program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, 0x0, 0x0) (async)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20044000}, 0x8042)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) (async)
setsockopt$bt_BT_SECURITY(r3, 0x112, 0x4, &(0x7f00000041c0)={0x4}, 0x2)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0408e200c8001c"], 0x7)
r4 = fsopen(&(0x7f0000000000)='pipefs\x00', 0x0)
fremovexattr(r4, &(0x7f0000000040)=@random={'btrfs.', '-\x00'}) (async)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) (async)
setsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, &(0x7f00000041c0)={0x4}, 0x2)
syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e24}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'xfrm0\x00', &(0x7f0000000500)=@ethtool_drvinfo={0x3, "0ac4678e2bc6bd14453da86f4773a74fc16c2a24bcd9feac4a288c61e56269fd", "a89a785eaae3127276047b6272edda38c19c1a8cc17777347ceb25d1a47b6857", "1dead6034c40c3c1f025d3d90e9b44210fd347d7ec78d10b7a327419b0060d3e", "8e5a59613725b02c7b62a7177b14be23a6a5453b010000000000d000", "4d30c4d921660900000000000000a01501f663b8acfff8408d636a088a0117af", "31fc94b4e7c46f8a3e3b6fbd", 0x9, 0x101, 0x5, 0x40, 0x1fd}}) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000640)={0x20, r8, 0x1, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x2, 0x3}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x44000) (async)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_BSS(r9, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES16=r8, @ANYBLOB="10002bbd7000fddbdf251900000005001c000100000006006d0000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4004}, 0x4000010) (async)
sendmsg$NL80211_CMD_SET_BSS(r6, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r8, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x1a}}}}, [@NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x9}]}, 0x30}, 0x1, 0x0, 0x0, 0x48890}, 0x4000800)

[   84.817181][ T5308] Bluetooth: hci0: command tx timeout
[   84.848321][ T5308] Bluetooth: hci0: Invalid security: Missing AES-CCM usage
[   86.682206][   T10] cfg80211: failed to load regulatory.db
[   86.902649][ T5308] Bluetooth: hci0: command tx timeout
[   86.906231][ T5308] ------------[ cut here ]------------
[   86.908939][ T5308] WARNING: CPU: 0 PID: 5308 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0xff/0x290
[   86.913295][ T5308] Modules linked in:
[   86.915043][ T5308] CPU: 0 UID: 0 PID: 5308 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   86.919119][ T5308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.923725][ T5308] Workqueue: hci0 hci_conn_timeout
[   86.926481][ T5308] RIP: 0010:hci_conn_timeout+0xff/0x290
[   86.929166][ T5308] Code: 48 89 df e8 53 1d 09 00 eb 07 e8 ac ef 72 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 e7 c4 fe ff e8 92 ef 72 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   86.937479][ T5308] RSP: 0018:ffffc9000d1bfa30 EFLAGS: 00010293
[   86.940262][ T5308] RAX: ffffffff8a4d63fe RBX: ffff8880371b8000 RCX: ffff8880007fc900
[   86.943764][ T5308] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   86.947366][ T5308] RBP: 00000000ffffffff R08: ffff8880371b8013 R09: 1ffff11006e37002
[   86.950729][ T5308] R10: dffffc0000000000 R11: ffffed1006e37003 R12: dffffc0000000000
[   86.954800][ T5308] R13: ffff8880115ea018 R14: ffff8880371b8948 R15: ffff8880371b8010
[   86.959214][ T5308] FS:  0000000000000000(0000) GS:ffff88808d2fb000(0000) knlGS:0000000000000000
[   86.963641][ T5308] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.966499][ T5308] CR2: 0000561a19351150 CR3: 00000000423cc000 CR4: 0000000000352ef0
[   86.970787][ T5308] Call Trace:
[   86.972556][ T5308]  <TASK>
[   86.974068][ T5308]  ? process_scheduled_works+0x9ef/0x17b0
[   86.976630][ T5308]  process_scheduled_works+0xae1/0x17b0
