program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
syz_emit_ethernet(0xa5, &(0x7f00000001c0)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}, @void, {@llc_tr={0x11, {@snap={0xaa, 0x0, "6589", "09e920", 0x3, "36a618184b6daa4c240ef6a6b9c88587f63a324144717548d02f5da0a8fa10606c60b379633fd848bee11ab577dbef4cc4c17cbe6da8a77fa881b692772fe6445b154806ce630d15f3fcd883180b5343de740f15ce3cfd99433460816fa2825d7482718496ee303bff10c8e206194822cfbdecc49ea6970413e89c085448a2ce3769e5fbe08b05d3b1e35f1500aa"}}}}}, &(0x7f0000000340)={0x1, 0x3, [0xc2e, 0x7ee, 0xa1, 0x89d]})
r2 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_disconnect(r2)
syz_open_dev$usbfs(&(0x7f0000000180), 0x10000001d, 0x8041)
sendmsg$TIPC_CMD_SHOW_STATS(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x8, 0x70bd2a, 0x25dfdbfe, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44040}, 0x2400c045) (async)
sendmsg$TIPC_CMD_SHOW_STATS(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x8, 0x70bd2a, 0x25dfdbfe, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44040}, 0x2400c045)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) (async)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x1) (async)
ioctl$TCFLSH(r4, 0x400455c8, 0x1)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000680)=0x81)
r5 = syz_open_dev$dri(&(0x7f00000002c0), 0x7ff, 0x1c002)
ioctl$DRM_IOCTL_ADD_CTX(r5, 0xc0086420, &(0x7f0000000300)) (async)
ioctl$DRM_IOCTL_ADD_CTX(r5, 0xc0086420, &(0x7f0000000300))

[   85.700694][   T45] Bluetooth: hci0: command tx timeout
[   86.015829][ T1365] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   86.171660][ T1365] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   86.175418][ T1365] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.179008][ T1365] usb 5-1: Product: syz
[   86.180768][ T1365] usb 5-1: Manufacturer: syz
[   86.182643][ T1365] usb 5-1: SerialNumber: syz
[   86.199147][ T1365] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   86.244395][   T54] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   86.516613][ T1365] usb 5-1: USB disconnect, device number 2
[   86.705942][   T10] cfg80211: failed to load regulatory.db
[   86.716354][ T5369] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000021: 0000 [#1] SMP KASAN NOPTI
[   86.721474][ T5369] KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]
[   86.725001][ T5369] CPU: 0 UID: 0 PID: 5369 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.728905][ T5369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.733598][ T5369] RIP: 0010:bcsp_recv+0x13d/0x1740
[   86.735965][ T5369] Code: 89 4c 24 40 48 89 54 24 28 48 c1 ea 03 48 89 54 24 68 48 89 5c 24 20 48 c1 eb 03 48 89 5c 24 60 4c 89 7c 24 38 48 8b 44 24 58 <42> 80 3c 30 00 74 08 4c 89 ff e8 54 c6 b8 f9 49 8b 1f 31 ff 48 89
[   86.744282][ T5369] RSP: 0018:ffffc9000d2c7c00 EFLAGS: 00010206
[   86.746893][ T5369] RAX: 0000000000000021 RBX: 0000000000000030 RCX: 000000000000002f
[   86.750318][ T5369] RDX: 000000000000002f RSI: 0000000000000001 RDI: 0000000000000000
[   86.753548][ T5369] RBP: ffffc9000d2c7d60 R08: ffff88803ff2341f R09: 1ffff11007fe4683
[   86.756670][ T5369] R10: dffffc0000000000 R11: ffffffff886be650 R12: 0000000000000001
[   86.759562][ T5369] R13: ffffc9000d2c7e00 R14: dffffc0000000000 R15: 0000000000000108
