program:
r0 = socket(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0}) (async)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r3, &(0x7f0000000100), 0x8) (async)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0418"], 0x1a) (async)
eventfd2(0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$packet(0x11, 0xa, 0x300)
setsockopt$sock_int(r4, 0x1, 0x28, &(0x7f0000000000)=0x1, 0x4) (async)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
r6 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="034470d0460198ec50500f34d4942e38bc1c181bcb773748dd3b3482588469237f5ef7b3872dd467e4c348a1c66b6e9ba04ad6f1cc2428b94e44988d2008922d4946e4c112ce2fc76881a3ad3e00d1c436bee94d1ea5e5c3d719efc957fa8b087c592dac6763a76cc398b1bb2a4cc52e5f685f77836cc753e89a8f6a631dbf63e66898f79af57dd7f1548a01680763a9ac541c4cc91d6b4138044345e5aa721e3e7c8b77b3390ebb2ce3", @ANYRES16=r7, @ANYBLOB="0100000000000000000002000000200001801400040000000000000000000000000000000001060001000a000000"], 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={<r8=>0x0, 0x1a00, 0x10}, &(0x7f0000000180)=0xc)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000380)={r8, 0xffff, 0x8}, 0x8) (async)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000001c0)={'wg0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70b528, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}, {0xd}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x51}, 0x31c6d6e942e24b9a) (async, rerun: 32)
r11 = socket(0x10, 0x3, 0x0) (rerun: 32)
r12 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=@newqdisc={0x68, 0x24, 0x3fe3aa0262d8c583, 0x4, 0x0, {0x0, 0x0, 0x0, r13, {0x0, 0x4}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x38, 0x2, {{0x3, 0x800, 0x3, 0x0, 0x1, 0x7}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x3dc3, 0xfffffff9, 0x81, 0x5, 0x1}}]}]}}}]}, 0x68}, 0x1, 0x0, 0x0, 0x24040084}, 0x0) (async)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r14 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r14, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@getqdisc={0x24, 0x26, 0x705, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0x1}, {0x10, 0x8}, {0x4, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c88b}, 0x0)

[   85.222621][ T5322] Bluetooth: hci0: command tx timeout
[   85.301716][ T4690] ------------[ cut here ]------------
[   85.304197][ T4690] WARNING: CPU: 0 PID: 4690 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290
[   85.308404][ T4690] Modules linked in:
[   85.310129][ T4690] CPU: 0 UID: 0 PID: 4690 Comm: kworker/u5:1 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[   85.314777][ T4690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.319928][ T4690] Workqueue: hci0 hci_conn_timeout
[   85.322506][ T4690] RIP: 0010:hci_conn_timeout+0xff/0x290
[   85.324899][ T4690] Code: 48 89 df e8 13 fc 08 00 eb 07 e8 9c c6 51 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 c7 cb fe ff e8 82 c6 51 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   85.332870][ T4690] RSP: 0018:ffffc9000d057a50 EFLAGS: 00010293
[   85.335351][ T4690] RAX: ffffffff8a6e5f7e RBX: ffff8880370b0000 RCX: ffff88801fa78000
[   85.338938][ T4690] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   85.342352][ T4690] RBP: 00000000ffffffff R08: ffff8880370b0013 R09: 1ffff11006e16002
[   85.345633][ T4690] R10: dffffc0000000000 R11: ffffed1006e16003 R12: dffffc0000000000
[   85.349084][ T4690] R13: ffff888000998e18 R14: ffff8880370b0948 R15: ffff8880370b0010
[   85.352444][ T4690] FS:  0000000000000000(0000) GS:ffff88808d21d000(0000) knlGS:0000000000000000
[   85.356308][ T4690] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.359331][ T4690] CR2: 00007f1659742d58 CR3: 00000000406d4000 CR4: 0000000000352ef0
[   85.362746][ T4690] Call Trace:
[   85.364282][ T4690]  <TASK>
[   85.365555][ T4690]  ? process_scheduled_works+0x9ef/0x17b0
[   85.368079][ T4690]  process_scheduled_works+0xae1/0x17b0
