program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x23, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0}) (async)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) (async)
timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_emit_vhci(0x0, 0x16) (async)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x400448cb, 0x0) (async)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0402030c"], 0x7) (async, rerun: 64)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (rerun: 64)
connect$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x0, @fixed}, 0xe)
r6 = socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r1) (async)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
fchdir(r7) (async)
r8 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000100), 0x4101, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r7, 0xc01064c2, &(0x7f0000000140)={0x0, 0x1, r8}) (async)
close_range(r6, 0xffffffffffffffff, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@ipv6_getaddrlabel={0x30, 0x4a, 0x8, 0x70bd2a, 0x25dfdbfc, {0xa, 0x0, 0x1f, 0x0, r2, 0x3}, [@IFAL_ADDRESS={0x14, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x30}, 0x1, 0x0, 0x0, 0x44}, 0x20000100)

[   68.366292][ T4685] Bluetooth: hci0: command tx timeout
[   68.421509][ T5338] ------------[ cut here ]------------
[   68.423907][ T5338] workqueue: cannot queue hci_rx_work on wq hci0
[   68.426676][ T5338] WARNING: CPU: 0 PID: 5338 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0
[   68.430344][ T5338] Modules linked in:
[   68.431880][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[   68.437190][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.442175][ T5338] RIP: 0010:__queue_work+0xd62/0xfe0
[   68.444712][ T5338] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 69 0e 99 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 c0 e0 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 70 8b 35 00 90 0f 0b 90 e9 dd fc ff
[   68.453489][ T5338] RSP: 0018:ffffc9000d657a68 EFLAGS: 00010046
[   68.456354][ T5338] RAX: 7937b94066ef1d00 RBX: 0000000000000000 RCX: ffff888032e72440
[   68.459996][ T5338] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   68.463792][ T5338] RBP: 1ffff110022a5738 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   68.467411][ T5338] R10: dffffc0000000000 R11: ffffed1003f84853 R12: dffffc0000000000
[   68.470551][ T5338] R13: ffff88803e8b0ad8 R14: ffff888032e72440 R15: ffff88801152b978
[   68.473675][ T5338] FS:  00007fb3e8bd46c0(0000) GS:ffff88808d21c000(0000) knlGS:0000000000000000
[   68.477219][ T5338] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.479911][ T5338] CR2: 00005555911657c8 CR3: 00000000434a1000 CR4: 0000000000352ef0
[   68.483164][ T5338] Call Trace:
[   68.484622][ T5338]  <TASK>
[   68.486003][ T5338]  ? rcu_is_watching+0x15/0xb0
[   68.488461][ T5338]  queue_work_on+0x181/0x270
[   68.491003][ T5338]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.493718][ T5338]  ? __pfx_queue_work_on+0x10/0x10
[   68.495916][ T5338]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   68.498653][ T5338]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.501511][ T5338]  ? skb_queue_tail+0x30/0xf0
[   68.503747][ T5338]  hci_recv_frame+0x5c9/0x720
[   68.505897][ T5338]  ? skb_pull+0xc1/0x1d0
[   68.507869][ T5338]  vhci_write+0x358/0x4a0
[   68.510055][ T5338]  vfs_write+0x54b/0xa90
[   68.512097][ T5338]  ? __pfx_vhci_write+0x10/0x10
[   68.514295][ T5338]  ? __pfx_vfs_write+0x10/0x10
[   68.516570][ T5338]  ? __fget_files+0x2a/0x420
[   68.518925][ T5338]  ksys_write+0x145/0x250
[   68.521093][ T5338]  ? __pfx_ksys_write+0x10/0x10
[   68.523397][ T5338]  ? rcu_is_watching+0x15/0xb0
[   68.525473][ T5338]  ? do_syscall_64+0xbe/0x3b0
[   68.527590][ T5338]  do_syscall_64+0xfa/0x3b0
[   68.529583][ T5338]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.531805][ T5338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.534209][ T5338]  ? clear_bhb_loop+0x60/0xb0
[   68.536013][ T5338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.538380][ T5338] RIP: 0033:0x7fb3ec78d3df
[   68.540279][ T5338] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   68.548419][ T5338] RSP: 002b:00007fb3e8bd4000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   68.551938][ T5338] RAX: ffffffffffffffda RBX: 00007fb3ec9b6080 RCX: 00007fb3ec78d3df
