program:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1, 0x89, &(0x7f0000000180)="$eJzs0qENAjEABdDPrYFgA3a4UQgSHAqCun1YhRHYAIHFQJoWQT0hubyX/Ca/31T0+rwsMyWrKXl1DsfTbrOvZ5ilIcnYUv5A6fexbou23x7n7Sf/fi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MKQdd+/Lt4BAAD//9+0I9A=") (async)
connect$bt_sco(r0, &(0x7f0000000100), 0x8) (async, rerun: 32)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) (rerun: 32)

[   75.191908][   T46] Bluetooth: hci0: command tx timeout
[   75.264817][ T4677] ------------[ cut here ]------------
[   75.267227][ T4677] WARNING: net/bluetooth/hci_conn.c:567 at hci_conn_timeout+0xff/0x2d0, CPU#0: kworker/u5:1/4677
[   75.275197][ T4677] Modules linked in:
[   75.276956][ T4677] CPU: 0 UID: 0 PID: 4677 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   75.281383][ T4677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.285739][ T4677] Workqueue: hci0 hci_conn_timeout
[   75.288440][ T4677] RIP: 0010:hci_conn_timeout+0xff/0x2d0
[   75.290915][ T4677] Code: 48 89 df e8 13 77 09 00 eb 07 e8 dc 4c 69 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 47 bb fe ff e8 c2 4c 69 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   75.299374][ T4677] RSP: 0018:ffffc9000273fa10 EFLAGS: 00010293
[   75.302143][ T4677] RAX: ffffffff8a5873ce RBX: ffff8880428a8000 RCX: ffff8880006b8000
[   75.305985][ T4677] RDX: 0000000000000000 RSI: 00000000ffffffdf RDI: 0000000000000000
[   75.309576][ T4677] RBP: 00000000ffffffdf R08: ffff8880428a8013 R09: 1ffff11008515002
[   75.313561][ T4677] R10: dffffc0000000000 R11: ffffed1008515003 R12: dffffc0000000000
[   75.317160][ T4677] R13: ffff88801f4bbe18 R14: ffff8880428a8a40 R15: ffff8880428a8010
[   75.320899][ T4677] FS:  0000000000000000(0000) GS:ffff88808d239000(0000) knlGS:0000000000000000
[   75.324812][ T4677] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.327747][ T4677] CR2: 00007f3a6f158fc8 CR3: 000000000b7c7000 CR4: 0000000000352ef0
[   75.331268][ T4677] Call Trace:
[   75.332767][ T4677]  <TASK>
[   75.334145][ T4677]  ? process_scheduled_works+0x9ef/0x1770
[   75.336643][ T4677]  process_scheduled_works+0xad1/0x1770
[   75.339066][ T4677]  ? __pfx_process_scheduled_works+0x10/0x10
[   75.341807][ T4677]  worker_thread+0x8a0/0xda0
[   75.343871][ T4677]  kthread+0x711/0x8a0
[   75.345651][ T4677]  ? __pfx_worker_thread+0x10/0x10
[   75.347904][ T4677]  ? __pfx_kthread+0x10/0x10
[   75.349978][ T4677]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.352339][ T4677]  ? lockdep_hardirqs_on+0x98/0x140
[   75.354676][ T4677]  ? __pfx_kthread+0x10/0x10
[   75.356722][ T4677]  ret_from_fork+0x599/0xb30
[   75.358794][ T4677]  ? __pfx_ret_from_fork+0x10/0x10
[   75.361202][ T4677]  ? __pfx_kthread+0x10/0x10
[   75.363295][ T4677]  ret_from_fork_asm+0x1a/0x30
[   75.365340][ T4677]  </TASK>
[   75.366540][ T4677] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.369484][ T4677] CPU: 0 UID: 0 PID: 4677 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   75.373444][ T4677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.377844][ T4677] Workqueue: hci0 hci_conn_timeout
