program:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @host}, 0x10) (async)
listen(r0, 0x0) (async, rerun: 64)
connect$vsock_stream(r0, 0x0, 0x0) (rerun: 64)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) (async)
r2 = socket(0x10, 0x3, 0x9) (async)
socket(0x10, 0x3, 0x0) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
socket$inet6(0xa, 0x2, 0x0) (async, rerun: 64)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
socket$tipc(0x1e, 0x5, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0xf, &(0x7f0000000900)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xa0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x400448cb, 0x0) (async)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c", @ANYRES32=r4], 0x7)
sendmsg$nl_route(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="70000000200001002cbd7000fddbdf250a8020440000000c12000000050016003a00000014000200fe80000000000000000000000000200008000a0000000000140001"], 0x70}}, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r5, 0x11, 0x1, &(0x7f0000000040)=0x6, 0x4)
sendmmsg$inet6(r5, &(0x7f0000000740)=[{{&(0x7f0000000100)={0x2, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0)
syz_emit_ethernet(0x275, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @tipc_packet={0x8, 0x6, "d92180", 0x23f, 0x6, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, {[@srh={0x2f, 0xc, 0x4, 0x6, 0xf7, 0x60, 0x154e, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private2, @rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x3e}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01']}, @dstopts={0x2f, 0x17, '\x00', [@calipso={0x7, 0x38, {0x3, 0xc, 0x3, 0x0, [0x4, 0x6, 0x101, 0xffffffff, 0x0, 0x7ff]}}, @calipso={0x7, 0x28, {0x0, 0x8, 0xfc, 0x6, [0x4, 0x4, 0x7, 0x0]}}, @pad1, @ra={0x5, 0x2, 0x3}, @ra, @calipso={0x7, 0x38, {0x2, 0xc, 0x3, 0x8, [0x10, 0x6, 0x7, 0x79, 0x4, 0x8]}}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00'}]}, @fragment={0x62, 0x0, 0x8, 0x0, 0x0, 0x19, 0x66}, @hopopts={0xe, 0x1, '\x00', [@jumbo={0xc2, 0x4, 0x2}, @enc_lim={0x4, 0x1, 0xc2}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}, @srh={0x5c, 0xe, 0x4, 0x7, 0x1, 0x20, 0x1db, [@local, @mcast1, @private1, @local, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}]}, @routing={0x33, 0xa, 0x0, 0x7d, 0x0, [@local, @private1, @empty, @loopback, @mcast1]}], @payload_conn={{{0x1f, 0x0, 0x1, 0x1, 0x0, 0x6, 0x0, 0x2, 0x6, 0x0, 0x3, 0x0, 0x4, 0x0, 0x4, 0x7ff, 0x3, 0x4e23, 0x4e21}}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}}}}}, 0x0) (async)
ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000040))

[   68.089499][ T4673] Bluetooth: hci0: command tx timeout
[   68.170776][ T5331] ------------[ cut here ]------------
[   68.172787][ T5331] WARNING: CPU: 0 PID: 5331 at kernel/workqueue.c:2257 __queue_work+0xcd3/0xf50
[   68.176063][ T5331] Modules linked in:
[   68.177456][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller #0
[   68.180420][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.184229][ T5331] RIP: 0010:__queue_work+0xcd3/0xf50
[   68.186115][ T5331] Code: ff e8 b1 ad 37 00 90 0f 0b 90 e9 1e fd ff ff e8 a3 ad 37 00 eb 13 e8 9c ad 37 00 eb 0c e8 95 ad 37 00 eb 05 e8 8e ad 37 00 90 <0f> 0b 90 48 83 c4 60 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc
[   68.192843][ T5331] RSP: 0018:ffffc9000d067a88 EFLAGS: 00010093
