program: io_setup(0x8, &(0x7f00000001c0)=0x0) (async) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk', 0x1, 0x0) io_submit(r0, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000300)="87992d800d80", 0x6, 0x4}]) (async) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r2, 0x400448cb, 0x0) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a03000000000000000000020000000c00024000000000000000010900010073797a3000000000140000001100010000000000002000000000000a"], 0x54}}, 0x0) (async) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x4c8b40, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7) [ 68.524737][ T4684] Bluetooth: hci0: command tx timeout [ 68.606831][ T5338] ------------[ cut here ]------------ [ 68.609300][ T5338] workqueue: cannot queue hci_rx_work on wq hci0 [ 68.612040][ T5338] WARNING: kernel/workqueue.c:2252 at __queue_work+0xd20/0xf90, CPU#0: syz.0.0/5338 [ 68.615370][ T5338] Modules linked in: [ 68.617213][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 68.621027][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.625722][ T5338] RIP: 0010:__queue_work+0xd4b/0xf90 [ 68.628164][ T5338] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 86 5a 9e 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7d 28 [ 68.636248][ T5338] RSP: 0018:ffffc9000ba67b20 EFLAGS: 00010086 [ 68.638757][ T5338] RAX: 1ffff11006bbb97b RBX: 0000000000000008 RCX: ffff8880361724c0 [ 68.642006][ T5338] RDX: ffff888040ab7178 RSI: ffffffff8a553c80 RDI: ffffffff8f852e60 [ 68.645255][ T5338] RBP: 0000000000000000 R08: ffff888035ddcbc7 R09: 1ffff11006bbb978 [ 68.648627][ T5338] R10: dffffc0000000000 R11: ffffed1006bbb979 R12: dffffc0000000000 [ 68.652023][ T5338] R13: ffff888035ddcbd8 R14: ffffffff8f852e60 R15: ffff888040ab7178 [ 68.655524][ T5338] FS: 00007f10544436c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 68.659066][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.661963][ T5338] CR2: 00007f1054442fc8 CR3: 0000000036f14000 CR4: 0000000000352ef0 [ 68.665479][ T5338] Call Trace: [ 68.667038][ T5338] [ 68.668371][ T5338] ? rcu_is_watching+0x15/0xb0 [ 68.670381][ T5338] queue_work_on+0x106/0x1c0 [ 68.672435][ T5338] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 68.675124][ T5338] hci_recv_frame+0x625/0x7c0 [ 68.677126][ T5338] ? skb_pull+0xc1/0x1d0 [ 68.678984][ T5338] vhci_write+0x358/0x4a0 [ 68.680899][ T5338] vfs_write+0x5c9/0xb30 [ 68.682787][ T5338] ? __pfx_vhci_write+0x10/0x10 [ 68.685055][ T5338] ? __pfx_vfs_write+0x10/0x10 [ 68.687240][ T5338] ? __fget_files+0x2a/0x420 [ 68.689350][ T5338] ksys_write+0x145/0x250 [ 68.691337][ T5338] ? __pfx_ksys_write+0x10/0x10 [ 68.693386][ T5338] do_syscall_64+0xec/0xf80 [ 68.695264][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.697805][ T5338] ? trace_irq_disable+0x37/0x100 [ 68.699904][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 68.701925][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.704383][ T5338] RIP: 0033:0x7f105358e27f [ 68.706405][ T5338] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 68.714322][ T5338] RSP: 002b:00007f1054443000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 68.717902][ T5338] RAX: ffffffffffffffda RBX: 00007f10537e6090 RCX: 00007f105358e27f [ 68.721239][ T5338] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 00000000000000ca [ 68.724519][ T5338] RBP: 00007f1053613f91 R08: 0000000000000000 R09: 0000000000000000 [ 68.728080][ T5338] R10: 0000200000000040 R11: 0000000000000293 R12: 0000000000000000 [ 68.731372][ T5338] R13: 00007f10537e6128 