program:
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0xc800) (async)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) (async, rerun: 64)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="0430"], 0x7) (async, rerun: 64)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x7, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}) (async)
r0 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000d0200aa1e1c170003003e000839a59434d90a2742a24e000000000000000000deef14b40028e27ebdfd74dafc20380003"], 0xfebe) (async, rerun: 64)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) (rerun: 64)
[ 74.118658][ T4666] Bluetooth: hci0: command tx timeout
[ 74.236671][ T5303] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.240017][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.244816][ T5303] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.248979][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.255512][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.258740][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.262982][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.266541][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.269676][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.274184][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.277596][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.282147][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.285620][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.289097][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.292628][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.296113][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.299568][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.304175][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.307609][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.311657][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.315897][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.319115][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.324465][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.327746][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.331628][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.335205][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.338705][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.343502][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.346999][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.350181][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.354131][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.357689][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.362641][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.366323][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.369902][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.373794][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.378366][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.383663][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.387554][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.392105][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.395125][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.398187][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.402336][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.405450][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.408472][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.411773][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.414476][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.417309][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.420164][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.424626][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.427772][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.430938][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.434262][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.437553][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.441984][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.445298][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.448525][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.452724][ T4666] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 74.457091][ T4666] Bluetooth: hci0: unexpected event 0x30 length: 4 > 3
[ 74.457161][ T4666] Bluetooth: hci0: unexpected event 0x30 length: 4 > 3
[ 74.459570][ T4666] Bluetooth: hci0: unexpected event 0x30 length: 4 > 3
[ 74.463314][ T4666] Bluetooth: hci0: unexpected event 0x30 length: 4 > 3
[ 74.466232][ T4666] Bluetooth: hci0: unexpected event 0x30 length: 4 > 3
[ 74.468949][ T4666] Bluetooth: hci0: unexpected event 0x30 length: 4 > 3
[ 74.472523][ T4666] Bluetooth: hci0: unexpected event 0x30 length: 4 > 3
[ 74.475294][ T4666] Bluetooth: hci0: unexpected event 0x30 length: 4 > 3
[ 74.479027][ T4666] Bluetooth: hci0: unexpected event 0x30 length: 4 > 3
[ 74.483733][ T4666] Bluetooth: hci0: unexpected event 0x30 length: 4 > 3
[ 74.488252][ T4666] ------------[ cut here ]------------
[ 74.492974][ T4666] WARNING: CPU: 0 PID: 4666 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xfb/0x290
[ 74.496782][ T4666] Modules linked in:
[ 74.498208][ T4666] CPU: 0 UID: 0 PID: 4666 Comm: kworker/u5:1 Not tainted 6.12.0-syzkaller-12113-gbcc8eda6d349 #0
