program:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x803}, 0xe)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="02c82028002400010007d3040007c4faff020c04000300d3"], 0x2d)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x81, 0x10, 0x0, 0x0, 0x0, 0xf, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={0x0, 0x1}, 0x40, 0x0, 0xfffffffc, 0x7, 0x7fff, 0x2, 0x101, 0x0, 0xfffffffc, 0x0, 0x7fffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x40000000e, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f00000002c0)={0x36, 0x2, 0x0, "444900f8ff000000000000000000cc00"})
io_uring_setup(0x4a86, &(0x7f0000000300)={0x0, 0x4178, 0x40, 0x7d842c78, 0x112}) (async)
r3 = io_uring_setup(0x4a86, &(0x7f0000000300)={0x0, 0x4178, 0x40, 0x7d842c78, 0x112})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x78b}) (async)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x78b})
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) (async)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r7 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x20, 0xfd, 0x0, 0xffeffffe}, {0x16, 0x4}]}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800030002000000080007006401010108000700ac1414bb0800020003"], 0x78}}, 0x0)
close(0x3)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r6, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x3, 0x100000008, 0x7f, 0x1, 0x0, 0x2, 0xfffffffffffff804, 0x0, 0x0, 0x0, 0x2000000000000, 0x7, 0x2, 0x1, 0x8], 0xeeef0000, 0x4fb40}) (async)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x3, 0x100000008, 0x7f, 0x1, 0x0, 0x2, 0xfffffffffffff804, 0x0, 0x0, 0x0, 0x2000000000000, 0x7, 0x2, 0x1, 0x8], 0xeeef0000, 0x4fb40})
getpgrp(0x0) (async)
r9 = getpgrp(0x0)
sched_getaffinity(r9, 0x8, &(0x7f0000000400))
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_AFF(r3, 0x11, &(0x7f0000000000)='`', 0x1)
ioctl$XFS_IOC_GETPARENTS(r4, 0xc028583e, &(0x7f00000003c0)={{[0xc, 0x6, 0xc, 0x8]}, 0x0, 0x3, 0x3, 0x0, &(0x7f0000000380)=[{{@_ha_fsid={[0xe, 0x59e3]}, {0x9, 0xbd, 0xed, 0xc3}}, 0x1a6, 0x0, '^!\x00'}]}) (async)
ioctl$XFS_IOC_GETPARENTS(r4, 0xc028583e, &(0x7f00000003c0)={{[0xc, 0x6, 0xc, 0x8]}, 0x0, 0x3, 0x3, 0x0, &(0x7f0000000380)=[{{@_ha_fsid={[0xe, 0x59e3]}, {0x9, 0xbd, 0xed, 0xc3}}, 0x1a6, 0x0, '^!\x00'}]})
ioctl$NILFS_IOCTL_GET_CPINFO(r3, 0x80186e82, &(0x7f0000000280)={&(0x7f0000000240)=[{0x2, 0x0, 0x80, 0x1, 0x0, 0x1, 0x1, 0x6}], 0x1, 0x38, 0x0, 0x3})
sync_file_range(r5, 0xb91e, 0xffffffffffffffff, 0x1) (async)
sync_file_range(r5, 0xb91e, 0xffffffffffffffff, 0x1)

[  100.750815][ T5328] ------------[ cut here ]------------
[  100.753409][ T5328] workqueue: cannot queue hci_tx_work on wq hci0
[  100.756171][ T5328] WARNING: kernel/workqueue.c:2271 at __queue_work+0xd53/0x1020, CPU#0: kworker/0:5/5328
[  100.760235][ T5328] Modules linked in:
[  100.762250][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) 
[  100.766324][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  100.770904][ T5328] Workqueue: events l2cap_info_timeout
[  100.773356][ T5328] RIP: 0010:__queue_work+0xd7e/0x1020
[  100.775980][ T5328] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 23 25 a4 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[  100.787181][ T5328] RSP: 0018:ffffc9000f4f7818 EFLAGS: 00010086
[  100.790287][ T5328] RAX: 1ffff110039b298d RBX: 0000000000000008 RCX: ffff888012198000
[  100.793974][ T5328] RDX: ffff888012818978 RSI: ffffffff8aa1a650 RDI: ffffffff9014cf00
[  100.797579][ T5328] RBP: 0000000000000020 R08: ffff88801cd94c57 R09: 1ffff110039b298a
[  100.801816][ T5328] R10: dffffc0000000000 R11: ffffed10039b298b R12: dffffc0000000000
[  100.805786][ T5328] R13: ffff88801cd94c68 R14: ffffffff9014cf00 R15: ffff888012818978
[  100.809608][ T5328] FS:  0000000000000000(0000) GS:ffff88808ca51000(0000) knlGS:0000000000000000
[  100.813781][ T5328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  100.816820][ T5328] CR2: 00007f10c45b63a0 CR3: 000000000e54c000 CR4: 0000000000352ef0
[  100.820593][ T5328] Call Trace:
[  100.822081][ T5328]  <TASK>
[  100.823417][ T5328]  ? hci_send_acl+0x96b/0xe60
[  100.825396][ T5328]  ? rcu_is_watching+0x15/0xb0
[  100.827236][ T5328]  queue_work_on+0x106/0x1d0
[  100.829144][ T5328]  l2cap_conn_start+0x5b1/0xff0
[  100.831207][ T5328]  ? __pfx_l2cap_conn_start+0x10/0x10
