program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) (async)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10) (async)
sendmsg$kcm(r1, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e00000022008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0) (async)
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="040e0402030c02"], 0x7)

[   73.943087][ T5298] Bluetooth: hci0: command tx timeout
[   74.075832][ T5319] ------------[ cut here ]------------
[   74.078275][ T5319] workqueue: cannot queue hci_rx_work on wq hci0
[   74.081399][ T5319] WARNING: kernel/workqueue.c:2271 at __queue_work+0xd53/0x1020, CPU#0: syz.0.0/5319
[   74.085389][ T5319] Modules linked in:
[   74.087190][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.091011][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.095302][ T5319] RIP: 0010:__queue_work+0xd7e/0x1020
[   74.097643][ T5319] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 23 f6 a3 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[   74.105983][ T5319] RSP: 0018:ffffc9000e167b20 EFLAGS: 00010086
[   74.108670][ T5319] RAX: 1ffff1100240917b RBX: 0000000000000008 RCX: ffff888000aa4900
[   74.112136][ T5319] RDX: ffff888041414178 RSI: ffffffff8aa04e40 RDI: ffffffff90149890
[   74.115654][ T5319] RBP: 0000000000000000 R08: ffff888012048bc7 R09: 1ffff11002409178
[   74.119125][ T5319] R10: dffffc0000000000 R11: ffffed1002409179 R12: dffffc0000000000
[   74.122554][ T5319] R13: ffff888012048bd8 R14: ffffffff90149890 R15: ffff888041414178
[   74.125970][ T5319] FS:  00007efd1742b6c0(0000) GS:ffff88808ca5b000(0000) knlGS:0000000000000000
[   74.129886][ T5319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.132749][ T5319] CR2: 00002000000016c0 CR3: 0000000043d6b000 CR4: 0000000000352ef0
[   74.136268][ T5319] Call Trace:
[   74.137824][ T5319]  <TASK>
[   74.139170][ T5319]  ? rcu_is_watching+0x15/0xb0
[   74.141260][ T5319]  queue_work_on+0x106/0x1d0
[   74.143322][ T5319]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   74.145921][ T5319]  hci_recv_frame+0x625/0x7c0
[   74.148010][ T5319]  ? skb_pull+0xc1/0x1d0
[   74.149952][ T5319]  vhci_write+0x358/0x4a0
[   74.152005][ T5319]  vfs_write+0x61d/0xb90
[   74.153914][ T5319]  ? __pfx_vfs_write+0x10/0x10
[   74.156073][ T5319]  ? __fget_files+0x2a/0x420
[   74.158159][ T5319]  ksys_write+0x150/0x270
[   74.160133][ T5319]  ? __pfx_ksys_write+0x10/0x10
[   74.162337][ T5319]  do_syscall_64+0x14d/0xf80
[   74.164422][ T5319]  ? trace_irq_disable+0x3b/0x150
[   74.166647][ T5319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.169345][ T5319]  ? clear_bhb_loop+0x40/0x90
[   74.171428][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.174067][ T5319] RIP: 0033:0x7efd1655cece
[   74.176127][ T5319] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   74.184558][ T5319] RSP: 002b:00007efd1742afb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   74.188206][ T5319] RAX: ffffffffffffffda RBX: 00007efd1742b6c0 RCX: 00007efd1655cece
[   74.191582][ T5319] RDX: 0000000000000007 RSI: 0000200000000300 RDI: 00000000000000ca
[   74.195090][ T5319] RBP: 00007efd16632b39 R08: 0000000000000000 R09: 0000000000000000
[   74.198667][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.202149][ T5319] R13: 00007efd16816128 R14: 00007efd16816090 R15: 00007ffc1cc00728
[   74.205652][ T5319]  </TASK>
[   74.207078][ T5319] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   74.210303][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.214143][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.218463][ T5319] Call Trace:
