program: syz_mount_image$hfsplus(&(0x7f0000007340), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[], 0xfc, 0x63f, &(0x7f000001ff80)="$eJzs3TtsW9cZAOD/UhQlqoWjJHLiFgEqxEBaVKitB5RWXeo+UGgIiiAdOhM2HRGmlUBiCiUoCvWFDl06BJ3TQVunAt4FuHO7FF41GmjhxUOhjcV9UKLe1Muk4u8zLs85POee+9+f5L2XNIQbwEtrcSrKm5HE4tR7a2l7a2OuubUxN1J0NyMirZciynkRyXJE8jjvvpM+fC19shifHLWdzxsLHzx5vvU0b5U7KyeVtDZ69HonyVdcL5aYjIihojxouNdZ98x398j5DvPfPx0eZB5ous83O4mDfmsfsH6a1c/8uQUGR5KfNw8YjxjLztD5dUAUR4fSi43u4p3qKAcAAABX1Cvbsb3ebrf7HQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcJcX9/5NiKXXqk5F07v9f6Rpe6WOoF2Kz3wEAAAAAAAAAwJm0h7pb39iO7ViLa512Kf8//7ezxkT2+JX4JFajHitxK9aiFq1oxUrMRMR410SVtVqrtTLTw5qzh645e6k7DQAAAAAAAABfdr+Nxd3//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEGQRAzlRbZMdOrjUSpHxGhEVNJx6xH/6tSvss1+BwAAAAAvwCvbsR1rca3TbifZd/43su/9o/FJLEcrGtGKZtTjXvZbQP6tv7S1Mdfc2ph7mC4H5/3L/9qZHsPIZoz8t4fDt3wjG1GN+9HInrkVd+OjaFa7Z7nRiefwuH7zLJ37B4UeI7tXlOme/7koB8N4lpHhnYxMF7GleXz1+Ez88Nm5tjQTpZ1ffiYuIedjRZnsK/tvfyZmo5TlO/XG8ZmI+Oajv/1iqbn8YOn+6tTg7NIZ5Zlot/NMjGStTibefKkyMZ3t+/Wd9mL8NH4eUzEZ78dKNOKXUYtW1GMyfhKVaEWteD+nj+P7MlXaO/WdPa33T4qkUrwu+VG015hqWUxvZ+tei0b8LD6Ke1GPd7N/szET3435mI+Frlf4eg+f+tLpPvU3v1VU0kP6H4tyMKR5fbUrr93H3PGsr/uZ3Sy9dvHHxvLXi0q6jd9FxI8vcD/PZ38m0rPEo6/mfa8fn4m/ZtcJq83lBytLtY973N47RZl+jv4wUGeJ9P3yWvpiZa2974607/VD+2ayvomib7iYq7vv+s56J31SK8U1XD567xkr7Xvz0L65rO9GV9+B662d6yEABtjYt8cq1f9U/1n9ovr76lL1vdEfjXxv5K1KDP9j+Pvl6aF3Sm8lf48v4te73/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICzW/30swe1ZrO+cmIlyW7+H9HT4K5K53ZOxw9Oihv5nGZmlWazPhoDEcapKs1/R3Q9k/Q7nkGojAzam7+/xyXg8t1uPfz49uqnn32n8bD2Yf3D+vLw/PzC9ML8u3O37zeaQ5E+1qf7HSVwGXZP+v2OBAAAAAAAAAAAAOjV8X8GMFyMOt+fE/R5FwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIArbnEqypuRxMz0rem0vbUx10yXTn13ZDkiShGR/CoieRxxJ/IlxrumS47azueNhQ+ePN96ujtXuTO+dNx6vVkvlpiMiKGivKj57u6Zb+QM0yU7e5gm7GblfMHBhfl/AAAA//887gcE") syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000080)=0x1000000, 0x0}, 0x20) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0408"], 0x7) (rerun: 64) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x702, 0xe, 0x0, &(0x7f0000000540)="e460334470b8d480eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async, rerun: 64) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (rerun: 64) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0x6000, 0x1000, &(0x7f0000090000/0x1000)=nil}) (async) creat(&(0x7f0000000240)='./file0\x00', 0x0) (async) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r5 = dup(r4) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) (async, rerun: 64) write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) (async, rerun: 64) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x1c0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r6, 0x800c6613, &(0x7f0000000ac0)=@v2={0x2, @aes128, 0x3a302850dcbabdcc, '\x00', @a}) (async) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) (async) chmod(&(0x7f0000000140)='./file0\x00', 