program:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r0, &(0x7f0000000100), 0x8) (async, rerun: 32)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) (async, rerun: 32)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0) (async, rerun: 32)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async, rerun: 32)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') (async, rerun: 32)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2000c12, &(0x7f0000000440)={[{@check_relaxed}, {@utf8}, {@overriderock}, {@check_strict}, {}, {@iocharset={'iocharset', 0x3d, 'cp869'}}, {@check_strict}, {@block={'block', 0x3d, 0x200}}, {@mode={'mode', 0x3d, 0x4}}, {@map_acorn}, {@check_strict}, {@overriderock}, {@unhide}, {@cruft}, {@check_strict}]}, 0x1, 0xa23, &(0x7f0000000e80)="$eJzs3c1vHGcZAPBn1nbiuiVJ21BK1NaTlKRua5y1TROsHoqzu3a22F5kO1IjDk1pHBTFUGhBaiukphLi1AokEAe4VZw4VeqFckC9ILjREwck1H+h4hRORjO7ttf2rtc2/kr6+1m7Ox/PvO8zOx+vd3d23+DusnR8zdjSUn7b4fiVP+5Dxhxil8qfffDh+9nt3dtxJLriueRPEb0RkUZ0R8SjET2l8mxtukNBtyKuRcQnEUlEHI3645Zci+SX8cDq+CeR/D6rt60jWy2ZTpb4Qjvo/Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6jpFQuFoeTI1GdufJSWheRblAqz9aSWFraOGd5mbqP816/k4871huRZLfo7V3u6vvRk6uzH4mI9Ew8Vh97LO+QPHrj7fsfOfH8w92F5eXbZfN/Obr1Yt946+1brywuLrzecm6S7GJWh9JkZaY6V6tOj09W0upcLR27cKF4/vLEXDpRnarMXZ2br0ynpdnK+HxtNh0oPZ0Oj42NppWhq7UrM5PloanK8sSLXx8pFi+kLw59pzI+O1ebOf/i0FzpcnVqqjozmcdks7OYi9mO+O3qfDpfGZ9O0xs3FxdG1+XUFev23yxouNOaZEEjnYJGiiMjw8MjI8PvNnrPXplw4bmx5y4Wi93FdWJDxB7ttBwu97XfzLt/EocdKtTb/4ipqMZMXImXIm35V4pyzEYtptvMb1hu/8+er2xabTS1/41Wvrtp/qns7kw80RjtbdP+t8ll//7eiLfi7bgVr8RiLMZCvH7gGe3v32RUYiaqMRe1qMZ0jOdT0saUNMbiQlyIYrwcl6M/5qI7JqIaU1GJubgaczEflXyPKsVsVGI85qMWs5HGQJTi6UhjOMZiLEYjjUoMxdWoxZWYickox3heyo24mT/vo5vkuBI0vJWgkU2CNjTm227/K+v/OeEeVNh0K+/BWRx2ZqnR/h/pHDpQ2o+EAAAAgF331b/HsZMP/e3fEUk8nn8uP1GdqhQPOi0AAABgF+WX6z2WPfRkQ49H4vU/AAAA3GuS/Dt2SUT0RX99aPmbUN4EAAAAgHtE/vn/E5H0r07w+h8AAADuMZ1/Y79jRDK4/PO/6fX64/VGRH0s6ZuoTlWGSrWp54fjXP4rA/k3DTaU1hWR9ORfP3gmTtejTvfVH/tWS8zq7M2ihoeeH45n4kxjRQaezB6eHGgROVKPfKoe+VRzZFesiRzNIgHgXndmk/Z4q+3/MzFYjxg8lTf53afWtMFdecta1LICwGGx0sfOfxtdmrVo/xsRT7Rr/7+xyev/LOKhuNFfv6RgKF6N12IxrsdgNK446G9V6nJvBPXLEAY7vBvQ17hk4dOLhRjc8H5A78q6NscuxEgMtnxHoKncZDmH0Xpc195sAwDYb2c2bYdX2v/uzdr/wc1f/ze1uS4pBIDDYKUH++0O9G89+KDXEQBYSysNAAAAAAAAAAAAAAAAAAAAAAAAAAAAu29LP+D/j3MRi4sLETvtLKDFwKd//fOX2sa8d39E73Yy3HygELuT8+Ef6IqIg6r9hdj2Utk2PixPnYG1Awd8YgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBfJBFdraYXIo5GRDEizu9/Vnvn9kEnsFvSnS2W3Ik78WYc2+10AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+6Bq//1+I+uP99UnRXYg4GxHXIuK7B53jdvR2mH9nn/I4fH6Q3zf9/n8hoieWkuiub/ZIekrl2dp0tiskR7P5n33w4fvZrW2R7ywPbOxVISsgq2FN5xKNGpqm9Kxd6sF8qb7ywhu3fvLaj9LypXzHvDQ/MVWenpz91mrgI8lH9S4QmrtBWM73Z2f/8qumyUcalX+UrWlr6+udyOstb6z3K62WblPvFtxcXBjJapqvvDT/0x8Wmmc9FKcjnhyIGFhb0/ezW5uaTq9/PtdKPk9+kRyL38a1fPtnz0aylGSb6Hi+/vfduLm4MPTqa4vXV3J65+abTQWciP6IuL72KOuQU39+Pmkp3+sKPVmtxTwouzvZobxNNZU4vPq8rlmHB/Ndpm9b65C2X4dch+e9kdHo+oyWsoPk1z9+OM5tuqWPtijxXIcaW0o+T/6VXI5/xs+b+v8oZNv/bLQ8OlsUkUc27SnN89YcXoWzq2s+0jzj5fVltj0q2QPvxffimyvbv9B0/m9sqzbHzcr56IWmiTs/HzXVuOG4aOh0XGys8Q/HN7Qoq/LD6OS6Fqlx9mm3TCPPk/WoNnl+OZ6N6D61rTPKsx3OKJ2W3+nx/7tkIP4Tt/X/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHH5JRFer6YWIsxFxIiKOZ+NpxNL6mNs7qK/Ql+wkzV2zk5zvPknbFU3uxJ14M47td0YAAAAAAAAA7I1L5c8++PD97JZ/Ht8VXys05qQR3RFxIvlNT6k8W5vuUFBPxLXlj/R7t5fDtezugdXxT7KxRzssdLCXDwDAXe1/AQAA///rmG2Q") (async, rerun: 32)
