program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@flushpolicy={0x10, 0x1d, 0x1}, 0x10}}, 0x0) (async)
ioctl$sock_bt_hci(r1, 0x400448cb, 0x0) (async, rerun: 64)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) (rerun: 64)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e"], 0x22) (async)
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x2c, 0x0, 0xb, 0x101, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_COMPAT_NAME={0x7, 0x1, '&%\x00'}, @NFTA_COMPAT_NAME={0x7, 0x1, '&%\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)

[   69.082808][ T5318] Bluetooth: hci0: command tx timeout
[   69.129117][ T5335] ------------[ cut here ]------------
[   69.132035][ T5335] workqueue: cannot queue hci_rx_work on wq hci0
[   69.134964][ T5335] WARNING: CPU: 0 PID: 5335 at kernel/workqueue.c:2258 __queue_work+0xdff/0x10a0
[   69.138755][ T5335] Modules linked in:
[   69.140235][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) 
[   69.144646][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.149042][ T5335] RIP: 0010:__queue_work+0xdff/0x10a0
[   69.151167][ T5335] Code: e8 03 80 3c 28 00 74 08 4c 89 ff e8 2b 5e a3 00 49 8b 37 49 81 c5 78 01 00 00 48 c7 c7 40 cc 49 8c 4c 89 ea e8 42 7d f8 ff 90 <0f> 0b 90 90 e9 5d f4 ff ff e8 23 24 39 00 90 0f 0b 90 e9 a7 fc ff
[   69.158524][ T5335] RSP: 0018:ffffc9000d57fa68 EFLAGS: 00010046
[   69.161049][ T5335] RAX: f808f20ed0add800 RBX: ffff88801ef4c880 RCX: ffff88801ef4c880
[   69.164361][ T5335] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   69.167602][ T5335] RBP: dffffc0000000000 R08: ffffffff818218d2 R09: 1ffff11003f847d2
[   69.170842][ T5335] R10: dffffc0000000000 R11: ffffed1003f847d3 R12: 1ffff11008822c38
[   69.174138][ T5335] R13: ffff888044116178 R14: 0000000000000008 R15: ffff88804469ca98
[   69.177417][ T5335] FS:  00007f5fab01f6c0(0000) GS:ffff88808c59a000(0000) knlGS:0000000000000000
[   69.181060][ T5335] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.183663][ T5335] CR2: 00007f5fab01efd8 CR3: 00000000412de000 CR4: 0000000000352ef0
[   69.186830][ T5335] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.190059][ T5335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.193489][ T5335] Call Trace:
[   69.194921][ T5335]  <TASK>
[   69.196148][ T5335]  queue_work_on+0x1c4/0x380
[   69.197834][ T5335]  ? __pfx_queue_work_on+0x10/0x10
[   69.199891][ T5335]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[   69.202184][ T5335]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.204641][ T5335]  ? skb_queue_tail+0x36/0x120
[   69.206597][ T5335]  hci_recv_frame+0x598/0x6f0
[   69.208553][ T5335]  vhci_write+0x353/0x4a0
[   69.210344][ T5335]  vfs_write+0x70f/0xd10
[   69.212101][ T5335]  ? __pfx_vhci_write+0x10/0x10
[   69.214122][ T5335]  ? __pfx_vfs_write+0x10/0x10
[   69.216006][ T5335]  ? __fget_files+0x2a/0x420
[   69.217866][ T5335]  ? __fget_files+0x2a/0x420
[   69.219707][ T5335]  ksys_write+0x19d/0x2d0
[   69.221460][ T5335]  ? __pfx_ksys_write+0x10/0x10
[   69.223502][ T5335]  ? do_syscall_64+0xb6/0x210
[   69.225395][ T5335]  do_syscall_64+0xf3/0x210
[   69.227184][ T5335]  ? clear_bhb_loop+0x45/0xa0
[   69.229010][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.231222][ T5335] RIP: 0033:0x7f5faa18cc1f
[   69.232848][ T5335] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   69.240045][ T5335] RSP: 002b:00007f5fab01f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   69.243389][ T5335] RAX: ffffffffffffffda RBX: 00007f5faa3b6080 RCX: 00007f5faa18cc1f
[   69.246389][ T5335] RDX: 0000000000000022 RSI: 0000200000000040 RDI: 00000000000000ca
[   69.249545][ T5335] RBP: 00007f5faa210a68 R08: 0000000000000000 R09: 0000000000000000
[   69.252661][ T5335] R10: 0000200000000040 R11: 0000000000000293 R12: 0000000000000000
