program:
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r1, &(0x7f0000000100), 0x8) (async)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) (async)
r2 = io_uring_setup(0xdd4, &(0x7f0000000100))
close(r2) (async)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') (async)
socket(0x22, 0x2, 0x21)
close_range(r3, 0xffffffffffffffff, 0x0) (async)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000080)=""/147, 0x93}], 0x1) (async)
ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000000))
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r4, &(0x7f0000002b80)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000002c40)="f0", 0x1}], 0x1}}], 0x1, 0x0) (async)
shutdown(r4, 0x1) (async)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={<r5=>0x0, 0xe6, "66c6c92a9b4e30b52d564e969f81455732f3a884cfe7a93991fbeb09270e3ad259fe26bd8a2ec8e7afcd044d9045214c9ad99fd99a137ff4f1dc395509339aa337497578607e163a97670b6ba65bdeeb45a6426e0d7205577173ed79f1cce434ee1b258b3cfc52c8e72e6b4c1d270a7a7535fe893532378264328b304ae0fd7a6bf523ae22cf7ee0a098f8ce3f9fbb89d4eb01cdf3d228b8a0d9f5f08f35405bc22d95948773a4d1cb79c3194549cfc506d105c8a8c9af82d9d90ea97e9f3184d64042a1515bba35ba875e186cdffd18830ae5e4a1b59528e374b76d355ad1aa1284e119c074"}, &(0x7f0000000380)=0xee)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f00000003c0)={r5, 0x821, 0x3, [0x1000, 0x8000, 0x80]}, 0xe) (async)
bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x6, &(0x7f0000000200)=[{0x3, 0x0, 0x0, 0x7f}, {0x7a, 0x4, 0x5, 0x80}, {0x8001, 0x0, 0x2, 0x6}, {0xd64e, 0x4c, 0x8, 0x8}, {0xfffe, 0x9, 0x2, 0xe}, {0x9, 0x6, 0x0, 0x100}]})
syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async)
socket$unix(0x1, 0x5, 0x0)

[   75.458727][ T5333] Bluetooth: hci0: command tx timeout
[   75.531240][ T5333] ------------[ cut here ]------------
[   75.533907][ T5333] WARNING: CPU: 0 PID: 5333 at net/bluetooth/hci_conn.c:569 hci_conn_timeout+0xff/0x290
[   75.538836][ T5333] Modules linked in:
[   75.540742][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   75.544887][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.549890][ T5333] Workqueue: hci0 hci_conn_timeout
[   75.552267][ T5333] RIP: 0010:hci_conn_timeout+0xff/0x290
[   75.554636][ T5333] Code: 48 89 df e8 e3 0c 09 00 eb 07 e8 3c 74 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 d7 c8 fe ff e8 22 74 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   75.562945][ T5333] RSP: 0018:ffffc9000d1b7a50 EFLAGS: 00010293
[   75.565550][ T5333] RAX: ffffffff8a79471e RBX: ffff888043cb4000 RCX: ffff888000f0c880
[   75.569236][ T5333] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   75.572629][ T5333] RBP: 00000000ffffffff R08: ffff888043cb4013 R09: 1ffff11008796802
[   75.575962][ T5333] R10: dffffc0000000000 R11: ffffed1008796803 R12: dffffc0000000000
[   75.579468][ T5333] R13: ffff88801198b118 R14: ffff888043cb4948 R15: ffff888043cb4010
[   75.582932][ T5333] FS:  0000000000000000(0000) GS:ffff88808d20f000(0000) knlGS:0000000000000000
[   75.586755][ T5333] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.589706][ T5333] CR2: 00007f752683ed58 CR3: 0000000042e95000 CR4: 0000000000352ef0
[   75.593433][ T5333] Call Trace:
[   75.594845][ T5333]  <TASK>
[   75.596157][ T5333]  ? process_scheduled_works+0x9ef/0x17b0
[   75.599285][ T5333]  process_scheduled_works+0xae1/0x17b0
[   75.601724][ T5333]  ? __pfx_process_scheduled_works+0x10/0x10
[   75.604330][ T5333]  worker_thread+0x8a0/0xda0
[   75.606169][ T5333]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.609220][ T5333]  ? __kthread_parkme+0x7b/0x200
[   75.611121][ T5333]  kthread+0x70e/0x8a0
[   75.612787][ T5333]  ? __pfx_worker_thread+0x10/0x10
