program: io_setup(0x9, &(0x7f0000003080)=0x0) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f0000000100), 0x8) (async) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) (async) io_setup(0x67, &(0x7f0000000080)) (async) io_destroy(r0) (async) io_setup(0x0, &(0x7f0000000040)) [ 74.576607][ T5335] Bluetooth: hci0: command tx timeout [ 74.608523][ T4704] ------------[ cut here ]------------ [ 74.612625][ T4704] WARNING: CPU: 0 PID: 4704 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290 [ 74.624004][ T4704] Modules linked in: [ 74.625554][ T4704] CPU: 0 UID: 0 PID: 4704 Comm: kworker/u5:1 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(full) [ 74.630655][ T4704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.635164][ T4704] Workqueue: hci0 hci_conn_timeout [ 74.637687][ T4704] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 74.640091][ T4704] Code: 48 89 df e8 23 05 09 00 eb 07 e8 1c dc 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 ca fe ff e8 02 dc 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 74.648600][ T4704] RSP: 0018:ffffc9000f8bfa50 EFLAGS: 00010293 [ 74.651286][ T4704] RAX: ffffffff8a78df5e RBX: ffff8880436c8000 RCX: ffff88801fbfa440 [ 74.654815][ T4704] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 74.658306][ T4704] RBP: 00000000ffffffff R08: ffff8880436c8013 R09: 1ffff110086d9002 [ 74.661809][ T4704] R10: dffffc0000000000 R11: ffffed10086d9003 R12: dffffc0000000000 [ 74.665074][ T4704] R13: ffff8880003a9518 R14: ffff8880436c8948 R15: ffff8880436c8010 [ 74.668828][ T4704] FS: 0000000000000000(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000 [ 74.672615][ T4704] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.675365][ T4704] CR2: 00007fea7f344fc8 CR3: 000000001162d000 CR4: 0000000000352ef0 [ 74.678827][ T4704] Call Trace: [ 74.680324][ T4704] [ 74.681696][ T4704] ? process_scheduled_works+0x9ef/0x17b0 [ 74.684139][ T4704] process_scheduled_works+0xade/0x17b0 [ 74.686651][ T4704] ? __pfx_process_scheduled_works+0x10/0x10 [ 74.689424][ T4704] worker_thread+0x8a0/0xda0 [ 74.691466][ T4704] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 74.694223][ T4704] ? __kthread_parkme+0x7b/0x200 [ 74.696356][ T4704] kthread+0x70e/0x8a0 [ 74.698116][ T4704] ? __pfx_worker_thread+0x10/0x10 [ 74.700275][ T4704] ? __pfx_kthread+0x10/0x10 [ 74.702231][ T4704] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.704611][ T4704] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.707336][ T4704] ? __pfx_kthread+0x10/0x10 [ 74.709816][ T4704] ret_from_fork+0x3f9/0x770 [ 74.712057][ T4704] ? __pfx_ret_from_fork+0x10/0x10 [ 74.714423][ T4704] ? __pfx_kthread+0x10/0x10 [ 74.716579][ T4704] ret_from_fork_asm+0x1a/0x30 [ 74.718730][ T4704] [ 74.720108][ T4704] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 74.723198][ T4704] CPU: 0 UID: 0 PID: 4704 Comm: kworker/u5:1 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(full) [ 74.728505][ T4704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.733175][ T4704] Workqueue: hci0 hci_conn_timeout [ 74.735266][ T4704] Call Trace: [ 74.736622][ T4704] [ 74.737850][ T4704] dump_stack_lvl+0x99/0x250 [ 74.739868][ T4704] ? __asan_memcpy+0x40/0x70 [ 74.741868][ T4704] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.744193][ T4704] ? __pfx__printk+0x10/0x10 [ 74.746392][ T4704] vpanic+0x281/0x750 [ 74.748183][ T4704] ? __pfx__printk+0x10/0x10 [ 74.750658][ T4704] ? __pfx_vpanic+0x10/0x10 [ 74.753025][ T4704] ? is_bpf_text_address+0x292/0x2b0 [ 74.755680][ T4704] panic+0xb9/0xc0 [ 74.757346][ T4704] ? __pfx_panic+0x10/0x10 [ 74.759285][ T4704] __warn+0x31b/0x4b0 [ 74.761035][ T4704] ? hci_conn_timeout+0xff/0x290 [ 74.763205][ T4704] ? hci_conn_timeout+0xff/0x290 [ 74.765391][ T4704] report_bug+0x2be/0x4f0 [ 74.767252][ T4704] ? hci_conn_timeout+0xff/0x290 [ 74.769441][ T4704] ? hci_conn_timeout+0xff/0x290 [ 74.771578][ T4704] ? hci_conn_timeout+0x101/0x290 [ 74.773784][ T4704] handle_bug+0x84/0x160 [ 74.775779][ T4704] exc_invalid_op+0x1a/0x50 [ 74.777914][ T4704] asm_exc_invalid_op+0x1a/0x20 [ 74.780050][ T4704] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 74.782465][ T4704] Code: 48 89 df e8 23 05 09 00 eb 07 e8 1c dc 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 ca fe ff e8 02 dc 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 74.790453][ T4704] RSP: 0018:ffffc9000f8bfa50 EFLAGS: 00010293 [ 74.793073][ T4704] RAX: ffffffff8a78df5e RBX: ffff8880436c8000 RCX: ffff88801fbfa440 [ 74.796568][ T4704] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 74.800064][ T4704] RBP: 00000000ffffffff R08: ffff8880436c8013 R09: 1ffff110086d9002 [ 74.803545][ T4704] R10: dffffc0000000000 R11: ffffed10086d9003 R12: dffffc0000000000 [ 74.806981][ T4704] R13: ffff8880003a9518 R14: ffff8880436c8948 R15: ffff8880436c8010 [ 74.810370][ T4704] ? hci_conn_timeout+0xfe/0x290 [ 74.812631][ T4704] ? process_scheduled_works+0x9ef/0x17b0 [ 74.815232][ T4704] process_scheduled_works+0xade/0x17b0 [ 74.817923][ T4704] ? __pfx_process_scheduled_works+0x10/0x10 [ 74.820780][ T4704] worker_thread+0x8a0/0xda0 [ 74.823021][ T4704] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 74.825931][ T4704] ? __kthread_parkme+0x7b/0x200 [ 74.828185][ T4704] kthread+0x70e/0x8a0 [ 74.830040][ T4704] ? __pfx_worker_thread+0x10/0x10 [ 74.832284][ T4704] ? __pfx_kthread+0x10/0x10 [ 74.834266][ T4704] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.836574][ T4704] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.838825][ T4704] ? __pfx_kthread+0x10/0x10 [ 74.840945][ T4704] ret_from_fork+0x3f9/0x770 [ 74.843174][ T4704] ? __pfx_ret_from_fork+0x10/0x10 [ 74.845656][ T4704] ? __pfx_kthread+0x10/0x10 [ 74.847823][ T4704] ret_from_fork_asm+0x1a/0x30 [ 74.850005][ T4704] [ 74.851766][ T4704] Kernel Offset: disabled [ 74.853715][ T4704] Rebooting in 86400 seconds..