program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0) (async)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040e04141a0cea"], 0x7)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0)

[   68.672743][ T5297] Bluetooth: hci0: command tx timeout
[   68.733675][ T5319] ------------[ cut here ]------------
[   68.736039][ T5319] workqueue: cannot queue hci_rx_work on wq hci0
[   68.739011][ T5319] WARNING: CPU: 0 PID: 5319 at kernel/workqueue.c:2258 __queue_work+0xd38/0xfb0
[   68.744121][ T5319] Modules linked in:
[   68.745914][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   68.749476][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.753741][ T5319] RIP: 0010:__queue_work+0xd38/0xfb0
[   68.755741][ T5319] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 43 4c 9d 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 20 eb 69 8b 4c 89 fa e8 b9 31 f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 da 23 36 00 90 0f 0b 90 e9 dd fc ff
[   68.763312][ T5319] RSP: 0018:ffffc9000d427a70 EFLAGS: 00010046
[   68.765995][ T5319] RAX: 4d4f74c2dcccdb00 RBX: 0000000000000000 RCX: ffff888034d82480
[   68.769542][ T5319] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   68.773007][ T5319] RBP: 1ffff11008651838 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   68.776520][ T5319] R10: dffffc0000000000 R11: ffffed1003f84853 R12: dffffc0000000000
[   68.780065][ T5319] R13: ffff888034978ae0 R14: ffff888034d82480 R15: ffff88804328c178
[   68.783564][ T5319] FS:  00007f01183816c0(0000) GS:ffff88808d306000(0000) knlGS:0000000000000000
[   68.787227][ T5319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.790059][ T5319] CR2: 00007f0118380fc8 CR3: 000000001248f000 CR4: 0000000000352ef0
[   68.793604][ T5319] Call Trace:
[   68.795127][ T5319]  <TASK>
[   68.796461][ T5319]  ? rcu_is_watching+0x15/0xb0
[   68.798728][ T5319]  queue_work_on+0x181/0x270
[   68.800844][ T5319]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.803207][ T5319]  ? __pfx_queue_work_on+0x10/0x10
[   68.805505][ T5319]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   68.808098][ T5319]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.810896][ T5319]  ? skb_queue_tail+0x30/0xf0
[   68.812983][ T5319]  hci_recv_frame+0x625/0x7c0
[   68.815095][ T5319]  ? skb_pull+0xc1/0x1d0
[   68.817025][ T5319]  vhci_write+0x358/0x4a0
[   68.818945][ T5319]  vfs_write+0x5c6/0xb30
[   68.820881][ T5319]  ? __pfx_vhci_write+0x10/0x10
[   68.823067][ T5319]  ? __pfx_vfs_write+0x10/0x10
[   68.825237][ T5319]  ? __fget_files+0x2a/0x420
[   68.827299][ T5319]  ksys_write+0x145/0x250
[   68.829253][ T5319]  ? __pfx_ksys_write+0x10/0x10
[   68.831410][ T5319]  ? do_syscall_64+0xbe/0xfa0
[   68.833595][ T5319]  do_syscall_64+0xfa/0xfa0
[   68.835694][ T5319]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.838004][ T5319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.840502][ T5319]  ? clear_bhb_loop+0x60/0xb0
[   68.842460][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.844888][ T5319] RIP: 0033:0x7f011758d97f
[   68.846759][ T5319] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   68.855132][ T5319] RSP: 002b:00007f0118381000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   68.858870][ T5319] RAX: ffffffffffffffda RBX: 00007f01177e6180 RCX: 00007f011758d97f
[   68.862392][ T5319] RDX: 0000000000000007 RSI: 0000200000000180 RDI: 00000000000000ca
[   68.865766][ T5319] RBP: 00007f0117611f91 R08: 0000000000000000 R09: 0000000000000000
[   68.869256][ T5319] R10: 0000200000000180 R11: 0000000000000293 R12: 0000000000000000
[   68.872827][ T5319] R13: 00007f01177e6218 R14: 00007f01177e6180 R15: 00007ffc65732e58
[   68.876287][ T5319]  </TASK>
[   68.877728][ T5319] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   68.880905][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   68.884886][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.889614][ T5319] Call Trace:
