program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000100001000000000000000000090000002c000000050a030000000000000000000209ffff0b00024000000000000000010900010073797a300000ff00001400000011000100e7ffffff000000000000003f589d09f4f1d86dffefb22b2e1b962a1ab539063ffeba7feb609d1b44782bcae95317f759466e39a2fc34115311a41dad5ccf5710ac8dcdce778e5619ec50b51964bfee68943a8bfb8b0a351ff7ea3a0466c50b300cd2fb52773c1a824d841dff83f4082df66f7c902aa1d170ee07ebd1d4aee73baf19c347"], 0x54}}, 0x80)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0) (async)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7)

[   87.576237][ T5322] Bluetooth: hci0: command tx timeout
[   87.636034][ T5345] ------------[ cut here ]------------
[   87.638358][ T5345] workqueue: cannot queue hci_rx_work on wq hci0
[   87.641058][ T5345] WARNING: CPU: 0 PID: 5345 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0
[   87.644810][ T5345] Modules linked in:
[   87.646432][ T5345] CPU: 0 UID: 0 PID: 5345 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[   87.650905][ T5345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.655293][ T5345] RIP: 0010:__queue_work+0xd62/0xfe0
[   87.657369][ T5345] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 f9 d0 98 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 00 e9 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 f0 50 35 00 90 0f 0b 90 e9 dd fc ff
[   87.665439][ T5345] RSP: 0018:ffffc9000d44fa68 EFLAGS: 00010046
[   87.668024][ T5345] RAX: 3cd0cda09e576400 RBX: 0000000000000000 RCX: ffff8880003da440
[   87.671767][ T5345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   87.675601][ T5345] RBP: 1ffff1100808c738 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   87.679075][ T5345] R10: dffffc0000000000 R11: ffffed1003f84853 R12: dffffc0000000000
[   87.682423][ T5345] R13: ffff888036460ad8 R14: ffff8880003da440 R15: ffff888040463978
[   87.685747][ T5345] FS:  00007f2bbd6456c0(0000) GS:ffff88808d21a000(0000) knlGS:0000000000000000
[   87.689479][ T5345] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.692482][ T5345] CR2: 00007f2bbd644fc8 CR3: 00000000356ac000 CR4: 0000000000352ef0
[   87.696049][ T5345] Call Trace:
[   87.697482][ T5345]  <TASK>
[   87.698676][ T5345]  ? rcu_is_watching+0x15/0xb0
[   87.700740][ T5345]  queue_work_on+0x181/0x270
[   87.703004][ T5345]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.705282][ T5345]  ? __pfx_queue_work_on+0x10/0x10
[   87.707534][ T5345]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   87.710253][ T5345]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   87.713052][ T5345]  ? skb_queue_tail+0x30/0xf0
[   87.715170][ T5345]  hci_recv_frame+0x5c9/0x720
[   87.717213][ T5345]  ? skb_pull+0xc1/0x1d0
[   87.719103][ T5345]  vhci_write+0x358/0x4a0
[   87.721016][ T5345]  vfs_write+0x548/0xa90
[   87.722883][ T5345]  ? __pfx_vhci_write+0x10/0x10
[   87.724949][ T5345]  ? __pfx_vfs_write+0x10/0x10
[   87.727174][ T5345]  ? __fget_files+0x2a/0x420
[   87.728960][ T5345]  ksys_write+0x145/0x250
[   87.730760][ T5345]  ? __pfx_ksys_write+0x10/0x10
[   87.732982][ T5345]  ? do_syscall_64+0xbe/0x3b0
[   87.735158][ T5345]  do_syscall_64+0xfa/0x3b0
[   87.737155][ T5345]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.739316][ T5345]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.741991][ T5345]  ? clear_bhb_loop+0x60/0xb0
[   87.744081][ T5345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.746581][ T5345] RIP: 0033:0x7f2bbc78d45f
[   87.748541][ T5345] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   87.756864][ T5345] RSP: 002b:00007f2bbd645000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   87.760555][ T5345] RAX: ffffffffffffffda RBX: 00007f2bbc9b6160 RCX: 00007f2bbc78d45f
[   87.764075][ T5345] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 00000000000000ca
[   87.767523][ T5345] RBP: 00007f2bbc810d69 R08: 0000000000000000 R09: 0000000000000000
[   87.771174][ T5345] R10: 0000200000000040 R11: 0000000000000293 R12: 0000000000000000
[   87.774672][ T5345] R13: 0000000000000001 R14: 00007f2bbc9b6160 R15: 00007ffe007e2878
