333700"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000003b6f4d0472b34eacba0268aaada5ab8e010000000c00000000000000ddf4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="0100000000000500110000000000000000000000040000003c00000000000000", 0x20, 0x560}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce000f0003000400"/32, 0x20, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x480, 0xc00}, {&(0x7f0000010a00)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x1400}, {&(0x7f0000010b00)="00000000000400"/32, 0x20, 0x1800}, {&(0x7f0000010c00)="00000000000400"/32, 0x20, 0x1c00}, {&(0x7f0000010d00)="00000000000400"/32, 0x20, 0x2000}, {&(0x7f0000010e00)="00000000000400"/32, 0x20, 0x2400}, {&(0x7f0000010f00)="00000000000400"/32, 0x20, 0x2800}, {&(0x7f0000011000)="00000000000400"/32, 0x20, 0x2c00}, {&(0x7f0000011100)="00000000000400"/32, 0x20, 0x3000}, {&(0x7f0000011200)="00000000000400"/32, 0x20, 0x3400}, {&(0x7f0000011300)="00000000000400"/32, 0x20, 0x3800}, {&(0x7f0000011400)="00000000000400"/32, 0x20, 0x3c00}, {&(0x7f0000011500)="00000000000400"/32, 0x20, 0x4000}, {&(0x7f0000011600)="504d4d00504d4dffddf4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7033300075782f746573742f73797a5f6d6f756e745f696d6167655f650500"/128, 0x80, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x4800}, {&(0x7f0000011800)="ffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300"/1056, 0x420, 0x4c00}, {&(0x7f0000011d00)="0400"/32, 0x20, 0x5400}, {&(0x7f0000011e00)="0500"/32, 0x20, 0x5800}, {&(0x7f0000011f00)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x5c00}, {&(0x7f0000012000)="0200"/32, 0x20, 0x6000}, {&(0x7f0000012100)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x6400}, {&(0x7f0000012200)="0300"/32, 0x20, 0x6800}, {&(0x7f0000012300)="0400"/32, 0x20, 0x6c00}, {&(0x7f0000012400)="0500"/32, 0x20, 0x7000}, {&(0x7f0000012500)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x7400}, {&(0x7f0000012600)="0200"/32, 0x20, 0x7800}, {&(0x7f0000012700)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x7c00}, {&(0x7f0000012800)="000002ea0100000001000000270f240c000000000000000000000000000000000601f8030000000006000000779b539778617474723100000601f00300000000060000007498539778617474723200"/96, 0x60, 0x8000}, {&(0x7f0000012900)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xattr2\x00\x00xattr1\x00\x00', 0x20, 0x83e0}, {&(0x7f0000012a00)="0000000000000000ddf4655fddf4655fddf4655f00"/32, 0x20, 0x8c00}, {&(0x7f0000012b00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004000200000000000800050000000af301000400000000000000000000000100000004000000", 0x40, 0x8c80}, {&(0x7f0000012c00)="8081000000180000ddf4655fddf4655fddf4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014000000000000000000000000000000000000000000000000000000000000000000000000000000000000008081000000180000ddf4655fddf4655fddf4655f00000000000001000c00000010000800000000000af30300040000000000000000000000010000001900000001000000010000001e00000002000000040000001a00"/224, 0xe0, 0x8d00}, {&(0x7f0000012d00)="c041000000300000ddf4655fddf4655fddf4655f00000000000002001800000000000800000000000af301000400000000000000000000000c00000005000000", 0x40, 0x9100}, {&(0x7f0000012e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000002000200000000000800030000000af30100040000000000000000000000010000001f000000000000000000000000000000000000000000000000000000000000000000000000000000e56bfc17000000000000000000000000000000000000000000000000ed8100001a040000ddf4655fddf4655fddf4655f00000000000001000400000000000800010000000af301000400000000000000000000000200000027000000000000000000000000000000000000000000000000000000000000000000000000000000694f777d000000000000000000000000000000000000000000000000ffa1000026000000ddf4655fddf4655fddf4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3235303331303933372f66696c65302f66696c6530000000000000000000000000000000000000000000006177ccbb000000000000000000000000000000000000000000000000ed8100000a000000ddf4655fddf4655fddf4655f00000000000001000400000000000800010000000af301000400000000000000000000000100000029000000000000000000000000000000000000000000000000000000000000000000000000000000dfa38368200000000000000000000000000000000000000000000000ed81000028230000ddf4655fddf4655fddf4655f00000000000002001200000000000800010000000af30100040000000000000000000000090000002a00000000000000000000000000000000000000000000000000000000000000000000000000000079189cdc000000000000000000000000000000000000000000000000ed81000064000000ddf4655fddf4655fddf4655f00000000000001000200000000000800010000000af30100040000000000000000000000010000003300000000000000000000000000000000000000000000000000000000000000000000000000000007b8a9eb00"/768, 0x300, 0x9180}, {&(0x7f0000013100)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x9c00}, {&(0x7f0000013600)='syzkallers\x00'/32, 0x20, 0xa400}, {&(0x7f0000013700)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0xcc00}], 0x0, &(0x7f0000013800))

