program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) (async)
syz_emit_vhci(&(0x7f00000006c0)=ANY=[@ANYBLOB="040e0402030c"], 0x7) (async)
syz_emit_vhci(&(0x7f0000000200)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x9, 0x1, 0x200d}}}, 0x7) (async, rerun: 64)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000001ce2ffff1b"], 0x0, 0x36}, 0x28) (rerun: 64)
r1 = socket(0xa, 0x3, 0x4)
ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000000)='bridge0\x00')
[ 101.561237][ T44] Bluetooth: hci0: command tx timeout
[ 101.683650][ T5329] ------------[ cut here ]------------
[ 101.686052][ T5329] workqueue: cannot queue hci_rx_work on wq hci0
[ 101.688856][ T5329] WARNING: kernel/workqueue.c:2298 at __queue_work+0xd1f/0xfc0, CPU#0: syz.0.0/5329
[ 101.693182][ T5329] Modules linked in:
[ 101.695037][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 101.699353][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 101.704229][ T5329] RIP: 0010:__queue_work+0xd4a/0xfc0
[ 101.706648][ T5329] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 57 53 a5 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[ 101.715027][ T5329] RSP: 0018:ffffc9000ddcfb20 EFLAGS: 00010082
[ 101.718685][ T5329] RAX: 1ffff11006fd4978 RBX: 0000000000000008 RCX: ffff888000a82500
[ 101.722497][ T5329] RDX: ffff88804151b170 RSI: ffffffff8a9d1150 RDI: ffffffff9033b4b0
[ 101.725658][ T5329] RBP: 0000000000000000 R08: ffff888037ea4baf R09: 1ffff11006fd4975
[ 101.728877][ T5329] R10: dffffc0000000000 R11: ffffed1006fd4976 R12: dffffc0000000000
[ 101.732499][ T5329] R13: ffff888037ea4bc0 R14: ffffffff9033b4b0 R15: ffff88804151b170
[ 101.735994][ T5329] FS: 00007fbac8fc46c0(0000) GS:ffff88808c888000(0000) knlGS:0000000000000000
[ 101.740061][ T5329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 101.743203][ T5329] CR2: 00007fbac8fa2fe8 CR3: 00000000447de000 CR4: 0000000000352ef0
[ 101.746804][ T5329] Call Trace:
[ 101.748203][ T5329]
[ 101.749862][ T5329] ? ktime_get_with_offset+0x93/0x2d0
[ 101.752330][ T5329] ? rcu_is_watching+0x15/0xb0
[ 101.754605][ T5329] queue_work_on+0x106/0x1d0
[ 101.757732][ T5329] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 101.761360][ T5329] hci_recv_frame+0x625/0x7c0
[ 101.763484][ T5329] ? skb_pull+0xc1/0x1d0
[ 101.765472][ T5329] vhci_write+0x358/0x4a0
[ 101.767429][ T5329] vfs_write+0x61d/0xb90
[ 101.769675][ T5329] ? __pfx_vfs_write+0x10/0x10
[ 101.772021][ T5329] ? __fget_files+0x2a/0x420
[ 101.774023][ T5329] ksys_write+0x150/0x270
[ 101.775890][ T5329] ? __pfx_ksys_write+0x10/0x10
[ 101.777995][ T5329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.781059][ T5329] do_syscall_64+0x15f/0xf80
[ 101.783803][ T5329] ? trace_irq_disable+0x3b/0x140
[ 101.786329][ T5329] ? clear_bhb_loop+0x40/0x90
[ 101.788522][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.791137][ T5329] RIP: 0033:0x7fbac815d60e
[ 101.793298][ T5329] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 101.805063][ T5329] RSP: 002b:00007fbac8fc3f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 101.808958][ T5329] RAX: ffffffffffffffda RBX: 00007fbac8fc46c0 RCX: 00007fbac815d60e
[ 101.812007][ T5329] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 00000000000000ca
[ 101.815489][ T5329] RBP: 00007fbac8232d69 R08: 0000000000000000 R09: 0000000000000000
[ 101.819225][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 101.823081][ T5329] R13: 00007fbac8416128 R14: 00007fbac8416090 R15: 00007fff45143df8
[ 101.827045][ T5329]
[ 101.828934][ T5329] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 101.832171][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 101.836562][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 101.841921][ T5329] Call Trace:
