program:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x40}}, 0x0) (async)
syz_socket_connect_nvme_tcp() (async)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r0, &(0x7f0000000100), 0x8) (async)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000100), 0xc, &(0x7f0000000480)={0x0, 0x74}, 0x1, 0x0, 0x0, 0xc809}, 0x4) (async)
r1 = socket(0x10, 0x3, 0x0)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x4}, 0x50) (async)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="03e8ff0004000000040000000a00000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xf000000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000300000000000000c29c18120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0xfffffffffffffef1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000280), &(0x7f00000002c0)=r6}, 0x20) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000200)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xd50, 0x0, &(0x7f0000000000)="43227504000000b32415f73227b2", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000680)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x8, &(0x7f00000005c0)=ANY=[@ANYBLOB="180800000000000000000000000000008510000003000000180000000000000000000000000000009500000000000000ddaa000000"], 0x0}, 0x90) (async)
r8 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r8, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) (async)
listen(r8, 0x8) (async)
r9 = accept4(r8, 0x0, 0x0, 0x0)
sendto$inet(r9, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) (async)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r9, 0x84, 0x22, &(0x7f0000000500)={0x6, 0x200, 0x6, 0x691}, 0x10) (async)
sendto$inet6(r9, &(0x7f0000000400)='x', 0x1, 0x10, 0x0, 0x0) (async)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r9, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r9, 0x84, 0x7c, &(0x7f0000001400)={0x0, 0x0, 0x7a}, 0x8)

[   86.182624][ T5337] Bluetooth: hci0: command tx timeout
[   86.383570][ T5337] ------------[ cut here ]------------
[   86.387488][ T5337] WARNING: CPU: 0 PID: 5337 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290
[   86.392112][ T5337] Modules linked in:
[   86.395710][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: kworker/u5:2 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[   86.406048][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.415542][ T5337] Workqueue: hci0 hci_conn_timeout
[   86.417879][ T5337] RIP: 0010:hci_conn_timeout+0xff/0x290
[   86.420458][ T5337] Code: 48 89 df e8 23 05 09 00 eb 07 e8 5c 5e 47 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 ca fe ff e8 42 5e 47 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   86.445770][ T5337] RSP: 0018:ffffc9000d0c7a50 EFLAGS: 00010293
[   86.448353][ T5337] RAX: ffffffff8a785d1e RBX: ffff888033620000 RCX: ffff88801c618000
[   86.461517][ T5337] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   86.465471][ T5337] RBP: 00000000ffffffff R08: ffff888033620013 R09: 1ffff110066c4002
[   86.470590][ T5337] R10: dffffc0000000000 R11: ffffed10066c4003 R12: dffffc0000000000
[   86.481450][ T5337] R13: ffff888011899018 R14: ffff888033620948 R15: ffff888033620010
[   86.489541][ T5337] FS:  0000000000000000(0000) GS:ffff88808d218000(0000) knlGS:0000000000000000
[   86.493326][ T5337] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.501025][ T5337] CR2: 00005620100b42b8 CR3: 0000000043234000 CR4: 0000000000352ef0
[   86.509036][ T5337] Call Trace:
[   86.510808][ T5337]  <TASK>
[   86.512145][ T5337]  ? process_scheduled_works+0x9ef/0x17b0
[   86.515519][ T5337]  process_scheduled_works+0xade/0x17b0
[   86.520118][ T5337]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.527463][ T5337]  worker_thread+0x8a0/0xda0
[   86.531125][ T5337]  ? __kthread_parkme+0x7b/0x200
