program:
r0 = io_uring_setup(0x2a2c, &(0x7f0000000000)={0x0, 0x0, 0x2, 0xfffffffc})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448cb, 0x0)
syz_emit_vhci(&(0x7f00000006c0)=ANY=[@ANYBLOB="040e0402030c"], 0x7)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
close(0xffffffffffffffff)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000100)={0x1f, 0x8ef}, 0x5)
close_range(r0, 0xffffffffffffffff, 0x0)

[   85.494609][ T4679] Bluetooth: hci0: command tx timeout
[   85.558863][ T5339] ------------[ cut here ]------------
[   85.561579][ T5339] workqueue: cannot queue hci_conn_timeout on wq hci0
[   85.564906][ T5339] WARNING: CPU: 0 PID: 5339 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0
[   85.568534][ T5339] Modules linked in:
[   85.570287][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[   85.574603][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.579939][ T5339] RIP: 0010:__queue_work+0xd62/0xfe0
[   85.582296][ T5339] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 99 00 99 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 20 e0 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 00 89 35 00 90 0f 0b 90 e9 dd fc ff
[   85.590730][ T5339] RSP: 0018:ffffc9000ef078a8 EFLAGS: 00010046
[   85.593916][ T5339] RAX: 2d6e64daa41cfa00 RBX: 0000000000000000 RCX: 0000000000100000
[   85.597687][ T5339] RDX: ffffc9000e5ec000 RSI: 00000000000014f7 RDI: 00000000000014f8
[   85.601214][ T5339] RBP: 1ffff11003423b38 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   85.604710][ T5339] R10: dffffc0000000000 R11: ffffed1003f84853 R12: dffffc0000000000
[   85.608832][ T5339] R13: ffff88804251c960 R14: ffff888000eda440 R15: ffff88801a11d978
[   85.612597][ T5339] FS:  00007f241923b6c0(0000) GS:ffff88808d252000(0000) knlGS:0000000000000000
[   85.616513][ T5339] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.619446][ T5339] CR2: 00007ffc3250c3e0 CR3: 00000000344f0000 CR4: 0000000000352ef0
[   85.623607][ T5339] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   85.627867][ T5339] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   85.631351][ T5339] Call Trace:
[   85.632941][ T5339]  <TASK>
[   85.634369][ T5339]  ? __queue_delayed_work+0xe1/0x2d0
[   85.637065][ T5339]  queue_delayed_work_on+0x18b/0x280
[   85.643288][ T5339]  ? __pfx___cancel_work+0x10/0x10
[   85.645818][ T5339]  ? __pfx_queue_delayed_work_on+0x10/0x10
[   85.648621][ T5339]  ? hci_conn_drop+0x14d/0x280
[   85.650773][ T5339]  l2cap_chan_del+0x285/0x5e0
[   85.653011][ T5339]  l2cap_chan_close+0x597/0x980
[   85.655946][ T5339]  ? __pfx_l2cap_chan_close+0x10/0x10
[   85.659137][ T5339]  l2cap_sock_shutdown+0xa8f/0x1130
[   85.661565][ T5339]  ? __lock_acquire+0xab9/0xd20
[   85.663848][ T5339]  ? do_raw_write_lock+0x11d/0x260
[   85.666165][ T5339]  ? __pfx_l2cap_sock_shutdown+0x10/0x10
[   85.668699][ T5339]  ? l2cap_sock_release+0x6c/0x1d0
[   85.671431][ T5339]  l2cap_sock_release+0x79/0x1d0
[   85.674210][ T5339]  sock_close+0xc0/0x240
[   85.676533][ T5339]  ? __pfx_sock_close+0x10/0x10
[   85.678782][ T5339]  __fput+0x44c/0xa70
[   85.680718][ T5339]  task_work_run+0x1d1/0x260
[   85.682850][ T5339]  ? __pfx_task_work_run+0x10/0x10
[   85.685240][ T5339]  ? exit_to_user_mode_loop+0x40/0x110
[   85.688092][ T5339]  exit_to_user_mode_loop+0xec/0x110
[   85.691052][ T5339]  do_syscall_64+0x2bd/0x3b0
[   85.693157][ T5339]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.695518][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.698460][ T5339]  ? clear_bhb_loop+0x60/0xb0
[   85.701096][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.704120][ T5339] RIP: 0033:0x7f241838e929
[   85.706164][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.714578][ T5339] RSP: 002b:00007f241923b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   85.718729][ T5339] RAX: 0000000000000000 RBX: 00007f24185b6080 RCX: 00007f241838e929
[   85.722354][ T5339] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000003
[   85.725959][ T5339] RBP: 00007f2418410b39 R08: 0000000000000000 R09: 0000000000000000
[   85.730132][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.734708][ T5339] R13: 0000000000000000 R14: 00007f24185b6080 R15: 00007ffcf113b448
