program:
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) (async)
syz_emit_vhci(0x0, 0xe) (async)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201010200000040"], 0x0) (async)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="040b"], 0xe)
r0 = socket(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000180)={0xffffffffffffffff, r1, 0x6, 0xa0, &(0x7f00000000c0)="1ed1f3f44418b040a827fbd86231cac4b6c755d64ed0b6ce7d89a1dadc0f5922af4dcf9ef1f35d17615f39407b2be9b112895b08e2c8c4f761925d3e834bac838db1d9763f959507a49ad673d764a275de58e5b9a6f856088ddd16b1bbc9c538188cc40b5c3f188b3454eb783d2dcb430635dc636f860b5e1c0f5f15698923dca513b170b44ab51eceefb4c3e5364369b18674fb3e29be5c7c2a82ad4192b4f2", 0xe2, 0x80, 0x954f, 0x7, 0x7, 0x0, 0x6, 'syz0\x00'}) (async)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0406"], 0x11)

[   75.656982][ T5301] Bluetooth: hci0: command tx timeout
[   75.711326][ T5322] Zero length message leads to an empty skb
[   75.728624][ T4669] Bluetooth: hci0: unexpected event 0x06 length: 14 > 3
[   75.931778][ T1350] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   76.064293][ T1350] usb 5-1: device descriptor read/64, error -71
[   76.301781][ T1350] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   76.431710][ T1350] usb 5-1: device descriptor read/64, error -71
[   76.541968][ T1350] usb usb5-port1: attempt power cycle
[   76.881751][ T1350] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   76.902258][ T1350] usb 5-1: device descriptor read/8, error -71
[   77.141845][ T1350] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   77.162941][ T1350] usb 5-1: device descriptor read/8, error -71
[   77.276699][ T1350] usb usb5-port1: unable to enumerate USB device
[   77.735662][ T5301] ------------[ cut here ]------------
[   77.738241][ T5301] refcnt < 0
[   77.738253][ T5301] WARNING: net/bluetooth/hci_conn.c:567 at hci_conn_timeout+0xff/0x2c0, CPU#0: kworker/u5:2/5301
[   77.745344][ T5301] Modules linked in:
[   77.747150][ T5301] CPU: 0 UID: 0 PID: 5301 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   77.751168][ T5301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   77.755395][ T5301] Workqueue: hci0 hci_conn_timeout
[   77.757500][ T5301] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[   77.759760][ T5301] Code: 48 89 df e8 33 93 09 00 eb 07 e8 7c 13 2f f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 17 ae fe ff e8 62 13 2f f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   77.767616][ T5301] RSP: 0018:ffffc9000907fad0 EFLAGS: 00010293
[   77.770100][ T5301] RAX: ffffffff8a95745e RBX: ffff888042048000 RCX: ffff888000352480
[   77.773482][ T5301] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   77.776709][ T5301] RBP: 00000000ffffffff R08: ffff888042048013 R09: 1ffff11008409002
[   77.780065][ T5301] R10: dffffc0000000000 R11: ffffed1008409003 R12: dffffc0000000000
[   77.783758][ T5301] R13: ffff88801239f018 R14: ffff888042048a40 R15: ffff888042048010
[   77.787091][ T5301] FS:  0000000000000000(0000) GS:ffff88808cab1000(0000) knlGS:0000000000000000
[   77.790934][ T5301] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.793806][ T5301] CR2: 00007f8e9beb6d50 CR3: 0000000037cf1000 CR4: 0000000000352ef0
[   77.797198][ T5301] Call Trace:
[   77.798583][ T5301]  <TASK>
[   77.799806][ T5301]  ? process_scheduled_works+0xa0f/0x17a0
[   77.802373][ T5301]  process_scheduled_works+0xaec/0x17a0
[   77.804846][ T5301]  ? __pfx_process_scheduled_works+0x10/0x10
[   77.807063][ T5301]  ? do_raw_spin_lock+0x12b/0x2f0
[   77.809146][ T5301]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   77.811396][ T5301]  worker_thread+0xda6/0x1360
