program: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000100), 0x8) (async, rerun: 64) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) (async, rerun: 64) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) (async) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1817c1, 0x0) writev(r3, &(0x7f00000000c0)=[{&(0x7f00000003c0)="2ac2d6a9a7ee", 0x6}], 0x1) (async, rerun: 32) pwritev2(r3, &(0x7f0000022e80)=[{&(0x7f0000000240)="8a", 0x1}], 0x1, 0x0, 0x0, 0x0) (rerun: 32) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x7c}}, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) (async) r5 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_STATUS(r4, 0x84, 0xe, &(0x7f0000000280)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, @in6={{0xa, 0x0, 0x0, @dev}}}}, &(0x7f0000000080)=0xb0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async) socket$netlink(0x10, 0x3, 0x0) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b4000000000000006111140000000000040000000000000095000000000000001abe5201462857a3db65e291772afa2114f5963ed660b870d974d2252829f8290f8d02e3b0096b3df3e6585851cb7efb50a982b66e14716ffe33a164c3d1ff5798fc4bd6d3e5ab096e9ad743eb00"], &(0x7f0000000080)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x41100, 0x0, '\x00', 0x0, @xdp=0x21, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) getpid() r8 = socket$netlink(0x10, 0x3, 0x8) writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003000500000000", 0x39}], 0x1) sendmsg$NL80211_CMD_START_P2P_DEVICE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4040884}, 0x20008040) [ 76.063133][ T5334] Bluetooth: hci0: command tx timeout [ 76.122948][ T4703] ------------[ cut here ]------------ [ 76.126033][ T4703] WARNING: CPU: 0 PID: 4703 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xff/0x290 [ 76.130287][ T4703] Modules linked in: [ 76.132313][ T4703] CPU: 0 UID: 0 PID: 4703 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 76.136365][ T4703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.140670][ T4703] Workqueue: hci0 hci_conn_timeout [ 76.143181][ T4703] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 76.146102][ T4703] Code: 48 89 df e8 23 10 09 00 eb 07 e8 3c 5d 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 87 c4 fe ff e8 22 5d 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 76.154831][ T4703] RSP: 0018:ffffc90002a1fa50 EFLAGS: 00010293 [ 76.157521][ T4703] RAX: ffffffff8a795e1e RBX: ffff888052e74000 RCX: ffff88801f612440 [ 76.161029][ T4703] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 76.164502][ T4703] RBP: 00000000ffffffff R08: ffff888052e74013 R09: 1ffff1100a5ce802 [ 76.168092][ T4703] R10: dffffc0000000000 R11: ffffed100a5ce803 R12: dffffc0000000000 [ 76.171728][ T4703] R13: ffff88805b36c018 R14: ffff888052e74948 R15: ffff888052e74010 [ 76.175583][ T4703] FS: 0000000000000000(0000) GS:ffff88808d20d000(0000) knlGS:0000000000000000 [ 76.179374][ T4703] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.182306][ T4703] CR2: 000055556f61c7c8 CR3: 0000000040306000 CR4: 0000000000352ef0 [ 76.186132][ T4703] Call Trace: [ 76.187606][ T4703] [ 76.188991][ T4703] ? process_scheduled_works+0x9ef/0x17b0 [ 76.191807][ T4703] process_scheduled_works+0xae1/0x17b0 [ 76.194447][ T4703] ? __pfx_process_scheduled_works+0x10/0x10 [ 76.197088][ T4703] worker_thread+0x8a0/0xda0 [ 76.199150][ T4703] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.202243][ T4703] ? __kthread_parkme+0x7b/0x200 [ 76.204670][ T4703] kthread+0x70e/0x8a0 [ 76.206529][ T4703] ? __pfx_worker_thread+0x10/0x10 [ 76.208759][ T4703] ? __pfx_kthread+0x10/0x10 [ 76.210825][ T4703] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.213402][ T4703] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.215964][ T4703] ? __pfx_kthread+0x10/0x10 [ 76.217731][ T4703] ret_from_fork+0x3fc/0x770 [ 76.219472][ T4703] ? __pfx_ret_from_fork+0x10/0x10 [ 76.221412][ T4703] ? __pfx_kthread+0x10/0x10 [ 76.223169][ T4703] ret_from_fork_asm+0x1a/0x30 [ 76.225013][ T4703] [ 76.226194][ T4703] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.229102][ T4703] CPU: 0 UID: 0 PID: 4703 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 76.233211][ T4703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.238069][ T4703] Workqueue: hci0 hci_conn_timeout [ 76.240422][ T4703] Call Trace: [ 76.241932][ T4703] [ 76.243263][ T4703] dump_stack_lvl+0x99/0x250 [ 76.245341][ T4703] ? __asan_memcpy+0x40/0x70 [ 76.247367][ T4703] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.249634][ T4703] ? __pfx__printk+0x10/0x10 [ 76.251695][ T4703] vpanic+0x281/0x750 [ 76.253437][ T4703] ? __pfx__printk+0x10/0x10 [ 76.255306][ T4703] ? __pfx_vpanic+0x10/0x10 [ 76.257031][ T4703] ? is_bpf_text_address+0x292/0x2b0 [ 76.259101][ T4703] panic+0xb9/0xc0 [ 76.260600][ T4703] ? __pfx_panic+0x10/0x10 [ 76.262453][ T4703] __warn+0x31b/0x4b0 [ 76.264062][ T4703] ? hci_conn_timeout+0xff/0x290 [ 76.266055][ T4703] ? hci_conn_timeout+0xff/0x290 [ 76.268096][ T4703] report_bug+0x2be/0x4f0 [ 76.270177][ T4703] ? hci_conn_timeout+0xff/0x290 [ 76.272693][ T4703] ? hci_conn_timeout+0xff/0x290 [ 76.275070][ T4703] ? hci_conn_timeout+0x101/0x290 [ 76.277348][ T4703] handle_bug+0x84/0x160 [ 76.279322][ T4703] exc_invalid_op+0x1a/0x50 [ 76.281471][ T4703] asm_exc_invalid_op+0x1a/0x20 [ 76.283540][ T4703] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 76.286007][ T4703] Code: 48 89 df e8 23 10 09 00 eb 07 e8 3c 5d 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 87 c4 fe ff e8 22 5d 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 76.293835][ T4703] RSP: 0018:ffffc90002a1fa50 EFLAGS: 00010293 [ 76.296406][ T4703] RAX: ffffffff8a795e1e RBX: ffff888052e74000 RCX: ffff88801f612440 [ 76.299679][ T4703] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 76.302954][ T4703] RBP: 00000000ffffffff R08: ffff888052e74013 R09: 1ffff1100a5ce802 [ 76.306296][ T4703] R10: dffffc0000000000 R11: ffffed100a5ce803 R12: dffffc0000000000 [ 76.309510][ T4703] R13: ffff88805b36c018 R14: ffff888052e74948 R15: ffff888052e74010 [ 76.312517][ T4703] ? hci_conn_timeout+0xfe/0x290 [ 76.314771][ T4703] ? process_scheduled_works+0x9ef/0x17b0 [ 76.317264][ T4703] process_scheduled_works+0xae1/0x17b0 [ 76.319716][ T4703] ? __pfx_process_scheduled_works+0x10/0x10 [ 76.322326][ T4703] worker_thread+0x8a0/0xda0 [ 76.324241][ T4703] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.327008][ T4703] ? __kthread_parkme+0x7b/0x200 [ 76.329050][ T4703] kthread+0x70e/0x8a0 [ 76.330771][ T4703] ? __pfx_worker_thread+0x10/0x10 [ 76.332866][ T4703] ? __pfx_kthread+0x10/0x10 [ 76.334884][ T4703] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.336971][ T4703] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.339181][ T4703] ? __pfx_kthread+0x10/0x10 [ 76.341144][ T4703] ret_from_fork+0x3fc/0x770 [ 76.343083][ T4703] ? __pfx_ret_from_fork+0x10/0x10 [ 76.345348][ T4703] ? __pfx_kthread+0x10/0x10 [ 76.347354][ T4703] ret_from_fork_asm+0x1a/0x30 [ 76.349517][ T4703] [ 76.351302][ T4703] Kernel Offset: disabled [ 76.353223][ T4703] Rebooting in 86400 seconds..