program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) (async)
landlock_create_ruleset(&(0x7f0000000100)={0x0, 0x3}, 0x10, 0x0) (async, rerun: 32)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NOTIFY_RADAR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r2, 0x1, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x84}, 0x4000) (async, rerun: 32)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e1301"], 0x16) (rerun: 32)
syz_usb_connect(0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0) (rerun: 32)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7)

[   75.751778][ T5308] Bluetooth: hci0: command tx timeout
[   75.845397][ T5331] ------------[ cut here ]------------
[   75.848682][ T5331] workqueue: cannot queue hci_rx_work on wq hci0
[   75.852826][ T5331] WARNING: CPU: 0 PID: 5331 at kernel/workqueue.c:2256 __queue_work+0xd38/0xfb0
[   75.857662][ T5331] Modules linked in:
[   75.859790][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.864691][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.871058][ T5331] RIP: 0010:__queue_work+0xd38/0xfb0
[   75.874080][ T5331] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 a3 bf 9a 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 e0 b8 49 8b 4c 89 fa e8 f9 38 f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 fa bd 35 00 90 0f 0b 90 e9 dd fc ff
[   75.886178][ T5331] RSP: 0018:ffffc9000d37fa70 EFLAGS: 00010046
[   75.889297][ T5331] RAX: 1189cb1db3384e00 RBX: 0000000000000000 RCX: ffff88800058a440
[   75.893510][ T5331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   75.898088][ T5331] RBP: 1ffff11007f09838 R08: ffff88801fe24293 R09: 1ffff11003fc4852
[   75.902978][ T5331] R10: dffffc0000000000 R11: ffffed1003fc4853 R12: dffffc0000000000
[   75.906358][ T5331] R13: ffff88803d920ad8 R14: ffff88800058a440 R15: ffff88803f84c178
[   75.909691][ T5331] FS:  00007fb044dc76c0(0000) GS:ffff88808d972000(0000) knlGS:0000000000000000
[   75.913188][ T5331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.915845][ T5331] CR2: 00007fb044dc6fc8 CR3: 0000000042655000 CR4: 0000000000352ef0
[   75.919408][ T5331] Call Trace:
[   75.920950][ T5331]  <TASK>
[   75.922279][ T5331]  ? rcu_is_watching+0x15/0xb0
[   75.924310][ T5331]  queue_work_on+0x181/0x270
[   75.926364][ T5331]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.928562][ T5331]  ? __pfx_queue_work_on+0x10/0x10
[   75.930824][ T5331]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   75.933387][ T5331]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.936186][ T5331]  ? skb_queue_tail+0x30/0xf0
[   75.938274][ T5331]  hci_recv_frame+0x625/0x7c0
[   75.940379][ T5331]  ? skb_pull+0xc1/0x1d0
[   75.942284][ T5331]  vhci_write+0x358/0x4a0
[   75.944214][ T5331]  vfs_write+0x5c9/0xb30
[   75.946368][ T5331]  ? __pfx_vhci_write+0x10/0x10
[   75.948460][ T5331]  ? __pfx_vfs_write+0x10/0x10
[   75.950619][ T5331]  ? __fget_files+0x2a/0x420
[   75.952683][ T5331]  ksys_write+0x145/0x250
[   75.954653][ T5331]  ? __pfx_ksys_write+0x10/0x10
[   75.956814][ T5331]  ? rcu_is_watching+0x15/0xb0
[   75.958836][ T5331]  ? do_syscall_64+0xbe/0x3b0
[   75.960955][ T5331]  do_syscall_64+0xfa/0x3b0
[   75.962974][ T5331]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.965283][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.967941][ T5331]  ? clear_bhb_loop+0x60/0xb0
[   75.970196][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.972668][ T5331] RIP: 0033:0x7fb043f8d97f
[   75.974606][ T5331] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   75.982893][ T5331] RSP: 002b:00007fb044dc7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   75.986688][ T5331] RAX: ffffffffffffffda RBX: 00007fb0441e6180 RCX: 00007fb043f8d97f
[   75.990116][ T5331] RDX: 0000000000000016 RSI: 0000200000000100 RDI: 00000000000000ca
[   75.993450][ T5331] RBP: 00007fb044011f91 R08: 0000000000000000 R09: 0000000000000000
[   75.996888][ T5331] R10: 0000200000000100 R11: 0000000000000293 R12: 0000000000000000
[   76.000544][ T5331] R13: 00007fb0441e6218 R14: 00007fb0441e6180 R15: 00007ffd047fc578
[   76.003648][ T5331]  </TASK>
