program:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x132, &(0x7f0000000500)={@link_local={0x3}, @multicast, @val={@val={0x88a8, 0x7, 0x1, 0x1}, {0x8100, 0x0, 0x0, 0x2}}, {@ipv4={0x800, @icmp={{0x23, 0x4, 0x0, 0x0, 0x11c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@timestamp={0x44, 0x28, 0xdc, 0x0, 0xe, [0x1, 0x6, 0x200, 0x52, 0xfffffff7, 0x0, 0x1, 0x8, 0x3]}, @end, @timestamp={0x44, 0x8, 0x10, 0x0, 0x6, [0x5]}, @ra={0x94, 0x4}, @cipso={0x86, 0x9, 0xffffffffffffffff, [{0x6, 0x3, '%'}]}, @timestamp_prespec={0x44, 0x14, 0x24, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xff}, {@rand_addr=0x64010100, 0x10001}]}, @timestamp={0x44, 0x24, 0x6, 0x0, 0x8, [0x4, 0x19bf, 0x7, 0x1, 0x1000, 0x1, 0x2, 0x0]}]}}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x22, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback, {[@rr={0x7, 0xb, 0x5a, [@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast]}, @timestamp_addr={0x44, 0x14, 0x34, 0x1, 0x8, [{@broadcast, 0x6}, {@empty, 0x9}]}, @noop, @timestamp={0x44, 0x8, 0xba, 0x0, 0x3, [0x1]}, @generic={0x88, 0xe, "814e3c13435fb1f7700fe1f1"}, @cipso={0x86, 0x21, 0xffffffffffffffff, [{0x2, 0xb, "1fd5588e16550b6621"}, {0x6, 0x5, "5f08d7"}, {0x2, 0x3, "c8"}, {0x2, 0x6, "884d4455"}, {0x1, 0x2}]}, @timestamp_prespec={0x44, 0x59, 0xb3, 0x3, 0x5, [{@private=0xa010100, 0x2}, {@local, 0xff}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x32fa}]}]}}}}}}}, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x45)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_FLUSH(r2, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000001c0)={0x1f0, r3, 0x2, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x80000001}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x80}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xf2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}]}, @TIPC_NLA_NODE={0x188, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "9b3d122984ce3afd9210f11646e81be6e3ff180406811102bf9203fb37e25afe453d0e8b"}}, @TIPC_NLA_NODE_ID={0x56, 0x3, "caf256c278bb5ed2c502a71784039ac34c24a49039b09db8cdf9ca4fa75d18ac66f945b2ee73af51d999d4e89fd8c4a08ae4af92048d0aa3d201baef25706fa680864431470ae0cb38e55c58ab54d6096633"}, @TIPC_NLA_NODE_ID={0xdc, 0x3, "ebb34c758aa60e56b8169b02471f638389ff77ca3ddd9ed4039c937326a0a2af317928219e2f587673d08c6f3bd2b20ca6f6c8293601fd369df93010263aa2623a354736b036611a149a2fd9c121041d31c191d0bc3cba724a4902815b68d4d22462649363d0254deba5f3ceced0ee71ec68cf34a972eced16b1dfdd9c576c0ebbed1f9441c25152ffd201baab0fe91e5bc3ad905cfff7f8cdca88c8926cb5bddfd5d879c999964b78841594a03803f85afe9d8bbd9d183ef6329374fdefd6113e0f3ea3974573690d6a0b5c5adfb3bb3e06810d62e0f911"}]}]}, 0x1f0}, 0x1, 0x0, 0x0, 0x1}, 0x4000)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$binfmt_misc(r0, &(0x7f00000000c0), 0x4)

[   91.697570][    C0] ------------[ cut here ]------------
[   91.700081][    C0] workqueue: cannot queue hci_cmd_timeout on wq hci0
[   91.703216][    C0] WARNING: kernel/workqueue.c:2298 at __queue_work+0xd1f/0xfc0, CPU#0: syz.0.0/5336
[   91.708157][    C0] Modules linked in:
[   91.710541][    C0] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   91.715327][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   91.719802][    C0] RIP: 0010:__queue_work+0xd4a/0xfc0
[   91.722843][    C0] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 77 47 a5 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[   91.739646][    C0] RSP: 0018:ffffc90000007bf0 EFLAGS: 00010082
[   91.742827][    C0] RAX: 1ffff1100255214e RBX: 0000000000000008 RCX: ffff888037c68000
