program: r0 = socket$kcm(0x10, 0x2, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETLED(r2, 0x4b32, 0x6) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r4, &(0x7f0000000e40)=[{{&(0x7f0000000340)={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000200)="d16c62a622e64d55a7b392b05501e8741dcda43db82ae7d77b2ea7aa2c0746b28783c65385fc28dfb0935139d9b84c481c9c81d73f0fa73f65f9faf293cc4076c3108be3"}, {&(0x7f0000000300)="f408ee0eb8e3defc33874ff1974b56c3678d1747781fe54be39f156336"}], 0x1}}], 0x4a5, 0x4000040) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000280)=0xffffffffffffffff, 0x4) connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f00000000c0)={r3, r3, 0x9, 0x0, 0x0, 0x2, 0x72, 0x1, 0x3, 0x7, 0x0, 0x80000008, 'syz1\x00'}) ioctl$sock_bt_hci(r1, 0x400448ca, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x3e1, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006067c09e8fe55a10a0015400500142603600e120800060000001001a8001600a400014003000000036004fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) socketpair(0x6, 0x2, 0x8, &(0x7f00000001c0)) [ 74.849390][ T46] Bluetooth: hci0: command tx timeout [ 75.088792][ T5337] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input5 [ 75.213698][ T5342] ------------[ cut here ]------------ [ 75.215984][ T5342] workqueue: cannot queue hci_tx_work on wq hci0 [ 75.218600][ T5342] WARNING: kernel/workqueue.c:2252 at 0x0, CPU#0: khidpd_00010003/5342 [ 75.221654][ T5342] Modules linked in: [ 75.223431][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: khidpd_00010003 Not tainted syzkaller #0 PREEMPT(full) [ 75.227401][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.231799][ T5342] RIP: 0010:__queue_work+0xd4b/0xf90 [ 75.234211][ T5342] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 26 78 9e 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc [ 75.242059][ T5342] RSP: 0018:ffffc9000d537310 EFLAGS: 00010086 [ 75.244317][ T5342] RAX: 1ffff1100220098d RBX: 0000000000000008 RCX: ffff8880006b24c0 [ 75.247412][ T5342] RDX: ffff88804279e178 RSI: ffffffff8a474050 RDI: ffffffff8f8371d0 [ 75.250704][ T5342] RBP: 0000000000000000 R08: ffff888011004c57 R09: 1ffff1100220098a [ 75.254355][ T5342] R10: dffffc0000000000 R11: ffffed100220098b R12: dffffc0000000000 [ 75.257391][ T5342] R13: ffff888011004c68 R14: ffffffff8f8371d0 R15: ffff88804279e178 [ 75.261009][ T5342] FS: 0000000000000000(0000) GS:ffff88808d69f000(0000) knlGS:0000000000000000 [ 75.265146][ T5342] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.267814][ T5342] CR2: 000020000053c000 CR3: 0000000019f53000 CR4: 0000000000352ef0 [ 75.271247][ T5342] Call Trace: [ 75.272938][ T5342] [ 75.274234][ T5342] ? rcu_is_watching+0x15/0xb0 [ 75.276539][ T5342] queue_work_on+0x181/0x270 [ 75.278559][ T5342] ? hci_send_acl+0x949/0xd90 [ 75.280452][ T5342] ? __pfx_queue_work_on+0x10/0x10 [ 75.282546][ T5342] ? l2cap_do_send+0x154/0x2c0 [ 75.284579][ T5342] l2cap_chan_send+0x1110/0x2790 [ 75.286677][ T5342] ? __pfx_l2cap_chan_send+0x10/0x10 [ 75.288946][ T5342] ? __local_bh_enable_ip+0x12d/0x1c0 [ 75.291239][ T5342] l2cap_sock_sendmsg+0x32e/0x4a0 [ 75.293456][ T5342] ? __pfx_l2cap_sock_sendmsg+0x10/0x10 [ 75.295912][ T5342] ? aa_sock_msg_perm+0xf1/0x1b0 [ 75.298128][ T5342] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 