------------[ cut here ]------------ workqueue: cannot queue hci_conn_timeout on wq hci5 WARNING: kernel/workqueue.c:2306 at __queue_work+0xd91/0x10f0 kernel/workqueue.c:2305, CPU#0: kworker/0:0/9 Modules linked in: CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Workqueue: events l2cap_chan_timeout RIP: 0010:__queue_work+0xdae/0x10f0 kernel/workqueue.c:2305 Code: 81 c3 68 01 00 00 4c 8d 35 2f 91 02 0e 48 89 f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 ac df a3 00 49 8b 77 18 4c 89 f7 48 89 da <67> 48 0f b9 3a 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff RSP: 0018:ffffc900000e7938 EFLAGS: 00010046 RAX: 1ffff1100c36a15b RBX: ffff888032f4c968 RCX: ffff88801d2d5d00 RDX: ffff888032f4c968 RSI: ffffffff8a25b830 RDI: ffffffff8f8f9b60 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: dffffc0000000000 R11: ffffed100c36a159 R12: dffffc0000000000 R13: ffff888032f4c800 R14: ffffffff8f8f9b60 R15: ffff888061b50ac0 FS: 0000000000000000(0000) GS:ffff888125eca000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000200000000ed0 CR3: 00000000644dc000 CR4: 00000000003526f0 Call Trace: queue_delayed_work_on+0x11a/0x1e0 kernel/workqueue.c:2620 l2cap_chan_del+0x286/0x600 net/bluetooth/l2cap_core.c:673 l2cap_chan_close+0x4d7/0x770 net/bluetooth/l2cap_core.c:-1 l2cap_chan_timeout+0x21e/0x470 net/bluetooth/l2cap_core.c:433 process_one_work+0x93a/0x12b0 kernel/workqueue.c:3326 process_scheduled_works kernel/workqueue.c:3409 [inline] worker_thread+0xb05/0x10d0 kernel/workqueue.c:3490 kthread+0x388/0x470 kernel/kthread.c:436 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 ---------------- Code disassembly (best guess): 0: 81 c3 68 01 00 00 add $0x168,%ebx 6: 4c 8d 35 2f 91 02 0e lea 0xe02912f(%rip),%r14 # 0xe02913c d: 48 89 f8 mov %rdi,%rax 10: 48 c1 e8 03 shr $0x3,%rax 14: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) 19: 74 05 je 0x20 1b: e8 ac df a3 00 call 0xa3dfcc 20: 49 8b 77 18 mov 0x18(%r15),%rsi 24: 4c 89 f7 mov %r14,%rdi 27: 48 89 da mov %rbx,%rdx * 2a: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2f: 4c 89 f8 mov %r15,%rax 32: 48 c1 e8 03 shr $0x3,%rax 36: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) 3b: 74 08 je 0x45 3d: 4c 89 ff mov %r15,%rdi