program: ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e21, 0x31, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8001}, @in6={0xa, 0x4e23, 0x51, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x58a6}], 0x38) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f0000000100), 0x8) (async) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) [ 85.286475][ T4667] ------------[ cut here ]------------ [ 85.289592][ T4667] WARNING: CPU: 0 PID: 4667 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xff/0x290 [ 85.293556][ T4667] Modules linked in: [ 85.295166][ T4667] CPU: 0 UID: 0 PID: 4667 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 85.300380][ T4667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.309839][ T4667] Workqueue: hci0 hci_conn_timeout [ 85.311999][ T4667] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 85.314347][ T4667] Code: 48 89 df e8 53 1d 09 00 eb 07 e8 ac 5e 7a f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 e7 c4 fe ff e8 92 5e 7a f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 85.322228][ T4667] RSP: 0018:ffffc900022dfa30 EFLAGS: 00010293 [ 85.324426][ T4667] RAX: ffffffff8a45b57e RBX: ffff888031bf4000 RCX: ffff88801f37a480 [ 85.327677][ T4667] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 85.330888][ T4667] RBP: 00000000ffffffff R08: ffff888031bf4013 R09: 1ffff1100637e802 [ 85.334249][ T4667] R10: dffffc0000000000 R11: ffffed100637e803 R12: dffffc0000000000 [ 85.337457][ T4667] R13: ffff88801e28a818 R14: ffff888031bf4948 R15: ffff888031bf4010 [ 85.340761][ T4667] FS: 0000000000000000(0000) GS:ffff88808d733000(0000) knlGS:0000000000000000 [ 85.344374][ T4667] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.347084][ T4667] CR2: 00007f67929f4fc8 CR3: 0000000011f03000 CR4: 0000000000352ef0 [ 85.350140][ T4667] Call Trace: [ 85.351471][ T4667] [ 85.352654][ T4667] ? process_scheduled_works+0x9ef/0x17b0 [ 85.354919][ T4667] process_scheduled_works+0xae1/0x17b0 [ 85.358075][ T4667] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.360631][ T4667] worker_thread+0x8a0/0xda0 [ 85.362661][ T4667] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.365488][ T4667] ? __kthread_parkme+0x7b/0x200 [ 85.368689][ T4667] kthread+0x711/0x8a0 [ 85.371008][ T4667] ? __pfx_worker_thread+0x10/0x10 [ 85.373679][ T4667] ? __pfx_kthread+0x10/0x10 [ 85.375630][ T4667] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.378281][ T4667] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.380510][ T4667] ? __pfx_kthread+0x10/0x10 [ 85.382529][ T4667] ret_from_fork+0x4bc/0x870 [ 85.384732][ T4667] ? __pfx_ret_from_fork+0x10/0x10 [ 85.387383][ T4667] ? __pfx_kthread+0x10/0x10 [ 85.389436][ T4667] ret_from_fork_asm+0x1a/0x30 [ 85.391402][ T4667] [ 85.392865][ T4667] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.396028][ T4667] CPU: 0 UID: 0 PID: 4667 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 85.400011][ T4667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.404638][ T4667] Workqueue: hci0 hci_conn_timeout [ 85.406860][ T4667] Call Trace: [ 85.408348][ T4667] [ 85.409661][ T4667] dump_stack_lvl+0x99/0x250 [ 85.411745][ T4667] ? __asan_memcpy+0x40/0x70 [ 85.413698][ T4667] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.415926][ T4667] ? __pfx__printk+0x10/0x10 [ 85.417963][ T4667] vpanic+0x237/0x6d0 [ 85.419727][ T4667] ? __pfx_vpanic+0x10/0x10 [ 85.421680][ T4667] panic+0xb9/0xc0 [ 85.423455][ T4667] ? __pfx_panic+0x10/0x10 [ 85.425474][ T4667] __warn+0x31b/0x4b0 [ 85.427129][ T4667] ? hci_conn_timeout+0xff/0x290 [ 85.429323][ T4667] ? hci_conn_timeout+0xff/0x290 [ 85.431420][ T4667] report_bug+0x2be/0x4f0 [ 85.433381][ T4667] ? hci_conn_timeout+0xff/0x290 [ 85.435504][ T4667] ? hci_conn_timeout+0xff/0x290 [ 85.437678][ T4667] ? hci_conn_timeout+0x101/0x290 [ 85.439765][ T4667] handle_bug+0x84/0x160 [ 85.441599][ T4667] exc_invalid_op+0x1a/0x50 [ 85.443635][ T4667] asm_exc_invalid_op+0x1a/0x20 [ 85.445789][ T4667] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 85.448094][ T4667] Code: 48 89 df e8 53 1d 09 00 eb 07 e8 ac 5e 7a f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 e7 c4 fe ff e8 92 5e 7a f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 85.456737][ T4667] RSP: 0018:ffffc900022dfa30 EFLAGS: 00010293 [ 85.459451][ T4667] RAX: ffffffff8a45b57e RBX: ffff888031bf4000 RCX: ffff88801f37a480 [ 85.462777][ T4667] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 85.466196][ T4667] RBP: 00000000ffffffff R08: ffff888031bf4013 R09: 1ffff1100637e802 [ 85.469503][ T4667] R10: dffffc0000000000 R11: ffffed100637e803 R12: dffffc0000000000 [ 85.473068][ T4667] R13: ffff88801e28a818 R14: ffff888031bf4948 R15: ffff888031bf4010 [ 85.476732][ T4667] ? hci_conn_timeout+0xfe/0x290 [ 85.478946][ T4667] ? process_scheduled_works+0x9ef/0x17b0 [ 85.481376][ T4667] process_scheduled_works+0xae1/0x17b0 [ 85.483887][ T4667] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.486583][ T4667] worker_thread+0x8a0/0xda0 [ 85.488630][ T4667] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.491588][ T4667] ? __kthread_parkme+0x7b/0x200 [ 85.493829][ T4667] kthread+0x711/0x8a0 [ 85.495573][ T4667] ? __pfx_worker_thread+0x10/0x10 [ 85.497868][ T4667] ? __pfx_kthread+0x10/0x10 [ 85.499769][ T4667] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.502010][ T4667] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.504165][ T4667] ? __pfx_kthread+0x10/0x10 [ 85.506050][ T4667] ret_from_fork+0x4bc/0x870 [ 85.508116][ T4667] ? __pfx_ret_from_fork+0x10/0x10 [ 85.510359][ T4667] ? __pfx_kthread+0x10/0x10 [ 85.512463][ T4667] ret_from_fork_asm+0x1a/0x30 [ 85.514562][ T4667] [ 85.516204][ T4667] Kernel Offset: disabled [ 85.518011][ T4667] Rebooting in 86400 seconds..