program: r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x282, 0x4) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f0000000100), 0x8) (async) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=@newqdisc={0x74, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x5}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x101, 0x80, 0x0, 0xffffffff}}}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x8, 0x7, 0xe002, 0x80, 0x2, 0x9, 0x4, 0x1}}, {0x6, 0x2, [0x9]}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x404}, 0x0) setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x12}, 0x80, &(0x7f0000000140)=[{&(0x7f00000006c0)="62042712590200000000002f1eafbcf706e12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247345af215542f41ddf82f618438a34f90186cee8441e2305e495d04ad68ab8fef69df82de6456fbb48b63f60c9c9097be968ea872c4801e5d0711b4373c7224ed7a9cbd49d40f82bdb6afc0036824be26fc96e49a70e90797e6caa1b38ddacb3cb2b3eac7c068a185b644582f25edfa3d6a46e2a894ca809a422a6a29bd7145bb6e7992570484d6a710292ea0c3f97b7cbff701684b13c5593262534a7af9eab48f2ca2d74d9a4de33", 0x15}, {&(0x7f0000000c00)="294f28dfe56d2c8ba23606bc7ecd1f634665cb5bed07bac5684da6eb21da1d6926910c5a0c653b0106869a804dd2a44ce42557b2e32e2bd367e9d01a5e7380cc4fc8e7c9044cc4115b978ca7427d749beaefdf2e48b369cb169ad7b1ced26bb161297c7e56a3e83e91b379c179017f8b4657d1b22eca6bca33036d33e1a684059c53cea91ca6637ac780ab2bcfc22a666cd4e5876f11e9aee4724b7cb59731c97e70ebd7f7483994eb07de2f3c6a9448c3206cff6d290b433f331c2399e99ee3bdecf5689eddc3e549966c1106a933bbc47b65ca6e9d7efbee6e3b1dbe87313111e85336d6890002db17751b6044f964dc90ea466f90856112be7f0a54b39a3f66cc4c39544300093158af39cdde429f50d8c750", 0x114}, {&(0x7f0000000a40)="0a985d7879f1bbff16c7d66e33657e452299fd0ef8c2afda588eb05891b7da030e01452a7986bea19b59c98dc2996c0ea09604d00ea48336d0c813d83025aca8623a5915ddddce2c11c5e374f2e0f387d2398fe0b899ff60dc7a73addcf253cf32aafbe2b9f90799e7fc583bdd9b564697ba988080270bdceb4714219a2d4c229fffb0d86fb286e3553a8b3ac02badc66ada5fceabe5f63c79da96e641a45901128063d6e1e31b11bcfbc3e70bd3c8c6c0be9f653f977f16", 0xfff0}, {&(0x7f0000000840)="6f4720baeb54", 0x6}], 0x4}, 0x0) [ 74.471055][ T5320] Bluetooth: hci0: command tx timeout [ 74.538776][ T4690] ------------[ cut here ]------------ [ 74.541626][ T4690] WARNING: CPU: 0 PID: 4690 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290 [ 74.546161][ T4690] Modules linked in: [ 74.548049][ T4690] CPU: 0 UID: 0 PID: 4690 Comm: kworker/u5:1 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 74.553404][ T4690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.557949][ T4690] Workqueue: hci0 hci_conn_timeout [ 74.560547][ T4690] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 74.562894][ T4690] Code: 48 89 df e8 53 fb 08 00 eb 07 e8 9c b8 51 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 67 cb fe ff e8 82 b8 51 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 74.571003][ T4690] RSP: 0018:ffffc9000cd1fa50 EFLAGS: 00010293 [ 74.573613][ T4690] RAX: ffffffff8a6e7dee RBX: ffff8880532d0000 RCX: ffff88801c6a4880 [ 74.576984][ T4690] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 74.580684][ T4690] RBP: 00000000ffffffff R08: ffff8880532d0013 R09: 1ffff1100a65a002 [ 74.584317][ T4690] R10: dffffc0000000000 R11: ffffed100a65a003 R12: dffffc0000000000 [ 74.587721][ T4690] R13: ffff888036e18818 R14: ffff8880532d0948 R15: ffff8880532d0010 [ 74.591250][ T4690] FS: 0000000000000000(0000) GS:ffff88808d21b000(0000) knlGS:0000000000000000 [ 74.594935][ T4690] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.597652][ T4690] CR2: 00002000000012c0 CR3: 000000003f98d000 CR4: 0000000000352ef0 [ 74.601014][ T4690] Call Trace: [ 74.602533][ T4690] [ 74.603940][ T4690] ? process_scheduled_works+0x9ef/0x17b0 [ 74.606597][ T4690] process_scheduled_works+0xae1/0x17b0 [ 74.609264][ T4690] ? __pfx_process_scheduled_works+0x10/0x10 [ 74.611923][ T4690] worker_thread+0x8a0/0xda0 [ 74.614270][ T4690] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 74.618180][ T4690] ? __kthread_parkme+0x7b/0x200 [ 74.620871][ T4690] kthread+0x70e/0x8a0 [ 74.622653][ T4690] ? __pfx_worker_thread+0x10/0x10 [ 74.624527][ T4690] ? __pfx_kthread+0x10/0x10 [ 74.626417][ T4690] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.629283][ T4690] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.631981][ T4690] ? __pfx_kthread+0x10/0x10 [ 74.634080][ T4690] ret_from_fork+0x3fc/0x770 [ 74.636078][ T4690] ? __pfx_ret_from_fork+0x10/0x10 [ 74.638389][ T4690] ? __pfx_kthread+0x10/0x10 [ 74.640638][ T4690] ret_from_fork_asm+0x1a/0x30 [ 74.642635][ T4690] [ 74.644009][ T4690] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 74.646951][ T4690] CPU: 0 UID: 0 PID: 4690 Comm: kworker/u5:1 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 74.652325][ T4690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.657683][ T4690] Workqueue: hci0 hci_conn_timeout [ 74.660155][ T4690] Call Trace: [ 74.661836][ T4690] [ 74.663295][ T4690] dump_stack_lvl+0x99/0x250 [ 74.665782][ T4690] ? __asan_memcpy+0x40/0x70 [ 74.668123][ T4690] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.670554][ T4690] ? __pfx__printk+0x10/0x10 [ 74.672605][ T4690] panic+0x2db/0x790 [ 74.674347][ T4690] ? __pfx_panic+0x10/0x10 [ 74.676411][ T4690] ? ret_from_fork_asm+0x1a/0x30 [ 74.678564][ T4690] __warn+0x31b/0x4b0 [ 74.680375][ T4690] ? hci_conn_timeout+0xff/0x290 [ 74.682363][ T4690] ? hci_conn_timeout+0xff/0x290 [ 74.684258][ T4690] report_bug+0x2be/0x4f0 [ 74.686059][ T4690] ? hci_conn_timeout+0xff/0x290 [ 74.688551][ T4690] ? hci_conn_timeout+0xff/0x290 [ 74.691099][ T4690] ? hci_conn_timeout+0x101/0x290 [ 74.693217][ T4690] handle_bug+0x84/0x160 [ 74.695212][ T4690] exc_invalid_op+0x1a/0x50 [ 74.697209][ T4690] asm_exc_invalid_op+0x1a/0x20 [ 74.699259][ T4690] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 74.701658][ T4690] Code: 48 89 df e8 53 fb 08 00 eb 07 e8 9c b8 51 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 67 cb fe ff e8 82 b8 51 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 74.710241][ T4690] RSP: 0018:ffffc9000cd1fa50 EFLAGS: 00010293 [ 74.712927][ T4690] RAX: ffffffff8a6e7dee RBX: ffff8880532d0000 RCX: ffff88801c6a4880 [ 74.716178][ T4690] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 74.719464][ T4690] RBP: 00000000ffffffff R08: ffff8880532d0013 R09: 1ffff1100a65a002 [ 74.722819][ T4690] R10: dffffc0000000000 R11: ffffed100a65a003 R12: dffffc0000000000 [ 74.726110][ T4690] R13: ffff888036e18818 R14: ffff8880532d0948 R15: ffff8880532d0010 [ 74.729378][ T4690] ? hci_conn_timeout+0xfe/0x290 [ 74.731593][ T4690] ? process_scheduled_works+0x9ef/0x17b0 [ 74.733952][ T4690] process_scheduled_works+0xae1/0x17b0 [ 74.736185][ T4690] ? __pfx_process_scheduled_works+0x10/0x10 [ 74.738600][ T4690] worker_thread+0x8a0/0xda0 [ 74.740749][ T4690] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 74.743445][ T4690] ? __kthread_parkme+0x7b/0x200 [ 74.745536][ T4690] kthread+0x70e/0x8a0 [ 74.747247][ T4690] ? __pfx_worker_thread+0x10/0x10 [ 74.749366][ T4690] ? __pfx_kthread+0x10/0x10 [ 74.751250][ T4690] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.753479][ T4690] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.755804][ T4690] ? __pfx_kthread+0x10/0x10 [ 74.757827][ T4690] ret_from_fork+0x3fc/0x770 [ 74.759897][ T4690] ? __pfx_ret_from_fork+0x10/0x10 [ 74.762209][ T4690] ? __pfx_kthread+0x10/0x10 [ 74.764073][ T4690] ret_from_fork_asm+0x1a/0x30 [ 74.765896][ T4690] [ 74.767391][ T4690] Kernel Offset: disabled [ 74.769359][ T4690] Rebooting in 86400 seconds..