[ 101.843474][ T5329]
[ 101.844874][ T5329] vpanic+0x56c/0xa60
[ 101.847050][ T5329] ? __pfx__printk+0x10/0x10
[ 101.849513][ T5329] ? __pfx_vpanic+0x10/0x10
[ 101.852018][ T5329] ? is_bpf_text_address+0x292/0x2b0
[ 101.854608][ T5329] ? is_bpf_text_address+0x26/0x2b0
[ 101.857414][ T5329] panic+0xc5/0xd0
[ 101.859064][ T5329] ? __pfx_panic+0x10/0x10
[ 101.860854][ T5329] __warn+0x315/0x4c0
[ 101.862625][ T5329] ? __queue_work+0xd1f/0xfc0
[ 101.864805][ T5329] ? __queue_work+0xd1f/0xfc0
[ 101.866871][ T5329] __report_bug+0x29a/0x540
[ 101.869263][ T5329] ? __queue_work+0xd1f/0xfc0
[ 101.871962][ T5329] ? __pfx___report_bug+0x10/0x10
[ 101.874567][ T5329] ? __pfx_hci_rx_work+0x10/0x10
[ 101.876754][ T5329] ? do_syscall_64+0x15f/0xf80
[ 101.878882][ T5329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.881212][ T5329] ? __lock_acquire+0x6b5/0x2cf0
[ 101.883242][ T5329] report_bug_entry+0x19a/0x290
[ 101.885559][ T5329] ? __queue_work+0xd4a/0xfc0
[ 101.888096][ T5329] ? __queue_work+0xd4f/0xfc0
[ 101.890912][ T5329] handle_bug+0xce/0x200
[ 101.893171][ T5329] exc_invalid_op+0x1a/0x50
[ 101.895359][ T5329] asm_exc_invalid_op+0x1a/0x20
[ 101.897735][ T5329] RIP: 0010:__queue_work+0xd4a/0xfc0
[ 101.900101][ T5329] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 57 53 a5 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[ 101.908469][ T5329] RSP: 0018:ffffc9000ddcfb20 EFLAGS: 00010082
[ 101.911313][ T5329] RAX: 1ffff11006fd4978 RBX: 0000000000000008 RCX: ffff888000a82500
[ 101.916095][ T5329] RDX: ffff88804151b170 RSI: ffffffff8a9d1150 RDI: ffffffff9033b4b0
[ 101.920097][ T5329] RBP: 0000000000000000 R08: ffff888037ea4baf R09: 1ffff11006fd4975
[ 101.923363][ T5329] R10: dffffc0000000000 R11: ffffed1006fd4976 R12: dffffc0000000000
[ 101.926552][ T5329] R13: ffff888037ea4bc0 R14: ffffffff9033b4b0 R15: ffff88804151b170
[ 101.930171][ T5329] ? __pfx_hci_rx_work+0x10/0x10
[ 101.933554][ T5329] ? ktime_get_with_offset+0x93/0x2d0
[ 101.937496][ T5329] ? rcu_is_watching+0x15/0xb0
[ 101.940100][ T5329] queue_work_on+0x106/0x1d0
[ 101.942135][ T5329] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 101.944516][ T5329] hci_recv_frame+0x625/0x7c0
[ 101.946635][ T5329] ? skb_pull+0xc1/0x1d0
[ 101.948515][ T5329] vhci_write+0x358/0x4a0
[ 101.950481][ T5329] vfs_write+0x61d/0xb90
[ 101.952551][ T5329] ? __pfx_vfs_write+0x10/0x10
[ 101.954831][ T5329] ? __fget_files+0x2a/0x420
[ 101.957153][ T5329] ksys_write+0x150/0x270
[ 101.959725][ T5329] ? __pfx_ksys_write+0x10/0x10
[ 101.962252][ T5329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.964882][ T5329] do_syscall_64+0x15f/0xf80
[ 101.966694][ T5329] ? trace_irq_disable+0x3b/0x140
[ 101.968570][ T5329] ? clear_bhb_loop+0x40/0x90
[ 101.970528][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.973610][ T5329] RIP: 0033:0x7fbac815d60e
[ 101.977020][ T5329] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 101.985669][ T5329] RSP: 002b:00007fbac8fc3f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 101.989207][ T5329] RAX: ffffffffffffffda RBX: 00007fbac8fc46c0 RCX: 00007fbac815d60e
[ 101.992721][ T5329] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 00000000000000ca
[ 101.996255][ T5329] RBP: 00007fbac8232d69 R08: 0000000000000000 R09: 0000000000000000
[ 102.000734][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 102.004966][ T5329] R13: 00007fbac8416128 R14: 00007fbac8416090 R15: 00007fff45143df8
[ 102.008604][ T5329]
[ 102.010544][ T5329] Kernel Offset: disabled
[ 102.012511][ T5329] Rebooting in 86400 seconds..