program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf6700000000000015"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94)
write$binfmt_aout(r2, &(0x7f00000002c0)=ANY=[], 0xc1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r2, 0x0)
write$bt_hci(r1, &(0x7f00000000c0)={0x1, @write_sc_support={{0xc7a, 0x1}}}, 0x6)
[ 84.791379][ C0] ------------[ cut here ]------------
[ 84.794595][ C0] workqueue: cannot queue hci_cmd_timeout on wq hci0
[ 84.798900][ C0] WARNING: kernel/workqueue.c:2271 at __queue_work+0xd53/0x1020, CPU#0: syz.0.0/5316
[ 84.803195][ C0] Modules linked in:
[ 84.805077][ C0] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 84.809012][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 84.813118][ C0] RIP: 0010:__queue_work+0xd7e/0x1020
[ 84.815263][ C0] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 73 f1 a3 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[ 84.823346][ C0] RSP: 0018:ffffc90000007c10 EFLAGS: 00010086
[ 84.826082][ C0] RAX: 1ffff11002397151 RBX: 0000000000000008 RCX: ffff88803d35a480
[ 84.829461][ C0] RDX: ffff8880333ef178 RSI: ffffffff8aa053f0 RDI: ffffffff90149890
[ 84.832905][ C0] RBP: 0000000000000100 R08: ffffffff9011a2b7 R09: 1ffffffff2023456
[ 84.836378][ C0] R10: dffffc0000000000 R11: ffffffff818d6390 R12: dffffc0000000000
[ 84.839774][ C0] R13: ffff888011cb8a88 R14: ffffffff90149890 R15: ffff8880333ef178
[ 84.843232][ C0] FS: 00007fe63e3d06c0(0000) GS:ffff88808ca5b000(0000) knlGS:0000000000000000
[ 84.847134][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 84.849888][ C0] CR2: 00007ffebe070f52 CR3: 0000000035a11000 CR4: 0000000000352ef0
[ 84.853260][ C0] Call Trace:
[ 84.854775][ C0]
[ 84.856109][ C0] call_timer_fn+0x192/0x640
[ 84.858248][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 84.860876][ C0] ? call_timer_fn+0xd4/0x640
[ 84.862937][ C0] ? __pfx_call_timer_fn+0x10/0x10
[ 84.865169][ C0] ? do_raw_spin_unlock+0x4d/0x210
[ 84.867379][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 84.870017][ C0] __run_timer_base+0x67e/0x8b0
[ 84.872134][ C0] ? ktime_get+0x45/0x200
[ 84.873988][ C0] ? __pfx___run_timer_base+0x10/0x10
[ 84.876369][ C0] run_timer_softirq+0xb7/0x170
[ 84.878454][ C0] handle_softirqs+0x22a/0x870
[ 84.880578][ C0] ? __irq_exit_rcu+0x5f/0x150
[ 84.882648][ C0] __irq_exit_rcu+0x5f/0x150
[ 84.884645][ C0] irq_exit_rcu+0x9/0x30
[ 84.886527][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 84.889009][ C0]
[ 84.890335][ C0]
[ 84.891566][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 84.894130][ C0] RIP: 0010:lock_acquire+0x20b/0x2e0
[ 84.896481][ C0] Code: e9 30 ff ff ff e8 95 a5 0d 0a f7 c3 00 02 00 00 0f 84 38 ff ff ff 65 48 8b 05 11 d3 7a 11 48 3b 44 24 30 75 33 fb 48 83 c4 38 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 48 8d 3d ce 78 73
[ 84.904712][ C0] RSP: 0018:ffffc9000daaf908 EFLAGS: 00000282
[ 84.907333][ C0] RAX: 6a3116901759c700 RBX: 0000000000000246 RCX: 0000000000000046
[ 84.910706][ C0] RDX: 0000000000000001 RSI: ffffffff8e1663e6 RDI: ffffffff8c27bf00
[ 84.914203][ C0] RBP: 0000000000000000 R08: 0000000000000008 R09: ffffffff96405e10
[ 84.917691][ C0] R10: 000000008b464651 R11: 000000008163efe8 R12: 0000000000000000
[ 84.921071][ C0] R13: ffff8880333ef148 R14: 0000000000000000 R15: 0000000000000001
[ 84.924514][ C0] ? touch_wq_lockdep_map+0xb5/0x180
[ 84.926841][ C0] touch_wq_lockdep_map+0xcb/0x180
[ 84.929158][ C0] ? touch_wq_lockdep_map+0xb5/0x180
[ 84.931503][ C0] __flush_workqueue+0x14b/0x14f0
[ 84.933731][ C0] ? drain_workqueue+0xb1/0x390
[ 84.935697][ C0] ? __pfx___flush_workqueue+0x10/0x10
[ 84.937906][ C0] drain_workqueue+0xd3/0x390
