program:
r0 = io_uring_setup(0x2a2c, &(0x7f0000000000)={0x0, 0x0, 0x2, 0xfffffffc}) (async)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448cb, 0x0) (async, rerun: 64)
syz_emit_vhci(&(0x7f00000006c0)=ANY=[@ANYBLOB="040e0402030c"], 0x7) (async, rerun: 64)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async)
socket$inet_dccp(0x2, 0x6, 0x0)
close(0xffffffffffffffff)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000100)={0x1f, 0x8ef}, 0x5) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

[  115.813594][ T5312] Bluetooth: hci0: command tx timeout
[  115.895762][ T5329] ------------[ cut here ]------------
[  115.897930][ T5329] workqueue: cannot queue hci_rx_work on wq hci0
[  115.900552][ T5329] WARNING: CPU: 0 PID: 5329 at kernel/workqueue.c:2258 __queue_work+0xdf6/0x1090
[  115.903989][ T5329] Modules linked in:
[  115.905499][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00074-ga7f2e10ecd8f #0
[  115.909322][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  115.913194][ T5329] RIP: 0010:__queue_work+0xdf6/0x1090
[  115.915190][ T5329] Code: e8 03 80 3c 28 00 74 08 4c 89 ff e8 c4 f3 9f 00 49 8b 37 49 81 c5 78 01 00 00 48 c7 c7 60 e7 29 8c 4c 89 ea e8 5b 6f f8 ff 90 <0f> 0b 90 90 e9 66 f4 ff ff e8 0c b4 38 00 90 0f 0b 90 e9 ad fc ff
[  115.922327][ T5329] RSP: 0018:ffffc9000d5e7a88 EFLAGS: 00010046
[  115.924676][ T5329] RAX: f12600ee78f5f500 RBX: ffff88801f35a440 RCX: ffff88801f35a440
[  115.927698][ T5329] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  115.930727][ T5329] RBP: dffffc0000000000 R08: ffffffff81819e52 R09: 1ffff11003f8519a
[  115.933643][ T5329] R10: dffffc0000000000 R11: ffffed1003f8519b R12: 1ffff11008c47638
[  115.936628][ T5329] R13: ffff88804623b178 R14: 0000000000000008 R15: ffff888036e84a98
[  115.939631][ T5329] FS:  00007fbec1d736c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[  115.942789][ T5329] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  115.945624][ T5329] CR2: 00007fbec1d72fe0 CR3: 00000000443c2000 CR4: 0000000000352ef0
[  115.948499][ T5329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  115.951565][ T5329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  115.954538][ T5329] Call Trace:
[  115.955782][ T5329]  <TASK>
[  115.956974][ T5329]  ? __warn+0x165/0x4d0
[  115.958567][ T5329]  ? __queue_work+0xdf6/0x1090
[  115.960473][ T5329]  ? report_bug+0x2b3/0x500
[  115.962218][ T5329]  ? __queue_work+0xdf6/0x1090
[  115.964019][ T5329]  ? handle_bug+0x60/0x90
[  115.965753][ T5329]  ? exc_invalid_op+0x1a/0x50
[  115.967501][ T5329]  ? asm_exc_invalid_op+0x1a/0x20
[  115.969432][ T5329]  ? __warn_printk+0x292/0x360
[  115.971310][ T5329]  ? __queue_work+0xdf6/0x1090
[  115.973057][ T5329]  ? __queue_work+0xdf5/0x1090
[  115.975024][ T5329]  queue_work_on+0x1c2/0x380
[  115.976739][ T5329]  ? __pfx_queue_work_on+0x10/0x10
[  115.978464][ T5329]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  115.980655][ T5329]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  115.983049][ T5329]  ? skb_queue_tail+0x36/0x120
[  115.984909][ T5329]  hci_recv_frame+0x598/0x6f0
[  115.986658][ T5329]  vhci_write+0x35a/0x490
[  115.988431][ T5329]  vfs_write+0xacf/0xd10
[  115.990096][ T5329]  ? __pfx_vhci_write+0x10/0x10
[  115.991994][ T5329]  ? __pfx_vfs_write+0x10/0x10
[  115.993954][ T5329]  ? __fget_files+0x2a/0x410
[  115.995800][ T5329]  ? __fget_files+0x2a/0x410
[  115.997656][ T5329]  ksys_write+0x18f/0x2b0
[  115.999423][ T5329]  ? __pfx_ksys_write+0x10/0x10
[  116.001420][ T5329]  ? do_syscall_64+0x100/0x230
[  116.003361][ T5329]  ? do_syscall_64+0xb6/0x230
[  116.005035][ T5329]  do_syscall_64+0xf3/0x230
[  116.006759][ T5329]  ? clear_bhb_loop+0x35/0x90
[  116.008622][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.010860][ T5329] RIP: 0033:0x7fbec0f8bc1f
[  116.012519][ T5329] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  116.019607][ T5329] RSP: 002b:00007fbec1d73000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  116.022706][ T5329] RAX: ffffffffffffffda RBX: 00007fbec11a6160 RCX: 00007fbec0f8bc1f