r3 = socket(0x8, 0x3, 0x0)
ioctl$SIOCPNGETOBJECT(r3, 0x400261f2, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="010b000d00000000000007"], 0x14}}, 0x0) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADD(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0) (async)
prctl$PR_SET_PTRACER(0x59616d61, r1)
setns(r2, 0x24020000)
r6 = syz_clone(0x30288000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x4, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

[  146.052034][ T5326] Bluetooth: hci0: command tx timeout
[  146.113938][ T4674] ------------[ cut here ]------------
[  146.116523][ T4674] WARNING: CPU: 0 PID: 4674 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290
[  146.120937][ T4674] Modules linked in:
[  146.123025][ T4674] CPU: 0 UID: 0 PID: 4674 Comm: kworker/u5:1 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  146.128045][ T4674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  146.132623][ T4674] Workqueue: hci0 hci_conn_timeout
[  146.134924][ T4674] RIP: 0010:hci_conn_timeout+0xff/0x290
[  146.137311][ T4674] Code: 48 89 df e8 73 fc 08 00 eb 07 e8 8c a1 5a f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 c7 cb fe ff e8 72 a1 5a f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[  146.145400][ T4674] RSP: 0018:ffffc9000ed27a50 EFLAGS: 00010293
[  146.148116][ T4674] RAX: ffffffff8a65bade RBX: ffff888043ea8000 RCX: ffff888000e88000
[  146.152164][ T4674] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000
[  146.155694][ T4674] RBP: 00000000fffffffe R08: ffff888043ea8013 R09: 1ffff110087d5002
[  146.159110][ T4674] R10: dffffc0000000000 R11: ffffed10087d5003 R12: dffffc0000000000
[  146.162856][ T4674] R13: ffff888000b21018 R14: ffff888043ea8948 R15: ffff888043ea8010
[  146.166221][ T4674] FS:  0000000000000000(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000
[  146.169757][ T4674] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  146.172607][ T4674] CR2: 00007fe0e9db3d58 CR3: 0000000043240000 CR4: 0000000000352ef0
[  146.175732][ T4674] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  146.178718][ T4674] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  146.182228][ T4674] Call Trace:
[  146.183731][ T4674]  <TASK>
[  146.185038][ T4674]  ? process_scheduled_works+0x9ef/0x17b0
[  146.187437][ T4674]  process_scheduled_works+0xae1/0x17b0
[  146.189732][ T4674]  ? __pfx_process_scheduled_works+0x10/0x10
[  146.192238][ T4674]  worker_thread+0x8a0/0xda0
[  146.194331][ T4674]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  146.197302][ T4674]  ? __kthread_parkme+0x7b/0x200
[  146.200999][ T4674]  kthread+0x70e/0x8a0
[  146.202761][ T4674]  ? __pfx_worker_thread+0x10/0x10
[  146.204959][ T4674]  ? __pfx_kthread+0x10/0x10
[  146.206837][ T4674]  ? _raw_spin_unlock_irq+0x23/0x50
[  146.208856][ T4674]  ? lockdep_hardirqs_on+0x9c/0x150
[  146.210890][ T4674]  ? __pfx_kthread+0x10/0x10
[  146.213069][ T4674]  ret_from_fork+0x3f9/0x770
[  146.214933][ T4674]  ? __pfx_ret_from_fork+0x10/0x10
