program:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r0, &(0x7f0000000100), 0x8) (async)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x6b, &(0x7f0000000200)=[@in6={0xa, 0x0, 0x0, @loopback}, @in={0x2, 0x0, @broadcast}, @in={0x2, 0x0, @multicast2}, @in={0x2, 0x0, @broadcast}, @in={0x2, 0x0, @multicast1}, @in6={0xa, 0x0, 0x0, @mcast1}, @in={0x2, 0x0, @empty}, @in={0x2, 0x0, @dev}], 0x1d) (async)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) (async, rerun: 32)
ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000000)) (rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) (async)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) (async, rerun: 64)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) (async, rerun: 64)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49, 0x0, &(0x7f00000001c0)="008dc69f2b4e39486c71847792f1e666879b2ef38a8521ab5fd87780684325046591dcd61aca5531958c0538561f246ea4cda99f437e364d6cfd72c14501cb63ead1acb01c9b37a1e7", 0x0}, 0x50)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

[   85.351534][ T5335] Bluetooth: hci0: command tx timeout
[   85.423094][ T4700] ------------[ cut here ]------------
[   85.425385][ T4700] WARNING: CPU: 0 PID: 4700 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290
[   85.430031][ T4700] Modules linked in:
[   85.431854][ T4700] CPU: 0 UID: 0 PID: 4700 Comm: kworker/u5:1 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
[   85.436883][ T4700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.441942][ T4700] Workqueue: hci0 hci_conn_timeout
[   85.444257][ T4700] RIP: 0010:hci_conn_timeout+0xff/0x290
[   85.446658][ T4700] Code: 48 89 df e8 23 05 09 00 eb 07 e8 ac a8 48 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 ca fe ff e8 92 a8 48 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   85.455818][ T4700] RSP: 0018:ffffc9000fa4fa50 EFLAGS: 00010293
[   85.458901][ T4700] RAX: ffffffff8a77060e RBX: ffff8880367dc000 RCX: ffff88801c792440
[   85.462215][ T4700] RDX: 0000000000000000 RSI: 00000000ffffffdf RDI: 0000000000000000
[   85.465507][ T4700] RBP: 00000000ffffffdf R08: ffff8880367dc013 R09: 1ffff11006cfb802
[   85.468892][ T4700] R10: dffffc0000000000 R11: ffffed1006cfb803 R12: dffffc0000000000
[   85.472421][ T4700] R13: ffff88801ebe9c18 R14: ffff8880367dc948 R15: ffff8880367dc010
[   85.475811][ T4700] FS:  0000000000000000(0000) GS:ffff88808d21f000(0000) knlGS:0000000000000000
[   85.479834][ T4700] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.482637][ T4700] CR2: 00007f90cdc4bfc8 CR3: 0000000043290000 CR4: 0000000000352ef0
[   85.486022][ T4700] Call Trace:
[   85.487597][ T4700]  <TASK>
[   85.488991][ T4700]  ? process_scheduled_works+0x9ef/0x17b0
[   85.491560][ T4700]  process_scheduled_works+0xade/0x17b0
[   85.493938][ T4700]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.496387][ T4700]  worker_thread+0x8a0/0xda0
[   85.498514][ T4700]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   85.501321][ T4700]  ? __kthread_parkme+0x7b/0x200
[   85.503448][ T4700]  kthread+0x711/0x8a0
[   85.505244][ T4700]  ? __pfx_worker_thread+0x10/0x10
[   85.507589][ T4700]  ? __pfx_kthread+0x10/0x10
[   85.509770][ T4700]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.512165][ T4700]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.514257][ T4700]  ? __pfx_kthread+0x10/0x10
[   85.516107][ T4700]  ret_from_fork+0x3f9/0x770
