program: r0 = socket(0x10, 0x2, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_mount_image$fuse(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0408"], 0x7) (async) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0408"], 0x7) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x548c, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, 0x80}}) syz_open_dev$usbfs(&(0x7f0000000040), 0x204, 0x80302) (async) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x204, 0x80302) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0xfff, 0x3, 0x54, 0xfffffff8, 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x1d7b, &(0x7f00000002c0)) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r2, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20) socket$packet(0x11, 0xa, 0x300) syz_emit_ethernet(0x66, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}}}}}}, 0x0) (async) syz_emit_ethernet(0x66, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}}}}}}, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r2, 0xe, &(0x7f0000001180)={0xfffffff8, 0x0, &(0x7f0000000040), &(0x7f0000000400)=[0x6]}, 0x20) (async) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r2, 0xe, &(0x7f0000001180)={0xfffffff8, 0x0, &(0x7f0000000040), &(0x7f0000000400)=[0x6]}, 0x20) socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000140), 0x76, 0x101301) ioctl$USBDEVFS_CLAIM_PORT(r4, 0x80045519, 0x0) (async) ioctl$USBDEVFS_CLAIM_PORT(r4, 0x80045519, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv6_newnexthop={0x28, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r5}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x28}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r8 = io_uring_setup(0x662, &(0x7f0000001740)={0x0, 0xfffffffc}) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r8, 0x10, &(0x7f0000007300)={0x0, 0x700, &(0x7f0000007280)=[{0x0}], 0x0, 0x1}, 0x20) sendmsg$DEVLINK_CMD_GET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r7, 0xf9de6c80ee062be3, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x20008000) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f00000003c0)={&(0x7f0000000200), 0xc, &(0x7f0000000280)={&(0x7f0000000340)={0x64, r7, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xc}}]}, 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x20000800) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f00000003c0)={&(0x7f0000000200), 0xc, &(0x7f0000000280)={&(0x7f0000000340)={0x64, r7, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xc}}]}, 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x20000800) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000100)={'syztnl2\x00', &(0x7f0000000180)={'ip6_vti0\x00', r5, 0x29, 0x4, 0xc8, 0x1, 0x2, @private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x80, 0x10, 0xffff1cba, 0x9a}}) syz_emit_ethernet(0x76, &(0x7f0000000080)={@link_local, @random="86082b9827c1", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb3e02", 0x40, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "974367", 0x0, 0x11, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [@dstopts={0x0, 0x1, '\x00', [@padn={0x1, 0x33, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}]}}}}}}}, 0x0) [ 86.174008][ T5332] Bluetooth: hci0: command tx timeout [ 86.251482][ T4699] ------------[ cut here ]------------ [ 86.254337][ T4699] WARNING: CPU: 0 PID: 4699 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290 [ 86.259073][ T4699] Modules linked in: [ 86.260970][ T4699] CPU: 0 UID: 0 PID: 4699 Comm: kworker/u5:1 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 86.266258][ T4699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.270852][ T4699] Workqueue: hci0 hci_conn_timeout [ 86.273402][ T4699] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 86.276020][ T4699] Code: 48 89 df e8 23 05 09 00 eb 07 e8 7c cf 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 ca fe ff e8 62 cf 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 86.284985][ T4699] RSP: 0018:ffffc9000ccf7a50 EFLAGS: 00010293 [ 86.287481][ T4699] RAX: ffffffff8a78ebde RBX: ffff88803f0ac000 RCX: ffff88801c700000 [ 86.290830][ T4699] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 86.294651][ T4699] RBP: 00000000ffffffff R08: ffff88803f0ac013 R09: 1ffff11007e15802 [ 86.297852][ T4699] R10: dffffc0000000000 R11: ffffed1007e15803 R12: dffffc0000000000 [ 86.301288][ T4699] R13: ffff88801ec19218 R14: ffff88803f0ac948 R15: ffff88803f0ac010 [ 86.304792][ T4699] FS: 0000000000000000(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000 [ 86.308553][ T4699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.311349][ T4699] CR2: 0000000000000000 CR3: 000000004353a000 CR4: 0000000000352ef0 [ 86.314837][ T4699] Call Trace: [ 86.316316][ T4699] [ 86.317553][ T4699] ? process_scheduled_works+0x9ef/0x17b0 [ 86.320022][ T4699] process_scheduled_works+0xade/0x17b0 [ 86.322531][ T4699] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.325275][ T4699] worker_thread+0x8a0/0xda0 [ 86.327140][ T4699] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.329785][ T4699] ? __kthread_parkme+0x7b/0x200 [ 86.331858][ T4699] kthread+0x70e/0x8a0 [ 86.333634][ T4699] ? __pfx_worker_thread+0x10/0x10 [ 86.335772][ T4699] ? __pfx_kthread+0x10/0x10 [ 86.337660][ T4699] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.339779][ T4699] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.341984][ T4699] ? __pfx_kthread+0x10/0x10 [ 86.344054][ T4699] ret_from_fork+0x3f9/0x770 [ 86.345974][ T4699] ? __pfx_ret_from_fork+0x10/0x10 [ 86.348216][ T4699] ? __pfx_kthread+0x10/0x10 [ 86.350314][ T4699] ret_from_fork_asm+0x1a/0x30 [ 86.352553][ T4699] [ 86.354165][ T4699] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 86.357176][ T4699] CPU: 0 UID: 0 PID: 4699 Comm: kworker/u5:1 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 86.361711][ T4699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.365909][ T4699] Workqueue: hci0 hci_conn_timeout [ 86.368068][ T4699] Call Trace: [ 86.369570][ T4699] [ 86.370897][ T4699] dump_stack_lvl+0x99/0x250 [ 86.373175][ T4699] ? __asan_memcpy+0x40/0x70 [ 86.375403][ T4699] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.377905][ T4699] ? __pfx__printk+0x10/0x10 [ 86.379884][ T4699] vpanic+0x281/0x750 [ 86.381603][ T4699] ? __pfx__printk+0x10/0x10 [ 86.383476][ T4699] ? __pfx_vpanic+0x10/0x10 [ 86.385466][ T4699] ? is_bpf_text_address+0x292/0x2b0 [ 86.387757][ T4699] panic+0xb9/0xc0 [ 86.389417][ T4699] ? __pfx_panic+0x10/0x10 [ 86.391453][ T4699] __warn+0x31b/0x4b0 [ 86.393280][ T4699] ? hci_conn_timeout+0xff/0x290 [ 86.395767][ T4699] ? hci_conn_timeout+0xff/0x290 [ 86.398208][ T4699] report_bug+0x2be/0x4f0 [ 86.400108][ T4699] ? hci_conn_timeout+0xff/0x290 [ 86.402323][ T4699] ? hci_conn_timeout+0xff/0x290 [ 86.404439][ T4699] ? hci_conn_timeout+0x101/0x290 [ 86.406810][ T4699] handle_bug+0x84/0x160 [ 86.408753][ T4699] exc_invalid_op+0x1a/0x50 [ 86.410891][ T4699] asm_exc_invalid_op+0x1a/0x20 [ 86.413099][ T4699] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 86.415415][ T4699] Code: 48 89 df e8 23 05 09 00 eb 07 e8 7c cf 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 ca fe ff e8 62 cf 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 86.423065][ T4699] RSP: 0018:ffffc9000ccf7a50 EFLAGS: 00010293 [ 86.425590][ T4699] RAX: ffffffff8a78ebde RBX: ffff88803f0ac000 RCX: ffff88801c700000 [ 86.428860][ T4699] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 86.432026][ T4699] RBP: 00000000ffffffff R08: ffff88803f0ac013 R09: 1ffff11007e15802 [ 86.435490][ T4699] R10: dffffc0000000000 R11: ffffed1007e15803 R12: dffffc0000000000 [ 86.438848][ T4699] R13: ffff88801ec19218 R14: ffff88803f0ac948 R15: ffff88803f0ac010 [ 86.442741][ T4699] ? hci_conn_timeout+0xfe/0x290 [ 86.445338][ T4699] ? process_scheduled_works+0x9ef/0x17b0 [ 86.447795][ T4699] process_scheduled_works+0xade/0x17b0 [ 86.450293][ T4699] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.452851][ T4699] worker_thread+0x8a0/0xda0 [ 86.454894][ T4699] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.457613][ T4699] ? __kthread_parkme+0x7b/0x200 [ 86.459791][ T4699] kthread+0x70e/0x8a0 [ 86.461863][ T4699] ? __pfx_worker_thread+0x10/0x10 [ 86.464656][ T4699] ? __pfx_kthread+0x10/0x10 [ 86.467230][ T4699] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.469411][ T4699] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.471799][ T4699] ? __pfx_kthread+0x10/0x10 [ 86.473951][ T4699] ret_from_fork+0x3f9/0x770 [ 86.475799][ T4699] ? __pfx_ret_from_fork+0x10/0x10 [ 86.477813][ T4699] ? __pfx_kthread+0x10/0x10 [ 86.479665][ T4699] ret_from_fork_asm+0x1a/0x30 [ 86.481596][ T4699] [ 86.483161][ T4699] Kernel Offset: disabled [ 86.484968][ T4699] Rebooting in 86400 seconds..