program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="04021d02"], 0x20)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000080)={0x0, 0x1, "a465d3", 0x3, 0xaa})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7)
[ 77.001240][ T5299] Bluetooth: hci0: command tx timeout
[ 77.005043][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[ 77.007641][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[ 77.134000][ T5314] ------------[ cut here ]------------
[ 77.136572][ T5314] workqueue: cannot queue hci_rx_work on wq hci0
[ 77.139491][ T5314] WARNING: CPU: 0 PID: 5314 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0
[ 77.143431][ T5314] Modules linked in:
[ 77.145106][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.15.0-syzkaller #0 PREEMPT(full)
[ 77.148932][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 77.153194][ T5314] RIP: 0010:__queue_work+0xd62/0xfe0
[ 77.155271][ T5314] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 09 de 96 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 40 cc 69 8b 4c 89 fa e8 9f 40 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 00 e4 34 00 90 0f 0b 90 e9 dd fc ff
[ 77.162648][ T5314] RSP: 0018:ffffc9000d51fa88 EFLAGS: 00010046
[ 77.165011][ T5314] RAX: a388f5c143709d00 RBX: 0000000000000000 RCX: 0000000000100000
[ 77.168296][ T5314] RDX: ffffc9000eb1b000 RSI: 0000000000000d21 RDI: 0000000000000d22
[ 77.171680][ T5314] RBP: 1ffff11007db9738 R08: ffff88801fe23e93 R09: 1ffff11003fc47d2
[ 77.175083][ T5314] R10: dffffc0000000000 R11: ffffed1003fc47d3 R12: dffffc0000000000
[ 77.178596][ T5314] R13: ffff888043b28a98 R14: ffff88803f530000 R15: ffff88803edcb978
[ 77.181980][ T5314] FS: 00007f08306216c0(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000
[ 77.185853][ T5314] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 77.188667][ T5314] CR2: 00007f0830620fc8 CR3: 0000000043aba000 CR4: 0000000000352ef0
[ 77.191953][ T5314] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 77.195425][ T5314] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 77.198867][ T5314] Call Trace:
[ 77.200314][ T5314]
[ 77.201642][ T5314] ? rcu_is_watching+0x15/0xb0
[ 77.203757][ T5314] queue_work_on+0x181/0x270
[ 77.205870][ T5314] ? lockdep_hardirqs_on+0x9c/0x150
[ 77.208045][ T5314] ? __pfx_queue_work_on+0x10/0x10
[ 77.210297][ T5314] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 77.212868][ T5314] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 77.215675][ T5314] ? skb_queue_tail+0x30/0xf0
[ 77.217734][ T5314] hci_recv_frame+0x5ad/0x700
[ 77.219915][ T5314] ? skb_pull+0xc1/0x1d0
[ 77.221817][ T5314] vhci_write+0x358/0x4a0
[ 77.223733][ T5314] vfs_write+0x548/0xa90
[ 77.226061][ T5314] ? __pfx_vhci_write+0x10/0x10
[ 77.228231][ T5314] ? __pfx_vfs_write+0x10/0x10
[ 77.230327][ T5314] ? __fget_files+0x2a/0x420
[ 77.232337][ T5314] ksys_write+0x145/0x250
[ 77.234307][ T5314] ? __pfx_ksys_write+0x10/0x10
[ 77.236466][ T5314] ? do_syscall_64+0xba/0x210
[ 77.238569][ T5314] do_syscall_64+0xf6/0x210
[ 77.240548][ T5314] ? clear_bhb_loop+0x60/0xb0
[ 77.242649][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.245238][ T5314] RIP: 0033:0x7f082f78d41f
[ 77.247193][ T5314] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 77.255625][ T5314] RSP: 002b:00007f0830621000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 77.259243][ T5314] RAX: ffffffffffffffda RBX: 00007f082f9b6080 RCX: 00007f082f78d41f
[ 77.262712][ T5314] RDX: 0000000000000020 RSI: 0000200000000100 RDI: 00000000000000ca
[ 77.266818][ T5314] RBP: 00007f082f810ab1 R08: 0000000000000000 R09: 0000000000000000
[ 77.270511][ T5314] R10: 0000200000000100 R11: 0000000000000293 R12: 0000000000000000
[ 77.274000][ T5314] R13: 0000000000000001 R14: 00007f082f9b6080 R15: 00007ffda23309e8
