program:
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) (async)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
ioctl$XFS_IOC_FSGROWFSRT(r0, 0x40105870, &(0x7f0000000280)={0x550e, 0xffff7fff}) (async)
ioctl$XFS_IOC_FSGROWFSRT(r0, 0x40105870, &(0x7f0000000280)={0x550e, 0xffff7fff})
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000700)={0x60, 0x0, &(0x7f0000000580)=[@release={0x40046306, 0x2}, @acquire_done={0x40106309, 0x2}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r2}, @flat=@weak_binder={0x77622a85, 0x1001}}, &(0x7f0000000540)={0x0, 0x18, 0x30}}}], 0xc2, 0x0, &(0x7f0000000600)="e844ac7cf1dadbe52314697c4a0919ecbcca50ce368cabb39a69c222aba926df9c8f8edbd7ef79fe65afa45a4abd852cca66ce7f0e9fae32d0dea4daa1f680a6f5ab4a10e9105e3c55d20136f7f81439bea0dc626109d5c198d45f75c87bfa4f07b9803b99f851eaf0dbf36d2e2b4750f4131c86eba84532a014f618d5dda18c9bc4ce74e38d3bbb30e534e9444374159b35c941e31762d12d585b1b873c30ea757e6ead4918f05e18e136866d29cd88e655205e2c77260a0404335e6556b347475d"}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000700)={0x60, 0x0, &(0x7f0000000580)=[@release={0x40046306, 0x2}, @acquire_done={0x40106309, 0x2}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r2}, @flat=@weak_binder={0x77622a85, 0x1001}}, &(0x7f0000000540)={0x0, 0x18, 0x30}}}], 0xc2, 0x0, &(0x7f0000000600)="e844ac7cf1dadbe52314697c4a0919ecbcca50ce368cabb39a69c222aba926df9c8f8edbd7ef79fe65afa45a4abd852cca66ce7f0e9fae32d0dea4daa1f680a6f5ab4a10e9105e3c55d20136f7f81439bea0dc626109d5c198d45f75c87bfa4f07b9803b99f851eaf0dbf36d2e2b4750f4131c86eba84532a014f618d5dda18c9bc4ce74e38d3bbb30e534e9444374159b35c941e31762d12d585b1b873c30ea757e6ead4918f05e18e136866d29cd88e655205e2c77260a0404335e6556b347475d"})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_RENAME(r3, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x40, 0x5, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0xa}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x40}}, 0x5)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r4=>r3}, './file0\x00'})
renameat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', r4, &(0x7f00000000c0)='./file0\x00')
r5 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0xc2, &(0x7f0000001100)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb4, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x26, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @dev, @local, {[@rr={0x7, 0x13, 0x0, [@private, @empty, @empty, @private]}, @timestamp_prespec={0x44, 0xc, 0x0, 0x3, 0x0, [{@loopback}]}, @ssrr={0x89, 0xf, 0x0, [@private, @broadcast, @broadcast]}, @timestamp_addr={0x44, 0x4c, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@private}, {}, {@local}, {@loopback}, {@private}, {@multicast2}, {@broadcast}, {@broadcast}]}, @timestamp={0x44, 0x4}, @ssrr={0x89, 0x3, 0xd9}]}}}}}}}, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r6, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x803}, 0xe) (async)
connect$bt_l2cap(r6, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x803}, 0xe)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="02c82028002400010007d3040007c4faff020c04000300d3"], 0x2d)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r7, 0x400448ca, 0x0) (async)
