program:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0x8}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0x99}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=@acquire={0x128, 0x17, 0x1, 0x70bd29, 0x25dfdbff, {{@in6=@local, 0x4d4, 0x2b}, @in6=@dev={0xfe, 0x80, '\x00', 0x19}, {@in=@dev={0xac, 0x14, 0x14, 0x2f}, @in=@empty, 0x4e23, 0x0, 0x4e23, 0x1, 0x2, 0x0, 0x20, 0x3b}, {{@in6=@remote, @in=@private=0xa010102, 0x4e24, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x1e0, 0x1db328f0ad95c2c}, {0xfffffffffffffffc, 0x4, 0x4, 0x67, 0xfffffffffffffffb, 0x5, 0x4, 0x8}, {0xa, 0xd95, 0x7, 0x1ff}, 0x5, 0x0, 0x1, 0x1, 0x3, 0x1d6deb139563c850}, 0x6, 0x9, 0x1, 0x70bd2d}}, 0x128}, 0x1, 0x0, 0x0, 0x4004004}, 0x4000840) (async)
sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=@acquire={0x128, 0x17, 0x1, 0x70bd29, 0x25dfdbff, {{@in6=@local, 0x4d4, 0x2b}, @in6=@dev={0xfe, 0x80, '\x00', 0x19}, {@in=@dev={0xac, 0x14, 0x14, 0x2f}, @in=@empty, 0x4e23, 0x0, 0x4e23, 0x1, 0x2, 0x0, 0x20, 0x3b}, {{@in6=@remote, @in=@private=0xa010102, 0x4e24, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x1e0, 0x1db328f0ad95c2c}, {0xfffffffffffffffc, 0x4, 0x4, 0x67, 0xfffffffffffffffb, 0x5, 0x4, 0x8}, {0xa, 0xd95, 0x7, 0x1ff}, 0x5, 0x0, 0x1, 0x1, 0x3, 0x1d6deb139563c850}, 0x6, 0x9, 0x1, 0x70bd2d}}, 0x128}, 0x1, 0x0, 0x0, 0x4004004}, 0x4000840)
syz_mount_image$fuse(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0408"], 0x7) (async)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0408"], 0x7)

[   85.502853][ T4700] Bluetooth: hci0: command tx timeout
[   85.568411][ T5336] ------------[ cut here ]------------
[   85.571210][ T5336] WARNING: CPU: 0 PID: 5336 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290
[   85.576300][ T5336] Modules linked in:
[   85.578342][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: kworker/u5:2 Not tainted 6.16.0-syzkaller-12016-gbec077162bd0 #0 PREEMPT(full) 
[   85.584221][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.589027][ T5336] Workqueue: hci0 hci_conn_timeout
[   85.592101][ T5336] RIP: 0010:hci_conn_timeout+0xff/0x290
[   85.594809][ T5336] Code: 48 89 df e8 23 05 09 00 eb 07 e8 9c 63 47 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 ca fe ff e8 82 63 47 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   85.603179][ T5336] RSP: 0018:ffffc9000d18fa50 EFLAGS: 00010293
[   85.605988][ T5336] RAX: ffffffff8a7857de RBX: ffff88803ff10000 RCX: ffff888000db4880
[   85.609410][ T5336] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   85.613126][ T5336] RBP: 00000000ffffffff R08: ffff88803ff10013 R09: 1ffff11007fe2002
[   85.616686][ T5336] R10: dffffc0000000000 R11: ffffed1007fe2003 R12: dffffc0000000000
[   85.620245][ T5336] R13: ffff888011b62118 R14: ffff88803ff10948 R15: ffff88803ff10010
[   85.624049][ T5336] FS:  0000000000000000(0000) GS:ffff88808d218000(0000) knlGS:0000000000000000
[   85.628194][ T5336] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.631266][ T5336] CR2: 0000000000000000 CR3: 00000000433d6000 CR4: 0000000000352ef0
[   85.634836][ T5336] Call Trace:
[   85.636359][ T5336]  <TASK>
[   85.637641][ T5336]  ? process_scheduled_works+0x9ef/0x17b0
[   85.640349][ T5336]  process_scheduled_works+0xade/0x17b0
[   85.642732][ T5336]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.645389][ T5336]  worker_thread+0x8a0/0xda0
[   85.647455][ T5336]  ? __kthread_parkme+0x7b/0x200
[   85.649705][ T5336]  kthread+0x70e/0x8a0
[   85.651665][ T5336]  ? __pfx_worker_thread+0x10/0x10
[   85.654001][ T5336]  ? __pfx_kthread+0x10/0x10
