program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0402030c"], 0x7)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @fixed}, 0xe)
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="04030b"], 0xe)
r2 = socket$netlink(0x10, 0x3, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
[ 85.600184][ T45] Bluetooth: hci0: command tx timeout
[ 85.823008][ T5360] ------------[ cut here ]------------
[ 85.825417][ T5360] workqueue: cannot queue hci_rx_work on wq hci0
[ 85.828621][ T5360] WARNING: CPU: 0 PID: 5360 at kernel/workqueue.c:2256 __queue_work+0xd38/0xfb0
[ 85.846227][ T5360] Modules linked in:
[ 85.847833][ T5360] CPU: 0 UID: 0 PID: 5360 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full)
[ 85.863621][ T5360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.868502][ T5360] RIP: 0010:__queue_work+0xd38/0xfb0
[ 85.871076][ T5360] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 53 93 9a 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 e0 de 89 8b 4c 89 fa e8 49 3a f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 4a ab 35 00 90 0f 0b 90 e9 dd fc ff
[ 85.894725][ T5360] RSP: 0018:ffffc9000d3a7a70 EFLAGS: 00010046
[ 85.897273][ T5360] RAX: b0256ac52a3f6f00 RBX: 0000000000000000 RCX: 0000000000100000
[ 85.917127][ T5360] RDX: ffffc9000e633000 RSI: 00000000000008ad RDI: 00000000000008ae
[ 85.936878][ T5360] RBP: 1ffff11003475f38 R08: ffff88801fc24253 R09: 1ffff11003f8484a
[ 85.953924][ T5360] R10: dffffc0000000000 R11: ffffed1003f8484b R12: dffffc0000000000
[ 85.968857][ T5360] R13: ffff888036944ad8 R14: ffff888000cf0000 R15: ffff88801a3af978
[ 85.973783][ T5360] FS: 00007fb8717956c0(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000
[ 85.979686][ T5360] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 86.014559][ T5360] CR2: 00007fb871794fc8 CR3: 0000000035fad000 CR4: 0000000000352ef0
[ 86.018291][ T5360] Call Trace:
[ 86.019924][ T5360]
[ 86.021365][ T5360] ? rcu_is_watching+0x15/0xb0
[ 86.042345][ T5360] queue_work_on+0x181/0x270
[ 86.044777][ T5360] ? lockdep_hardirqs_on+0x9c/0x150
[ 86.047513][ T5360] ? __pfx_queue_work_on+0x10/0x10
[ 86.073719][ T5360] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 86.077636][ T5360] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 86.080925][ T5360] ? skb_queue_tail+0x30/0xf0
[ 86.089507][ T5360] hci_recv_frame+0x5c9/0x720
[ 86.100217][ T5360] ? skb_pull+0xc1/0x1d0
[ 86.102947][ T5360] vhci_write+0x358/0x4a0
[ 86.106358][ T5360] vfs_write+0x5c6/0xb30
[ 86.109044][ T5360] ? __pfx_vhci_write+0x10/0x10
[ 86.121130][ T5360] ? __pfx_vfs_write+0x10/0x10
[ 86.129128][ T5360] ? __fget_files+0x2a/0x420
[ 86.132334][ T5360] ksys_write+0x145/0x250
[ 86.135329][ T5360] ? __pfx_ksys_write+0x10/0x10
[ 86.158362][ T5360] ? do_syscall_64+0xbe/0x3b0
[ 86.161455][ T5360] do_syscall_64+0xfa/0x3b0
[ 86.164203][ T5360] ? lockdep_hardirqs_on+0x9c/0x150
[ 86.167930][ T5360] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.177615][ T5360] ? clear_bhb_loop+0x60/0xb0
[ 86.181191][ T5360] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.194765][ T5360] RIP: 0033:0x7fb87098d69f
[ 86.197817][ T5360] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 86.219711][ T5360] RSP: 002b:00007fb871795000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 86.238289][ T5360] RAX: ffffffffffffffda RBX: 00007fb870bb6090 RCX: 00007fb87098d69f
[ 86.251711][ T5360] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 00000000000000ca
[ 86.264140][ T5360] RBP: 00007fb870a11e19 R08: 0000000000000000 R09: 0000000000000000
[ 86.273572][ T5360] R10: 0000200000000000 R11: 0000000000000293 R12: 0000000000000000
[ 86.280441][ T5360] R13: 00007fb870bb6128 R14: 00007fb870bb6090 R15: 00007ffced1b2ca8
[ 86.287815][ T5360]
[ 86.289275][ T5360] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 86.301443][ T5360] CPU: 0 UID: 0 PID: 5360 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full)
