program:
r0 = socket$inet6_udp(0xa, 0x2, 0x0) (async)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448cb, 0x0) (async)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
prctl$PR_GET_THP_DISABLE(0x2a)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x8eb}, 0xe)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x8000, 0x0)
preadv2(r3, &(0x7f0000000780)=[{&(0x7f00000003c0)=""/147, 0x93}, {&(0x7f0000000480)=""/87, 0x57}, {&(0x7f0000000500)=""/92, 0x5c}, {&(0x7f0000000580)=""/22, 0x16}, {&(0x7f00000005c0)=""/166, 0xa6}, {&(0x7f0000000680)=""/40, 0x28}, {&(0x7f00000006c0)=""/32, 0x20}, {&(0x7f0000000700)=""/45, 0x2d}, {&(0x7f0000000740)}], 0x9, 0x9, 0x0, 0xa) (async)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x150, 0x168, 0x9, 0x150, 0xb, 0x250, 0x250, 0x250, 0x250, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [], 'veth0_to_bridge\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x108, 0x150, 0x0, {0x0, 0x28e}, [@common=@inet=@ipcomp={{0x30}, {[], 0x74c8aad696aabd1d}}, @common=@inet=@ipcomp={{0x30}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'dvmrp0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x2}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)

[   93.816361][ T1222] cfg80211: failed to load regulatory.db
[   93.822056][ T5296] Bluetooth: hci0: command tx timeout
[   93.882057][ T5322] ------------[ cut here ]------------
[   93.884508][ T5322] workqueue: cannot queue hci_rx_work on wq hci0
[   93.887551][ T5322] WARNING: kernel/workqueue.c:2271 at __queue_work+0xd53/0x1020, CPU#0: syz.0.0/5322
[   93.891502][ T5322] Modules linked in:
[   93.893057][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   93.896868][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   93.901374][ T5322] RIP: 0010:__queue_work+0xd7e/0x1020
[   93.903788][ T5322] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 23 f6 a3 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[   93.912241][ T5322] RSP: 0018:ffffc9000deb7b20 EFLAGS: 00010086
[   93.914978][ T5322] RAX: 1ffff110024b197b RBX: 0000000000000008 RCX: ffff888000532480
[   93.918312][ T5322] RDX: ffff888012420178 RSI: ffffffff8aa01050 RDI: ffffffff90148d90
[   93.922080][ T5322] RBP: 0000000000000000 R08: ffff88801258cbc7 R09: 1ffff110024b1978
[   93.926125][ T5322] R10: dffffc0000000000 R11: ffffed10024b1979 R12: dffffc0000000000
[   93.930547][ T5322] R13: ffff88801258cbd8 R14: ffffffff90148d90 R15: ffff888012420178
[   93.934062][ T5322] FS:  00007fcd98bf26c0(0000) GS:ffff88808ca5b000(0000) knlGS:0000000000000000
[   93.938236][ T5322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   93.941176][ T5322] CR2: 00007fcd98bf1ff8 CR3: 0000000036b09000 CR4: 0000000000352ef0
[   93.944648][ T5322] Call Trace:
[   93.946145][ T5322]  <TASK>
[   93.947388][ T5322]  ? rcu_is_watching+0x15/0xb0
[   93.949261][ T5322]  queue_work_on+0x106/0x1d0
[   93.951334][ T5322]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   93.953746][ T5322]  hci_recv_frame+0x625/0x7c0
[   93.955762][ T5322]  ? skb_pull+0xc1/0x1d0
[   93.957661][ T5322]  vhci_write+0x358/0x4a0
[   93.959630][ T5322]  vfs_write+0x61d/0xb90
[   93.961782][ T5322]  ? __pfx_vfs_write+0x10/0x10
[   93.963955][ T5322]  ? __fget_files+0x2a/0x420
[   93.967522][ T5322]  ksys_write+0x150/0x270
[   93.969604][ T5322]  ? __pfx_ksys_write+0x10/0x10
[   93.971863][ T5322]  do_syscall_64+0x14d/0xf80
[   93.974012][ T5322]  ? trace_irq_disable+0x3b/0x150
[   93.976179][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.978799][ T5322]  ? clear_bhb_loop+0x40/0x90
[   93.980904][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.983609][ T5322] RIP: 0033:0x7fcd97d5cece
[   93.985802][ T5322] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   93.994059][ T5322] RSP: 002b:00007fcd98bf1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   93.997560][ T5322] RAX: ffffffffffffffda RBX: 00007fcd98bf26c0 RCX: 00007fcd97d5cece
[   94.000939][ T5322] RDX: 000000000000001a RSI: 00002000000000c0 RDI: 00000000000000ca
