------------[ cut here ]------------
workqueue: cannot queue hci_cmd_timeout on wq hci5
WARNING: CPU: 1 PID: 0 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0 kernel/workqueue.c:2256
Modules linked in:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc7-syzkaller-00138-g513fc69f8fc7 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__queue_work+0xd62/0xfe0 kernel/workqueue.c:2256
Code: 42 80 3c 20 00 74 08 4c 89 ef e8 09 2c 95 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 00 e9 89 8b 4c 89 fa e8 4f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 a0 44 35 00 90 0f 0b 90 e9 dd fc ff
RSP: 0018:ffffc90000a08b08 EFLAGS: 00010046
RAX: 25612f24d4ec1200 RBX: 0000000000000100 RCX: ffff88801d2e5a00
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 1ffff1100f0bb538 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: dffffc0000000000
R13: ffff888077e60988 R14: 0000000000000008 R15: ffff8880785da978
FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3060eff8 CR3: 0000000034256000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 call_timer_fn+0x17b/0x5f0 kernel/time/timer.c:1747
 expire_timers kernel/time/timer.c:1793 [inline]
 __run_timers kernel/time/timer.c:2372 [inline]
 __run_timer_base+0x646/0x860 kernel/time/timer.c:2384
 run_timer_base kernel/time/timer.c:2393 [inline]
 run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403
 handle_softirqs+0x283/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:tick_nohz_idle_exit+0x36b/0x470 kernel/time/tick-sched.c:1473
Code: 0f 85 0f ff ff ff e8 f4 d8 0d 00 49 bc 00 00 00 00 00 fc ff df eb 05 e8 e3 d8 0d 00 e8 fe 64 15 00 fb 48 c7 04 24 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 65 48 8b 05 24 43 ea 10 48 3b 44 24 40
RSP: 0018:ffffc90000197d60 EFLAGS: 00000286
RAX: 25612f24d4ec1200 RBX: ffff8880b8728400 RCX: 25612f24d4ec1200
RDX: 0000000000000000 RSI: ffffffff8d982ff2 RDI: ffffffff8be1ba80
RBP: ffffc90000197df0 R08: ffffffff8fa0b3f7 R09: 1ffffffff1f4167e
R10: dffffc0000000000 R11: fffffbfff1f4167f R12: dffffc0000000000
R13: 1ffff92000032fac R14: 0000000000000004 R15: 00000045cd78f3d8
 do_idle+0x49e/0x510 kernel/sched/idle.c:338
 cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:423
 start_secondary+0x101/0x110 arch/x86/kernel/smpboot.c:315
 common_startup_64+0x13e/0x147
 </TASK>
----------------
Code disassembly (best guess):
   0:	0f 85 0f ff ff ff    	jne    0xffffff15
   6:	e8 f4 d8 0d 00       	call   0xdd8ff
   b:	49 bc 00 00 00 00 00 	movabs $0xdffffc0000000000,%r12
  12:	fc ff df
  15:	eb 05                	jmp    0x1c
  17:	e8 e3 d8 0d 00       	call   0xdd8ff
  1c:	e8 fe 64 15 00       	call   0x15651f
  21:	fb                   	sti
  22:	48 c7 04 24 0e 36 e0 	movq   $0x45e0360e,(%rsp)
  29:	45
* 2a:	4b c7 44 25 00 00 00 	movq   $0x0,0x0(%r13,%r12,1) <-- trapping instruction
  31:	00 00
  33:	65 48 8b 05 24 43 ea 	mov    %gs:0x10ea4324(%rip),%rax        # 0x10ea435f
  3a:	10
  3b:	48 3b 44 24 40       	cmp    0x40(%rsp),%rax