program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0)
[ 68.057255][ C0] ------------[ cut here ]------------
[ 68.059861][ C0] workqueue: cannot queue hci_cmd_timeout on wq hci0
[ 68.062993][ C0] WARNING: CPU: 0 PID: 5340 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0
[ 68.068082][ C0] Modules linked in:
[ 68.073806][ C0] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full)
[ 68.079297][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 68.084150][ C0] RIP: 0010:__queue_work+0xd62/0xfe0
[ 68.086630][ C0] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 99 cf 98 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 00 e9 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 d0 4e 35 00 90 0f 0b 90 e9 dd fc ff
[ 68.095493][ C0] RSP: 0018:ffffc90000007b08 EFLAGS: 00010046
[ 68.098405][ C0] RAX: c304a893b5ef9c00 RBX: 0000000000000100 RCX: ffff88800039c880
[ 68.101957][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[ 68.105725][ C0] RBP: 1ffff11007de0f38 R08: ffff88801fc24293 R09: 1ffff11003f84852
[ 68.109584][ C0] R10: dffffc0000000000 R11: ffffed1003f84853 R12: dffffc0000000000
[ 68.113133][ C0] R13: ffff88803610c988 R14: 0000000000000008 R15: ffff88803ef07978
[ 68.116643][ C0] FS: 00007f054eeb56c0(0000) GS:ffff88808d218000(0000) knlGS:0000000000000000
[ 68.120671][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 68.123851][ C0] CR2: 00007f054e1ae220 CR3: 0000000044092000 CR4: 0000000000352ef0
[ 68.127739][ C0] Call Trace:
[ 68.129234][ C0]
[ 68.130553][ C0] call_timer_fn+0x17b/0x5f0
[ 68.132682][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 68.135291][ C0] ? call_timer_fn+0xbe/0x5f0
[ 68.137302][ C0] ? __pfx_call_timer_fn+0x10/0x10
[ 68.139599][ C0] ? do_raw_spin_unlock+0x4d/0x240
[ 68.141680][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 68.144212][ C0] __run_timer_base+0x646/0x860
[ 68.146416][ C0] ? ktime_get+0x3e/0x1f0
[ 68.148348][ C0] ? __pfx___run_timer_base+0x10/0x10
[ 68.150613][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0
[ 68.153623][ C0] run_timer_softirq+0xb7/0x180
[ 68.155794][ C0] handle_softirqs+0x286/0x870
[ 68.157772][ C0] ? __irq_exit_rcu+0xca/0x1f0
[ 68.159714][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 68.162109][ C0] __irq_exit_rcu+0xca/0x1f0
[ 68.164123][ C0] ? __pfx___irq_exit_rcu+0x10/0x10
[ 68.166286][ C0] irq_exit_rcu+0x9/0x30
[ 68.168203][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 68.170519][ C0]
[ 68.171867][ C0]
[ 68.173260][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 68.176429][ C0] RIP: 0010:lock_acquire+0x175/0x360
[ 68.179513][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 6b 44 02 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[ 68.188001][ C0] RSP: 0018:ffffc9000d6df888 EFLAGS: 00000206
[ 68.190732][ C0] RAX: c304a893b5ef9c00 RBX: 0000000000000000 RCX: c304a893b5ef9c00
[ 68.194214][ C0] RDX: ffffffff934ef300 RSI: ffffffff8db873a8 RDI: ffffffff8be29ec0
[ 68.197887][ C0] RBP: ffffffff818b2295 R08: 0000000000000008 R09: ffffffff95c17478
[ 68.201961][ C0] R10: 00000000a71ac4b4 R11: 0000000097862a5e R12: 0000000000000000
[ 68.205807][ C0] R13: ffff88803ef07948 R14: 0000000000000001 R15: 0000000000000246
[ 68.209345][ C0] ? touch_wq_lockdep_map+0xb5/0x180
[ 68.211709][ C0] ? touch_wq_lockdep_map+0xb5/0x180
[ 68.214095][ C0] touch_wq_lockdep_map+0xcb/0x180
[ 68.216277][ C0] ? touch_wq_lockdep_map+0xb5/0x180
[ 68.218637][ C0] __flush_workqueue+0x121/0x14b0
[ 68.221142][ C0] ? drain_workqueue+0xb1/0x390
[ 68.223870][ C0] ? __pfx___flush_workqueue+0x10/0x10