[   75.380059][ T4677] Call Trace:
[   75.381452][ T4677]  <TASK>
[   75.382782][ T4677]  dump_stack_lvl+0x99/0x250
[   75.384751][ T4677]  ? __asan_memcpy+0x40/0x70
[   75.387590][ T4677]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.389753][ T4677]  ? __pfx__printk+0x10/0x10
[   75.391641][ T4677]  vpanic+0x237/0x6d0
[   75.393282][ T4677]  ? __pfx_vpanic+0x10/0x10
[   75.395180][ T4677]  ? is_bpf_text_address+0x292/0x2b0
[   75.397233][ T4677]  ? is_bpf_text_address+0x26/0x2b0
[   75.399513][ T4677]  panic+0xb9/0xc0
[   75.401075][ T4677]  ? __pfx_panic+0x10/0x10
[   75.402910][ T4677]  ? ret_from_fork_asm+0x1a/0x30
[   75.404932][ T4677]  __warn+0x317/0x4b0
[   75.406593][ T4677]  ? hci_conn_timeout+0xff/0x2d0
[   75.408595][ T4677]  ? hci_conn_timeout+0xff/0x2d0
[   75.410691][ T4677]  __report_bug+0x288/0x500
[   75.412568][ T4677]  ? hci_conn_timeout+0xff/0x2d0
[   75.414455][ T4677]  ? __pfx___report_bug+0x10/0x10
[   75.416523][ T4677]  ? lockdep_unlock+0x89/0x120
[   75.418691][ T4677]  ? __lock_acquire+0x146f/0x2cf0
[   75.420915][ T4677]  ? hci_conn_timeout+0xff/0x2d0
[   75.423052][ T4677]  report_bug+0x16a/0x220
[   75.424885][ T4677]  ? hci_conn_timeout+0xff/0x2d0
[   75.427009][ T4677]  ? hci_conn_timeout+0x101/0x2d0
[   75.429209][ T4677]  handle_bug+0x98/0x200
[   75.431073][ T4677]  exc_invalid_op+0x1a/0x50
[   75.433091][ T4677]  asm_exc_invalid_op+0x1a/0x20
[   75.435126][ T4677] RIP: 0010:hci_conn_timeout+0xff/0x2d0
[   75.437435][ T4677] Code: 48 89 df e8 13 77 09 00 eb 07 e8 dc 4c 69 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 47 bb fe ff e8 c2 4c 69 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   75.445733][ T4677] RSP: 0018:ffffc9000273fa10 EFLAGS: 00010293
[   75.448396][ T4677] RAX: ffffffff8a5873ce RBX: ffff8880428a8000 RCX: ffff8880006b8000
[   75.451974][ T4677] RDX: 0000000000000000 RSI: 00000000ffffffdf RDI: 0000000000000000
[   75.455651][ T4677] RBP: 00000000ffffffdf R08: ffff8880428a8013 R09: 1ffff11008515002
[   75.459236][ T4677] R10: dffffc0000000000 R11: ffffed1008515003 R12: dffffc0000000000
[   75.462815][ T4677] R13: ffff88801f4bbe18 R14: ffff8880428a8a40 R15: ffff8880428a8010
[   75.466373][ T4677]  ? hci_conn_timeout+0xfe/0x2d0
[   75.468613][ T4677]  ? process_scheduled_works+0x9ef/0x1770
[   75.471224][ T4677]  process_scheduled_works+0xad1/0x1770
[   75.473841][ T4677]  ? __pfx_process_scheduled_works+0x10/0x10
[   75.476868][ T4677]  worker_thread+0x8a0/0xda0
[   75.479066][ T4677]  kthread+0x711/0x8a0
[   75.480989][ T4677]  ? __pfx_worker_thread+0x10/0x10
[   75.483408][ T4677]  ? __pfx_kthread+0x10/0x10
[   75.485569][ T4677]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.488042][ T4677]  ? lockdep_hardirqs_on+0x98/0x140
[   75.490434][ T4677]  ? __pfx_kthread+0x10/0x10
[   75.492442][ T4677]  ret_from_fork+0x599/0xb30
[   75.494476][ T4677]  ? __pfx_ret_from_fork+0x10/0x10
[   75.496888][ T4677]  ? __pfx_kthread+0x10/0x10
[   75.498939][ T4677]  ret_from_fork_asm+0x1a/0x30
[   75.501141][ T4677]  </TASK>
[   75.502896][ T4677] Kernel Offset: disabled
[   75.504716][ T4677] Rebooting in 86400 seconds..