program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r1, &(0x7f0000000340)="07000000010000", 0x7)
r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x6, 0x40180)
ioctl$MON_IOCX_GET(r2, 0x40189206, &(0x7f0000000180)={0x0, 0x0})
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000300)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x7})
syz_usbip_server_init(0x3)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
socket$rds(0x15, 0x5, 0x0)
r4 = socket(0x15, 0x5, 0x0)
getsockopt(r4, 0x200000000114, 0x271f, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00', 0xa3e})

[  101.496914][    C0] ------------[ cut here ]------------
[  101.499509][    C0] workqueue: cannot queue hci_cmd_timeout on wq hci0
[  101.502533][    C0] WARNING: kernel/workqueue.c:2298 at __queue_work+0xd3f/0x1040, CPU#0: syz.0.0/5336
[  101.506591][    C0] Modules linked in:
[  101.508399][    C0] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  101.511963][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  101.516055][    C0] RIP: 0010:__queue_work+0xd67/0x1040
[  101.518269][    C0] Code: a6 0e 49 8d 7d 18 48 89 f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 fa 78 a5 00 49 8b 75 18 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef
[  101.526270][    C0] RSP: 0018:ffffc90000007bd8 EFLAGS: 00010082
[  101.528934][    C0] RAX: 1ffff110083af14e RBX: 0000000000000008 RCX: ffff88803049ca80
[  101.532244][    C0] RDX: ffff8880362aa170 RSI: ffffffff8a9c5530 RDI: ffffffff903344b0
[  101.535600][    C0] RBP: 0000000000000100 R08: ffffffff903045f7 R09: 1ffffffff20608be
[  101.538898][    C0] R10: dffffc0000000000 R11: ffffffff818d3910 R12: dffffc0000000000
[  101.542292][    C0] R13: ffff888041d78a58 R14: ffffffff903344b0 R15: ffff8880362aa170
[  101.545776][    C0] FS:  00007f2b1d7116c0(0000) GS:ffff88808c893000(0000) knlGS:0000000000000000
[  101.549517][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  101.552266][    C0] CR2: 00007f2b1ca104d8 CR3: 0000000012c0d000 CR4: 0000000000352ef0
[  101.555598][    C0] Call Trace:
[  101.557102][    C0]  <IRQ>
[  101.558343][    C0]  ? do_raw_spin_lock+0x12b/0x2f0
[  101.560499][    C0]  call_timer_fn+0x192/0x5e0
[  101.562466][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.564974][    C0]  ? call_timer_fn+0xd4/0x5e0
[  101.567020][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  101.569231][    C0]  ? do_raw_spin_unlock+0x4d/0x210
[  101.571312][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.573796][    C0]  __run_timer_base+0x67e/0x8b0
[  101.575861][    C0]  ? ktime_get+0x45/0x220
[  101.577839][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  101.580280][    C0]  ? ktime_get+0x1f5/0x220
[  101.582355][    C0]  run_timer_softirq+0xb7/0x170
[  101.584541][    C0]  handle_softirqs+0x22a/0x840
[  101.586751][    C0]  ? __irq_exit_rcu+0xca/0x220
[  101.588944][    C0]  __irq_exit_rcu+0xca/0x220
[  101.590961][    C0]  irq_exit_rcu+0x9/0x30
[  101.592874][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  101.595374][    C0]  </IRQ>
[  101.596723][    C0]  <TASK>
[  101.598028][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  101.600673][    C0] RIP: 0010:lock_acquire+0x221/0x350
[  101.603041][    C0] Code: ff ff ff e8 71 8e 07 0a f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 db 28 97 11 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 00 83 0a 0a cc 48 8d 3d e8 fc 91
[  101.611317][    C0] RSP: 0018:ffffc9000cc17908 EFLAGS: 00000282
[  101.614097][    C0] RAX: e10f53cba31f2e00 RBX: 0000000000000000 RCX: 0000000000000046
[  101.617632][    C0] RDX: 0000000000000001 RSI: ffffffff8e21af70 RDI: ffffffff8c28cde0
[  101.621206][    C0] RBP: ffffffff818d73f5 R08: 0000000000000008 R09: ffffffff965f2628
[  101.624748][    C0] R10: 00000000210ffbb9 R11: 00000000d553a567 R12: 0000000000000000
[  101.628285][    C0] R13: ffff8880362aa140 R14: 0000000000000001 R15: 0000000000000246
[  101.631702][    C0]  ? touch_wq_lockdep_map+0xb5/0x180
[  101.634060][    C0]  ? touch_wq_lockdep_map+0xb5/0x180
[  101.636452][    C0]  touch_wq_lockdep_map+0xcb/0x180
[  101.638676][    C0]  ? touch_wq_lockdep_map+0xb5/0x180
[  101.640995][    C0]  __flush_workqueue+0x14b/0x14f0
[  101.643220][    C0]  ? drain_workqueue+0xb1/0x390
