program: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f0000000100), 0x8) (async) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) (async) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) (async) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0xb4, 0x1, 0x0, 0x0, 0x0, 0xf, 0x9211, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={0x0, 0xa}, 0x117860, 0x4, 0x0, 0x8, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(r5, &(0x7f0000005600)={0x2020}, 0x2020) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f0000000180)=0x79, 0x4) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) (async) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) (async) sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r6, &(0x7f0000000bc0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000007c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4867681f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e347081fdb93cee93217e11f19cde423e6138bd1b79ee615527ccaf8049959ac6e32af46d777ccb8c26ca925f69590df13a81aee3213e80ba5cacf1f930b3cc49093d11594ef13325790b55efbdc2dd99ed1c3c609a49cc15187", 0xc5}, {&(0x7f00000002c0)="9c811ff500139d7d28a5f0de630ec6041ed353d314", 0x15}], 0x2}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f00000003c0)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5ef", 0x147}], 0x1}}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000300)="f043d0ddb9327cb1d997c0bf1dd84098cb85afd99293d862ada9cece6275998888c379505f4fb8", 0x27}, {&(0x7f00000006c0)="68975a3a6aaf022853fa397734ad2b50f25d8dfac45875f8d3323db8f96322c33d841b740e1be93730f679d64a1906754532e592ca276bb5656904daa3246149c790628d131b76e71b264a49fbff2424b4b2f8bb517efc6393546d5e4b13803fa28c64a24045fa489983e4b8979458045b59e67739503c50eda3e8462f761c0f990e0d67ab492444546a8f32d633c0decefe917e9010af57a70a1d8828459824f78fbc7a9efdcb5529345ee161eedd85b2d0058b045dd38c7a8dac483f321915615cecf23b306b87b32ba8b5ea9071cf454746b3fd57e73e743a67f20dcf722960a972d29b07ef2b067e5002666931db38c9f5afdf5b9c386a046c91657f", 0xfe}, {&(0x7f0000000940)="e9d7582314600a1c7b0ff3014e0919542c5331510e8fd0d1f1c5247b635accafc558bd7a7e523de1c95b15a7f25abbf179badf6599639ab618d9e8036f8889384b259c4ee0a655fd8f0561b4edb6c1a26bc1dff38152cc54cb00ae250ea3fba5d5ca91c25d9333667e13dcba36974b535f8a9b82501c4be38eae843f7d104091d5bd14f34df6be2d7aa867e25a35210790aa53adea594494de923c2251bc10c2df43774ea8a89ca3b708eb5964c30d2ad70e942512364acd3dd8b0ae4d86febe41346dfa5d2e96a3f97c8dd2ffcd22beff33000f1a080acbb3532cb4240266a1ec3dbbb99968b986050c32f8b89b856d530877a7f81ff62eda818ff078827e7e9184db8a08da4cc14bdd71230794a084da1609017ab807ec4b238eeaff474c1b6001e34bdda5d599e4d33a375ddd6e34732eb47e359effce87378bce880548498ec94c8f58dba59c081efa38", 0x14c}, {&(0x7f0000000c80)="128d3cafbd8e20761b663ee2464fd6f4658a8f2dc55c6f14df9ef39d802b6b59eaa0bbe29e4247be5760", 0x2a}], 0x4}}], 0x3, 0x0) (async) setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) (async) sendto$inet(r6, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000340)={0x2c, r3, 0x4196ccce67868bab, 0x0, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040090}, 0x8000) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty, 0x400000}, 0x1c) (async) listen(r2, 