program:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect(r1, &(0x7f0000000000)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x8}, 0x80) (async)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
ioctl$HCIINQUIRY(r2, 0x400448ca, 0x0) (async)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="b80000001900674c000000000000000000000000000000000000000000000000e000000200000000000000000000000000000000000000000a"], 0xb8}}, 0x0) (async)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="b8000000190001000000000000000000e0000002000000000000000000000000fc01000000000000000000000000000000000000000000000a00005400", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006bdf00000000000000000000000010000000000000000000000000000000000000000000000020"], 0xb8}}, 0x0)
syz_emit_ethernet(0x2c2, &(0x7f0000000900)={@local, @random="cce390677742", @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0cbb05", 0x288, 0x2f, 0x0, @private2, @local, {[], @time_exceed={0x3, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "0120d2", 0x0, 0x0, 0x0, @mcast2, @remote, [@hopopts={0x5c, 0x0, '\x00', [@padn={0x1, 0x1, [0x0]}, @enc_lim={0x4, 0x1, 0x3}]}, @routing={0x2b, 0x10, 0x0, 0x8, 0x0, [@mcast1, @mcast1, @remote, @local, @private1={0xfc, 0x1, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @loopback}, @private1, @private2={0xfc, 0x2, '\x00', 0x1}]}, @dstopts={0xe8, 0x13, '\x00', [@calipso={0x7, 0x58, {0x0, 0x14, 0x5, 0x685, [0x401, 0x0, 0x80, 0x2, 0x7, 0x4, 0x7ff, 0x2, 0x82, 0x9]}}, @pad1, @calipso={0x7, 0x40, {0x0, 0xe, 0x1, 0xda, [0x4, 0x6, 0x8, 0x9, 0x7, 0xff, 0x8]}}]}, @hopopts={0x54, 0x1c, '\x00', [@generic={0x7, 0xc5, "0ac91be3b2c20a7144c9763aed5cbd7c9c3caa3e0934580653588b1987f37d179589ea01cbf36e4629b8b9210e28747fadeaea6c5d2101311735ca848b9fdcc024f33b6c0a1fbdf44e82db4a0843d2b860201934c07e1b56e4df66abfd806df71f49f6aa9303580c798316e9cff9cc69281f1b087956d0076c8f767bd6c1a2ac551b078bbed94b2d648b4f5cb1206450817894c1daf7e1f55fdc5e315098e6dfb5610d98c54cadb02fa7a4b7269fb3161a169002932c3ce03ccdf32b68b14a304b2c3a5357"}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x7}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x2}, @padn={0x1, 0x1, [0x0]}]}, @dstopts={0x5e, 0x4, '\x00', [@ra={0x5, 0x2, 0x7}, @generic={0x0, 0x1a, "ce45eb1bbcf521f2e6d5b36aac0d8ce028e11023f7c822b17489"}]}]}}}}}}}, 0x0)

[  116.881597][   T10] ------------[ cut here ]------------
[  116.884118][   T10] workqueue: cannot queue hci_tx_work on wq hci0
[  116.888480][   T10] WARNING: kernel/workqueue.c:2271 at __queue_work+0xd53/0x1020, CPU#0: kworker/0:1/10
[  116.893925][   T10] Modules linked in:
[  116.895996][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) 
[  116.902513][   T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  116.911214][   T10] Workqueue: events l2cap_info_timeout
[  116.914653][   T10] RIP: 0010:__queue_work+0xd7e/0x1020
[  116.917400][   T10] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 83 14 a4 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[  116.926626][   T10] RSP: 0018:ffffc9000023f838 EFLAGS: 00010086
[  116.929443][   T10] RAX: 1ffff1100244618d RBX: 0000000000000008 RCX: ffff88801b78a4c0
[  116.933637][   T10] RDX: ffff888012691178 RSI: ffffffff8aa0db00 RDI: ffffffff9014a6c0
[  116.938703][   T10] RBP: 0000000000000020 R08: ffff888012230c57 R09: 1ffff1100244618a
[  116.942911][   T10] R10: dffffc0000000000 R11: ffffed100244618b R12: dffffc0000000000
[  116.946439][   T10] R13: ffff888012230c68 R14: ffffffff9014a6c0 R15: ffff888012691178
[  116.950520][   T10] FS:  0000000000000000(0000) GS:ffff88808ca58000(0000) knlGS:0000000000000000
[  116.955282][   T10] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.958415][   T10] CR2: 00007ffd708e5e80 CR3: 00000000420ff000 CR4: 0000000000352ef0
[  116.962150][   T10] Call Trace:
[  116.963693][   T10]  <TASK>
[  116.965011][   T10]  ? hci_send_acl+0x96b/0xe60
[  116.967253][   T10]  ? rcu_is_watching+0x15/0xb0
[  116.969517][   T10]  queue_work_on+0x106/0x1d0
[  116.972319][   T10]  l2cap_conn_start+0xc6a/0xff0
[  116.974696][   T10]  ? __pfx_l2cap_conn_start+0x10/0x10
[  116.977263][   T10]  ? l2cap_info_timeout+0x60/0xa0
[  116.979824][   T10]  ? __pfx___mutex_lock+0x10/0x10
[  116.982324][   T10]  l2cap_info_timeout+0x68/0xa0
