program: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000100), 0x8) (async, rerun: 64) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) (async, rerun: 64) r1 = accept$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) pipe2(&(0x7f0000001100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) (async, rerun: 32) pipe(&(0x7f0000000ec0)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 32) r6 = fanotify_init(0x0, 0x0) fanotify_mark(r6, 0x241, 0x8001000, r5, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101}) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0) close(r10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) (async) ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) (async) write$cgroup_devices(r9, &(0x7f0000000440)=ANY=[@ANYBLOB="1e0308003c5ca601288763"], 0xffdd) (async) ioctl$TUNSETQUEUE(r8, 0x400454d9, &(0x7f00000001c0)={'ipvlan1\x00', 0x400}) close(r7) close_range(r5, r6, 0x0) (async) writev(r4, &(0x7f00000026c0)=[{&(0x7f00000000c0)="bf", 0x1}], 0x1) vmsplice(r3, &(0x7f00000023c0)=[{&(0x7f0000000100)="92", 0x1}], 0x1, 0x0) (async) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x114, 0x30, 0xffff, 0x0, 0x0, {}, [{0x100, 0x1, [@m_police={0xfc, 0x1, 0x0, 0x0, {{0xb}, {0xfffffffffffffc44, 0x2, 0x0, 0x1, [[@TCA_POLICE_RESULT, @TCA_POLICE_RESULT={0x8}]]}, {0x89, 0x6, "91c1280b4cb290050cf3d034a0ae1c9ac5bb7cdfbebdcc5277f0fd71e75689e25b4bc94b78a20ffa74ca6b29e31aeb880e1fa5ea4db4f6a396e2bacad7379c109535bbe0a35550b1633de4b65ef823c9c36b2d76a6aabd7b5b66355123a0d856934bb0e2cb4a39abb49e4ba27d8819a485dfbdb03b15b526b4314047338392f94a732eb8a3"}, {0xc}, {0xc}}}]}]}, 0x114}}, 0x0) (async) ioctl$SIOCAX25ADDFWD(r1, 0x89ea, &(0x7f0000000040)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast}) [ 85.655760][ T5312] Bluetooth: hci0: command tx timeout [ 85.721708][ T4674] ------------[ cut here ]------------ [ 85.724269][ T4674] WARNING: CPU: 0 PID: 4674 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xff/0x290 [ 85.728714][ T4674] Modules linked in: [ 85.730787][ T4674] CPU: 0 UID: 0 PID: 4674 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 85.735322][ T4674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.740068][ T4674] Workqueue: hci0 hci_conn_timeout [ 85.742375][ T4674] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 85.744808][ T4674] Code: 48 89 df e8 53 1d 09 00 eb 07 e8 7c 01 83 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 e7 c4 fe ff e8 62 01 83 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 85.753654][ T4674] RSP: 0018:ffffc9000faffa50 EFLAGS: 00010293 [ 85.757766][ T4674] RAX: ffffffff8a3b8cde RBX: ffff88804263c000 RCX: ffff88801f214900 [ 85.761201][ T4674] RDX: 0000000000000000 RSI: 00000000ffffffbf RDI: 0000000000000000 [ 85.764448][ T4674] RBP: 00000000ffffffbf R08: ffff88804263c013 R09: 1ffff110084c7802 [ 85.768660][ T4674] R10: dffffc0000000000 R11: ffffed10084c7803 R12: dffffc0000000000 [ 85.772940][ T4674] R13: ffff88801e64aa18 R14: ffff88804263c948 R15: ffff88804263c010 [ 85.777379][ T4674] FS: 0000000000000000(0000) GS:ffff88808d98a000(0000) knlGS:0000000000000000 [ 85.781951][ T4674] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.785434][ T4674] CR2: 00005555916f97c8 CR3: 0000000042419000 CR4: 0000000000352ef0 [ 85.789191][ T4674] Call Trace: [ 85.790719][ T4674] [ 85.791896][ T4674] ? process_scheduled_works+0x9ef/0x17b0 [ 85.794347][ T4674] process_scheduled_works+0xade/0x17b0 [ 85.796945][ T4674] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.799601][ T4674] worker_thread+0x8a0/0xda0 [ 85.801663][ T4674] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.804412][ T4674] ? __kthread_parkme+0x7b/0x200 [ 85.806741][ T4674] kthread+0x70e/0x8a0 [ 85.808518][ T4674] ? __pfx_worker_thread+0x10/0x10 [ 85.810653][ T4674] ? __pfx_kthread+0x10/0x10 [ 85.812752][ T4674] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.815071][ T4674] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.817310][ T4674] ? __pfx_kthread+0x10/0x10 [ 85.819199][ T4674] ret_from_fork+0x436/0x7d0 [ 85.821110][ T4674] ? __pfx_ret_from_fork+0x10/0x10 [ 85.823203][ T4674] ? __pfx_kthread+0x10/0x10 [ 85.825200][ T4674] ret_from_fork_asm+0x1a/0x30 [ 85.827515][ T4674] [ 85.828881][ T4674] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.832069][ T4674] CPU: 0 UID: 0 PID: 4674 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 85.836015][ T4674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.840623][ T4674] Workqueue: hci0 hci_conn_timeout [ 85.842807][ T4674] Call Trace: [ 85.844336][ T4674] [ 85.845629][ T4674] dump_stack_lvl+0x99/0x250 [ 85.847545][ T4674] ? __asan_memcpy+0x40/0x70 [ 85.849575][ T4674] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.851752][ T4674] ? __pfx__printk+0x10/0x10 [ 85.853768][ T4674] vpanic+0x237/0x6d0 [ 85.855539][ T4674] ? __pfx_vpanic+0x10/0x10 [ 85.857797][ T4674] panic+0xb9/0xc0 [ 85.859445][ T4674] ? __pfx_panic+0x10/0x10 [ 85.861351][ T4674] __warn+0x31b/0x4b0 [ 85.862964][ T4674] ? hci_conn_timeout+0xff/0x290 [ 85.865045][ T4674] ? hci_conn_timeout+0xff/0x290 [ 85.867090][ T4674] report_bug+0x2be/0x4f0 [ 85.868924][ T4674] ? hci_conn_timeout+0xff/0x290 [ 85.871129][ T4674] ? hci_conn_timeout+0xff/0x290 [ 85.873208][ T4674] ? hci_conn_timeout+0x101/0x290 [ 85.875441][ T4674] handle_bug+0x84/0x160 [ 85.877572][ T4674] exc_invalid_op+0x1a/0x50 [ 85.879570][ T4674] asm_exc_invalid_op+0x1a/0x20 [ 85.881615][ T4674] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 85.884030][ T4674] Code: 48 89 df e8 53 1d 09 00 eb 07 e8 7c 01 83 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 e7 c4 fe ff e8 62 01 83 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 85.892276][ T4674] RSP: 0018:ffffc9000faffa50 EFLAGS: 00010293 [ 85.895064][ T4674] RAX: ffffffff8a3b8cde RBX: ffff88804263c000 RCX: ffff88801f214900 [ 85.898634][ T4674] RDX: 0000000000000000 RSI: 00000000ffffffbf RDI: 0000000000000000 [ 85.902352][ T4674] RBP: 00000000ffffffbf R08: ffff88804263c013 R09: 1ffff110084c7802 [ 85.905758][ T4674] R10: dffffc0000000000 R11: ffffed10084c7803 R12: dffffc0000000000 [ 85.909212][ T4674] R13: ffff88801e64aa18 R14: ffff88804263c948 R15: ffff88804263c010 [ 85.912525][ T4674] ? hci_conn_timeout+0xfe/0x290 [ 85.914501][ T4674] ? process_scheduled_works+0x9ef/0x17b0 [ 85.916972][ T4674] process_scheduled_works+0xade/0x17b0 [ 85.919422][ T4674] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.922087][ T4674] worker_thread+0x8a0/0xda0 [ 85.924091][ T4674] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.926749][ T4674] ? __kthread_parkme+0x7b/0x200 [ 85.928864][ T4674] kthread+0x70e/0x8a0 [ 85.930697][ T4674] ? __pfx_worker_thread+0x10/0x10 [ 85.932980][ T4674] ? __pfx_kthread+0x10/0x10 [ 85.935079][ T4674] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.937420][ T4674] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.939708][ T4674] ? __pfx_kthread+0x10/0x10 [ 85.941761][ T4674] ret_from_fork+0x436/0x7d0 [ 85.943823][ T4674] ? __pfx_ret_from_fork+0x10/0x10 [ 85.946138][ T4674] ? __pfx_kthread+0x10/0x10 [ 85.948209][ T4674] ret_from_fork_asm+0x1a/0x30 [ 85.950326][ T4674] [ 85.952111][ T4674] Kernel Offset: disabled [ 85.954097][ T4674] Rebooting in 86400 seconds..