[   91.747456][    C0] RDX: ffff8880129d8970 RSI: ffffffff8aa8faf0 RDI: ffffffff90366f70
[   91.750830][    C0] RBP: 0000000000000100 R08: ffffffff903377f7 R09: 1ffffffff2066efe
[   91.754287][    C0] R10: dffffc0000000000 R11: ffffffff818d6370 R12: dffffc0000000000
[   91.757780][    C0] R13: ffff888012a90a70 R14: ffffffff90366f70 R15: ffff8880129d8970
[   91.762376][    C0] FS:  00007fe14718b6c0(0000) GS:ffff88808c812000(0000) knlGS:0000000000000000
[   91.766620][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   91.769434][    C0] CR2: 00007fe14660c8c8 CR3: 00000000387ee000 CR4: 0000000000352ef0
[   91.773073][    C0] Call Trace:
[   91.774939][    C0]  <IRQ>
[   91.776659][    C0]  ? do_raw_spin_lock+0x12b/0x2f0
[   91.779264][    C0]  call_timer_fn+0x192/0x5e0
[   91.781295][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[   91.783684][    C0]  ? call_timer_fn+0xd4/0x5e0
[   91.785758][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[   91.788033][    C0]  ? do_raw_spin_unlock+0x4d/0x210
[   91.790566][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[   91.793610][    C0]  __run_timer_base+0x67e/0x8b0
[   91.795554][    C0]  ? ktime_get+0x45/0x220
[   91.797426][    C0]  ? __pfx___run_timer_base+0x10/0x10
[   91.799853][    C0]  ? ktime_get+0x1f5/0x220
[   91.802081][    C0]  run_timer_softirq+0xb7/0x170
[   91.804690][    C0]  handle_softirqs+0x22a/0x840
[   91.807226][    C0]  ? __irq_exit_rcu+0xca/0x220
[   91.809874][    C0]  __irq_exit_rcu+0xca/0x220
[   91.812045][    C0]  irq_exit_rcu+0x9/0x30
[   91.814260][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   91.817109][    C0]  </IRQ>
[   91.818650][    C0]  <TASK>
[   91.820266][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   91.823409][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x47/0x80
[   91.826388][    C0] Code: f7 e8 8d 74 e6 f5 f7 c3 00 02 00 00 74 05 e8 60 0d 12 f6 9c 58 a9 00 02 00 00 75 27 f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> d4 f6 d7 f5 65 8b 05 1d e3 84 07 85 c0 74 18 5b 41 5e e9 41 48
[   91.835685][    C0] RSP: 0018:ffffc9000f6ff908 EFLAGS: 00000206
[   91.838798][    C0] RAX: 0000000000000006 RBX: 0000000000000282 RCX: 0000000080000001
[   91.842385][    C0] RDX: 0000000000000006 RSI: ffffffff8dfd7361 RDI: 0000000000000001
[   91.845635][    C0] RBP: dffffc0000000000 R08: ffffffff903377f7 R09: 1ffffffff2066efe
[   91.849384][    C0] R10: dffffc0000000000 R11: fffffbfff2066eff R12: ffff8880129d8800
[   91.853722][    C0] R13: ffff8880129d88b8 R14: ffffc9000f6ffa60 R15: ffff888011f7a010
[   91.858062][    C0]  flush_workqueue_prep_pwqs+0x475/0x4f0
[   91.860473][    C0]  __flush_workqueue+0x45d/0x14f0
[   91.862708][    C0]  ? drain_workqueue+0xb1/0x390
[   91.865093][    C0]  ? __pfx___flush_workqueue+0x10/0x10
[   91.868465][    C0]  drain_workqueue+0xd3/0x390
[   91.871031][    C0]  hci_dev_close_sync+0x62f/0x10e0
[   91.873587][    C0]  ? __pfx_hci_dev_close_sync+0x10/0x10
[   91.876106][    C0]  ? lockdep_hardirqs_on+0x7a/0x110
[   91.878788][    C0]  ? enable_work+0x1fd/0x230
[   91.880988][    C0]  hci_dev_close+0x108/0x260
[   91.883091][    C0]  sock_do_ioctl+0x101/0x320
[   91.885271][    C0]  ? __pfx_sock_do_ioctl+0x10/0x10
[   91.887917][    C0]  ? do_futex+0x395/0x420
[   91.890132][    C0]  sock_ioctl+0x5c6/0x7f0
[   91.892305][    C0]  ? __pfx_sock_ioctl+0x10/0x10
[   91.894612][    C0]  ? __fget_files+0x2a/0x420
[   91.896578][    C0]  ? __fget_files+0x3a0/0x420
[   91.898435][    C0]  ? __fget_files+0x2a/0x420
[   91.900352][    C0]  ? bpf_lsm_file_ioctl+0x9/0x20
[   91.902554][    C0]  ? __pfx_sock_ioctl+0x10/0x10
