program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r4 = socket$kcm(0x10, 0x3, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
syz_80211_join_ibss(&(0x7f0000000100)='wlan1\x00', &(0x7f0000000180)=@default_ibss_ssid, 0x6, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={0x0, 0xd, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r5, @ANYBLOB="0c009900ff0700007800ff010000000018007acaae0d02e3b5ad8721b9fb72fb431f26f52b20a1042125b327996b616c6c0300000000000000000800050007"], 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044894)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

[  101.174381][    C0] ------------[ cut here ]------------
[  101.177068][    C0] workqueue: cannot queue hci_cmd_timeout on wq hci0
[  101.180279][    C0] WARNING: kernel/workqueue.c:2271 at __queue_work+0xd53/0x1020, CPU#0: kworker/u4:4/44
[  101.184635][    C0] Modules linked in:
[  101.186963][    C0] CPU: 0 UID: 0 PID: 44 Comm: kworker/u4:4 Not tainted syzkaller #0 PREEMPT(full) 
[  101.191582][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  101.196588][    C0] Workqueue: ipv6_addrconf addrconf_dad_work
[  101.199293][    C0] RIP: 0010:__queue_work+0xd7e/0x1020
[  101.201680][    C0] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 53 19 a4 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 5a d6
[  101.211865][    C0] RSP: 0018:ffffc90000007c10 EFLAGS: 00010086
[  101.215054][    C0] RAX: 1ffff110023b8951 RBX: 0000000000000008 RCX: ffff88801fa8c980
[  101.218690][    C0] RDX: ffff888036760178 RSI: ffffffff8aa166b0 RDI: ffffffff9014b500
[  101.221995][    C0] RBP: 0000000000000100 R08: ffffffff9011beb7 R09: 1ffffffff20237d6
[  101.225337][    C0] R10: dffffc0000000000 R11: ffffffff818d68a0 R12: dffffc0000000000
[  101.228257][    C0] R13: ffff888011dc4a88 R14: ffffffff9014b500 R15: ffff888036760178
[  101.231738][    C0] FS:  0000000000000000(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[  101.236442][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  101.239671][    C0] CR2: 00005615972bb890 CR3: 00000000120e7000 CR4: 0000000000352ef0
[  101.242728][    C0] Call Trace:
[  101.244085][    C0]  <IRQ>
[  101.245309][    C0]  call_timer_fn+0x192/0x640
[  101.247433][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.250046][    C0]  ? call_timer_fn+0xd4/0x640
[  101.252717][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  101.255000][    C0]  ? do_raw_spin_unlock+0x4d/0x210
[  101.256881][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.258969][    C0]  __run_timer_base+0x67e/0x8b0
[  101.261202][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  101.264125][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  101.267382][    C0]  ? try_to_wake_up+0x7fc/0x1390
[  101.269686][    C0]  run_timer_softirq+0xb7/0x170
[  101.271869][    C0]  handle_softirqs+0x22a/0x870
[  101.274261][    C0]  ? do_softirq+0x76/0xd0
[  101.276445][    C0]  ? addrconf_dad_completed+0xb69/0xe60
[  101.279347][    C0]  do_softirq+0x76/0xd0
[  101.281800][    C0]  </IRQ>
[  101.283283][    C0]  <TASK>
[  101.284686][    C0]  __local_bh_enable_ip+0xf8/0x130
[  101.287106][    C0]  addrconf_dad_completed+0xb69/0xe60
[  101.289582][    C0]  ? __pfx_addrconf_dad_completed+0x10/0x10
[  101.292302][    C0]  ? addrconf_dad_work+0xdb1/0x14c0
[  101.295004][    C0]  ? __local_bh_enable_ip+0xd0/0x130
[  101.298296][    C0]  addrconf_dad_work+0xc5e/0x14c0
[  101.301061][    C0]  ? __pfx_addrconf_dad_work+0x10/0x10
[  101.303482][    C0]  ? process_scheduled_works+0xa8d/0x18c0
[  101.305994][    C0]  ? process_scheduled_works+0xa8d/0x18c0
[  101.308739][    C0]  process_scheduled_works+0xb6e/0x18c0
[  101.311356][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  101.314128][    C0]  ? assign_work+0x3d5/0x5e0
[  101.316581][    C0]  worker_thread+0xa53/0xfc0
[  101.319200][    C0]  kthread+0x388/0x470
[  101.321160][    C0]  ? __pfx_worker_thread+0x10/0x10
[  101.323582][    C0]  ? __pfx_kthread+0x10/0x10
[  101.325712][    C0]  ret_from_fork+0x51e/0xb90
[  101.327954][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  101.330450][    C0]  ? __switch_to+0xc7d/0x1450
[  101.332755][    C0]  ? __pfx_kthread+0x10/0x10
[  101.335037][    C0]  ret_from_fork_asm+0x1a/0x30
[  101.337217][    C0]  </TASK>
[  101.338654][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  101.342155][    C0] CPU: 0 UID: 0 PID: 44 Comm: kworker/u4:4 Not tainted syzkaller #0 PREEMPT(full) 
