------------[ cut here ]------------
workqueue: cannot queue hci_cmd_timeout on wq hci2
WARNING: kernel/workqueue.c:2283 at __queue_work+0xd1f/0xfc0 kernel/workqueue.c:2281, CPU#1: syz-executor/10686
Modules linked in:
CPU: 1 UID: 0 PID: 10686 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:__queue_work+0xd4a/0xfc0 kernel/workqueue.c:2281
Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 77 67 a2 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
RSP: 0000:ffffc90000a08c10 EFLAGS: 00010082
RAX: 1ffff11007cfc14e RBX: 0000000000000008 RCX: ffff888028a31ec0
RDX: ffff8880300e8970 RSI: ffffffff8a9ea690 RDI: ffffffff9014e750
RBP: 0000000000000100 R08: ffffffff9011f1b7 R09: 1ffffffff2023e36
R10: dffffc0000000000 R11: ffffffff818d2ba0 R12: dffffc0000000000
R13: ffff88803e7e0a70 R14: ffffffff9014e750 R15: ffff8880300e8970
FS:  0000000000000000(0000) GS:ffff88812555a000(0063) knlGS:0000000056e97480
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000080151018 CR3: 0000000029712000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 call_timer_fn+0x192/0x5e0 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1794 [inline]
 __run_timers kernel/time/timer.c:2374 [inline]
 __run_timer_base+0x67e/0x8b0 kernel/time/timer.c:2386
 run_timer_base kernel/time/timer.c:2395 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2405
 handle_softirqs+0x22a/0x840 kernel/softirq.c:622
 do_softirq+0x76/0xd0 kernel/softirq.c:523
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 netif_addr_unlock_bh include/linux/netdevice.h:4927 [inline]
 dev_uc_add+0xd0/0x120 net/core/dev_addr_lists.c:694
 macvlan_open+0x446/0x8e0 drivers/net/macvlan.c:653
 __dev_open+0x44d/0x830 net/core/dev.c:1702
 __dev_change_flags+0x1f7/0x690 net/core/dev.c:9781
 netif_change_flags+0x88/0x1a0 net/core/dev.c:9844
 do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3180
 rtnl_changelink net/core/rtnetlink.c:3798 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3971 [inline]
 rtnl_newlink+0x15ad/0x1bb0 net/core/rtnetlink.c:4108
 rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6994
 netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:792 [inline]
 __sock_sendmsg net/socket.c:807 [inline]
 __sys_sendto+0x672/0x710 net/socket.c:2271
 __do_compat_sys_socketcall net/compat.c:-1 [inline]
 __se_compat_sys_socketcall net/compat.c:423 [inline]
 __ia32_compat_sys_socketcall+0x765/0xa10 net/compat.c:423
 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
 do_int80_emulation+0x181/0x530 arch/x86/entry/syscall_32.c:172
 asm_int80_emulation+0x1a/0x20 arch/x86/include/asm/idtentry.h:621
RIP: 0023:0xf7155cab
Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
RSP: 002b:00000000f753f74c EFLAGS: 00000246 ORIG_RAX: 0000000000000066
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f753f7f4
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	83 c5 18             	add    $0x18,%ebp
   3:	4c 89 e8             	mov    %r13,%rax
   6:	48 c1 e8 03          	shr    $0x3,%rax
   a:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
   f:	74 08                	je     0x19
  11:	4c 89 ef             	mov    %r13,%rdi
  14:	e8 77 67 a2 00       	call   0xa26790
  19:	49 8b 75 00          	mov    0x0(%r13),%rsi
  1d:	49 81 c7 70 01 00 00 	add    $0x170,%r15
  24:	4c 89 f7             	mov    %r14,%rdi
  27:	4c 89 fa             	mov    %r15,%rdx
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	48 83 c4 58          	add    $0x58,%rsp
  33:	5b                   	pop    %rbx
  34:	41 5c                	pop    %r12
  36:	41 5d                	pop    %r13
  38:	41 5e                	pop    %r14
  3a:	41 5f                	pop    %r15
  3c:	5d                   	pop    %rbp
  3d:	c3                   	ret
  3e:	cc                   	int3
  3f:	cc                   	int3