program:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect(r0, &(0x7f0000000000)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x8}, 0x80)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0)

[   93.626349][ T5286] Bluetooth: hci0: command tx timeout
[   93.657819][    T9] cfg80211: failed to load regulatory.db
[   93.665717][ T5309] ------------[ cut here ]------------
[   93.667778][ T5309] workqueue: cannot queue hci_tx_work on wq hci0
[   93.670270][ T5309] WARNING: kernel/workqueue.c:2298 at __queue_work+0xd1f/0xfc0, CPU#0: kworker/0:5/5309
[   93.674103][ T5309] Modules linked in:
[   93.675796][ T5309] CPU: 0 UID: 0 PID: 5309 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) 
[   93.679233][ T5309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   93.682884][ T5309] Workqueue: events l2cap_info_timeout
[   93.684983][ T5309] RIP: 0010:__queue_work+0xd4a/0xfc0
[   93.686960][ T5309] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 47 54 a5 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[   93.694028][ T5309] RSP: 0018:ffffc9000e42f778 EFLAGS: 00010082
[   93.696339][ T5309] RAX: 1ffff1100254618a RBX: 0000000000000008 RCX: ffff88800e470000
[   93.699312][ T5309] RDX: ffff888043643970 RSI: ffffffff8a9d8360 RDI: ffffffff9033c3b0
[   93.702186][ T5309] RBP: 0000000000000020 R08: ffff888012a30c3f R09: 1ffff11002546187
[   93.705161][ T5309] R10: dffffc0000000000 R11: ffffed1002546188 R12: dffffc0000000000
[   93.707871][ T5309] R13: ffff888012a30c50 R14: ffffffff9033c3b0 R15: ffff888043643970
[   93.710681][ T5309] FS:  0000000000000000(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000
[   93.714013][ T5309] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   93.716502][ T5309] CR2: 00007fba154bda50 CR3: 0000000012441000 CR4: 0000000000352ef0
[   93.719560][ T5309] Call Trace:
[   93.720881][ T5309]  <TASK>
[   93.722039][ T5309]  ? hci_send_acl+0x96b/0xe60
[   93.723725][ T5309]  ? rcu_is_watching+0x15/0xb0
[   93.725698][ T5309]  queue_work_on+0x106/0x1d0
[   93.727477][ T5309]  l2cap_send_conn_req+0x243/0x370
[   93.729497][ T5309]  ? __pfx_l2cap_send_conn_req+0x10/0x10
[   93.731847][ T5309]  ? rcu_is_watching+0x15/0xb0
[   93.733810][ T5309]  ? l2cap_chan_check_security+0x303/0x570
[   93.736043][ T5309]  l2cap_conn_start+0xb2b/0xf20
[   93.737893][ T5309]  ? __pfx_l2cap_conn_start+0x10/0x10
[   93.739990][ T5309]  ? l2cap_info_timeout+0x60/0xa0
[   93.741875][ T5309]  ? __pfx___mutex_lock+0x10/0x10
[   93.743826][ T5309]  ? process_scheduled_works+0xa70/0x1860
[   93.746053][ T5309]  l2cap_info_timeout+0x68/0xa0
[   93.747931][ T5309]  ? process_scheduled_works+0xa70/0x1860
[   93.750243][ T5309]  process_scheduled_works+0xb5d/0x1860
[   93.752313][ T5309]  ? __pfx_process_scheduled_works+0x10/0x10
[   93.754586][ T5309]  ? assign_work+0x3d5/0x5e0
[   93.756201][ T5309]  worker_thread+0xa53/0xfc0
[   93.758046][ T5309]  kthread+0x388/0x470
[   93.759708][ T5309]  ? __pfx_worker_thread+0x10/0x10
[   93.761718][ T5309]  ? __pfx_kthread+0x10/0x10
[   93.763564][ T5309]  ret_from_fork+0x514/0xb70
[   93.765415][ T5309]  ? __pfx_ret_from_fork+0x10/0x10
[   93.767412][ T5309]  ? __switch_to+0xc79/0x1410
[   93.769264][ T5309]  ? __pfx_kthread+0x10/0x10
[   93.770968][ T5309]  ret_from_fork_asm+0x1a/0x30
[   93.772761][ T5309]  </TASK>
[   93.773954][ T5309] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   93.776639][ T5309] CPU: 0 UID: 0 PID: 5309 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) 
[   93.780083][ T5309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   93.783949][ T5309] Workqueue: events l2cap_info_timeout
