program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="0a000000010001", 0x7)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0)

[  100.703420][ T5332] Bluetooth: MGMT ver 1.23
[  100.738734][    C0] ------------[ cut here ]------------
[  100.742385][    C0] workqueue: cannot queue hci_cmd_timeout on wq hci0
[  100.745926][    C0] WARNING: kernel/workqueue.c:2271 at __queue_work+0xd53/0x1020, CPU#0: kworker/0:5/5328
[  100.750332][    C0] Modules linked in:
[  100.752279][    C0] CPU: 0 UID: 0 PID: 5328 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) 
[  100.756797][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  100.761182][    C0] Workqueue: events_power_efficient wg_ratelimiter_gc_entries
[  100.764266][    C0] RIP: 0010:__queue_work+0xd7e/0x1020
[  100.766573][    C0] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 23 25 a4 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[  100.776125][    C0] RSP: 0018:ffffc90000007c10 EFLAGS: 00010086
[  100.778983][    C0] RAX: 1ffff110039b2951 RBX: 0000000000000008 RCX: ffff888012198000
[  100.782714][    C0] RDX: ffff888012818978 RSI: ffffffff8aa1c450 RDI: ffffffff9014cf00
[  100.787280][    C0] RBP: 0000000000000100 R08: ffffffff9011d8b7 R09: 1ffffffff2023b16
[  100.791110][    C0] R10: dffffc0000000000 R11: ffffffff818d69d0 R12: dffffc0000000000
[  100.794725][    C0] R13: ffff88801cd94a88 R14: ffffffff9014cf00 R15: ffff888012818978
[  100.798524][    C0] FS:  0000000000000000(0000) GS:ffff88808ca51000(0000) knlGS:0000000000000000
[  100.803472][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  100.806583][    C0] CR2: 00007fecb34f6180 CR3: 000000001cd90000 CR4: 0000000000352ef0
[  100.810696][    C0] Call Trace:
[  100.812660][    C0]  <IRQ>
[  100.814353][    C0]  call_timer_fn+0x192/0x640
[  100.816600][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  100.819227][    C0]  ? call_timer_fn+0xd4/0x640
[  100.821407][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  100.824075][    C0]  ? do_raw_spin_unlock+0x4d/0x210
[  100.827154][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  100.830042][    C0]  __run_timer_base+0x67e/0x8b0
[  100.832284][    C0]  ? ktime_get+0x45/0x200
[  100.834219][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  100.837060][    C0]  run_timer_softirq+0xb7/0x170
[  100.839905][    C0]  handle_softirqs+0x22a/0x870
[  100.842445][    C0]  ? __irq_exit_rcu+0x5f/0x150
[  100.844663][    C0]  __irq_exit_rcu+0x5f/0x150
[  100.846814][    C0]  irq_exit_rcu+0x9/0x30
[  100.848798][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  100.851990][    C0]  </IRQ>
[  100.853477][    C0]  <TASK>
[  100.855085][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  100.857883][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x30/0x70
[  100.861380][    C0] Code: 04 24 65 48 8b 0d 28 3e 57 11 65 8b 15 49 3e 57 11 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 a4 16 00 00 00 74 2c <8b> 91 80 16 00 00 83 fa 02 75 21 48 8b 91 88 16 00 00 48 8b 32 48
[  100.870927][    C0] RSP: 0018:ffffc9000f4f7a80 EFLAGS: 00000246
[  100.873592][    C0] RAX: ffffffff86747fde RBX: ffffffff8f30a280 RCX: ffff888012198000
[  100.877243][    C0] RDX: 0000000000000000 RSI: ffffffff8e16d455 RDI: ffffffff8c27e000
[  100.881170][    C0] RBP: dffffc0000000000 R08: ffffffff8f30a143 R09: 1ffffffff1e61428
[  100.885513][    C0] R10: dffffc0000000000 R11: fffffbfff1e61429 R12: ffff888041ac2110
[  100.889917][    C0] R13: ffff88801fa98c18 R14: 0000000000000423 R15: ffffffffffffffa0
[  100.893793][    C0]  ? wg_ratelimiter_gc_entries+0x3be/0x450
[  100.896663][    C0]  wg_ratelimiter_gc_entries+0x3be/0x450
[  100.899944][    C0]  ? process_scheduled_works+0xa8d/0x18c0
[  100.903445][    C0]  process_scheduled_works+0xb6e/0x18c0
[  100.906977][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  100.910456][    C0]  ? assign_work+0x3d5/0x5e0
[  100.912813][    C0]  worker_thread+0xa53/0xfc0
[  100.915350][    C0]  kthread+0x388/0x470
[  100.918055][    C0]  ? __pfx_worker_thread+0x10/0x10
[  100.921007][    C0]  ? __pfx_kthread+0x10/0x10
[  100.923063][    C0]  ret_from_fork+0x51e/0xb90
[  100.925054][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  100.927433][    C0]  ? __switch_to+0xc7d/0x1450
[  100.929744][    C0]  ? __pfx_kthread+0x10/0x10
[  100.931928][    C0]  ret_from_fork_asm+0x1a/0x30
[  100.934141][    C0]  </TASK>
[  100.935622][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  100.939243][    C0] CPU: 0 UID: 0 PID: 5328 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) 
[  100.943870][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  100.948625][    C0] Workqueue: events_power_efficient wg_ratelimiter_gc_entries
[  100.952340][    C0] Call Trace:
[  100.954222][    C0]  <IRQ>
