program:
r0 = io_uring_setup(0x2a2c, &(0x7f0000000000)={0x0, 0x0, 0x2, 0xfffffffc})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async, rerun: 32)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (rerun: 32)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r2}, 0x10)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000a80)=@generic={0x0, r3}, 0x18)
ioctl$sock_bt_hci(r1, 0x400448cb, 0x0) (async, rerun: 64)
syz_emit_vhci(&(0x7f00000006c0)=ANY=[@ANYBLOB="040e0402030c"], 0x7) (rerun: 64)
close_range(r0, 0xffffffffffffffff, 0x0) (async)
r4 = syz_open_dev$dri(&(0x7f0000000040), 0x20, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, &(0x7f0000000240)={<r5=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r4, 0xc02864c3, &(0x7f0000000400)={&(0x7f0000000440)=[r5], 0x800000000000002, 0x1, 0xb})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r4, 0xc01864cd, &(0x7f0000000180)={&(0x7f00000000c0)=[r5], 0x0, 0x1})

[   83.398640][   T48] Bluetooth: hci0: command tx timeout
[   83.402761][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[   83.414428][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[   83.557066][ T5327] ------------[ cut here ]------------
[   83.558947][ T5327] workqueue: cannot queue hci_rx_work on wq hci0
[   83.562479][ T5327] WARNING: CPU: 0 PID: 5327 at kernel/workqueue.c:2258 __queue_work+0xdf6/0x1090
[   83.566184][ T5327] Modules linked in:
[   83.568179][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0
[   83.572219][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.575935][ T5327] RIP: 0010:__queue_work+0xdf6/0x1090
[   83.577782][ T5327] Code: e8 03 80 3c 28 00 74 08 4c 89 ff e8 54 ed 9f 00 49 8b 37 49 81 c5 78 01 00 00 48 c7 c7 60 d8 29 8c 4c 89 ea e8 ab 6f f8 ff 90 <0f> 0b 90 90 e9 66 f4 ff ff e8 3c b3 38 00 90 0f 0b 90 e9 ad fc ff
[   83.585448][ T5327] RSP: 0018:ffffc9000d26fa88 EFLAGS: 00010046
[   83.588373][ T5327] RAX: 28136f72b7a0bc00 RBX: ffff888000f14880 RCX: ffff888000f14880
[   83.591450][ T5327] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   83.594297][ T5327] RBP: dffffc0000000000 R08: ffffffff81817e32 R09: 1ffff11003f8519a
[   83.597189][ T5327] R10: dffffc0000000000 R11: ffffed1003f8519b R12: 1ffff11003586d38
[   83.600003][ T5327] R13: ffff88801ac36978 R14: 0000000000000008 R15: ffff8880437cca98
[   83.603066][ T5327] FS:  00007f2e4c7ff6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   83.607045][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   83.609995][ T5327] CR2: 0000000000000000 CR3: 000000003f538000 CR4: 0000000000352ef0
[   83.613305][ T5327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   83.616105][ T5327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   83.618927][ T5327] Call Trace:
[   83.620078][ T5327]  <TASK>
[   83.621288][ T5327]  ? __warn+0x165/0x4d0
[   83.623017][ T5327]  ? __queue_work+0xdf6/0x1090
[   83.624770][ T5327]  ? report_bug+0x2b3/0x500
[   83.626554][ T5327]  ? __queue_work+0xdf6/0x1090
[   83.629143][ T5327]  ? handle_bug+0x60/0x90
[   83.631425][ T5327]  ? exc_invalid_op+0x1a/0x50
[   83.633590][ T5327]  ? asm_exc_invalid_op+0x1a/0x20
[   83.635411][ T5327]  ? __warn_printk+0x292/0x360
[   83.637066][ T5327]  ? __queue_work+0xdf6/0x1090
[   83.638770][ T5327]  ? __queue_work+0xdf5/0x1090
[   83.640583][ T5327]  queue_work_on+0x1c2/0x380
[   83.642276][ T5327]  ? __pfx_queue_work_on+0x10/0x10
[   83.644170][ T5327]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   83.646260][ T5327]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   83.648253][ T5327]  ? skb_queue_tail+0x36/0x120
[   83.650001][ T5327]  hci_recv_frame+0x598/0x6f0
[   83.652234][ T5327]  vhci_write+0x35a/0x490
[   83.654540][ T5327]  vfs_write+0xacf/0xd10
[   83.656544][ T5327]  ? __pfx_vhci_write+0x10/0x10
[   83.658525][ T5327]  ? __pfx_vfs_write+0x10/0x10
[   83.660323][ T5327]  ? __fget_files+0x2a/0x410
[   83.662042][ T5327]  ? __fget_files+0x2a/0x410
[   83.663857][ T5327]  ksys_write+0x18f/0x2b0
[   83.665822][ T5327]  ? __pfx_ksys_write+0x10/0x10
[   83.667594][ T5327]  ? do_syscall_64+0x100/0x230
[   83.669141][ T5327]  ? do_syscall_64+0xb6/0x230
[   83.670922][ T5327]  do_syscall_64+0xf3/0x230
[   83.672857][ T5327]  ? clear_bhb_loop+0x35/0x90
[   83.674702][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.677142][ T5327] RIP: 0033:0x7f2e4b98bc1f
