------------[ cut here ]------------
WARNING: CPU: 0 PID: 5640 at kernel/workqueue.c:1441 __queue_work+0x10c8/0x136c kernel/workqueue.c:1441
Modules linked in:
CPU: 0 PID: 5640 Comm: syz.2.520 Not tainted 6.1.94-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __queue_work+0x10c8/0x136c kernel/workqueue.c:1441
lr : __queue_work+0x10c8/0x136c kernel/workqueue.c:1441
sp : ffff80001e5874b0
x29: ffff80001e5874f0 x28: 0000000000000008 x27: ffff0000de6d9260
x26: ffff0000c4b3e000 x25: dfff800000000000 x24: 0000000100000000
x23: ffff0000c4b3e1c0 x22: ffff0000cd1db788 x21: 1fffe00019a3b6f1
x20: 00000000000b0012 x19: ffff0000dd3ce330 x18: 0000000000000000
x17: 0000000000000000 x16: ffff800008049dd0 x15: 0000000000000002
x14: 1ffff00002b0a0b0 x13: dfff800000000000 x12: 0000000000040000
x11: 00000000000019d6 x10: ffff800020c0a000 x9 : ffff8000082168b8
x8 : 00000000000019d7 x7 : ffff80000aae3404 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff800008217074
x2 : ffff0000dd3ce330 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 __queue_work+0x10c8/0x136c kernel/workqueue.c:1441
 __queue_delayed_work kernel/workqueue.c:1668 [inline]
 queue_delayed_work_on+0x210/0x320 kernel/workqueue.c:1704
 queue_delayed_work include/linux/workqueue.h:527 [inline]
 hci_conn_drop+0x198/0x2bc include/net/bluetooth/hci_core.h:1424
 l2cap_chan_del+0x264/0x560 net/bluetooth/l2cap_core.c:695
 l2cap_chan_close+0x4c8/0x82c
 l2cap_sock_shutdown+0x334/0x7b0 net/bluetooth/l2cap_sock.c:1400
 l2cap_sock_release+0x78/0x1b4 net/bluetooth/l2cap_sock.c:1444
 __sock_release net/socket.c:654 [inline]
 sock_close+0xb8/0x1fc net/socket.c:1400
 __fput+0x30c/0x7bc fs/file_table.c:320
 ____fput+0x20/0x30 fs/file_table.c:348
 task_work_run+0x240/0x2f0 kernel/task_work.c:179
 get_signal+0x1394/0x158c kernel/signal.c:2639
 do_signal arch/arm64/kernel/signal.c:1076 [inline]
 do_notify_resume+0x3ac/0x3474 arch/arm64/kernel/signal.c:1129
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 438
hardirqs last  enabled at (437): [<ffff80000821a5f0>] __cancel_work+0x1f0/0x2b0 kernel/workqueue.c:3258
hardirqs last disabled at (438): [<ffff800008217068>] queue_delayed_work_on+0x84/0x320 kernel/workqueue.c:1701
softirqs last  enabled at (432): [<ffff8000103c4d14>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (432): [<ffff8000103c4d14>] release_sock+0x178/0x1cc net/core/sock.c:3511
softirqs last disabled at (430): [<ffff8000103c4bd8>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (430): [<ffff8000103c4bd8>] release_sock+0x3c/0x1cc net/core/sock.c:3498
---[ end trace 0000000000000000 ]---