program:
r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000040)=0x5)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(0x0, 0xe) (async)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201010200000040"], 0x0) (async)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) (async)
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="040b"], 0xe) (async)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0406"], 0x7)

[   77.686765][ T4668] Bluetooth: hci0: command tx timeout
[   77.790045][ T5297] Bluetooth: hci0: unexpected event 0x06 length: 4 > 3
[   78.021182][ T1225] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   78.160732][ T1225] usb 5-1: device descriptor read/64, error -71
[   78.400469][ T1225] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   78.530601][ T1225] usb 5-1: device descriptor read/64, error -71
[   78.640815][ T1225] usb usb5-port1: attempt power cycle
[   78.980516][ T1225] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   79.001767][ T1225] usb 5-1: device descriptor read/8, error -71
[   79.240571][ T1225] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   79.261421][ T1225] usb 5-1: device descriptor read/8, error -71
[   79.371264][ T1225] usb usb5-port1: unable to enumerate USB device
[   79.710571][ T5297] Bluetooth: hci0: command tx timeout
[   79.792424][ T4668] ------------[ cut here ]------------
[   79.795085][ T4668] refcnt < 0
[   79.795096][ T4668] WARNING: net/bluetooth/hci_conn.c:567 at hci_conn_timeout+0xff/0x2c0, CPU#0: kworker/u5:1/4668
[   79.802419][ T4668] Modules linked in:
[   79.804568][ T4668] CPU: 0 UID: 0 PID: 4668 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   79.809059][ T4668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   79.814755][ T4668] Workqueue: hci0 hci_conn_timeout
[   79.817454][ T4668] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[   79.820416][ T4668] Code: 48 89 df e8 63 a0 09 00 eb 07 e8 ac 8b 21 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 97 a8 fe ff e8 92 8b 21 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   79.830810][ T4668] RSP: 0018:ffffc9000fc6fab0 EFLAGS: 00010293
[   79.833895][ T4668] RAX: ffffffff8aa432fe RBX: ffff888041cb8000 RCX: ffff88801f920000
[   79.837724][ T4668] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   79.841640][ T4668] RBP: 00000000ffffffff R08: ffff888041cb8013 R09: 1ffff11008397002
[   79.845829][ T4668] R10: dffffc0000000000 R11: ffffed1008397003 R12: dffffc0000000000
[   79.849310][ T4668] R13: ffff88801f146018 R14: ffff888041cb8a40 R15: ffff888041cb8010
[   79.853458][ T4668] FS:  0000000000000000(0000) GS:ffff88808ca4c000(0000) knlGS:0000000000000000
[   79.858226][ T4668] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   79.861799][ T4668] CR2: 00005605598af168 CR3: 000000004097e000 CR4: 0000000000352ef0
[   79.865517][ T4668] Call Trace:
[   79.867247][ T4668]  <TASK>
[   79.868706][ T4668]  ? process_scheduled_works+0xa8d/0x18c0
[   79.873307][ T4668]  process_scheduled_works+0xb6e/0x18c0
[   79.876319][ T4668]  ? __pfx_process_scheduled_works+0x10/0x10
[   79.879676][ T4668]  ? assign_work+0x3d5/0x5e0
[   79.882011][ T4668]  worker_thread+0xa53/0xfc0
[   79.884288][ T4668]  kthread+0x388/0x470
[   79.886392][ T4668]  ? __pfx_worker_thread+0x10/0x10
[   79.888799][ T4668]  ? __pfx_kthread+0x10/0x10
[   79.891426][ T4668]  ret_from_fork+0x51e/0xb90
[   79.893833][ T4668]  ? __pfx_ret_from_fork+0x10/0x10