[   87.777909][ T5345]  </TASK>
[   87.779320][ T5345] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.782668][ T5345] CPU: 0 UID: 0 PID: 5345 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[   87.787603][ T5345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.792309][ T5345] Call Trace:
[   87.793743][ T5345]  <TASK>
[   87.795069][ T5345]  dump_stack_lvl+0x99/0x250
[   87.797081][ T5345]  ? __asan_memcpy+0x40/0x70
[   87.799142][ T5345]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.801452][ T5345]  ? __pfx__printk+0x10/0x10
[   87.803353][ T5345]  panic+0x2db/0x790
[   87.804911][ T5345]  ? __pfx_panic+0x10/0x10
[   87.806628][ T5345]  ? show_trace_log_lvl+0x4fb/0x550
[   87.808657][ T5345]  __warn+0x31b/0x4b0
[   87.810334][ T5345]  ? __queue_work+0xd62/0xfe0
[   87.812134][ T5345]  ? __queue_work+0xd62/0xfe0
[   87.813992][ T5345]  report_bug+0x2be/0x4f0
[   87.815855][ T5345]  ? __queue_work+0xd62/0xfe0
[   87.817950][ T5345]  ? __queue_work+0xd62/0xfe0
[   87.820218][ T5345]  ? __queue_work+0xd64/0xfe0
[   87.822217][ T5345]  handle_bug+0x84/0x160
[   87.824052][ T5345]  exc_invalid_op+0x1a/0x50
[   87.825966][ T5345]  asm_exc_invalid_op+0x1a/0x20
[   87.828108][ T5345] RIP: 0010:__queue_work+0xd62/0xfe0
[   87.830524][ T5345] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 f9 d0 98 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 00 e9 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 f0 50 35 00 90 0f 0b 90 e9 dd fc ff
[   87.838770][ T5345] RSP: 0018:ffffc9000d44fa68 EFLAGS: 00010046
[   87.841396][ T5345] RAX: 3cd0cda09e576400 RBX: 0000000000000000 RCX: ffff8880003da440
[   87.844753][ T5345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   87.848395][ T5345] RBP: 1ffff1100808c738 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   87.852030][ T5345] R10: dffffc0000000000 R11: ffffed1003f84853 R12: dffffc0000000000
[   87.855493][ T5345] R13: ffff888036460ad8 R14: ffff8880003da440 R15: ffff888040463978
[   87.858727][ T5345]  ? __queue_work+0xd61/0xfe0
[   87.860676][ T5345]  ? rcu_is_watching+0x15/0xb0
[   87.862772][ T5345]  queue_work_on+0x181/0x270
[   87.864766][ T5345]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.866868][ T5345]  ? __pfx_queue_work_on+0x10/0x10
[   87.869188][ T5345]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   87.871764][ T5345]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   87.874582][ T5345]  ? skb_queue_tail+0x30/0xf0
[   87.876584][ T5345]  hci_recv_frame+0x5c9/0x720
[   87.878685][ T5345]  ? skb_pull+0xc1/0x1d0
[   87.880737][ T5345]  vhci_write+0x358/0x4a0
[   87.882677][ T5345]  vfs_write+0x548/0xa90
[   87.884519][ T5345]  ? __pfx_vhci_write+0x10/0x10
[   87.886680][ T5345]  ? __pfx_vfs_write+0x10/0x10
[   87.888763][ T5345]  ? __fget_files+0x2a/0x420
[   87.890907][ T5345]  ksys_write+0x145/0x250
[   87.892807][ T5345]  ? __pfx_ksys_write+0x10/0x10
[   87.895081][ T5345]  ? do_syscall_64+0xbe/0x3b0
[   87.897221][ T5345]  do_syscall_64+0xfa/0x3b0
[   87.899115][ T5345]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.901242][ T5345]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.903885][ T5345]  ? clear_bhb_loop+0x60/0xb0
[   87.905947][ T5345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.908610][ T5345] RIP: 0033:0x7f2bbc78d45f
[   87.910665][ T5345] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   87.919643][ T5345] RSP: 002b:00007f2bbd645000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   87.923522][ T5345] RAX: ffffffffffffffda RBX: 00007f2bbc9b6160 RCX: 00007f2bbc78d45f
[   87.927692][ T5345] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 00000000000000ca
[   87.931656][ T5345] RBP: 00007f2bbc810d69 R08: 0000000000000000 R09: 0000000000000000
[   87.934971][ T5345] R10: 0000200000000040 R11: 0000000000000293 R12: 0000000000000000
[   87.938470][ T5345] R13: 0000000000000001 R14: 00007f2bbc9b6160 R15: 00007ffe007e2878
[   87.941953][ T5345]  </TASK>
[   87.943718][ T5345] Kernel Offset: disabled
[   87.945536][ T5345] Rebooting in 86400 seconds..