[   69.255817][ T5335] R13: 0000000000000001 R14: 00007f5faa3b6080 R15: 00007fffdc87b8c8
[   69.259060][ T5335]  </TASK>
[   69.260337][ T5335] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   69.262990][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) 
[   69.267404][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.271719][ T5335] Call Trace:
[   69.273155][ T5335]  <TASK>
[   69.274410][ T5335]  dump_stack_lvl+0x241/0x360
[   69.276357][ T5335]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.278462][ T5335]  ? __pfx__printk+0x10/0x10
[   69.280329][ T5335]  ? vscnprintf+0x5d/0x90
[   69.282086][ T5335]  panic+0x349/0x880
[   69.283718][ T5335]  ? __warn+0x174/0x4d0
[   69.285368][ T5335]  ? __pfx_panic+0x10/0x10
[   69.287190][ T5335]  __warn+0x344/0x4d0
[   69.288996][ T5335]  ? __queue_work+0xdff/0x10a0
[   69.291075][ T5335]  report_bug+0x2b3/0x500
[   69.292823][ T5335]  ? __queue_work+0xdff/0x10a0
[   69.294803][ T5335]  ? __queue_work+0xdff/0x10a0
[   69.296814][ T5335]  ? __queue_work+0xe01/0x10a0
[   69.298750][ T5335]  handle_bug+0x89/0x170
[   69.300485][ T5335]  exc_invalid_op+0x1a/0x50
[   69.302352][ T5335]  asm_exc_invalid_op+0x1a/0x20
[   69.304282][ T5335] RIP: 0010:__queue_work+0xdff/0x10a0
[   69.306527][ T5335] Code: e8 03 80 3c 28 00 74 08 4c 89 ff e8 2b 5e a3 00 49 8b 37 49 81 c5 78 01 00 00 48 c7 c7 40 cc 49 8c 4c 89 ea e8 42 7d f8 ff 90 <0f> 0b 90 90 e9 5d f4 ff ff e8 23 24 39 00 90 0f 0b 90 e9 a7 fc ff
[   69.314744][ T5335] RSP: 0018:ffffc9000d57fa68 EFLAGS: 00010046
[   69.317221][ T5335] RAX: f808f20ed0add800 RBX: ffff88801ef4c880 RCX: ffff88801ef4c880
[   69.320366][ T5335] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   69.323412][ T5335] RBP: dffffc0000000000 R08: ffffffff818218d2 R09: 1ffff11003f847d2
[   69.326674][ T5335] R10: dffffc0000000000 R11: ffffed1003f847d3 R12: 1ffff11008822c38
[   69.330011][ T5335] R13: ffff888044116178 R14: 0000000000000008 R15: ffff88804469ca98
[   69.333719][ T5335]  ? __warn_printk+0x2a2/0x360
[   69.335680][ T5335]  ? __queue_work+0xdfe/0x10a0
[   69.337580][ T5335]  queue_work_on+0x1c4/0x380
[   69.339481][ T5335]  ? __pfx_queue_work_on+0x10/0x10
[   69.341461][ T5335]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[   69.343891][ T5335]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.346359][ T5335]  ? skb_queue_tail+0x36/0x120
[   69.348323][ T5335]  hci_recv_frame+0x598/0x6f0
[   69.350297][ T5335]  vhci_write+0x353/0x4a0
[   69.352104][ T5335]  vfs_write+0x70f/0xd10
[   69.353899][ T5335]  ? __pfx_vhci_write+0x10/0x10
[   69.355953][ T5335]  ? __pfx_vfs_write+0x10/0x10
[   69.357792][ T5335]  ? __fget_files+0x2a/0x420
[   69.359583][ T5335]  ? __fget_files+0x2a/0x420
[   69.361484][ T5335]  ksys_write+0x19d/0x2d0
[   69.363444][ T5335]  ? __pfx_ksys_write+0x10/0x10
[   69.365431][ T5335]  ? do_syscall_64+0xb6/0x210
[   69.367409][ T5335]  do_syscall_64+0xf3/0x210
[   69.369126][ T5335]  ? clear_bhb_loop+0x45/0xa0
[   69.370814][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.373038][ T5335] RIP: 0033:0x7f5faa18cc1f
[   69.374914][ T5335] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   69.382470][ T5335] RSP: 002b:00007f5fab01f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   69.385806][ T5335] RAX: ffffffffffffffda RBX: 00007f5faa3b6080 RCX: 00007f5faa18cc1f
[   69.388963][ T5335] RDX: 0000000000000022 RSI: 0000200000000040 RDI: 00000000000000ca
[   69.392101][ T5335] RBP: 00007f5faa210a68 R08: 0000000000000000 R09: 0000000000000000
[   69.395244][ T5335] R10: 0000200000000040 R11: 0000000000000293 R12: 0000000000000000
[   69.398222][ T5335] R13: 0000000000000001 R14: 00007f5faa3b6080 R15: 00007fffdc87b8c8
[   69.401407][ T5335]  </TASK>
[   69.402914][ T5335] Kernel Offset: disabled
[   69.404625][ T5335] Rebooting in 86400 seconds..