------------[ cut here ]------------
workqueue: cannot queue hci_conn_timeout on wq hci0
WARNING: CPU: 0 PID: 18 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0 kernel/workqueue.c:2256
Modules linked in:
CPU: 0 UID: 0 PID: 18 Comm: rcu_exp_gp_kthr Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__queue_work+0xd62/0xfe0 kernel/workqueue.c:2256
Code: 42 80 3c 20 00 74 08 4c 89 ef e8 09 2c 95 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 00 e9 89 8b 4c 89 fa e8 5f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 a0 44 35 00 90 0f 0b 90 e9 dd fc ff
RSP: 0018:ffffc90000007b08 EFLAGS: 00010046
RAX: 0d235140a4297c00 RBX: 0000000000000100 RCX: ffff88801d291e00
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 1ffff1100532f138 R08: ffff8880b8624293 R09: 1ffff110170c4852
R10: dffffc0000000000 R11: ffffed10170c4853 R12: dffffc0000000000
R13: ffff888034c74960 R14: 0000000000000008 R15: ffff888029978978
FS: 0000000000000000(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000559d907ac950 CR3: 000000002f976000 CR4: 00000000003526f0
Call Trace:
call_timer_fn+0x17b/0x5f0 kernel/time/timer.c:1747
expire_timers kernel/time/timer.c:1793 [inline]
__run_timers kernel/time/timer.c:2372 [inline]
__run_timer_base+0x646/0x860 kernel/time/timer.c:2384
run_timer_base kernel/time/timer.c:2393 [inline]
run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403
handle_softirqs+0x283/0x870 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:preempt_count_sub+0x1f/0x170 kernel/sched/core.c:5899
Code: 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 53 48 bb 00 00 00 00 00 fc ff df 48 c7 c0 e0 d2 a7 99 48 c1 e8 03 0f b6 04 18 <84> c0 0f 85 d1 00 00 00 83 3d 52 f0 16 18 00 75 25 65 8b 05 99 ad
RSP: 0018:ffffc90000177a48 EFLAGS: 00000a06
RAX: 0000000000000004 RBX: dffffc0000000000 RCX: 0d235140a4297c00
RDX: 0000000000000000 RSI: ffffffff8d982fdf RDI: 0000000000000001
RBP: ffffc90000177ae8 R08: ffffffff8fa0b3f7 R09: 1ffffffff1f4167e
R10: dffffc0000000000 R11: fffffbfff1f4167f R12: dffffc0000000000
R13: ffffffff8e144534 R14: ffffffff8e144480 R15: 1ffff9200002ef4c
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0xad/0x110 kernel/locking/spinlock.c:194
__sync_rcu_exp_select_node_cpus kernel/rcu/tree_exp.h:403 [inline]
sync_rcu_exp_select_node_cpus+0x1f0/0xc10 kernel/rcu/tree_exp.h:455
sync_rcu_exp_select_cpus kernel/rcu/tree_exp.h:522 [inline]
rcu_exp_sel_wait_wake+0x22e/0xd40 kernel/rcu/tree_exp.h:718
kthread_worker_fn+0x507/0xb60 kernel/kthread.c:1010
kthread+0x711/0x8a0 kernel/kthread.c:464
ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
----------------
Code disassembly (best guess):
0: 90 nop
1: 90 nop
2: 90 nop
3: 90 nop
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 90 nop
9: 90 nop
a: 90 nop
b: f3 0f 1e fa endbr64
f: 55 push %rbp
10: 53 push %rbx
11: 48 bb 00 00 00 00 00 movabs $0xdffffc0000000000,%rbx
18: fc ff df
1b: 48 c7 c0 e0 d2 a7 99 mov $0xffffffff99a7d2e0,%rax
22: 48 c1 e8 03 shr $0x3,%rax
26: 0f b6 04 18 movzbl (%rax,%rbx,1),%eax
* 2a: 84 c0 test %al,%al <-- trapping instruction
2c: 0f 85 d1 00 00 00 jne 0x103
32: 83 3d 52 f0 16 18 00 cmpl $0x0,0x1816f052(%rip) # 0x1816f08b
39: 75 25 jne 0x60
3b: 65 gs
3c: 8b .byte 0x8b
3d: 05 .byte 0x5
3e: 99 cltd
3f: ad lods %ds:(%rsi),%eax