[  100.955656][    C0]  vpanic+0x56c/0xa60
[  100.957619][    C0]  ? __pfx__printk+0x10/0x10
[  100.959732][    C0]  ? __pfx_vpanic+0x10/0x10
[  100.961867][    C0]  ? is_bpf_text_address+0x292/0x2b0
[  100.964569][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  100.967330][    C0]  panic+0xc5/0xd0
[  100.969172][    C0]  ? __pfx_panic+0x10/0x10
[  100.971752][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  100.974578][    C0]  __warn+0x315/0x4f0
[  100.976454][    C0]  ? __queue_work+0xd53/0x1020
[  100.978725][    C0]  ? __queue_work+0xd53/0x1020
[  100.981291][    C0]  __report_bug+0x29a/0x540
[  100.983386][    C0]  ? __queue_work+0xd53/0x1020
[  100.985584][    C0]  ? __pfx___report_bug+0x10/0x10
[  100.988053][    C0]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  100.991123][    C0]  ? look_up_lock_class+0x57/0x110
[  100.993834][    C0]  ? register_lock_class+0x31/0x2e0
[  100.996234][    C0]  report_bug_entry+0x19a/0x290
[  100.998462][    C0]  ? __queue_work+0xd7e/0x1020
[  101.000717][    C0]  ? __queue_work+0xd83/0x1020
[  101.003126][    C0]  handle_bug+0xce/0x200
[  101.005338][    C0]  exc_invalid_op+0x1a/0x50
[  101.007594][    C0]  asm_exc_invalid_op+0x1a/0x20
[  101.009930][    C0] RIP: 0010:__queue_work+0xd7e/0x1020
[  101.012343][    C0] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 23 25 a4 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[  101.022303][    C0] RSP: 0018:ffffc90000007c10 EFLAGS: 00010086
[  101.025033][    C0] RAX: 1ffff110039b2951 RBX: 0000000000000008 RCX: ffff888012198000
[  101.028805][    C0] RDX: ffff888012818978 RSI: ffffffff8aa1c450 RDI: ffffffff9014cf00
[  101.032871][    C0] RBP: 0000000000000100 R08: ffffffff9011d8b7 R09: 1ffffffff2023b16
[  101.036277][    C0] R10: dffffc0000000000 R11: ffffffff818d69d0 R12: dffffc0000000000
[  101.040239][    C0] R13: ffff88801cd94a88 R14: ffffffff9014cf00 R15: ffff888012818978
[  101.043606][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.046026][    C0]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  101.048684][    C0]  call_timer_fn+0x192/0x640
[  101.050986][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.054258][    C0]  ? call_timer_fn+0xd4/0x640
[  101.056823][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  101.059194][    C0]  ? do_raw_spin_unlock+0x4d/0x210
[  101.061646][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  101.064046][    C0]  __run_timer_base+0x67e/0x8b0
[  101.066221][    C0]  ? ktime_get+0x45/0x200
[  101.068143][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  101.071071][    C0]  run_timer_softirq+0xb7/0x170
[  101.074305][    C0]  handle_softirqs+0x22a/0x870
[  101.076608][    C0]  ? __irq_exit_rcu+0x5f/0x150
[  101.078792][    C0]  __irq_exit_rcu+0x5f/0x150
[  101.081005][    C0]  irq_exit_rcu+0x9/0x30
[  101.082885][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  101.085459][    C0]  </IRQ>
[  101.087344][    C0]  <TASK>
[  101.089118][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  101.093827][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x30/0x70
[  101.097337][    C0] Code: 04 24 65 48 8b 0d 28 3e 57 11 65 8b 15 49 3e 57 11 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 a4 16 00 00 00 74 2c <8b> 91 80 16 00 00 83 fa 02 75 21 48 8b 91 88 16 00 00 48 8b 32 48
[  101.106553][    C0] RSP: 0018:ffffc9000f4f7a80 EFLAGS: 00000246
[  101.108977][    C0] RAX: ffffffff86747fde RBX: ffffffff8f30a280 RCX: ffff888012198000
[  101.112534][    C0] RDX: 0000000000000000 RSI: ffffffff8e16d455 RDI: ffffffff8c27e000
[  101.116168][    C0] RBP: dffffc0000000000 R08: ffffffff8f30a143 R09: 1ffffffff1e61428
[  101.119744][    C0] R10: dffffc0000000000 R11: fffffbfff1e61429 R12: ffff888041ac2110
[  101.123290][    C0] R13: ffff88801fa98c18 R14: 0000000000000423 R15: ffffffffffffffa0
[  101.127300][    C0]  ? wg_ratelimiter_gc_entries+0x3be/0x450
[  101.130804][    C0]  wg_ratelimiter_gc_entries+0x3be/0x450
[  101.133644][    C0]  ? process_scheduled_works+0xa8d/0x18c0
[  101.136244][    C0]  process_scheduled_works+0xb6e/0x18c0
[  101.138732][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  101.141523][    C0]  ? assign_work+0x3d5/0x5e0
[  101.143731][    C0]  worker_thread+0xa53/0xfc0
[  101.145945][    C0]  kthread+0x388/0x470
[  101.147880][    C0]  ? __pfx_worker_thread+0x10/0x10
[  101.151367][    C0]  ? __pfx_kthread+0x10/0x10
[  101.154165][    C0]  ret_from_fork+0x51e/0xb90
[  101.156402][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  101.158722][    C0]  ? __switch_to+0xc7d/0x1450
[  101.160994][    C0]  ? __pfx_kthread+0x10/0x10
[  101.163187][    C0]  ret_from_fork_asm+0x1a/0x30
[  101.165548][    C0]  </TASK>
[  101.167639][    C0] Kernel Offset: disabled
[  101.170008][    C0] Rebooting in 86400 seconds..