program:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r1, &(0x7f0000000100), 0x8) (async)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x2c, r2, 0xd, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xe, 0x24}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008080}, 0x24000)
r3 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r3, 0xc034564b, &(0x7f00000000c0)={0x0, 0x20323159, 0x500, 0x2d0, 0x4, @stepwise={{0x1, 0xfffffffb}, {0x4, 0x4c7}, {0xa9}}}) (async)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x2, 0x3, 0x3}) (async)
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000088}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x38, r2, 0x8, 0x70bd26, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x2, 0x34}}}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x393d}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x9}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x17}]}, 0x38}, 0x1, 0x0, 0x0, 0x4805}, 0x400c091)

[   85.685598][   T45] Bluetooth: hci0: command tx timeout
[   85.791853][ T5335] ------------[ cut here ]------------
[   85.794662][ T5335] WARNING: CPU: 0 PID: 5335 at net/bluetooth/hci_conn.c:569 hci_conn_timeout+0xff/0x290
[   85.798835][ T5335] Modules linked in:
[   85.800672][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   85.804659][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.809025][ T5335] Workqueue: hci0 hci_conn_timeout
[   85.811427][ T5335] RIP: 0010:hci_conn_timeout+0xff/0x290
[   85.814189][ T5335] Code: 48 89 df e8 e3 0c 09 00 eb 07 e8 2c 7a 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 d7 c8 fe ff e8 12 7a 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   85.824860][ T5335] RSP: 0018:ffffc9000d047a50 EFLAGS: 00010293
[   85.828235][ T5335] RAX: ffffffff8a79412e RBX: ffff8880367ac000 RCX: ffff888000a5c880
[   85.832480][ T5335] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   85.836718][ T5335] RBP: 00000000ffffffff R08: ffff8880367ac013 R09: 1ffff11006cf5802
[   85.840789][ T5335] R10: dffffc0000000000 R11: ffffed1006cf5803 R12: dffffc0000000000
[   85.844712][ T5335] R13: ffff88801e5bd118 R14: ffff8880367ac948 R15: ffff8880367ac010
[   85.848285][ T5335] FS:  0000000000000000(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000
[   85.852217][ T5335] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.855204][ T5335] CR2: 00007fcc4cf74980 CR3: 00000000429f3000 CR4: 0000000000352ef0
[   85.858673][ T5335] Call Trace:
[   85.860216][ T5335]  <TASK>
[   85.861573][ T5335]  ? process_scheduled_works+0x9ef/0x17b0
[   85.864018][ T5335]  process_scheduled_works+0xae1/0x17b0
[   85.866382][ T5335]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.869024][ T5335]  worker_thread+0x8a0/0xda0
[   85.871123][ T5335]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   85.874839][ T5335]  ? __kthread_parkme+0x7b/0x200
[   85.877921][ T5335]  kthread+0x70e/0x8a0
[   85.879884][ T5335]  ? __pfx_worker_thread+0x10/0x10
[   85.882805][ T5335]  ? __pfx_kthread+0x10/0x10
[   85.884936][ T5335]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.887437][ T5335]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.889873][ T5335]  ? __pfx_kthread+0x10/0x10
[   85.891890][ T5335]  ret_from_fork+0x3f9/0x770
[   85.894081][ T5335]  ? __pfx_ret_from_fork+0x10/0x10
[   85.896197][ T5335]  ? __pfx_kthread+0x10/0x10
[   85.898256][ T5335]  ret_from_fork_asm+0x1a/0x30
[   85.900428][ T5335]  </TASK>
[   85.901830][ T5335] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.905083][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   85.909107][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.913667][ T5335] Workqueue: hci0 hci_conn_timeout
[   85.915761][ T5335] Call Trace:
[   85.917191][ T5335]  <TASK>
[   85.918578][ T5335]  dump_stack_lvl+0x99/0x250
[   85.920490][ T5335]  ? __asan_memcpy+0x40/0x70
[   85.922284][ T5335]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.924609][ T5335]  ? __pfx__printk+0x10/0x10
[   85.926432][ T5335]  vpanic+0x281/0x750
[   85.928145][ T5335]  ? __pfx__printk+0x10/0x10
[   85.930290][ T5335]  ? __pfx_vpanic+0x10/0x10
[   85.932352][ T5335]  ? is_bpf_text_address+0x292/0x2b0
[   85.934774][ T5335]  panic+0xb9/0xc0
[   85.936453][ T5335]  ? __pfx_panic+0x10/0x10
[   85.938217][ T5335]  __warn+0x31b/0x4b0
[   85.939775][ T5335]  ? hci_conn_timeout+0xff/0x290
[   85.941956][ T5335]  ? hci_conn_timeout+0xff/0x290
[   85.944148][ T5335]  report_bug+0x2be/0x4f0
[   85.946035][ T5335]  ? hci_conn_timeout+0xff/0x290
[   85.948189][ T5335]  ? hci_conn_timeout+0xff/0x290
[   85.950231][ T5335]  ? hci_conn_timeout+0x101/0x290
[   85.952469][ T5335]  handle_bug+0x84/0x160
[   85.954311][ T5335]  exc_invalid_op+0x1a/0x50
[   85.956326][ T5335]  asm_exc_invalid_op+0x1a/0x20
[   85.958502][ T5335] RIP: 0010:hci_conn_timeout+0xff/0x290
[   85.960983][ T5335] Code: 48 89 df e8 e3 0c 09 00 eb 07 e8 2c 7a 46 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 d7 c8 fe ff e8 12 7a 46 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   85.969209][ T5335] RSP: 0018:ffffc9000d047a50 EFLAGS: 00010293
[   85.971794][ T5335] RAX: ffffffff8a79412e RBX: ffff8880367ac000 RCX: ffff888000a5c880
[   85.975082][ T5335] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   85.978538][ T5335] RBP: 00000000ffffffff R08: ffff8880367ac013 R09: 1ffff11006cf5802
[   85.981820][ T5335] R10: dffffc0000000000 R11: ffffed1006cf5803 R12: dffffc0000000000
[   85.985067][ T5335] R13: ffff88801e5bd118 R14: ffff8880367ac948 R15: ffff8880367ac010
[   85.988492][ T5335]  ? hci_conn_timeout+0xfe/0x290
[   85.990706][ T5335]  ? process_scheduled_works+0x9ef/0x17b0
[   85.993288][ T5335]  process_scheduled_works+0xae1/0x17b0
[   85.995744][ T5335]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.998095][ T5335]  worker_thread+0x8a0/0xda0
[   86.000135][ T5335]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.003076][ T5335]  ? __kthread_parkme+0x7b/0x200
[   86.005398][ T5335]  kthread+0x70e/0x8a0
[   86.007240][ T5335]  ? __pfx_worker_thread+0x10/0x10
[   86.009412][ T5335]  ? __pfx_kthread+0x10/0x10
[   86.011555][ T5335]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.013781][ T5335]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.015944][ T5335]  ? __pfx_kthread+0x10/0x10
[   86.017979][ T5335]  ret_from_fork+0x3f9/0x770
[   86.019928][ T5335]  ? __pfx_ret_from_fork+0x10/0x10
[   86.022200][ T5335]  ? __pfx_kthread+0x10/0x10
[   86.024332][ T5335]  ret_from_fork_asm+0x1a/0x30
[   86.026477][ T5335]  </TASK>
[   86.028216][ T5335] Kernel Offset: disabled
[   86.030136][ T5335] Rebooting in 86400 seconds..