[  198.008418] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
23:23:58 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x2c, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000700100000f000000000000000000000004000000000002000020000020000000def4655fdef4655f0100ffff53ef010001000000def4655f000000000000000001000000000000000b0000000004000008000000d2c20100120300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e32313538333830363200"/192, 0xc0, 0x400}, {&(0x7f0000010100)="000000000000000000000000efdd79b7c3654313ac0cec53e79dcbaf010040000c00000000000000def4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000003800000000000000", 0x40, 0x540}, {&(0x7f0000010300)="0300000004000000000000000000000000000000010400"/32, 0x20, 0x640}, {&(0x7f0000010400)="03000000040000000500000017000f000300040000000000000000000f008551", 0x20, 0x800}, {&(0x7f0000010500)="ff010000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000def4655fdef4655fdef4655f00"/2080, 0x820, 0xc00}, {&(0x7f0000010e00)="ed41000000040000def4655fdef4655fdef4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000030000000", 0x40, 0x1800}, {&(0x7f0000010f00)="20000000c0f78c96c0f78c9600000000def4655f00"/32, 0x20, 0x1880}, {&(0x7f0000011000)="8081000000180000def4655fdef4655fdef4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000500000000200000004000000520000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000def4655f00"/160, 0xa0, 0x1c00}, {&(0x7f0000011100)="8081000000180000def4655fdef4655fdef4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000600000000200000004000000620000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000def4655f00"/160, 0xa0, 0x2000}, {&(0x7f0000011200)="c0410000002c0000def4655fdef4655fdef4655f00000000000002002000000000000800000000000af301000400000000000000000000000b00000040000000", 0x40, 0x3c00}, {&(0x7f0000011300)="20000000000000000000000000000000def4655f000000000000000000000000000002ea00"/64, 0x40, 0x3c80}, {&(0x7f0000011400)="ed4100003c000000def4655fdef4655fdef4655f0000000000000200000000000000001003000000020000000d0000001000050166696c65300000000e0000002800050766696c65310000000000000000000000000000000000000000000000000000003e1ea11700000000000000000000000000000000000000000000000020000000c0f78c96c0f78c96c0f78c96def4655fc0f78c960000000000000000000002ea04070000000000000000000000000000646174610000000000000000", 0xc0, 0x4000}, {&(0x7f0000011500)="ed8100001a040000def4655fdef4655fdef4655f00000000000001002000000000000800010000000af3010004000000000000000000000002000000700000000000000000000000000000000000000000000000000000000000000000000000000000005793e75d00000000000000000000000000000000000000000000000020000000c0f78c96c0f78c96c0f78c96def4655fc0f78c960000000000000000", 0xa0, 0x4400}, {&(0x7f0000011600)="ffa1000026000000def4655fdef4655fdef4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3231353833383036322f66696c65302f66696c6530000000000000000000000000000000000000000000004bfd2c1c00000000000000000000000000000000000000000000000020000000c0f78c96c0f78c96c0f78c96def4655fc0f78c960000000000000000", 0xa0, 0x4800}, {&(0x7f0000011700)="ed8100000a000000def4655fdef4655fdef4655f000000000000010000000000000000100100000073797a6b616c6c6572730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e5264f2500000000000000000000000000000000000000000000000020000000c0f78c96c0f78c96c0f78c96def4655fc0f78c960000000000000000000002ea040700000000000000000000000000006461746106015403000000000600000000000000786174747231000006014c0300000000060000000000000078617474723200"/256, 0x100, 0x4c00}, {&(0x7f0000011800)="0000000000000000000000000000000078617474723200007861747472310000ed81000028230000def4655fdef4655fdef4655f00000000000002002000000000000800010000000af301000400000000000000000000000900000080000000000000000000000000000000000000000000000000000000000000000000000000000000c20bb4fb00000000000000000000000000000000000000000000000020000000c0f78c96c0f78c96c0f78c96def4655fc0f78c960000000000000000", 0xc0, 0x4fe0}, {&(0x7f0000011900)="ed81000064000000def4655fdef4655fdef4655f000000000000010000000000000000100100000073797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616cdd0e886300000000000000000000000000000000000000000000000020000000c0f78c96c0f78c96c0f78c96def4655fc0f78c960000000000000000000002ea04073403000000002800000000000000646174610000000000000000", 0xc0, 0x5400}, {&(0x7f0000011a00)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lersyzkallersyzkallersyzkallersyzkallers', 0x40, 0x57c0}, {&(0x7f0000011b00)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x80, 0xc000}, {&(0x7f0000011c00)="0b0000000c0001022e000000020000000c0002022e2e000000000000e8030000", 0x20, 0x10000}, {&(0x7f0000011d00)="00000000000400"/32, 0x20, 0x10400}, {&(0x7f0000011e00)="00000000000400"/32, 0x20, 0x10800}, {&(0x7f0000011f00)="00000000000400"/32, 0x20, 0x10c00}, {&(0x7f0000012000)="00000000000400"/32, 0x20, 0x11000}, {&(0x7f0000012100)="00000000000400"/32, 0x20, 0x11400}, {&(0x7f0000012200)="00000000000400"/32, 0x20, 0x11800}, {&(0x7f0000012300)="00000000000400"/32, 0x20, 0x11c00}, {&(0x7f0000012400)="00000000000400"/32, 0x20, 0x12000}, {&(0x7f0000012500)="00000000000400"/32, 0x20, 0x12400}, {&(0x7f0000012600)="00000000000400"/32, 0x20, 0x12800}, {&(0x7f0000012700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x14000}, {&(0x7f0000012800)="0200"/32, 0x20, 0x14400}, {&(0x7f0000012900)="0300"/32, 0x20, 0x14800}, {&(0x7f0000012a00)="0400"/32, 0x20, 0x14c00}, {&(0x7f0000012b00)="0500"/32, 0x20, 0x15000}, {&(0x7f0000012c00)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000100"/96, 0x60, 0x15400}, {&(0x7f0000012d00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x18000}, {&(0x7f0000012e00)="0200"/32, 0x20, 0x18400}, {&(0x7f0000012f00)="0300"/32, 0x20, 0x18800}, {&(0x7f0000013000)="0400"/32, 0x20, 0x18c00}, {&(0x7f0000013100)="0500"/32, 0x20, 0x19000}, {&(0x7f0000013200)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000100"/96, 0x60, 0x19400}, {&(0x7f0000013300)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x1c000}], 0x0, &(0x7f0000013800))

