program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r1, &(0x7f0000000340)="07000000010000", 0x7)
[ 68.203192][ C0] ------------[ cut here ]------------
[ 68.205767][ C0] workqueue: cannot queue hci_cmd_timeout on wq hci0
[ 68.210107][ C0] WARNING: CPU: 0 PID: 5355 at kernel/workqueue.c:2256 __queue_work+0xd38/0xfb0
[ 68.214928][ C0] Modules linked in:
[ 68.217064][ C0] CPU: 0 UID: 0 PID: 5355 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 68.222076][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 68.230881][ C0] RIP: 0010:__queue_work+0xd38/0xfb0
[ 68.234170][ C0] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 33 9d 9a 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 e0 de 89 8b 4c 89 fa e8 99 39 f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 2a ad 35 00 90 0f 0b 90 e9 dd fc ff
[ 68.242996][ C0] RSP: 0018:ffffc90000007b10 EFLAGS: 00010046
[ 68.245765][ C0] RAX: ebe0b7fc9a1b0500 RBX: 0000000000000100 RCX: ffff8880367d2440
[ 68.250173][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[ 68.254506][ C0] RBP: 1ffff11007f89538 R08: ffff88801fc24253 R09: 1ffff11003f8484a
[ 68.257942][ C0] R10: dffffc0000000000 R11: ffffed1003f8484b R12: dffffc0000000000
[ 68.262018][ C0] R13: ffff888033470988 R14: 0000000000000008 R15: ffff88803fc4a978
[ 68.265353][ C0] FS: 00007fc9d62726c0(0000) GS:ffff88808d20d000(0000) knlGS:0000000000000000
[ 68.269240][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 68.272301][ C0] CR2: 00007fc9d55bf5a8 CR3: 0000000042e9a000 CR4: 0000000000352ef0
[ 68.276166][ C0] Call Trace:
[ 68.277857][ C0]
[ 68.279382][ C0] call_timer_fn+0x17e/0x5f0
[ 68.281547][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 68.284142][ C0] ? call_timer_fn+0xbe/0x5f0
[ 68.286350][ C0] ? __pfx_call_timer_fn+0x10/0x10
[ 68.288547][ C0] ? do_raw_spin_unlock+0x4d/0x240
[ 68.291095][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 68.294327][ C0] __run_timer_base+0x646/0x860
[ 68.297379][ C0] ? ktime_get+0x3e/0x1f0
[ 68.299651][ C0] ? __pfx___run_timer_base+0x10/0x10
[ 68.302155][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0
[ 68.305391][ C0] run_timer_softirq+0xb7/0x180
[ 68.307722][ C0] handle_softirqs+0x283/0x870
[ 68.310275][ C0] ? __irq_exit_rcu+0xca/0x1f0
[ 68.312883][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 68.315519][ C0] __irq_exit_rcu+0xca/0x1f0
[ 68.317422][ C0] ? __pfx___irq_exit_rcu+0x10/0x10
[ 68.321244][ C0] irq_exit_rcu+0x9/0x30
[ 68.323494][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 68.326648][ C0]
[ 68.328420][ C0]
[ 68.330307][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 68.333464][ C0] RIP: 0010:kasan_check_range+0x9f/0x2c0
[ 68.335933][ C0] Code: 00 fc ff df 4d 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb 41 80 3b 00 <0f> 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00 00 44 89 dd
[ 68.345036][ C0] RSP: 0018:ffffc9000d50f908 EFLAGS: 00000246
[ 68.348442][ C0] RAX: 1ffff92001aa1f01 RBX: fffffffffffffffd RCX: ffffffff8b7d3468
[ 68.352601][ C0] RDX: 0000000000000001 RSI: 0000000000000028 RDI: ffffc9000d50fa60
[ 68.356191][ C0] RBP: 0000000000000000 R08: ffffc9000d50fa87 R09: 1ffff92001aa1f50
[ 68.360102][ C0] R10: dffffc0000000000 R11: fffff52001aa1f4e R12: 0000000000000005
[ 68.364684][ C0] R13: dffffc0000000000 R14: fffff52001aa1f51 R15: 1ffff92001aa1f4c
[ 68.369465][ C0] ? __mutex_lock+0xf8/0x1350
[ 68.371957][ C0] __asan_memset+0x22/0x50
[ 68.373949][ C0] __mutex_lock+0xf8/0x1350
[ 68.375870][ C0] ? drain_workqueue+0xb1/0x390
[ 68.378347][ C0] ? drain_workqueue+0xdd/0x390
[ 68.382069][ C0] ? __pfx___flush_workqueue+0x10/0x10
[ 68.385045][ C0] ? __pfx___mutex_lock+0x10/0x10