[ 84.939795][ C0] hci_dev_close_sync+0x62f/0x10e0
[ 84.941846][ C0] ? __pfx_hci_dev_close_sync+0x10/0x10
[ 84.944137][ C0] ? lockdep_hardirqs_on+0x7a/0x110
[ 84.946406][ C0] ? enable_work+0x1fd/0x230
[ 84.948479][ C0] hci_dev_close+0x108/0x260
[ 84.950591][ C0] sock_do_ioctl+0x101/0x320
[ 84.952676][ C0] ? __pfx_sock_do_ioctl+0x10/0x10
[ 84.954933][ C0] ? do_futex+0x333/0x420
[ 84.956898][ C0] sock_ioctl+0x5c6/0x7f0
[ 84.958800][ C0] ? __pfx_sock_ioctl+0x10/0x10
[ 84.960992][ C0] ? __fget_files+0x2a/0x420
[ 84.963071][ C0] ? __fget_files+0x3a0/0x420
[ 84.965207][ C0] ? __fget_files+0x2a/0x420
[ 84.967204][ C0] ? bpf_lsm_file_ioctl+0x9/0x20
[ 84.969605][ C0] ? __pfx_sock_ioctl+0x10/0x10
[ 84.971803][ C0] __se_sys_ioctl+0xfc/0x170
[ 84.973887][ C0] do_syscall_64+0x14d/0xf80
[ 84.975937][ C0] ? trace_irq_disable+0x3b/0x150
[ 84.978267][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.980824][ C0] ? clear_bhb_loop+0x40/0x90
[ 84.982955][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.985602][ C0] RIP: 0033:0x7fe63d59c629
[ 84.987586][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 84.995990][ C0] RSP: 002b:00007fe63e3d0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 84.999733][ C0] RAX: ffffffffffffffda RBX: 00007fe63d815fa0 RCX: 00007fe63d59c629
[ 85.003169][ C0] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[ 85.006670][ C0] RBP: 00007fe63d632b39 R08: 0000000000000000 R09: 0000000000000000
[ 85.010142][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 85.013661][ C0] R13: 00007fe63d816038 R14: 00007fe63d815fa0 R15: 00007ffc17f89a98
[ 85.017150][ C0]
[ 85.018570][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 85.021751][ C0] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 85.025600][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.029929][ C0] Call Trace:
[ 85.031423][ C0]
[ 85.032628][ C0] vpanic+0x56c/0xa60
[ 85.034482][ C0] ? __pfx__printk+0x10/0x10
[ 85.036600][ C0] ? __pfx_vpanic+0x10/0x10
[ 85.038452][ C0] ? is_bpf_text_address+0x292/0x2b0
[ 85.040823][ C0] ? is_bpf_text_address+0x26/0x2b0
[ 85.043197][ C0] panic+0xc5/0xd0
[ 85.044913][ C0] ? __pfx_panic+0x10/0x10
[ 85.046960][ C0] __warn+0x315/0x4f0
[ 85.048818][ C0] ? __queue_work+0xd53/0x1020
[ 85.051009][ C0] ? __queue_work+0xd53/0x1020
[ 85.053260][ C0] __report_bug+0x29a/0x540
[ 85.055375][ C0] ? rcu_is_watching+0x15/0xb0
[ 85.057554][ C0] ? __queue_work+0xd53/0x1020
[ 85.059748][ C0] ? __pfx___report_bug+0x10/0x10
[ 85.062061][ C0] ? __pfx_hci_cmd_timeout+0x10/0x10
[ 85.064461][ C0] ? look_up_lock_class+0x57/0x110
[ 85.066799][ C0] ? register_lock_class+0x31/0x2e0
[ 85.069179][ C0] report_bug_entry+0x19a/0x290
[ 85.071395][ C0] ? __queue_work+0xd7e/0x1020
[ 85.073608][ C0] ? __queue_work+0xd83/0x1020
[ 85.075747][ C0] handle_bug+0xca/0x200
[ 85.077644][ C0] exc_invalid_op+0x1a/0x50
[ 85.079771][ C0] asm_exc_invalid_op+0x1a/0x20
[ 85.082027][ C0] RIP: 0010:__queue_work+0xd7e/0x1020
[ 85.084527][ C0] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 73 f1 a3 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[ 85.092964][ C0] RSP: 0018:ffffc90000007c10 EFLAGS: 00010086
[ 85.095683][ C0] RAX: 1ffff11002397151 RBX: 0000000000000008 RCX: ffff88803d35a480
[ 85.099283][ C0] RDX: ffff8880333ef178 RSI: ffffffff8aa053f0 RDI: ffffffff90149890
[ 85.102443][ C0] RBP: 0000000000000100 R08: ffffffff9011a2b7 R09: 1ffffffff2023456
[ 85.105750][ C0] R10: dffffc0000000000 R11: ffffffff818d6390 R12: dffffc0000000000
[ 85.109405][ C0] R13: ffff888011cb8a88 R14: ffffffff90149890 R15: ffff8880333ef178
[ 85.112872][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 85.115571][ C0] ? __pfx_hci_cmd_timeout+0x10/0x10