[ 77.277301][ T5314]
[ 77.278697][ T5314] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 77.281816][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.15.0-syzkaller #0 PREEMPT(full)
[ 77.285871][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 77.290507][ T5314] Call Trace:
[ 77.292023][ T5314]
[ 77.293379][ T5314] dump_stack_lvl+0x99/0x250
[ 77.295459][ T5314] ? __asan_memcpy+0x40/0x70
[ 77.297598][ T5314] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.300001][ T5314] ? __pfx__printk+0x10/0x10
[ 77.302129][ T5314] panic+0x2db/0x790
[ 77.303894][ T5314] ? __pfx_panic+0x10/0x10
[ 77.305896][ T5314] ? show_trace_log_lvl+0x4fb/0x550
[ 77.308141][ T5314] __warn+0x31b/0x4b0
[ 77.309932][ T5314] ? __queue_work+0xd62/0xfe0
[ 77.312124][ T5314] ? __queue_work+0xd62/0xfe0
[ 77.314199][ T5314] report_bug+0x2be/0x4f0
[ 77.316320][ T5314] ? __queue_work+0xd62/0xfe0
[ 77.318397][ T5314] ? __queue_work+0xd62/0xfe0
[ 77.320463][ T5314] ? __queue_work+0xd64/0xfe0
[ 77.322535][ T5314] handle_bug+0x84/0x160
[ 77.324365][ T5314] exc_invalid_op+0x1a/0x50
[ 77.326493][ T5314] asm_exc_invalid_op+0x1a/0x20
[ 77.328552][ T5314] RIP: 0010:__queue_work+0xd62/0xfe0
[ 77.330680][ T5314] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 09 de 96 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 40 cc 69 8b 4c 89 fa e8 9f 40 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 00 e4 34 00 90 0f 0b 90 e9 dd fc ff
[ 77.338159][ T5314] RSP: 0018:ffffc9000d51fa88 EFLAGS: 00010046
[ 77.340640][ T5314] RAX: a388f5c143709d00 RBX: 0000000000000000 RCX: 0000000000100000
[ 77.343820][ T5314] RDX: ffffc9000eb1b000 RSI: 0000000000000d21 RDI: 0000000000000d22
[ 77.347319][ T5314] RBP: 1ffff11007db9738 R08: ffff88801fe23e93 R09: 1ffff11003fc47d2
[ 77.350786][ T5314] R10: dffffc0000000000 R11: ffffed1003fc47d3 R12: dffffc0000000000
[ 77.354229][ T5314] R13: ffff888043b28a98 R14: ffff88803f530000 R15: ffff88803edcb978
[ 77.357541][ T5314] ? __queue_work+0xd61/0xfe0
[ 77.359619][ T5314] ? rcu_is_watching+0x15/0xb0
[ 77.361840][ T5314] queue_work_on+0x181/0x270
[ 77.363920][ T5314] ? lockdep_hardirqs_on+0x9c/0x150
[ 77.366180][ T5314] ? __pfx_queue_work_on+0x10/0x10
[ 77.368347][ T5314] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 77.370956][ T5314] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 77.373656][ T5314] ? skb_queue_tail+0x30/0xf0
[ 77.375731][ T5314] hci_recv_frame+0x5ad/0x700
[ 77.377767][ T5314] ? skb_pull+0xc1/0x1d0
[ 77.379615][ T5314] vhci_write+0x358/0x4a0
[ 77.381486][ T5314] vfs_write+0x548/0xa90
[ 77.383355][ T5314] ? __pfx_vhci_write+0x10/0x10
[ 77.385670][ T5314] ? __pfx_vfs_write+0x10/0x10
[ 77.387871][ T5314] ? __fget_files+0x2a/0x420
[ 77.389913][ T5314] ksys_write+0x145/0x250
[ 77.391767][ T5314] ? __pfx_ksys_write+0x10/0x10
[ 77.393886][ T5314] ? do_syscall_64+0xba/0x210
[ 77.396001][ T5314] do_syscall_64+0xf6/0x210
[ 77.398066][ T5314] ? clear_bhb_loop+0x60/0xb0
[ 77.400157][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.402778][ T5314] RIP: 0033:0x7f082f78d41f
[ 77.404743][ T5314] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 77.413030][ T5314] RSP: 002b:00007f0830621000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 77.416678][ T5314] RAX: ffffffffffffffda RBX: 00007f082f9b6080 RCX: 00007f082f78d41f
[ 77.420027][ T5314] RDX: 0000000000000020 RSI: 0000200000000100 RDI: 00000000000000ca
[ 77.423611][ T5314] RBP: 00007f082f810ab1 R08: 0000000000000000 R09: 0000000000000000
[ 77.427072][ T5314] R10: 0000200000000100 R11: 0000000000000293 R12: 0000000000000000
[ 77.430543][ T5314] R13: 0000000000000001 R14: 00007f082f9b6080 R15: 00007ffda23309e8
[ 77.433951][ T5314]
[ 77.435687][ T5314] Kernel Offset: disabled
[ 77.437603][ T5314] Rebooting in 86400 seconds..