[   68.891139][ T5319]  <TASK>
[   68.892485][ T5319]  dump_stack_lvl+0x99/0x250
[   68.894484][ T5319]  ? __asan_memcpy+0x40/0x70
[   68.896577][ T5319]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.898867][ T5319]  ? __pfx__printk+0x10/0x10
[   68.901012][ T5319]  vpanic+0x237/0x6d0
[   68.902851][ T5319]  ? __pfx_vpanic+0x10/0x10
[   68.904897][ T5319]  panic+0xb9/0xc0
[   68.906586][ T5319]  ? __pfx_panic+0x10/0x10
[   68.908622][ T5319]  __warn+0x31b/0x4b0
[   68.910433][ T5319]  ? __queue_work+0xd38/0xfb0
[   68.912366][ T5319]  ? __queue_work+0xd38/0xfb0
[   68.914244][ T5319]  report_bug+0x2be/0x4f0
[   68.916006][ T5319]  ? __queue_work+0xd38/0xfb0
[   68.917925][ T5319]  ? __queue_work+0xd38/0xfb0
[   68.919805][ T5319]  ? __queue_work+0xd3a/0xfb0
[   68.921758][ T5319]  handle_bug+0x84/0x160
[   68.923612][ T5319]  exc_invalid_op+0x1a/0x50
[   68.925704][ T5319]  asm_exc_invalid_op+0x1a/0x20
[   68.927900][ T5319] RIP: 0010:__queue_work+0xd38/0xfb0
[   68.930386][ T5319] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 43 4c 9d 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 20 eb 69 8b 4c 89 fa e8 b9 31 f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 da 23 36 00 90 0f 0b 90 e9 dd fc ff
[   68.938125][ T5319] RSP: 0018:ffffc9000d427a70 EFLAGS: 00010046
[   68.940866][ T5319] RAX: 4d4f74c2dcccdb00 RBX: 0000000000000000 RCX: ffff888034d82480
[   68.944353][ T5319] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   68.947871][ T5319] RBP: 1ffff11008651838 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   68.951262][ T5319] R10: dffffc0000000000 R11: ffffed1003f84853 R12: dffffc0000000000
[   68.954738][ T5319] R13: ffff888034978ae0 R14: ffff888034d82480 R15: ffff88804328c178
[   68.958162][ T5319]  ? rcu_is_watching+0x15/0xb0
[   68.960250][ T5319]  queue_work_on+0x181/0x270
[   68.962363][ T5319]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.964645][ T5319]  ? __pfx_queue_work_on+0x10/0x10
[   68.967024][ T5319]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   68.969640][ T5319]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.972340][ T5319]  ? skb_queue_tail+0x30/0xf0
[   68.974316][ T5319]  hci_recv_frame+0x625/0x7c0
[   68.976309][ T5319]  ? skb_pull+0xc1/0x1d0
[   68.978224][ T5319]  vhci_write+0x358/0x4a0
[   68.980125][ T5319]  vfs_write+0x5c6/0xb30
[   68.981956][ T5319]  ? __pfx_vhci_write+0x10/0x10
[   68.984084][ T5319]  ? __pfx_vfs_write+0x10/0x10
[   68.986211][ T5319]  ? __fget_files+0x2a/0x420
[   68.988225][ T5319]  ksys_write+0x145/0x250
[   68.990095][ T5319]  ? __pfx_ksys_write+0x10/0x10
[   68.992224][ T5319]  ? do_syscall_64+0xbe/0xfa0
[   68.994334][ T5319]  do_syscall_64+0xfa/0xfa0
[   68.996264][ T5319]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.998542][ T5319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.001170][ T5319]  ? clear_bhb_loop+0x60/0xb0
[   69.003098][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.005611][ T5319] RIP: 0033:0x7f011758d97f
[   69.007484][ T5319] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   69.015849][ T5319] RSP: 002b:00007f0118381000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   69.019496][ T5319] RAX: ffffffffffffffda RBX: 00007f01177e6180 RCX: 00007f011758d97f
[   69.022715][ T5319] RDX: 0000000000000007 RSI: 0000200000000180 RDI: 00000000000000ca
[   69.025896][ T5319] RBP: 00007f0117611f91 R08: 0000000000000000 R09: 0000000000000000
[   69.029270][ T5319] R10: 0000200000000180 R11: 0000000000000293 R12: 0000000000000000
[   69.032780][ T5319] R13: 00007f01177e6218 R14: 00007f01177e6180 R15: 00007ffc65732e58
[   69.036153][ T5319]  </TASK>
[   69.037907][ T5319] Kernel Offset: disabled
[   69.039891][ T5319] Rebooting in 86400 seconds..