[   76.004918][ T5331] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   76.007763][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.011255][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.015611][ T5331] Call Trace:
[   76.017074][ T5331]  <TASK>
[   76.018345][ T5331]  dump_stack_lvl+0x99/0x250
[   76.020366][ T5331]  ? __asan_memcpy+0x40/0x70
[   76.022437][ T5331]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.024800][ T5331]  ? __pfx__printk+0x10/0x10
[   76.026917][ T5331]  vpanic+0x281/0x750
[   76.028732][ T5331]  ? __pfx__printk+0x10/0x10
[   76.030812][ T5331]  ? __pfx_vpanic+0x10/0x10
[   76.032780][ T5331]  ? is_bpf_text_address+0x292/0x2b0
[   76.035135][ T5331]  panic+0xb9/0xc0
[   76.036761][ T5331]  ? __pfx_panic+0x10/0x10
[   76.038693][ T5331]  __warn+0x31b/0x4b0
[   76.040483][ T5331]  ? __queue_work+0xd38/0xfb0
[   76.042574][ T5331]  ? __queue_work+0xd38/0xfb0
[   76.044671][ T5331]  report_bug+0x2be/0x4f0
[   76.046626][ T5331]  ? __queue_work+0xd38/0xfb0
[   76.048746][ T5331]  ? __queue_work+0xd38/0xfb0
[   76.050849][ T5331]  ? __queue_work+0xd3a/0xfb0
[   76.052969][ T5331]  handle_bug+0x84/0x160
[   76.054922][ T5331]  exc_invalid_op+0x1a/0x50
[   76.056988][ T5331]  asm_exc_invalid_op+0x1a/0x20
[   76.059151][ T5331] RIP: 0010:__queue_work+0xd38/0xfb0
[   76.061501][ T5331] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 a3 bf 9a 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 e0 b8 49 8b 4c 89 fa e8 f9 38 f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 fa bd 35 00 90 0f 0b 90 e9 dd fc ff
[   76.069664][ T5331] RSP: 0018:ffffc9000d37fa70 EFLAGS: 00010046
[   76.072256][ T5331] RAX: 1189cb1db3384e00 RBX: 0000000000000000 RCX: ffff88800058a440
[   76.075642][ T5331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   76.079056][ T5331] RBP: 1ffff11007f09838 R08: ffff88801fe24293 R09: 1ffff11003fc4852
[   76.082436][ T5331] R10: dffffc0000000000 R11: ffffed1003fc4853 R12: dffffc0000000000
[   76.085840][ T5331] R13: ffff88803d920ad8 R14: ffff88800058a440 R15: ffff88803f84c178
[   76.089254][ T5331]  ? rcu_is_watching+0x15/0xb0
[   76.091320][ T5331]  queue_work_on+0x181/0x270
[   76.093327][ T5331]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.095762][ T5331]  ? __pfx_queue_work_on+0x10/0x10
[   76.098039][ T5331]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.100707][ T5331]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.103594][ T5331]  ? skb_queue_tail+0x30/0xf0
[   76.105789][ T5331]  hci_recv_frame+0x625/0x7c0
[   76.107925][ T5331]  ? skb_pull+0xc1/0x1d0
[   76.109879][ T5331]  vhci_write+0x358/0x4a0
[   76.111823][ T5331]  vfs_write+0x5c9/0xb30
[   76.113715][ T5331]  ? __pfx_vhci_write+0x10/0x10
[   76.115923][ T5331]  ? __pfx_vfs_write+0x10/0x10
[   76.118062][ T5331]  ? __fget_files+0x2a/0x420
[   76.120078][ T5331]  ksys_write+0x145/0x250
[   76.122144][ T5331]  ? __pfx_ksys_write+0x10/0x10
[   76.124261][ T5331]  ? rcu_is_watching+0x15/0xb0
[   76.126418][ T5331]  ? do_syscall_64+0xbe/0x3b0
[   76.128357][ T5331]  do_syscall_64+0xfa/0x3b0
[   76.130285][ T5331]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.132525][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.135132][ T5331]  ? clear_bhb_loop+0x60/0xb0
[   76.137155][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.139668][ T5331] RIP: 0033:0x7fb043f8d97f
[   76.141621][ T5331] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   76.149875][ T5331] RSP: 002b:00007fb044dc7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   76.153345][ T5331] RAX: ffffffffffffffda RBX: 00007fb0441e6180 RCX: 00007fb043f8d97f
[   76.156745][ T5331] RDX: 0000000000000016 RSI: 0000200000000100 RDI: 00000000000000ca
[   76.160204][ T5331] RBP: 00007fb044011f91 R08: 0000000000000000 R09: 0000000000000000
[   76.163527][ T5331] R10: 0000200000000100 R11: 0000000000000293 R12: 0000000000000000
[   76.166894][ T5331] R13: 00007fb0441e6218 R14: 00007fb0441e6180 R15: 00007ffd047fc578
[   76.170238][ T5331]  </TASK>
[   76.171995][ T5331] Kernel Offset: disabled
[   76.174131][ T5331] Rebooting in 86400 seconds..