[   93.786114][ T5309] Call Trace:
[   93.787401][ T5309]  <TASK>
[   93.788559][ T5309]  vpanic+0x56c/0xa60
[   93.790143][ T5309]  ? __pfx__printk+0x10/0x10
[   93.791952][ T5309]  ? __pfx_vpanic+0x10/0x10
[   93.793654][ T5309]  ? is_bpf_text_address+0x292/0x2b0
[   93.795578][ T5309]  ? is_bpf_text_address+0x26/0x2b0
[   93.797449][ T5309]  panic+0xc5/0xd0
[   93.798852][ T5309]  ? __pfx_panic+0x10/0x10
[   93.800572][ T5309]  ? ret_from_fork_asm+0x1a/0x30
[   93.802566][ T5309]  __warn+0x315/0x4c0
[   93.804049][ T5309]  ? __queue_work+0xd1f/0xfc0
[   93.805906][ T5309]  ? __queue_work+0xd1f/0xfc0
[   93.807724][ T5309]  __report_bug+0x29a/0x540
[   93.809593][ T5309]  ? add_lock_to_list+0xc7/0x100
[   93.811408][ T5309]  ? __queue_work+0xd1f/0xfc0
[   93.813298][ T5309]  ? __pfx___report_bug+0x10/0x10
[   93.815262][ T5309]  ? __pfx_hci_tx_work+0x10/0x10
[   93.817152][ T5309]  report_bug_entry+0x19a/0x290
[   93.819006][ T5309]  ? __queue_work+0xd4a/0xfc0
[   93.820895][ T5309]  ? __queue_work+0xd4f/0xfc0
[   93.822666][ T5309]  handle_bug+0xce/0x200
[   93.824351][ T5309]  exc_invalid_op+0x1a/0x50
[   93.826087][ T5309]  asm_exc_invalid_op+0x1a/0x20
[   93.827963][ T5309] RIP: 0010:__queue_work+0xd4a/0xfc0
[   93.830056][ T5309] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 47 54 a5 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[   93.837153][ T5309] RSP: 0018:ffffc9000e42f778 EFLAGS: 00010082
[   93.840922][ T5309] RAX: 1ffff1100254618a RBX: 0000000000000008 RCX: ffff88800e470000
[   93.844377][ T5309] RDX: ffff888043643970 RSI: ffffffff8a9d8360 RDI: ffffffff9033c3b0
[   93.847459][ T5309] RBP: 0000000000000020 R08: ffff888012a30c3f R09: 1ffff11002546187
[   93.850637][ T5309] R10: dffffc0000000000 R11: ffffed1002546188 R12: dffffc0000000000
[   93.853924][ T5309] R13: ffff888012a30c50 R14: ffffffff9033c3b0 R15: ffff888043643970
[   93.857085][ T5309]  ? __pfx_hci_tx_work+0x10/0x10
[   93.859038][ T5309]  ? __queue_work+0xf74/0xfc0
[   93.860802][ T5309]  ? hci_send_acl+0x96b/0xe60
[   93.862643][ T5309]  ? rcu_is_watching+0x15/0xb0
[   93.864533][ T5309]  queue_work_on+0x106/0x1d0
[   93.866413][ T5309]  l2cap_send_conn_req+0x243/0x370
[   93.868484][ T5309]  ? __pfx_l2cap_send_conn_req+0x10/0x10
[   93.870766][ T5309]  ? rcu_is_watching+0x15/0xb0
[   93.872692][ T5309]  ? l2cap_chan_check_security+0x303/0x570
[   93.875057][ T5309]  l2cap_conn_start+0xb2b/0xf20
[   93.877021][ T5309]  ? __pfx_l2cap_conn_start+0x10/0x10
[   93.879248][ T5309]  ? l2cap_info_timeout+0x60/0xa0
[   93.881331][ T5309]  ? __pfx___mutex_lock+0x10/0x10
[   93.883363][ T5309]  ? process_scheduled_works+0xa70/0x1860
[   93.885576][ T5309]  l2cap_info_timeout+0x68/0xa0
[   93.887500][ T5309]  ? process_scheduled_works+0xa70/0x1860
[   93.889734][ T5309]  process_scheduled_works+0xb5d/0x1860
[   93.891940][ T5309]  ? __pfx_process_scheduled_works+0x10/0x10
[   93.894271][ T5309]  ? assign_work+0x3d5/0x5e0
[   93.896125][ T5309]  worker_thread+0xa53/0xfc0
[   93.898041][ T5309]  kthread+0x388/0x470
[   93.899741][ T5309]  ? __pfx_worker_thread+0x10/0x10
[   93.901800][ T5309]  ? __pfx_kthread+0x10/0x10
[   93.903575][ T5309]  ret_from_fork+0x514/0xb70
[   93.905399][ T5309]  ? __pfx_ret_from_fork+0x10/0x10
[   93.907269][ T5309]  ? __switch_to+0xc79/0x1410
[   93.909042][ T5309]  ? __pfx_kthread+0x10/0x10
[   93.910875][ T5309]  ret_from_fork_asm+0x1a/0x30
[   93.912789][ T5309]  </TASK>
[   93.914461][ T5309] Kernel Offset: disabled
[   93.916151][ T5309] Rebooting in 86400 seconds..