75.300550][ T5342] ? __pfx_l2cap_sock_sendmsg+0x10/0x10 [ 75.303117][ T5342] __sock_sendmsg+0x21c/0x270 [ 75.305233][ T5342] kernel_sendmsg+0x175/0x250 [ 75.307374][ T5342] ? __pfx_kernel_sendmsg+0x10/0x10 [ 75.309629][ T5342] hidp_process_transmit+0x18f/0x380 [ 75.312041][ T5342] ? __pfx_hidp_process_transmit+0x10/0x10 [ 75.314629][ T5342] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 75.317246][ T5342] ? lockdep_hardirqs_on+0x98/0x140 [ 75.319545][ T5342] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.321971][ T5342] ? skb_dequeue+0x10e/0x150 [ 75.323783][ T5342] ? hidp_session_run+0x413/0x14a0 [ 75.325807][ T5342] hidp_session_run+0x8df/0x14a0 [ 75.327824][ T5342] ? do_raw_spin_lock+0x121/0x290 [ 75.329823][ T5342] ? __pfx_hidp_session_run+0x10/0x10 [ 75.332133][ T5342] ? __pfx_woken_wake_function+0x10/0x10 [ 75.334355][ T5342] ? __wake_up_common_lock+0x190/0x1f0 [ 75.336904][ T5342] hidp_session_thread+0x28e/0x410 [ 75.339433][ T5342] ? __pfx_hidp_session_thread+0x10/0x10 [ 75.342211][ T5342] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 75.344797][ T5342] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 75.347545][ T5342] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 75.350283][ T5342] ? __kthread_parkme+0x7b/0x200 [ 75.352379][ T5342] ? __kthread_parkme+0x1a1/0x200 [ 75.354267][ T5342] kthread+0x711/0x8a0 [ 75.355917][ T5342] ? __pfx_hidp_session_thread+0x10/0x10 [ 75.358573][ T5342] ? __pfx_kthread+0x10/0x10 [ 75.360640][ T5342] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.363387][ T5342] ? lockdep_hardirqs_on+0x98/0x140 [ 75.365843][ T5342] ? __pfx_kthread+0x10/0x10 [ 75.367783][ T5342] ret_from_fork+0x599/0xb30 [ 75.369707][ T5342] ? __pfx_ret_from_fork+0x10/0x10 [ 75.371878][ T5342] ? __pfx_kthread+0x10/0x10 [ 75.373813][ T5342] ret_from_fork_asm+0x1a/0x30 [ 75.375967][ T5342] [ 75.377099][ T5342] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.380144][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: khidpd_00010003 Not tainted syzkaller #0 PREEMPT(full) [ 75.384341][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.389227][ T5342] Call Trace: [ 75.390700][ T5342] [ 75.391937][ T5342] dump_stack_lvl+0x99/0x250 [ 75.393739][ T5342] ? __asan_memcpy+0x40/0x70 [ 75.395533][ T5342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.397391][ T5342] ? __pfx__printk+0x10/0x10 [ 75.399043][ T5342] vpanic+0x237/0x6d0 [ 75.400513][ T5342] ? __pfx_vpanic+0x10/0x10 [ 75.402280][ T5342] ? is_bpf_text_address+0x292/0x2b0 [ 75.404188][ T5342] ? is_bpf_text_address+0x26/0x2b0 [ 75.406255][ T5342] panic+0xb9/0xc0 [ 75.407971][ T5342] ? __pfx_panic+0x10/0x10 [ 75.409728][ T5342] ? ret_from_fork_asm+0x1a/0x30 [ 75.411798][ T5342] __warn+0x317/0x4b0 [ 75.413501][ T5342] __report_bug+0x288/0x500 [ 75.415392][ T5342] ? __pfx___report_bug+0x10/0x10 [ 75.417583][ T5342] ? __pfx_hci_tx_work+0x10/0x10 [ 75.419742][ T5342] ? __pfx___mutex_trylock_common+0x10/0x10 [ 75.422349][ T5342] report_bug_entry+0x16a/0x220 [ 75.424600][ T5342] ? __queue_work+0xd4b/0xf90 [ 75.427213][ T5342] ? __queue_work+0xd50/0xf90 [ 75.429463][ T5342] handle_bug+0xca/0x200 [ 75.431192][ T5342] exc_invalid_op+0x1a/0x50 [ 75.433179][ T5342] asm_exc_invalid_op+0x1a/0x20 [ 75.435319][ T5342] RIP: 0010:__queue_work+0xd4b/0xf90 [ 75.437443][ T5342] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 26 78 9e 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc [ 75.445273][ T5342] RSP: 0018:ffffc9000d537310 EFLAGS: 00010086 [ 75.447938][ T5342] RAX: 1ffff1100220098d RBX: 0000000000000008 RCX: ffff8880006b24c0 [ 75.451522][ T5342] RDX: ffff88804279e178 RSI: ffffffff8a474050 RDI: ffffffff8f8371d0 [ 75.454943][ T5342] RBP: 0000000000000000 R08: ffff888011004c57 R09: 1ffff1100220098a [ 75.458467][ T5342] R10: dffffc0000000000 R11: ffffed100220098b R12: dffffc0000000000 [ 75.461959][ T5342] R13: ffff888011004c68 R14: ffffffff8f8371d0 R15: ffff88804279e178 [ 75.465458][ T5342] ? __pfx_hci_tx_work+0x10/0x10 [ 75.467854][ T5342] ? rcu_is_watching+0x15/0xb0 [ 75.469973][ T5342] queue_work_on+0x181/0x270 [ 75.472348][ T5342] ? hci_send_acl+0x949/0xd90 [ 75.474384][ T5342] ? __pfx_queue_work_on+0x10/0x10 [ 75.476671][ T5342] ? l2cap_do_send+0x154/0x2c0 [ 75.478631][ T5342] l2cap_chan_send+0x1110/0x2790 [ 75.480756][ T5342] ? __pfx_l2cap_chan_send+0x10/0x10 [ 75.482965][ T5342] ? __local_bh_enable_ip+0x12d/0x1c0 [ 75.485297][ T5342] l2cap_sock_sendmsg+0x32e/0x4a0 [ 75.487644][ T5342] ? __pfx_l2cap_sock_sendmsg+0x10/0x10 [ 75.490227][ T5342] ? aa_sock_msg_perm+0xf1/0x1b0 [ 75.492648][ T5342] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 75.495080][ T5342] ? __pfx_l2cap_sock_sendmsg+0x10/0x10 [ 75.497657][ T5342] __sock_sendmsg+0x21c/0x270 [ 75.499846][ T5342] kernel_sendmsg+0x175/0x250 [ 75.501978][ T5342] ? __pfx_kernel_sendmsg+0x10/0x10 [ 75.504216][ T5342] hidp_process_transmit+0x18f/0x380 [ 75.506718][ T5342] ? __pfx_hidp_process_transmit+0x10/0x10 [ 75.509078][ T5342] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 75.511522][ T5342] ? lockdep_hardirqs_on+0x98/0x140 [ 75.513739][ T5342] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.516370][ T5342] ? skb_dequeue+0x10e/0x150 [ 75.518308][ T5342] ? hidp_session_run+0x413/0x14a0 [ 75.520416][ T5342] hidp_session_run+0x8df/0x14a0 [ 75.522348][ T5342] ? do_raw_spin_lock+0x121/0x290 [ 75.524499][ T5342] ? __pfx_hidp_session_run+0x10/0x10 [ 75.526823][ T5342] ? __pfx_woken_wake_function+0x10/0x10 [ 75.529116][ T5342] ? __wake_up_common_lock+0x190/0x1f0 [ 75.531356][ T5342] hidp_session_thread+0x28e/0x410 [ 75.533450][ T5342] ? __pfx_hidp_session_thread+0x10/0x10 [ 75.535816][ T5342] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 75.538254][ T5342] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 75.541009][ T5342] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 75.543971][ T5342] ? __kthread_parkme+0x7b/0x200 [ 75.546185][ T5342] ? __kthread_parkme+0x1a1/0x200 [ 75.548407][ T5342] kthread+0x711/0x8a0 [ 75.550255][ T5342] ? __pfx_hidp_session_thread+0x10/0x10 [ 75.552804][ T5342] ? __pfx_kthread+0x10/0x10 [ 75.554898][ T5342] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.557248][ T5342] ? lockdep_hardirqs_on+0x98/0x140 [ 75.559520][ T5342] ? __pfx_kthread+0x10/0x10 [ 75.561636][ T5342] ret_from_fork+0x599/0xb30 [ 75.563740][ T5342] ? __pfx_ret_from_fork+0x10/0x10 [ 75.566051][ T5342] ? __pfx_kthread+0x10/0x10 [ 75.568237][ T5342] ret_from_fork_asm+0x1a/0x30 [ 75.570378][ T5342] [ 75.572074][ T5342] Kernel Offset: disabled [ 75.573903][ T5342] Rebooting in 86400 seconds..