program: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="040b"], 0xe) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7) r1 = socket$packet(0x11, 0x2, 0x300) sendmmsg$sock(r1, &(0x7f0000000800)=[{{&(0x7f00000005c0)=@qipcrtr={0x2a, 0x1}, 0x80, 0x0}}, {{&(0x7f0000000480)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x12, 0x0}}], 0x2, 0x0) syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="42a536962f7c16785f3a23f307d40fed73ca9a91c51186a8aa90da9a24c5c38f1539457280a97d71c0befd8e5ad9d868c595d289c523820edcc699bc7f3a65ab73f3c7858d95d1145826fa057e97f3264e2320f3d9c5c3f26addcd28"], 0x1, 0x1f4, &(0x7f00000004c0)="$eJzsks1rE0EYxn+zu0lXURokIorgV7H10Gaz1fhxUPBiUE9SoRYEQ5LWYOpHE9CEHiIIVbwIitgiHgSJiAfxHzAHT70piLda6LmHHrxIy8rszi6T/6CHeQ777Pv1vPO+M7cbDxoDwNbGfBkySDhk+SEEDnBIhC4qdsSu4quK0yp+yYq4p/if4q3T7ckpSAEFq7evckRk2JX9u7xKmcGbnH135fPPa7VXv/asf/gm8y9fb31FDFcG37/98uLi4u5QXtyYUjqidnSlYPcOLrlSCHi5Obmy6uwnq2ntdXGXn3Q/FZ794c3T19MIb8kFxr6PLp73Dj+3lGaj1b5Tqterc40Ljy3Ww1a/N+bL8ucWEARBEM4OFAE9R47/Ucs54MAEYBMkOXJ/0hgGcs3Z+7lGqz1amy3NVGeqd31/vOCd9LxTfm66Vq960VdoLdQGkXwCkNe0Q4vLnW6qnJ30Q2hHU3Gh16a1qxs51l9rabUxC3pJ7YDKkyuY4DhytQ87QvMOhSoO4UhFBDap0Mg72vmiXm4YGCvfgwUEIi7r4iQa+TVSieHrxviZTnzsBcVDiouKu4rXFMcvOn6pTqhgqfc80oE0j0rN5lxeLin6S3x+4vMzHX1hsmvG7h/unI2BgYGBgYGBgYGBgcG2wf8AAAD//9y2nHE=") chdir(&(0x7f0000000100)='./file0\x00') open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) [ 85.235021][ T5332] ------------[ cut here ]------------ [ 85.237276][ T5332] workqueue: cannot queue hci_rx_work on wq hci0 [ 85.240010][ T5332] WARNING: kernel/workqueue.c:2298 at __queue_work+0xd3f/0x1040, CPU#0: syz.0.0/5332 [ 85.243881][ T5332] Modules linked in: [ 85.245555][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.249282][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.253255][ T5332] RIP: 0010:__queue_work+0xd67/0x1040 [ 85.255593][ T5332] Code: a6 0e 49 8d 7d 18 48 89 f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 ea 5d a5 00 49 8b 75 18 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef [ 85.263700][ T5332] RSP: 0018:ffffc9000c37fb08 EFLAGS: 00010082 [ 85.266289][ T5332] RAX: 1ffff11008073178 RBX: 0000000000000008 RCX: 0000000000100000 [ 85.269780][ T5332] RDX: ffff88804214b970 RSI: ffffffff8a9e1670 RDI: ffffffff9033e850 [ 85.273212][ T5332] RBP: 0000000000000000 R08: ffff888040398baf R09: 1ffff11008073175 [ 85.276538][ T5332] R10: dffffc0000000000 R11: ffffed1008073176 R12: dffffc0000000000 [ 85.279523][ T5332] R13: ffff888040398ba8 R14: ffffffff9033e850 R15: ffff88804214b970 [ 85.282761][ T5332] FS: 00007ff182f916c0(0000) GS:ffff88808c87f000(0000) knlGS:0000000000000000 [ 85.286790][ T5332] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.289563][ T5332] CR2: 00007ff18240c358 CR3: 0000000012200000 CR4: 0000000000352ef0 [ 85.292925][ T5332] Call Trace: [ 85.294415][ T5332] [ 85.295692][ T5332] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 85.297994][ T5332] ? rcu_is_watching+0x15/0xb0 [ 85.300088][ T5332] queue_work_on+0x106/0x1d0 [ 85.301982][ T5332] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 85.304472][ T5332] hci_recv_frame+0x625/0x7c0 [ 85.306468][ T5332] vhci_write+0x358/0x4a0 [ 85.308323][ T5332] vfs_write+0x61d/0xb90 [ 85.310087][ T5332] ? __pfx_vfs_write+0x10/0x10 [ 85.312050][ T5332] ? __fget_files+0x2a/0x420 [ 85.313981][ T5332] ksys_write+0x150/0x270 [ 85.315753][ T5332] ? __pfx_ksys_write+0x10/0x10 [ 85.317785][ T5332] ? __pfx_kcov_ioctl+0x10/0x10 [ 85.319892][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.322470][ T5332] do_syscall_64+0x15f/0xf80 [ 85.324437][ T5332] ? trace_irq_disable+0x3b/0x140 [ 85.326498][ T5332] ? clear_bhb_loop+0x40/0x90 [ 85.328505][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.331028][ T5332] RIP: 0033:0x7ff18215d68e [ 85.333291][ T5332] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 85.342565][ T5332] RSP: 002b:00007ff182f90f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.345998][ T5332] RAX: ffffffffffffffda RBX: 00007ff182f916c0 RCX: 00007ff18215d68e [ 85.349380][ T5332] RDX: 0000000000000022 RSI: 0000200000000540 RDI: 00000000000000ca [ 