program:
r0 = socket$kcm(0x10, 0x2, 0x0) (async)
r1 = socket(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'veth0_to_team\x00', <r3=>0x0}) (async)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x400448cb, 0x0) (async, rerun: 64)
r5 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)={0x0, "5d9bc136c963354c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9dc50050257ebf728bb1687ad314a7b0ce15c1e6be0e7ecabfdfde0dfa00b100"}, 0x48, 0xffffffffffffffff) (rerun: 64)
request_key(&(0x7f0000000280)='id_legacy\x00', &(0x7f0000000340)={'syz', 0x1}, &(0x7f0000000380)='syz', r5)
landlock_create_ruleset(&(0x7f0000000100)={0x0, 0x3}, 0x10, 0x0) (async)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e1301"], 0x16) (async)
syz_usb_connect(0x0, 0x0, 0x0, 0x0) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0) (async)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000005e00)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x0, 0x8}, {0x12, 0x2, 0x0, 0x1, 0x8001, 0x400}, 0xa4, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x20000080) (async)
r6 = socket(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r8, {0x7}, {0xffff, 0xa}}}, 0x24}}, 0x0) (async, rerun: 32)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121fc963f75c23b8dbf62e7e9c726393b49b5de5bf08906d03322f8895a2cd3cb4f147cf6914cee1831d24028e98412e24b4205ba38803777b600e3b1bcb85c44f5d6fbdd4cb5d801b78351bf16e997ecf1fa666504327ad2e141f575bea39c2c04bea2fdfeb507b3df7f9873493756c7c9d94643a7e21814d2fbd6b3062671701f4ca642ac16629a9333f0034bb58f11c8aac5c555af57ddd8c35eb2f385fc37f47b8dc04808ca289d69e9c413bc7d5afd101e785c54e9b809a4a09bf4015", 0xeb}], 0x1}, 0x0) (rerun: 32)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) (async, rerun: 32)
r10 = socket$nl_rdma(0x10, 0x3, 0x14) (rerun: 32)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073797a3100000000080041007369770014003300626f6e6430"], 0x38}, 0x1, 0x0, 0x0, 0x8801}, 0x20000000) (async)
syz_clone(0x43000000, 0x0, 0xfffffffffffffd86, 0x0, 0x0, 0x0)

[   76.066902][ T4657] Bluetooth: hci0: command tx timeout
[   76.152459][ T5315] ------------[ cut here ]------------
[   76.154875][ T5315] workqueue: cannot queue hci_rx_work on wq hci0
[   76.157818][ T5315] WARNING: CPU: 0 PID: 5315 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0
[   76.161638][ T5315] Modules linked in:
[   76.163339][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.15.0-rc6-syzkaller-00278-g172a9d94339c #0 PREEMPT(full) 
[   76.167912][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.172656][ T5315] RIP: 0010:__queue_work+0xd62/0xfe0
[   76.175187][ T5315] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 79 dd 96 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 e0 cc 69 8b 4c 89 fa e8 9f 40 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 00 e4 34 00 90 0f 0b 90 e9 dd fc ff
[   76.184002][ T5315] RSP: 0018:ffffc9002301fa88 EFLAGS: 00010046
[   76.186706][ T5315] RAX: 01b9de6b24e0f000 RBX: 0000000000000000 RCX: ffff88801e672440
[   76.190859][ T5315] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   76.195203][ T5315] RBP: 1ffff11008662738 R08: ffff88801fe23e93 R09: 1ffff11003fc47d2
[   76.198133][ T5315] R10: dffffc0000000000 R11: ffffed1003fc47d3 R12: dffffc0000000000
[   76.201417][ T5315] R13: ffff888041dd4a98 R14: ffff88801e672440 R15: ffff888043313978
[   76.204888][ T5315] FS:  00007f7119a116c0(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000
[   76.208621][ T5315] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.211601][ T5315] CR2: 00007f7119a10fc8 CR3: 000000003f570000 CR4: 0000000000352ef0
[   76.215012][ T5315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   76.218805][ T5315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   76.222348][ T5315] Call Trace:
[   76.223810][ T5315]  <TASK>
[   76.225153][ T5315]  ? rcu_is_watching+0x15/0xb0
[   76.227093][ T5315]  queue_work_on+0x181/0x270
[   76.229141][ T5315]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.231319][ T5315]  ? __pfx_queue_work_on+0x10/0x10
[   76.233488][ T5315]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.236132][ T5315]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.238822][ T5315]  ? skb_queue_tail+0x30/0xf0
[   76.240760][ T5315]  hci_recv_frame+0x5ad/0x700
[   76.242729][ T5315]  ? skb_pull+0xc1/0x1d0
[   76.244527][ T5315]  vhci_write+0x358/0x4a0
[   76.246585][ T5315]  vfs_write+0x548/0xa90
[   76.248769][ T5315]  ? __pfx_vhci_write+0x10/0x10
[   76.250938][ T5315]  ? __pfx_vfs_write+0x10/0x10
[   76.253079][ T5315]  ? __fget_files+0x2a/0x420
[   76.255104][ T5315]  ksys_write+0x145/0x250
[   76.256936][ T5315]  ? __pfx_ksys_write+0x10/0x10
[   76.259037][ T5315]  ? do_syscall_64+0xba/0x210
[   76.261084][ T5315]  do_syscall_64+0xf6/0x210
