program:
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(0x0, 0xe)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201010200000040"], 0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="040b"], 0xe)
exit(0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="3f000000010000", 0x7)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_name={{0x7, 0xff}, {0x3, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, "e2ee1c19dda3b1001d6a79c015d9dc3065264f52314e58d555029c5ae06c34b30cf7d167f9ae11b5ba09a9460571633079d9872fbd280544bd273b020b5784fd2ec8f901f696604a663dd37975e2f2d1ae964a19e7af069c773996340266fd633e9ca1690a39bd4a7ecbd1cb27804eac8f94f46a347e17e4a2e2da3451fb51ee4d6f9e132afdb71672087b0c326a39b25ad9598c00fa35e9e2cb2a9bc5c977e861a74102b75e747fff725e11f0951503f2b667697d58959ed25403742cb1c6d0f4db85733cc2f9ce8ffe646f2b825bf9c858240f0956b70dbb7fd846eb8ff06fe8d4fb92de5338dd5dd37fb0af509b34af2f4dfb2d64d789"}}}, 0x102)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_complete={{0x5, 0x4}, {0x0, 0xc8, 0x9}}}, 0x7)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0406"], 0x7)

[   74.950601][ T4659] Bluetooth: hci0: command tx timeout
[   75.292631][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   75.534793][ T5311] Bluetooth: MGMT ver 1.23
[   75.546043][ T5291] Bluetooth: hci0: unexpected event 0x06 length: 4 > 3
[   76.689240][ T1312] ieee802154 phy0 wpan0: encryption failed: -22
[   76.695460][ T1312] ieee802154 phy1 wpan1: encryption failed: -22
[   77.003566][ T5291] Bluetooth: hci0: command tx timeout
[   77.492118][ T4659] ------------[ cut here ]------------
[   77.495304][ T4659] refcnt < 0
[   77.495315][ T4659] WARNING: net/bluetooth/hci_conn.c:567 at hci_conn_timeout+0xff/0x2c0, CPU#0: kworker/u5:1/4659
[   77.503247][ T4659] Modules linked in:
[   77.505380][ T4659] CPU: 0 UID: 0 PID: 4659 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   77.509529][ T4659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   77.513938][ T4659] Workqueue: hci0 hci_conn_timeout
[   77.516163][ T4659] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[   77.518687][ T4659] Code: 48 89 df e8 73 99 09 00 eb 07 e8 1c fa 2c f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 87 a8 fe ff e8 02 fa 2c f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   77.527959][ T4659] RSP: 0018:ffffc9000f59fad0 EFLAGS: 00010293
[   77.530692][ T4659] RAX: ffffffff8a9758be RBX: ffff8880124e4000 RCX: ffff88801f920000
[   77.535127][ T4659] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   77.538669][ T4659] RBP: 00000000ffffffff R08: ffff8880124e4013 R09: 1ffff1100249c802
[   77.542210][ T4659] R10: dffffc0000000000 R11: ffffed100249c803 R12: dffffc0000000000
[   77.546003][ T4659] R13: ffff88801caa4618 R14: ffff8880124e4a40 R15: ffff8880124e4010
[   77.549512][ T4659] FS:  0000000000000000(0000) GS:ffff88808ca94000(0000) knlGS:0000000000000000
[   77.553693][ T4659] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.557245][ T4659] CR2: 0000564ccf2fb168 CR3: 000000001cba6000 CR4: 0000000000352ef0
[   77.560765][ T4659] Call Trace:
[   77.562362][ T4659]  <TASK>
[   77.565029][ T4659]  ? process_scheduled_works+0xa0f/0x17a0
[   77.567665][ T4659]  process_scheduled_works+0xaec/0x17a0
[   77.569993][ T4659]  ? __pfx_process_scheduled_works+0x10/0x10
[   77.572850][ T4659]  ? assign_work+0x3d5/0x5e0
[   77.574929][ T4659]  worker_thread+0xa50/0xfc0
[   77.577072][ T4659]  kthread+0x388/0x470
[   77.578955][ T4659]  ? __pfx_worker_thread+0x10/0x10
[   77.581188][ T4659]  ? __pfx_kthread+0x10/0x10
