program: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000100)) (async, rerun: 32) r1 = socket$netlink(0x10, 0x3, 0x0) (rerun: 32) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f04000000480100100000000004002b000a00010014a4ee1ee438d2fd000000000000007208", 0x39}], 0x1) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) r3 = semget(0x0, 0x3, 0x208) semctl$GETZCNT(r3, 0x4, 0xf, 0x0) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="310001e42b3b29"], 0x1c}}, 0x0) (async) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r4, 0x400448cb, 0x0) (async) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7) (async, rerun: 64) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (rerun: 64) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) (async) bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8396, &(0x7f0000000440)=0x0) io_submit(r7, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)="0200ffff0000", 0x6}]) (async) r8 = fanotify_init(0x8, 0x0) (async, rerun: 64) r9 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) (rerun: 64) fanotify_mark(r8, 0x1, 0x40001019, r9, 0x0) (async) r10 = open(&(0x7f00000003c0)='./file1\x00', 0x14127e, 0x2) fallocate(r10, 0x1, 0x7fff, 0x8) syz_emit_ethernet(0x66, &(0x7f0000000540)={@local, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @local}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}}}}}}, 0x0) (async) r11 = syz_open_procfs$namespace(0x0, &(0x7f0000001500)='ns/mnt\x00') ioctl$NS_GET_OWNER_UID(r11, 0xb704, 0x0) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x28, 0x24, &(0x7f00000000c0)="5355ca12902cdaeed22b59f5185d4a148637762a69eea339f0498ca709ac9ac3b0b1c968b013c77b", &(0x7f0000000140)=""/36, 0x9, 0x0, 0x45, 0xb2, &(0x7f0000000180)="c3cada13b42bfb24b97fa38ad888e38bbe4088e48d964bdfa5c67f5a782b8c67d41236f941a1e57c92c27dbf6744e03a30a0c84c8ffeac654f94096cd05168db6bfc6c88a6", &(0x7f0000000380)="1c2d185ded20c7de75f9cc2e4e8d3a1e7ee1b1bf455254c32be5e4aa4c0a61f962a7ba4286107908a9a7eb9ec446017d5ca05f0da8836aba7bf71c05769fa39c05525eb7fb105e4056206673171f111fa9118fbe1d925c95ee943657da8fd8001da1f31807eeffa34a8aa5b6669e1fd12bbccd80b99849ef842ace7fee485cc636f9ce343bfdd5606a16a5f72dcc22e8dd80cc16191f8831e627fd42fd743913eaa0a3f1b28aa63b19748d688269bbd78b55", 0x7, 0x0, 0x71f72312}, 0x50) (async) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0) [ 134.885303][ T4674] Bluetooth: hci0: command tx timeout [ 134.949689][ T5341] netlink: 9 bytes leftover after parsing attributes in process `syz.0.0'. [ 134.963469][ T5341] gretap0: entered promiscuous mode [ 134.992149][ T5343] ------------[ cut here ]------------ [ 134.994463][ T5343] workqueue: cannot queue hci_rx_work on wq hci0 [ 134.997216][ T5343] WARNING: CPU: 0 PID: 5343 at kernel/workqueue.c:2258 __queue_work+0xdff/0x10a0 [ 135.000766][ T5343] Modules linked in: [ 135.002377][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 135.006282][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.010468][ T5343] RIP: 0010:__queue_work+0xdff/0x10a0 [ 135.012703][ T5343] Code: e8 03 80 3c 28 00 74 08 4c 89 ff e8 eb 65 a3 00 49 8b 37 49 81 c5 78 01 00 00 48 c7 c7 a0 cf 49 8c 4c 