------------[ cut here ]------------
workqueue: cannot queue hci_cmd_timeout on wq hci0
WARNING: CPU: 0 PID: 50 at kernel/workqueue.c:2258 __queue_work+0x7b7/0xc10 kernel/workqueue.c:2256
Modules linked in:
CPU: 0 UID: 0 PID: 50 Comm: kworker/u9:0 Not tainted 6.15.0-rc6-next-20250516-syzkaller-g8566fc3b9653 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: hci1 hci_rx_work
RIP: 0010:__queue_work+0x7b7/0xc10 kernel/workqueue.c:2256
Code: df 80 3c 08 00 74 08 4c 89 ef e8 94 94 82 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 40 dc 49 8a 4c 89 fa e8 aa 50 fa ff 90 <0f> 0b 90 90 e9 7a f9 ff ff 90 0f 0b 90 e9 91 f8 ff ff 80 3d 46 0e
RSP: 0018:ffffc90000007b08 EFLAGS: 00010046
RAX: 86093d6eaeec2a00 RBX: dffffc0000000000 RCX: 0000000000000100
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000ffffffff
RBP: 0000000000000008 R08: ffffffff8cd203e3 R09: 1ffffffff19a407c
R10: dffffc0000000000 R11: fffffbfff19a407d R12: 1ffff110049b7f38
R13: ffff8880263fc948 R14: 1ffff92000000f78 R15: ffff888024dbf978
FS:  0000000000000000(0000) GS:ffff888128190000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f04277fed00 CR3: 00000000255a6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 call_timer_fn+0x132/0x410 kernel/time/timer.c:1747
 expire_timers kernel/time/timer.c:1793 [inline]
 __run_timers kernel/time/timer.c:2372 [inline]
 __run_timer_base+0x584/0x720 kernel/time/timer.c:2384
 run_timer_base kernel/time/timer.c:2393 [inline]
 run_timer_softirq+0x8b/0x120 kernel/time/timer.c:2403
 handle_softirqs+0x286/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:console_flush_all+0x613/0x9e0 kernel/printk/printk.c:3227
Code: 00 00 00 f6 84 24 a1 00 00 00 02 0f 85 f5 01 00 00 41 f7 c6 00 02 00 00 49 be 00 00 00 00 00 fc ff df 74 01 fb 42 80 3c 33 00 <74> 08 4c 89 e7 e8 53 5f 6d 00 49 8b 1c 24 44 0f b6 6c 24 10 eb 24
RSP: 0018:ffffc90000bb72a0 EFLAGS: 00000246
RAX: 86093d6eaeec2a00 RBX: 1ffffffff1aa42eb RCX: 86093d6eaeec2a00
RDX: 0000000000000006 RSI: ffffffff8c4f6bb1 RDI: ffffffff8aa27d40
RBP: ffffc90000bb73f0 R08: ffffffff8e4829f7 R09: 1ffffffff1c9053e
R10: dffffc0000000000 R11: fffffbfff1c9053f R12: ffffffff8d521758
R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff8d521700
 __console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
 console_unlock+0xb7/0x1e0 kernel/printk/printk.c:3325
 vprintk_emit+0x3ea/0x5f0 kernel/printk/printk.c:2450
 _printk+0xce/0x120 kernel/printk/printk.c:2475
 bt_warn+0x106/0x150 net/bluetooth/lib.c:276
 hci_cc_func net/bluetooth/hci_event.c:4205 [inline]
 hci_cmd_complete_evt+0x45b/0xa00 net/bluetooth/hci_event.c:4229
 hci_event_func net/bluetooth/hci_event.c:7508 [inline]
 hci_event_packet+0x8b3/0xfe0 net/bluetooth/hci_event.c:7565
 hci_rx_work+0x3be/0xc80 net/bluetooth/hci_core.c:4036
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x9f8/0x13f0 kernel/workqueue.c:3321
 worker_thread+0x772/0xba0 kernel/workqueue.c:3402
 kthread+0x600/0x770 kernel/kthread.c:464
 ret_from_fork+0x2ba/0x570 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	00 f6                	add    %dh,%dh
   4:	84 24 a1             	test   %ah,(%rcx,%riz,4)
   7:	00 00                	add    %al,(%rax)
   9:	00 02                	add    %al,(%rdx)
   b:	0f 85 f5 01 00 00    	jne    0x206
  11:	41 f7 c6 00 02 00 00 	test   $0x200,%r14d
  18:	49 be 00 00 00 00 00 	movabs $0xdffffc0000000000,%r14
  1f:	fc ff df
  22:	74 01                	je     0x25
  24:	fb                   	sti
  25:	42 80 3c 33 00       	cmpb   $0x0,(%rbx,%r14,1)
* 2a:	74 08                	je     0x34 <-- trapping instruction
  2c:	4c 89 e7             	mov    %r12,%rdi
  2f:	e8 53 5f 6d 00       	call   0x6d5f87
  34:	49 8b 1c 24          	mov    (%r12),%rbx
  38:	44 0f b6 6c 24 10    	movzbl 0x10(%rsp),%r13d
  3e:	eb 24                	jmp    0x64