[   79.895849][ T4668]  ? __switch_to+0xc7d/0x1450
[   79.897991][ T4668]  ? __pfx_kthread+0x10/0x10
[   79.900616][ T4668]  ret_from_fork_asm+0x1a/0x30
[   79.903364][ T4668]  </TASK>
[   79.904822][ T4668] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   79.908284][ T4668] CPU: 0 UID: 0 PID: 4668 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   79.912591][ T4668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   79.918154][ T4668] Workqueue: hci0 hci_conn_timeout
[   79.920365][ T4668] Call Trace:
[   79.922447][ T4668]  <TASK>
[   79.924030][ T4668]  vpanic+0x56c/0xa60
[   79.926096][ T4668]  ? __pfx__printk+0x10/0x10
[   79.928478][ T4668]  ? __pfx_vpanic+0x10/0x10
[   79.931136][ T4668]  ? is_bpf_text_address+0x292/0x2b0
[   79.933870][ T4668]  ? is_bpf_text_address+0x26/0x2b0
[   79.936450][ T4668]  panic+0xc5/0xd0
[   79.938163][ T4668]  ? __pfx_panic+0x10/0x10
[   79.940271][ T4668]  ? ret_from_fork_asm+0x1a/0x30
[   79.943154][ T4668]  __warn+0x315/0x4f0
[   79.945153][ T4668]  ? hci_conn_timeout+0xff/0x2c0
[   79.947488][ T4668]  ? hci_conn_timeout+0xff/0x2c0
[   79.950035][ T4668]  __report_bug+0x29a/0x540
[   79.952413][ T4668]  ? __pfx_stack_trace_save+0x10/0x10
[   79.955091][ T4668]  ? hci_conn_timeout+0xff/0x2c0
[   79.957587][ T4668]  ? __pfx___report_bug+0x10/0x10
[   79.960015][ T4668]  ? add_lock_to_list+0xc7/0x100
[   79.962346][ T4668]  ? lockdep_unlock+0x5d/0xd0
[   79.964917][ T4668]  ? __lock_acquire+0x146e/0x2cf0
[   79.967633][ T4668]  ? hci_conn_timeout+0xff/0x2c0
[   79.969835][ T4668]  report_bug+0x16a/0x220
[   79.972193][ T4668]  ? hci_conn_timeout+0xff/0x2c0
[   79.974338][ T4668]  ? hci_conn_timeout+0x101/0x2c0
[   79.977007][ T4668]  handle_bug+0x9c/0x200
[   79.979435][ T4668]  exc_invalid_op+0x1a/0x50
[   79.981919][ T4668]  asm_exc_invalid_op+0x1a/0x20
[   79.984242][ T4668] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[   79.986736][ T4668] Code: 48 89 df e8 63 a0 09 00 eb 07 e8 ac 8b 21 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 97 a8 fe ff e8 92 8b 21 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   79.996746][ T4668] RSP: 0018:ffffc9000fc6fab0 EFLAGS: 00010293
[   79.999389][ T4668] RAX: ffffffff8aa432fe RBX: ffff888041cb8000 RCX: ffff88801f920000
[   80.003013][ T4668] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   80.007226][ T4668] RBP: 00000000ffffffff R08: ffff888041cb8013 R09: 1ffff11008397002
[   80.011442][ T4668] R10: dffffc0000000000 R11: ffffed1008397003 R12: dffffc0000000000
[   80.015406][ T4668] R13: ffff88801f146018 R14: ffff888041cb8a40 R15: ffff888041cb8010
[   80.019681][ T4668]  ? hci_conn_timeout+0xfe/0x2c0
[   80.022329][ T4668]  ? process_scheduled_works+0xa8d/0x18c0
[   80.025172][ T4668]  process_scheduled_works+0xb6e/0x18c0
[   80.028215][ T4668]  ? __pfx_process_scheduled_works+0x10/0x10
[   80.031503][ T4668]  ? assign_work+0x3d5/0x5e0
[   80.034132][ T4668]  worker_thread+0xa53/0xfc0
[   80.036524][ T4668]  kthread+0x388/0x470
[   80.038419][ T4668]  ? __pfx_worker_thread+0x10/0x10
[   80.040431][ T4668]  ? __pfx_kthread+0x10/0x10
[   80.042355][ T4668]  ret_from_fork+0x51e/0xb90
[   80.044654][ T4668]  ? __pfx_ret_from_fork+0x10/0x10
[   80.047482][ T4668]  ? __switch_to+0xc7d/0x1450
[   80.049905][ T4668]  ? __pfx_kthread+0x10/0x10
[   80.051993][ T4668]  ret_from_fork_asm+0x1a/0x30
[   80.054063][ T4668]  </TASK>
[   80.055478][ T4668] Kernel Offset: disabled
[   80.057195][ T4668] Rebooting in 86400 seconds..