[   74.220042][ T5319]  <TASK>
[   74.221386][ T5319]  vpanic+0x56c/0xa60
[   74.223185][ T5319]  ? __pfx__printk+0x10/0x10
[   74.225165][ T5319]  ? __pfx_vpanic+0x10/0x10
[   74.227149][ T5319]  ? is_bpf_text_address+0x292/0x2b0
[   74.229421][ T5319]  ? is_bpf_text_address+0x26/0x2b0
[   74.231684][ T5319]  panic+0xc5/0xd0
[   74.233354][ T5319]  ? __pfx_panic+0x10/0x10
[   74.235389][ T5319]  __warn+0x315/0x4f0
[   74.237206][ T5319]  ? __queue_work+0xd53/0x1020
[   74.239298][ T5319]  ? __queue_work+0xd53/0x1020
[   74.241469][ T5319]  __report_bug+0x29a/0x540
[   74.243611][ T5319]  ? __queue_work+0xd53/0x1020
[   74.245785][ T5319]  ? __pfx___report_bug+0x10/0x10
[   74.248060][ T5319]  ? __pfx_hci_rx_work+0x10/0x10
[   74.250179][ T5319]  ? do_syscall_64+0x14d/0xf80
[   74.252264][ T5319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.254878][ T5319]  report_bug_entry+0x19a/0x290
[   74.257056][ T5319]  ? __queue_work+0xd7e/0x1020
[   74.259194][ T5319]  ? __queue_work+0xd83/0x1020
[   74.261276][ T5319]  handle_bug+0xca/0x200
[   74.263151][ T5319]  exc_invalid_op+0x1a/0x50
[   74.265259][ T5319]  asm_exc_invalid_op+0x1a/0x20
[   74.267429][ T5319] RIP: 0010:__queue_work+0xd7e/0x1020
[   74.269832][ T5319] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 23 f6 a3 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[   74.278268][ T5319] RSP: 0018:ffffc9000e167b20 EFLAGS: 00010086
[   74.281011][ T5319] RAX: 1ffff1100240917b RBX: 0000000000000008 RCX: ffff888000aa4900
[   74.284524][ T5319] RDX: ffff888041414178 RSI: ffffffff8aa04e40 RDI: ffffffff90149890
[   74.287927][ T5319] RBP: 0000000000000000 R08: ffff888012048bc7 R09: 1ffff11002409178
[   74.291356][ T5319] R10: dffffc0000000000 R11: ffffed1002409179 R12: dffffc0000000000
[   74.294803][ T5319] R13: ffff888012048bd8 R14: ffffffff90149890 R15: ffff888041414178
[   74.298341][ T5319]  ? __pfx_hci_rx_work+0x10/0x10
[   74.300532][ T5319]  ? rcu_is_watching+0x15/0xb0
[   74.302532][ T5319]  queue_work_on+0x106/0x1d0
[   74.304458][ T5319]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   74.306878][ T5319]  hci_recv_frame+0x625/0x7c0
[   74.308723][ T5319]  ? skb_pull+0xc1/0x1d0
[   74.310444][ T5319]  vhci_write+0x358/0x4a0
[   74.312208][ T5319]  vfs_write+0x61d/0xb90
[   74.313928][ T5319]  ? __pfx_vfs_write+0x10/0x10
[   74.315940][ T5319]  ? __fget_files+0x2a/0x420
[   74.317945][ T5319]  ksys_write+0x150/0x270
[   74.319842][ T5319]  ? __pfx_ksys_write+0x10/0x10
[   74.322016][ T5319]  do_syscall_64+0x14d/0xf80
[   74.324104][ T5319]  ? trace_irq_disable+0x3b/0x150
[   74.326328][ T5319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.328960][ T5319]  ? clear_bhb_loop+0x40/0x90
[   74.331008][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.333514][ T5319] RIP: 0033:0x7efd1655cece
[   74.335498][ T5319] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   74.343756][ T5319] RSP: 002b:00007efd1742afb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   74.347361][ T5319] RAX: ffffffffffffffda RBX: 00007efd1742b6c0 RCX: 00007efd1655cece
[   74.350487][ T5319] RDX: 0000000000000007 RSI: 0000200000000300 RDI: 00000000000000ca
[   74.353510][ T5319] RBP: 00007efd16632b39 R08: 0000000000000000 R09: 0000000000000000
[   74.356493][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.359859][ T5319] R13: 00007efd16816128 R14: 00007efd16816090 R15: 00007ffc1cc00728
[   74.363081][ T5319]  </TASK>
[   74.364528][ T5319] Kernel Offset: disabled
[   74.366228][ T5319] Rebooting in 86400 seconds..