89 ea e8 02 5f f8 ff 90 <0f> 0b 90 90 e9 5d f4 ff ff e8 a3 3c 39 00 90 0f 0b 90 e9 a7 fc ff [ 135.020226][ T5343] RSP: 0018:ffffc9000d317a68 EFLAGS: 00010046 [ 135.022639][ T5343] RAX: 6074eabec9606d00 RBX: ffff888000d60000 RCX: ffff888000d60000 [ 135.025784][ T5343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 135.028902][ T5343] RBP: dffffc0000000000 R08: ffffffff81827a12 R09: 1ffff11003f847d2 [ 135.031866][ T5343] R10: dffffc0000000000 R11: ffffed1003f847d3 R12: 1ffff110084bde38 [ 135.034929][ T5343] R13: ffff8880425ef178 R14: 0000000000000008 R15: ffff888045fe4a98 [ 135.037668][ T5343] FS: 00007efec979a6c0(0000) GS:ffff88808c596000(0000) knlGS:0000000000000000 [ 135.041247][ T5343] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.043785][ T5343] CR2: 00007efec9779d58 CR3: 0000000044182000 CR4: 0000000000352ef0 [ 135.046698][ T5343] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 135.049685][ T5343] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 135.052843][ T5343] Call Trace: [ 135.054260][ T5343] [ 135.055441][ T5343] queue_work_on+0x1c4/0x380 [ 135.057264][ T5343] ? __pfx_queue_work_on+0x10/0x10 [ 135.059262][ T5343] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 135.061578][ T5343] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 135.064839][ T5343] ? skb_queue_tail+0x36/0x120 [ 135.066713][ T5343] hci_recv_frame+0x598/0x6f0 [ 135.068636][ T5343] vhci_write+0x353/0x4a0 [ 135.070338][ T5343] vfs_write+0x70f/0xd10 [ 135.072038][ T5343] ? __pfx_vhci_write+0x10/0x10 [ 135.073841][ T5343] ? __pfx_vfs_write+0x10/0x10 [ 135.075598][ T5343] ? __fget_files+0x2a/0x420 [ 135.077247][ T5343] ? __fget_files+0x2a/0x420 [ 135.078945][ T5343] ksys_write+0x19d/0x2d0 [ 135.080743][ T5343] ? __pfx_ksys_write+0x10/0x10 [ 135.082672][ T5343] ? do_syscall_64+0xb6/0x230 [ 135.084627][ T5343] do_syscall_64+0xf3/0x230 [ 135.086474][ T5343] ? clear_bhb_loop+0x45/0xa0 [ 135.088364][ T5343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.090756][ T5343] RIP: 0033:0x7efec898bc1f [ 135.092745][ T5343] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 135.099733][ T5343] RSP: 002b:00007efec979a000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 135.102758][ T5343] RAX: ffffffffffffffda RBX: 00007efec8ba6160 RCX: 00007efec898bc1f [ 135.105720][ T5343] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 00000000000000ca [ 135.108633][ T5343] RBP: 00007efec8a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 135.111416][ T5343] R10: 0000200000000040 R11: 0000000000000293 R12: 0000000000000000 [ 135.114403][ T5343] R13: 0000000000000000 R14: 00007efec8ba6160 R15: 00007ffd50a18678 [ 135.117386][ T5343] [ 135.118609][ T5343] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 135.121308][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 135.125044][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.128822][ T5343] Call Trace: [ 135.130103][ T5343] [ 135.131264][ T5343] dump_stack_lvl+0x241/0x360 [ 135.133137][ T5343] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.135215][ T5343] ? __pfx__printk+0x10/0x10 [ 135.137012][ T5343] ? vscnprintf+0x5d/0x90 [ 