program:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0}) (async, rerun: 32)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4) (async)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r6=>0x0}) (async, rerun: 64)
io_uring_setup(0x667, &(0x7f0000000000)={0x0, 0xa14a, 0x1000, 0x2, 0x235}) (rerun: 64)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) (async)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e079c0814"], 0xa)
socket$inet6(0xa, 0x80002, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r7, 0x0) (async)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 32)
r8 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) (async, rerun: 32)
syslog(0x2, &(0x7f00000004c0)=""/164, 0xa4) (async)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000000004026093333400000000001090224"], 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) (async)
sendmmsg(0xffffffffffffffff, &(0x7f0000000100)=[{{0x0, 0x2d, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x51, 0x0)
io_uring_enter(r8, 0x2219, 0x7721, 0x16, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r6, @ANYBLOB="0803057d08000000"], 0x24}}, 0x44) (async)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c000000fa4cf749050001c0432a7b8737e251c88b99fca4a3707559b9d0c8f37d7b1f7e28ad97b6851106b8fd22e5ff855779d73dc63345453bd5710438f86c2c33124340426000", @ANYRES16=r1, @ANYBLOB="100027bd7000fedbdf252700000008000300", @ANYRES32=r3, @ANYBLOB="0c009900090000006c00000006003600060000000a0006000802110000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x20004841}, 0x80) (async)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$OCFS2_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40046f01, &(0x7f0000000100)=0x8) (async)
bind$inet(r9, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000340)='illinois', 0x8)
connect$inet(r9, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) (async)
socket$inet6(0x10, 0x2, 0x4)

[  102.884870][ T4669] Bluetooth: hci0: command tx timeout
[  105.293348][ T4669] Bluetooth: hci0: command 0x0419 tx timeout
[  105.297300][ T4669] ------------[ cut here ]------------
[  105.300069][ T4669] refcnt < 0
[  105.300091][ T4669] WARNING: net/bluetooth/hci_conn.c:567 at hci_conn_timeout+0xff/0x2c0, CPU#0: kworker/u5:1/4669
[  105.307367][ T4669] Modules linked in:
[  105.309783][ T4669] CPU: 0 UID: 0 PID: 4669 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[  105.314322][ T4669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  105.318633][ T4669] Workqueue: hci0 hci_conn_timeout
[  105.320944][ T4669] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[  105.323440][ T4669] Code: 48 89 df e8 c3 98 09 00 eb 07 e8 9c e2 21 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 97 a8 fe ff e8 82 e2 21 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[  105.335150][ T4669] RSP: 0018:ffffc9000e0f7ab0 EFLAGS: 00010293
[  105.338384][ T4669] RAX: ffffffff8aa3cf4e RBX: ffff88803ff6c000 RCX: ffff88801fac0000
[  105.344181][ T4669] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[  105.348444][ T4669] RBP: 00000000ffffffff R08: ffff88803ff6c013 R09: 1ffff11007fed802
[  105.352137][ T4669] R10: dffffc0000000000 R11: ffffed1007fed803 R12: dffffc0000000000
[  105.355830][ T4669] R13: ffff88801f08a018 R14: ffff88803ff6ca40 R15: ffff88803ff6c010
[  105.360002][ T4669] FS:  0000000000000000(0000) GS:ffff88808ca51000(0000) knlGS:0000000000000000
[  105.364357][ T4669] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  105.367567][ T4669] CR2: 00007feec54c10c0 CR3: 0000000040098000 CR4: 0000000000352ef0
[  105.373299][ T4669] Call Trace:
[  105.375102][ T4669]  <TASK>
[  105.376432][ T4669]  ? process_scheduled_works+0xa8d/0x18c0
[  105.379194][ T4669]  process_scheduled_works+0xb6e/0x18c0
[  105.381914][ T4669]  ? __pfx_process_scheduled_works+0x10/0x10
