program: r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49, 0x0, &(0x7f00000001c0)="008dc69f2b4e39486c71847792f1e666879b2ef38a8521ab5fd87780684325046591dcd61aca5531958c0538561f246ea4cda99f437e364d6cfd72c14501cb63ead1acb01c9b37a1e7", 0x0}, 0x50) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6_mptcp(0xa, 0x1, 0x106) mq_open(&(0x7f00000000c0)='.\b\b\x9c\x06\xe4p\x94\x19\xfb\xbbI\x9dld`!\xe2N\xc5[-#\xbb\x98n\xda\\\xb9\xf3\x83\xa8\x8c:\xcc\xfb\x13\x7fTq>\x8b\xc5\xbf\xc1\x9e\xc9\xd1E\xf4\xbc\xceL\xbfM\x7f\xb0\x13\x9c\xc5\x98\xeb2V\x04\xa6\xca\xcd\x85E\xdc\xfc\x9c\xd0f\xc1\xc0\xb4\xc0I\x89\xc0Qdk\x9dE\'\x9b\xd1\xd2\xc6\x01\x17Et\xd1\xa2\xa0\x9bt\x82\x9f=\x90n\xc1a^\xe7\xb7\xbcZ\xa3[\xday\xa90\xf3\x0e\xceC\xfa6\xdd}\a\x00\x02\x00\xac\nY\xc9\xd8\x01\x00\xa0d\xc5\x97\x0f\xeeE\xc6\xdcA\x84\x98\xad\x007\xf7\xf1\xce/\xc8\n\x84S\x89$', 0x40, 0x10, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r2, 0x400448cb, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="040e0402030c", @ANYRES32=r1], 0x7) r3 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4) setsockopt$CAN_RAW_FD_FRAMES(r3, 0x65, 0x5, &(0x7f00000000c0), 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r5, 0x40049366, &(0x7f0000000500)=0x2) [ 83.950205][ T44] Bluetooth: hci0: command tx timeout [ 84.121011][ T5321] ------------[ cut here ]------------ [ 84.123510][ T5321] workqueue: cannot queue hci_rx_work on wq hci0 [ 84.126996][ T5321] WARNING: kernel/workqueue.c:2298 at __queue_work+0xd1f/0xfc0, CPU#0: syz.0.0/5321 [ 84.131415][ T5321] Modules linked in: [ 84.133000][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.136772][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.142167][ T5321] RIP: 0010:__queue_work+0xd4a/0xfc0 [ 84.144672][ T5321] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 c7 92 a4 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc [ 84.153152][ T5321] RSP: 0018:ffffc900035afb20 EFLAGS: 00010082 [ 84.156287][ T5321] RAX: 1ffff11006db1178 RBX: 0000000000000008 RCX: 0000000000100000 [ 84.160346][ T5321] RDX: ffff888036eb9970 RSI: ffffffff8aa37670 RDI: ffffffff9035e400 [ 84.163807][ T5321] RBP: 0000000000000000 R08: ffff888036d88baf R09: 1ffff11006db1175 [ 84.167804][ T5321] R10: dffffc0000000000 R11: ffffed1006db1176 R12: dffffc0000000000 [ 84.171612][ T5321] R13: ffff888036d88bc0 R14: ffffffff9035e400 R15: ffff888036eb9970 [ 84.175136][ T5321] FS: 00007f955324b6c0(0000) GS:ffff88808c832000(0000) knlGS:0000000000000000 [ 84.179892][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.183138][ T5321] CR2: 00007f955324afe8 CR3: 000000001ab1e000 CR4: 0000000000352ef0 [ 84.186687][ T5321] Call Trace: [ 84.188318][ T5321] [ 84.190335][ T5321] ? ktime_get_with_offset+0x93/0x2d0 [ 84.193626][ T5321] ? rcu_is_watching+0x15/0xb0 [ 84.196242][ T5321] queue_work_on+0x106/0x1d0 [ 84.198506][ T5321] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 84.201533][ T5321] hci_recv_frame+0x625/0x7c0 [ 84.204244][ T5321] ? skb_pull+0xc1/0x1d0 [ 84.206713][ T5321] vhci_write+0x358/0x4a0 [ 84.208965][ T5321] vfs_write+0x61d/0xb90 [ 84.210950][ T5321] ? __pfx_vfs_write+0x10/0x10 [ 84.213207][ T5321] ? __fget_files+0x2a/0x420 [ 84.215735][ T5321] ksys_write+0x150/0x270 [ 84.218093][ T5321] ? __pfx_ksys_write+0x10/0x10 [ 84.220470][ T5321] ? __pfx_kcov_ioctl+0x10/0x10 [ 84.222790][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.225425][ T5321] do_syscall_64+0x15f/0xf80 [ 84.227674][ T5321] ? trace_irq_disable+0x3b/0x140 [ 84.230505][ T5321] ? clear_bhb_loop+0x40/0x90 [ 84.233041][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.235821][ T5321] RIP: 0033:0x7f955235d04e [ 84.237916][ T5321] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 84.247071][ T5321] RSP: 002b:00007f955324af78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 84.251078][ T5321] RAX: ffffffffffffffda RBX: 00007f955324b6c0 RCX: 00007f955235d04e [ 84.254567][ T5321] RDX: 0000000000000007 RSI: 0000200000000400 RDI: 00000000000000ca [ 84.257972][ T5321] RBP: 00007f9552432c91 R08: 0000000000000000 R09: 0000000000000000 [ 84.261577][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.265368][ T5321] R13: 00007f9552616218 R14: 00007f9552616180 R15: 00007ffdddf81558 [ 84.268919][ T5321] [ 84.270495][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 84.274610][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.280009][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.285645][ T5321] Call Trace: [ 84.287633][ T5321] [ 84.289440][ T5321] vpanic+0x56c/0xa60 [ 84.291839][ T5321] ? __pfx__printk+0x10/0x10 [ 84.293969][ T5321] ? __pfx_vpanic+0x10/0x10 [ 84.295993][ T5321] ? is_bpf_text_address+0x292/0x2b0 [ 84.298728][ T5321] ? is_bpf_text_address+0x26/0x2b0 [ 84.301216][ T5321] panic+0xc5/0xd0 [ 84.302858][ T5321] ? __pfx_panic+0x10/0x10 [ 84.304919][ T5321] __warn+0x315/0x4c0 [ 84.306691][ T5321] ? __queue_work+0xd1f/0xfc0 [ 84.308927][ T5321] ? __queue_work+0xd1f/0xfc0 [ 84.311457][ T5321] __report_bug+0x29a/0x540 [ 84.313576][ T5321] ? __queue_work+0xd1f/0xfc0 [ 84.315795][ T5321] ? __pfx___report_bug+0x10/0x10 [ 84.318305][ T5321] ? __pfx_hci_rx_work+0x10/0x10 [ 84.320771][ T5321] ? do_syscall_64+0x15f/0xf80 [ 84.323365][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.326695][ T5321] ? __lock_acquire+0x6b5/0x2cf0 [ 84.328888][ T5321] report_bug_entry+0x19a/0x290 [ 84.331018][ T5321] ? __queue_work+0xd4a/0xfc0 [ 84.332976][ T5321] ? __queue_work+0xd4f/0xfc0 [ 84.335264][ T5321] handle_bug+0xce/0x200 [ 84.337359][ T5321] exc_invalid_op+0x1a/0x50 [ 84.339665][ T5321] asm_exc_invalid_op+0x1a/0x20 [ 84.342072][ T5321] RIP: 0010:__queue_work+0xd4a/0xfc0 [ 84.344502][ T5321] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 c7 92 a4 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc [ 84.353901][ T5321] RSP: 0018:ffffc900035afb20 EFLAGS: 00010082 [ 84.356875][ T5321] RAX: 1ffff11006db1178 RBX: 0000000000000008 RCX: 0000000000100000 [ 84.361451][ T5321] RDX: ffff888036eb9970 RSI: ffffffff8aa37670 RDI: ffffffff9035e400 [ 84.365753][ T5321] RBP: 0000000000000000 R08: ffff888036d88baf R09: 1ffff11006db1175 [ 84.369360][ T5321] R10: dffffc0000000000 R11: ffffed1006db1176 R12: dffffc0000000000 [ 84.373205][ T5321] R13: ffff888036d88bc0 R14: ffffffff9035e400 R15: ffff888036eb9970 [ 84.377350][ T5321] ? __pfx_hci_rx_work+0x10/0x10 [ 84.379715][ T5321] ? ktime_get_with_offset+0x93/0x2d0 [ 84.382124][ T5321] ? rcu_is_watching+0x15/0xb0 [ 84.384439][ T5321] queue_work_on+0x106/0x1d0 [ 84.386756][ T5321] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 84.389669][ T5321] hci_recv_frame+0x625/0x7c0 [ 84.391931][ T5321] ? skb_pull+0xc1/0x1d0 [ 84.393893][ T5321] vhci_write+0x358/0x4a0 [ 84.395978][ T5321] vfs_write+0x61d/0xb90 [ 84.397878][ T5321] ? __pfx_vfs_write+0x10/0x10 [ 84.400147][ T5321] ? __fget_files+0x2a/0x420 [ 84.402264][ T5321] ksys_write+0x150/0x270 [ 84.404105][ T5321] ? __pfx_ksys_write+0x10/0x10 [ 84.406330][ T5321] ? __pfx_kcov_ioctl+0x10/0x10 [ 84.408888][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.411870][ T5321] do_syscall_64+0x15f/0xf80 [ 84.414031][ T5321] ? trace_irq_disable+0x3b/0x140 [ 84.416529][ T5321] ? clear_bhb_loop+0x40/0x90 [ 84.418705][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.421669][ T5321] RIP: 0033:0x7f955235d04e [ 84.423819][ T5321] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 84.432772][ T5321] RSP: 002b:00007f955324af78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 84.436780][ T5321] RAX: ffffffffffffffda RBX: 00007f955324b6c0 RCX: 00007f955235d04e [ 84.440710][ T5321] RDX: 0000000000000007 RSI: 0000200000000400 RDI: 00000000000000ca [ 84.444573][ T5321] RBP: 00007f9552432c91 R08: 0000000000000000 R09: 0000000000000000 [ 84.447936][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.451835][ T5321] R13: 00007f9552616218 R14: 00007f9552616180 R15: 00007ffdddf81558 [ 84.455719][ T5321] [ 84.457547][ T5321] Kernel Offset: disabled [ 84.459508][ T5321] Rebooting in 86400 seconds..