program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x3}, 0x3, 0x1)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e1301"], 0x16)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) (async)
landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x3}, 0x3, 0x1) (async)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e1301"], 0x16) (async)
syz_usb_connect(0x0, 0x0, 0x0, 0x0) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0) (async)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7) (async)

[   86.142625][ T5339] Bluetooth: hci0: command tx timeout
[   86.303293][ T5369] ------------[ cut here ]------------
[   86.305790][ T5369] workqueue: cannot queue hci_rx_work on wq hci0
[   86.308907][ T5369] WARNING: CPU: 0 PID: 5369 at kernel/workqueue.c:2256 __queue_work+0xd38/0xfb0
[   86.313524][ T5369] Modules linked in:
[   86.315648][ T5369] CPU: 0 UID: 0 PID: 5369 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.320199][ T5369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.324764][ T5369] RIP: 0010:__queue_work+0xd38/0xfb0
[   86.327063][ T5369] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 93 9d 9a 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 20 e1 a9 8b 4c 89 fa e8 99 39 f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 3a ac 35 00 90 0f 0b 90 e9 dd fc ff
[   86.335605][ T5369] RSP: 0018:ffffc9000d3cfa70 EFLAGS: 00010046
[   86.339032][ T5369] RAX: d453bb4519f07900 RBX: 0000000000000000 RCX: ffff88800017c880
[   86.343152][ T5369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   86.346660][ T5369] RBP: 1ffff11008ab9738 R08: ffff88801fc24253 R09: 1ffff11003f8484a
[   86.350148][ T5369] R10: dffffc0000000000 R11: ffffed1003f8484b R12: dffffc0000000000
[   86.353647][ T5369] R13: ffff888037638ad8 R14: ffff88800017c880 R15: ffff8880455cb978
[   86.357595][ T5369] FS:  00007f5a1688b6c0(0000) GS:ffff88808d00a000(0000) knlGS:0000000000000000
[   86.361887][ T5369] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.364813][ T5369] CR2: 00007f5a1688afc8 CR3: 000000003f721000 CR4: 0000000000352ef0
[   86.368432][ T5369] Call Trace:
[   86.370075][ T5369]  <TASK>
[   86.371688][ T5369]  ? rcu_is_watching+0x15/0xb0
[   86.374542][ T5369]  queue_work_on+0x181/0x270
[   86.376787][ T5369]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.379283][ T5369]  ? __pfx_queue_work_on+0x10/0x10
[   86.381644][ T5369]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   86.384114][ T5369]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.386730][ T5369]  ? skb_queue_tail+0x30/0xf0
[   86.388761][ T5369]  hci_recv_frame+0x625/0x7c0
[   86.390674][ T5369]  ? skb_pull+0xc1/0x1d0
[   86.392462][ T5369]  vhci_write+0x358/0x4a0
[   86.394300][ T5369]  vfs_write+0x5c9/0xb30
[   86.396328][ T5369]  ? __pfx_vhci_write+0x10/0x10
[   86.398836][ T5369]  ? __pfx_vfs_write+0x10/0x10
[   86.401340][ T5369]  ? __fget_files+0x2a/0x420
[   86.403361][ T5369]  ksys_write+0x145/0x250
[   86.405327][ T5369]  ? __pfx_ksys_write+0x10/0x10
[   86.407595][ T5369]  ? do_syscall_64+0xbe/0x3b0
[   86.409758][ T5369]  do_syscall_64+0xfa/0x3b0
[   86.411852][ T5369]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.414340][ T5369]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.417347][ T5369]  ? clear_bhb_loop+0x60/0xb0
[   86.420073][ T5369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.423133][ T5369] RIP: 0033:0x7f5a1598d65f
[   86.425184][ T5369] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   86.433625][ T5369] RSP: 002b:00007f5a1688b000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   86.437624][ T5369] RAX: ffffffffffffffda RBX: 00007f5a15bd6180 RCX: 00007f5a1598d65f
[   86.441524][ T5369] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 00000000000000ca
[   86.444979][ T5369] RBP: 00007f5a15a11e19 R08: 0000000000000000 R09: 0000000000000000
[   86.448350][ T5369] R10: 0000200000000040 R11: 0000000000000293 R12: 0000000000000000
[   86.451812][ T5369] R13: 00007f5a15bd6218 R14: 00007f5a15bd6180 R15: 00007ffd875d1a58
[   86.454854][ T5369]  </TASK>