[ 68.387599][ C0] drain_workqueue+0xdd/0x390
[ 68.389654][ C0] hci_dev_close_sync+0x659/0x1330
[ 68.392320][ C0] ? __pfx_hci_dev_close_sync+0x10/0x10
[ 68.395034][ C0] ? do_raw_read_unlock+0x3d/0x80
[ 68.397624][ C0] hci_dev_close+0x108/0x200
[ 68.400342][ C0] sock_do_ioctl+0xdc/0x300
[ 68.402568][ C0] ? __pfx_sock_do_ioctl+0x10/0x10
[ 68.404995][ C0] ? __lock_acquire+0xab9/0xd20
[ 68.407466][ C0] sock_ioctl+0x576/0x790
[ 68.409648][ C0] ? __pfx_sock_ioctl+0x10/0x10
[ 68.412365][ C0] ? __fget_files+0x2a/0x420
[ 68.415002][ C0] ? __fget_files+0x3a0/0x420
[ 68.417733][ C0] ? __fget_files+0x2a/0x420
[ 68.419976][ C0] ? bpf_lsm_file_ioctl+0x9/0x20
[ 68.422427][ C0] ? __pfx_sock_ioctl+0x10/0x10
[ 68.424839][ C0] __se_sys_ioctl+0xf9/0x170
[ 68.427131][ C0] do_syscall_64+0xfa/0x3b0
[ 68.429228][ C0] ? lockdep_hardirqs_on+0x9c/0x150
[ 68.431748][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.434678][ C0] ? clear_bhb_loop+0x60/0xb0
[ 68.436663][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.439348][ C0] RIP: 0033:0x7fc9d538ebe9
[ 68.441332][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 68.450455][ C0] RSP: 002b:00007fc9d6272038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 68.454203][ C0] RAX: ffffffffffffffda RBX: 00007fc9d55c5fa0 RCX: 00007fc9d538ebe9
[ 68.457542][ C0] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[ 68.461150][ C0] RBP: 00007fc9d5411e19 R08: 0000000000000000 R09: 0000000000000000
[ 68.465748][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 68.469503][ C0] R13: 00007fc9d55c6038 R14: 00007fc9d55c5fa0 R15: 00007ffc6bc4a9e8
[ 68.473238][ C0]
[ 68.474698][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 68.478417][ C0] CPU: 0 UID: 0 PID: 5355 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 68.483519][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 68.488325][ C0] Call Trace:
[ 68.489875][ C0]
[ 68.491258][ C0] dump_stack_lvl+0x99/0x250
[ 68.493586][ C0] ? __asan_memcpy+0x40/0x70
[ 68.496195][ C0] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.499197][ C0] ? __pfx__printk+0x10/0x10
[ 68.501569][ C0] vpanic+0x281/0x750
[ 68.503619][ C0] ? __pfx__printk+0x10/0x10
[ 68.505774][ C0] ? __pfx_vpanic+0x10/0x10
[ 68.508001][ C0] ? is_bpf_text_address+0x292/0x2b0
[ 68.510504][ C0] panic+0xb9/0xc0
[ 68.512701][ C0] ? __pfx_panic+0x10/0x10
[ 68.514725][ C0] __warn+0x31b/0x4b0
[ 68.517018][ C0] ? __queue_work+0xd38/0xfb0
[ 68.519765][ C0] ? __queue_work+0xd38/0xfb0
[ 68.522137][ C0] report_bug+0x2be/0x4f0
[ 68.523997][ C0] ? __queue_work+0xd38/0xfb0
[ 68.526027][ C0] ? __queue_work+0xd38/0xfb0
[ 68.528137][ C0] ? __queue_work+0xd3a/0xfb0
[ 68.530232][ C0] handle_bug+0x84/0x160
[ 68.532280][ C0] exc_invalid_op+0x1a/0x50
[ 68.534594][ C0] asm_exc_invalid_op+0x1a/0x20
[ 68.537453][ C0] RIP: 0010:__queue_work+0xd38/0xfb0
[ 68.540048][ C0] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 33 9d 9a 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 e0 de 89 8b 4c 89 fa e8 99 39 f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 2a ad 35 00 90 0f 0b 90 e9 dd fc ff
[ 68.549039][ C0] RSP: 0018:ffffc90000007b10 EFLAGS: 00010046
[ 68.552445][ C0] RAX: ebe0b7fc9a1b0500 RBX: 0000000000000100 RCX: ffff8880367d2440
[ 68.556400][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[ 68.560065][ C0] RBP: 1ffff11007f89538 R08: ffff88801fc24253 R09: 1ffff11003f8484a
[ 68.563801][ C0] R10: dffffc0000000000 R11: ffffed1003f8484b R12: dffffc0000000000
[ 68.567330][ C0] R13: ffff888033470988 R14: 0000000000000008 R15: ffff88803fc4a978
[ 68.571025][ C0] call_timer_fn+0x17e/0x5f0
[ 68.573166][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 68.575687][ C0] ? call_timer_fn+0xbe/0x5f0
