program:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$EBT_SO_GET_INFO(r0, 0x84, 0x80, &(0x7f0000000080)={'broute\x00'}, &(0x7f0000000140)=0x78)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0408"], 0x7) (async)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0408"], 0x7)
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)

[   79.082560][ T4659] Bluetooth: hci0: command tx timeout
[   79.086421][ T1312] ieee802154 phy0 wpan0: encryption failed: -22
[   79.089076][ T1312] ieee802154 phy1 wpan1: encryption failed: -22
[   79.227362][ T4659] ------------[ cut here ]------------
[   79.229757][ T4659] WARNING: CPU: 0 PID: 4659 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290
[   79.233992][ T4659] Modules linked in:
[   79.235751][ T4659] CPU: 0 UID: 0 PID: 4659 Comm: kworker/u5:1 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[   79.240041][ T4659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   79.244789][ T4659] Workqueue: hci0 hci_conn_timeout
[   79.247076][ T4659] RIP: 0010:hci_conn_timeout+0xff/0x290
[   79.249439][ T4659] Code: 48 89 df e8 a3 fd 08 00 eb 07 e8 9c fa 68 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 77 cf fe ff e8 82 fa 68 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   79.257911][ T4659] RSP: 0018:ffffc9000226faf0 EFLAGS: 00010293
[   79.260479][ T4659] RAX: ffffffff8a56f74e RBX: ffff88801f110000 RCX: ffff88801d5f8000
[   79.264116][ T4659] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   79.267515][ T4659] RBP: 00000000ffffffff R08: ffff88801f110013 R09: 1ffff11003e22002
[   79.270877][ T4659] R10: dffffc0000000000 R11: ffffed1003e22003 R12: dffffc0000000000
[   79.274315][ T4659] R13: ffff88801f7a8018 R14: ffff88801f110948 R15: ffff88801f110010
[   79.277556][ T4659] FS:  0000000000000000(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000
[   79.281235][ T4659] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   79.284196][ T4659] CR2: 00007f5a6cb84538 CR3: 0000000035ae3000 CR4: 0000000000352ef0
[   79.287635][ T4659] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   79.290860][ T4659] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   79.294397][ T4659] Call Trace:
[   79.295737][ T4659]  <TASK>
[   79.297025][ T4659]  ? process_scheduled_works+0x9ec/0x17a0
[   79.299419][ T4659]  process_scheduled_works+0xadb/0x17a0
[   79.301723][ T4659]  ? __pfx_process_scheduled_works+0x10/0x10
[   79.304281][ T4659]  worker_thread+0x8a0/0xda0
[   79.306119][ T4659]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   79.308680][ T4659]  ? __kthread_parkme+0x7b/0x200
[   79.310656][ T4659]  kthread+0x70e/0x8a0
[   79.312419][ T4659]  ? __pfx_worker_thread+0x10/0x10
[   79.314488][ T4659]  ? __pfx_kthread+0x10/0x10
[   79.316347][ T4659]  ? __pfx_kthread+0x10/0x10
[   79.318289][ T4659]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.320594][ T4659]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.323001][ T4659]  ? __pfx_kthread+0x10/0x10
[   79.324870][ T4659]  ret_from_fork+0x4b/0x80
[   79.326868][ T4659]  ? __pfx_kthread+0x10/0x10
[   79.328788][ T4659]  ret_from_fork_asm+0x1a/0x30
[   79.330894][ T4659]  </TASK>
[   79.332564][ T4659] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   79.335832][ T4659] CPU: 0 UID: 0 PID: 4659 Comm: kworker/u5:1 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[   79.340118][ T4659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   79.344770][ T4659] Workqueue: hci0 hci_conn_timeout
[   79.347067][ T4659] Call Trace:
[   79.348556][ T4659]  <TASK>
[   79.349848][ T4659]  dump_stack_lvl+0x99/0x250
[   79.351900][ T4659]  ? __asan_memcpy+0x40/0x70
[   79.354023][ T4659]  ? __pfx_dump_stack_lvl+0x10/0x10
[   79.356344][ T4659]  ? __pfx__printk+0x10/0x10
[   79.358352][ T4659]  panic+0x2db/0x790
[   79.360111][ T4659]  ? __pfx_panic+0x10/0x10
[   79.362099][ T4659]  ? ret_from_fork_asm+0x1a/0x30
[   79.364268][ T4659]  __warn+0x31b/0x4b0
[   79.366010][ T4659]  ? hci_conn_timeout+0xff/0x290
[   79.368378][ T4659]  ? hci_conn_timeout+0xff/0x290
[   79.370609][ T4659]  report_bug+0x2be/0x4f0
[   79.372491][ T4659]  ? hci_conn_timeout+0xff/0x290
[   79.374712][ T4659]  ? hci_conn_timeout+0xff/0x290
[   79.376846][ T4659]  ? hci_conn_timeout+0x101/0x290
[   79.379066][ T4659]  handle_bug+0x84/0x160
[   79.380958][ T4659]  exc_invalid_op+0x1a/0x50
[   79.382958][ T4659]  asm_exc_invalid_op+0x1a/0x20
[   79.385080][ T4659] RIP: 0010:hci_conn_timeout+0xff/0x290
[   79.387489][ T4659] Code: 48 89 df e8 a3 fd 08 00 eb 07 e8 9c fa 68 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 77 cf fe ff e8 82 fa 68 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   79.395714][ T4659] RSP: 0018:ffffc9000226faf0 EFLAGS: 00010293
[   79.398298][ T4659] RAX: ffffffff8a56f74e RBX: ffff88801f110000 RCX: ffff88801d5f8000
[   79.401786][ T4659] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   79.406051][ T4659] RBP: 00000000ffffffff R08: ffff88801f110013 R09: 1ffff11003e22002
[   79.409588][ T4659] R10: dffffc0000000000 R11: ffffed1003e22003 R12: dffffc0000000000
[   79.413121][ T4659] R13: ffff88801f7a8018 R14: ffff88801f110948 R15: ffff88801f110010
[   79.416592][ T4659]  ? hci_conn_timeout+0xfe/0x290
[   79.418876][ T4659]  ? process_scheduled_works+0x9ec/0x17a0
[   79.421414][ T4659]  process_scheduled_works+0xadb/0x17a0
[   79.423880][ T4659]  ? __pfx_process_scheduled_works+0x10/0x10
[   79.426588][ T4659]  worker_thread+0x8a0/0xda0
[   79.428683][ T4659]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   79.431590][ T4659]  ? __kthread_parkme+0x7b/0x200
[   79.433369][ T4659]  kthread+0x70e/0x8a0
[   79.435261][ T4659]  ? __pfx_worker_thread+0x10/0x10
[   79.437505][ T4659]  ? __pfx_kthread+0x10/0x10
[   79.439552][ T4659]  ? __pfx_kthread+0x10/0x10
[   79.441577][ T4659]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.443851][ T4659]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.446134][ T4659]  ? __pfx_kthread+0x10/0x10
[   79.448200][ T4659]  ret_from_fork+0x4b/0x80
[   79.450166][ T4659]  ? __pfx_kthread+0x10/0x10
[   79.452335][ T4659]  ret_from_fork_asm+0x1a/0x30
[   79.454655][ T4659]  </TASK>
[   79.456341][ T4659] Kernel Offset: disabled
[   79.458171][ T4659] Rebooting in 86400 seconds..