[   94.004399][ T5322] RBP: 00007fcd97e32b39 R08: 0000000000000000 R09: 0000000000000000
[   94.007839][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.011175][ T5322] R13: 00007fcd98016218 R14: 00007fcd98016180 R15: 00007ffcf1b9f1a8
[   94.014650][ T5322]  </TASK>
[   94.016054][ T5322] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   94.019310][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   94.023307][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   94.027681][ T5322] Call Trace:
[   94.029280][ T5322]  <TASK>
[   94.030617][ T5322]  vpanic+0x56c/0xa60
[   94.032409][ T5322]  ? __pfx__printk+0x10/0x10
[   94.034469][ T5322]  ? __pfx_vpanic+0x10/0x10
[   94.036449][ T5322]  ? is_bpf_text_address+0x292/0x2b0
[   94.038679][ T5322]  ? is_bpf_text_address+0x26/0x2b0
[   94.040861][ T5322]  panic+0xc5/0xd0
[   94.042536][ T5322]  ? __pfx_panic+0x10/0x10
[   94.044526][ T5322]  __warn+0x315/0x4f0
[   94.046362][ T5322]  ? __queue_work+0xd53/0x1020
[   94.048489][ T5322]  ? __queue_work+0xd53/0x1020
[   94.050529][ T5322]  __report_bug+0x29a/0x540
[   94.052522][ T5322]  ? __queue_work+0xd53/0x1020
[   94.054705][ T5322]  ? __pfx___report_bug+0x10/0x10
[   94.056898][ T5322]  ? __pfx_hci_rx_work+0x10/0x10
[   94.059154][ T5322]  ? do_syscall_64+0x14d/0xf80
[   94.061294][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.063949][ T5322]  report_bug_entry+0x19a/0x290
[   94.066069][ T5322]  ? __queue_work+0xd7e/0x1020
[   94.068091][ T5322]  ? __queue_work+0xd83/0x1020
[   94.070220][ T5322]  handle_bug+0xca/0x200
[   94.072097][ T5322]  exc_invalid_op+0x1a/0x50
[   94.074099][ T5322]  asm_exc_invalid_op+0x1a/0x20
[   94.076207][ T5322] RIP: 0010:__queue_work+0xd7e/0x1020
[   94.078497][ T5322] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 23 f6 a3 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[   94.086417][ T5322] RSP: 0018:ffffc9000deb7b20 EFLAGS: 00010086
[   94.088998][ T5322] RAX: 1ffff110024b197b RBX: 0000000000000008 RCX: ffff888000532480
[   94.092542][ T5322] RDX: ffff888012420178 RSI: ffffffff8aa01050 RDI: ffffffff90148d90
[   94.096129][ T5322] RBP: 0000000000000000 R08: ffff88801258cbc7 R09: 1ffff110024b1978
[   94.099683][ T5322] R10: dffffc0000000000 R11: ffffed10024b1979 R12: dffffc0000000000
[   94.103088][ T5322] R13: ffff88801258cbd8 R14: ffffffff90148d90 R15: ffff888012420178
[   94.106436][ T5322]  ? __pfx_hci_rx_work+0x10/0x10
[   94.108821][ T5322]  ? rcu_is_watching+0x15/0xb0
[   94.111016][ T5322]  queue_work_on+0x106/0x1d0
[   94.113049][ T5322]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   94.115317][ T5322]  hci_recv_frame+0x625/0x7c0
[   94.117349][ T5322]  ? skb_pull+0xc1/0x1d0
[   94.119197][ T5322]  vhci_write+0x358/0x4a0
[   94.121497][ T5322]  vfs_write+0x61d/0xb90
[   94.123447][ T5322]  ? __pfx_vfs_write+0x10/0x10
[   94.125604][ T5322]  ? __fget_files+0x2a/0x420
[   94.127600][ T5322]  ksys_write+0x150/0x270
[   94.129515][ T5322]  ? __pfx_ksys_write+0x10/0x10
[   94.131604][ T5322]  do_syscall_64+0x14d/0xf80
[   94.133726][ T5322]  ? trace_irq_disable+0x3b/0x150
[   94.136133][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.139439][ T5322]  ? clear_bhb_loop+0x40/0x90
[   94.141558][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.144126][ T5322] RIP: 0033:0x7fcd97d5cece
[   94.146032][ T5322] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   94.154177][ T5322] RSP: 002b:00007fcd98bf1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   94.157749][ T5322] RAX: ffffffffffffffda RBX: 00007fcd98bf26c0 RCX: 00007fcd97d5cece
[   94.161184][ T5322] RDX: 000000000000001a RSI: 00002000000000c0 RDI: 00000000000000ca
[   94.164690][ T5322] RBP: 00007fcd97e32b39 R08: 0000000000000000 R09: 0000000000000000
[   94.168105][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.171636][ T5322] R13: 00007fcd98016218 R14: 00007fcd98016180 R15: 00007ffcf1b9f1a8
[   94.175093][ T5322]  </TASK>
[   94.176918][ T5322] Kernel Offset: disabled
[   94.178875][ T5322] Rebooting in 86400 seconds..