------------[ cut here ]------------
workqueue: cannot queue hci_cmd_timeout on wq hci4
WARNING: CPU: 1 PID: 8598 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0 kernel/workqueue.c:2256
Modules linked in:
CPU: 1 UID: 0 PID: 8598 Comm: syz-executor Not tainted 6.15.0-rc4-syzkaller-gb4432656b36e #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:__queue_work+0xd62/0xfe0 kernel/workqueue.c:2256
Code: 42 80 3c 20 00 74 08 4c 89 ef e8 e9 d7 96 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 e0 c7 69 8b 4c 89 fa e8 9f 40 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 c0 e2 34 00 90 0f 0b 90 e9 dd fc ff
RSP: 0000:ffffc90000a08b08 EFLAGS: 00010046
RAX: 85236b32cf835f00 RBX: 0000000000000100 RCX: ffff88801c300000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 1ffff1100b910f38 R08: ffff8880b8923e93 R09: 1ffff110171247d2
R10: dffffc0000000000 R11: ffffed10171247d3 R12: dffffc0000000000
R13: ffff88805e530948 R14: 0000000000000008 R15: ffff88805c887978
FS:  0000555574e49500(0000) GS:ffff8881261cc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f925353fe10 CR3: 000000005dc0c000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 call_timer_fn+0x17b/0x5f0 kernel/time/timer.c:1789
 expire_timers kernel/time/timer.c:1835 [inline]
 __run_timers kernel/time/timer.c:2414 [inline]
 __run_timer_base+0x646/0x860 kernel/time/timer.c:2426
 run_timer_base kernel/time/timer.c:2435 [inline]
 run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2445
 handle_softirqs+0x283/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:check_kcov_mode kernel/kcov.c:194 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:246 [inline]
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x37/0x90 kernel/kcov.c:321
Code: 08 40 75 92 65 8b 15 68 7c b5 10 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 57 83 b9 3c 16 00 00 00 74 4e 8b 91 18 16 00 00 <83> fa 03 75 43 48 8b 91 20 16 00 00 44 8b 89 1c 16 00 00 49 c1 e1
RSP: 0000:ffffc9000c31f990 EFLAGS: 00000246
RAX: ffffffff81f757bb RBX: 000000000000013f RCX: ffff88801c300000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 1ffffd40003b29e1 R08: ffffea0001d94f07 R09: 1ffffd40003b29e0
R10: dffffc0000000000 R11: fffff940003b29e1 R12: ffffea0001d94f00
R13: 00fff3800000422c R14: ffffea0001d94f08 R15: ffffc9000c31fb20
 constant_test_bit arch/x86/include/asm/bitops.h:206 [inline]
 arch_test_bit arch/x86/include/asm/bitops.h:238 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]
 folio_test_readahead include/linux/page-flags.h:600 [inline]
 next_uptodate_folio+0x33b/0x5d0 mm/filemap.c:3570
 filemap_map_pages+0x1022/0x1740 mm/filemap.c:3746
 do_fault_around mm/memory.c:5476 [inline]
 do_read_fault mm/memory.c:5509 [inline]
 do_fault mm/memory.c:5652 [inline]
 do_pte_missing mm/memory.c:4160 [inline]
 handle_pte_fault mm/memory.c:5997 [inline]
 __handle_mm_fault+0x34d8/0x5380 mm/memory.c:6140
 handle_mm_fault+0x3f6/0x8c0 mm/memory.c:6309
 do_user_addr_fault+0xa81/0x1390 arch/x86/mm/fault.c:1337
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x68/0x110 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f925353fe10
Code: Unable to access opcode bytes at 0x7f925353fde6.
RSP: 002b:00007ffe9a21ede8 EFLAGS: 00010246
RAX: 00007ffe9a21f210 RBX: 00007f9253772970 RCX: 00007ffe9a21edf8
RDX: 00007f925362abe3 RSI: 0000000000000400 RDI: 00007ffe9a21ee10
RBP: 00007f925362abcb R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000044000 R11: 0000000000000246 R12: 00007ffe9a21f380
R13: 00007ffe9a21ee10 R14: 0000000000000009 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	08 40 75             	or     %al,0x75(%rax)
   3:	92                   	xchg   %eax,%edx
   4:	65 8b 15 68 7c b5 10 	mov    %gs:0x10b57c68(%rip),%edx        # 0x10b57c73
   b:	81 e2 00 01 ff 00    	and    $0xff0100,%edx
  11:	74 11                	je     0x24
  13:	81 fa 00 01 00 00    	cmp    $0x100,%edx
  19:	75 57                	jne    0x72
  1b:	83 b9 3c 16 00 00 00 	cmpl   $0x0,0x163c(%rcx)
  22:	74 4e                	je     0x72
  24:	8b 91 18 16 00 00    	mov    0x1618(%rcx),%edx
* 2a:	83 fa 03             	cmp    $0x3,%edx <-- trapping instruction
  2d:	75 43                	jne    0x72
  2f:	48 8b 91 20 16 00 00 	mov    0x1620(%rcx),%rdx
  36:	44 8b 89 1c 16 00 00 	mov    0x161c(%rcx),%r9d
  3d:	49                   	rex.WB
  3e:	c1                   	.byte 0xc1
  3f:	e1                   	.byte 0xe1