[  116.026035][ T5329] RDX: 0000000000000007 RSI: 00002000000006c0 RDI: 00000000000000ca
[  116.029341][ T5329] RBP: 00007fbec100e2a0 R08: 0000000000000000 R09: 0000000000000000
[  116.032256][ T5329] R10: 00002000000006c0 R11: 0000000000000293 R12: 0000000000000000
[  116.035193][ T5329] R13: 0000000000000001 R14: 00007fbec11a6160 R15: 00007ffde30f0388
[  116.038139][ T5329]  </TASK>
[  116.039320][ T5329] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  116.041999][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00074-ga7f2e10ecd8f #0
[  116.045795][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  116.050125][ T5329] Call Trace:
[  116.051813][ T5329]  <TASK>
[  116.053241][ T5329]  dump_stack_lvl+0x241/0x360
[  116.054994][ T5329]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.057119][ T5329]  ? __pfx__printk+0x10/0x10
[  116.058957][ T5329]  ? _printk+0xd5/0x120
[  116.060529][ T5329]  ? __init_begin+0x41000/0x41000
[  116.062436][ T5329]  ? vscnprintf+0x5d/0x90
[  116.064246][ T5329]  panic+0x349/0x880
[  116.065740][ T5329]  ? __warn+0x174/0x4d0
[  116.067401][ T5329]  ? __pfx_panic+0x10/0x10
[  116.069231][ T5329]  __warn+0x344/0x4d0
[  116.070816][ T5329]  ? __queue_work+0xdf6/0x1090
[  116.072458][ T5329]  report_bug+0x2b3/0x500
[  116.074036][ T5329]  ? __queue_work+0xdf6/0x1090
[  116.075663][ T5329]  handle_bug+0x60/0x90
[  116.077298][ T5329]  exc_invalid_op+0x1a/0x50
[  116.078974][ T5329]  asm_exc_invalid_op+0x1a/0x20
[  116.080753][ T5329] RIP: 0010:__queue_work+0xdf6/0x1090
[  116.082507][ T5329] Code: e8 03 80 3c 28 00 74 08 4c 89 ff e8 c4 f3 9f 00 49 8b 37 49 81 c5 78 01 00 00 48 c7 c7 60 e7 29 8c 4c 89 ea e8 5b 6f f8 ff 90 <0f> 0b 90 90 e9 66 f4 ff ff e8 0c b4 38 00 90 0f 0b 90 e9 ad fc ff
[  116.088842][ T5329] RSP: 0018:ffffc9000d5e7a88 EFLAGS: 00010046
[  116.090757][ T5329] RAX: f12600ee78f5f500 RBX: ffff88801f35a440 RCX: ffff88801f35a440
[  116.093499][ T5329] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  116.096157][ T5329] RBP: dffffc0000000000 R08: ffffffff81819e52 R09: 1ffff11003f8519a
[  116.098914][ T5329] R10: dffffc0000000000 R11: ffffed1003f8519b R12: 1ffff11008c47638
[  116.101962][ T5329] R13: ffff88804623b178 R14: 0000000000000008 R15: ffff888036e84a98
[  116.104970][ T5329]  ? __warn_printk+0x292/0x360
[  116.106739][ T5329]  ? __queue_work+0xdf5/0x1090
[  116.108572][ T5329]  queue_work_on+0x1c2/0x380
[  116.110330][ T5329]  ? __pfx_queue_work_on+0x10/0x10
[  116.112210][ T5329]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  116.114453][ T5329]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  116.116722][ T5329]  ? skb_queue_tail+0x36/0x120
[  116.118335][ T5329]  hci_recv_frame+0x598/0x6f0
[  116.119894][ T5329]  vhci_write+0x35a/0x490
[  116.121475][ T5329]  vfs_write+0xacf/0xd10
[  116.122894][ T5329]  ? __pfx_vhci_write+0x10/0x10
[  116.124737][ T5329]  ? __pfx_vfs_write+0x10/0x10
[  116.126449][ T5329]  ? __fget_files+0x2a/0x410
[  116.128143][ T5329]  ? __fget_files+0x2a/0x410
[  116.129789][ T5329]  ksys_write+0x18f/0x2b0
[  116.131289][ T5329]  ? __pfx_ksys_write+0x10/0x10
[  116.133027][ T5329]  ? do_syscall_64+0x100/0x230
[  116.134684][ T5329]  ? do_syscall_64+0xb6/0x230
[  116.136338][ T5329]  do_syscall_64+0xf3/0x230
[  116.137882][ T5329]  ? clear_bhb_loop+0x35/0x90
[  116.139540][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.141705][ T5329] RIP: 0033:0x7fbec0f8bc1f
[  116.143309][ T5329] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  116.150074][ T5329] RSP: 002b:00007fbec1d73000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  116.153017][ T5329] RAX: ffffffffffffffda RBX: 00007fbec11a6160 RCX: 00007fbec0f8bc1f
[  116.155829][ T5329] RDX: 0000000000000007 RSI: 00002000000006c0 RDI: 00000000000000ca
[  116.158879][ T5329] RBP: 00007fbec100e2a0 R08: 0000000000000000 R09: 0000000000000000
[  116.161747][ T5329] R10: 00002000000006c0 R11: 0000000000000293 R12: 0000000000000000
[  116.164517][ T5329] R13: 0000000000000001 R14: 00007fbec11a6160 R15: 00007ffde30f0388
[  116.167442][ T5329]  </TASK>
[  116.168932][ T5329] Kernel Offset: disabled
[  116.170663][ T5329] Rebooting in 86400 seconds..