program:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0xa4}, [@ldst={0x7, 0x3, 0x0, 0x1c10a1}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async)
connect$bt_sco(r0, &(0x7f0000000100), 0x8) (async)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a)

[   84.661549][ T5309] Bluetooth: hci0: command tx timeout
[   84.813449][ T4678] ------------[ cut here ]------------
[   84.816405][ T4678] WARNING: CPU: 0 PID: 4678 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290
[   84.821722][ T4678] Modules linked in:
[   84.823854][ T4678] CPU: 0 UID: 0 PID: 4678 Comm: kworker/u5:1 Not tainted 6.15.0-syzkaller-13804-g939f15e640f1 #0 PREEMPT(full) 
[   84.831774][ T4678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.836648][ T4678] Workqueue: hci0 hci_conn_timeout
[   84.839036][ T4678] RIP: 0010:hci_conn_timeout+0xff/0x290
[   84.842193][ T4678] Code: 48 89 df e8 b3 fc 08 00 eb 07 e8 9c f7 5a f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 cf fe ff e8 82 f7 5a f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   84.851964][ T4678] RSP: 0018:ffffc90002a47a50 EFLAGS: 00010293
[   84.854652][ T4678] RAX: ffffffff8a65676e RBX: ffff888033230000 RCX: ffff888000588000
[   84.858365][ T4678] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   84.862870][ T4678] RBP: 00000000ffffffff R08: ffff888033230013 R09: 1ffff11006646002
[   84.866512][ T4678] R10: dffffc0000000000 R11: ffffed1006646003 R12: dffffc0000000000
[   84.870245][ T4678] R13: ffff88801e794f18 R14: ffff888033230948 R15: ffff888033230010
[   84.873570][ T4678] FS:  0000000000000000(0000) GS:ffff88808d252000(0000) knlGS:0000000000000000
[   84.877840][ T4678] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.881545][ T4678] CR2: 00007f66fc325fc8 CR3: 0000000042bde000 CR4: 0000000000352ef0
[   84.884974][ T4678] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   84.888415][ T4678] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   84.892211][ T4678] Call Trace:
[   84.893678][ T4678]  <TASK>
[   84.894946][ T4678]  ? process_scheduled_works+0x9ef/0x17b0
[   84.897494][ T4678]  process_scheduled_works+0xae1/0x17b0
[   84.900194][ T4678]  ? __pfx_process_scheduled_works+0x10/0x10
[   84.903348][ T4678]  worker_thread+0x8a0/0xda0
[   84.905765][ T4678]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   84.908522][ T4678]  ? __kthread_parkme+0x7b/0x200
[   84.910956][ T4678]  kthread+0x70e/0x8a0
[   84.912881][ T4678]  ? __pfx_worker_thread+0x10/0x10
[   84.915067][ T4678]  ? __pfx_kthread+0x10/0x10
[   84.917835][ T4678]  ? _raw_spin_unlock_irq+0x23/0x50
[   84.920693][ T4678]  ? lockdep_hardirqs_on+0x9c/0x150
[   84.922962][ T4678]  ? __pfx_kthread+0x10/0x10
[   84.925031][ T4678]  ret_from_fork+0x3fc/0x770
[   84.927247][ T4678]  ? __pfx_ret_from_fork+0x10/0x10
[   84.930090][ T4678]  ? __pfx_kthread+0x10/0x10
[   84.932483][ T4678]  ret_from_fork_asm+0x1a/0x30
[   84.934893][ T4678]  </TASK>
[   84.936215][ T4678] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   84.939474][ T4678] CPU: 0 UID: 0 PID: 4678 Comm: kworker/u5:1 Not tainted 6.15.0-syzkaller-13804-g939f15e640f1 #0 PREEMPT(full) 
[   84.944674][ T4678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.950668][ T4678] Workqueue: hci0 hci_conn_timeout
[   84.953386][ T4678] Call Trace:
[   84.954841][ T4678]  <TASK>
[   84.956117][ T4678]  dump_stack_lvl+0x99/0x250
[   84.958133][ T4678]  ? __asan_memcpy+0x40/0x70
[   84.960199][ T4678]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.962533][ T4678]  ? __pfx__printk+0x10/0x10
[   84.965284][ T4678]  panic+0x2db/0x790
[   84.967541][ T4678]  ? __pfx_panic+0x10/0x10
[   84.969784][ T4678]  ? ret_from_fork_asm+0x1a/0x30
[   84.971900][ T4678]  __warn+0x31b/0x4b0
[   84.973797][ T4678]  ? hci_conn_timeout+0xff/0x290
[   84.976328][ T4678]  ? hci_conn_timeout+0xff/0x290
[   84.978635][ T4678]  report_bug+0x2be/0x4f0
[   84.980599][ T4678]  ? hci_conn_timeout+0xff/0x290
[   84.983116][ T4678]  ? hci_conn_timeout+0xff/0x290
[   84.985937][ T4678]  ? hci_conn_timeout+0x101/0x290
[   84.988553][ T4678]  handle_bug+0x84/0x160
[   84.990644][ T4678]  exc_invalid_op+0x1a/0x50
[   84.992755][ T4678]  asm_exc_invalid_op+0x1a/0x20
[   84.995062][ T4678] RIP: 0010:hci_conn_timeout+0xff/0x290
[   84.997889][ T4678] Code: 48 89 df e8 b3 fc 08 00 eb 07 e8 9c f7 5a f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 cf fe ff e8 82 f7 5a f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   85.007187][ T4678] RSP: 0018:ffffc90002a47a50 EFLAGS: 00010293
[   85.010092][ T4678] RAX: ffffffff8a65676e RBX: ffff888033230000 RCX: ffff888000588000
[   85.014328][ T4678] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   85.018005][ T4678] RBP: 00000000ffffffff R08: ffff888033230013 R09: 1ffff11006646002
[   85.021577][ T4678] R10: dffffc0000000000 R11: ffffed1006646003 R12: dffffc0000000000
[   85.025756][ T4678] R13: ffff88801e794f18 R14: ffff888033230948 R15: ffff888033230010
[   85.029526][ T4678]  ? hci_conn_timeout+0xfe/0x290
[   85.031698][ T4678]  ? process_scheduled_works+0x9ef/0x17b0
[   85.034195][ T4678]  process_scheduled_works+0xae1/0x17b0
[   85.036806][ T4678]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.040080][ T4678]  worker_thread+0x8a0/0xda0
[   85.042451][ T4678]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   85.045284][ T4678]  ? __kthread_parkme+0x7b/0x200
[   85.047542][ T4678]  kthread+0x70e/0x8a0
[   85.049823][ T4678]  ? __pfx_worker_thread+0x10/0x10
[   85.052481][ T4678]  ? __pfx_kthread+0x10/0x10
[   85.054761][ T4678]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.057124][ T4678]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.059507][ T4678]  ? __pfx_kthread+0x10/0x10
[   85.061562][ T4678]  ret_from_fork+0x3fc/0x770
[   85.063600][ T4678]  ? __pfx_ret_from_fork+0x10/0x10
[   85.066190][ T4678]  ? __pfx_kthread+0x10/0x10
[   85.068821][ T4678]  ret_from_fork_asm+0x1a/0x30
[   85.071248][ T4678]  </TASK>
[   85.073012][ T4678] Kernel Offset: disabled
[   85.074879][ T4678] Rebooting in 86400 seconds..