program:
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='veno', 0x4)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x1, 0x8, 0x6381}]}, 0x10)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000180)=@e={0xff, 0x3, 0x0, 0x0, @SEQ_NOTEON})
syz_emit_vhci(0x0, 0xe)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201010200000040"], 0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="040b"], 0xe)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0406"], 0x7)

[   83.961886][ T4667] Bluetooth: hci0: command tx timeout
[   84.428515][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   84.615197][   T45] Bluetooth: hci0: unexpected event 0x06 length: 4 > 3
[   86.039260][   T45] Bluetooth: hci0: command tx timeout
[   86.680214][ T4667] ------------[ cut here ]------------
[   86.683276][ T4667] refcnt < 0
[   86.683293][ T4667] WARNING: net/bluetooth/hci_conn.c:567 at hci_conn_timeout+0xff/0x2c0, CPU#0: kworker/u5:1/4667
[   86.692201][ T4667] Modules linked in:
[   86.694388][ T4667] CPU: 0 UID: 0 PID: 4667 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   86.698224][ T4667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.702987][ T4667] Workqueue: hci0 hci_conn_timeout
[   86.705295][ T4667] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[   86.708572][ T4667] Code: 48 89 df e8 c3 98 09 00 eb 07 e8 9c e2 21 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 97 a8 fe ff e8 82 e2 21 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   86.717638][ T4667] RSP: 0018:ffffc9000f93fab0 EFLAGS: 00010293
[   86.720717][ T4667] RAX: ffffffff8aa3cf4e RBX: ffff8880125c4000 RCX: ffff88801f918000
[   86.724430][ T4667] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   86.728701][ T4667] RBP: 00000000ffffffff R08: ffff8880125c4013 R09: 1ffff110024b8802
[   86.732414][ T4667] R10: dffffc0000000000 R11: ffffed10024b8803 R12: dffffc0000000000
[   86.736140][ T4667] R13: ffff88801f0e7018 R14: ffff8880125c4a40 R15: ffff8880125c4010
[   86.739884][ T4667] FS:  0000000000000000(0000) GS:ffff88808ca51000(0000) knlGS:0000000000000000
[   86.744054][ T4667] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.747365][ T4667] CR2: 0000000000000010 CR3: 0000000040931000 CR4: 0000000000352ef0
[   86.752116][ T4667] Call Trace:
[   86.754131][ T4667]  <TASK>
[   86.755815][ T4667]  ? process_scheduled_works+0xa8d/0x18c0
[   86.759381][ T4667]  process_scheduled_works+0xb6e/0x18c0
[   86.762757][ T4667]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.766258][ T4667]  ? assign_work+0x3d5/0x5e0
[   86.768475][ T4667]  worker_thread+0xa53/0xfc0
[   86.770608][ T4667]  kthread+0x388/0x470
[   86.772644][ T4667]  ? __pfx_worker_thread+0x10/0x10
[   86.775602][ T4667]  ? __pfx_kthread+0x10/0x10
[   86.778738][ T4667]  ret_from_fork+0x51e/0xb90
[   86.781507][ T4667]  ? __pfx_ret_from_fork+0x10/0x10
[   86.784243][ T4667]  ? __switch_to+0xc7d/0x1450
[   86.786784][ T4667]  ? __pfx_kthread+0x10/0x10
[   86.788923][ T4667]  ret_from_fork_asm+0x1a/0x30
[   86.791666][ T4667]  </TASK>