[   85.655988][ T5336]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.658434][ T5336]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.660770][ T5336]  ? __pfx_kthread+0x10/0x10
[   85.662883][ T5336]  ret_from_fork+0x3fc/0x770
[   85.664916][ T5336]  ? __pfx_ret_from_fork+0x10/0x10
[   85.667300][ T5336]  ? __pfx_kthread+0x10/0x10
[   85.669973][ T5336]  ret_from_fork_asm+0x1a/0x30
[   85.673013][ T5336]  </TASK>
[   85.674705][ T5336] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.678203][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: kworker/u5:2 Not tainted 6.16.0-syzkaller-12016-gbec077162bd0 #0 PREEMPT(full) 
[   85.683258][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.687944][ T5336] Workqueue: hci0 hci_conn_timeout
[   85.690299][ T5336] Call Trace:
[   85.692004][ T5336]  <TASK>
[   85.693319][ T5336]  dump_stack_lvl+0x99/0x250
[   85.695480][ T5336]  ? __asan_memcpy+0x40/0x70
[   85.697983][ T5336]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.700731][ T5336]  ? __pfx__printk+0x10/0x10
[   85.703045][ T5336]  vpanic+0x281/0x750
[   85.704793][ T5336]  ? __pfx__printk+0x10/0x10
[   85.706741][ T5336]  ? __pfx_vpanic+0x10/0x10
[   85.709032][ T5336]  ? is_bpf_text_address+0x292/0x2b0
[   85.711624][ T5336]  panic+0xb9/0xc0
[   85.713390][ T5336]  ? __pfx_panic+0x10/0x10
[   85.715460][ T5336]  __warn+0x31b/0x4b0
[   85.717191][ T5336]  ? hci_conn_timeout+0xff/0x290
[   85.719249][ T5336]  ? hci_conn_timeout+0xff/0x290
[   85.721640][ T5336]  report_bug+0x2be/0x4f0
[   85.723662][ T5336]  ? hci_conn_timeout+0xff/0x290
[   85.725893][ T5336]  ? hci_conn_timeout+0xff/0x290
[   85.728197][ T5336]  ? hci_conn_timeout+0x101/0x290
[   85.730523][ T5336]  handle_bug+0x84/0x160
[   85.732436][ T5336]  exc_invalid_op+0x1a/0x50
[   85.734526][ T5336]  asm_exc_invalid_op+0x1a/0x20
[   85.736592][ T5336] RIP: 0010:hci_conn_timeout+0xff/0x290
[   85.738920][ T5336] Code: 48 89 df e8 23 05 09 00 eb 07 e8 9c 63 47 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 ca fe ff e8 82 63 47 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   85.747721][ T5336] RSP: 0018:ffffc9000d18fa50 EFLAGS: 00010293
[   85.750236][ T5336] RAX: ffffffff8a7857de RBX: ffff88803ff10000 RCX: ffff888000db4880
[   85.753539][ T5336] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   85.756991][ T5336] RBP: 00000000ffffffff R08: ffff88803ff10013 R09: 1ffff11007fe2002
[   85.760530][ T5336] R10: dffffc0000000000 R11: ffffed1007fe2003 R12: dffffc0000000000
[   85.764692][ T5336] R13: ffff888011b62118 R14: ffff88803ff10948 R15: ffff88803ff10010
[   85.768254][ T5336]  ? hci_conn_timeout+0xfe/0x290
[   85.770516][ T5336]  ? process_scheduled_works+0x9ef/0x17b0
[   85.773266][ T5336]  process_scheduled_works+0xade/0x17b0
[   85.775848][ T5336]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.778410][ T5336]  worker_thread+0x8a0/0xda0
[   85.780421][ T5336]  ? __kthread_parkme+0x7b/0x200
[   85.782522][ T5336]  kthread+0x70e/0x8a0
[   85.784655][ T5336]  ? __pfx_worker_thread+0x10/0x10
[   85.787810][ T5336]  ? __pfx_kthread+0x10/0x10
[   85.790157][ T5336]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.792551][ T5336]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.794929][ T5336]  ? __pfx_kthread+0x10/0x10
[   85.797089][ T5336]  ret_from_fork+0x3fc/0x770
[   85.799099][ T5336]  ? __pfx_ret_from_fork+0x10/0x10
[   85.802047][ T5336]  ? __pfx_kthread+0x10/0x10
[   85.804049][ T5336]  ret_from_fork_asm+0x1a/0x30
[   85.806035][ T5336]  </TASK>
[   85.807777][ T5336] Kernel Offset: disabled
[   85.809568][ T5336] Rebooting in 86400 seconds..