program:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0)
ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000000)) (async)
readv(r0, &(0x7f0000000300)=[{&(0x7f0000000180)=""/125, 0x7d}, {&(0x7f00000016c0)=""/4096, 0x1000}], 0x2)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448cb, 0x0) (async)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000080)={0x4, 0x8, 0x5, 0x6}, 0x10) (async, rerun: 32)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="2309000000000000e40085b19e2c"], 0x14}}, 0x0) (rerun: 32)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7) (async)
r3 = gettid() (async, rerun: 64)
umount2(&(0x7f0000000080)='./file0\x00', 0x4) (rerun: 64)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_settime(r4, 0x0, &(0x7f0000000040), 0x0)

[   71.836730][ T5313] Bluetooth: hci0: command tx timeout
[   71.969280][ T5327] ------------[ cut here ]------------
[   71.971455][ T5327] WARNING: CPU: 0 PID: 5327 at kernel/workqueue.c:2257 __queue_work+0xcd3/0xf50
[   71.974658][ T5327] Modules linked in:
[   71.976057][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0
[   71.979751][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.983231][ T5327] RIP: 0010:__queue_work+0xcd3/0xf50
[   71.985212][ T5327] Code: ff e8 f1 ad 37 00 90 0f 0b 90 e9 1e fd ff ff e8 e3 ad 37 00 eb 13 e8 dc ad 37 00 eb 0c e8 d5 ad 37 00 eb 05 e8 ce ad 37 00 90 <0f> 0b 90 48 83 c4 60 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc
[   71.991964][ T5327] RSP: 0018:ffffc9000cf0fa88 EFLAGS: 00010093
[   71.994285][ T5327] RAX: ffffffff815d2c84 RBX: ffff888000b22440 RCX: ffff888000b22440
[   71.996996][ T5327] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   71.999908][ T5327] RBP: 0000000000000000 R08: ffffffff815d20e4 R09: 0000000000000000
[   72.003180][ T5327] R10: ffffc9000cf0fb60 R11: fffff520019e1f6d R12: ffff888039536800
[   72.005936][ T5327] R13: ffff8880395369c0 R14: dffffc0000000000 R15: 0000000000000008
[   72.008866][ T5327] FS:  00007fc57b7fe6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   72.012221][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.014717][ T5327] CR2: 00007fc57b7bcd58 CR3: 0000000032d30000 CR4: 0000000000352ef0
[   72.017570][ T5327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.020231][ T5327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.022973][ T5327] Call Trace:
[   72.024368][ T5327]  <TASK>
[   72.025589][ T5327]  ? __warn+0x168/0x4e0
[   72.027172][ T5327]  ? __queue_work+0xcd3/0xf50
[   72.029022][ T5327]  ? report_bug+0x2b3/0x500
[   72.030578][ T5327]  ? __queue_work+0xcd3/0xf50
[   72.032048][ T5327]  ? handle_bug+0x60/0x90
[   72.033648][ T5327]  ? exc_invalid_op+0x1a/0x50
[   72.035335][ T5327]  ? asm_exc_invalid_op+0x1a/0x20
[   72.037204][ T5327]  ? __queue_work+0x124/0xf50
[   72.038936][ T5327]  ? __queue_work+0xcc4/0xf50
[   72.040650][ T5327]  ? __queue_work+0xcd3/0xf50
[   72.042377][ T5327]  ? __queue_work+0xcc4/0xf50
[   72.044053][ T5327]  queue_work_on+0x1c2/0x380
[   72.045737][ T5327]  ? __pfx_queue_work_on+0x10/0x10
[   72.047729][ T5327]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   72.049908][ T5327]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   72.052166][ T5327]  ? skb_queue_tail+0x36/0x120
[   72.053977][ T5327]  hci_recv_frame+0x598/0x6f0
[   72.055754][ T5327]  vhci_write+0x35a/0x490
[   72.057289][ T5327]  vfs_write+0xaeb/0xd30
[   72.058944][ T5327]  ? __pfx_vhci_write+0x10/0x10
[   72.060665][ T5327]  ? __pfx_vfs_write+0x10/0x10
[   72.062379][ T5327]  ? fdget_pos+0x19a/0x320
[   72.064056][ T5327]  ksys_write+0x183/0x2b0
[   72.065629][ T5327]  ? __pfx_ksys_write+0x10/0x10
[   72.067391][ T5327]  ? do_syscall_64+0x100/0x230
[   72.069147][ T5327]  ? do_syscall_64+0xb6/0x230
[   72.070936][ T5327]  do_syscall_64+0xf3/0x230
[   72.072621][ T5327]  ? clear_bhb_loop+0x35/0x90
[   72.074400][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.076549][ T5327] RIP: 0033:0x7fc57bd7d1ff
[   72.078242][ T5327] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[   72.085422][ T5327] RSP: 002b:00007fc57b7fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   72.088567][ T5327] RAX: ffffffffffffffda RBX: 00007fc57bf36058 RCX: 00007fc57bd7d1ff
