program:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000cc0)='ext4_request_inode\x00', r2, 0x0, 0xf}, 0x18)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[], 0x18}}, 0x5)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000280)={'wlan0\x00'})
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000700)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYRES16=r4, @ANYRES32, @ANYBLOB="61e49800050000005500000004001601927bd3384d8c3df4e62766aa7d4309ad9dbc83235b1e47201d725c3541ff56f40395e23b0ee53d9461dd3f8fe8202e58d3f0b92e652b49a87dddc1ac5dfcde65490b147581ecb88e5a9ed76b993e75baa77755dfaa82b0064ff58b081b098b18de53013f295f16f5458e9cc5773979b11a"], 0x2c}, 0x1, 0x0, 0x0, 0x4044010}, 0x24000041)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c241000086dd600a843500140600fe800000000000000000000000000000fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='ns\x00')
pause()
r6 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
unshare(0x66000080)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0406"], 0x7)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc010203010902"], 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REG(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0)
getdents(r5, &(0x7f0000000200)=""/30, 0x1e)
getdents(r5, &(0x7f0000000180)=""/63, 0x3f)
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r1)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000005c0)={&(0x7f0000000000), 0xc, &(0x7f0000000580)={&(0x7f00000003c0)={0x178, r9, 0x800, 0x70ad26, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x58, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x5}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast2}}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x64, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gre0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010101}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x10, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_DEST={0x38, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfffffffc}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@rand_addr=' \x01\x00'}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xe}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x80000001}]}, 0x178}, 0x1, 0x0, 0x0, 0x20008000}, 0x40000)

[   86.368329][ T5286] Bluetooth: hci0: command tx timeout
[   86.599871][ T4654] Bluetooth: hci0: unexpected event 0x06 length: 4 > 3
[   86.848814][ T5303] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   87.012623][ T5303] usb 5-1: config 0 has no interfaces?
[   87.018274][ T5303] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[   87.022913][ T5303] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.026454][ T5303] usb 5-1: Product: syz
[   87.028210][ T5303] usb 5-1: Manufacturer: syz
[   87.032757][ T5303] usb 5-1: SerialNumber: syz
[   87.045115][ T5303] usb 5-1: config 0 descriptor??
[   88.388832][ T4654] Bluetooth: hci0: command tx timeout
[   88.631647][ T5286] ------------[ cut here ]------------
[   88.634256][ T5286] refcnt < 0
[   88.634268][ T5286] WARNING: net/bluetooth/hci_conn.c:567 at hci_conn_timeout+0xff/0x2c0, CPU#0: kworker/u5:2/5286
[   88.640545][ T5286] Modules linked in:
[   88.643028][ T5286] CPU: 0 UID: 0 PID: 5286 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   88.647671][ T5286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   88.652033][ T5286] Workqueue: hci0 hci_conn_timeout
[   88.654303][ T5286] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[   88.656888][ T5286] Code: 48 89 df e8 f3 b0 09 00 eb 07 e8 3c f8 26 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 77 a8 fe ff e8 22 f8 26 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   88.665690][ T5286] RSP: 0018:ffffc9000da07ab0 EFLAGS: 00010293
[   88.668573][ T5286] RAX: ffffffff8a9ebb8e RBX: ffff888034a14000 RCX: ffff888000282500
[   88.672168][ T5286] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   88.675712][ T5286] RBP: 00000000ffffffff R08: ffff888034a14013 R09: 1ffff11006942802
[   88.680659][ T5286] R10: dffffc0000000000 R11: ffffed1006942803 R12: dffffc0000000000
[   88.684296][ T5286] R13: ffff888034a14a40 R14: ffff888034a14a40 R15: ffff888034a14010
