program:
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d4, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
r2 = fsmount(r1, 0x1, 0x7a)
getsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000000), &(0x7f0000000040)=0x4) (async)
r3 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_GET_MR(r3, 0x114, 0x2, &(0x7f00000001c0)={{&(0x7f0000000080)=""/232, 0xe8}, &(0x7f0000000180), 0x40}, 0x20) (async)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r4, &(0x7f0000000100), 0x8) (async)
r5 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r5, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0xcc}, 0x10) (async)
close(r5)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a)
socket$nl_netfilter(0x10, 0x3, 0xc)

[   75.425715][   T47] Bluetooth: hci0: command tx timeout
[   75.519470][ T4665] ------------[ cut here ]------------
[   75.521965][ T4665] WARNING: CPU: 0 PID: 4665 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xff/0x290
[   75.526594][ T4665] Modules linked in:
[   75.528193][ T4665] CPU: 0 UID: 0 PID: 4665 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   75.532206][ T4665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.537121][ T4665] Workqueue: hci0 hci_conn_timeout
[   75.539347][ T4665] RIP: 0010:hci_conn_timeout+0xff/0x290
[   75.541611][ T4665] Code: 48 89 df e8 53 1d 09 00 eb 07 e8 4c a6 74 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 e7 c4 fe ff e8 32 a6 74 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   75.550450][ T4665] RSP: 0018:ffffc900021c7a30 EFLAGS: 00010293
[   75.552999][ T4665] RAX: ffffffff8a4bad5e RBX: ffff888040904000 RCX: ffff88801fad0000
[   75.556799][ T4665] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   75.560110][ T4665] RBP: 00000000ffffffff R08: ffff888040904013 R09: 1ffff11008120802
[   75.563304][ T4665] R10: dffffc0000000000 R11: ffffed1008120803 R12: dffffc0000000000
[   75.566947][ T4665] R13: ffff88801e7d2e18 R14: ffff888040904948 R15: ffff888040904010
[   75.570339][ T4665] FS:  0000000000000000(0000) GS:ffff88808d301000(0000) knlGS:0000000000000000
[   75.573914][ T4665] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.576951][ T4665] CR2: 00007f2c7c41fe9c CR3: 0000000041463000 CR4: 0000000000352ef0
[   75.580666][ T4665] Call Trace:
[   75.582124][ T4665]  <TASK>
[   75.583400][ T4665]  ? process_scheduled_works+0x9ef/0x17b0
[   75.586030][ T4665]  process_scheduled_works+0xae1/0x17b0
[   75.588301][ T4665]  ? __pfx_process_scheduled_works+0x10/0x10
[   75.590890][ T4665]  worker_thread+0x8a0/0xda0
[   75.592848][ T4665]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.595722][ T4665]  ? __kthread_parkme+0x7b/0x200
[   75.597858][ T4665]  kthread+0x711/0x8a0
[   75.599725][ T4665]  ? __pfx_worker_thread+0x10/0x10
[   75.601937][ T4665]  ? __pfx_kthread+0x10/0x10
[   75.603917][ T4665]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.606273][ T4665]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.608496][ T4665]  ? __pfx_kthread+0x10/0x10
[   75.610516][ T4665]  ret_from_fork+0x4bc/0x870
[   75.612531][ T4665]  ? __pfx_ret_from_fork+0x10/0x10
[   75.614780][ T4665]  ? __pfx_kthread+0x10/0x10
[   75.616874][ T4665]  ret_from_fork_asm+0x1a/0x30
[   75.618955][ T4665]  </TASK>
[   75.620337][ T4665] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.623484][ T4665] CPU: 0 UID: 0 PID: 4665 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   75.627385][ T4665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.631873][ T4665] Workqueue: hci0 hci_conn_timeout
[   75.634029][ T4665] Call Trace:
[   75.635535][ T4665]  <TASK>
[   75.636841][ T4665]  dump_stack_lvl+0x99/0x250
[   75.638835][ T4665]  ? __asan_memcpy+0x40/0x70
[   75.640913][ T4665]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.643197][ T4665]  ? __pfx__printk+0x10/0x10
[   75.645244][ T4665]  vpanic+0x237/0x6d0
[   75.646998][ T4665]  ? __pfx_vpanic+0x10/0x10
[   75.648971][ T4665]  panic+0xb9/0xc0
[   75.650662][ T4665]  ? __pfx_panic+0x10/0x10
[   75.652604][ T4665]  __warn+0x31b/0x4b0
[   75.654374][ T4665]  ? hci_conn_timeout+0xff/0x290
[   75.656447][ T4665]  ? hci_conn_timeout+0xff/0x290
[   75.658652][ T4665]  report_bug+0x2be/0x4f0
[   75.660481][ T4665]  ? hci_conn_timeout+0xff/0x290
[   75.662600][ T4665]  ? hci_conn_timeout+0xff/0x290
[   75.664648][ T4665]  ? hci_conn_timeout+0x101/0x290
[   75.666656][ T4665]  handle_bug+0x84/0x160
[   75.668417][ T4665]  exc_invalid_op+0x1a/0x50
[   75.670227][ T4665]  asm_exc_invalid_op+0x1a/0x20
[   75.672157][ T4665] RIP: 0010:hci_conn_timeout+0xff/0x290
[   75.674321][ T4665] Code: 48 89 df e8 53 1d 09 00 eb 07 e8 4c a6 74 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 e7 c4 fe ff e8 32 a6 74 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   75.682103][ T4665] RSP: 0018:ffffc900021c7a30 EFLAGS: 00010293
[   75.684715][ T4665] RAX: ffffffff8a4bad5e RBX: ffff888040904000 RCX: ffff88801fad0000
[   75.688012][ T4665] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   75.691282][ T4665] RBP: 00000000ffffffff R08: ffff888040904013 R09: 1ffff11008120802
[   75.694637][ T4665] R10: dffffc0000000000 R11: ffffed1008120803 R12: dffffc0000000000
[   75.697886][ T4665] R13: ffff88801e7d2e18 R14: ffff888040904948 R15: ffff888040904010
[   75.701139][ T4665]  ? hci_conn_timeout+0xfe/0x290
[   75.703136][ T4665]  ? process_scheduled_works+0x9ef/0x17b0
[   75.705426][ T4665]  process_scheduled_works+0xae1/0x17b0
[   75.707850][ T4665]  ? __pfx_process_scheduled_works+0x10/0x10
[   75.710375][ T4665]  worker_thread+0x8a0/0xda0
[   75.712371][ T4665]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.715076][ T4665]  ? __kthread_parkme+0x7b/0x200
[   75.717184][ T4665]  kthread+0x711/0x8a0
[   75.718936][ T4665]  ? __pfx_worker_thread+0x10/0x10
[   75.721113][ T4665]  ? __pfx_kthread+0x10/0x10
[   75.723151][ T4665]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.725382][ T4665]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.727737][ T4665]  ? __pfx_kthread+0x10/0x10
[   75.729670][ T4665]  ret_from_fork+0x4bc/0x870
[   75.731672][ T4665]  ? __pfx_ret_from_fork+0x10/0x10
[   75.733826][ T4665]  ? __pfx_kthread+0x10/0x10
[   75.735783][ T4665]  ret_from_fork_asm+0x1a/0x30
[   75.737795][ T4665]  </TASK>
[   75.739469][ T4665] Kernel Offset: disabled
[   75.741300][ T4665] Rebooting in 86400 seconds..