[  101.645421][    C0]  ? __pfx___flush_workqueue+0x10/0x10
[  101.647740][    C0]  drain_workqueue+0xd3/0x390
[  101.649896][    C0]  hci_dev_close_sync+0x62f/0x10e0
[  101.652291][    C0]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  101.654757][    C0]  ? lockdep_hardirqs_on+0x7a/0x110
[  101.657044][    C0]  ? enable_work+0x1fd/0x230
[  101.659114][    C0]  hci_dev_close+0x108/0x260
[  101.661231][    C0]  sock_do_ioctl+0x101/0x320
[  101.663307][    C0]  ? __pfx_sock_do_ioctl+0x10/0x10
[  101.665635][    C0]  ? do_futex+0x333/0x420
[  101.667502][    C0]  sock_ioctl+0x5c6/0x7f0
[  101.669321][    C0]  ? __pfx_sock_ioctl+0x10/0x10
[  101.671411][    C0]  ? __fget_files+0x2a/0x420
[  101.673461][    C0]  ? __fget_files+0x3a0/0x420
[  101.675466][    C0]  ? __fget_files+0x2a/0x420
[  101.677461][    C0]  ? bpf_lsm_file_ioctl+0x9/0x20
[  101.679511][    C0]  ? __pfx_sock_ioctl+0x10/0x10
[  101.681620][    C0]  __se_sys_ioctl+0xfc/0x170
[  101.683674][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.686331][    C0]  do_syscall_64+0x174/0x580
[  101.688428][    C0]  ? trace_irq_disable+0x3b/0x140
[  101.690556][    C0]  ? clear_bhb_loop+0x40/0x90
[  101.692635][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.695315][    C0] RIP: 0033:0x7f2b1c79ce59
[  101.697311][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  101.705550][    C0] RSP: 002b:00007f2b1d710fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  101.709241][    C0] RAX: ffffffffffffffda RBX: 00007f2b1ca15fa0 RCX: 00007f2b1c79ce59
[  101.712721][    C0] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[  101.716289][    C0] RBP: 00007f2b1c832d6f R08: 0000000000000000 R09: 0000000000000000
[  101.719710][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.723173][    C0] R13: 00007f2b1ca16038 R14: 00007f2b1ca15fa0 R15: 00007ffe3a897078
[  101.726685][    C0]  </TASK>
[  101.728106][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  101.731213][    C0] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  101.735126][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  101.739178][    C0] Call Trace:
[  101.740611][    C0]  <IRQ>
[  101.741858][    C0]  vpanic+0x56c/0xa60
[  101.743567][    C0]  ? __pfx__printk+0x10/0x10
[  101.745433][    C0]  ? __pfx_vpanic+0x10/0x10
[  101.747297][    C0]  ? is_bpf_text_address+0x292/0x2b0
[  101.749657][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  101.751970][    C0]  panic+0xc5/0xd0
[  101.753797][    C0]  ? __pfx_panic+0x10/0x10
[  101.755855][    C0]  __warn+0x315/0x4c0
[  101.757611][    C0]  ? __queue_work+0xd3f/0x1040
[  101.759669][    C0]  ? __queue_work+0xd3f/0x1040
[  101.761782][    C0]  __report_bug+0x29a/0x540
[  101.763890][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  101.766149][    C0]  ? __queue_work+0xd3f/0x1040
[  101.768304][    C0]  ? __pfx___report_bug+0x10/0x10
[  101.770529][    C0]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  101.772881][    C0]  ? look_up_lock_class+0x57/0x110
[  101.775222][    C0]  ? register_lock_class+0x31/0x2e0
[  101.777524][    C0]  report_bug_entry+0x19a/0x290
[  101.779633][    C0]  ? __queue_work+0xd67/0x1040
[  101.781736][    C0]  ? __queue_work+0xd6c/0x1040
[  101.783798][    C0]  handle_bug+0xce/0x200
[  101.785774][    C0]  exc_invalid_op+0x1a/0x50
[  101.787743][    C0]  asm_exc_invalid_op+0x1a/0x20
[  101.789919][    C0] RIP: 0010:__queue_work+0xd67/0x1040
[  101.792204][    C0] Code: a6 0e 49 8d 7d 18 48 89 f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 fa 78 a5 00 49 8b 75 18 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef
[  101.800622][    C0] RSP: 0018:ffffc90000007bd8 EFLAGS: 00010082
[  101.803354][    C0] RAX: 1ffff110083af14e RBX: 0000000000000008 RCX: ffff88803049ca80
[  101.806892][    C0] RDX: ffff8880362aa170 RSI: ffffffff8a9c5530 RDI: ffffffff903344b0
[  101.810391][    C0] RBP: 0000000000000100 R08: ffffffff903045f7 R09: 1ffffffff20608be
[  101.813973][    C0] R10: dffffc0000000000 R11: ffffffff818d3910 R12: dffffc0000000000
[  101.817426][    C0] R13: ffff888041d78a58 R14: ffffffff903344b0 R15: ffff8880362aa170
[  101.820876][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.823486][    C0]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  101.825769][    C0]  ? __queue_work+0xd25/0x1040