ioctl$HCIINQUIRY(r7, 0x400448ca, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x500}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x1c, 0x4, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}]}, 0x1c}}, 0x0) (async)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x1c, 0x4, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}]}, 0x1c}}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x10}]}, &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x5}, 0x90)

[  103.113469][ T5287] Bluetooth: hci0: command tx timeout
[  103.148212][   T10] ------------[ cut here ]------------
[  103.150621][   T10] workqueue: cannot queue hci_tx_work on wq hci0
[  103.153633][   T10] WARNING: kernel/workqueue.c:2298 at __queue_work+0xd1f/0xfc0, CPU#0: kworker/0:1/10
[  103.158289][   T10] Modules linked in:
[  103.160382][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) 
[  103.164415][   T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  103.168591][   T10] Workqueue: events l2cap_info_timeout
[  103.171007][   T10] RIP: 0010:__queue_work+0xd4a/0xfc0
[  103.173742][   T10] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 d7 4c a5 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[  103.182410][   T10] RSP: 0018:ffffc9000023f838 EFLAGS: 00010082
[  103.185196][   T10] RAX: 1ffff1100251a18a RBX: 0000000000000008 RCX: ffff88801b382500
[  103.188695][   T10] RDX: ffff8880417af170 RSI: ffffffff8a9d11d0 RDI: ffffffff9033b270
[  103.191669][   T10] RBP: 0000000000000020 R08: ffff8880128d0c3f R09: 1ffff1100251a187
[  103.195576][   T10] R10: dffffc0000000000 R11: ffffed100251a188 R12: dffffc0000000000
[  103.199733][   T10] R13: ffff8880128d0c50 R14: ffffffff9033b270 R15: ffff8880417af170
[  103.203156][   T10] FS:  0000000000000000(0000) GS:ffff88808c888000(0000) knlGS:0000000000000000
[  103.206859][   T10] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  103.209173][   T10] CR2: 00007fa1248e0fe8 CR3: 0000000012e46000 CR4: 0000000000352ef0
[  103.212293][   T10] Call Trace:
[  103.213964][   T10]  <TASK>
[  103.216452][   T10]  ? hci_send_acl+0x96b/0xe60
[  103.219987][   T10]  ? rcu_is_watching+0x15/0xb0
[  103.222390][   T10]  queue_work_on+0x106/0x1d0
[  103.224369][   T10]  l2cap_conn_start+0x5c9/0xf20
[  103.226485][   T10]  ? __pfx_l2cap_conn_start+0x10/0x10
[  103.228910][   T10]  l2cap_info_timeout+0x68/0xa0
[  103.231170][   T10]  ? process_scheduled_works+0xa70/0x1860
[  103.233697][   T10]  process_scheduled_works+0xb5d/0x1860
[  103.236041][   T10]  ? __pfx_process_scheduled_works+0x10/0x10
[  103.239093][   T10]  ? assign_work+0x3d5/0x5e0
[  103.241700][   T10]  worker_thread+0xa53/0xfc0
[  103.244005][   T10]  kthread+0x388/0x470
[  103.245701][   T10]  ? __pfx_worker_thread+0x10/0x10
[  103.248010][   T10]  ? __pfx_kthread+0x10/0x10
[  103.250077][   T10]  ret_from_fork+0x514/0xb70
[  103.252072][   T10]  ? __pfx_ret_from_fork+0x10/0x10
[  103.254208][   T10]  ? __switch_to+0xc79/0x1410
[  103.256410][   T10]  ? __pfx_kthread+0x10/0x10
[  103.258731][   T10]  ret_from_fork_asm+0x1a/0x30
[  103.261322][   T10]  </TASK>
[  103.262651][   T10] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  103.265475][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) 