[ 68.578495][ C0] ? __pfx_call_timer_fn+0x10/0x10
[ 68.581774][ C0] ? do_raw_spin_unlock+0x4d/0x240
[ 68.584228][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 68.586886][ C0] __run_timer_base+0x646/0x860
[ 68.588897][ C0] ? ktime_get+0x3e/0x1f0
[ 68.590886][ C0] ? __pfx___run_timer_base+0x10/0x10
[ 68.593315][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0
[ 68.596138][ C0] run_timer_softirq+0xb7/0x180
[ 68.598338][ C0] handle_softirqs+0x283/0x870
[ 68.600555][ C0] ? __irq_exit_rcu+0xca/0x1f0
[ 68.602821][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 68.605360][ C0] __irq_exit_rcu+0xca/0x1f0
[ 68.607352][ C0] ? __pfx___irq_exit_rcu+0x10/0x10
[ 68.609673][ C0] irq_exit_rcu+0x9/0x30
[ 68.611546][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 68.613997][ C0]
[ 68.615554][ C0]
[ 68.616972][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 68.619706][ C0] RIP: 0010:kasan_check_range+0x9f/0x2c0
[ 68.622392][ C0] Code: 00 fc ff df 4d 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb 41 80 3b 00 <0f> 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00 00 44 89 dd
[ 68.631030][ C0] RSP: 0018:ffffc9000d50f908 EFLAGS: 00000246
[ 68.634019][ C0] RAX: 1ffff92001aa1f01 RBX: fffffffffffffffd RCX: ffffffff8b7d3468
[ 68.638367][ C0] RDX: 0000000000000001 RSI: 0000000000000028 RDI: ffffc9000d50fa60
[ 68.641983][ C0] RBP: 0000000000000000 R08: ffffc9000d50fa87 R09: 1ffff92001aa1f50
[ 68.645537][ C0] R10: dffffc0000000000 R11: fffff52001aa1f4e R12: 0000000000000005
[ 68.649314][ C0] R13: dffffc0000000000 R14: fffff52001aa1f51 R15: 1ffff92001aa1f4c
[ 68.653435][ C0] ? __mutex_lock+0xf8/0x1350
[ 68.655739][ C0] __asan_memset+0x22/0x50
[ 68.657608][ C0] __mutex_lock+0xf8/0x1350
[ 68.659708][ C0] ? drain_workqueue+0xb1/0x390
[ 68.661864][ C0] ? drain_workqueue+0xdd/0x390
[ 68.664320][ C0] ? __pfx___flush_workqueue+0x10/0x10
[ 68.667143][ C0] ? __pfx___mutex_lock+0x10/0x10
[ 68.669672][ C0] drain_workqueue+0xdd/0x390
[ 68.671979][ C0] hci_dev_close_sync+0x659/0x1330
[ 68.674180][ C0] ? __pfx_hci_dev_close_sync+0x10/0x10
[ 68.676755][ C0] ? do_raw_read_unlock+0x3d/0x80
[ 68.678925][ C0] hci_dev_close+0x108/0x200
[ 68.681075][ C0] sock_do_ioctl+0xdc/0x300
[ 68.683265][ C0] ? __pfx_sock_do_ioctl+0x10/0x10
[ 68.685956][ C0] ? __lock_acquire+0xab9/0xd20
[ 68.688801][ C0] sock_ioctl+0x576/0x790
[ 68.691333][ C0] ? __pfx_sock_ioctl+0x10/0x10
[ 68.693530][ C0] ? __fget_files+0x2a/0x420
[ 68.695647][ C0] ? __fget_files+0x3a0/0x420
[ 68.697714][ C0] ? __fget_files+0x2a/0x420
[ 68.699973][ C0] ? bpf_lsm_file_ioctl+0x9/0x20
[ 68.702190][ C0] ? __pfx_sock_ioctl+0x10/0x10
[ 68.704317][ C0] __se_sys_ioctl+0xf9/0x170
[ 68.706311][ C0] do_syscall_64+0xfa/0x3b0
[ 68.708444][ C0] ? lockdep_hardirqs_on+0x9c/0x150
[ 68.711061][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.714292][ C0] ? clear_bhb_loop+0x60/0xb0
[ 68.716385][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.718833][ C0] RIP: 0033:0x7fc9d538ebe9
[ 68.720869][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 68.729383][ C0] RSP: 002b:00007fc9d6272038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 68.733527][ C0] RAX: ffffffffffffffda RBX: 00007fc9d55c5fa0 RCX: 00007fc9d538ebe9
[ 68.736632][ C0] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[ 68.739616][ C0] RBP: 00007fc9d5411e19 R08: 0000000000000000 R09: 0000000000000000
[ 68.742758][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 68.746043][ C0] R13: 00007fc9d55c6038 R14: 00007fc9d55c5fa0 R15: 00007ffc6bc4a9e8
[ 68.750135][ C0]
[ 68.752070][ C0] Kernel Offset: disabled
[ 68.754023][ C0] Rebooting in 86400 seconds..