Extracting prog: 3m29.295589396s
Minimizing prog: 1h28m26.440947714s
Simplifying prog options: 12m17.144100924s
Extracting C: 5m9.799722465s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco-shutdown-openat$vhost_vsock-bpf$PROG_LOAD-ioctl$VHOST_SET_VRING_ADDR-openat$sndtimer-ioctl$VHOST_VSOCK_SET_RUNNING-mkdir
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)
shutdown(r0, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x1670c0)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, 0x0)
mkdir(0x0, 0x0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco-shutdown-openat$vhost_vsock-bpf$PROG_LOAD-ioctl$VHOST_SET_VRING_ADDR-openat$sndtimer-ioctl$VHOST_VSOCK_SET_RUNNING-mkdir
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)
shutdown(r0, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x1670c0)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, 0x0)
mkdir(0x0, 0x0)

program crashed: WARNING in hci_conn_timeout
single: successfully extracted reproducer
found reproducer with 14 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco-shutdown-openat$vhost_vsock-bpf$PROG_LOAD-ioctl$VHOST_SET_VRING_ADDR-openat$sndtimer-ioctl$VHOST_VSOCK_SET_RUNNING
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)
shutdown(r0, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x1670c0)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, 0x0)

program crashed: WARNING in hci_conn_timeout
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco-shutdown-openat$vhost_vsock-bpf$PROG_LOAD-ioctl$VHOST_SET_VRING_ADDR-openat$sndtimer
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)
shutdown(r0, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x1670c0)

program crashed: WARNING in hci_conn_timeout
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco-shutdown-openat$vhost_vsock-bpf$PROG_LOAD-ioctl$VHOST_SET_VRING_ADDR
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)
shutdown(r0, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0)

program crashed: WARNING in hci_conn_timeout
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco-shutdown-openat$vhost_vsock-bpf$PROG_LOAD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)
shutdown(r0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

program crashed: WARNING in hci_conn_timeout
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco-shutdown-openat$vhost_vsock
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)
shutdown(r0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)

program crashed: WARNING in hci_conn_timeout
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco-shutdown
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)
shutdown(r0, 0x0)

program crashed: WARNING in hci_conn_timeout
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

program crashed: WARNING in hci_conn_timeout
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr
detailed listing:
executing program 0:
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-syz_open_dev$MSR-sched_setscheduler-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-syz_open_dev$MSR-read$msr-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-read$msr-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prctl$PR_SCHED_CORE-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

program crashed: WARNING in hci_conn_timeout
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @none}, 0x8)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, 0x0, 0x0)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-prlimit64-syz_open_dev$MSR-sched_setscheduler-read$msr-connect$bt_sco
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

program did not crash
reproducing took 1h49m22.680377658s
repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: CPU: 0 PID: 48 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xfb/0x290 net/bluetooth/hci_conn.c:567
Modules linked in:
CPU: 0 UID: 0 PID: 48 Comm: kworker/u5:0 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci5 hci_conn_timeout
RIP: 0010:hci_conn_timeout+0xfb/0x290 net/bluetooth/hci_conn.c:567
Code: 4c 89 f7 e8 37 92 09 00 eb 07 e8 50 e0 dc f6 b0 13 0f b6 f0 4c 89 f7 5b 41 5c 41 5e 41 5f 5d e9 db c4 fe ff e8 36 e0 dc f6 90 <0f> 0b 90 eb 8f 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 36 ff ff ff 48
RSP: 0018:ffffc9000062fb90 EFLAGS: 00010293
RAX: ffffffff8ab7f9ea RBX: ffff8880594508c8 RCX: ffff88801e29c880
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
RBP: 00000000ffffffff R08: ffffffff8ab7f953 R09: 1ffff1100b28a002
R10: dffffc0000000000 R11: ffffed100b28a003 R12: dffffc0000000000
R13: ffffffff815e9786 R14: ffff888059450000 R15: 0000000001400000
FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc1c9f062d8 CR3: 000000004373c000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: CPU: 0 PID: 48 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xfb/0x290 net/bluetooth/hci_conn.c:567
Modules linked in:
CPU: 0 UID: 0 PID: 48 Comm: kworker/u5:0 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci5 hci_conn_timeout
RIP: 0010:hci_conn_timeout+0xfb/0x290 net/bluetooth/hci_conn.c:567
Code: 4c 89 f7 e8 37 92 09 00 eb 07 e8 50 e0 dc f6 b0 13 0f b6 f0 4c 89 f7 5b 41 5c 41 5e 41 5f 5d e9 db c4 fe ff e8 36 e0 dc f6 90 <0f> 0b 90 eb 8f 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 36 ff ff ff 48
RSP: 0018:ffffc9000062fb90 EFLAGS: 00010293
RAX: ffffffff8ab7f9ea RBX: ffff8880594508c8 RCX: ffff88801e29c880
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
RBP: 00000000ffffffff R08: ffffffff8ab7f953 R09: 1ffff1100b28a002
R10: dffffc0000000000 R11: ffffed100b28a003 R12: dffffc0000000000
R13: ffffffff815e9786 R14: ffff888059450000 R15: 0000000001400000
FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc1c9f062d8 CR3: 000000004373c000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>