R14: 00007f10537e6090 R15: 00007fff6d880098 [ 68.734785][ T5338] [ 68.736122][ T5338] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 68.739166][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 68.743013][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.748422][ T5338] Call Trace: [ 68.750034][ T5338] [ 68.751363][ T5338] vpanic+0x1e0/0x670 [ 68.753271][ T5338] panic+0xb9/0xc0 [ 68.754895][ T5338] ? __pfx_panic+0x10/0x10 [ 68.756814][ T5338] __warn+0x317/0x4b0 [ 68.758567][ T5338] ? __queue_work+0xd20/0xf90 [ 68.760676][ T5338] ? __queue_work+0xd20/0xf90 [ 68.762729][ T5338] __report_bug+0x288/0x500 [ 68.764815][ T5338] ? __queue_work+0xd20/0xf90 [ 68.766876][ T5338] ? __pfx___report_bug+0x10/0x10 [ 68.768957][ T5338] ? vhci_write+0xbe/0x4a0 [ 68.770946][ T5338] ? __pfx_hci_rx_work+0x10/0x10 [ 68.773137][ T5338] ? __lock_acquire+0x6b6/0x2cf0 [ 68.775463][ T5338] report_bug_entry+0x19a/0x290 [ 68.777622][ T5338] ? __queue_work+0xd4b/0xf90 [ 68.779698][ T5338] ? __queue_work+0xd50/0xf90 [ 68.781565][ T5338] handle_bug+0xca/0x200 [ 68.783451][ T5338] exc_invalid_op+0x1a/0x50 [ 68.785598][ T5338] asm_exc_invalid_op+0x1a/0x20 [ 68.787647][ T5338] RIP: 0010:__queue_work+0xd4b/0xf90 [ 68.790003][ T5338] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 86 5a 9e 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7d 28 [ 68.798138][ T5338] RSP: 0018:ffffc9000ba67b20 EFLAGS: 00010086 [ 68.800872][ T5338] RAX: 1ffff11006bbb97b RBX: 0000000000000008 RCX: ffff8880361724c0 [ 68.804344][ T5338] RDX: ffff888040ab7178 RSI: ffffffff8a553c80 RDI: ffffffff8f852e60 [ 68.807878][ T5338] RBP: 0000000000000000 R08: ffff888035ddcbc7 R09: 1ffff11006bbb978 [ 68.811312][ T5338] R10: dffffc0000000000 R11: ffffed1006bbb979 R12: dffffc0000000000 [ 68.814845][ T5338] R13: ffff888035ddcbd8 R14: ffffffff8f852e60 R15: ffff888040ab7178 [ 68.818205][ T5338] ? __pfx_hci_rx_work+0x10/0x10 [ 68.820401][ T5338] ? rcu_is_watching+0x15/0xb0 [ 68.822460][ T5338] queue_work_on+0x106/0x1c0 [ 68.824511][ T5338] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 68.827018][ T5338] hci_recv_frame+0x625/0x7c0 [ 68.829036][ T5338] ? skb_pull+0xc1/0x1d0 [ 68.830707][ T5338] vhci_write+0x358/0x4a0 [ 68.832697][ T5338] vfs_write+0x5c9/0xb30 [ 68.834757][ T5338] ? __pfx_vhci_write+0x10/0x10 [ 68.837042][ T5338] ? __pfx_vfs_write+0x10/0x10 [ 68.838677][ T5338] ? __fget_files+0x2a/0x420 [ 68.840436][ T5338] ksys_write+0x145/0x250 [ 68.842211][ T5338] ? __pfx_ksys_write+0x10/0x10 [ 68.844365][ T5338] do_syscall_64+0xec/0xf80 [ 68.846345][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.848980][ T5338] ? trace_irq_disable+0x37/0x100 [ 68.851067][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 68.853075][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.855645][ T5338] RIP: 0033:0x7f105358e27f [ 68.857525][ T5338] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 68.865877][ T5338] RSP: 002b:00007f1054443000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 68.869276][ T5338] RAX: ffffffffffffffda RBX: 00007f10537e6090 RCX: 00007f105358e27f [ 68.872768][ T5338] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 00000000000000ca [ 68.876243][ T5338] RBP: 00007f1053613f91 R08: 0000000000000000 R09: 0000000000000000 [ 68.879633][ T5338] R10: 0000200000000040 R11: 0000000000000293 R12: 0000000000000000 [ 68.882933][ T5338] R13: 00007f10537e6128 R14: 00007f10537e6090 R15: 00007fff6d880098 [ 68.886203][ T5338] [ 68.887854][ T5338] Kernel Offset: disabled [ 68.889770][ T5338] Rebooting in 86400 seconds..