[   91.905651][    C0]  __se_sys_ioctl+0xfc/0x170
[   91.908530][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.911564][    C0]  do_syscall_64+0x15f/0xf80
[   91.913614][    C0]  ? trace_irq_disable+0x3b/0x140
[   91.916077][    C0]  ? clear_bhb_loop+0x40/0x90
[   91.918207][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.920807][    C0] RIP: 0033:0x7fe14639c819
[   91.922934][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   91.932853][    C0] RSP: 002b:00007fe14718afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   91.936828][    C0] RAX: ffffffffffffffda RBX: 00007fe146615fa0 RCX: 00007fe14639c819
[   91.940345][    C0] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[   91.944605][    C0] RBP: 00007fe146432c91 R08: 0000000000000000 R09: 0000000000000000
[   91.948741][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   91.952430][    C0] R13: 00007fe146616038 R14: 00007fe146615fa0 R15: 00007fff76af8e38
[   91.956318][    C0]  </TASK>
[   91.957985][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   91.961648][    C0] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   91.965767][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   91.970270][    C0] Call Trace:
[   91.972140][    C0]  <IRQ>
[   91.973816][    C0]  vpanic+0x56c/0xa60
[   91.976083][    C0]  ? __pfx__printk+0x10/0x10
[   91.978326][    C0]  ? __pfx_vpanic+0x10/0x10
[   91.980349][    C0]  ? is_bpf_text_address+0x292/0x2b0
[   91.982613][    C0]  ? is_bpf_text_address+0x26/0x2b0
[   91.984923][    C0]  panic+0xc5/0xd0
[   91.986680][    C0]  ? __pfx_panic+0x10/0x10
[   91.988791][    C0]  __warn+0x315/0x4c0
[   91.990731][    C0]  ? __queue_work+0xd1f/0xfc0
[   91.993240][    C0]  ? __queue_work+0xd1f/0xfc0
[   91.995444][    C0]  __report_bug+0x29a/0x540
[   91.997506][    C0]  ? __queue_work+0xd1f/0xfc0
[   91.999762][    C0]  ? __pfx___report_bug+0x10/0x10
[   92.002239][    C0]  ? __pfx_hci_cmd_timeout+0x10/0x10
[   92.005002][    C0]  ? register_lock_class+0x31/0x2e0
[   92.007417][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[   92.009631][    C0]  report_bug_entry+0x19a/0x290
[   92.011816][    C0]  ? __queue_work+0xd4a/0xfc0
[   92.014336][    C0]  ? __queue_work+0xd4f/0xfc0
[   92.017082][    C0]  handle_bug+0xce/0x200
[   92.019201][    C0]  exc_invalid_op+0x1a/0x50
[   92.021213][    C0]  asm_exc_invalid_op+0x1a/0x20
[   92.023305][    C0] RIP: 0010:__queue_work+0xd4a/0xfc0
[   92.025702][    C0] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 77 47 a5 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[   92.034653][    C0] RSP: 0018:ffffc90000007bf0 EFLAGS: 00010082
[   92.037971][    C0] RAX: 1ffff1100255214e RBX: 0000000000000008 RCX: ffff888037c68000
[   92.042053][    C0] RDX: ffff8880129d8970 RSI: ffffffff8aa8faf0 RDI: ffffffff90366f70
[   92.045723][    C0] RBP: 0000000000000100 R08: ffffffff903377f7 R09: 1ffffffff2066efe
[   92.049319][    C0] R10: dffffc0000000000 R11: ffffffff818d6370 R12: dffffc0000000000
[   92.052931][    C0] R13: ffff888012a90a70 R14: ffffffff90366f70 R15: ffff8880129d8970
[   92.056746][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[   92.059988][    C0]  ? __pfx_hci_cmd_timeout+0x10/0x10
[   92.062686][    C0]  ? do_raw_spin_lock+0x12b/0x2f0
[   92.064953][    C0]  call_timer_fn+0x192/0x5e0
[   92.066976][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[   92.069544][    C0]  ? call_timer_fn+0xd4/0x5e0
[   92.071842][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[   92.074991][    C0]  ? do_raw_spin_unlock+0x4d/0x210
[   92.078072][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[   92.080774][    C0]  __run_timer_base+0x67e/0x8b0
