program:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet(0x2, 0x2, 0x1) (async)
r1 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r1, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2}, 0x0)
getsockopt$EBT_SO_GET_INFO(r0, 0x84, 0x80, &(0x7f0000000080)={'broute\x00'}, &(0x7f0000000140)=0x78)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0408"], 0x7) (async)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0408"], 0x7)

[   74.290320][ T4663] Bluetooth: hci0: command tx timeout
[   74.373379][ T4663] ------------[ cut here ]------------
[   74.375885][ T4663] WARNING: CPU: 0 PID: 4663 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290
[   74.380140][ T4663] Modules linked in:
[   74.382146][ T4663] CPU: 0 UID: 0 PID: 4663 Comm: kworker/u5:1 Not tainted 6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[   74.387269][ T4663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.392609][ T4663] Workqueue: hci0 hci_conn_timeout
[   74.395109][ T4663] RIP: 0010:hci_conn_timeout+0xff/0x290
[   74.397546][ T4663] Code: 48 89 df e8 a3 fd 08 00 eb 07 e8 ec f2 68 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 77 cf fe ff e8 d2 f2 68 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   74.406836][ T4663] RSP: 0018:ffffc9000fc6faf0 EFLAGS: 00010293
[   74.409676][ T4663] RAX: ffffffff8a56fefe RBX: ffff8880408d0000 RCX: ffff88801e8b0000
[   74.413702][ T4663] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   74.417123][ T4663] RBP: 00000000ffffffff R08: ffff8880408d0013 R09: 1ffff1100811a002
[   74.420726][ T4663] R10: dffffc0000000000 R11: ffffed100811a003 R12: dffffc0000000000
[   74.424157][ T4663] R13: ffff888000622118 R14: ffff8880408d0948 R15: ffff8880408d0010
[   74.427467][ T4663] FS:  0000000000000000(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000
[   74.431375][ T4663] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.434249][ T4663] CR2: 00007f2b073119a0 CR3: 00000000115d2000 CR4: 0000000000352ef0
[   74.437629][ T4663] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   74.441301][ T4663] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   74.444727][ T4663] Call Trace:
[   74.446245][ T4663]  <TASK>
[   74.447551][ T4663]  ? process_scheduled_works+0x9ec/0x17a0
[   74.450042][ T4663]  process_scheduled_works+0xadb/0x17a0
[   74.452473][ T4663]  ? __pfx_process_scheduled_works+0x10/0x10
[   74.455249][ T4663]  worker_thread+0x8a0/0xda0
[   74.457320][ T4663]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   74.460225][ T4663]  ? __kthread_parkme+0x7b/0x200
[   74.462361][ T4663]  kthread+0x70e/0x8a0
[   74.464203][ T4663]  ? __pfx_worker_thread+0x10/0x10
[   74.466368][ T4663]  ? __pfx_kthread+0x10/0x10
[   74.468378][ T4663]  ? __pfx_kthread+0x10/0x10
[   74.470579][ T4663]  ? _raw_spin_unlock_irq+0x23/0x50
[   74.472900][ T4663]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.475240][ T4663]  ? __pfx_kthread+0x10/0x10
[   74.477247][ T4663]  ret_from_fork+0x4b/0x80
[   74.479144][ T4663]  ? __pfx_kthread+0x10/0x10
[   74.481207][ T4663]  ret_from_fork_asm+0x1a/0x30
[   74.483382][ T4663]  </TASK>
[   74.484728][ T4663] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   74.487891][ T4663] CPU: 0 UID: 0 PID: 4663 Comm: kworker/u5:1 Not tainted 6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[   74.493062][ T4663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.497455][ T4663] Workqueue: hci0 hci_conn_timeout
[   74.499651][ T4663] Call Trace:
[   74.501142][ T4663]  <TASK>
[   74.502412][ T4663]  dump_stack_lvl+0x99/0x250
[   74.504405][ T4663]  ? __asan_memcpy+0x40/0x70
[   74.506447][ T4663]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.508721][ T4663]  ? __pfx__printk+0x10/0x10
[   74.510750][ T4663]  panic+0x2db/0x790
[   74.512468][ T4663]  ? __pfx_panic+0x10/0x10
[   74.514413][ T4663]  ? ret_from_fork_asm+0x1a/0x30
[   74.516539][ T4663]  __warn+0x31b/0x4b0
[   74.518279][ T4663]  ? hci_conn_timeout+0xff/0x290
[   74.520392][ T4663]  ? hci_conn_timeout+0xff/0x290
[   74.522533][ T4663]  report_bug+0x2be/0x4f0
[   74.524459][ T4663]  ? hci_conn_timeout+0xff/0x290
[   74.526423][ T4663]  ? hci_conn_timeout+0xff/0x290
[   74.528383][ T4663]  ? hci_conn_timeout+0x101/0x290
[   74.530382][ T4663]  handle_bug+0x84/0x160
[   74.532061][ T4663]  exc_invalid_op+0x1a/0x50
[   74.533867][ T4663]  asm_exc_invalid_op+0x1a/0x20
[   74.535757][ T4663] RIP: 0010:hci_conn_timeout+0xff/0x290
[   74.537976][ T4663] Code: 48 89 df e8 a3 fd 08 00 eb 07 e8 ec f2 68 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 77 cf fe ff e8 d2 f2 68 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   74.546064][ T4663] RSP: 0018:ffffc9000fc6faf0 EFLAGS: 00010293
[   74.548739][ T4663] RAX: ffffffff8a56fefe RBX: ffff8880408d0000 RCX: ffff88801e8b0000
[   74.551906][ T4663] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   74.554883][ T4663] RBP: 00000000ffffffff R08: ffff8880408d0013 R09: 1ffff1100811a002
[   74.558131][ T4663] R10: dffffc0000000000 R11: ffffed100811a003 R12: dffffc0000000000
[   74.561406][ T4663] R13: ffff888000622118 R14: ffff8880408d0948 R15: ffff8880408d0010
[   74.564622][ T4663]  ? hci_conn_timeout+0xfe/0x290
[   74.566883][ T4663]  ? process_scheduled_works+0x9ec/0x17a0
[   74.569349][ T4663]  process_scheduled_works+0xadb/0x17a0
[   74.571693][ T4663]  ? __pfx_process_scheduled_works+0x10/0x10
[   74.574184][ T4663]  worker_thread+0x8a0/0xda0
[   74.576092][ T4663]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   74.578638][ T4663]  ? __kthread_parkme+0x7b/0x200
[   74.580662][ T4663]  kthread+0x70e/0x8a0
[   74.582088][ T4663]  ? __pfx_worker_thread+0x10/0x10
[   74.584405][ T4663]  ? __pfx_kthread+0x10/0x10
[   74.586712][ T4663]  ? __pfx_kthread+0x10/0x10
[   74.588638][ T4663]  ? _raw_spin_unlock_irq+0x23/0x50
[   74.590886][ T4663]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.593285][ T4663]  ? __pfx_kthread+0x10/0x10
[   74.595368][ T4663]  ret_from_fork+0x4b/0x80
[   74.597238][ T4663]  ? __pfx_kthread+0x10/0x10
[   74.599336][ T4663]  ret_from_fork_asm+0x1a/0x30
[   74.601418][ T4663]  </TASK>
[   74.603092][ T4663] Kernel Offset: disabled
[   74.604891][ T4663] Rebooting in 86400 seconds..