135.138702][ T5343] panic+0x349/0x880 [ 135.140209][ T5343] ? __warn+0x174/0x4d0 [ 135.141837][ T5343] ? __pfx_panic+0x10/0x10 [ 135.143632][ T5343] __warn+0x344/0x4d0 [ 135.145215][ T5343] ? __queue_work+0xdff/0x10a0 [ 135.147021][ T5343] report_bug+0x2b3/0x500 [ 135.148615][ T5343] ? __queue_work+0xdff/0x10a0 [ 135.150336][ T5343] ? __queue_work+0xdff/0x10a0 [ 135.152122][ T5343] ? __queue_work+0xe01/0x10a0 [ 135.154017][ T5343] handle_bug+0x89/0x170 [ 135.155701][ T5343] exc_invalid_op+0x1a/0x50 [ 135.157510][ T5343] asm_exc_invalid_op+0x1a/0x20 [ 135.159445][ T5343] RIP: 0010:__queue_work+0xdff/0x10a0 [ 135.161367][ T5343] Code: e8 03 80 3c 28 00 74 08 4c 89 ff e8 eb 65 a3 00 49 8b 37 49 81 c5 78 01 00 00 48 c7 c7 a0 cf 49 8c 4c 89 ea e8 02 5f f8 ff 90 <0f> 0b 90 90 e9 5d f4 ff ff e8 a3 3c 39 00 90 0f 0b 90 e9 a7 fc ff [ 135.168337][ T5343] RSP: 0018:ffffc9000d317a68 EFLAGS: 00010046 [ 135.170668][ T5343] RAX: 6074eabec9606d00 RBX: ffff888000d60000 RCX: ffff888000d60000 [ 135.173588][ T5343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 135.176512][ T5343] RBP: dffffc0000000000 R08: ffffffff81827a12 R09: 1ffff11003f847d2 [ 135.179421][ T5343] R10: dffffc0000000000 R11: ffffed1003f847d3 R12: 1ffff110084bde38 [ 135.182481][ T5343] R13: ffff8880425ef178 R14: 0000000000000008 R15: ffff888045fe4a98 [ 135.185412][ T5343] ? __warn_printk+0x2a2/0x360 [ 135.187263][ T5343] ? __queue_work+0xdfe/0x10a0 [ 135.189085][ T5343] queue_work_on+0x1c4/0x380 [ 135.190936][ T5343] ? __pfx_queue_work_on+0x10/0x10 [ 135.192785][ T5343] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 135.194896][ T5343] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 135.197059][ T5343] ? skb_queue_tail+0x36/0x120 [ 135.198986][ T5343] hci_recv_frame+0x598/0x6f0 [ 135.200781][ T5343] vhci_write+0x353/0x4a0 [ 135.202360][ T5343] vfs_write+0x70f/0xd10 [ 135.204001][ T5343] ? __pfx_vhci_write+0x10/0x10 [ 135.205895][ T5343] ? __pfx_vfs_write+0x10/0x10 [ 135.207694][ T5343] ? __fget_files+0x2a/0x420 [ 135.209378][ T5343] ? __fget_files+0x2a/0x420 [ 135.211172][ T5343] ksys_write+0x19d/0x2d0 [ 135.212822][ T5343] ? __pfx_ksys_write+0x10/0x10 [ 135.214702][ T5343] ? do_syscall_64+0xb6/0x230 [ 135.216505][ T5343] do_syscall_64+0xf3/0x230 [ 135.218257][ T5343] ? clear_bhb_loop+0x45/0xa0 [ 135.219918][ T5343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.221975][ T5343] RIP: 0033:0x7efec898bc1f [ 135.223604][ T5343] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 135.231568][ T5343] RSP: 002b:00007efec979a000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 135.235286][ T5343] RAX: ffffffffffffffda RBX: 00007efec8ba6160 RCX: 00007efec898bc1f [ 135.239178][ T5343] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 00000000000000ca [ 135.242407][ T5343] RBP: 00007efec8a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 135.245251][ T5343] R10: 0000200000000040 R11: 0000000000000293 R12: 0000000000000000 [ 135.248099][ T5343] R13: 0000000000000000 R14: 00007efec8ba6160 R15: 00007ffd50a18678 [ 135.251243][ T5343] [ 135.252674][ T5343] Kernel Offset: disabled [ 135.254295][ T5343] Rebooting in 86400 seconds..