[   85.370387][ T4690]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.373012][ T4690]  worker_thread+0x8a0/0xda0
[   85.374947][ T4690]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   85.377795][ T4690]  ? __kthread_parkme+0x7b/0x200
[   85.379931][ T4690]  kthread+0x70e/0x8a0
[   85.381783][ T4690]  ? __pfx_worker_thread+0x10/0x10
[   85.384118][ T4690]  ? __pfx_kthread+0x10/0x10
[   85.386121][ T4690]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.388659][ T4690]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.390866][ T4690]  ? __pfx_kthread+0x10/0x10
[   85.392719][ T4690]  ret_from_fork+0x3fc/0x770
[   85.394668][ T4690]  ? __pfx_ret_from_fork+0x10/0x10
[   85.396930][ T4690]  ? __pfx_kthread+0x10/0x10
[   85.398924][ T4690]  ret_from_fork_asm+0x1a/0x30
[   85.401010][ T4690]  </TASK>
[   85.402379][ T4690] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.405409][ T4690] CPU: 0 UID: 0 PID: 4690 Comm: kworker/u5:1 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[   85.409795][ T4690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.414271][ T4690] Workqueue: hci0 hci_conn_timeout
[   85.416390][ T4690] Call Trace:
[   85.417828][ T4690]  <TASK>
[   85.419012][ T4690]  dump_stack_lvl+0x99/0x250
[   85.420980][ T4690]  ? __asan_memcpy+0x40/0x70
[   85.422995][ T4690]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.425164][ T4690]  ? __pfx__printk+0x10/0x10
[   85.427166][ T4690]  panic+0x2db/0x790
[   85.428874][ T4690]  ? __pfx_panic+0x10/0x10
[   85.430708][ T4690]  ? ret_from_fork_asm+0x1a/0x30
[   85.432774][ T4690]  __warn+0x31b/0x4b0
[   85.434507][ T4690]  ? hci_conn_timeout+0xff/0x290
[   85.436576][ T4690]  ? hci_conn_timeout+0xff/0x290
[   85.438742][ T4690]  report_bug+0x2be/0x4f0
[   85.440577][ T4690]  ? hci_conn_timeout+0xff/0x290
[   85.442714][ T4690]  ? hci_conn_timeout+0xff/0x290
[   85.444878][ T4690]  ? hci_conn_timeout+0x101/0x290
[   85.447069][ T4690]  handle_bug+0x84/0x160
[   85.448944][ T4690]  exc_invalid_op+0x1a/0x50
[   85.450842][ T4690]  asm_exc_invalid_op+0x1a/0x20
[   85.452922][ T4690] RIP: 0010:hci_conn_timeout+0xff/0x290
[   85.455266][ T4690] Code: 48 89 df e8 13 fc 08 00 eb 07 e8 9c c6 51 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 c7 cb fe ff e8 82 c6 51 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   85.463301][ T4690] RSP: 0018:ffffc9000d057a50 EFLAGS: 00010293
[   85.466018][ T4690] RAX: ffffffff8a6e5f7e RBX: ffff8880370b0000 RCX: ffff88801fa78000
[   85.469419][ T4690] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   85.472802][ T4690] RBP: 00000000ffffffff R08: ffff8880370b0013 R09: 1ffff11006e16002
[   85.476150][ T4690] R10: dffffc0000000000 R11: ffffed1006e16003 R12: dffffc0000000000
[   85.479666][ T4690] R13: ffff888000998e18 R14: ffff8880370b0948 R15: ffff8880370b0010
[   85.483083][ T4690]  ? hci_conn_timeout+0xfe/0x290
[   85.485263][ T4690]  ? process_scheduled_works+0x9ef/0x17b0
[   85.487719][ T4690]  process_scheduled_works+0xae1/0x17b0
[   85.490170][ T4690]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.492702][ T4690]  worker_thread+0x8a0/0xda0
[   85.494659][ T4690]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   85.497287][ T4690]  ? __kthread_parkme+0x7b/0x200
[   85.499461][ T4690]  kthread+0x70e/0x8a0
[   85.501216][ T4690]  ? __pfx_worker_thread+0x10/0x10
[   85.503274][ T4690]  ? __pfx_kthread+0x10/0x10
[   85.505233][ T4690]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.507393][ T4690]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.509749][ T4690]  ? __pfx_kthread+0x10/0x10
[   85.511792][ T4690]  ret_from_fork+0x3fc/0x770
[   85.513742][ T4690]  ? __pfx_ret_from_fork+0x10/0x10
[   85.515876][ T4690]  ? __pfx_kthread+0x10/0x10
[   85.517909][ T4690]  ret_from_fork_asm+0x1a/0x30
[   85.520032][ T4690]  </TASK>
[   85.521666][ T4690] Kernel Offset: disabled
[   85.523492][ T4690] Rebooting in 86400 seconds..