[   86.456344][ T5369] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.460030][ T5369] CPU: 0 UID: 0 PID: 5369 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.463468][ T5369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.467909][ T5369] Call Trace:
[   86.469290][ T5369]  <TASK>
[   86.470661][ T5369]  dump_stack_lvl+0x99/0x250
[   86.472865][ T5369]  ? __asan_memcpy+0x40/0x70
[   86.475076][ T5369]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.477744][ T5369]  ? __pfx__printk+0x10/0x10
[   86.480028][ T5369]  vpanic+0x281/0x750
[   86.481740][ T5369]  ? __pfx__printk+0x10/0x10
[   86.483682][ T5369]  ? __pfx_vpanic+0x10/0x10
[   86.485591][ T5369]  ? is_bpf_text_address+0x292/0x2b0
[   86.487828][ T5369]  panic+0xb9/0xc0
[   86.489402][ T5369]  ? __pfx_panic+0x10/0x10
[   86.491268][ T5369]  __warn+0x31b/0x4b0
[   86.493037][ T5369]  ? __queue_work+0xd38/0xfb0
[   86.495010][ T5369]  ? __queue_work+0xd38/0xfb0
[   86.497160][ T5369]  report_bug+0x2be/0x4f0
[   86.499526][ T5369]  ? __queue_work+0xd38/0xfb0
[   86.502589][ T5369]  ? __queue_work+0xd38/0xfb0
[   86.505085][ T5369]  ? __queue_work+0xd3a/0xfb0
[   86.507242][ T5369]  handle_bug+0x84/0x160
[   86.509049][ T5369]  exc_invalid_op+0x1a/0x50
[   86.510955][ T5369]  asm_exc_invalid_op+0x1a/0x20
[   86.512796][ T5369] RIP: 0010:__queue_work+0xd38/0xfb0
[   86.514760][ T5369] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 93 9d 9a 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 20 e1 a9 8b 4c 89 fa e8 99 39 f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 3a ac 35 00 90 0f 0b 90 e9 dd fc ff
[   86.522708][ T5369] RSP: 0018:ffffc9000d3cfa70 EFLAGS: 00010046
[   86.525533][ T5369] RAX: d453bb4519f07900 RBX: 0000000000000000 RCX: ffff88800017c880
[   86.529231][ T5369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   86.532559][ T5369] RBP: 1ffff11008ab9738 R08: ffff88801fc24253 R09: 1ffff11003f8484a
[   86.535435][ T5369] R10: dffffc0000000000 R11: ffffed1003f8484b R12: dffffc0000000000
[   86.538719][ T5369] R13: ffff888037638ad8 R14: ffff88800017c880 R15: ffff8880455cb978
[   86.542607][ T5369]  ? rcu_is_watching+0x15/0xb0
[   86.544835][ T5369]  queue_work_on+0x181/0x270
[   86.546885][ T5369]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.549252][ T5369]  ? __pfx_queue_work_on+0x10/0x10
[   86.551482][ T5369]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   86.553959][ T5369]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.557282][ T5369]  ? skb_queue_tail+0x30/0xf0
[   86.560213][ T5369]  hci_recv_frame+0x625/0x7c0
[   86.562368][ T5369]  ? skb_pull+0xc1/0x1d0
[   86.564080][ T5369]  vhci_write+0x358/0x4a0
[   86.565822][ T5369]  vfs_write+0x5c9/0xb30
[   86.567578][ T5369]  ? __pfx_vhci_write+0x10/0x10
[   86.569720][ T5369]  ? __pfx_vfs_write+0x10/0x10
[   86.571901][ T5369]  ? __fget_files+0x2a/0x420
[   86.574106][ T5369]  ksys_write+0x145/0x250
[   86.576010][ T5369]  ? __pfx_ksys_write+0x10/0x10
[   86.578179][ T5369]  ? do_syscall_64+0xbe/0x3b0
[   86.580456][ T5369]  do_syscall_64+0xfa/0x3b0
[   86.583079][ T5369]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.586149][ T5369]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.589316][ T5369]  ? clear_bhb_loop+0x60/0xb0
[   86.591317][ T5369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.593851][ T5369] RIP: 0033:0x7f5a1598d65f
[   86.595704][ T5369] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   86.603572][ T5369] RSP: 002b:00007f5a1688b000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   86.607859][ T5369] RAX: ffffffffffffffda RBX: 00007f5a15bd6180 RCX: 00007f5a1598d65f
[   86.611811][ T5369] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 00000000000000ca
[   86.615081][ T5369] RBP: 00007f5a15a11e19 R08: 0000000000000000 R09: 0000000000000000
[   86.618388][ T5369] R10: 0000200000000040 R11: 0000000000000293 R12: 0000000000000000
[   86.622009][ T5369] R13: 00007f5a15bd6218 R14: 00007f5a15bd6180 R15: 00007ffd875d1a58
[   86.625168][ T5369]  </TASK>
[   86.626761][ T5369] Kernel Offset: disabled
[   86.628749][ T5369] Rebooting in 86400 seconds..