[  105.384770][ T4669]  ? assign_work+0x3d5/0x5e0
[  105.387157][ T4669]  worker_thread+0xa53/0xfc0
[  105.389419][ T4669]  kthread+0x388/0x470
[  105.391604][ T4669]  ? __pfx_worker_thread+0x10/0x10
[  105.393860][ T4669]  ? __pfx_kthread+0x10/0x10
[  105.395775][ T4669]  ret_from_fork+0x51e/0xb90
[  105.397784][ T4669]  ? __pfx_ret_from_fork+0x10/0x10
[  105.400583][ T4669]  ? __switch_to+0xc7d/0x1450
[  105.403271][ T4669]  ? __pfx_kthread+0x10/0x10
[  105.405489][ T4669]  ret_from_fork_asm+0x1a/0x30
[  105.407990][ T4669]  </TASK>
[  105.409567][ T4669] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  105.413008][ T4669] CPU: 0 UID: 0 PID: 4669 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[  105.417708][ T4669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  105.422155][ T4669] Workqueue: hci0 hci_conn_timeout
[  105.424675][ T4669] Call Trace:
[  105.426407][ T4669]  <TASK>
[  105.427946][ T4669]  vpanic+0x56c/0xa60
[  105.430170][ T4669]  ? __pfx__printk+0x10/0x10
[  105.432254][ T4669]  ? __pfx_vpanic+0x10/0x10
[  105.434377][ T4669]  ? is_bpf_text_address+0x292/0x2b0
[  105.436744][ T4669]  ? is_bpf_text_address+0x26/0x2b0
[  105.439284][ T4669]  panic+0xc5/0xd0
[  105.441063][ T4669]  ? __pfx_panic+0x10/0x10
[  105.443414][ T4669]  ? ret_from_fork_asm+0x1a/0x30
[  105.445686][ T4669]  __warn+0x315/0x4f0
[  105.447497][ T4669]  ? hci_conn_timeout+0xff/0x2c0
[  105.449936][ T4669]  ? hci_conn_timeout+0xff/0x2c0
[  105.452603][ T4669]  __report_bug+0x29a/0x540
[  105.454681][ T4669]  ? __pfx_stack_trace_save+0x10/0x10
[  105.457174][ T4669]  ? hci_conn_timeout+0xff/0x2c0
[  105.459778][ T4669]  ? __pfx___report_bug+0x10/0x10
[  105.462361][ T4669]  ? add_lock_to_list+0xc7/0x100
[  105.464899][ T4669]  ? lockdep_unlock+0x5d/0xd0
[  105.467245][ T4669]  ? __lock_acquire+0x146e/0x2cf0
[  105.469587][ T4669]  ? hci_conn_timeout+0xff/0x2c0
[  105.471870][ T4669]  report_bug+0x16a/0x220
[  105.474231][ T4669]  ? hci_conn_timeout+0xff/0x2c0
[  105.476908][ T4669]  ? hci_conn_timeout+0x101/0x2c0
[  105.479740][ T4669]  handle_bug+0x9c/0x200
[  105.481900][ T4669]  exc_invalid_op+0x1a/0x50
[  105.484151][ T4669]  asm_exc_invalid_op+0x1a/0x20
[  105.486476][ T4669] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[  105.489909][ T4669] Code: 48 89 df e8 c3 98 09 00 eb 07 e8 9c e2 21 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 97 a8 fe ff e8 82 e2 21 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[  105.499261][ T4669] RSP: 0018:ffffc9000e0f7ab0 EFLAGS: 00010293
[  105.502459][ T4669] RAX: ffffffff8aa3cf4e RBX: ffff88803ff6c000 RCX: ffff88801fac0000
[  105.506241][ T4669] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[  105.509953][ T4669] RBP: 00000000ffffffff R08: ffff88803ff6c013 R09: 1ffff11007fed802
[  105.513684][ T4669] R10: dffffc0000000000 R11: ffffed1007fed803 R12: dffffc0000000000
[  105.517530][ T4669] R13: ffff88801f08a018 R14: ffff88803ff6ca40 R15: ffff88803ff6c010
[  105.521793][ T4669]  ? hci_conn_timeout+0xfe/0x2c0
[  105.524207][ T4669]  ? process_scheduled_works+0xa8d/0x18c0
[  105.526821][ T4669]  process_scheduled_works+0xb6e/0x18c0
[  105.529442][ T4669]  ? __pfx_process_scheduled_works+0x10/0x10
[  105.532364][ T4669]  ? assign_work+0x3d5/0x5e0
[  105.534602][ T4669]  worker_thread+0xa53/0xfc0
[  105.536876][ T4669]  kthread+0x388/0x470
[  105.538847][ T4669]  ? __pfx_worker_thread+0x10/0x10
[  105.541296][ T4669]  ? __pfx_kthread+0x10/0x10
[  105.543444][ T4669]  ret_from_fork+0x51e/0xb90
[  105.545403][ T4669]  ? __pfx_ret_from_fork+0x10/0x10
[  105.547641][ T4669]  ? __switch_to+0xc7d/0x1450
[  105.549853][ T4669]  ? __pfx_kthread+0x10/0x10
[  105.552477][ T4669]  ret_from_fork_asm+0x1a/0x30
[  105.554961][ T4669]  </TASK>
[  105.556742][ T4669] Kernel Offset: disabled
[  105.558702][ T4669] Rebooting in 86400 seconds..