------------[ cut here ]------------
workqueue: cannot queue hci_cmd_timeout on wq hci2
WARNING: kernel/workqueue.c:2251 at __queue_work+0xc9d/0x10e0 kernel/workqueue.c:2250, CPU#0: modprobe/13923
Modules linked in:
CPU: 0 UID: 0 PID: 13923 Comm: modprobe Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__queue_work+0xca1/0x10e0 kernel/workqueue.c:2250
Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d 63 ed 06 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 70 31 3a 00 90 0f 0b 90 e9 15 f6
RSP: 0000:ffffc90000007be8 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11006f29951
RDX: ffff88803364a178 RSI: ffffffff8a6b6ae0 RDI: ffffffff908b9fe0
RBP: ffff88803794ca70 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000100 R11: ffff88802438d4b0 R12: 1ffff92000000f8f
R13: ffffffff8184c3c0 R14: 0000000000000100 R15: ffff88803364a000
FS:  0000000000000000(0000) GS:ffff8880d68f6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f29bd37c020 CR3: 000000005d1b5000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 000000000000000c DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 call_timer_fn+0x19a/0x5a0 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1794 [inline]
 __run_timers+0x569/0xae0 kernel/time/timer.c:2373
 __run_timer_base kernel/time/timer.c:2385 [inline]
 __run_timer_base kernel/time/timer.c:2377 [inline]
 run_timer_base+0x114/0x190 kernel/time/timer.c:2394
 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2404
 handle_softirqs+0x219/0x950 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:get_current arch/x86/include/asm/current.h:25 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70 kernel/kcov.c:216
Code: e9 cd 16 5e 00 be 03 00 00 00 5b e9 e2 d9 ed 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 34 24 <65> 48 8b 15 08 bc f3 11 65 8b 05 19 bc f3 11 a9 00 01 ff 00 74 1d
RSP: 0000:ffffc900043bfc38 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00007f29bd37c000 RCX: ffffffff8213517e
RDX: ffff88802438c980 RSI: ffffffff8213518c RDI: 0000000000000007
RBP: 000000005096a067 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: ffff88802438d4b0 R12: 0000000000000000
R13: ffff888025ebcf48 R14: 0000000000000001 R15: 0000000000000067
 pmd_flags arch/x86/include/asm/pgtable_types.h:466 [inline]
 pmd_present arch/x86/include/asm/pgtable.h:992 [inline]
 ___pte_offset_map+0xec/0x380 mm/pgtable-generic.c:295
 __pte_offset_map include/linux/mm.h:3346 [inline]
 pte_offset_map_rw_nolock+0x37/0x1a0 mm/pgtable-generic.c:328
 handle_pte_fault mm/memory.c:6258 [inline]
 __handle_mm_fault+0xd60/0x2bb0 mm/memory.c:6411
 handle_mm_fault+0x3fe/0xad0 mm/memory.c:6580
 do_user_addr_fault+0x60c/0x1370 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x64/0xc0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f29bd39b8f3
Code: 01 31 c9 ba 01 00 00 00 48 8b bd 68 fd ff ff 48 89 fe e8 00 d6 fe ff 49 89 c6 48 85 c0 0f 84 30 13 00 00 48 8b 0d 7d 74 01 00 <48> 8b 41 20 0f b7 71 38 48 01 c8 66 41 89 b6 f0 02 00 00 49 89 86
RSP: 002b:00007fff895892c0 EFLAGS: 00010206
RAX: 00007f29bd3b48f0 RBX: 0000000000000030 RCX: 00007f29bd37c000
RDX: 00007f29bd3b4608 RSI: 00007f29bd3b4c98 RDI: 00007f29bd3b4be8
RBP: 00007fff89589570 R08: 00007f29bd3b4ea8 R09: 0000000000000000
R10: 00000000c0000002 R11: fffffffffffff000 R12: 00007f29bd3b4280
R13: 0000000000000001 R14: 00007f29bd3b48f0 R15: 0000000000000001
 </TASK>
----------------
Code disassembly (best guess):
   0:	78 01                	js     0x3
   2:	00 00                	add    %al,(%rax)
   4:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
   b:	fc ff df
   e:	48 89 f9             	mov    %rdi,%rcx
  11:	48 c1 e9 03          	shr    $0x3,%rcx
  15:	80 3c 01 00          	cmpb   $0x0,(%rcx,%rax,1)
  19:	0f 85 0c 04 00 00    	jne    0x42b
  1f:	48 8d 3d 63 ed 06 0f 	lea    0xf06ed63(%rip),%rdi        # 0xf06ed89
  26:	48 8b 75 18          	mov    0x18(%rbp),%rsi
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	e9 90 f7 ff ff       	jmp    0xfffff7c4
  34:	e8 70 31 3a 00       	call   0x3a31a9
  39:	90                   	nop
  3a:	0f 0b                	ud2
  3c:	90                   	nop
  3d:	e9                   	.byte 0xe9
  3e:	15                   	.byte 0x15
  3f:	f6                   	.byte 0xf6