program: r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x3, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) (async, rerun: 32) syz_mount_image$fuse(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0408"], 0x7) (async, rerun: 32) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) (rerun: 32) sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x14}}, 0x0) (async) getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ACTIVE_SLAVE={0x8, 0x2, r2}]}}}]}, 0x3c}}, 0x0) [ 84.975179][ T5342] Bluetooth: hci0: command tx timeout [ 85.020409][ T4707] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.038013][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.042104][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.046457][ T4707] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.050708][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.056082][ T4707] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.060077][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.064710][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.069298][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.079198][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.083703][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.087792][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.091977][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.096114][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.100082][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.104268][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.108022][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.112339][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.116674][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.121307][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.125742][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.129616][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.135610][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.139208][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.142921][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.146731][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.152063][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.157602][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.161471][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.165419][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.169115][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.173756][ T5342] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 85.180755][ T5342] ------------[ cut here ]------------ [ 85.183151][ T5342] WARNING: CPU: 0 PID: 5342 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290 [ 85.187284][ T5342] Modules linked in: [ 85.189010][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: kworker/u5:2 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(full) [ 85.193834][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.198867][ T5342] Workqueue: hci0 hci_conn_timeout [ 85.201229][ T5342] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 85.203596][ T5342] Code: 48 89 df e8 23 05 09 00 eb 07 e8 ac dc 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 ca fe ff e8 92 dc 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 85.212231][ T5342] RSP: 0018:ffffc9000d2c7a50 EFLAGS: 00010293 [ 85.214835][ T5342] RAX: ffffffff8a78dece RBX: ffff888041d58000 RCX: ffff888000baa440 [ 85.218071][ T5342] RDX: 0000000000000000 RSI: 00000000ffffffe0 RDI: 0000000000000000 [ 85.221578][ T5342] RBP: 00000000ffffffe0 R08: ffff888041d58013 R09: 1ffff110083ab002 [ 85.225530][ T5342] R10: dffffc0000000000 R11: ffffed10083ab003 R12: dffffc0000000000 [ 85.229341][ T5342] R13: ffff88801a3a0018 R14: ffff888041d58948 R15: ffff888041d58010 [ 85.232747][ T5342] FS: 0000000000000000(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000 [ 85.236589][ T5342] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.239407][ T5342] CR2: 00007faead2b7fc8 CR3: 000000004391d000 CR4: 0000000000352ef0 [ 85.242775][ T5342] Call Trace: [ 85.244393][ T5342] [ 85.245600][ T5342] ? process_scheduled_works+0x9ef/0x17b0 [ 85.248117][ T5342] process_scheduled_works+0xade/0x17b0 [ 85.250696][ T5342] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.253576][ T5342] worker_thread+0x8a0/0xda0 [ 85.255830][ T5342] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.258660][ T5342] ? __kthread_parkme+0x7b/0x200 [ 85.260898][ T5342] kthread+0x70e/0x8a0 [ 85.262698][ T5342] ? __pfx_worker_thread+0x10/0x10 [ 85.265039][ T5342] ? __pfx_kthread+0x10/0x10 [ 85.267240][ T5342] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.269672][ T5342] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.272245][ T5342] ? __pfx_kthread+0x10/0x10 [ 85.274457][ T5342] ret_from_fork+0x3fc/0x770 [ 85.276568][ T5342] ? __pfx_ret_from_fork+0x10/0x10 [ 85.278870][ T5342] ? __pfx_kthread+0x10/0x10 [ 85.280884][ T5342] ret_from_fork_asm+0x1a/0x30 [ 85.282890][ T5342] [ 85.284361][ T5342] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.287400][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: kworker/u5:2 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(full) [ 85.292616][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.298770][ T5342] Workqueue: hci0 hci_conn_timeout [ 85.301575][ T5342] Call Trace: [ 85.303427][ T5342] [ 85.305046][ T5342] dump_stack_lvl+0x99/0x250 [ 85.307531][ T5342] ? __asan_memcpy+0x40/0x70 [ 85.310035][ T5342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.312733][ T5342] ? __pfx__printk+0x10/0x10 [ 85.314806][ T5342] vpanic+0x281/0x750 [ 85.316481][ T5342] ? __pfx__printk+0x10/0x10 [ 85.318485][ T5342] ? __pfx_vpanic+0x10/0x10 [ 85.320528][ T5342] ? is_bpf_text_address+0x292/0x2b0 [ 85.322703][ T5342] panic+0xb9/0xc0 [ 85.324278][ T5342] ? __pfx_panic+0x10/0x10 [ 85.326371][ T5342] __warn+0x31b/0x4b0 [ 85.328384][ T5342] ? hci_conn_timeout+0xff/0x290 [ 85.330755][ T5342] ? hci_conn_timeout+0xff/0x290 [ 85.332910][ T5342] report_bug+0x2be/0x4f0 [ 85.334843][ T5342] ? hci_conn_timeout+0xff/0x290 [ 85.337183][ T5342] ? hci_conn_timeout+0xff/0x290 [ 85.339361][ T5342] ? hci_conn_timeout+0x101/0x290 [ 85.341626][ T5342] handle_bug+0x84/0x160 [ 85.343606][ T5342] exc_invalid_op+0x1a/0x50 [ 85.345952][ T5342] asm_exc_invalid_op+0x1a/0x20 [ 85.348455][ T5342] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 85.350979][ T5342] Code: 48 89 df e8 23 05 09 00 eb 07 e8 ac dc 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 ca fe ff e8 92 dc 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 85.358945][ T5342] RSP: 0018:ffffc9000d2c7a50 EFLAGS: 00010293 [ 85.361554][ T5342] RAX: ffffffff8a78dece RBX: ffff888041d58000 RCX: ffff888000baa440 [ 85.364895][ T5342] RDX: 0000000000000000 RSI: 00000000ffffffe0 RDI: 0000000000000000 [ 85.368377][ T5342] RBP: 00000000ffffffe0 R08: ffff888041d58013 R09: 1ffff110083ab002 [ 85.372165][ T5342] R10: dffffc0000000000 R11: ffffed10083ab003 R12: dffffc0000000000 [ 85.375715][ T5342] R13: ffff88801a3a0018 R14: ffff888041d58948 R15: ffff888041d58010 [ 85.379277][ T5342] ? hci_conn_timeout+0xfe/0x290 [ 85.381677][ T5342] ? process_scheduled_works+0x9ef/0x17b0 [ 85.384181][ T5342] process_scheduled_works+0xade/0x17b0 [ 85.386585][ T5342] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.389538][ T5342] worker_thread+0x8a0/0xda0 [ 85.391444][ T5342] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.394223][ T5342] ? __kthread_parkme+0x7b/0x200 [ 85.396281][ T5342] kthread+0x70e/0x8a0 [ 85.398260][ T5342] ? __pfx_worker_thread+0x10/0x10 [ 85.400926][ T5342] ? __pfx_kthread+0x10/0x10 [ 85.403434][ T5342] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.405761][ T5342] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.407795][ T5342] ? __pfx_kthread+0x10/0x10 [ 85.409779][ T5342] ret_from_fork+0x3fc/0x770 [ 85.411854][ T5342] ? __pfx_ret_from_fork+0x10/0x10 [ 85.414163][ T5342] ? __pfx_kthread+0x10/0x10 [ 85.416243][ T5342] ret_from_fork_asm+0x1a/0x30 [ 85.418683][ T5342] [ 85.420705][ T5342] Kernel Offset: disabled [ 85.422942][ T5342] Rebooting in 86400 seconds..