[  101.827944][    C0]  ? do_raw_spin_lock+0x12b/0x2f0
[  101.830244][    C0]  call_timer_fn+0x192/0x5e0
[  101.832345][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.834807][    C0]  ? call_timer_fn+0xd4/0x5e0
[  101.836956][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  101.839139][    C0]  ? do_raw_spin_unlock+0x4d/0x210
[  101.841377][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.843994][    C0]  __run_timer_base+0x67e/0x8b0
[  101.846158][    C0]  ? ktime_get+0x45/0x220
[  101.848172][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  101.850529][    C0]  ? ktime_get+0x1f5/0x220
[  101.852492][    C0]  run_timer_softirq+0xb7/0x170
[  101.854658][    C0]  handle_softirqs+0x22a/0x840
[  101.856789][    C0]  ? __irq_exit_rcu+0xca/0x220
[  101.858978][    C0]  __irq_exit_rcu+0xca/0x220
[  101.861136][    C0]  irq_exit_rcu+0x9/0x30
[  101.863098][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  101.865600][    C0]  </IRQ>
[  101.867035][    C0]  <TASK>
[  101.868411][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  101.871128][    C0] RIP: 0010:lock_acquire+0x221/0x350
[  101.873555][    C0] Code: ff ff ff e8 71 8e 07 0a f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 db 28 97 11 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 00 83 0a 0a cc 48 8d 3d e8 fc 91
[  101.881964][    C0] RSP: 0018:ffffc9000cc17908 EFLAGS: 00000282
[  101.884701][    C0] RAX: e10f53cba31f2e00 RBX: 0000000000000000 RCX: 0000000000000046
[  101.888241][    C0] RDX: 0000000000000001 RSI: ffffffff8e21af70 RDI: ffffffff8c28cde0
[  101.891798][    C0] RBP: ffffffff818d73f5 R08: 0000000000000008 R09: ffffffff965f2628
[  101.895459][    C0] R10: 00000000210ffbb9 R11: 00000000d553a567 R12: 0000000000000000
[  101.899014][    C0] R13: ffff8880362aa140 R14: 0000000000000001 R15: 0000000000000246
[  101.902340][    C0]  ? touch_wq_lockdep_map+0xb5/0x180
[  101.904662][    C0]  ? touch_wq_lockdep_map+0xb5/0x180
[  101.907013][    C0]  touch_wq_lockdep_map+0xcb/0x180
[  101.909223][    C0]  ? touch_wq_lockdep_map+0xb5/0x180
[  101.911517][    C0]  __flush_workqueue+0x14b/0x14f0
[  101.913696][    C0]  ? drain_workqueue+0xb1/0x390
[  101.915790][    C0]  ? __pfx___flush_workqueue+0x10/0x10
[  101.918191][    C0]  drain_workqueue+0xd3/0x390
[  101.920258][    C0]  hci_dev_close_sync+0x62f/0x10e0
[  101.922458][    C0]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  101.924869][    C0]  ? lockdep_hardirqs_on+0x7a/0x110
[  101.926896][    C0]  ? enable_work+0x1fd/0x230
[  101.928770][    C0]  hci_dev_close+0x108/0x260
[  101.930601][    C0]  sock_do_ioctl+0x101/0x320
[  101.932452][    C0]  ? __pfx_sock_do_ioctl+0x10/0x10
[  101.934708][    C0]  ? do_futex+0x333/0x420
[  101.936579][    C0]  sock_ioctl+0x5c6/0x7f0
[  101.938432][    C0]  ? __pfx_sock_ioctl+0x10/0x10
[  101.940553][    C0]  ? __fget_files+0x2a/0x420
[  101.942586][    C0]  ? __fget_files+0x3a0/0x420
[  101.944720][    C0]  ? __fget_files+0x2a/0x420
[  101.946753][    C0]  ? bpf_lsm_file_ioctl+0x9/0x20
[  101.948910][    C0]  ? __pfx_sock_ioctl+0x10/0x10
[  101.950988][    C0]  __se_sys_ioctl+0xfc/0x170
[  101.952942][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.955524][    C0]  do_syscall_64+0x174/0x580
[  101.957502][    C0]  ? trace_irq_disable+0x3b/0x140
[  101.959767][    C0]  ? clear_bhb_loop+0x40/0x90
[  101.961789][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.964447][    C0] RIP: 0033:0x7f2b1c79ce59
[  101.966480][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  101.974686][    C0] RSP: 002b:00007f2b1d710fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  101.978262][    C0] RAX: ffffffffffffffda RBX: 00007f2b1ca15fa0 RCX: 00007f2b1c79ce59
[  101.981640][    C0] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[  101.985188][    C0] RBP: 00007f2b1c832d6f R08: 0000000000000000 R09: 0000000000000000
[  101.988491][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.991844][    C0] R13: 00007f2b1ca16038 R14: 00007f2b1ca15fa0 R15: 00007ffe3a897078
[  101.995808][    C0]  </TASK>
[  101.997820][    C0] Kernel Offset: disabled
[  101.999655][    C0] Rebooting in 86400 seconds..