0x0) (async) r7 = creat(&(0x7f0000000300)='./file0\x00', 0x0) write$UHID_INPUT(r7, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async, rerun: 64) ioctl$KVM_CREATE_DEVICE(r2, 0xc018aec0, &(0x7f0000000040)={0x1}) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x101100, 0x0) [ 74.507605][ T5309] Bluetooth: hci0: command tx timeout [ 74.545869][ T5330] loop0: detected capacity change from 0 to 1024 [ 74.633215][ T4677] ------------[ cut here ]------------ [ 74.635579][ T4677] WARNING: CPU: 0 PID: 4677 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xff/0x290 [ 74.640018][ T4677] Modules linked in: [ 74.641823][ T4677] CPU: 0 UID: 0 PID: 4677 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 74.645761][ T4677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.650580][ T4677] Workqueue: hci0 hci_conn_timeout [ 74.652722][ T4677] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 74.655006][ T4677] Code: 48 89 df e8 e3 1e 09 00 eb 07 e8 7c ff 86 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 87 c4 fe ff e8 62 ff 86 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 74.663452][ T4677] RSP: 0018:ffffc9000d6bfa50 EFLAGS: 00010293 [ 74.666039][ T4677] RAX: ffffffff8a37862e RBX: ffff888000de8000 RCX: ffff88801ee5c900 [ 74.669800][ T4677] RDX: 0000000000000000 RSI: 00000000ffffffc0 RDI: 0000000000000000 [ 74.673531][ T4677] RBP: 00000000ffffffc0 R08: ffff888000de8013 R09: 1ffff110001bd002 [ 74.677467][ T4677] R10: dffffc0000000000 R11: ffffed10001bd003 R12: dffffc0000000000 [ 74.681013][ T4677] R13: ffff88805b374018 R14: ffff888000de8948 R15: ffff888000de8010 [ 74.684507][ T4677] FS: 0000000000000000(0000) GS:ffff88808d967000(0000) knlGS:0000000000000000 [ 74.688819][ T4677] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.691567][ T4677] CR2: 00007f0ab23d3fc8 CR3: 00000000426f4000 CR4: 0000000000352ef0 [ 74.695017][ T4677] Call Trace: [ 74.696515][ T4677] [ 74.697980][ T4677] ? process_scheduled_works+0x9ef/0x17b0 [ 74.700448][ T4677] process_scheduled_works+0xade/0x17b0 [ 74.702956][ T4677] ? __pfx_process_scheduled_works+0x10/0x10 [ 74.705618][ T4677] worker_thread+0x8a0/0xda0 [ 74.707848][ T4677] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 74.710553][ T4677] ? __kthread_parkme+0x7b/0x200 [ 74.712737][ T4677] kthread+0x711/0x8a0 [ 74.714547][ T4677] ? __pfx_worker_thread+0x10/0x10 [ 74.716802][ T4677] ? __pfx_kthread+0x10/0x10 [ 74.718906][ T4677] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.721163][ T4677] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.723538][ T4677] ? __pfx_kthread+0x10/0x10 [ 74.725576][ T4677] ret_from_fork+0x436/0x7d0 [ 74.727689][ T4677] ? __pfx_ret_from_fork+0x10/0x10 [ 74.729904][ T4677] ? __pfx_kthread+0x10/0x10 [ 74.731929][ T4677] ret_from_fork_asm+0x1a/0x30 [ 74.734095][ T4677] [ 74.735409][ T4677] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 74.738848][ T4677] CPU: 0 UID: 0 PID: 4677 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 