[   85.738309][ T5339]  </TASK>
[   85.739809][ T5339] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.743058][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[   85.747637][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.753288][ T5339] Call Trace:
[   85.754808][ T5339]  <TASK>
[   85.756220][ T5339]  dump_stack_lvl+0x99/0x250
[   85.758384][ T5339]  ? __asan_memcpy+0x40/0x70
[   85.760645][ T5339]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.763480][ T5339]  ? __pfx__printk+0x10/0x10
[   85.765837][ T5339]  panic+0x2db/0x790
[   85.767652][ T5339]  ? __pfx_panic+0x10/0x10
[   85.769657][ T5339]  ? show_trace_log_lvl+0x4fb/0x550
[   85.772002][ T5339]  __warn+0x31b/0x4b0
[   85.773757][ T5339]  ? __queue_work+0xd62/0xfe0
[   85.776069][ T5339]  ? __queue_work+0xd62/0xfe0
[   85.778559][ T5339]  report_bug+0x2be/0x4f0
[   85.780575][ T5339]  ? __queue_work+0xd62/0xfe0
[   85.782582][ T5339]  ? __queue_work+0xd62/0xfe0
[   85.784505][ T5339]  ? __queue_work+0xd64/0xfe0
[   85.786499][ T5339]  handle_bug+0x84/0x160
[   85.788443][ T5339]  exc_invalid_op+0x1a/0x50
[   85.790466][ T5339]  asm_exc_invalid_op+0x1a/0x20
[   85.793166][ T5339] RIP: 0010:__queue_work+0xd62/0xfe0
[   85.796079][ T5339] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 99 00 99 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 20 e0 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 00 89 35 00 90 0f 0b 90 e9 dd fc ff
[   85.804667][ T5339] RSP: 0018:ffffc9000ef078a8 EFLAGS: 00010046
[   85.807414][ T5339] RAX: 2d6e64daa41cfa00 RBX: 0000000000000000 RCX: 0000000000100000
[   85.811678][ T5339] RDX: ffffc9000e5ec000 RSI: 00000000000014f7 RDI: 00000000000014f8
[   85.815294][ T5339] RBP: 1ffff11003423b38 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   85.818968][ T5339] R10: dffffc0000000000 R11: ffffed1003f84853 R12: dffffc0000000000
[   85.822892][ T5339] R13: ffff88804251c960 R14: ffff888000eda440 R15: ffff88801a11d978
[   85.826324][ T5339]  ? __queue_work+0xd61/0xfe0
[   85.828161][ T5339]  ? __queue_delayed_work+0xe1/0x2d0
[   85.830190][ T5339]  queue_delayed_work_on+0x18b/0x280
[   85.832514][ T5339]  ? __pfx___cancel_work+0x10/0x10
[   85.835050][ T5339]  ? __pfx_queue_delayed_work_on+0x10/0x10
[   85.838068][ T5339]  ? hci_conn_drop+0x14d/0x280
[   85.840598][ T5339]  l2cap_chan_del+0x285/0x5e0
[   85.843043][ T5339]  l2cap_chan_close+0x597/0x980
[   85.845238][ T5339]  ? __pfx_l2cap_chan_close+0x10/0x10
[   85.847592][ T5339]  l2cap_sock_shutdown+0xa8f/0x1130
[   85.850287][ T5339]  ? __lock_acquire+0xab9/0xd20
[   85.853053][ T5339]  ? do_raw_write_lock+0x11d/0x260
[   85.855713][ T5339]  ? __pfx_l2cap_sock_shutdown+0x10/0x10
[   85.858453][ T5339]  ? l2cap_sock_release+0x6c/0x1d0
[   85.860891][ T5339]  l2cap_sock_release+0x79/0x1d0
[   85.863299][ T5339]  sock_close+0xc0/0x240
[   85.865624][ T5339]  ? __pfx_sock_close+0x10/0x10
[   85.868376][ T5339]  __fput+0x44c/0xa70
[   85.870226][ T5339]  task_work_run+0x1d1/0x260
[   85.872287][ T5339]  ? __pfx_task_work_run+0x10/0x10
[   85.874572][ T5339]  ? exit_to_user_mode_loop+0x40/0x110
[   85.876954][ T5339]  exit_to_user_mode_loop+0xec/0x110
[   85.879596][ T5339]  do_syscall_64+0x2bd/0x3b0
[   85.882141][ T5339]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.884878][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.888138][ T5339]  ? clear_bhb_loop+0x60/0xb0
[   85.890290][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.892916][ T5339] RIP: 0033:0x7f241838e929
[   85.894901][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.904176][ T5339] RSP: 002b:00007f241923b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   85.908123][ T5339] RAX: 0000000000000000 RBX: 00007f24185b6080 RCX: 00007f241838e929
[   85.911020][ T5339] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000003
[   85.914258][ T5339] RBP: 00007f2418410b39 R08: 0000000000000000 R09: 0000000000000000
[   85.917848][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.921866][ T5339] R13: 0000000000000000 R14: 00007f24185b6080 R15: 00007ffcf113b448
[   85.925851][ T5339]  </TASK>
[   85.927620][ T5339] Kernel Offset: disabled
[   85.929600][ T5339] Rebooting in 86400 seconds..