[ 68.227305][ C0] drain_workqueue+0xd3/0x390
[ 68.230204][ C0] hci_dev_close_sync+0x659/0x1330
[ 68.232610][ C0] ? __pfx_hci_dev_close_sync+0x10/0x10
[ 68.235137][ C0] ? do_raw_read_unlock+0x3d/0x80
[ 68.237481][ C0] hci_dev_close+0x108/0x200
[ 68.239669][ C0] sock_do_ioctl+0xd9/0x300
[ 68.241794][ C0] ? __pfx_sock_do_ioctl+0x10/0x10
[ 68.244065][ C0] ? __lock_acquire+0xab9/0xd20
[ 68.246268][ C0] sock_ioctl+0x576/0x790
[ 68.248412][ C0] ? __pfx_sock_ioctl+0x10/0x10
[ 68.250828][ C0] ? __fget_files+0x2a/0x420
[ 68.253496][ C0] ? __fget_files+0x3a0/0x420
[ 68.256034][ C0] ? __fget_files+0x2a/0x420
[ 68.258199][ C0] ? bpf_lsm_file_ioctl+0x9/0x20
[ 68.260443][ C0] ? __pfx_sock_ioctl+0x10/0x10
[ 68.262640][ C0] __se_sys_ioctl+0xf9/0x170
[ 68.264768][ C0] do_syscall_64+0xfa/0x3b0
[ 68.266885][ C0] ? lockdep_hardirqs_on+0x9c/0x150
[ 68.269219][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.271891][ C0] ? clear_bhb_loop+0x60/0xb0
[ 68.274219][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.277526][ C0] RIP: 0033:0x7f054df8e9a9
[ 68.280017][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 68.288768][ C0] RSP: 002b:00007f054eeb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 68.292202][ C0] RAX: ffffffffffffffda RBX: 00007f054e1b5fa0 RCX: 00007f054df8e9a9
[ 68.295361][ C0] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[ 68.298908][ C0] RBP: 00007f054e010d69 R08: 0000000000000000 R09: 0000000000000000
[ 68.302491][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 68.306449][ C0] R13: 0000000000000000 R14: 00007f054e1b5fa0 R15: 00007fff9ab00dc8
[ 68.310739][ C0]
[ 68.312385][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 68.315763][ C0] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full)
[ 68.320862][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 68.325116][ C0] Call Trace:
[ 68.326569][ C0]
[ 68.327840][ C0] dump_stack_lvl+0x99/0x250
[ 68.330013][ C0] ? __asan_memcpy+0x40/0x70
[ 68.331921][ C0] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.334116][ C0] ? __pfx__printk+0x10/0x10
[ 68.336145][ C0] panic+0x2db/0x790
[ 68.337917][ C0] ? __pfx_panic+0x10/0x10
[ 68.339894][ C0] ? show_trace_log_lvl+0x4fb/0x550
[ 68.342311][ C0] __warn+0x31b/0x4b0
[ 68.344127][ C0] ? __queue_work+0xd62/0xfe0
[ 68.346322][ C0] ? __queue_work+0xd62/0xfe0
[ 68.348672][ C0] report_bug+0x2be/0x4f0
[ 68.350664][ C0] ? __queue_work+0xd62/0xfe0
[ 68.352939][ C0] ? __queue_work+0xd62/0xfe0
[ 68.354943][ C0] ? __queue_work+0xd64/0xfe0
[ 68.356961][ C0] handle_bug+0x84/0x160
[ 68.358655][ C0] exc_invalid_op+0x1a/0x50
[ 68.360729][ C0] asm_exc_invalid_op+0x1a/0x20
[ 68.363091][ C0] RIP: 0010:__queue_work+0xd62/0xfe0
[ 68.365939][ C0] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 99 cf 98 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 00 e9 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 d0 4e 35 00 90 0f 0b 90 e9 dd fc ff
[ 68.375518][ C0] RSP: 0018:ffffc90000007b08 EFLAGS: 00010046
[ 68.378065][ C0] RAX: c304a893b5ef9c00 RBX: 0000000000000100 RCX: ffff88800039c880
[ 68.381220][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[ 68.384435][ C0] RBP: 1ffff11007de0f38 R08: ffff88801fc24293 R09: 1ffff11003f84852
[ 68.388188][ C0] R10: dffffc0000000000 R11: ffffed1003f84853 R12: dffffc0000000000
[ 68.391899][ C0] R13: ffff88803610c988 R14: 0000000000000008 R15: ffff88803ef07978
[ 68.395388][ C0] ? __queue_work+0xd61/0xfe0
[ 68.397570][ C0] call_timer_fn+0x17b/0x5f0
[ 68.399664][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 68.402541][ C0] ? call_timer_fn+0xbe/0x5f0