74.744005][ T4677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.748959][ T4677] Workqueue: hci0 hci_conn_timeout [ 74.751357][ T4677] Call Trace: [ 74.752879][ T4677] [ 74.754239][ T4677] dump_stack_lvl+0x99/0x250 [ 74.756269][ T4677] ? __asan_memcpy+0x40/0x70 [ 74.758238][ T4677] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.760788][ T4677] ? __pfx__printk+0x10/0x10 [ 74.763128][ T4677] vpanic+0x281/0x750 [ 74.764902][ T4677] ? __pfx__printk+0x10/0x10 [ 74.766948][ T4677] ? __pfx_vpanic+0x10/0x10 [ 74.769013][ T4677] ? is_bpf_text_address+0x292/0x2b0 [ 74.771353][ T4677] panic+0xb9/0xc0 [ 74.772961][ T4677] ? __pfx_panic+0x10/0x10 [ 74.774875][ T4677] __warn+0x31b/0x4b0 [ 74.776632][ T4677] ? hci_conn_timeout+0xff/0x290 [ 74.778699][ T4677] ? hci_conn_timeout+0xff/0x290 [ 74.780760][ T4677] report_bug+0x2be/0x4f0 [ 74.782633][ T4677] ? hci_conn_timeout+0xff/0x290 [ 74.784759][ T4677] ? hci_conn_timeout+0xff/0x290 [ 74.786823][ T4677] ? hci_conn_timeout+0x101/0x290 [ 74.788927][ T4677] handle_bug+0x84/0x160 [ 74.790636][ T4677] exc_invalid_op+0x1a/0x50 [ 74.792597][ T4677] asm_exc_invalid_op+0x1a/0x20 [ 74.794606][ T4677] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 74.796891][ T4677] Code: 48 89 df e8 e3 1e 09 00 eb 07 e8 7c ff 86 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 87 c4 fe ff e8 62 ff 86 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 74.804305][ T4677] RSP: 0018:ffffc9000d6bfa50 EFLAGS: 00010293 [ 74.806680][ T4677] RAX: ffffffff8a37862e RBX: ffff888000de8000 RCX: ffff88801ee5c900 [ 74.810180][ T4677] RDX: 0000000000000000 RSI: 00000000ffffffc0 RDI: 0000000000000000 [ 74.813491][ T4677] RBP: 00000000ffffffc0 R08: ffff888000de8013 R09: 1ffff110001bd002 [ 74.816838][ T4677] R10: dffffc0000000000 R11: ffffed10001bd003 R12: dffffc0000000000 [ 74.820357][ T4677] R13: ffff88805b374018 R14: ffff888000de8948 R15: ffff888000de8010 [ 74.823693][ T4677] ? hci_conn_timeout+0xfe/0x290 [ 74.825755][ T4677] ? process_scheduled_works+0x9ef/0x17b0 [ 74.828184][ T4677] process_scheduled_works+0xade/0x17b0 [ 74.830734][ T4677] ? __pfx_process_scheduled_works+0x10/0x10 [ 74.833234][ T4677] worker_thread+0x8a0/0xda0 [ 74.835128][ T4677] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 74.837637][ T4677] ? __kthread_parkme+0x7b/0x200 [ 74.839642][ T4677] kthread+0x711/0x8a0 [ 74.841438][ T4677] ? __pfx_worker_thread+0x10/0x10 [ 74.843759][ T4677] ? __pfx_kthread+0x10/0x10 [ 74.845744][ T4677] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.847976][ T4677] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.850346][ T4677] ? __pfx_kthread+0x10/0x10 [ 74.852452][ T4677] ret_from_fork+0x436/0x7d0 [ 74.854507][ T4677] ? __pfx_ret_from_fork+0x10/0x10 [ 74.856906][ T4677] ? __pfx_kthread+0x10/0x10 [ 74.858964][ T4677] ret_from_fork_asm+0x1a/0x30 [ 74.861026][ T4677] [ 74.862722][ T4677] Kernel Offset: disabled [ 74.864729][ T4677] Rebooting in 86400 seconds..