program:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r0, &(0x7f0000000100), 0x8)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000000)=0xb6, &(0x7f0000000040)=0x2)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async)
connect$bt_sco(r0, &(0x7f0000000100), 0x8) (async)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000000)=0xb6, &(0x7f0000000040)=0x2) (async)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) (async)
[ 85.437580][ T5341] Bluetooth: hci0: command tx timeout
[ 85.455551][ T4703] ------------[ cut here ]------------
[ 85.457919][ T4703] WARNING: CPU: 0 PID: 4703 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xff/0x290
[ 85.461904][ T4703] Modules linked in:
[ 85.476128][ T4703] CPU: 0 UID: 0 PID: 4703 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 85.480083][ T4703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.484655][ T4703] Workqueue: hci0 hci_conn_timeout
[ 85.486867][ T4703] RIP: 0010:hci_conn_timeout+0xff/0x290
[ 85.489136][ T4703] Code: 48 89 df e8 e3 1e 09 00 eb 07 e8 5c a6 45 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 87 c4 fe ff e8 42 a6 45 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[ 85.497300][ T4703] RSP: 0018:ffffc900021efa50 EFLAGS: 00010293
[ 85.499978][ T4703] RAX: ffffffff8a7a245e RBX: ffff888033f24000 RCX: ffff88801cb84880
[ 85.503591][ T4703] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000
[ 85.507131][ T4703] RBP: 00000000fffffffe R08: ffff888033f24013 R09: 1ffff110067e4802
[ 85.510339][ T4703] R10: dffffc0000000000 R11: ffffed10067e4803 R12: dffffc0000000000
[ 85.513780][ T4703] R13: ffff88801ef48918 R14: ffff888033f24948 R15: ffff888033f24010
[ 85.517178][ T4703] FS: 0000000000000000(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000
[ 85.521013][ T4703] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.524091][ T4703] CR2: 00007fca29c8afc8 CR3: 0000000042c94000 CR4: 0000000000352ef0
[ 85.527611][ T4703] Call Trace:
[ 85.528852][ T4703]
[ 85.529891][ T4703] ? process_scheduled_works+0x9ef/0x17b0
[ 85.532235][ T4703] process_scheduled_works+0xade/0x17b0
[ 85.534833][ T4703] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.537427][ T4703] worker_thread+0x8a0/0xda0
[ 85.539377][ T4703] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 85.542041][ T4703] ? __kthread_parkme+0x7b/0x200
[ 85.544232][ T4703] kthread+0x711/0x8a0
[ 85.546265][ T4703] ? __pfx_worker_thread+0x10/0x10
[ 85.548441][ T4703] ? __pfx_kthread+0x10/0x10
[ 85.550401][ T4703] ? _raw_spin_unlock_irq+0x23/0x50
[ 85.552676][ T4703] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.555090][ T4703] ? __pfx_kthread+0x10/0x10
[ 85.557414][ T4703] ret_from_fork+0x439/0x7d0
[ 85.559445][ T4703] ? __pfx_ret_from_fork+0x10/0x10
[ 85.561725][ T4703] ? __pfx_kthread+0x10/0x10
[ 85.563770][ T4703] ret_from_fork_asm+0x1a/0x30
[ 85.566208][ T4703]
[ 85.567586][ T4703] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 85.570698][ T4703] CPU: 0 UID: 0 PID: 4703 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full)
[ 85.574908][ T4703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.579201][ T4703] Workqueue: hci0 hci_conn_timeout
[ 85.581366][ T4703] Call Trace:
[ 85.582721][ T4703]
[ 85.583961][ T4703] dump_stack_lvl+0x99/0x250
[ 85.585941][ T4703] ? __asan_memcpy+0x40/0x70
[ 85.587914][ T4703] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.590163][ T4703] ? __pfx__printk+0x10/0x10
[ 85.592317][ T4703] vpanic+0x281/0x750
[ 85.594237][ T4703] ? __pfx__printk+0x10/0x10
[ 85.596269][ T4703] ? __pfx_vpanic+0x10/0x10
[ 85.598178][ T4703] ? is_bpf_text_address+0x292/0x2b0
[ 85.600514][ T4703] panic+0xb9/0xc0
[ 85.602149][ T4703] ? __pfx_panic+0x10/0x10
[ 85.604233][ T4703] __warn+0x31b/0x4b0
[ 85.605931][ T4703] ? hci_conn_timeout+0xff/0x290
[ 85.608156][ T4703] ? hci_conn_timeout+0xff/0x290
[ 85.610341][ T4703] report_bug+0x2be/0x4f0
[ 85.612180][ T4703] ? hci_conn_timeout+0xff/0x290
[ 85.614289][ T4703] ? hci_conn_timeout+0xff/0x290
[ 85.616867][ T4703] ? hci_conn_timeout+0x101/0x290
[ 85.619549][ T4703] handle_bug+0x84/0x160
[ 85.621707][ T4703] exc_invalid_op+0x1a/0x50
[ 85.623672][ T4703] asm_exc_invalid_op+0x1a/0x20
[ 85.625576][ T4703] RIP: 0010:hci_conn_timeout+0xff/0x290
[ 85.627728][ T4703] Code: 48 89 df e8 e3 1e 09 00 eb 07 e8 5c a6 45 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 87 c4 fe ff e8 42 a6 45 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[ 85.635570][ T4703] RSP: 0018:ffffc900021efa50 EFLAGS: 00010293
[ 85.638118][ T4703] RAX: ffffffff8a7a245e RBX: ffff888033f24000 RCX: ffff88801cb84880
[ 85.641580][ T4703] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000
[ 85.645051][ T4703] RBP: 00000000fffffffe R08: ffff888033f24013 R09: 1ffff110067e4802
[ 85.648488][ T4703] R10: dffffc0000000000 R11: ffffed10067e4803 R12: dffffc0000000000
[ 85.651891][ T4703] R13: ffff88801ef48918 R14: ffff888033f24948 R15: ffff888033f24010
[ 85.655323][ T4703] ? hci_conn_timeout+0xfe/0x290
[ 85.657462][ T4703] ? process_scheduled_works+0x9ef/0x17b0
[ 85.659859][ T4703] process_scheduled_works+0xade/0x17b0
[ 85.662099][ T4703] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.664657][ T4703] worker_thread+0x8a0/0xda0
[ 85.666597][ T4703] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 85.669191][ T4703] ? __kthread_parkme+0x7b/0x200
[ 85.671317][ T4703] kthread+0x711/0x8a0
[ 85.672997][ T4703] ? __pfx_worker_thread+0x10/0x10
[ 85.675083][ T4703] ? __pfx_kthread+0x10/0x10
[ 85.677053][ T4703] ? _raw_spin_unlock_irq+0x23/0x50
[ 85.679293][ T4703] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.681492][ T4703] ? __pfx_kthread+0x10/0x10
[ 85.683457][ T4703] ret_from_fork+0x439/0x7d0
[ 85.685430][ T4703] ? __pfx_ret_from_fork+0x10/0x10
[ 85.687523][ T4703] ? __pfx_kthread+0x10/0x10
[ 85.689452][ T4703] ret_from_fork_asm+0x1a/0x30
[ 85.691520][ T4703]
[ 85.693170][ T4703] Kernel Offset: disabled
[ 85.694974][ T4703] Rebooting in 86400 seconds..