[   86.533717][ T5337]  kthread+0x70e/0x8a0
[   86.539101][ T5337]  ? __pfx_worker_thread+0x10/0x10
[   86.541864][ T5337]  ? __pfx_kthread+0x10/0x10
[   86.544139][ T5337]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.546764][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.559592][ T5337]  ? __pfx_kthread+0x10/0x10
[   86.568006][ T5337]  ret_from_fork+0x3fc/0x770
[   86.570083][ T5337]  ? __pfx_ret_from_fork+0x10/0x10
[   86.572648][ T5337]  ? __pfx_kthread+0x10/0x10
[   86.577342][ T5337]  ret_from_fork_asm+0x1a/0x30
[   86.580508][ T5337]  </TASK>
[   86.589897][ T5337] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.593715][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: kworker/u5:2 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[   86.611217][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.620987][ T5337] Workqueue: hci0 hci_conn_timeout
[   86.623359][ T5337] Call Trace:
[   86.629798][ T5337]  <TASK>
[   86.631923][ T5337]  dump_stack_lvl+0x99/0x250
[   86.638373][ T5337]  ? __asan_memcpy+0x40/0x70
[   86.640808][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.643219][ T5337]  ? __pfx__printk+0x10/0x10
[   86.651798][ T5337]  vpanic+0x281/0x750
[   86.653536][ T5337]  ? __pfx__printk+0x10/0x10
[   86.655500][ T5337]  ? __pfx_vpanic+0x10/0x10
[   86.657716][ T5337]  ? is_bpf_text_address+0x292/0x2b0
[   86.662273][ T5337]  panic+0xb9/0xc0
[   86.665977][ T5337]  ? __pfx_panic+0x10/0x10
[   86.667934][ T5337]  __warn+0x31b/0x4b0
[   86.671783][ T5337]  ? hci_conn_timeout+0xff/0x290
[   86.676547][ T5337]  ? hci_conn_timeout+0xff/0x290
[   86.678811][ T5337]  report_bug+0x2be/0x4f0
[   86.680841][ T5337]  ? hci_conn_timeout+0xff/0x290
[   86.683816][ T5337]  ? hci_conn_timeout+0xff/0x290
[   86.687024][ T5337]  ? hci_conn_timeout+0x101/0x290
[   86.690283][ T5337]  handle_bug+0x84/0x160
[   86.692488][ T5337]  exc_invalid_op+0x1a/0x50
[   86.694601][ T5337]  asm_exc_invalid_op+0x1a/0x20
[   86.697377][ T5337] RIP: 0010:hci_conn_timeout+0xff/0x290
[   86.700882][ T5337] Code: 48 89 df e8 23 05 09 00 eb 07 e8 5c 5e 47 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 ca fe ff e8 42 5e 47 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   86.714941][ T5337] RSP: 0018:ffffc9000d0c7a50 EFLAGS: 00010293
[   86.717514][ T5337] RAX: ffffffff8a785d1e RBX: ffff888033620000 RCX: ffff88801c618000
[   86.721276][ T5337] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   86.726720][ T5337] RBP: 00000000ffffffff R08: ffff888033620013 R09: 1ffff110066c4002
[   86.732447][ T5337] R10: dffffc0000000000 R11: ffffed10066c4003 R12: dffffc0000000000
[   86.737869][ T5337] R13: ffff888011899018 R14: ffff888033620948 R15: ffff888033620010
[   86.741402][ T5337]  ? hci_conn_timeout+0xfe/0x290
[   86.743558][ T5337]  ? process_scheduled_works+0x9ef/0x17b0
[   86.765120][ T5337]  process_scheduled_works+0xade/0x17b0
[   86.767433][ T5337]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.780471][ T5337]  worker_thread+0x8a0/0xda0
[   86.783597][ T5337]  ? __kthread_parkme+0x7b/0x200
[   86.794052][ T5337]  kthread+0x70e/0x8a0
[   86.797111][ T5337]  ? __pfx_worker_thread+0x10/0x10
[   86.801024][ T5337]  ? __pfx_kthread+0x10/0x10
[   86.802986][ T5337]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.820487][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.822715][ T5337]  ? __pfx_kthread+0x10/0x10
[   86.824704][ T5337]  ret_from_fork+0x3fc/0x770
[   86.826729][ T5337]  ? __pfx_ret_from_fork+0x10/0x10
[   86.845490][ T5337]  ? __pfx_kthread+0x10/0x10
[   86.847461][ T5337]  ret_from_fork_asm+0x1a/0x30
[   86.849705][ T5337]  </TASK>
[   86.851568][ T5337] Kernel Offset: disabled
[   86.853569][ T5337] Rebooting in 86400 seconds..