[   86.979401][ T5308]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.981977][ T5308]  worker_thread+0x8a0/0xda0
[   86.983932][ T5308]  ? __kthread_parkme+0x7b/0x200
[   86.986148][ T5308]  kthread+0x711/0x8a0
[   86.988048][ T5308]  ? __pfx_worker_thread+0x10/0x10
[   86.990381][ T5308]  ? __pfx_kthread+0x10/0x10
[   86.992320][ T5308]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.994629][ T5308]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.996936][ T5308]  ? __pfx_kthread+0x10/0x10
[   86.998930][ T5308]  ret_from_fork+0x4bc/0x870
[   87.000949][ T5308]  ? __pfx_ret_from_fork+0x10/0x10
[   87.003193][ T5308]  ? __pfx_kthread+0x10/0x10
[   87.005071][ T5308]  ret_from_fork_asm+0x1a/0x30
[   87.007227][ T5308]  </TASK>
[   87.008485][ T5308] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.011445][ T5308] CPU: 0 UID: 0 PID: 5308 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   87.015243][ T5308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.019658][ T5308] Workqueue: hci0 hci_conn_timeout
[   87.021909][ T5308] Call Trace:
[   87.023374][ T5308]  <TASK>
[   87.024705][ T5308]  dump_stack_lvl+0x99/0x250
[   87.026708][ T5308]  ? __asan_memcpy+0x40/0x70
[   87.028707][ T5308]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.030882][ T5308]  ? __pfx__printk+0x10/0x10
[   87.032857][ T5308]  vpanic+0x237/0x6d0
[   87.034623][ T5308]  ? __pfx_vpanic+0x10/0x10
[   87.036618][ T5308]  panic+0xb9/0xc0
[   87.038344][ T5308]  ? __pfx_panic+0x10/0x10
[   87.040389][ T5308]  __warn+0x31b/0x4b0
[   87.042125][ T5308]  ? hci_conn_timeout+0xff/0x290
[   87.044234][ T5308]  ? hci_conn_timeout+0xff/0x290
[   87.046463][ T5308]  report_bug+0x2be/0x4f0
[   87.048414][ T5308]  ? hci_conn_timeout+0xff/0x290
[   87.050630][ T5308]  ? hci_conn_timeout+0xff/0x290
[   87.052779][ T5308]  ? hci_conn_timeout+0x101/0x290
[   87.054950][ T5308]  handle_bug+0x84/0x160
[   87.056735][ T5308]  exc_invalid_op+0x1a/0x50
[   87.058695][ T5308]  asm_exc_invalid_op+0x1a/0x20
[   87.060742][ T5308] RIP: 0010:hci_conn_timeout+0xff/0x290
[   87.063107][ T5308] Code: 48 89 df e8 53 1d 09 00 eb 07 e8 ac ef 72 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 e7 c4 fe ff e8 92 ef 72 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   87.070981][ T5308] RSP: 0018:ffffc9000d1bfa30 EFLAGS: 00010293
[   87.073472][ T5308] RAX: ffffffff8a4d63fe RBX: ffff8880371b8000 RCX: ffff8880007fc900
[   87.076904][ T5308] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   87.080665][ T5308] RBP: 00000000ffffffff R08: ffff8880371b8013 R09: 1ffff11006e37002
[   87.084383][ T5308] R10: dffffc0000000000 R11: ffffed1006e37003 R12: dffffc0000000000
[   87.087562][ T5308] R13: ffff8880115ea018 R14: ffff8880371b8948 R15: ffff8880371b8010
[   87.090907][ T5308]  ? hci_conn_timeout+0xfe/0x290
[   87.093054][ T5308]  ? process_scheduled_works+0x9ef/0x17b0
[   87.095567][ T5308]  process_scheduled_works+0xae1/0x17b0
[   87.098031][ T5308]  ? __pfx_process_scheduled_works+0x10/0x10
[   87.100525][ T5308]  worker_thread+0x8a0/0xda0
[   87.102379][ T5308]  ? __kthread_parkme+0x7b/0x200
[   87.104507][ T5308]  kthread+0x711/0x8a0
[   87.106140][ T5308]  ? __pfx_worker_thread+0x10/0x10
[   87.108350][ T5308]  ? __pfx_kthread+0x10/0x10
[   87.110414][ T5308]  ? _raw_spin_unlock_irq+0x23/0x50
[   87.112668][ T5308]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.114944][ T5308]  ? __pfx_kthread+0x10/0x10
[   87.116905][ T5308]  ret_from_fork+0x4bc/0x870
[   87.118947][ T5308]  ? __pfx_ret_from_fork+0x10/0x10
[   87.121145][ T5308]  ? __pfx_kthread+0x10/0x10
[   87.123214][ T5308]  ret_from_fork_asm+0x1a/0x30
[   87.125335][ T5308]  </TASK>
[   87.127059][ T5308] Kernel Offset: disabled
[   87.128875][ T5308] Rebooting in 86400 seconds..