85.352787][ T5332] RBP: 00007ff182232d6f R08: 0000000000000000 R09: 0000000000000000 [ 85.356239][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.359586][ T5332] R13: 00007ff182416128 R14: 00007ff182416090 R15: 00007fffa1b6dab8 [ 85.362951][ T5332] [ 85.364568][ T5332] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.368283][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.371914][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.375964][ T5332] Call Trace: [ 85.377433][ T5332] [ 85.378701][ T5332] vpanic+0x56c/0xa60 [ 85.380386][ T5332] ? __pfx__printk+0x10/0x10 [ 85.382380][ T5332] ? __pfx_vpanic+0x10/0x10 [ 85.384351][ T5332] ? is_bpf_text_address+0x292/0x2b0 [ 85.386521][ T5332] ? is_bpf_text_address+0x26/0x2b0 [ 85.388675][ T5332] panic+0xc5/0xd0 [ 85.390194][ T5332] ? __pfx_panic+0x10/0x10 [ 85.392076][ T5332] __warn+0x315/0x4c0 [ 85.393790][ T5332] ? __queue_work+0xd3f/0x1040 [ 85.395908][ T5332] ? __queue_work+0xd3f/0x1040 [ 85.397957][ T5332] __report_bug+0x29a/0x540 [ 85.399819][ T5332] ? finish_task_switch+0x41f/0xbe0 [ 85.402086][ T5332] ? __queue_work+0xd3f/0x1040 [ 85.404188][ T5332] ? __pfx___report_bug+0x10/0x10 [ 85.406446][ T5332] ? __schedule+0x1837/0x5740 [ 85.408453][ T5332] ? __pfx_hci_rx_work+0x10/0x10 [ 85.410499][ T5332] ? do_syscall_64+0x15f/0xf80 [ 85.412448][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.414955][ T5332] report_bug_entry+0x19a/0x290 [ 85.417002][ T5332] ? __queue_work+0xd67/0x1040 [ 85.418913][ T5332] ? __queue_work+0xd6c/0x1040 [ 85.420982][ T5332] handle_bug+0xce/0x200 [ 85.422726][ T5332] exc_invalid_op+0x1a/0x50 [ 85.424683][ T5332] asm_exc_invalid_op+0x1a/0x20 [ 85.426699][ T5332] RIP: 0010:__queue_work+0xd67/0x1040 [ 85.428992][ T5332] Code: a6 0e 49 8d 7d 18 48 89 f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 ea 5d a5 00 49 8b 75 18 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef [ 85.436966][ T5332] RSP: 0018:ffffc9000c37fb08 EFLAGS: 00010082 [ 85.439550][ T5332] RAX: 1ffff11008073178 RBX: 0000000000000008 RCX: 0000000000100000 [ 85.442841][ T5332] RDX: ffff88804214b970 RSI: ffffffff8a9e1670 RDI: ffffffff9033e850 [ 85.446108][ T5332] RBP: 0000000000000000 R08: ffff888040398baf R09: 1ffff11008073175 [ 85.449559][ T5332] R10: dffffc0000000000 R11: ffffed1008073176 R12: dffffc0000000000 [ 85.452952][ T5332] R13: ffff888040398ba8 R14: ffffffff9033e850 R15: ffff88804214b970 [ 85.456543][ T5332] ? __pfx_hci_rx_work+0x10/0x10 [ 85.458649][ T5332] ? __queue_work+0xd2c/0x1040 [ 85.460652][ T5332] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 85.462820][ T5332] ? rcu_is_watching+0x15/0xb0 [ 85.464984][ T5332] queue_work_on+0x106/0x1d0 [ 85.467073][ T5332] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 85.469601][ T5332] hci_recv_frame+0x625/0x7c0 [ 85.471675][ T5332] vhci_write+0x358/0x4a0 [ 85.473648][ T5332] vfs_write+0x61d/0xb90 [ 85.475539][ T5332] ? __pfx_vfs_write+0x10/0x10 [ 85.477619][ T5332] ? __fget_files+0x2a/0x420 [ 85.479601][ T5332] ksys_write+0x150/0x270 [ 85.481372][ T5332] ? __pfx_ksys_write+0x10/0x10 [ 85.483372][ T5332] ? __pfx_kcov_ioctl+0x10/0x10 [ 85.485525][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.487827][ T5332] do_syscall_64+0x15f/0xf80 [ 85.489593][ T5332] ? trace_irq_disable+0x3b/0x140 [ 85.491601][ T5332] ? clear_bhb_loop+0x40/0x90 [ 85.493514][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.496030][ T5332] RIP: 0033:0x7ff18215d68e [ 85.498001][ T5332] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 85.506051][ T5332] RSP: 002b:00007ff182f90f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.509390][ T5332] RAX: ffffffffffffffda RBX: 00007ff182f916c0 RCX: 00007ff18215d68e [ 85.512757][ T5332] RDX: 0000000000000022 RSI: 0000200000000540 RDI: 00000000000000ca [ 85.515938][ T5332] RBP: 00007ff182232d6f R08: 0000000000000000 R09: 0000000000000000 [ 85.519177][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.522418][ T5332] R13: 00007ff182416128 R14: 00007ff182416090 R15: 00007fffa1b6dab8 [ 85.525838][ T5332] [ 85.527517][ T5332] Kernel Offset: disabled [ 85.529364][ T5332] Rebooting in 86400 seconds..