[   76.263106][ T5315]  ? clear_bhb_loop+0x60/0xb0
[   76.265251][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.267810][ T5315] RIP: 0033:0x7f7118b8d41f
[   76.269810][ T5315] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   76.277960][ T5315] RSP: 002b:00007f7119a11000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   76.281540][ T5315] RAX: ffffffffffffffda RBX: 00007f7118db6160 RCX: 00007f7118b8d41f
[   76.284675][ T5315] RDX: 0000000000000016 RSI: 0000200000000100 RDI: 00000000000000ca
[   76.287958][ T5315] RBP: 00007f7118c10ab1 R08: 0000000000000000 R09: 0000000000000000
[   76.291395][ T5315] R10: 0000200000000100 R11: 0000000000000293 R12: 0000000000000000
[   76.294640][ T5315] R13: 0000000000000001 R14: 00007f7118db6160 R15: 00007ffc1271fca8
[   76.297878][ T5315]  </TASK>
[   76.299109][ T5315] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   76.302164][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.15.0-rc6-syzkaller-00278-g172a9d94339c #0 PREEMPT(full) 
[   76.307165][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.311443][ T5315] Call Trace:
[   76.312822][ T5315]  <TASK>
[   76.314052][ T5315]  dump_stack_lvl+0x99/0x250
[   76.316029][ T5315]  ? __asan_memcpy+0x40/0x70
[   76.317854][ T5315]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.319921][ T5315]  ? __pfx__printk+0x10/0x10
[   76.321939][ T5315]  panic+0x2db/0x790
[   76.323669][ T5315]  ? __pfx_panic+0x10/0x10
[   76.325595][ T5315]  ? show_trace_log_lvl+0x4fb/0x550
[   76.327456][ T5315]  __warn+0x31b/0x4b0
[   76.328975][ T5315]  ? __queue_work+0xd62/0xfe0
[   76.330627][ T5315]  ? __queue_work+0xd62/0xfe0
[   76.332447][ T5315]  report_bug+0x2be/0x4f0
[   76.334312][ T5315]  ? __queue_work+0xd62/0xfe0
[   76.336140][ T5315]  ? __queue_work+0xd62/0xfe0
[   76.338092][ T5315]  ? __queue_work+0xd64/0xfe0
[   76.340135][ T5315]  handle_bug+0x84/0x160
[   76.342024][ T5315]  exc_invalid_op+0x1a/0x50
[   76.344048][ T5315]  asm_exc_invalid_op+0x1a/0x20
[   76.346253][ T5315] RIP: 0010:__queue_work+0xd62/0xfe0
[   76.348529][ T5315] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 79 dd 96 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 e0 cc 69 8b 4c 89 fa e8 9f 40 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 00 e4 34 00 90 0f 0b 90 e9 dd fc ff
[   76.356386][ T5315] RSP: 0018:ffffc9002301fa88 EFLAGS: 00010046
[   76.358990][ T5315] RAX: 01b9de6b24e0f000 RBX: 0000000000000000 RCX: ffff88801e672440
[   76.361956][ T5315] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   76.365199][ T5315] RBP: 1ffff11008662738 R08: ffff88801fe23e93 R09: 1ffff11003fc47d2
[   76.368714][ T5315] R10: dffffc0000000000 R11: ffffed1003fc47d3 R12: dffffc0000000000
[   76.371722][ T5315] R13: ffff888041dd4a98 R14: ffff88801e672440 R15: ffff888043313978
[   76.375005][ T5315]  ? __queue_work+0xd61/0xfe0
[   76.377070][ T5315]  ? rcu_is_watching+0x15/0xb0
[   76.379233][ T5315]  queue_work_on+0x181/0x270
[   76.381289][ T5315]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.383605][ T5315]  ? __pfx_queue_work_on+0x10/0x10
[   76.385861][ T5315]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.388556][ T5315]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.391144][ T5315]  ? skb_queue_tail+0x30/0xf0
[   76.393163][ T5315]  hci_recv_frame+0x5ad/0x700
[   76.395167][ T5315]  ? skb_pull+0xc1/0x1d0
[   76.397052][ T5315]  vhci_write+0x358/0x4a0
[   76.398923][ T5315]  vfs_write+0x548/0xa90
[   76.400779][ T5315]  ? __pfx_vhci_write+0x10/0x10
[   76.402857][ T5315]  ? __pfx_vfs_write+0x10/0x10
[   76.404737][ T5315]  ? __fget_files+0x2a/0x420
[   76.406620][ T5315]  ksys_write+0x145/0x250
[   76.408545][ T5315]  ? __pfx_ksys_write+0x10/0x10
[   76.410682][ T5315]  ? do_syscall_64+0xba/0x210
[   76.412608][ T5315]  do_syscall_64+0xf6/0x210
[   76.414370][ T5315]  ? clear_bhb_loop+0x60/0xb0
[   76.416162][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.418707][ T5315] RIP: 0033:0x7f7118b8d41f
[   76.420669][ T5315] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   76.428483][ T5315] RSP: 002b:00007f7119a11000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   76.431812][ T5315] RAX: ffffffffffffffda RBX: 00007f7118db6160 RCX: 00007f7118b8d41f
[   76.435093][ T5315] RDX: 0000000000000016 RSI: 0000200000000100 RDI: 00000000000000ca
[   76.438360][ T5315] RBP: 00007f7118c10ab1 R08: 0000000000000000 R09: 0000000000000000
[   76.441510][ T5315] R10: 0000200000000100 R11: 0000000000000293 R12: 0000000000000000
[   76.444797][ T5315] R13: 0000000000000001 R14: 00007f7118db6160 R15: 00007ffc1271fca8
[   76.447974][ T5315]  </TASK>
[   76.449470][ T5315] Kernel Offset: disabled
[   76.451193][ T5315] Rebooting in 86400 seconds..