------------[ cut here ]------------
WARNING: CPU: 0 PID: 12447 at kernel/workqueue.c:1453 __queue_work+0xde8/0x1054 kernel/workqueue.c:1453
Modules linked in:
CPU: 0 PID: 12447 Comm: syz-executor Not tainted 5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __queue_work+0xde8/0x1054 kernel/workqueue.c:1453
lr : __queue_work+0xde8/0x1054 kernel/workqueue.c:1453
sp : ffff8000214977f0
x29: ffff800021497830 x28: 0000000000000000 x27: ffff0000cbfd2800
x26: 0000000000000008 x25: dfff800000000000 x24: ffff0000cbfd29c0
x23: 1fffe000197fa538 x22: ffff0000f13a0008 x21: 1fffe0001e274001
x20: 00000000000b0012 x19: ffff0000e6e90ae8 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082bf3c8 x15: 00000000000000ff
x14: 0000000000ff0100 x13: 1ffff0000282c06b x12: 0000000000ff0100
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000081e67c8
x8 : ffff0000f13a0000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff8000081e58ec
x2 : ffff0000e6e90ae8 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
__queue_work+0xde8/0x1054 kernel/workqueue.c:1453
queue_work_on+0xc4/0x17c kernel/workqueue.c:1559
queue_work include/linux/workqueue.h:512 [inline]
hci_recv_frame+0x154/0x1b4 net/bluetooth/hci_core.c:4160
vhci_get_user drivers/bluetooth/hci_vhci.c:194 [inline]
vhci_write+0x298/0x3ac drivers/bluetooth/hci_vhci.c:290
do_iter_readv_writev+0x3a0/0x4f8 fs/read_write.c:-1
do_iter_write+0x1c4/0x670 fs/read_write.c:855
vfs_writev fs/read_write.c:928 [inline]
do_writev+0x1e0/0x380 fs/read_write.c:971
__do_sys_writev fs/read_write.c:1044 [inline]
__se_sys_writev fs/read_write.c:1041 [inline]
__arm64_sys_writev+0x80/0x94 fs/read_write.c:1041
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 1352
hardirqs last enabled at (1351): [<ffff800011283438>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last enabled at (1351): [<ffff800011283438>] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194
hardirqs last disabled at (1352): [<ffff8000081e58e0>] queue_work_on+0x7c/0x17c kernel/workqueue.c:1556
softirqs last enabled at (1312): [<ffff800008031d3c>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (1310): [<ffff800008031d08>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 9aa64d835790f07a ]---
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
team0: Port device team_slave_0 added
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
debugfs: Directory 'hsr0' with parent 'hsr' already present!
Cannot create hsr debugfs directory
netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim0: renamed from eth0
netdevsim netdevsim0 netdevsim1: renamed from eth1
netdevsim netdevsim0 netdevsim2: renamed from eth2
netdevsim netdevsim0 netdevsim3: renamed from eth3
8021q: adding VLAN 0 to HW filter on device bond0
8021q: adding VLAN 0 to HW filter on device team0
hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
device veth0_macvtap entered promiscuous mode
device veth1_macvtap entered promiscuous mode
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_1
netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0