[  103.269013][   T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  103.272840][   T10] Workqueue: events l2cap_info_timeout
[  103.275178][   T10] Call Trace:
[  103.277171][   T10]  <TASK>
[  103.279200][   T10]  vpanic+0x56c/0xa60
[  103.281672][   T10]  ? __pfx__printk+0x10/0x10
[  103.283520][   T10]  ? __pfx_vpanic+0x10/0x10
[  103.285495][   T10]  ? is_bpf_text_address+0x292/0x2b0
[  103.287726][   T10]  ? is_bpf_text_address+0x26/0x2b0
[  103.289824][   T10]  panic+0xc5/0xd0
[  103.291361][   T10]  ? __pfx_panic+0x10/0x10
[  103.293128][   T10]  ? ret_from_fork_asm+0x1a/0x30
[  103.295141][   T10]  __warn+0x315/0x4c0
[  103.297069][   T10]  ? __queue_work+0xd1f/0xfc0
[  103.300414][   T10]  ? __queue_work+0xd1f/0xfc0
[  103.303163][   T10]  __report_bug+0x29a/0x540
[  103.305340][   T10]  ? add_lock_to_list+0xc7/0x100
[  103.307687][   T10]  ? __queue_work+0xd1f/0xfc0
[  103.309469][   T10]  ? __pfx___report_bug+0x10/0x10
[  103.311298][   T10]  ? __pfx_hci_tx_work+0x10/0x10
[  103.313434][   T10]  report_bug_entry+0x19a/0x290
[  103.315719][   T10]  ? __queue_work+0xd4a/0xfc0
[  103.317717][   T10]  ? __queue_work+0xd4f/0xfc0
[  103.319815][   T10]  handle_bug+0xce/0x200
[  103.321743][   T10]  exc_invalid_op+0x1a/0x50
[  103.323683][   T10]  asm_exc_invalid_op+0x1a/0x20
[  103.326036][   T10] RIP: 0010:__queue_work+0xd4a/0xfc0
[  103.328702][   T10] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 d7 4c a5 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[  103.337250][   T10] RSP: 0018:ffffc9000023f838 EFLAGS: 00010082
[  103.340533][   T10] RAX: 1ffff1100251a18a RBX: 0000000000000008 RCX: ffff88801b382500
[  103.344362][   T10] RDX: ffff8880417af170 RSI: ffffffff8a9d11d0 RDI: ffffffff9033b270
[  103.347949][   T10] RBP: 0000000000000020 R08: ffff8880128d0c3f R09: 1ffff1100251a187
[  103.351246][   T10] R10: dffffc0000000000 R11: ffffed100251a188 R12: dffffc0000000000
[  103.355419][   T10] R13: ffff8880128d0c50 R14: ffffffff9033b270 R15: ffff8880417af170
[  103.360810][   T10]  ? __pfx_hci_tx_work+0x10/0x10
[  103.363286][   T10]  ? __queue_work+0xf74/0xfc0
[  103.365430][   T10]  ? hci_send_acl+0x96b/0xe60
[  103.367468][   T10]  ? rcu_is_watching+0x15/0xb0
[  103.369527][   T10]  queue_work_on+0x106/0x1d0
[  103.371578][   T10]  l2cap_conn_start+0x5c9/0xf20
[  103.373775][   T10]  ? __pfx_l2cap_conn_start+0x10/0x10
[  103.376196][   T10]  l2cap_info_timeout+0x68/0xa0
[  103.378536][   T10]  ? process_scheduled_works+0xa70/0x1860
[  103.381245][   T10]  process_scheduled_works+0xb5d/0x1860
[  103.383811][   T10]  ? __pfx_process_scheduled_works+0x10/0x10
[  103.386598][   T10]  ? assign_work+0x3d5/0x5e0
[  103.388718][   T10]  worker_thread+0xa53/0xfc0
[  103.390643][   T10]  kthread+0x388/0x470
[  103.392388][   T10]  ? __pfx_worker_thread+0x10/0x10
[  103.394784][   T10]  ? __pfx_kthread+0x10/0x10
[  103.396919][   T10]  ret_from_fork+0x514/0xb70
[  103.399987][   T10]  ? __pfx_ret_from_fork+0x10/0x10
[  103.402680][   T10]  ? __switch_to+0xc79/0x1410
[  103.405082][   T10]  ? __pfx_kthread+0x10/0x10
[  103.407195][   T10]  ret_from_fork_asm+0x1a/0x30
[  103.409267][   T10]  </TASK>
[  103.410885][   T10] Kernel Offset: disabled
[  103.412813][   T10] Rebooting in 86400 seconds..