program:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x10, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0x8}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [@call={0x85, 0x0, 0x0, 0xac}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0xa4}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448cb, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
r2 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
futex(&(0x7f000000cffc)=0x5, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x40000000, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000000)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b0400000000000000000200fffe4c0004802800018007000100637400001c000280080001400000000208000240000000130500030000000000200001800700010063740000140002800800024000000011080004400000000c0900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x3, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x181603, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r7, 0x40085112, &(0x7f0000000040)=@e={0xff, 0xa, 0xb, 0x2, @generic=0x1, 0x2, 0x7, 0x8a})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000005e00)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd26, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0xa4, 0x0, 0x4000}}, @TCA_TBF_BURST={0x8, 0x6, 0x12}]}}]}, 0x60}}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="09000000070000000000010005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='ext4_writepages_result\x00', r8}, 0x18)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='ext4_writepages_result\x00', r10}, 0x10)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1010, &(0x7f00000001c0)={[{@mblk_io_submit}, {@nolazytime}, {@orlov}, {@inlinecrypt}]}, 0x1, 0x58e, &(0x7f0000001100)="$eJzs3V1rHFUcB+D/2d2kL2lNKoLWXhgo2IKaNGlFEcEW650XvhS8KhiTtJRu29BEsLViC/Ub6AcQvBNEvCwiRb3x1jvBDyDFIm1uvFuZzUy6bXfTvGw6tfM8sN05czKcM1l+PTMnM7MBVNZo9k8tYndEzKWI4Y66RuSVo0s/d/vWpenFW5emU7Ra7/+TIuXrip9P+ftQvvHWiPj95xRP1u9vd/7CxdNTzebs+bw8vnBmbnz+wsWXTp2ZOjl7cvbs5MQrEy8fOjh56EBf9nNnRPw6drRx9cSbe76f/mbX5z9+ey3F4diR13fuR7+Mxujy76RT9nt9td+NlaSe70/nR5waJXaINSk+v4GIeDqGox53Przh+OLdUjsHbKpWimgBFZXkHyqqOA7Izn+LV7lHJMDDcvPI0gTA7bQ0t7e4nP/G0txgbG3PDWxfTNE5rZMioh8zc1kbc8+n4ewVmzQPB3R3+UpEPNNt/E/tbI60Z/Gz/Nfuyn8tIt7J37P1762z/dF7yvIPD89G8v9hR/4/Wmf78g8AAAAAAAD9c/1IRLzY7e9/teXrf6LL9T9DEXG4D+0/+O9/tRt9aAbo4uaRiNcjorj2b7Ej/7mRel7a2b4eYCCdONWcPRART0TE/hjYkpUnVmhjdM9vAz3rOq7/y15Z+8W1gHk/bjS23L3NzNTC1Eb2GVhy80rEs41u+U/L43/qMv5nY//cKttoHX3jl151D84/sFlaX0fs6zr+33lyRVr5+Rzj7eOB8eKo4H6fHr/2Q6/25R/Kk43/21fO/0jqfF7P/Nrb+OzvPzeQ/+7H/4PpWPuRM4P5uk+mFhbOT0QMprfvXz+59j7D46jIQ5GXLP/793Y//1/p+H9bRFxeZZvHfnrraq864z+UJ8v/zJrG/7Uv7P3gq397tb+68f9Qe0zfn68x/wcrW21Ay+4nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwf1SJiR6Ta2PJyrTY2FjEUEU/F9lrz3PzCCyfOfXx2Jqtrf/9/rfim3+Glciq+/3+kozx5T/lgROyKiC/r29rlselzzZmydx4AAAAAAAAAAAAAAAAAAAAeEUM97v/P/FVvv6VyewhsqkbZHQBKI/9QXfIP1SX/UF3yD9Ul/1Bd8g/VJf9QXfIP1VVvfXe87D4AAAAAAAB9s+u563+kiLj82rb2KzOY1w2U2jNgsx0uuwNAaepldwAojUv/oLqc4wMPesjn1nVvCQAAAAAAAAAAAAD0y77d7v+HqqqV3QGgNL3v//dkAHjcuf8fqss5PuD+fwAAAAAAAAAAAAB49M1fuHh6qtmcPb/ehS0b29yCheosROpD4h7SQtn/MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIX/AgAA///LC/jA")
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))

[   84.716477][ T5326] ------------[ cut here ]------------
[   84.718875][ T5326] workqueue: cannot queue hci_rx_work on wq hci0
