program:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000240)=0x40) (async)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, &(0x7f0000000100)=0x1) (async)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_CROPCAP(r2, 0xc02c563a, &(0x7f0000000200)={0xa, {0x5, 0x61, 0x6, 0x7}, {0x5e, 0x9007, 0xfffffff9, 0x10}, {0x8, 0x10001}}) (async)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r3, &(0x7f0000000100), 0x8) (async)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a)
read$dsp(r0, &(0x7f0000000280)=""/4096, 0x1000)
[ 85.557695][ T4667] Bluetooth: hci0: command tx timeout
[ 85.673989][ T5300] ------------[ cut here ]------------
[ 85.676569][ T5300] WARNING: CPU: 0 PID: 5300 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xff/0x290
[ 85.681286][ T5300] Modules linked in:
[ 85.683196][ T5300] CPU: 0 UID: 0 PID: 5300 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full)
[ 85.687132][ T5300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.691878][ T5300] Workqueue: hci0 hci_conn_timeout
[ 85.694145][ T5300] RIP: 0010:hci_conn_timeout+0xff/0x290
[ 85.696938][ T5300] Code: 48 89 df e8 53 1d 09 00 eb 07 e8 ec 5a 7a f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 e7 c4 fe ff e8 d2 5a 7a f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[ 85.705553][ T5300] RSP: 0018:ffffc9000d0f7a30 EFLAGS: 00010293
[ 85.708322][ T5300] RAX: ffffffff8a45b93e RBX: ffff8880333c8000 RCX: ffff888000de2480
[ 85.711835][ T5300] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[ 85.716335][ T5300] RBP: 00000000ffffffff R08: ffff8880333c8013 R09: 1ffff11006679002
[ 85.721043][ T5300] R10: dffffc0000000000 R11: ffffed1006679003 R12: dffffc0000000000
[ 85.725132][ T5300] R13: ffff88803532a818 R14: ffff8880333c8948 R15: ffff8880333c8010
[ 85.729156][ T5300] FS: 0000000000000000(0000) GS:ffff88808d733000(0000) knlGS:0000000000000000
[ 85.732562][ T5300] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.735059][ T5300] CR2: 00007fcf3dfb2fb3 CR3: 0000000041cbb000 CR4: 0000000000352ef0
[ 85.738794][ T5300] Call Trace:
[ 85.740370][ T5300]
[ 85.742016][ T5300] ? process_scheduled_works+0x9ef/0x17b0
[ 85.744367][ T5300] process_scheduled_works+0xae1/0x17b0
[ 85.747047][ T5300] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.749879][ T5300] worker_thread+0x8a0/0xda0
[ 85.752078][ T5300] ? __kthread_parkme+0x7b/0x200
[ 85.754322][ T5300] kthread+0x711/0x8a0
[ 85.756163][ T5300] ? __pfx_worker_thread+0x10/0x10
[ 85.758764][ T5300] ? __pfx_kthread+0x10/0x10
[ 85.761419][ T5300] ? _raw_spin_unlock_irq+0x23/0x50
[ 85.764037][ T5300] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.766474][ T5300] ? __pfx_kthread+0x10/0x10
[ 85.768713][ T5300] ret_from_fork+0x4bc/0x870
[ 85.771298][ T5300] ? __pfx_ret_from_fork+0x10/0x10
[ 85.773729][ T5300] ? __pfx_kthread+0x10/0x10
[ 85.776142][ T5300] ret_from_fork_asm+0x1a/0x30
[ 85.778303][ T5300]
[ 85.779703][ T5300] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 85.783044][ T5300] CPU: 0 UID: 0 PID: 5300 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full)
[ 85.787126][ T5300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.792087][ T5300] Workqueue: hci0 hci_conn_timeout
[ 85.794556][ T5300] Call Trace:
[ 85.796094][ T5300]
[ 85.797279][ T5300] dump_stack_lvl+0x99/0x250
[ 85.799268][ T5300] ? __asan_memcpy+0x40/0x70
[ 85.801745][ T5300] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.804812][ T5300] ? __pfx__printk+0x10/0x10
[ 85.807596][ T5300] vpanic+0x237/0x6d0
[ 85.809768][ T5300] ? __pfx_vpanic+0x10/0x10
[ 85.812208][ T5300] panic+0xb9/0xc0
[ 85.813622][ T5300] ? __pfx_panic+0x10/0x10
[ 85.815282][ T5300] __warn+0x31b/0x4b0
[ 85.817077][ T5300] ? hci_conn_timeout+0xff/0x290
[ 85.819358][ T5300] ? hci_conn_timeout+0xff/0x290
[ 85.821519][ T5300] report_bug+0x2be/0x4f0
[ 85.823531][ T5300] ? hci_conn_timeout+0xff/0x290
[ 85.826212][ T5300] ? hci_conn_timeout+0xff/0x290
[ 85.828926][ T5300] ? hci_conn_timeout+0x101/0x290
[ 85.831386][ T5300] handle_bug+0x84/0x160
[ 85.833283][ T5300] exc_invalid_op+0x1a/0x50
[ 85.835468][ T5300] asm_exc_invalid_op+0x1a/0x20
[ 85.837734][ T5300] RIP: 0010:hci_conn_timeout+0xff/0x290
[ 85.840267][ T5300] Code: 48 89 df e8 53 1d 09 00 eb 07 e8 ec 5a 7a f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 e7 c4 fe ff e8 d2 5a 7a f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[ 85.848644][ T5300] RSP: 0018:ffffc9000d0f7a30 EFLAGS: 00010293
[ 85.851437][ T5300] RAX: ffffffff8a45b93e RBX: ffff8880333c8000 RCX: ffff888000de2480
[ 85.854914][ T5300] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[ 85.858578][ T5300] RBP: 00000000ffffffff R08: ffff8880333c8013 R09: 1ffff11006679002
[ 85.863652][ T5300] R10: dffffc0000000000 R11: ffffed1006679003 R12: dffffc0000000000
[ 85.867351][ T5300] R13: ffff88803532a818 R14: ffff8880333c8948 R15: ffff8880333c8010
[ 85.870493][ T5300] ? hci_conn_timeout+0xfe/0x290
[ 85.872534][ T5300] ? process_scheduled_works+0x9ef/0x17b0
[ 85.874753][ T5300] process_scheduled_works+0xae1/0x17b0
[ 85.876778][ T5300] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.878893][ T5300] worker_thread+0x8a0/0xda0
[ 85.880621][ T5300] ? __kthread_parkme+0x7b/0x200
[ 85.882488][ T5300] kthread+0x711/0x8a0
[ 85.884120][ T5300] ? __pfx_worker_thread+0x10/0x10
[ 85.886167][ T5300] ? __pfx_kthread+0x10/0x10
[ 85.888042][ T5300] ? _raw_spin_unlock_irq+0x23/0x50
[ 85.890145][ T5300] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.892204][ T5300] ? __pfx_kthread+0x10/0x10
[ 85.894202][ T5300] ret_from_fork+0x4bc/0x870
[ 85.896140][ T5300] ? __pfx_ret_from_fork+0x10/0x10
[ 85.898811][ T5300] ? __pfx_kthread+0x10/0x10
[ 85.901214][ T5300] ret_from_fork_asm+0x1a/0x30
[ 85.903618][ T5300]
[ 85.905179][ T5300] Kernel Offset: disabled
[ 85.906882][ T5300] Rebooting in 86400 seconds..