[  116.984856][   T10]  ? process_scheduled_works+0xa25/0x1830
[  116.988108][   T10]  process_scheduled_works+0xb02/0x1830
[  116.991387][   T10]  ? __pfx_process_scheduled_works+0x10/0x10
[  116.994288][   T10]  ? assign_work+0x3d5/0x5e0
[  116.996409][   T10]  worker_thread+0xa50/0xfc0
[  116.998563][   T10]  kthread+0x388/0x470
[  117.000563][   T10]  ? __pfx_worker_thread+0x10/0x10
[  117.002999][   T10]  ? __pfx_kthread+0x10/0x10
[  117.005242][   T10]  ret_from_fork+0x51e/0xb90
[  117.007592][   T10]  ? __pfx_ret_from_fork+0x10/0x10
[  117.010428][   T10]  ? __switch_to+0xc7d/0x1450
[  117.014009][   T10]  ? __pfx_kthread+0x10/0x10
[  117.016394][   T10]  ret_from_fork_asm+0x1a/0x30
[  117.018603][   T10]  </TASK>
[  117.020099][   T10] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  117.023327][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) 
[  117.027879][   T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  117.033878][   T10] Workqueue: events l2cap_info_timeout
[  117.037024][   T10] Call Trace:
[  117.038669][   T10]  <TASK>
[  117.040001][   T10]  vpanic+0x56c/0xa60
[  117.041852][   T10]  ? __pfx__printk+0x10/0x10
[  117.043952][   T10]  ? __pfx_vpanic+0x10/0x10
[  117.046123][   T10]  ? is_bpf_text_address+0x292/0x2b0
[  117.048614][   T10]  ? is_bpf_text_address+0x26/0x2b0
[  117.051281][   T10]  panic+0xc5/0xd0
[  117.053184][   T10]  ? __pfx_panic+0x10/0x10
[  117.055362][   T10]  ? ret_from_fork_asm+0x1a/0x30
[  117.057927][   T10]  __warn+0x315/0x4f0
[  117.060110][   T10]  ? __queue_work+0xd53/0x1020
[  117.062638][   T10]  ? __queue_work+0xd53/0x1020
[  117.064971][   T10]  __report_bug+0x29a/0x540
[  117.067248][   T10]  ? check_noncircular+0xda/0x150
[  117.069961][   T10]  ? __queue_work+0xd53/0x1020
[  117.072388][   T10]  ? __pfx___report_bug+0x10/0x10
[  117.074653][   T10]  ? __pfx_hci_tx_work+0x10/0x10
[  117.077232][   T10]  report_bug_entry+0x19a/0x290
[  117.079671][   T10]  ? __queue_work+0xd7e/0x1020
[  117.082096][   T10]  ? __queue_work+0xd83/0x1020
[  117.084484][   T10]  handle_bug+0xce/0x200
[  117.086701][   T10]  exc_invalid_op+0x1a/0x50
[  117.088856][   T10]  asm_exc_invalid_op+0x1a/0x20
[  117.091032][   T10] RIP: 0010:__queue_work+0xd7e/0x1020
[  117.093566][   T10] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 83 14 a4 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[  117.102049][   T10] RSP: 0018:ffffc9000023f838 EFLAGS: 00010086
[  117.104917][   T10] RAX: 1ffff1100244618d RBX: 0000000000000008 RCX: ffff88801b78a4c0
[  117.108999][   T10] RDX: ffff888012691178 RSI: ffffffff8aa0db00 RDI: ffffffff9014a6c0
[  117.113337][   T10] RBP: 0000000000000020 R08: ffff888012230c57 R09: 1ffff1100244618a
[  117.116864][   T10] R10: dffffc0000000000 R11: ffffed100244618b R12: dffffc0000000000
[  117.120702][   T10] R13: ffff888012230c68 R14: ffffffff9014a6c0 R15: ffff888012691178
[  117.124993][   T10]  ? __pfx_hci_tx_work+0x10/0x10
[  117.127388][   T10]  ? __queue_work+0xfa8/0x1020
[  117.129566][   T10]  ? hci_send_acl+0x96b/0xe60
[  117.131712][   T10]  ? rcu_is_watching+0x15/0xb0
[  117.134032][   T10]  queue_work_on+0x106/0x1d0
[  117.136713][   T10]  l2cap_conn_start+0xc6a/0xff0
[  117.138976][   T10]  ? __pfx_l2cap_conn_start+0x10/0x10
[  117.142288][   T10]  ? l2cap_info_timeout+0x60/0xa0
[  117.144609][   T10]  ? __pfx___mutex_lock+0x10/0x10
[  117.147063][   T10]  l2cap_info_timeout+0x68/0xa0
[  117.149340][   T10]  ? process_scheduled_works+0xa25/0x1830
[  117.151968][   T10]  process_scheduled_works+0xb02/0x1830
[  117.154499][   T10]  ? __pfx_process_scheduled_works+0x10/0x10
[  117.157440][   T10]  ? assign_work+0x3d5/0x5e0
[  117.159511][   T10]  worker_thread+0xa50/0xfc0
[  117.161648][   T10]  kthread+0x388/0x470
[  117.163433][   T10]  ? __pfx_worker_thread+0x10/0x10
[  117.165669][   T10]  ? __pfx_kthread+0x10/0x10
[  117.167586][   T10]  ret_from_fork+0x51e/0xb90
[  117.169579][   T10]  ? __pfx_ret_from_fork+0x10/0x10
[  117.171774][   T10]  ? __switch_to+0xc7d/0x1450
[  117.173886][   T10]  ? __pfx_kthread+0x10/0x10
[  117.175805][   T10]  ret_from_fork_asm+0x1a/0x30
[  117.178830][   T10]  </TASK>
[  117.180707][   T10] Kernel Offset: disabled
[  117.182694][   T10] Rebooting in 86400 seconds..