program:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
perf_event_open(&(0x7f0000000100)={0x2, 0x2c, 0xc2, 0x0, 0x0, 0x1, 0x0, 0xffffffffffd, 0x14, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x3, 0x4}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x5, 0x0, 0x3}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x2)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
r1 = socket$tipc(0x1e, 0x2, 0x0)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000000)=0xc, 0x4)
shutdown(r2, 0x1)
connect$bt_rfcomm(r2, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="03000000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES16=r1], 0x4c}}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000580), 0xaad80)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000380), 0x670441, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue0\x00'})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x210702)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r5, 0x40045304, &(0x7f0000000100)={{}, {0x0, 0x3}, 0x2})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f00000000c0)={0x0, 0x8, 0x7, {0x6}, 0x3e8})
setsockopt$TIPC_MCAST_BROADCAST(r1, 0x10f, 0x85)
ioctl$sock_bt_hci(r3, 0x400448ca, 0x0)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r6, &(0x7f0000000440)={0xffffffff, 0x0, 0x5, 0x1, 0x4}, 0x8)
write$rfkill(r6, &(0x7f0000000000)={0xd2, 0x2, 0x3, 0x0, 0x1}, 0x8)
sendfile(r2, r2, &(0x7f0000000240), 0x80000001)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000002000000000000007cd78840b90833d420672e9932cee3950100008400000000000000000300000000000021000000000000000200"/82], 0x0, 0x4a, 0x0, 0x0, 0x200}, 0x28)
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x158)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000580)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000740)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@xino_on}]})
syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
[ 111.152624][ T5[ 111.120374][ T1378] ------------[ cut here ]------------
[ 111.123738][ T1378] workqueue: cannot queue hci_cmd_work on wq hci0
[ 111.126743][ T1378] WARNING: kernel/workqueue.c:2298 at __queue_work+0xd1f/0xfc0, CPU#0: kworker/0:3/1378
[ 111.136940][ T1378] Modules linked in:
[ 111.139371][ T1378] CPU: 0 UID: 0 PID: 1378 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full)
[ 111.143427][ T1378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 111.148942][ T1378] Workqueue: events l2cap_info_timeout
[ 111.151927][ T1378] RIP: 0010:__queue_work+0xd4a/0xfc0
[ 111.154341][ T1378] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 17 4d a5 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[ 111.163087][ T1378] RSP: 0018:ffffc9000257f720 EFLAGS: 00010082
[ 111.166341][ T1378] RAX: 1ffff110081cc181 RBX: 0000000000000008 RCX: ffff888000260000
[ 111.170349][ T1378] RDX: ffff888040182170 RSI: ffffffff8aa9ccd0 RDI: ffffffff90368d70
[ 111.173924][ T1378] RBP: 0000000000000020 R08: ffff888040e60bf7 R09: 1ffff110081cc17e
[ 111.177833][ T1378] R10: dffffc0000000000 R11: ffffed10081cc17f R12: dffffc0000000000
[ 111.181907][ T1378] R13: ffff888040e60c08 R14: ffffffff90368d70 R15: ffff888040182170
[ 111.185415][ T1378] FS: 0000000000000000(0000) GS:ffff88808c80c000(0000) knlGS:0000000000000000
[ 111.189561][ T1378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 111.193504][ T1378] CR2: 0000200000005dc0 CR3: 0000000012a31000 CR4: 0000000000352ef0
[ 111.197197][ T1378] Call Trace:
[ 111.198657][ T1378]
[ 111.200351][ T1378] ? rcu_is_watching+0x15/0xb0
[ 111.202553][ T1378] queue_work_on+0x106/0x1d0
[ 111.205028][ T1378] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 111.208360][ T1378] hci_send_cmd+0xb7/0x1a0
[ 111.210592][ T1378] hci_conn_security+0x599/0xa80
[ 111.212784][ T1378] ? __pfx_hci_conn_security+0x10/0x10
[ 111.215406][ T1378] ? rcu_is_watching+0x15/0xb0
[ 111.217651][ T1378] ? l2cap_chan_check_security+0x2eb/0x570
[ 111.220385][ T1378] l2cap_conn_start+0x3bc/0xf20
[ 111.222596][ T1378] ? __pfx_l2cap_conn_start+0x10/0x10
[ 111.225131][ T1378] ? l2cap_info_timeout+0x60/0xa0
[ 111.227454][ T1378] ? __pfx___mutex_lock+0x10/0x10
[ 111.229745][ T1378] ? process_scheduled_works+0xa70/0x1860
[ 111.232320][ T1378] l2cap_info_timeout+0x68/0xa0
[ 111.234500][ T1378] ? process_scheduled_works+0xa70/0x1860
[ 111.237129][ T1378] process_scheduled_works+0xb5d/0x1860