0x4) syz_emit_ethernet(0x10f, &(0x7f00000022c0)=ANY=[@ANYBLOB="ffffffffffffffffffffffff88a8480081003f0088480000010000000000a3da1c3f2945ce48bb0ab781647cc2fcb257b941cadb8631f9e9758925b19fe1a5a19cff907cc0ec4ba204a5e37833d5ae9a57b9eee8fd71add37db405c32095ff10cf2973f0b308b010e08bd255dd5e5ff8f79072ec8ea6eb067833c79338fc92fb8aee8e899cb7be65bb2bbf81717580c68d70529c49b4abfc4479b5a3144c725a49d30d8d0bd307068401879b33610ba643e0b7093c1cea0785624fa11f38aa5d152fc417571d099ef7437b04106c55ed4e3a3b26e6f5d57d74f2b47b5442ebb4118a66887edf68ff79aadba7b3c442a432da3c150fcda1ac3455acbcd08bda7681add0d3b13179aebfbe2945703134e0603ac24fd05cf94540"], &(0x7f0000000040)={0x0, 0x1, [0xd3c, 0x10993, 0xd3f, 0x451]}) (async) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f00000021c0)={r7}) connect$inet(r8, &(0x7f0000002280)={0x2, 0x4e24, @rand_addr=0x64010100}, 0xffffffffffffff7a) (async) connect$netrom(r0, &(0x7f0000002140)={{0x3, @null, 0x5}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) (async) writev(r7, &(0x7f0000000340)=[{&(0x7f0000000440)='K', 0x1}], 0x1) (async) sendmmsg$inet6(r2, &(0x7f0000005780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000000) (async) r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002880)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r9, @ANYBLOB=',ro|tmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'], 0x0, 0x0, 0x0) [ 74.573295][ T4708] Bluetooth: hci0: command tx timeout [ 74.614482][ T5338] ------------[ cut here ]------------ [ 74.617408][ T5338] WARNING: CPU: 0 PID: 5338 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xff/0x290 [ 74.624547][ T5338] Modules linked in: [ 74.632998][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) [ 74.637545][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.642067][ T5338] Workqueue: hci0 hci_conn_timeout [ 74.644281][ T5338] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 74.646597][ T5338] Code: 48 89 df e8 23 10 09 00 eb 07 e8 3c 5d 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 87 c4 fe ff e8 22 5d 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 74.654598][ T5338] RSP: 0018:ffffc9000d367a50 EFLAGS: 00010293 [ 74.657771][ T5338] RAX: ffffffff8a795e1e RBX: ffff888011f28000 RCX: ffff888000e6c880 [ 74.661251][ T5338] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 74.664110][ T5338] RBP: 00000000ffffffff R08: ffff888011f28013 R09: 1ffff110023e5002 [ 74.667381][ T5338] R10: dffffc0000000000 R11: ffffed10023e5003 R12: dffffc0000000000 [ 74.670589][ T5338] R13: ffff88801a27e018 R14: ffff888011f28948 R15: ffff888011f28010 [ 74.673715][ T5338] FS: 0000000000000000(0000) GS:ffff88808d20d000(0000) knlGS:0000000000000000 [ 74.677092][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.679851][ T5338] CR2: 0000555555d107c8 CR3: 0000000035a90000 CR4: 0000000000352ef0 [ 74.683761][ T5338] Call Trace: [ 74.685385][ T5338] [ 74.686740][ T5338] ? process_scheduled_works+0x9ef/0x17b0 [ 74.689341][ T5338] process_scheduled_works+0xae1/0x17b0 [ 74.691886][ T5338] ? __pfx_process_scheduled_works+0x10/0x10 [ 74.694438][ T5338] worker_thread+0x8a0/0xda0 [ 74.696481][ T5338] ? __kthread_parkme+0x7b/0x200 [ 74.698884][ T5338] kthread+0x70e/0x8a0 [ 74.700709][ T5338] ? __pfx_worker_thread+0x10/0x10 [ 74.702957][ T5338] ? __pfx_kthread+0x10/0x10 [ 74.704807][ T5338] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.706804][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.708974][ T5338] ? __pfx_kthread+0x10/0x10 [ 74.710982][ T5338] ret_from_fork+0x3f9/0x770 [ 74.712878][ T5338] ? __pfx_ret_from_fork+0x10/0x10 [ 74.714815][ T5338] ? __pfx_kthread+0x10/0x10 [ 74.716688][ T5338] ret_from_fork_asm+0x1a/0x30 [ 74.718911][ T5338] [ 74.720060][ T5338] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 74.722754][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) [ 74.726339][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.730616][ T5338] Workqueue: hci0 hci_conn_timeout [ 74.732414][ T5338] Call Trace: [ 74.733654][ T5338] [ 74.734973][ T5338] dump_stack_lvl+0x99/0x250 [ 74.736689][ T5338] ? __asan_memcpy+0x40/0x70 [ 74.738449][ T5338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.740496][ T5338] ? __pfx__printk+0x10/0x10 [ 74.742490][ T5338] vpanic+0x281/0x750 [ 74.744201][ T5338] ? __pfx__printk+0x10/0x10 [ 74.746036][ T5338] ? __pfx_vpanic+0x10/0x10 [ 74.747838][ T5338] ? is_bpf_text_address+0x292/0x2b0 [ 74.749925][ T5338] panic+0xb9/0xc0 [ 74.751608][ T5338] ? __pfx_panic+0x10/0x10 [ 74.753546][ T5338] __warn+0x31b/0x4b0 [ 74.755351][ T5338] ? hci_conn_timeout+0xff/0x290 [ 74.757355][ T5338] ? hci_conn_timeout+0xff/0x290 [ 74.759527][ T5338] report_bug+0x2be/0x4f0 [ 74.761390][ T5338] ? hci_conn_timeout+0xff/0x290 [ 74.763623][ T5338] ? hci_conn_timeout+0xff/0x290 [ 74.765935][ T5338] ? hci_conn_timeout+0x101/0x290 [ 74.768039][ T5338] handle_bug+0x84/0x160 [ 74.769901][ T5338] exc_invalid_op+0x1a/0x50 [ 74.771997][ T5338] asm_exc_invalid_op+0x1a/0x20 [ 74.774044][ T5338] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 74.776131][ T5338] Code: 48 89 df e8 23 10 09 00 eb 07 e8 3c 5d 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 87 c4 fe ff e8 22 5d 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 74.783517][ T5338] RSP: 0018:ffffc9000d367a50 EFLAGS: 00010293 [ 74.785702][ T5338] RAX: ffffffff8a795e1e RBX: ffff888011f28000 RCX: ffff888000e6c880 [ 74.788700][ T5338] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 74.792029][ T5338] RBP: 00000000ffffffff R08: ffff888011f28013 R09: 1ffff110023e5002 [ 74.795219][ T5338] R10: dffffc0000000000 R11: ffffed10023e5003 R12: dffffc0000000000 [ 74.798431][ T5338] R13: ffff88801a27e018 R14: ffff888011f28948 R15: ffff888011f28010 [ 74.801896][ T5338] ? hci_conn_timeout+0xfe/0x290 [ 74.804070][ T5338] ? process_scheduled_works+0x9ef/0x17b0 [ 74.806529][ T5338] process_scheduled_works+0xae1/0x17b0 [ 74.808689][ T5338] ? __pfx_process_scheduled_works+0x10/0x10 [ 74.811180][ T5338] worker_thread+0x8a0/0xda0 [ 74.813004][ T5338] ? __kthread_parkme+0x7b/0x200 [ 74.815125][ T5338] kthread+0x70e/0x8a0 [ 74.816835][ T5338] ? __pfx_worker_thread+0x10/0x10 [ 74.819050][ T5338] ? __pfx_kthread+0x10/0x10 [ 74.821012][ T5338] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.823160][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.825330][ T5338] ? __pfx_kthread+0x10/0x10 [ 74.827230][ T5338] ret_from_fork+0x3f9/0x770 [ 74.829234][ T5338] ? __pfx_ret_from_fork+0x10/0x10 [ 74.831352][ T5338] ? __pfx_kthread+0x10/0x10 [ 74.833322][ T5338] ret_from_fork_asm+0x1a/0x30 [ 74.835305][ T5338] [ 74.836905][ T5338] Kernel Offset: disabled [ 74.838756][ T5338] Rebooting in 86400 seconds..