[   84.721647][ T5326] WARNING: kernel/workqueue.c:2298 at __queue_work+0xd1f/0xfc0, CPU#0: syz.0.0/5326
[   84.725506][ T5326] Modules linked in:
[   84.727146][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.730907][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.735067][ T5326] RIP: 0010:__queue_work+0xd4a/0xfc0
[   84.737226][ T5326] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 57 5c a5 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[   84.745302][ T5326] RSP: 0018:ffffc9000e267b20 EFLAGS: 00010082
[   84.747914][ T5326] RAX: 1ffff110024e1178 RBX: 0000000000000008 RCX: 0000000000100000
[   84.751160][ T5326] RDX: ffff8880417e4970 RSI: ffffffff8a9ddad0 RDI: ffffffff9033d930
[   84.754327][ T5326] RBP: 0000000000000000 R08: ffff888012708baf R09: 1ffff110024e1175
[   84.757457][ T5326] R10: dffffc0000000000 R11: ffffed10024e1176 R12: dffffc0000000000
[   84.760739][ T5326] R13: ffff888012708bc0 R14: ffffffff9033d930 R15: ffff8880417e4970
[   84.763654][ T5326] FS:  00007fbf359b36c0(0000) GS:ffff88808c881000(0000) knlGS:0000000000000000
[   84.767473][ T5326] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.770197][ T5326] CR2: 00005596de290660 CR3: 00000000392e7000 CR4: 0000000000352ef0
[   84.773520][ T5326] Call Trace:
[   84.774916][ T5326]  <TASK>
[   84.776114][ T5326]  ? ktime_get_with_offset+0x93/0x2d0
[   84.778183][ T5326]  ? rcu_is_watching+0x15/0xb0
[   84.780137][ T5326]  queue_work_on+0x106/0x1d0
[   84.781814][ T5326]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   84.783923][ T5326]  hci_recv_frame+0x625/0x7c0
[   84.785942][ T5326]  ? skb_pull+0xc1/0x1d0
[   84.787772][ T5326]  vhci_write+0x358/0x4a0
[   84.789541][ T5326]  vfs_write+0x61d/0xb90
[   84.791343][ T5326]  ? __pfx_vfs_write+0x10/0x10
[   84.793355][ T5326]  ? __fget_files+0x2a/0x420
[   84.795268][ T5326]  ksys_write+0x150/0x270
[   84.797069][ T5326]  ? __pfx_ksys_write+0x10/0x10
[   84.799109][ T5326]  ? __pfx_kcov_ioctl+0x10/0x10
[   84.801184][ T5326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.803771][ T5326]  do_syscall_64+0x15f/0xf80
[   84.805752][ T5326]  ? trace_irq_disable+0x3b/0x140
[   84.807860][ T5326]  ? clear_bhb_loop+0x40/0x90
[   84.809840][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.812372][ T5326] RIP: 0033:0x7fbf34b5d60e
[   84.814235][ T5326] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   84.822071][ T5326] RSP: 002b:00007fbf359b2f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   84.825538][ T5326] RAX: ffffffffffffffda RBX: 00007fbf359b36c0 RCX: 00007fbf34b5d60e
[   84.828828][ T5326] RDX: 0000000000000024 RSI: 0000200000000000 RDI: 00000000000000ca
[   84.832046][ T5326] RBP: 00007fbf34c32d69 R08: 0000000000000000 R09: 0000000000000000
[   84.835363][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.838794][ T5326] R13: 00007fbf34e16128 R14: 00007fbf34e16090 R15: 00007fff7e995a08
[   84.842104][ T5326]  </TASK>
[   84.843394][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   84.846358][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.849902][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.854018][ T5326] Call Trace:
[   84.855473][ T5326]  <TASK>
[   84.856807][ T5326]  vpanic+0x56c/0xa60
[   84.858484][ T5326]  ? __pfx__printk+0x10/0x10
[   84.860562][ T5326]  ? __pfx_vpanic+0x10/0x10
[   84.862592][ T5326]  ? is_bpf_text_address+0x292/0x2b0
[   84.864970][ T5326]  ? is_bpf_text_address+0x26/0x2b0