[   68.195125][ T5331] RAX: ffffffff815d2c74 RBX: ffff88801f114880 RCX: ffff88801f114880
[   68.197853][ T5331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   68.200037][ T5331] RBP: 0000000000000000 R08: ffffffff815d20d4 R09: 0000000000000000
[   68.202403][ T5331] R10: ffffc9000d067b60 R11: fffff52001a0cf6d R12: ffff888042c4b800
[   68.205119][ T5331] R13: ffff888042c4b9c0 R14: dffffc0000000000 R15: 0000000000000008
[   68.207573][ T5331] FS:  00007f8c5d19f6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   68.210530][ T5331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.213089][ T5331] CR2: 00007f8c5d19ef98 CR3: 0000000042e7a000 CR4: 0000000000352ef0
[   68.216480][ T5331] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.219528][ T5331] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.222353][ T5331] Call Trace:
[   68.223466][ T5331]  <TASK>
[   68.224437][ T5331]  ? __warn+0x168/0x4e0
[   68.225979][ T5331]  ? __queue_work+0xcd3/0xf50
[   68.227777][ T5331]  ? report_bug+0x2b3/0x500
[   68.229540][ T5331]  ? __queue_work+0xcd3/0xf50
[   68.231244][ T5331]  ? handle_bug+0x60/0x90
[   68.232924][ T5331]  ? exc_invalid_op+0x1a/0x50
[   68.234729][ T5331]  ? asm_exc_invalid_op+0x1a/0x20
[   68.236625][ T5331]  ? __queue_work+0x124/0xf50
[   68.238340][ T5331]  ? __queue_work+0xcc4/0xf50
[   68.240110][ T5331]  ? __queue_work+0xcd3/0xf50
[   68.241664][ T5331]  ? __queue_work+0xcc4/0xf50
[   68.243409][ T5331]  queue_work_on+0x1c2/0x380
[   68.245175][ T5331]  ? __pfx_queue_work_on+0x10/0x10
[   68.247063][ T5331]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   68.249169][ T5331]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.251398][ T5331]  ? skb_queue_tail+0x36/0x120
[   68.253128][ T5331]  hci_recv_frame+0x598/0x6f0
[   68.254815][ T5331]  vhci_write+0x35a/0x490
[   68.256406][ T5331]  vfs_write+0xaeb/0xd30
[   68.258007][ T5331]  ? __pfx_vhci_write+0x10/0x10
[   68.259649][ T5331]  ? __pfx_vfs_write+0x10/0x10
[   68.261236][ T5331]  ? fdget_pos+0x19a/0x320
[   68.262735][ T5331]  ksys_write+0x183/0x2b0
[   68.264103][ T5331]  ? __pfx_ksys_write+0x10/0x10
[   68.265571][ T5331]  ? do_syscall_64+0x100/0x230
[   68.266901][ T5331]  ? do_syscall_64+0xb6/0x230
[   68.268366][ T5331]  do_syscall_64+0xf3/0x230
[   68.269782][ T5331]  ? clear_bhb_loop+0x35/0x90
[   68.271565][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.273682][ T5331] RIP: 0033:0x7f8c5c37d1ff
[   68.275368][ T5331] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[   68.281523][ T5331] RSP: 002b:00007f8c5d19f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   68.284023][ T5331] RAX: ffffffffffffffda RBX: 00007f8c5c536130 RCX: 00007f8c5c37d1ff
[   68.286500][ T5331] RDX: 0000000000000007 RSI: 0000000020000040 RDI: 00000000000000ca
[   68.289144][ T5331] RBP: 00007f8c5c3f1616 R08: 0000000000000000 R09: 0000000000000000
[   68.291712][ T5331] R10: 0000000020000040 R11: 0000000000000293 R12: 0000000000000000
[   68.294604][ T5331] R13: 0000000000000000 R14: 00007f8c5c536130 R15: 00007fffbbdc3b28
[   68.297591][ T5331]  </TASK>
[   68.298828][ T5331] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   68.301639][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller #0
[   68.305012][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.309019][ T5331] Call Trace:
[   68.310264][ T5331]  <TASK>