[   86.762930][ T5369] FS:  00007f723709c6c0(0000) GS:ffff88808d20c000(0000) knlGS:0000000000000000
[   86.766607][ T5369] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.769463][ T5369] CR2: 00007f723709bfc8 CR3: 00000000436c5000 CR4: 0000000000352ef0
[   86.772874][ T5369] Call Trace:
[   86.774333][ T5369]  <TASK>
[   86.775641][ T5369]  ? __pfx_bcsp_recv+0x10/0x10
[   86.777730][ T5369]  ? rcu_read_lock_any_held+0xb3/0x120
[   86.780154][ T5369]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   86.782681][ T5369]  ? tty_audit_push+0x7c/0x250
[   86.784868][ T5369]  hci_uart_tty_receive+0x194/0x220
[   86.787204][ T5369]  ? __pfx_hci_uart_tty_receive+0x10/0x10
[   86.789719][ T5369]  tiocsti+0x239/0x2c0
[   86.791539][ T5369]  ? __pfx_tiocsti+0x10/0x10
[   86.793543][ T5369]  ? __fget_files+0x2a/0x420
[   86.795527][ T5369]  ? __fget_files+0x3a0/0x420
[   86.797443][ T5369]  ? __fget_files+0x2a/0x420
[   86.799458][ T5369]  tty_ioctl+0x626/0xde0
[   86.801375][ T5369]  ? __pfx_tty_ioctl+0x10/0x10
[   86.803895][ T5369]  __se_sys_ioctl+0xfc/0x170
[   86.806032][ T5369]  do_syscall_64+0xfa/0x3b0
[   86.808128][ T5369]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.810406][ T5369]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.813117][ T5369]  ? clear_bhb_loop+0x60/0xb0
[   86.815134][ T5369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.817614][ T5369] RIP: 0033:0x7f723618ebe9
[   86.819583][ T5369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.828020][ T5369] RSP: 002b:00007f723709c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.831805][ T5369] RAX: ffffffffffffffda RBX: 00007f72363c6180 RCX: 00007f723618ebe9
[   86.835418][ T5369] RDX: 0000200000000680 RSI: 0000000000005412 RDI: 0000000000000006
[   86.838639][ T5369] RBP: 00007f7236211e19 R08: 0000000000000000 R09: 0000000000000000
[   86.841876][ T5369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.845239][ T5369] R13: 00007f72363c6218 R14: 00007f72363c6180 R15: 00007ffc926159d8
[   86.848571][ T5369]  </TASK>
[   86.849918][ T5369] Modules linked in:
[   86.852683][ T5369] ---[ end trace 0000000000000000 ]---
[   86.873028][ T5369] RIP: 0010:bcsp_recv+0x13d/0x1740
[   86.875128][ T5369] Code: 89 4c 24 40 48 89 54 24 28 48 c1 ea 03 48 89 54 24 68 48 89 5c 24 20 48 c1 eb 03 48 89 5c 24 60 4c 89 7c 24 38 48 8b 44 24 58 <42> 80 3c 30 00 74 08 4c 89 ff e8 54 c6 b8 f9 49 8b 1f 31 ff 48 89
[   86.883512][ T5369] RSP: 0018:ffffc9000d2c7c00 EFLAGS: 00010206
[   86.887079][ T5369] RAX: 0000000000000021 RBX: 0000000000000030 RCX: 000000000000002f
[   86.890701][ T5369] RDX: 000000000000002f RSI: 0000000000000001 RDI: 0000000000000000
[   86.894402][ T5369] RBP: ffffc9000d2c7d60 R08: ffff88803ff2341f R09: 1ffff11007fe4683
[   86.898570][ T5369] R10: dffffc0000000000 R11: ffffffff886be650 R12: 0000000000000001
[   86.902460][ T5369] R13: ffffc9000d2c7e00 R14: dffffc0000000000 R15: 0000000000000108
[   86.906154][ T5369] FS:  00007f723709c6c0(0000) GS:ffff88808d20c000(0000) knlGS:0000000000000000
[   86.909609][ T5369] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.912449][ T5369] CR2: 00007ffc92614e40 CR3: 00000000436c5000 CR4: 0000000000352ef0
[   86.916680][ T5369] Kernel panic - not syncing: Fatal exception
[   86.919657][ T5369] Kernel Offset: disabled
[   86.921552][ T5369] Rebooting in 86400 seconds..