[  101.347458][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  101.352177][    C0] Workqueue: ipv6_addrconf addrconf_dad_work
[  101.355019][    C0] Call Trace:
[  101.356601][    C0]  <IRQ>
[  101.357941][    C0]  vpanic+0x56c/0xa60
[  101.359858][    C0]  ? __pfx__printk+0x10/0x10
[  101.362048][    C0]  ? __pfx_vpanic+0x10/0x10
[  101.364511][    C0]  ? is_bpf_text_address+0x292/0x2b0
[  101.367419][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  101.370022][    C0]  panic+0xc5/0xd0
[  101.371878][    C0]  ? __pfx_panic+0x10/0x10
[  101.374093][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  101.376745][    C0]  __warn+0x315/0x4f0
[  101.379285][    C0]  ? __queue_work+0xd53/0x1020
[  101.382365][    C0]  ? __queue_work+0xd53/0x1020
[  101.385150][    C0]  __report_bug+0x29a/0x540
[  101.387830][    C0]  ? __queue_work+0xd53/0x1020
[  101.390427][    C0]  ? __pfx___report_bug+0x10/0x10
[  101.393805][    C0]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  101.397609][    C0]  ? look_up_lock_class+0x57/0x110
[  101.399835][    C0]  ? register_lock_class+0x31/0x2e0
[  101.401909][    C0]  report_bug_entry+0x19a/0x290
[  101.404143][    C0]  ? __queue_work+0xd7e/0x1020
[  101.406757][    C0]  ? __queue_work+0xd83/0x1020
[  101.409125][    C0]  handle_bug+0xce/0x200
[  101.411359][    C0]  exc_invalid_op+0x1a/0x50
[  101.413684][    C0]  asm_exc_invalid_op+0x1a/0x20
[  101.415954][    C0] RIP: 0010:__queue_work+0xd7e/0x1020
[  101.418426][    C0] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 53 19 a4 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 5a d6
[  101.428052][    C0] RSP: 0018:ffffc90000007c10 EFLAGS: 00010086
[  101.430911][    C0] RAX: 1ffff110023b8951 RBX: 0000000000000008 RCX: ffff88801fa8c980
[  101.434280][    C0] RDX: ffff888036760178 RSI: ffffffff8aa166b0 RDI: ffffffff9014b500
[  101.438284][    C0] RBP: 0000000000000100 R08: ffffffff9011beb7 R09: 1ffffffff20237d6
[  101.442939][    C0] R10: dffffc0000000000 R11: ffffffff818d68a0 R12: dffffc0000000000
[  101.446837][    C0] R13: ffff888011dc4a88 R14: ffffffff9014b500 R15: ffff888036760178
[  101.450297][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.452948][    C0]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  101.455646][    C0]  call_timer_fn+0x192/0x640
[  101.458536][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.461649][    C0]  ? call_timer_fn+0xd4/0x640
[  101.463891][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  101.466259][    C0]  ? do_raw_spin_unlock+0x4d/0x210
[  101.468261][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.471285][    C0]  __run_timer_base+0x67e/0x8b0
[  101.473764][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  101.476283][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  101.479128][    C0]  ? try_to_wake_up+0x7fc/0x1390
[  101.481258][    C0]  run_timer_softirq+0xb7/0x170
[  101.483401][    C0]  handle_softirqs+0x22a/0x870
[  101.485608][    C0]  ? do_softirq+0x76/0xd0
[  101.487729][    C0]  ? addrconf_dad_completed+0xb69/0xe60
[  101.490810][    C0]  do_softirq+0x76/0xd0
[  101.492782][    C0]  </IRQ>
[  101.494650][    C0]  <TASK>
[  101.496475][    C0]  __local_bh_enable_ip+0xf8/0x130
[  101.499183][    C0]  addrconf_dad_completed+0xb69/0xe60
[  101.501693][    C0]  ? __pfx_addrconf_dad_completed+0x10/0x10
[  101.504435][    C0]  ? addrconf_dad_work+0xdb1/0x14c0
[  101.506920][    C0]  ? __local_bh_enable_ip+0xd0/0x130
[  101.509919][    C0]  addrconf_dad_work+0xc5e/0x14c0
[  101.512757][    C0]  ? __pfx_addrconf_dad_work+0x10/0x10
[  101.515462][    C0]  ? process_scheduled_works+0xa8d/0x18c0
[  101.517893][    C0]  ? process_scheduled_works+0xa8d/0x18c0
[  101.519959][    C0]  process_scheduled_works+0xb6e/0x18c0
[  101.522462][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  101.525235][    C0]  ? assign_work+0x3d5/0x5e0
[  101.528062][    C0]  worker_thread+0xa53/0xfc0
[  101.530476][    C0]  kthread+0x388/0x470
[  101.532350][    C0]  ? __pfx_worker_thread+0x10/0x10
[  101.534493][    C0]  ? __pfx_kthread+0x10/0x10
[  101.536329][    C0]  ret_from_fork+0x51e/0xb90
[  101.538505][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  101.540907][    C0]  ? __switch_to+0xc7d/0x1450
[  101.543379][    C0]  ? __pfx_kthread+0x10/0x10
[  101.545577][    C0]  ret_from_fork_asm+0x1a/0x30
[  101.547617][    C0]  </TASK>
[  101.549344][    C0] Kernel Offset: disabled
[  101.551477][    C0] Rebooting in 86400 seconds..