[ 85.118010][ C0] call_timer_fn+0x192/0x640
[ 85.119902][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 85.122477][ C0] ? call_timer_fn+0xd4/0x640
[ 85.124457][ C0] ? __pfx_call_timer_fn+0x10/0x10
[ 85.126638][ C0] ? do_raw_spin_unlock+0x4d/0x210
[ 85.129061][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 85.132108][ C0] __run_timer_base+0x67e/0x8b0
[ 85.134520][ C0] ? ktime_get+0x45/0x200
[ 85.138938][ C0] ? __pfx___run_timer_base+0x10/0x10
[ 85.141983][ C0] run_timer_softirq+0xb7/0x170
[ 85.144106][ C0] handle_softirqs+0x22a/0x870
[ 85.146101][ C0] ? __irq_exit_rcu+0x5f/0x150
[ 85.148236][ C0] __irq_exit_rcu+0x5f/0x150
[ 85.150311][ C0] irq_exit_rcu+0x9/0x30
[ 85.152187][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 85.154875][ C0]
[ 85.156301][ C0]
[ 85.157668][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 85.160481][ C0] RIP: 0010:lock_acquire+0x20b/0x2e0
[ 85.162903][ C0] Code: e9 30 ff ff ff e8 95 a5 0d 0a f7 c3 00 02 00 00 0f 84 38 ff ff ff 65 48 8b 05 11 d3 7a 11 48 3b 44 24 30 75 33 fb 48 83 c4 38 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 48 8d 3d ce 78 73
[ 85.171392][ C0] RSP: 0018:ffffc9000daaf908 EFLAGS: 00000282
[ 85.174140][ C0] RAX: 6a3116901759c700 RBX: 0000000000000246 RCX: 0000000000000046
[ 85.177625][ C0] RDX: 0000000000000001 RSI: ffffffff8e1663e6 RDI: ffffffff8c27bf00
[ 85.181030][ C0] RBP: 0000000000000000 R08: 0000000000000008 R09: ffffffff96405e10
[ 85.184358][ C0] R10: 000000008b464651 R11: 000000008163efe8 R12: 0000000000000000
[ 85.187778][ C0] R13: ffff8880333ef148 R14: 0000000000000000 R15: 0000000000000001
[ 85.191328][ C0] ? touch_wq_lockdep_map+0xb5/0x180
[ 85.193657][ C0] touch_wq_lockdep_map+0xcb/0x180
[ 85.195875][ C0] ? touch_wq_lockdep_map+0xb5/0x180
[ 85.198208][ C0] __flush_workqueue+0x14b/0x14f0
[ 85.200477][ C0] ? drain_workqueue+0xb1/0x390
[ 85.202579][ C0] ? __pfx___flush_workqueue+0x10/0x10
[ 85.204931][ C0] drain_workqueue+0xd3/0x390
[ 85.206982][ C0] hci_dev_close_sync+0x62f/0x10e0
[ 85.209360][ C0] ? __pfx_hci_dev_close_sync+0x10/0x10
[ 85.211828][ C0] ? lockdep_hardirqs_on+0x7a/0x110
[ 85.214139][ C0] ? enable_work+0x1fd/0x230
[ 85.216099][ C0] hci_dev_close+0x108/0x260
[ 85.218151][ C0] sock_do_ioctl+0x101/0x320
[ 85.220513][ C0] ? __pfx_sock_do_ioctl+0x10/0x10
[ 85.222610][ C0] ? do_futex+0x333/0x420
[ 85.224405][ C0] sock_ioctl+0x5c6/0x7f0
[ 85.226296][ C0] ? __pfx_sock_ioctl+0x10/0x10
[ 85.228605][ C0] ? __fget_files+0x2a/0x420
[ 85.230803][ C0] ? __fget_files+0x3a0/0x420
[ 85.232982][ C0] ? __fget_files+0x2a/0x420
[ 85.235134][ C0] ? bpf_lsm_file_ioctl+0x9/0x20
[ 85.237378][ C0] ? __pfx_sock_ioctl+0x10/0x10
[ 85.239607][ C0] __se_sys_ioctl+0xfc/0x170
[ 85.241822][ C0] do_syscall_64+0x14d/0xf80
[ 85.243937][ C0] ? trace_irq_disable+0x3b/0x150
[ 85.246251][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.249014][ C0] ? clear_bhb_loop+0x40/0x90
[ 85.251155][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.253910][ C0] RIP: 0033:0x7fe63d59c629
[ 85.256545][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 85.265046][ C0] RSP: 002b:00007fe63e3d0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 85.268868][ C0] RAX: ffffffffffffffda RBX: 00007fe63d815fa0 RCX: 00007fe63d59c629
[ 85.272128][ C0] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[ 85.275425][ C0] RBP: 00007fe63d632b39 R08: 0000000000000000 R09: 0000000000000000
[ 85.278731][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 85.281934][ C0] R13: 00007fe63d816038 R14: 00007fe63d815fa0 R15: 00007ffc17f89a98
[ 85.285363][ C0]
[ 85.287366][ C0] Kernel Offset: disabled
[ 85.289511][ C0] Rebooting in 86400 seconds..