[ 68.404977][ C0] ? __pfx_call_timer_fn+0x10/0x10
[ 68.407724][ C0] ? do_raw_spin_unlock+0x4d/0x240
[ 68.410072][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 68.412764][ C0] __run_timer_base+0x646/0x860
[ 68.415155][ C0] ? ktime_get+0x3e/0x1f0
[ 68.417189][ C0] ? __pfx___run_timer_base+0x10/0x10
[ 68.419629][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0
[ 68.422711][ C0] run_timer_softirq+0xb7/0x180
[ 68.425533][ C0] handle_softirqs+0x286/0x870
[ 68.428579][ C0] ? __irq_exit_rcu+0xca/0x1f0
[ 68.430799][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 68.433237][ C0] __irq_exit_rcu+0xca/0x1f0
[ 68.435303][ C0] ? __pfx___irq_exit_rcu+0x10/0x10
[ 68.437656][ C0] irq_exit_rcu+0x9/0x30
[ 68.439501][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 68.442010][ C0]
[ 68.443376][ C0]
[ 68.444745][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 68.447758][ C0] RIP: 0010:lock_acquire+0x175/0x360
[ 68.450391][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 6b 44 02 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[ 68.458917][ C0] RSP: 0018:ffffc9000d6df888 EFLAGS: 00000206
[ 68.461692][ C0] RAX: c304a893b5ef9c00 RBX: 0000000000000000 RCX: c304a893b5ef9c00
[ 68.465272][ C0] RDX: ffffffff934ef300 RSI: ffffffff8db873a8 RDI: ffffffff8be29ec0
[ 68.469520][ C0] RBP: ffffffff818b2295 R08: 0000000000000008 R09: ffffffff95c17478
[ 68.473374][ C0] R10: 00000000a71ac4b4 R11: 0000000097862a5e R12: 0000000000000000
[ 68.476940][ C0] R13: ffff88803ef07948 R14: 0000000000000001 R15: 0000000000000246
[ 68.480508][ C0] ? touch_wq_lockdep_map+0xb5/0x180
[ 68.482895][ C0] ? touch_wq_lockdep_map+0xb5/0x180
[ 68.485327][ C0] touch_wq_lockdep_map+0xcb/0x180
[ 68.487618][ C0] ? touch_wq_lockdep_map+0xb5/0x180
[ 68.490957][ C0] __flush_workqueue+0x121/0x14b0
[ 68.493839][ C0] ? drain_workqueue+0xb1/0x390
[ 68.496143][ C0] ? __pfx___flush_workqueue+0x10/0x10
[ 68.498728][ C0] drain_workqueue+0xd3/0x390
[ 68.500881][ C0] hci_dev_close_sync+0x659/0x1330
[ 68.503115][ C0] ? __pfx_hci_dev_close_sync+0x10/0x10
[ 68.505672][ C0] ? do_raw_read_unlock+0x3d/0x80
[ 68.508325][ C0] hci_dev_close+0x108/0x200
[ 68.510845][ C0] sock_do_ioctl+0xd9/0x300
[ 68.513005][ C0] ? __pfx_sock_do_ioctl+0x10/0x10
[ 68.515270][ C0] ? __lock_acquire+0xab9/0xd20
[ 68.517532][ C0] sock_ioctl+0x576/0x790
[ 68.519379][ C0] ? __pfx_sock_ioctl+0x10/0x10
[ 68.521503][ C0] ? __fget_files+0x2a/0x420
[ 68.523644][ C0] ? __fget_files+0x3a0/0x420
[ 68.526080][ C0] ? __fget_files+0x2a/0x420
[ 68.528440][ C0] ? bpf_lsm_file_ioctl+0x9/0x20
[ 68.530580][ C0] ? __pfx_sock_ioctl+0x10/0x10
[ 68.532636][ C0] __se_sys_ioctl+0xf9/0x170
[ 68.534633][ C0] do_syscall_64+0xfa/0x3b0
[ 68.537041][ C0] ? lockdep_hardirqs_on+0x9c/0x150
[ 68.539442][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.542502][ C0] ? clear_bhb_loop+0x60/0xb0
[ 68.544713][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.547495][ C0] RIP: 0033:0x7f054df8e9a9
[ 68.549414][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 68.558711][ C0] RSP: 002b:00007f054eeb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 68.562785][ C0] RAX: ffffffffffffffda RBX: 00007f054e1b5fa0 RCX: 00007f054df8e9a9
[ 68.567356][ C0] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[ 68.570888][ C0] RBP: 00007f054e010d69 R08: 0000000000000000 R09: 0000000000000000
[ 68.574305][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 68.578125][ C0] R13: 0000000000000000 R14: 00007f054e1b5fa0 R15: 00007fff9ab00dc8
[ 68.582110][ C0]
[ 68.583965][ C0] Kernel Offset: disabled
[ 68.585938][ C0] Rebooting in 86400 seconds..