[ 86.306257][ T5360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 86.325782][ T5360] Call Trace:
[ 86.327304][ T5360]
[ 86.328676][ T5360] dump_stack_lvl+0x99/0x250
[ 86.330751][ T5360] ? __asan_memcpy+0x40/0x70
[ 86.350793][ T5360] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.360834][ T5360] ? __pfx__printk+0x10/0x10
[ 86.365089][ T5360] vpanic+0x281/0x750
[ 86.366799][ T5360] ? __pfx__printk+0x10/0x10
[ 86.377944][ T5360] ? __pfx_vpanic+0x10/0x10
[ 86.380023][ T5360] ? is_bpf_text_address+0x292/0x2b0
[ 86.401162][ T5360] panic+0xb9/0xc0
[ 86.403206][ T5360] ? __pfx_panic+0x10/0x10
[ 86.405573][ T5360] __warn+0x31b/0x4b0
[ 86.407787][ T5360] ? __queue_work+0xd38/0xfb0
[ 86.410272][ T5360] ? __queue_work+0xd38/0xfb0
[ 86.412819][ T5360] report_bug+0x2be/0x4f0
[ 86.415268][ T5360] ? __queue_work+0xd38/0xfb0
[ 86.430440][ T5360] ? __queue_work+0xd38/0xfb0
[ 86.441714][ T5360] ? __queue_work+0xd3a/0xfb0
[ 86.444340][ T5360] handle_bug+0x84/0x160
[ 86.446682][ T5360] exc_invalid_op+0x1a/0x50
[ 86.449043][ T5360] asm_exc_invalid_op+0x1a/0x20
[ 86.451559][ T5360] RIP: 0010:__queue_work+0xd38/0xfb0
[ 86.466879][ T5360] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 53 93 9a 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 e0 de 89 8b 4c 89 fa e8 49 3a f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 4a ab 35 00 90 0f 0b 90 e9 dd fc ff
[ 86.477733][ T5360] RSP: 0018:ffffc9000d3a7a70 EFLAGS: 00010046
[ 86.486194][ T5360] RAX: b0256ac52a3f6f00 RBX: 0000000000000000 RCX: 0000000000100000
[ 86.489798][ T5360] RDX: ffffc9000e633000 RSI: 00000000000008ad RDI: 00000000000008ae
[ 86.507172][ T5360] RBP: 1ffff11003475f38 R08: ffff88801fc24253 R09: 1ffff11003f8484a
[ 86.510765][ T5360] R10: dffffc0000000000 R11: ffffed1003f8484b R12: dffffc0000000000
[ 86.526536][ T5360] R13: ffff888036944ad8 R14: ffff888000cf0000 R15: ffff88801a3af978
[ 86.530153][ T5360] ? rcu_is_watching+0x15/0xb0
[ 86.545654][ T5360] queue_work_on+0x181/0x270
[ 86.549904][ T5360] ? lockdep_hardirqs_on+0x9c/0x150
[ 86.569972][ T5360] ? __pfx_queue_work_on+0x10/0x10
[ 86.572956][ T5360] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 86.575386][ T5360] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 86.577973][ T5360] ? skb_queue_tail+0x30/0xf0
[ 86.580022][ T5360] hci_recv_frame+0x5c9/0x720
[ 86.584429][ T5360] ? skb_pull+0xc1/0x1d0
[ 86.599402][ T5360] vhci_write+0x358/0x4a0
[ 86.603740][ T5360] vfs_write+0x5c6/0xb30
[ 86.607484][ T5360] ? __pfx_vhci_write+0x10/0x10
[ 86.611002][ T5360] ? __pfx_vfs_write+0x10/0x10
[ 86.626901][ T5360] ? __fget_files+0x2a/0x420
[ 86.629808][ T5360] ksys_write+0x145/0x250
[ 86.631992][ T5360] ? __pfx_ksys_write+0x10/0x10
[ 86.635339][ T5360] ? do_syscall_64+0xbe/0x3b0
[ 86.638475][ T5360] do_syscall_64+0xfa/0x3b0
[ 86.644225][ T5360] ? lockdep_hardirqs_on+0x9c/0x150
[ 86.649202][ T5360] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.660172][ T5360] ? clear_bhb_loop+0x60/0xb0
[ 86.666052][ T5360] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.668809][ T5360] RIP: 0033:0x7fb87098d69f
[ 86.671554][ T5360] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 86.688549][ T5360] RSP: 002b:00007fb871795000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 86.696412][ T5360] RAX: ffffffffffffffda RBX: 00007fb870bb6090 RCX: 00007fb87098d69f
[ 86.705016][ T5360] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 00000000000000ca
[ 86.708567][ T5360] RBP: 00007fb870a11e19 R08: 0000000000000000 R09: 0000000000000000
[ 86.724417][ T5360] R10: 0000200000000000 R11: 0000000000000293 R12: 0000000000000000
[ 86.728037][ T5360] R13: 00007fb870bb6128 R14: 00007fb870bb6090 R15: 00007ffced1b2ca8
[ 86.731639][ T5360]
[ 86.738656][ T5360] Kernel Offset: disabled
[ 86.740724][ T5360] Rebooting in 86400 seconds..