program: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) (async) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) write$sndseq(r2, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x0, @time={0x233, 0x3b}, {0x5}, {}, @quote={{0x81, 0xb5}, 0x3}}, {0x0, 0xc, 0x0, 0x2, @tick, {}, {0x6}, @result={0x4, 0x7ab4}}, {0x0, 0x0, 0x0, 0x0, @time={0x1}, {}, {0xa}, @control={0x0, 0x5, 0xffffffff}}, {0x0, 0x8, 0x0, 0x4, @tick=0x4, {0x3}, {}, @connect={{}, {0x0, 0x5}}}], 0x70) (async) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) (async, rerun: 32) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) (rerun: 32) r3 = dup(r0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c) (async) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) (async) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) (async) r6 = socket$l2tp6(0xa, 0x2, 0x73) connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e21, 0x8932, @empty, 0x4f}, 0x1c) (async) r7 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00') (async, rerun: 32) r8 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) (async) r12 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r12, 0x400448cb, 0x0) (async, rerun: 64) syz_emit_vhci(&(0x7f0000001fc0)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x6, 0xc9}}}, 0x7) (rerun: 64) sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x2000, {0xa, 0x0, 0x0, 0x0, 0xa}, [@NHA_OIF={0x8, 0x5, r11}]}, 0x20}}, 0x0) (async, rerun: 64) sendmsg$nl_route(r8, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}]}, 0x24}}, 0x0) (rerun: 64) pread64(r7, &(0x7f0000000140)=""/170, 0xaa, 0x20000000000004) (async) write$P9_RSETATTR(r5, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r4, 0x0, r0, 0x0, 0x20000000000002, 0x2) (async) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) (async, rerun: 64) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) (rerun: 64) [ 74.779014][ T4672] Bluetooth: hci0: command tx timeout [ 74.868432][ T5325] ------------[ cut here ]------------ [ 74.870683][ T5325] workqueue: cannot queue hci_rx_work on wq hci0 [ 74.873307][ T5325] WARNING: CPU: 0 PID: 5325 at kernel/workqueue.c:2258 __queue_work+0xd38/0xfb0 [ 74.876875][ T5325] Modules linked in: [ 74.878616][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.882343][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.886949][ T5325] RIP: 0010:__queue_work+0xd38/0xfb0 [ 74.889238][ T5325] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 03 67 9d 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 20 eb 69 8b 4c 89 fa e8 b9 31 f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 4a 27 36 00 90 0f 0b 90 e9 dd fc ff [ 74.897300][ T5325] RSP: 0018:ffffc9000d487a70 EFLAGS: 00010046 [ 74.899728][ T5325] RAX: b66d8816942dc900 RBX: 0000000000000000 RCX: ffff888030fb2480 [ 74.902859][ T5325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 74.905990][ T5325] RBP: 1ffff110062f7338 R08: ffff88801fe24293 R09: 1ffff11003fc4852 [ 74.909314][ T5325] R10: dffffc0000000000 R11: ffffed1003fc4853 R12: dffffc0000000000 [ 74.912659][ T5325] R13: ffff888033370ae0 R14: ffff888030fb2480 R15: ffff8880317b9978 [ 74.915969][ T5325] FS: 00007f17c143a6c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000 [ 74.920440][ T5325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.923962][ T5325] CR2: 0000200000001fc0 CR3: 00000000430ea000 CR4: 0000000000352ef0 [ 74.927904][ T5325] Call Trace: [ 74.929402][ T5325] [ 74.930724][ T5325] ? rcu_is_watching+0x15/0xb0 [ 74.932854][ T5325] queue_work_on+0x181/0x270 [ 74.934856][ T5325] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.937118][ T5325] ? __pfx_queue_work_on+0x10/0x10 [ 74.939340][ T5325] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 74.941842][ T5325] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 74.944280][ T5325] ? skb_queue_tail+0x30/0xf0 [ 74.946310][ T5325] hci_recv_frame+0x625/0x7c0 [ 74.948133][ T5325] ? skb_pull+0xc1/0x1d0 [ 74.949840][ T5325] vhci_write+0x358/0x4a0 [ 74.951516][ T5325] vfs_write+0x5c9/0xb30 [ 74.953309][ T5325] ? __pfx_vhci_write+0x10/0x10 [ 74.955369][ T5325] ? __pfx_vfs_write+0x10/0x10 [ 74.957425][ T5325] ? __fget_files+0x2a/0x420 [ 74.959439][ T5325] ksys_write+0x145/0x250 [ 74.961330][ T5325] ? __pfx_ksys_write+0x10/0x10 [ 74.963369][ T5325] ? do_syscall_64+0xbe/0xfa0 [ 74.965415][ T5325] do_syscall_64+0xfa/0xfa0 [ 74.967409][ T5325] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.969664][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.972297][ T5325] ? clear_bhb_loop+0x60/0xb0 [ 74.974259][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.976783][ T5325] RIP: 0033:0x7f17c058e17f [ 74.978630][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 74.986765][ T5325] RSP: 002b:00007f17c143a000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 74.990337][ T5325] RAX: ffffffffffffffda RBX: 00007f17c07e6180 RCX: 00007f17c058e17f [ 74.993631][ T5325] RDX: 0000000000000007 RSI: 0000200000001fc0 RDI: 00000000000000ca [ 74.996979][ T5325] RBP: 00007f17c0611f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.000549][ T5325] R10: 0000200000001fc0 R11: 0000000000000293 R12: 0000000000000000 [ 75.003946][ T5325] R13: 00007f17c07e6218 R14: 00007f17c07e6180 R15: 00007fff224f0dd8 [ 75.007232][ T5325] [ 75.008701][ T5325] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.011839][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.015608][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.019711][ T5325] Call Trace: [ 75.021125][ T5325] [ 75.022721][ T5325] dump_stack_lvl+0x99/0x250 [ 75.024783][ T5325] ? __asan_memcpy+0x40/0x70 [ 75.026802][ T5325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.028929][ T5325] ? __pfx__printk+0x10/0x10 [ 75.030959][ T5325] vpanic+0x237/0x6d0 [ 75.032794][ T5325] ? __pfx_vpanic+0x10/0x10 [ 75.034894][ T5325] panic+0xb9/0xc0 [ 75.036643][ T5325] ? __pfx_panic+0x10/0x10 [ 75.038757][ T5325] __warn+0x31b/0x4b0 [ 75.040524][ T5325] ? __queue_work+0xd38/0xfb0 [ 75.042612][ T5325] ? __queue_work+0xd38/0xfb0 [ 75.044630][ T5325] report_bug+0x2be/0x4f0 [ 75.046561][ T5325] ? __queue_work+0xd38/0xfb0 [ 75.048625][ T5325] ? __queue_work+0xd38/0xfb0 [ 75.050706][ T5325] ? __queue_work+0xd3a/0xfb0 [ 75.052714][ T5325] handle_bug+0x84/0x160 [ 75.054599][ T5325] exc_invalid_op+0x1a/0x50 [ 75.056628][ T5325] asm_exc_invalid_op+0x1a/0x20 [ 75.058751][ T5325] RIP: 0010:__queue_work+0xd38/0xfb0 [ 75.061099][ T5325] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 03 67 9d 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 20 eb 69 8b 4c 89 fa e8 b9 31 f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 4a 27 36 00 90 0f 0b 90 e9 dd fc ff [ 75.069352][ T5325] RSP: 0018:ffffc9000d487a70 EFLAGS: 00010046 [ 75.072026][ T5325] RAX: b66d8816942dc900 RBX: 0000000000000000 RCX: ffff888030fb2480 [ 75.075245][ T5325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 75.078629][ T5325] RBP: 1ffff110062f7338 R08: ffff88801fe24293 R09: 1ffff11003fc4852 [ 75.082101][ T5325] R10: dffffc0000000000 R11: ffffed1003fc4853 R12: dffffc0000000000 [ 75.085387][ T5325] R13: ffff888033370ae0 R14: ffff888030fb2480 R15: ffff8880317b9978 [ 75.088638][ T5325] ? rcu_is_watching+0x15/0xb0 [ 75.090667][ T5325] queue_work_on+0x181/0x270 [ 75.092624][ T5325] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.094772][ T5325] ? __pfx_queue_work_on+0x10/0x10 [ 75.097527][ T5325] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 75.100821][ T5325] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.103732][ T5325] ? skb_queue_tail+0x30/0xf0 [ 75.105668][ T5325] hci_recv_frame+0x625/0x7c0 [ 75.107661][ T5325] ? skb_pull+0xc1/0x1d0 [ 75.109488][ T5325] vhci_write+0x358/0x4a0 [ 75.111485][ T5325] vfs_write+0x5c9/0xb30 [ 75.113359][ T5325] ? __pfx_vhci_write+0x10/0x10 [ 75.116023][ T5325] ? __pfx_vfs_write+0x10/0x10 [ 75.118048][ T5325] ? __fget_files+0x2a/0x420 [ 75.120041][ T5325] ksys_write+0x145/0x250 [ 75.121928][ T5325] ? __pfx_ksys_write+0x10/0x10 [ 75.124067][ T5325] ? do_syscall_64+0xbe/0xfa0 [ 75.126163][ T5325] do_syscall_64+0xfa/0xfa0 [ 75.128119][ T5325] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.130373][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.132967][ T5325] ? clear_bhb_loop+0x60/0xb0 [ 75.135061][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.137646][ T5325] RIP: 0033:0x7f17c058e17f [ 75.139656][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 75.147903][ T5325] RSP: 002b:00007f17c143a000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 75.151457][ T5325] RAX: ffffffffffffffda RBX: 00007f17c07e6180 RCX: 00007f17c058e17f [ 75.154939][ T5325] RDX: 0000000000000007 RSI: 0000200000001fc0 RDI: 00000000000000ca [ 75.158298][ T5325] RBP: 00007f17c0611f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.161660][ T5325] R10: 0000200000001fc0 R11: 0000000000000293 R12: 0000000000000000 [ 75.165046][ T5325] R13: 00007f17c07e6218 R14: 00007f17c07e6180 R15: 00007fff224f0dd8 [ 75.168523][ T5325] [ 75.170202][ T5325] Kernel Offset: disabled [ 75.172043][ T5325] Rebooting in 86400 seconds..