[   77.814038][ T5301]  ? __kthread_parkme+0x19c/0x1f0
[   77.816174][ T5301]  kthread+0x388/0x470
[   77.818008][ T5301]  ? __pfx_worker_thread+0x10/0x10
[   77.820088][ T5301]  ? __pfx_kthread+0x10/0x10
[   77.822107][ T5301]  ret_from_fork+0x51e/0xb90
[   77.824132][ T5301]  ? __pfx_ret_from_fork+0x10/0x10
[   77.826263][ T5301]  ? __switch_to+0xc7d/0x1400
[   77.828312][ T5301]  ? __pfx_kthread+0x10/0x10
[   77.830373][ T5301]  ret_from_fork_asm+0x1a/0x30
[   77.832526][ T5301]  </TASK>
[   77.833804][ T5301] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   77.836995][ T5301] CPU: 0 UID: 0 PID: 5301 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   77.840877][ T5301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   77.844973][ T5301] Workqueue: hci0 hci_conn_timeout
[   77.847011][ T5301] Call Trace:
[   77.848408][ T5301]  <TASK>
[   77.849603][ T5301]  vpanic+0x1e0/0x670
[   77.851311][ T5301]  panic+0xc5/0xd0
[   77.852844][ T5301]  ? __pfx_panic+0x10/0x10
[   77.854593][ T5301]  ? ret_from_fork_asm+0x1a/0x30
[   77.856649][ T5301]  __warn+0x315/0x4a0
[   77.858355][ T5301]  ? hci_conn_timeout+0xff/0x2c0
[   77.860307][ T5301]  ? hci_conn_timeout+0xff/0x2c0
[   77.862398][ T5301]  __report_bug+0x29a/0x540
[   77.864369][ T5301]  ? hci_conn_timeout+0xff/0x2c0
[   77.866492][ T5301]  ? __pfx___report_bug+0x10/0x10
[   77.868611][ T5301]  ? add_lock_to_list+0xc7/0x100
[   77.870751][ T5301]  ? lockdep_unlock+0x5d/0xd0
[   77.873207][ T5301]  ? __lock_acquire+0x146e/0x2cf0
[   77.875616][ T5301]  ? hci_conn_timeout+0xff/0x2c0
[   77.877669][ T5301]  report_bug+0x16a/0x220
[   77.879515][ T5301]  ? hci_conn_timeout+0xff/0x2c0
[   77.881869][ T5301]  ? hci_conn_timeout+0x101/0x2c0
[   77.884496][ T5301]  handle_bug+0x98/0x200
[   77.886627][ T5301]  exc_invalid_op+0x1a/0x50
[   77.888913][ T5301]  asm_exc_invalid_op+0x1a/0x20
[   77.891090][ T5301] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[   77.893495][ T5301] Code: 48 89 df e8 33 93 09 00 eb 07 e8 7c 13 2f f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 17 ae fe ff e8 62 13 2f f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   77.901422][ T5301] RSP: 0018:ffffc9000907fad0 EFLAGS: 00010293
[   77.904100][ T5301] RAX: ffffffff8a95745e RBX: ffff888042048000 RCX: ffff888000352480
[   77.907641][ T5301] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   77.911184][ T5301] RBP: 00000000ffffffff R08: ffff888042048013 R09: 1ffff11008409002
[   77.914382][ T5301] R10: dffffc0000000000 R11: ffffed1008409003 R12: dffffc0000000000
[   77.917629][ T5301] R13: ffff88801239f018 R14: ffff888042048a40 R15: ffff888042048010
[   77.920960][ T5301]  ? hci_conn_timeout+0xfe/0x2c0
[   77.923208][ T5301]  ? process_scheduled_works+0xa0f/0x17a0
[   77.925746][ T5301]  process_scheduled_works+0xaec/0x17a0
[   77.928186][ T5301]  ? __pfx_process_scheduled_works+0x10/0x10
[   77.930778][ T5301]  ? do_raw_spin_lock+0x12b/0x2f0
[   77.933134][ T5301]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   77.935882][ T5301]  worker_thread+0xda6/0x1360
[   77.938054][ T5301]  ? __kthread_parkme+0x19c/0x1f0
[   77.940349][ T5301]  kthread+0x388/0x470
[   77.942394][ T5301]  ? __pfx_worker_thread+0x10/0x10
[   77.944879][ T5301]  ? __pfx_kthread+0x10/0x10
[   77.946926][ T5301]  ret_from_fork+0x51e/0xb90
[   77.949018][ T5301]  ? __pfx_ret_from_fork+0x10/0x10
[   77.951263][ T5301]  ? __switch_to+0xc7d/0x1400
[   77.953290][ T5301]  ? __pfx_kthread+0x10/0x10
[   77.955415][ T5301]  ret_from_fork_asm+0x1a/0x30
[   77.957472][ T5301]  </TASK>
[   77.959695][ T5301] Kernel Offset: disabled
[   77.961588][ T5301] Rebooting in 86400 seconds..