[   84.867307][ T5326]  panic+0xc5/0xd0
[   84.868952][ T5326]  ? __pfx_panic+0x10/0x10
[   84.870933][ T5326]  __warn+0x315/0x4c0
[   84.872680][ T5326]  ? __queue_work+0xd1f/0xfc0
[   84.874762][ T5326]  ? __queue_work+0xd1f/0xfc0
[   84.876858][ T5326]  __report_bug+0x29a/0x540
[   84.878867][ T5326]  ? __queue_work+0xd1f/0xfc0
[   84.880898][ T5326]  ? __pfx___report_bug+0x10/0x10
[   84.883142][ T5326]  ? __pfx_hci_rx_work+0x10/0x10
[   84.885292][ T5326]  ? do_syscall_64+0x15f/0xf80
[   84.887469][ T5326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.890009][ T5326]  ? __lock_acquire+0x6b5/0x2cf0
[   84.892137][ T5326]  report_bug_entry+0x19a/0x290
[   84.894150][ T5326]  ? __queue_work+0xd4a/0xfc0
[   84.896125][ T5326]  ? __queue_work+0xd4f/0xfc0
[   84.898201][ T5326]  handle_bug+0xce/0x200
[   84.900021][ T5326]  exc_invalid_op+0x1a/0x50
[   84.902028][ T5326]  asm_exc_invalid_op+0x1a/0x20
[   84.904136][ T5326] RIP: 0010:__queue_work+0xd4a/0xfc0
[   84.906408][ T5326] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 57 5c a5 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[   84.914171][ T5326] RSP: 0018:ffffc9000e267b20 EFLAGS: 00010082
[   84.916853][ T5326] RAX: 1ffff110024e1178 RBX: 0000000000000008 RCX: 0000000000100000
[   84.920128][ T5326] RDX: ffff8880417e4970 RSI: ffffffff8a9ddad0 RDI: ffffffff9033d930
[   84.923361][ T5326] RBP: 0000000000000000 R08: ffff888012708baf R09: 1ffff110024e1175
[   84.927111][ T5326] R10: dffffc0000000000 R11: ffffed10024e1176 R12: dffffc0000000000
[   84.930493][ T5326] R13: ffff888012708bc0 R14: ffffffff9033d930 R15: ffff8880417e4970
[   84.933825][ T5326]  ? __pfx_hci_rx_work+0x10/0x10
[   84.935956][ T5326]  ? ktime_get_with_offset+0x93/0x2d0
[   84.938310][ T5326]  ? rcu_is_watching+0x15/0xb0
[   84.940308][ T5326]  queue_work_on+0x106/0x1d0
[   84.942289][ T5326]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   84.944778][ T5326]  hci_recv_frame+0x625/0x7c0
[   84.946860][ T5326]  ? skb_pull+0xc1/0x1d0
[   84.948647][ T5326]  vhci_write+0x358/0x4a0
[   84.950478][ T5326]  vfs_write+0x61d/0xb90
[   84.952285][ T5326]  ? __pfx_vfs_write+0x10/0x10
[   84.954366][ T5326]  ? __fget_files+0x2a/0x420
[   84.956477][ T5326]  ksys_write+0x150/0x270
[   84.958322][ T5326]  ? __pfx_ksys_write+0x10/0x10
[   84.960408][ T5326]  ? __pfx_kcov_ioctl+0x10/0x10
[   84.962485][ T5326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.965064][ T5326]  do_syscall_64+0x15f/0xf80
[   84.967064][ T5326]  ? trace_irq_disable+0x3b/0x140
[   84.969278][ T5326]  ? clear_bhb_loop+0x40/0x90
[   84.971315][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.973738][ T5326] RIP: 0033:0x7fbf34b5d60e
[   84.975642][ T5326] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   84.983797][ T5326] RSP: 002b:00007fbf359b2f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   84.987337][ T5326] RAX: ffffffffffffffda RBX: 00007fbf359b36c0 RCX: 00007fbf34b5d60e
[   84.991152][ T5326] RDX: 0000000000000024 RSI: 0000200000000000 RDI: 00000000000000ca
[   84.995069][ T5326] RBP: 00007fbf34c32d69 R08: 0000000000000000 R09: 0000000000000000
[   84.998427][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.001754][ T5326] R13: 00007fbf34e16128 R14: 00007fbf34e16090 R15: 00007fff7e995a08
[   85.005137][ T5326]  </TASK>
[   85.006905][ T5326] Kernel Offset: disabled
[   85.008762][ T5326] Rebooting in 86400 seconds..