program:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni-avx2\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f00000063c0)=[{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)="cbcad215ed370ab2b079783a703926e4551402d20f00e75748b88a95d3754e99", 0x20}], 0x1, &(0x7f00000003c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x14}], 0x1, 0x800) (async)
recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001ec0)=[{&(0x7f0000000540)=""/113, 0x71}], 0x1}, 0x40000000)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x208802)
ioctl$BLKFINISHZONE(r3, 0x40101288, &(0x7f0000000040)={0x3, 0xa}) (async)
connect$bt_sco(r0, &(0x7f0000000100), 0x8) (async)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a)

[   84.739590][ T5301] Bluetooth: hci0: command tx timeout
[   84.806810][ T4665] ------------[ cut here ]------------
[   84.809332][ T4665] WARNING: CPU: 0 PID: 4665 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xff/0x290
[   84.813631][ T4665] Modules linked in:
[   84.815408][ T4665] CPU: 0 UID: 0 PID: 4665 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   84.819264][ T4665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.823672][ T4665] Workqueue: hci0 hci_conn_timeout
[   84.825942][ T4665] RIP: 0010:hci_conn_timeout+0xff/0x290
[   84.828435][ T4665] Code: 48 89 df e8 f3 21 09 00 eb 07 e8 fc 48 7a f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 87 c7 fe ff e8 e2 48 7a f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   84.837043][ T4665] RSP: 0018:ffffc9000fd17a30 EFLAGS: 00010293
[   84.839819][ T4665] RAX: ffffffff8a45cd3e RBX: ffff88803f1d8000 RCX: ffff888000520000
[   84.843531][ T4665] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   84.847071][ T4665] RBP: 00000000ffffffff R08: ffff88803f1d8013 R09: 1ffff11007e3b002
[   84.850996][ T4665] R10: dffffc0000000000 R11: ffffed1007e3b003 R12: dffffc0000000000
[   84.854563][ T4665] R13: ffff888000746018 R14: ffff88803f1d8948 R15: ffff88803f1d8010
[   84.858062][ T4665] FS:  0000000000000000(0000) GS:ffff88808d733000(0000) knlGS:0000000000000000
[   84.862139][ T4665] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.865125][ T4665] CR2: 00007ffee3f60cc4 CR3: 000000004242a000 CR4: 0000000000352ef0
[   84.868771][ T4665] Call Trace:
[   84.870469][ T4665]  <TASK>
[   84.871861][ T4665]  ? process_scheduled_works+0x9ef/0x17b0
[   84.874415][ T4665]  process_scheduled_works+0xae1/0x17b0
[   84.876890][ T4665]  ? __pfx_process_scheduled_works+0x10/0x10
[   84.879642][ T4665]  worker_thread+0x8a0/0xda0
[   84.881909][ T4665]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   84.884831][ T4665]  ? __kthread_parkme+0x7b/0x200
[   84.887176][ T4665]  kthread+0x711/0x8a0
[   84.889051][ T4665]  ? __pfx_worker_thread+0x10/0x10
[   84.891494][ T4665]  ? __pfx_kthread+0x10/0x10
[   84.893641][ T4665]  ? _raw_spin_unlock_irq+0x23/0x50
[   84.896246][ T4665]  ? lockdep_hardirqs_on+0x9c/0x150
[   84.898637][ T4665]  ? __pfx_kthread+0x10/0x10
[   84.901048][ T4665]  ret_from_fork+0x4bc/0x870
[   84.903188][ T4665]  ? __pfx_ret_from_fork+0x10/0x10
[   84.905551][ T4665]  ? __pfx_kthread+0x10/0x10
[   84.907665][ T4665]  ret_from_fork_asm+0x1a/0x30
[   84.909837][ T4665]  </TASK>
[   84.911420][ T4665] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   84.914654][ T4665] CPU: 0 UID: 0 PID: 4665 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   84.918825][ T4665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.923549][ T4665] Workqueue: hci0 hci_conn_timeout
[   84.925808][ T4665] Call Trace:
[   84.927329][ T4665]  <TASK>
[   84.928657][ T4665]  dump_stack_lvl+0x99/0x250
[   84.930750][ T4665]  ? __asan_memcpy+0x40/0x70
[   84.932865][ T4665]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.935207][ T4665]  ? __pfx__printk+0x10/0x10
[   84.937272][ T4665]  vpanic+0x237/0x6d0
[   84.940074][ T4665]  ? __pfx_vpanic+0x10/0x10
[   84.942201][ T4665]  panic+0xb9/0xc0
[   84.943769][ T4665]  ? __pfx_panic+0x10/0x10
[   84.945634][ T4665]  __warn+0x31b/0x4b0
[   84.947328][ T4665]  ? hci_conn_timeout+0xff/0x290
[   84.949314][ T4665]  ? hci_conn_timeout+0xff/0x290
[   84.951695][ T4665]  report_bug+0x2be/0x4f0
[   84.953709][ T4665]  ? hci_conn_timeout+0xff/0x290
[   84.955736][ T4665]  ? hci_conn_timeout+0xff/0x290
[   84.957791][ T4665]  ? hci_conn_timeout+0x101/0x290
[   84.960209][ T4665]  handle_bug+0x84/0x160
[   84.962577][ T4665]  exc_invalid_op+0x1a/0x50
[   84.964870][ T4665]  asm_exc_invalid_op+0x1a/0x20
[   84.967286][ T4665] RIP: 0010:hci_conn_timeout+0xff/0x290
[   84.969742][ T4665] Code: 48 89 df e8 f3 21 09 00 eb 07 e8 fc 48 7a f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 87 c7 fe ff e8 e2 48 7a f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   84.978226][ T4665] RSP: 0018:ffffc9000fd17a30 EFLAGS: 00010293
[   84.980935][ T4665] RAX: ffffffff8a45cd3e RBX: ffff88803f1d8000 RCX: ffff888000520000
[   84.984459][ T4665] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   84.987825][ T4665] RBP: 00000000ffffffff R08: ffff88803f1d8013 R09: 1ffff11007e3b002
[   84.991422][ T4665] R10: dffffc0000000000 R11: ffffed1007e3b003 R12: dffffc0000000000
[   84.995046][ T4665] R13: ffff888000746018 R14: ffff88803f1d8948 R15: ffff88803f1d8010
[   84.998443][ T4665]  ? hci_conn_timeout+0xfe/0x290
[   85.000694][ T4665]  ? process_scheduled_works+0x9ef/0x17b0
[   85.003719][ T4665]  process_scheduled_works+0xae1/0x17b0
[   85.006762][ T4665]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.010147][ T4665]  worker_thread+0x8a0/0xda0
[   85.012543][ T4665]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   85.015455][ T4665]  ? __kthread_parkme+0x7b/0x200
[   85.017686][ T4665]  kthread+0x711/0x8a0
[   85.019493][ T4665]  ? __pfx_worker_thread+0x10/0x10
[   85.021819][ T4665]  ? __pfx_kthread+0x10/0x10
[   85.023868][ T4665]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.026250][ T4665]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.028435][ T4665]  ? __pfx_kthread+0x10/0x10
[   85.030398][ T4665]  ret_from_fork+0x4bc/0x870
[   85.032462][ T4665]  ? __pfx_ret_from_fork+0x10/0x10
[   85.034815][ T4665]  ? __pfx_kthread+0x10/0x10
[   85.036838][ T4665]  ret_from_fork_asm+0x1a/0x30
[   85.038977][ T4665]  </TASK>
[   85.040608][ T4665] Kernel Offset: disabled
[   85.042610][ T4665] Rebooting in 86400 seconds..