[   68.311303][ T5331]  dump_stack_lvl+0x241/0x360
[   68.312960][ T5331]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.314751][ T5331]  ? __pfx__printk+0x10/0x10
[   68.316425][ T5331]  ? vscnprintf+0x5d/0x90
[   68.317981][ T5331]  panic+0x349/0x880
[   68.319350][ T5331]  ? __warn+0x177/0x4e0
[   68.320979][ T5331]  ? __pfx_panic+0x10/0x10
[   68.322712][ T5331]  __warn+0x34b/0x4e0
[   68.324292][ T5331]  ? __queue_work+0xcd3/0xf50
[   68.325890][ T5331]  report_bug+0x2b3/0x500
[   68.327318][ T5331]  ? __queue_work+0xcd3/0xf50
[   68.328922][ T5331]  handle_bug+0x60/0x90
[   68.330259][ T5331]  exc_invalid_op+0x1a/0x50
[   68.331846][ T5331]  asm_exc_invalid_op+0x1a/0x20
[   68.333971][ T5331] RIP: 0010:__queue_work+0xcd3/0xf50
[   68.336117][ T5331] Code: ff e8 b1 ad 37 00 90 0f 0b 90 e9 1e fd ff ff e8 a3 ad 37 00 eb 13 e8 9c ad 37 00 eb 0c e8 95 ad 37 00 eb 05 e8 8e ad 37 00 90 <0f> 0b 90 48 83 c4 60 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc
[   68.343636][ T5331] RSP: 0018:ffffc9000d067a88 EFLAGS: 00010093
[   68.346019][ T5331] RAX: ffffffff815d2c74 RBX: ffff88801f114880 RCX: ffff88801f114880
[   68.349086][ T5331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   68.352038][ T5331] RBP: 0000000000000000 R08: ffffffff815d20d4 R09: 0000000000000000
[   68.354925][ T5331] R10: ffffc9000d067b60 R11: fffff52001a0cf6d R12: ffff888042c4b800
[   68.357800][ T5331] R13: ffff888042c4b9c0 R14: dffffc0000000000 R15: 0000000000000008
[   68.360694][ T5331]  ? __queue_work+0x124/0xf50
[   68.362524][ T5331]  ? __queue_work+0xcc4/0xf50
[   68.364370][ T5331]  ? __queue_work+0xcc4/0xf50
[   68.366216][ T5331]  queue_work_on+0x1c2/0x380
[   68.367725][ T5331]  ? __pfx_queue_work_on+0x10/0x10
[   68.369423][ T5331]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   68.371560][ T5331]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.373883][ T5331]  ? skb_queue_tail+0x36/0x120
[   68.375661][ T5331]  hci_recv_frame+0x598/0x6f0
[   68.377370][ T5331]  vhci_write+0x35a/0x490
[   68.378968][ T5331]  vfs_write+0xaeb/0xd30
[   68.380546][ T5331]  ? __pfx_vhci_write+0x10/0x10
[   68.382459][ T5331]  ? __pfx_vfs_write+0x10/0x10
[   68.384304][ T5331]  ? fdget_pos+0x19a/0x320
[   68.385876][ T5331]  ksys_write+0x183/0x2b0
[   68.387469][ T5331]  ? __pfx_ksys_write+0x10/0x10
[   68.389145][ T5331]  ? do_syscall_64+0x100/0x230
[   68.390900][ T5331]  ? do_syscall_64+0xb6/0x230
[   68.392661][ T5331]  do_syscall_64+0xf3/0x230
[   68.394371][ T5331]  ? clear_bhb_loop+0x35/0x90
[   68.396154][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.398472][ T5331] RIP: 0033:0x7f8c5c37d1ff
[   68.400226][ T5331] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[   68.407542][ T5331] RSP: 002b:00007f8c5d19f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   68.410664][ T5331] RAX: ffffffffffffffda RBX: 00007f8c5c536130 RCX: 00007f8c5c37d1ff
[   68.413627][ T5331] RDX: 0000000000000007 RSI: 0000000020000040 RDI: 00000000000000ca
[   68.416520][ T5331] RBP: 00007f8c5c3f1616 R08: 0000000000000000 R09: 0000000000000000
[   68.419445][ T5331] R10: 0000000020000040 R11: 0000000000000293 R12: 0000000000000000
[   68.422235][ T5331] R13: 0000000000000000 R14: 00007f8c5c536130 R15: 00007fffbbdc3b28
[   68.425311][ T5331]  </TASK>
[   68.426773][ T5331] Kernel Offset: disabled
[   68.428498][ T5331] Rebooting in 86400 seconds..