[   68.555757][ T5338] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 00000000000000ca
[   68.559411][ T5338] RBP: 00007fb3ec810b39 R08: 0000000000000000 R09: 0000000000000000
[   68.562787][ T5338] R10: 0000200000000000 R11: 0000000000000293 R12: 0000000000000000
[   68.566086][ T5338] R13: 0000000000000000 R14: 00007fb3ec9b6080 R15: 00007ffc20beb188
[   68.569255][ T5338]  </TASK>
[   68.570642][ T5338] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   68.573688][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[   68.577982][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.581908][ T5338] Call Trace:
[   68.583204][ T5338]  <TASK>
[   68.584394][ T5338]  dump_stack_lvl+0x99/0x250
[   68.586195][ T5338]  ? __asan_memcpy+0x40/0x70
[   68.587930][ T5338]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.590035][ T5338]  ? __pfx__printk+0x10/0x10
[   68.591796][ T5338]  panic+0x2db/0x790
[   68.593406][ T5338]  ? __pfx_panic+0x10/0x10
[   68.595193][ T5338]  ? show_trace_log_lvl+0x4fb/0x550
[   68.597202][ T5338]  __warn+0x31b/0x4b0
[   68.598812][ T5338]  ? __queue_work+0xd62/0xfe0
[   68.600679][ T5338]  ? __queue_work+0xd62/0xfe0
[   68.602602][ T5338]  report_bug+0x2be/0x4f0
[   68.604350][ T5338]  ? __queue_work+0xd62/0xfe0
[   68.606369][ T5338]  ? __queue_work+0xd62/0xfe0
[   68.608304][ T5338]  ? __queue_work+0xd64/0xfe0
[   68.610294][ T5338]  handle_bug+0x84/0x160
[   68.611912][ T5338]  exc_invalid_op+0x1a/0x50
[   68.613524][ T5338]  asm_exc_invalid_op+0x1a/0x20
[   68.615347][ T5338] RIP: 0010:__queue_work+0xd62/0xfe0
[   68.617188][ T5338] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 69 0e 99 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 c0 e0 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 70 8b 35 00 90 0f 0b 90 e9 dd fc ff
[   68.624826][ T5338] RSP: 0018:ffffc9000d657a68 EFLAGS: 00010046
[   68.627364][ T5338] RAX: 7937b94066ef1d00 RBX: 0000000000000000 RCX: ffff888032e72440
[   68.630526][ T5338] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   68.633773][ T5338] RBP: 1ffff110022a5738 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   68.637094][ T5338] R10: dffffc0000000000 R11: ffffed1003f84853 R12: dffffc0000000000
[   68.640367][ T5338] R13: ffff88803e8b0ad8 R14: ffff888032e72440 R15: ffff88801152b978
[   68.643703][ T5338]  ? __queue_work+0xd61/0xfe0
[   68.645739][ T5338]  ? rcu_is_watching+0x15/0xb0
[   68.647848][ T5338]  queue_work_on+0x181/0x270
[   68.649908][ T5338]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.652177][ T5338]  ? __pfx_queue_work_on+0x10/0x10
[   68.654372][ T5338]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   68.656996][ T5338]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.659777][ T5338]  ? skb_queue_tail+0x30/0xf0
[   68.661830][ T5338]  hci_recv_frame+0x5c9/0x720
[   68.663893][ T5338]  ? skb_pull+0xc1/0x1d0
[   68.665758][ T5338]  vhci_write+0x358/0x4a0
[   68.667664][ T5338]  vfs_write+0x54b/0xa90
[   68.669563][ T5338]  ? __pfx_vhci_write+0x10/0x10
[   68.671690][ T5338]  ? __pfx_vfs_write+0x10/0x10
[   68.673747][ T5338]  ? __fget_files+0x2a/0x420
[   68.676224][ T5338]  ksys_write+0x145/0x250
[   68.678628][ T5338]  ? __pfx_ksys_write+0x10/0x10
[   68.681254][ T5338]  ? rcu_is_watching+0x15/0xb0
[   68.683527][ T5338]  ? do_syscall_64+0xbe/0x3b0
[   68.685552][ T5338]  do_syscall_64+0xfa/0x3b0
[   68.687560][ T5338]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.689801][ T5338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.692414][ T5338]  ? clear_bhb_loop+0x60/0xb0
[   68.694365][ T5338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.696465][ T5338] RIP: 0033:0x7fb3ec78d3df
[   68.698373][ T5338] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   68.706615][ T5338] RSP: 002b:00007fb3e8bd4000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   68.709868][ T5338] RAX: ffffffffffffffda RBX: 00007fb3ec9b6080 RCX: 00007fb3ec78d3df
[   68.713173][ T5338] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 00000000000000ca
[   68.716468][ T5338] RBP: 00007fb3ec810b39 R08: 0000000000000000 R09: 0000000000000000
[   68.719775][ T5338] R10: 0000200000000000 R11: 0000000000000293 R12: 0000000000000000
[   68.722994][ T5338] R13: 0000000000000000 R14: 00007fb3ec9b6080 R15: 00007ffc20beb188
[   68.726390][ T5338]  </TASK>
[   68.728087][ T5338] Kernel Offset: disabled
[   68.729913][ T5338] Rebooting in 86400 seconds..