[   92.082951][    C0]  ? ktime_get+0x45/0x220
[   92.084896][    C0]  ? __pfx___run_timer_base+0x10/0x10
[   92.087198][    C0]  ? ktime_get+0x1f5/0x220
[   92.089201][    C0]  run_timer_softirq+0xb7/0x170
[   92.091558][    C0]  handle_softirqs+0x22a/0x840
[   92.094146][    C0]  ? __irq_exit_rcu+0xca/0x220
[   92.096728][    C0]  __irq_exit_rcu+0xca/0x220
[   92.098981][    C0]  irq_exit_rcu+0x9/0x30
[   92.100966][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   92.103512][    C0]  </IRQ>
[   92.104948][    C0]  <TASK>
[   92.106303][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   92.108893][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x47/0x80
[   92.111988][    C0] Code: f7 e8 8d 74 e6 f5 f7 c3 00 02 00 00 74 05 e8 60 0d 12 f6 9c 58 a9 00 02 00 00 75 27 f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> d4 f6 d7 f5 65 8b 05 1d e3 84 07 85 c0 74 18 5b 41 5e e9 41 48
[   92.122014][    C0] RSP: 0018:ffffc9000f6ff908 EFLAGS: 00000206
[   92.124750][    C0] RAX: 0000000000000006 RBX: 0000000000000282 RCX: 0000000080000001
[   92.128158][    C0] RDX: 0000000000000006 RSI: ffffffff8dfd7361 RDI: 0000000000000001
[   92.132007][    C0] RBP: dffffc0000000000 R08: ffffffff903377f7 R09: 1ffffffff2066efe
[   92.137425][    C0] R10: dffffc0000000000 R11: fffffbfff2066eff R12: ffff8880129d8800
[   92.141124][    C0] R13: ffff8880129d88b8 R14: ffffc9000f6ffa60 R15: ffff888011f7a010
[   92.144705][    C0]  flush_workqueue_prep_pwqs+0x475/0x4f0
[   92.147179][    C0]  __flush_workqueue+0x45d/0x14f0
[   92.149408][    C0]  ? drain_workqueue+0xb1/0x390
[   92.152007][    C0]  ? __pfx___flush_workqueue+0x10/0x10
[   92.155159][    C0]  drain_workqueue+0xd3/0x390
[   92.157504][    C0]  hci_dev_close_sync+0x62f/0x10e0
[   92.159822][    C0]  ? __pfx_hci_dev_close_sync+0x10/0x10
[   92.162357][    C0]  ? lockdep_hardirqs_on+0x7a/0x110
[   92.164804][    C0]  ? enable_work+0x1fd/0x230
[   92.167417][    C0]  hci_dev_close+0x108/0x260
[   92.170115][    C0]  sock_do_ioctl+0x101/0x320
[   92.172413][    C0]  ? __pfx_sock_do_ioctl+0x10/0x10
[   92.174754][    C0]  ? do_futex+0x395/0x420
[   92.176732][    C0]  sock_ioctl+0x5c6/0x7f0
[   92.178654][    C0]  ? __pfx_sock_ioctl+0x10/0x10
[   92.180766][    C0]  ? __fget_files+0x2a/0x420
[   92.182952][    C0]  ? __fget_files+0x3a0/0x420
[   92.185622][    C0]  ? __fget_files+0x2a/0x420
[   92.188724][    C0]  ? bpf_lsm_file_ioctl+0x9/0x20
[   92.191271][    C0]  ? __pfx_sock_ioctl+0x10/0x10
[   92.193436][    C0]  __se_sys_ioctl+0xfc/0x170
[   92.195597][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.199202][    C0]  do_syscall_64+0x15f/0xf80
[   92.202299][    C0]  ? trace_irq_disable+0x3b/0x140
[   92.204495][    C0]  ? clear_bhb_loop+0x40/0x90
[   92.206951][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.209683][    C0] RIP: 0033:0x7fe14639c819
[   92.211872][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   92.222171][    C0] RSP: 002b:00007fe14718afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   92.226032][    C0] RAX: ffffffffffffffda RBX: 00007fe146615fa0 RCX: 00007fe14639c819
[   92.230501][    C0] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[   92.234464][    C0] RBP: 00007fe146432c91 R08: 0000000000000000 R09: 0000000000000000
[   92.237958][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   92.241690][    C0] R13: 00007fe146616038 R14: 00007fe146615fa0 R15: 00007fff76af8e38
[   92.246108][    C0]  </TASK>
[   92.247799][    C0] Kernel Offset: disabled
[   92.249616][    C0] Rebooting in 86400 seconds..