[ 74.501695][ T4666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 74.505313][ T4666] Workqueue: hci0 hci_conn_timeout
[ 74.507189][ T4666] RIP: 0010:hci_conn_timeout+0xfb/0x290
[ 74.509269][ T4666] Code: 4c 89 f7 e8 87 a6 09 00 eb 07 e8 a0 55 dd f6 b0 13 0f b6 f0 4c 89 f7 5b 41 5c 41 5e 41 5f 5d e9 cb ba fe ff e8 86 55 dd f6 90 <0f> 0b 90 eb 8f 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 36 ff ff ff 48
[ 74.515977][ T4666] RSP: 0018:ffffc9000dc67b90 EFLAGS: 00010293
[ 74.517970][ T4666] RAX: ffffffff8ac21c0a RBX: ffff8880405a08e8 RCX: ffff88801faea440
[ 74.520762][ T4666] RDX: 0000000000000000 RSI: 00000000ffffffc0 RDI: 0000000000000000
[ 74.523478][ T4666] RBP: 00000000ffffffc0 R08: ffffffff8ac21b73 R09: 1ffff110080b4002
[ 74.526072][ T4666] R10: dffffc0000000000 R11: ffffed10080b4003 R12: dffffc0000000000
[ 74.528655][ T4666] R13: ffffffff8168ef86 R14: ffff8880405a0000 R15: 0000000001400000
[ 74.531283][ T4666] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[ 74.534105][ T4666] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 74.536217][ T4666] CR2: 00007f9433b15fe0 CR3: 0000000011dbe000 CR4: 0000000000352ef0
[ 74.538745][ T4666] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 74.541556][ T4666] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 74.544372][ T4666] Call Trace:
[ 74.545646][ T4666]
[ 74.546687][ T4666] ? __warn+0x165/0x4d0
[ 74.548217][ T4666] ? hci_conn_timeout+0xfb/0x290
[ 74.550058][ T4666] ? report_bug+0x2b3/0x500
[ 74.552159][ T4666] ? hci_conn_timeout+0xfb/0x290
[ 74.553865][ T4666] ? handle_bug+0x60/0x90
[ 74.555583][ T4666] ? exc_invalid_op+0x1a/0x50
[ 74.557420][ T4666] ? asm_exc_invalid_op+0x1a/0x20
[ 74.559396][ T4666] ? process_scheduled_works+0x976/0x1840
[ 74.561767][ T4666] ? hci_conn_timeout+0x63/0x290
[ 74.563483][ T4666] ? hci_conn_timeout+0xfa/0x290
[ 74.565295][ T4666] ? hci_conn_timeout+0xfb/0x290
[ 74.567118][ T4666] process_scheduled_works+0xa66/0x1840
[ 74.569169][ T4666] ? __pfx_process_scheduled_works+0x10/0x10
[ 74.571693][ T4666] ? assign_work+0x364/0x3d0
[ 74.573616][ T4666] worker_thread+0x870/0xd30
[ 74.575403][ T4666] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 74.577606][ T4666] ? __kthread_parkme+0x169/0x1d0
[ 74.579718][ T4666] ? __pfx_worker_thread+0x10/0x10
[ 74.581939][ T4666] kthread+0x2f0/0x390
[ 74.583456][ T4666] ? __pfx_worker_thread+0x10/0x10
[ 74.585127][ T4666] ? __pfx_kthread+0x10/0x10
[ 74.586766][ T4666] ret_from_fork+0x4b/0x80
[ 74.588544][ T4666] ? __pfx_kthread+0x10/0x10
[ 74.590399][ T4666] ret_from_fork_asm+0x1a/0x30
[ 74.592235][ T4666]
[ 74.593413][ T4666] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 74.596093][ T4666] CPU: 0 UID: 0 PID: 4666 Comm: kworker/u5:1 Not tainted 6.12.0-syzkaller-12113-gbcc8eda6d349 #0
[ 74.599520][ T4666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 74.603437][ T4666] Workqueue: hci0 hci_conn_timeout
[ 74.605236][ T4666] Call Trace:
[ 74.606381][ T4666]
[ 74.609528][ T4666] dump_stack_lvl+0x241/0x360
[ 74.611146][ T4666] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.613005][ T4666] ? __pfx__printk+0x10/0x10
[ 74.614569][ T4666] ? vscnprintf+0x5d/0x90
[ 74.616076][ T4666] panic+0x349/0x880
[ 74.617406][ T4666] ? __warn+0x174/0x4d0
[ 74.618856][ T4666] ? __pfx_panic+0x10/0x10
[ 74.620488][ T4666] ? ret_from_fork_asm+0x1a/0x30
[ 74.622055][ T4666] __warn+0x344/0x4d0
[ 74.623372][ T4666] ? hci_conn_timeout+0xfb/0x290
[ 74.625074][ T4666] report_bug+0x2b3/0x500
[ 74.626732][ T4666] ? hci_conn_timeout+0xfb/0x290
[ 74.628632][ T4666] handle_bug+0x60/0x90
[ 74.630253][ T4666] exc_invalid_op+0x1a/0x50
[ 74.632066][ T4666] asm_exc_invalid_op+0x1a/0x20
[ 74.633700][ T4666] RIP: 0010:hci_conn_timeout+0xfb/0x290
[ 74.635624][ T4666] Code: 4c 89 f7 e8 87 a6 09 00 eb 07 e8 a0 55 dd f6 b0 13 0f b6 f0 4c 89 f7 5b 41 5c 41 5e 41 5f 5d e9 cb ba fe ff e8 86 55 dd f6 90 <0f> 0b 90 eb 8f 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 36 ff ff ff 48
[ 74.643207][ T4666] RSP: 0018:ffffc9000dc67b90 EFLAGS: 00010293
[ 74.645310][ T4666] RAX: ffffffff8ac21c0a RBX: ffff8880405a08e8 RCX: ffff88801faea440
[ 74.648081][ T4666] RDX: 0000000000000000 RSI: 00000000ffffffc0 RDI: 0000000000000000
[ 74.651011][ T4666] RBP: 00000000ffffffc0 R08: ffffffff8ac21b73 R09: 1ffff110080b4002
[ 74.653772][ T4666] R10: dffffc0000000000 R11: ffffed10080b4003 R12: dffffc0000000000
[ 74.656761][ T4666] R13: ffffffff8168ef86 R14: ffff8880405a0000 R15: 0000000001400000
[ 74.659245][ T4666] ? process_scheduled_works+0x976/0x1840
[ 74.661216][ T4666] ? hci_conn_timeout+0x63/0x290
[ 74.663165][ T4666] ? hci_conn_timeout+0xfa/0x290
[ 74.665013][ T4666] process_scheduled_works+0xa66/0x1840
[ 74.667041][ T4666] ? __pfx_process_scheduled_works+0x10/0x10
[ 74.669381][ T4666] ? assign_work+0x364/0x3d0
[ 74.671234][ T4666] worker_thread+0x870/0xd30
[ 74.673087][ T4666] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 74.675396][ T4666] ? __kthread_parkme+0x169/0x1d0
[ 74.677337][ T4666] ? __pfx_worker_thread+0x10/0x10
[ 74.679321][ T4666] kthread+0x2f0/0x390
[ 74.680948][ T4666] ? __pfx_worker_thread+0x10/0x10
[ 74.682865][ T4666] ? __pfx_kthread+0x10/0x10
[ 74.684657][ T4666] ret_from_fork+0x4b/0x80
[ 74.686407][ T4666] ? __pfx_kthread+0x10/0x10
[ 74.688255][ T4666] ret_from_fork_asm+0x1a/0x30
[ 74.690141][ T4666]
[ 74.691628][ T4666] Kernel Offset: disabled
[ 74.693451][ T4666] Rebooting in 86400 seconds..