[   85.518097][ T4700]  ? __pfx_ret_from_fork+0x10/0x10
[   85.520139][ T4700]  ? __pfx_kthread+0x10/0x10
[   85.522025][ T4700]  ret_from_fork_asm+0x1a/0x30
[   85.524068][ T4700]  </TASK>
[   85.525436][ T4700] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.528609][ T4700] CPU: 0 UID: 0 PID: 4700 Comm: kworker/u5:1 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
[   85.534020][ T4700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.538659][ T4700] Workqueue: hci0 hci_conn_timeout
[   85.540919][ T4700] Call Trace:
[   85.542435][ T4700]  <TASK>
[   85.543723][ T4700]  dump_stack_lvl+0x99/0x250
[   85.545768][ T4700]  ? __asan_memcpy+0x40/0x70
[   85.547781][ T4700]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.550048][ T4700]  ? __pfx__printk+0x10/0x10
[   85.552025][ T4700]  vpanic+0x27a/0x730
[   85.553810][ T4700]  ? __pfx__printk+0x10/0x10
[   85.555794][ T4700]  ? __pfx_vpanic+0x10/0x10
[   85.557793][ T4700]  ? is_bpf_text_address+0x292/0x2b0
[   85.560158][ T4700]  panic+0xb9/0xc0
[   85.561848][ T4700]  ? __pfx_panic+0x10/0x10
[   85.563899][ T4700]  __warn+0x31b/0x4b0
[   85.565752][ T4700]  ? hci_conn_timeout+0xff/0x290
[   85.568023][ T4700]  ? hci_conn_timeout+0xff/0x290
[   85.570261][ T4700]  report_bug+0x2be/0x4f0
[   85.572199][ T4700]  ? hci_conn_timeout+0xff/0x290
[   85.574374][ T4700]  ? hci_conn_timeout+0xff/0x290
[   85.576712][ T4700]  ? hci_conn_timeout+0x101/0x290
[   85.579028][ T4700]  handle_bug+0x84/0x160
[   85.580991][ T4700]  exc_invalid_op+0x1a/0x50
[   85.582960][ T4700]  asm_exc_invalid_op+0x1a/0x20
[   85.585135][ T4700] RIP: 0010:hci_conn_timeout+0xff/0x290
[   85.587566][ T4700] Code: 48 89 df e8 23 05 09 00 eb 07 e8 ac a8 48 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 37 ca fe ff e8 92 a8 48 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   85.595895][ T4700] RSP: 0018:ffffc9000fa4fa50 EFLAGS: 00010293
[   85.598703][ T4700] RAX: ffffffff8a77060e RBX: ffff8880367dc000 RCX: ffff88801c792440
[   85.602225][ T4700] RDX: 0000000000000000 RSI: 00000000ffffffdf RDI: 0000000000000000
[   85.605712][ T4700] RBP: 00000000ffffffdf R08: ffff8880367dc013 R09: 1ffff11006cfb802
[   85.609202][ T4700] R10: dffffc0000000000 R11: ffffed1006cfb803 R12: dffffc0000000000
[   85.612830][ T4700] R13: ffff88801ebe9c18 R14: ffff8880367dc948 R15: ffff8880367dc010
[   85.616229][ T4700]  ? hci_conn_timeout+0xfe/0x290
[   85.618400][ T4700]  ? process_scheduled_works+0x9ef/0x17b0
[   85.621020][ T4700]  process_scheduled_works+0xade/0x17b0
[   85.623501][ T4700]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.626151][ T4700]  worker_thread+0x8a0/0xda0
[   85.628339][ T4700]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   85.631256][ T4700]  ? __kthread_parkme+0x7b/0x200
[   85.633542][ T4700]  kthread+0x711/0x8a0
[   85.635325][ T4700]  ? __pfx_worker_thread+0x10/0x10
[   85.637598][ T4700]  ? __pfx_kthread+0x10/0x10
[   85.639694][ T4700]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.642020][ T4700]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.644404][ T4700]  ? __pfx_kthread+0x10/0x10
[   85.646489][ T4700]  ret_from_fork+0x3f9/0x770
[   85.648601][ T4700]  ? __pfx_ret_from_fork+0x10/0x10
[   85.650814][ T4700]  ? __pfx_kthread+0x10/0x10
[   85.652905][ T4700]  ret_from_fork_asm+0x1a/0x30
[   85.655100][ T4700]  </TASK>
[   85.656861][ T4700] Kernel Offset: disabled
[   85.658812][ T4700] Rebooting in 86400 seconds..