[   77.583358][ T4659]  ret_from_fork+0x51e/0xb90
[   77.585769][ T4659]  ? __pfx_ret_from_fork+0x10/0x10
[   77.588175][ T4659]  ? __switch_to+0xc7d/0x1400
[   77.590277][ T4659]  ? __pfx_kthread+0x10/0x10
[   77.592363][ T4659]  ret_from_fork_asm+0x1a/0x30
[   77.594544][ T4659]  </TASK>
[   77.595954][ T4659] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   77.599273][ T4659] CPU: 0 UID: 0 PID: 4659 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   77.603291][ T4659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   77.607650][ T4659] Workqueue: hci0 hci_conn_timeout
[   77.609926][ T4659] Call Trace:
[   77.611494][ T4659]  <TASK>
[   77.612667][ T4659]  vpanic+0x56c/0xa60
[   77.614827][ T4659]  ? __pfx__printk+0x10/0x10
[   77.616829][ T4659]  ? __pfx_vpanic+0x10/0x10
[   77.618869][ T4659]  ? is_bpf_text_address+0x292/0x2b0
[   77.621094][ T4659]  ? is_bpf_text_address+0x26/0x2b0
[   77.623249][ T4659]  panic+0xc5/0xd0
[   77.624878][ T4659]  ? __pfx_panic+0x10/0x10
[   77.626911][ T4659]  ? ret_from_fork_asm+0x1a/0x30
[   77.629125][ T4659]  __warn+0x315/0x4a0
[   77.630899][ T4659]  ? hci_conn_timeout+0xff/0x2c0
[   77.632993][ T4659]  ? hci_conn_timeout+0xff/0x2c0
[   77.635161][ T4659]  __report_bug+0x29a/0x540
[   77.637274][ T4659]  ? hci_conn_timeout+0xff/0x2c0
[   77.639353][ T4659]  ? __pfx___report_bug+0x10/0x10
[   77.641512][ T4659]  ? add_lock_to_list+0xc7/0x100
[   77.643748][ T4659]  ? lockdep_unlock+0x5d/0xd0
[   77.645817][ T4659]  ? __lock_acquire+0x146e/0x2cf0
[   77.648021][ T4659]  ? do_raw_spin_lock+0x12b/0x2f0
[   77.650294][ T4659]  ? hci_conn_timeout+0xff/0x2c0
[   77.652508][ T4659]  report_bug+0x16a/0x220
[   77.654469][ T4659]  ? hci_conn_timeout+0xff/0x2c0
[   77.656625][ T4659]  ? hci_conn_timeout+0x101/0x2c0
[   77.658874][ T4659]  handle_bug+0x98/0x200
[   77.660748][ T4659]  exc_invalid_op+0x1a/0x50
[   77.662757][ T4659]  asm_exc_invalid_op+0x1a/0x20
[   77.664848][ T4659] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[   77.667312][ T4659] Code: 48 89 df e8 73 99 09 00 eb 07 e8 1c fa 2c f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 87 a8 fe ff e8 02 fa 2c f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   77.675071][ T4659] RSP: 0018:ffffc9000f59fad0 EFLAGS: 00010293
[   77.677535][ T4659] RAX: ffffffff8a9758be RBX: ffff8880124e4000 RCX: ffff88801f920000
[   77.680697][ T4659] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   77.683878][ T4659] RBP: 00000000ffffffff R08: ffff8880124e4013 R09: 1ffff1100249c802
[   77.687171][ T4659] R10: dffffc0000000000 R11: ffffed100249c803 R12: dffffc0000000000
[   77.690519][ T4659] R13: ffff88801caa4618 R14: ffff8880124e4a40 R15: ffff8880124e4010
[   77.693944][ T4659]  ? hci_conn_timeout+0xfe/0x2c0
[   77.696153][ T4659]  ? process_scheduled_works+0xa0f/0x17a0
[   77.698581][ T4659]  process_scheduled_works+0xaec/0x17a0
[   77.701052][ T4659]  ? __pfx_process_scheduled_works+0x10/0x10
[   77.703549][ T4659]  ? assign_work+0x3d5/0x5e0
[   77.705568][ T4659]  worker_thread+0xa50/0xfc0
[   77.707617][ T4659]  kthread+0x388/0x470
[   77.709400][ T4659]  ? __pfx_worker_thread+0x10/0x10
[   77.711799][ T4659]  ? __pfx_kthread+0x10/0x10
[   77.713931][ T4659]  ret_from_fork+0x51e/0xb90
[   77.716038][ T4659]  ? __pfx_ret_from_fork+0x10/0x10
[   77.718375][ T4659]  ? __switch_to+0xc7d/0x1400
[   77.720422][ T4659]  ? __pfx_kthread+0x10/0x10
[   77.722511][ T4659]  ret_from_fork_asm+0x1a/0x30
[   77.724627][ T4659]  </TASK>
[   77.726497][ T4659] Kernel Offset: disabled
[   77.728515][ T4659] Rebooting in 86400 seconds..