5:1 Tainted: G    B             syzkaller #0
[  451.707908][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  451.717968][ T4252] Workqueue: hci0 hci_rx_work
[  451.722631][ T4252] Call Trace:
[  451.725886][ T4252]  <TASK>
[  451.728792][ T4252]  dump_stack_lvl+0x188/0x250
[  451.733446][ T4252]  ? show_regs_print_info+0x20/0x20
[  451.738622][ T4252]  ? load_image+0x400/0x400
[  451.743100][ T4252]  panic+0x2e5/0x810
[  451.746972][ T4252]  ? bpf_jit_dump+0xd0/0xd0
[  451.751445][ T4252]  ? _raw_spin_unlock_irqrestore+0x10d/0x120
[  451.757410][ T4252]  ? _raw_spin_unlock+0x40/0x40
[  451.762332][ T4252]  ? l2cap_connect_cfm+0x6ff/0x10f0
[  451.767506][ T4252]  check_panic_on_warn+0x80/0xa0
[  451.772417][ T4252]  ? l2cap_connect_cfm+0x6ff/0x10f0
[  451.777598][ T4252]  end_report+0x6d/0xf0
[  451.781741][ T4252]  kasan_report+0x102/0x130
[  451.786220][ T4252]  ? l2cap_connect_cfm+0x6ff/0x10f0
[  451.791400][ T4252]  l2cap_connect_cfm+0x6ff/0x10f0
[  451.796411][ T4252]  ? l2cap_ertm_resend+0x10d0/0x10d0
[  451.801681][ T4252]  ? l2cap_ertm_resend+0x10d0/0x10d0
[  451.807029][ T4252]  le_conn_complete_evt+0xd42/0x15c0
[  451.812307][ T4252]  ? cs_le_create_conn+0x5e0/0x5e0
[  451.817408][ T4252]  ? __mutex_trylock_common+0x155/0x260
[  451.822932][ T4252]  hci_le_meta_evt+0x285/0x3c90
[  451.827773][ T4252]  ? hci_event_packet+0x37b/0x1370
[  451.832864][ T4252]  ? __lock_acquire+0x7d10/0x7d10
[  451.837869][ T4252]  ? hci_remote_host_features_evt+0x280/0x280
[  451.843910][ T4252]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  451.849517][ T4252]  ? mark_lock+0x94/0x320
[  451.853819][ T4252]  ? mutex_unlock+0x10/0x10
[  451.858297][ T4252]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  451.864248][ T4252]  ? lock_chain_count+0x20/0x20
[  451.869073][ T4252]  ? __rwlock_init+0x140/0x140
[  451.873810][ T4252]  hci_event_packet+0xe48/0x1370
[  451.878757][ T4252]  ? lockdep_hardirqs_on+0x94/0x140
[  451.883934][ T4252]  ? rcu_lock_release+0x20/0x20
[  451.888766][ T4252]  ? hci_send_to_monitor+0x9c/0x4a0
[  451.893948][ T4252]  hci_rx_work+0x255/0xa10
[  451.898349][ T4252]  process_one_work+0x85f/0x1010
[  451.903272][ T4252]  ? worker_detach_from_pool+0x240/0x240
[  451.908879][ T4252]  ? lockdep_hardirqs_off+0x70/0x100
[  451.914141][ T4252]  ? _raw_spin_lock_irq+0xb7/0xf0
[  451.919141][ T4252]  ? _raw_spin_lock_irqsave+0x100/0x100
[  451.924661][ T4252]  ? wq_worker_running+0x97/0x170
[  451.929680][ T4252]  worker_thread+0xaa6/0x1290
[  451.934358][ T4252]  kthread+0x436/0x520
[  451.938400][ T4252]  ? rcu_lock_release+0x20/0x20
[  451.943221][ T4252]  ? kthread_blkcg+0xd0/0xd0
[  451.947782][ T4252]  ret_from_fork+0x1f/0x30
[  451.952176][ T4252]  </TASK>
[  451.955673][ T4252] Kernel Offset: disabled
[  451.960003][ T4252] Rebooting in 86400 seconds..