[ 111.239663][ T1378] ? __pfx_process_scheduled_works+0x10/0x10
[ 111.242449][ T1378] ? assign_work+0x3d5/0x5e0
[ 111.244570][ T1378] worker_thread+0xa53/0xfc0
[ 111.246661][ T1378] kthread+0x388/0x470
[ 111.248376][ T1378] ? __pfx_worker_thread+0x10/0x10
[ 111.250450][ T1378] ? __pfx_kthread+0x10/0x10
[ 111.252366][ T1378] ret_from_fork+0x514/0xb70
[ 111.254274][ T1378] ? __pfx_ret_from_fork+0x10/0x10
[ 111.256306][ T1378] ? __switch_to+0xc79/0x1410
[ 111.258166][ T1378] ? __pfx_kthread+0x10/0x10
[ 111.260034][ T1378] ret_from_fork_asm+0x1a/0x30
[ 111.261774][ T1378]
[ 111.263063][ T1378] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 111.266362][ T1378] CPU: 0 UID: 0 PID: 1378 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full)
[ 111.270444][ T1378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 111.274724][ T1378] Workqueue: events l2cap_info_timeout
[ 111.277164][ T1378] Call Trace:
[ 111.278707][ T1378]
[ 111.280285][ T1378] vpanic+0x56c/0xa60
[ 111.282314][ T1378] ? __pfx__printk+0x10/0x10
[ 111.284911][ T1378] ? __pfx_vpanic+0x10/0x10
[ 111.287438][ T1378] ? is_bpf_text_address+0x292/0x2b0
[ 111.290576][ T1378] ? is_bpf_text_address+0x26/0x2b0
[ 111.293716][ T1378] panic+0xc5/0xd0
[ 111.295993][ T1378] ? __pfx_panic+0x10/0x10
[ 111.298559][ T1378] ? ret_from_fork_asm+0x1a/0x30
[ 111.300823][ T1378] __warn+0x315/0x4c0
[ 111.302656][ T1378] ? __queue_work+0xd1f/0xfc0
[ 111.304867][ T1378] ? __queue_work+0xd1f/0xfc0
[ 111.306783][ T1378] __report_bug+0x29a/0x540
[ 111.309097][ T1378] ? __queue_work+0xd1f/0xfc0
[ 111.311553][ T1378] ? __pfx___report_bug+0x10/0x10
[ 111.314147][ T1378] ? __pfx_hci_cmd_work+0x10/0x10
[ 111.316766][ T1378] ? add_lock_to_list+0xc7/0x100
[ 111.319025][ T1378] ? lockdep_unlock+0x5d/0xd0
[ 111.321200][ T1378] ? __lock_acquire+0x146e/0x2cf0
[ 111.323519][ T1378] report_bug_entry+0x19a/0x290
[ 111.325759][ T1378] ? __queue_work+0xd4a/0xfc0
[ 111.327793][ T1378] ? __queue_work+0xd4f/0xfc0
[ 111.329832][ T1378] handle_bug+0xce/0x200
[ 111.331756][ T1378] exc_invalid_op+0x1a/0x50
[ 111.333813][ T1378] asm_exc_invalid_op+0x1a/0x20
[ 111.335827][ T1378] RIP: 0010:__queue_work+0xd4a/0xfc0
[ 111.338132][ T1378] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 17 4d a5 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[ 111.346436][ T1378] RSP: 0018:ffffc9000257f720 EFLAGS: 00010082
[ 111.348999][ T1378] RAX: 1ffff110081cc181 RBX: 0000000000000008 RCX: ffff888000260000
[ 111.352309][ T1378] RDX: ffff888040182170 RSI: ffffffff8aa9ccd0 RDI: ffffffff90368d70
[ 111.355854][ T1378] RBP: 0000000000000020 R08: ffff888040e60bf7 R09: 1ffff110081cc17e
[ 111.359167][ T1378] R10: dffffc0000000000 R11: ffffed10081cc17f R12: dffffc0000000000
[ 111.362283][ T1378] R13: ffff888040e60c08 R14: ffffffff90368d70 R15: ffff888040182170
[ 111.365484][ T1378] ? __pfx_hci_cmd_work+0x10/0x10
[ 111.367546][ T1378] ? rcu_is_watching+0x15/0xb0
[ 111.369526][ T1378] queue_work_on+0x106/0x1d0
[ 111.371547][ T1378] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 111.374460][ T1378] hci_send_cmd+0xb7/0x1a0
[ 111.376812][ T1378] hci_conn_security+0x599/0xa80
[ 111.378903][ T1378] ? __pfx_hci_conn_security+0x10/0x10
[ 111.381671][ T1378] ? rcu_is_watching+0x15/0xb0
[ 111.383922][ T1378] ? l2cap_chan_check_security+0x2eb/0x570
[ 111.386460][ T1378] l2cap_conn_start+0x3bc/0xf20
[ 111.388623][ T1378] ? __pfx_l2cap_conn_start+0x10/0x10
[ 111.391098][ T1378] ? l2cap_info_timeout+0x60/0xa0
[ 111.393477][ T1378] ? __pfx___mutex_lock+0x10/0x10
[ 111.395857][ T1378] ? process_scheduled_works+0xa70/0x1860
[ 111.398482][ T1378] l2cap_info_timeout+0x68/0xa0
[ 111.400761][ T1378] ? process_scheduled_works+0xa70/0x1860
[ 111.403444][ T1378] process_scheduled_works+0xb5d/0x1860
[ 111.405973][ T1378] ? __pfx_process_scheduled_works+0x10/0x10
[ 111.408375][ T1378] ? assign_work+0x3d5/0x5e0
[ 111.410191][ T1378] worker_thread+0xa53/0xfc0
[ 111.412136][ T1378] kthread+0x388/0x470
[ 111.413852][ T1378] ? __pfx_worker_thread+0x10/0x10
[ 111.416032][ T1378] ? __pfx_kthread+0x10/0x10
[ 111.418136][ T1378] ret_from_fork+0x514/0xb70
[ 111.420193][ T1378] ? __pfx_ret_from_fork+0x10/0x10
[ 111.422374][ T1378] ? __switch_to+0xc79/0x1410
[ 111.424614][ T1378] ? __pfx_kthread+0x10/0x10
[ 111.426934][ T1378] ret_from_fork_asm+0x1a/0x30
[ 111.428895][ T1378]
[ 111.430595][ T1378] Kernel Offset: disabled
[ 111.432538][ T1378] Rebooting in 86400 seconds..