[  100.833776][ T5328]  ? l2cap_info_timeout+0x60/0xa0
[  100.836029][ T5328]  l2cap_info_timeout+0x68/0xa0
[  100.838172][ T5328]  ? process_scheduled_works+0xa8d/0x18c0
[  100.840602][ T5328]  process_scheduled_works+0xb6e/0x18c0
[  100.843139][ T5328]  ? __pfx_process_scheduled_works+0x10/0x10
[  100.845924][ T5328]  ? assign_work+0x3d5/0x5e0
[  100.848032][ T5328]  worker_thread+0xa53/0xfc0
[  100.851157][ T5328]  kthread+0x388/0x470
[  100.853413][ T5328]  ? __pfx_worker_thread+0x10/0x10
[  100.855788][ T5328]  ? __pfx_kthread+0x10/0x10
[  100.857966][ T5328]  ret_from_fork+0x51e/0xb90
[  100.859890][ T5328]  ? __pfx_ret_from_fork+0x10/0x10
[  100.862068][ T5328]  ? __switch_to+0xc7d/0x1450
[  100.864074][ T5328]  ? __pfx_kthread+0x10/0x10
[  100.866066][ T5328]  ret_from_fork_asm+0x1a/0x30
[  100.868340][ T5328]  </TASK>
[  100.869838][ T5328] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  100.873443][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) 
[  100.877270][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  100.881271][ T5328] Workqueue: events l2cap_info_timeout
[  100.883524][ T5328] Call Trace:
[  100.884915][ T5328]  <TASK>
[  100.886142][ T5328]  vpanic+0x56c/0xa60
[  100.887620][ T5328]  ? __pfx__printk+0x10/0x10
[  100.889636][ T5328]  ? __pfx_vpanic+0x10/0x10
[  100.892097][ T5328]  ? is_bpf_text_address+0x292/0x2b0
[  100.894637][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[  100.896997][ T5328]  panic+0xc5/0xd0
[  100.898705][ T5328]  ? __pfx_panic+0x10/0x10
[  100.900843][ T5328]  ? ret_from_fork_asm+0x1a/0x30
[  100.903094][ T5328]  __warn+0x315/0x4f0
[  100.905167][ T5328]  ? __queue_work+0xd53/0x1020
[  100.907792][ T5328]  ? __queue_work+0xd53/0x1020
[  100.910198][ T5328]  __report_bug+0x29a/0x540
[  100.912314][ T5328]  ? check_noncircular+0xda/0x150
[  100.914444][ T5328]  ? __queue_work+0xd53/0x1020
[  100.916434][ T5328]  ? __pfx___report_bug+0x10/0x10
[  100.918671][ T5328]  ? __pfx_hci_tx_work+0x10/0x10
[  100.921206][ T5328]  report_bug_entry+0x19a/0x290
[  100.923878][ T5328]  ? __queue_work+0xd7e/0x1020
[  100.926581][ T5328]  ? __queue_work+0xd83/0x1020
[  100.928730][ T5328]  handle_bug+0xce/0x200
[  100.930537][ T5328]  exc_invalid_op+0x1a/0x50
[  100.932352][ T5328]  asm_exc_invalid_op+0x1a/0x20
[  100.934410][ T5328] RIP: 0010:__queue_work+0xd7e/0x1020
[  100.936573][ T5328] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 23 25 a4 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[  100.945914][ T5328] RSP: 0018:ffffc9000f4f7818 EFLAGS: 00010086
[  100.948923][ T5328] RAX: 1ffff110039b298d RBX: 0000000000000008 RCX: ffff888012198000
[  100.952596][ T5328] RDX: ffff888012818978 RSI: ffffffff8aa1a650 RDI: ffffffff9014cf00
[  100.956172][ T5328] RBP: 0000000000000020 R08: ffff88801cd94c57 R09: 1ffff110039b298a
[  100.960040][ T5328] R10: dffffc0000000000 R11: ffffed10039b298b R12: dffffc0000000000
[  100.963948][ T5328] R13: ffff88801cd94c68 R14: ffffffff9014cf00 R15: ffff888012818978
[  100.967732][ T5328]  ? __pfx_hci_tx_work+0x10/0x10
[  100.969893][ T5328]  ? __queue_work+0xfa8/0x1020
[  100.972157][ T5328]  ? hci_send_acl+0x96b/0xe60
[  100.974717][ T5328]  ? rcu_is_watching+0x15/0xb0
[  100.977201][ T5328]  queue_work_on+0x106/0x1d0
[  100.979648][ T5328]  l2cap_conn_start+0x5b1/0xff0
[  100.982001][ T5328]  ? __pfx_l2cap_conn_start+0x10/0x10
[  100.984497][ T5328]  ? l2cap_info_timeout+0x60/0xa0
[  100.986703][ T5328]  l2cap_info_timeout+0x68/0xa0
[  100.989310][ T5328]  ? process_scheduled_works+0xa8d/0x18c0
[  100.992885][ T5328]  process_scheduled_works+0xb6e/0x18c0
[  100.996406][ T5328]  ? __pfx_process_scheduled_works+0x10/0x10
[  100.999218][ T5328]  ? assign_work+0x3d5/0x5e0
[  101.001424][ T5328]  worker_thread+0xa53/0xfc0
[  101.003593][ T5328]  kthread+0x388/0x470
[  101.005356][ T5328]  ? __pfx_worker_thread+0x10/0x10
[  101.007456][ T5328]  ? __pfx_kthread+0x10/0x10
[  101.009400][ T5328]  ret_from_fork+0x51e/0xb90
[  101.011686][ T5328]  ? __pfx_ret_from_fork+0x10/0x10
[  101.014087][ T5328]  ? __switch_to+0xc7d/0x1450
[  101.017128][ T5328]  ? __pfx_kthread+0x10/0x10
[  101.020169][ T5328]  ret_from_fork_asm+0x1a/0x30
[  101.022269][ T5328]  </TASK>
[  101.024017][ T5328] Kernel Offset: disabled
[  101.026016][ T5328] Rebooting in 86400 seconds..