[  146.217011][ T4674]  ? __pfx_kthread+0x10/0x10
[  146.218821][ T4674]  ret_from_fork_asm+0x1a/0x30
[  146.220982][ T4674]  </TASK>
[  146.222672][ T4674] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  146.225720][ T4674] CPU: 0 UID: 0 PID: 4674 Comm: kworker/u5:1 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  146.230797][ T4674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  146.235738][ T4674] Workqueue: hci0 hci_conn_timeout
[  146.237830][ T4674] Call Trace:
[  146.239196][ T4674]  <TASK>
[  146.240469][ T4674]  dump_stack_lvl+0x99/0x250
[  146.242449][ T4674]  ? __asan_memcpy+0x40/0x70
[  146.244336][ T4674]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.246534][ T4674]  ? __pfx__printk+0x10/0x10
[  146.248456][ T4674]  panic+0x2db/0x790
[  146.250220][ T4674]  ? __pfx_panic+0x10/0x10
[  146.252056][ T4674]  ? ret_from_fork_asm+0x1a/0x30
[  146.254087][ T4674]  __warn+0x31b/0x4b0
[  146.255744][ T4674]  ? hci_conn_timeout+0xff/0x290
[  146.257829][ T4674]  ? hci_conn_timeout+0xff/0x290
[  146.259889][ T4674]  report_bug+0x2be/0x4f0
[  146.261649][ T4674]  ? hci_conn_timeout+0xff/0x290
[  146.263625][ T4674]  ? hci_conn_timeout+0xff/0x290
[  146.265830][ T4674]  ? hci_conn_timeout+0x101/0x290
[  146.267890][ T4674]  handle_bug+0x84/0x160
[  146.269705][ T4674]  exc_invalid_op+0x1a/0x50
[  146.271622][ T4674]  asm_exc_invalid_op+0x1a/0x20
[  146.273635][ T4674] RIP: 0010:hci_conn_timeout+0xff/0x290
[  146.275895][ T4674] Code: 48 89 df e8 73 fc 08 00 eb 07 e8 8c a1 5a f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 c7 cb fe ff e8 72 a1 5a f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[  146.283616][ T4674] RSP: 0018:ffffc9000ed27a50 EFLAGS: 00010293
[  146.286008][ T4674] RAX: ffffffff8a65bade RBX: ffff888043ea8000 RCX: ffff888000e88000
[  146.289256][ T4674] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000
[  146.292776][ T4674] RBP: 00000000fffffffe R08: ffff888043ea8013 R09: 1ffff110087d5002
[  146.296058][ T4674] R10: dffffc0000000000 R11: ffffed10087d5003 R12: dffffc0000000000
[  146.299341][ T4674] R13: ffff888000b21018 R14: ffff888043ea8948 R15: ffff888043ea8010
[  146.302516][ T4674]  ? hci_conn_timeout+0xfe/0x290
[  146.304534][ T4674]  ? process_scheduled_works+0x9ef/0x17b0
[  146.306867][ T4674]  process_scheduled_works+0xae1/0x17b0
[  146.309186][ T4674]  ? __pfx_process_scheduled_works+0x10/0x10
[  146.311775][ T4674]  worker_thread+0x8a0/0xda0
[  146.313760][ T4674]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  146.316551][ T4674]  ? __kthread_parkme+0x7b/0x200
[  146.318343][ T4674]  kthread+0x70e/0x8a0
[  146.320203][ T4674]  ? __pfx_worker_thread+0x10/0x10
[  146.322426][ T4674]  ? __pfx_kthread+0x10/0x10
[  146.324288][ T4674]  ? _raw_spin_unlock_irq+0x23/0x50
[  146.326429][ T4674]  ? lockdep_hardirqs_on+0x9c/0x150
[  146.328669][ T4674]  ? __pfx_kthread+0x10/0x10
[  146.330592][ T4674]  ret_from_fork+0x3f9/0x770
[  146.332574][ T4674]  ? __pfx_ret_from_fork+0x10/0x10
[  146.334777][ T4674]  ? __pfx_kthread+0x10/0x10
[  146.336721][ T4674]  ret_from_fork_asm+0x1a/0x30
[  146.338849][ T4674]  </TASK>
[  146.340527][ T4674] Kernel Offset: disabled
[  146.342433][ T4674] Rebooting in 86400 seconds..