[   86.793292][ T4667] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.796579][ T4667] CPU: 0 UID: 0 PID: 4667 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   86.800978][ T4667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.806188][ T4667] Workqueue: hci0 hci_conn_timeout
[   86.808866][ T4667] Call Trace:
[   86.810458][ T4667]  <TASK>
[   86.811880][ T4667]  vpanic+0x56c/0xa60
[   86.813714][ T4667]  ? __pfx__printk+0x10/0x10
[   86.815989][ T4667]  ? __pfx_vpanic+0x10/0x10
[   86.818646][ T4667]  ? is_bpf_text_address+0x292/0x2b0
[   86.821478][ T4667]  ? is_bpf_text_address+0x26/0x2b0
[   86.824420][ T4667]  panic+0xc5/0xd0
[   86.826178][ T4667]  ? __pfx_panic+0x10/0x10
[   86.828277][ T4667]  ? ret_from_fork_asm+0x1a/0x30
[   86.830539][ T4667]  __warn+0x315/0x4f0
[   86.832363][ T4667]  ? hci_conn_timeout+0xff/0x2c0
[   86.834577][ T4667]  ? hci_conn_timeout+0xff/0x2c0
[   86.837026][ T4667]  __report_bug+0x29a/0x540
[   86.839262][ T4667]  ? __pfx_stack_trace_save+0x10/0x10
[   86.842236][ T4667]  ? hci_conn_timeout+0xff/0x2c0
[   86.844685][ T4667]  ? __pfx___report_bug+0x10/0x10
[   86.846987][ T4667]  ? add_lock_to_list+0xc7/0x100
[   86.849209][ T4667]  ? lockdep_unlock+0x5d/0xd0
[   86.851422][ T4667]  ? __lock_acquire+0x146e/0x2cf0
[   86.853710][ T4667]  ? hci_conn_timeout+0xff/0x2c0
[   86.856591][ T4667]  report_bug+0x16a/0x220
[   86.859281][ T4667]  ? hci_conn_timeout+0xff/0x2c0
[   86.861953][ T4667]  ? hci_conn_timeout+0x101/0x2c0
[   86.864216][ T4667]  handle_bug+0x9c/0x200
[   86.866169][ T4667]  exc_invalid_op+0x1a/0x50
[   86.868344][ T4667]  asm_exc_invalid_op+0x1a/0x20
[   86.870609][ T4667] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[   86.873162][ T4667] Code: 48 89 df e8 c3 98 09 00 eb 07 e8 9c e2 21 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 97 a8 fe ff e8 82 e2 21 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   86.883356][ T4667] RSP: 0018:ffffc9000f93fab0 EFLAGS: 00010293
[   86.886126][ T4667] RAX: ffffffff8aa3cf4e RBX: ffff8880125c4000 RCX: ffff88801f918000
[   86.889470][ T4667] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   86.893221][ T4667] RBP: 00000000ffffffff R08: ffff8880125c4013 R09: 1ffff110024b8802
[   86.897130][ T4667] R10: dffffc0000000000 R11: ffffed10024b8803 R12: dffffc0000000000
[   86.900533][ T4667] R13: ffff88801f0e7018 R14: ffff8880125c4a40 R15: ffff8880125c4010
[   86.903787][ T4667]  ? hci_conn_timeout+0xfe/0x2c0
[   86.906283][ T4667]  ? process_scheduled_works+0xa8d/0x18c0
[   86.909337][ T4667]  process_scheduled_works+0xb6e/0x18c0
[   86.912385][ T4667]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.914992][ T4667]  ? assign_work+0x3d5/0x5e0
[   86.917008][ T4667]  worker_thread+0xa53/0xfc0
[   86.919138][ T4667]  kthread+0x388/0x470
[   86.921024][ T4667]  ? __pfx_worker_thread+0x10/0x10
[   86.923430][ T4667]  ? __pfx_kthread+0x10/0x10
[   86.926398][ T4667]  ret_from_fork+0x51e/0xb90
[   86.929156][ T4667]  ? __pfx_ret_from_fork+0x10/0x10
[   86.931587][ T4667]  ? __switch_to+0xc7d/0x1450
[   86.933695][ T4667]  ? __pfx_kthread+0x10/0x10
[   86.935797][ T4667]  ret_from_fork_asm+0x1a/0x30
[   86.938013][ T4667]  </TASK>
[   86.939700][ T4667] Kernel Offset: disabled
[   86.941518][ T4667] Rebooting in 86400 seconds..