[   83.678977][ T5327] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   83.686010][ T5327] RSP: 002b:00007f2e4c7ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   83.689194][ T5327] RAX: ffffffffffffffda RBX: 00007f2e4bba6080 RCX: 00007f2e4b98bc1f
[   83.692877][ T5327] RDX: 0000000000000007 RSI: 00004000000006c0 RDI: 00000000000000ca
[   83.696648][ T5327] RBP: 00007f2e4ba0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   83.699588][ T5327] R10: 00004000000006c0 R11: 0000000000000293 R12: 0000000000000000
[   83.702598][ T5327] R13: 0000000000000000 R14: 00007f2e4bba6080 R15: 00007ffd6b399ba8
[   83.705193][ T5327]  </TASK>
[   83.706104][ T5327] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   83.709120][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0
[   83.713568][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.717778][ T5327] Call Trace:
[   83.718990][ T5327]  <TASK>
[   83.720008][ T5327]  dump_stack_lvl+0x241/0x360
[   83.721500][ T5327]  ? __pfx_dump_stack_lvl+0x10/0x10
[   83.723216][ T5327]  ? __pfx__printk+0x10/0x10
[   83.724879][ T5327]  ? _printk+0xd5/0x120
[   83.726316][ T5327]  ? __init_begin+0x41000/0x41000
[   83.727954][ T5327]  ? vscnprintf+0x5d/0x90
[   83.729436][ T5327]  panic+0x349/0x880
[   83.730845][ T5327]  ? __warn+0x174/0x4d0
[   83.732365][ T5327]  ? __pfx_panic+0x10/0x10
[   83.734126][ T5327]  __warn+0x344/0x4d0
[   83.735928][ T5327]  ? __queue_work+0xdf6/0x1090
[   83.738305][ T5327]  report_bug+0x2b3/0x500
[   83.740241][ T5327]  ? __queue_work+0xdf6/0x1090
[   83.742518][ T5327]  handle_bug+0x60/0x90
[   83.744347][ T5327]  exc_invalid_op+0x1a/0x50
[   83.746092][ T5327]  asm_exc_invalid_op+0x1a/0x20
[   83.747894][ T5327] RIP: 0010:__queue_work+0xdf6/0x1090
[   83.749886][ T5327] Code: e8 03 80 3c 28 00 74 08 4c 89 ff e8 54 ed 9f 00 49 8b 37 49 81 c5 78 01 00 00 48 c7 c7 60 d8 29 8c 4c 89 ea e8 ab 6f f8 ff 90 <0f> 0b 90 90 e9 66 f4 ff ff e8 3c b3 38 00 90 0f 0b 90 e9 ad fc ff
[   83.756875][ T5327] RSP: 0018:ffffc9000d26fa88 EFLAGS: 00010046
[   83.759157][ T5327] RAX: 28136f72b7a0bc00 RBX: ffff888000f14880 RCX: ffff888000f14880
[   83.762119][ T5327] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   83.765106][ T5327] RBP: dffffc0000000000 R08: ffffffff81817e32 R09: 1ffff11003f8519a
[   83.768095][ T5327] R10: dffffc0000000000 R11: ffffed1003f8519b R12: 1ffff11003586d38
[   83.771391][ T5327] R13: ffff88801ac36978 R14: 0000000000000008 R15: ffff8880437cca98
[   83.774875][ T5327]  ? __warn_printk+0x292/0x360
[   83.776657][ T5327]  ? __queue_work+0xdf5/0x1090
[   83.778728][ T5327]  queue_work_on+0x1c2/0x380
[   83.780681][ T5327]  ? __pfx_queue_work_on+0x10/0x10
[   83.782809][ T5327]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   83.785028][ T5327]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   83.787402][ T5327]  ? skb_queue_tail+0x36/0x120
[   83.789116][ T5327]  hci_recv_frame+0x598/0x6f0
[   83.790871][ T5327]  vhci_write+0x35a/0x490
[   83.792703][ T5327]  vfs_write+0xacf/0xd10
[   83.794858][ T5327]  ? __pfx_vhci_write+0x10/0x10
[   83.797305][ T5327]  ? __pfx_vfs_write+0x10/0x10
[   83.799580][ T5327]  ? __fget_files+0x2a/0x410
[   83.801334][ T5327]  ? __fget_files+0x2a/0x410
[   83.803141][ T5327]  ksys_write+0x18f/0x2b0
[   83.804888][ T5327]  ? __pfx_ksys_write+0x10/0x10
[   83.806836][ T5327]  ? do_syscall_64+0x100/0x230
[   83.808737][ T5327]  ? do_syscall_64+0xb6/0x230
[   83.810594][ T5327]  do_syscall_64+0xf3/0x230
[   83.812129][ T5327]  ? clear_bhb_loop+0x35/0x90
[   83.813950][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.816251][ T5327] RIP: 0033:0x7f2e4b98bc1f
[   83.818137][ T5327] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   83.825394][ T5327] RSP: 002b:00007f2e4c7ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   83.828371][ T5327] RAX: ffffffffffffffda RBX: 00007f2e4bba6080 RCX: 00007f2e4b98bc1f
[   83.831415][ T5327] RDX: 0000000000000007 RSI: 00004000000006c0 RDI: 00000000000000ca
[   83.834864][ T5327] RBP: 00007f2e4ba0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   83.838695][ T5327] R10: 00004000000006c0 R11: 0000000000000293 R12: 0000000000000000
[   83.841694][ T5327] R13: 0000000000000000 R14: 00007f2e4bba6080 R15: 00007ffd6b399ba8
[   83.844542][ T5327]  </TASK>
[   83.846015][ T5327] Kernel Offset: disabled
[   83.847579][ T5327] Rebooting in 86400 seconds..