[   88.687793][ T5286] FS:  0000000000000000(0000) GS:ffff88808c88b000(0000) knlGS:0000000000000000
[   88.691720][ T5286] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.694695][ T5286] CR2: 0000559bd7419168 CR3: 0000000044b98000 CR4: 0000000000352ef0
[   88.699976][ T5286] Call Trace:
[   88.702002][ T5286]  <TASK>
[   88.703536][ T5286]  ? process_scheduled_works+0xa70/0x1860
[   88.706086][ T5286]  process_scheduled_works+0xb5d/0x1860
[   88.708536][ T5286]  ? __pfx_process_scheduled_works+0x10/0x10
[   88.711253][ T5286]  ? assign_work+0x3d5/0x5e0
[   88.713450][ T5286]  worker_thread+0xa53/0xfc0
[   88.715598][ T5286]  kthread+0x388/0x470
[   88.717399][ T5286]  ? __pfx_worker_thread+0x10/0x10
[   88.719635][ T5286]  ? __pfx_kthread+0x10/0x10
[   88.721731][ T5286]  ret_from_fork+0x514/0xb70
[   88.723808][ T5286]  ? __pfx_ret_from_fork+0x10/0x10
[   88.726140][ T5286]  ? __switch_to+0xc79/0x1410
[   88.728196][ T5286]  ? __pfx_kthread+0x10/0x10
[   88.730323][ T5286]  ret_from_fork_asm+0x1a/0x30
[   88.732517][ T5286]  </TASK>
[   88.733904][ T5286] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   88.737085][ T5286] CPU: 0 UID: 0 PID: 5286 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   88.741265][ T5286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   88.745649][ T5286] Workqueue: hci0 hci_conn_timeout
[   88.747841][ T5286] Call Trace:
[   88.749344][ T5286]  <TASK>
[   88.750726][ T5286]  vpanic+0x56c/0xa60
[   88.752604][ T5286]  ? __pfx__printk+0x10/0x10
[   88.754639][ T5286]  ? __pfx_vpanic+0x10/0x10
[   88.756679][ T5286]  ? is_bpf_text_address+0x292/0x2b0
[   88.759226][ T5286]  ? is_bpf_text_address+0x26/0x2b0
[   88.761650][ T5286]  panic+0xc5/0xd0
[   88.763546][ T5286]  ? __pfx_panic+0x10/0x10
[   88.765636][ T5286]  ? ret_from_fork_asm+0x1a/0x30
[   88.767736][ T5286]  __warn+0x315/0x4c0
[   88.769483][ T5286]  ? hci_conn_timeout+0xff/0x2c0
[   88.771651][ T5286]  ? hci_conn_timeout+0xff/0x2c0
[   88.773824][ T5286]  __report_bug+0x29a/0x540
[   88.775834][ T5286]  ? hci_conn_timeout+0xff/0x2c0
[   88.777964][ T5286]  ? __pfx___report_bug+0x10/0x10
[   88.780145][ T5286]  ? add_lock_to_list+0xc7/0x100
[   88.782463][ T5286]  ? lockdep_unlock+0x5d/0xd0
[   88.784637][ T5286]  ? __lock_acquire+0x146e/0x2cf0
[   88.786997][ T5286]  ? hci_conn_timeout+0xff/0x2c0
[   88.789213][ T5286]  report_bug+0x16a/0x220
[   88.791163][ T5286]  ? hci_conn_timeout+0xff/0x2c0
[   88.793465][ T5286]  ? hci_conn_timeout+0x101/0x2c0
[   88.795773][ T5286]  handle_bug+0x9c/0x200
[   88.797719][ T5286]  exc_invalid_op+0x1a/0x50
[   88.799847][ T5286]  asm_exc_invalid_op+0x1a/0x20
[   88.802103][ T5286] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[   88.804691][ T5286] Code: 48 89 df e8 f3 b0 09 00 eb 07 e8 3c f8 26 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 77 a8 fe ff e8 22 f8 26 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   88.813379][ T5286] RSP: 0018:ffffc9000da07ab0 EFLAGS: 00010293
[   88.816289][ T5286] RAX: ffffffff8a9ebb8e RBX: ffff888034a14000 RCX: ffff888000282500
[   88.819925][ T5286] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   88.823576][ T5286] RBP: 00000000ffffffff R08: ffff888034a14013 R09: 1ffff11006942802
[   88.827297][ T5286] R10: dffffc0000000000 R11: ffffed1006942803 R12: dffffc0000000000
[   88.830767][ T5286] R13: ffff888034a14a40 R14: ffff888034a14a40 R15: ffff888034a14010
[   88.834404][ T5286]  ? hci_conn_timeout+0xfe/0x2c0
[   88.836650][ T5286]  ? process_scheduled_works+0xa70/0x1860
[   88.839304][ T5286]  process_scheduled_works+0xb5d/0x1860
[   88.841798][ T5286]  ? __pfx_process_scheduled_works+0x10/0x10
[   88.844525][ T5286]  ? assign_work+0x3d5/0x5e0
[   88.846425][ T5286]  worker_thread+0xa53/0xfc0
[   88.848367][ T5286]  kthread+0x388/0x470
[   88.850074][ T5286]  ? __pfx_worker_thread+0x10/0x10
[   88.852203][ T5286]  ? __pfx_kthread+0x10/0x10
[   88.854166][ T5286]  ret_from_fork+0x514/0xb70
[   88.856248][ T5286]  ? __pfx_ret_from_fork+0x10/0x10
[   88.858483][ T5286]  ? __switch_to+0xc79/0x1410
[   88.860653][ T5286]  ? __pfx_kthread+0x10/0x10
[   88.862867][ T5286]  ret_from_fork_asm+0x1a/0x30
[   88.865005][ T5286]  </TASK>
[   88.866743][ T5286] Kernel Offset: disabled
[   88.868752][ T5286] Rebooting in 86400 seconds..