[   75.614908][ T5333]  ? __pfx_kthread+0x10/0x10
[   75.616810][ T5333]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.619373][ T5333]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.621615][ T5333]  ? __pfx_kthread+0x10/0x10
[   75.623569][ T5333]  ret_from_fork+0x3f9/0x770
[   75.625592][ T5333]  ? __pfx_ret_from_fork+0x10/0x10
[   75.627816][ T5333]  ? __pfx_kthread+0x10/0x10
[   75.629740][ T5333]  ret_from_fork_asm+0x1a/0x30
[   75.631817][ T5333]  </TASK>
[   75.633181][ T5333] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.636142][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   75.640218][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.644631][ T5333] Workqueue: hci0 hci_conn_timeout
[   75.646728][ T5333] Call Trace:
[   75.648065][ T5333]  <TASK>
[   75.649431][ T5333]  dump_stack_lvl+0x99/0x250
[   75.651173][ T5333]  ? __asan_memcpy+0x40/0x70
[   75.653051][ T5333]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.655124][ T5333]  ? __pfx__printk+0x10/0x10
[   75.656962][ T5333]  vpanic+0x281/0x750
[   75.658704][ T5333]  ? __pfx__printk+0x10/0x10
[   75.660590][ T5333]  ? __pfx_vpanic+0x10/0x10
[   75.662833][ T5333]  ? is_bpf_text_address+0x292/0x2b0
[   75.665002][ T5333]  panic+0xb9/0xc0
[   75.666492][ T5333]  ? __pfx_panic+0x10/0x10
[   75.668429][ T5333]  __warn+0x31b/0x4b0
[   75.670217][ T5333]  ? hci_conn_timeout+0xff/0x290
[   75.672372][ T5333]  ? hci_conn_timeout+0xff/0x290
[   75.674426][ T5333]  report_bug+0x2be/0x4f0
[   75.676315][ T5333]  ? hci_conn_timeout+0xff/0x290
[   75.678492][ T5333]  ? hci_conn_timeout+0xff/0x290
[   75.680614][ T5333]  ? hci_conn_timeout+0x101/0x290
[   75.682643][ T5333]  handle_bug+0x84/0x160
[   75.684404][ T5333]  exc_invalid_op+0x1a/0x50
[   75.686399][ T5333]  asm_exc_invalid_op+0x1a/0x20
[   75.688557][ T5333] RIP: 0010:hci_conn_timeout+0xff/0x290
[   75.690913][ T5333] Code: 48 89 df e8 e3 0c 09 00 eb 07 e8 3c 74 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 d7 c8 fe ff e8 22 74 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   75.698892][ T5333] RSP: 0018:ffffc9000d1b7a50 EFLAGS: 00010293
[   75.701470][ T5333] RAX: ffffffff8a79471e RBX: ffff888043cb4000 RCX: ffff888000f0c880
[   75.704689][ T5333] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   75.708117][ T5333] RBP: 00000000ffffffff R08: ffff888043cb4013 R09: 1ffff11008796802
[   75.711519][ T5333] R10: dffffc0000000000 R11: ffffed1008796803 R12: dffffc0000000000
[   75.714987][ T5333] R13: ffff88801198b118 R14: ffff888043cb4948 R15: ffff888043cb4010
[   75.718344][ T5333]  ? hci_conn_timeout+0xfe/0x290
[   75.720461][ T5333]  ? process_scheduled_works+0x9ef/0x17b0
[   75.723005][ T5333]  process_scheduled_works+0xae1/0x17b0
[   75.725354][ T5333]  ? __pfx_process_scheduled_works+0x10/0x10
[   75.728189][ T5333]  worker_thread+0x8a0/0xda0
[   75.730201][ T5333]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.732879][ T5333]  ? __kthread_parkme+0x7b/0x200
[   75.735045][ T5333]  kthread+0x70e/0x8a0
[   75.736855][ T5333]  ? __pfx_worker_thread+0x10/0x10
[   75.739261][ T5333]  ? __pfx_kthread+0x10/0x10
[   75.741342][ T5333]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.743710][ T5333]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.746027][ T5333]  ? __pfx_kthread+0x10/0x10
[   75.747976][ T5333]  ret_from_fork+0x3f9/0x770
[   75.750030][ T5333]  ? __pfx_ret_from_fork+0x10/0x10
[   75.752289][ T5333]  ? __pfx_kthread+0x10/0x10
[   75.754327][ T5333]  ret_from_fork_asm+0x1a/0x30
[   75.756477][ T5333]  </TASK>
[   75.758242][ T5333] Kernel Offset: disabled
[   75.760227][ T5333] Rebooting in 86400 seconds..