[   72.091492][ T5327] RDX: 0000000000000007 RSI: 0000000020000040 RDI: 00000000000000ca
[   72.094413][ T5327] RBP: 00007fc57bdf139e R08: 0000000000000000 R09: 0000000000000000
[   72.097418][ T5327] R10: 0000000020000040 R11: 0000000000000293 R12: 0000000000000000
[   72.100555][ T5327] R13: 0000000000000000 R14: 00007fc57bf36058 R15: 00007ffe2a38f2d8
[   72.103552][ T5327]  </TASK>
[   72.104789][ T5327] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   72.107483][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0
[   72.111221][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.114984][ T5327] Call Trace:
[   72.116256][ T5327]  <TASK>
[   72.117322][ T5327]  dump_stack_lvl+0x241/0x360
[   72.119139][ T5327]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.121064][ T5327]  ? __pfx__printk+0x10/0x10
[   72.122812][ T5327]  ? vscnprintf+0x5d/0x90
[   72.124483][ T5327]  panic+0x349/0x880
[   72.125998][ T5327]  ? __warn+0x177/0x4e0
[   72.127596][ T5327]  ? __pfx_panic+0x10/0x10
[   72.129296][ T5327]  __warn+0x34b/0x4e0
[   72.130894][ T5327]  ? __queue_work+0xcd3/0xf50
[   72.132765][ T5327]  report_bug+0x2b3/0x500
[   72.134437][ T5327]  ? __queue_work+0xcd3/0xf50
[   72.136270][ T5327]  handle_bug+0x60/0x90
[   72.137917][ T5327]  exc_invalid_op+0x1a/0x50
[   72.139619][ T5327]  asm_exc_invalid_op+0x1a/0x20
[   72.141539][ T5327] RIP: 0010:__queue_work+0xcd3/0xf50
[   72.143544][ T5327] Code: ff e8 f1 ad 37 00 90 0f 0b 90 e9 1e fd ff ff e8 e3 ad 37 00 eb 13 e8 dc ad 37 00 eb 0c e8 d5 ad 37 00 eb 05 e8 ce ad 37 00 90 <0f> 0b 90 48 83 c4 60 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc
[   72.150674][ T5327] RSP: 0018:ffffc9000cf0fa88 EFLAGS: 00010093
[   72.152989][ T5327] RAX: ffffffff815d2c84 RBX: ffff888000b22440 RCX: ffff888000b22440
[   72.155989][ T5327] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   72.159082][ T5327] RBP: 0000000000000000 R08: ffffffff815d20e4 R09: 0000000000000000
[   72.162121][ T5327] R10: ffffc9000cf0fb60 R11: fffff520019e1f6d R12: ffff888039536800
[   72.164854][ T5327] R13: ffff8880395369c0 R14: dffffc0000000000 R15: 0000000000000008
[   72.167870][ T5327]  ? __queue_work+0x124/0xf50
[   72.169670][ T5327]  ? __queue_work+0xcc4/0xf50
[   72.171476][ T5327]  ? __queue_work+0xcc4/0xf50
[   72.173286][ T5327]  queue_work_on+0x1c2/0x380
[   72.175091][ T5327]  ? __pfx_queue_work_on+0x10/0x10
[   72.176900][ T5327]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   72.179093][ T5327]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   72.181441][ T5327]  ? skb_queue_tail+0x36/0x120
[   72.183304][ T5327]  hci_recv_frame+0x598/0x6f0
[   72.185096][ T5327]  vhci_write+0x35a/0x490
[   72.186784][ T5327]  vfs_write+0xaeb/0xd30
[   72.188311][ T5327]  ? __pfx_vhci_write+0x10/0x10
[   72.189970][ T5327]  ? __pfx_vfs_write+0x10/0x10
[   72.191386][ T5327]  ? fdget_pos+0x19a/0x320
[   72.192899][ T5327]  ksys_write+0x183/0x2b0
[   72.194309][ T5327]  ? __pfx_ksys_write+0x10/0x10
[   72.195920][ T5327]  ? do_syscall_64+0x100/0x230
[   72.197829][ T5327]  ? do_syscall_64+0xb6/0x230
[   72.199513][ T5327]  do_syscall_64+0xf3/0x230
[   72.201163][ T5327]  ? clear_bhb_loop+0x35/0x90
[   72.203022][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.205866][ T5327] RIP: 0033:0x7fc57bd7d1ff
[   72.208142][ T5327] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[   72.215188][ T5327] RSP: 002b:00007fc57b7fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   72.218271][ T5327] RAX: ffffffffffffffda RBX: 00007fc57bf36058 RCX: 00007fc57bd7d1ff
[   72.221293][ T5327] RDX: 0000000000000007 RSI: 0000000020000040 RDI: 00000000000000ca
[   72.224308][ T5327] RBP: 00007fc57bdf139e R08: 0000000000000000 R09: 0000000000000000
[   72.227267][ T5327] R10: 0000000020000040 R11: 0000000000000293 R12: 0000000000000000
[   72.230233][ T5327] R13: 0000000000000000 R14: 00007fc57bf36058 R15: 00007ffe2a38f2d8
[   72.233282][ T5327]  </TASK>
[   72.234748][ T5327] Kernel Offset: disabled
[   72.236427][ T5327] Rebooting in 86400 seconds..