23:23:58 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

23:23:58 executing program 7:
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r2)

[  198.075956] loop6: detected capacity change from 0 to 1024
[  198.093788] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.109156] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.004423] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  199.005665] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  199.035992] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  199.036818] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  199.063678] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  199.064454] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  199.094468] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  199.095612] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  199.119807] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  199.120608] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  199.158940] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  199.159767] Bluetooth: hci6: Error when powering off device on rfkill (-4)
[  199.186425] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  199.187259] Bluetooth: hci7: Error when powering off device on rfkill (-4)
23:24:00 executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0xa}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, &(0x7f00000002c0)})

23:24:00 executing program 4:
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)

23:24:00 executing program 3:
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, 0x0, 0x0, 0x0)

23:24:00 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x2a, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d2f4655fd2f4655f0100ffff53ef010001000000d1f4655f000000000000000001000000000000000b000000800000000800000052470000620100000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e33313930313834363600"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000005566cbb705fc4d7ea1c5dfc95b00bfe3010000000c00000000000000d1f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="0100000000000500110000000000000000000000040000003c00000000000000", 0x20, 0x560}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce000f0003000400"/32, 0x20, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x480, 0xc00}, {&(0x7f0000010a00)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x1400}, {&(0x7f0000010b00)="00000000000400"/32, 0x20, 0x1800}, {&(0x7f0000010c00)="00000000000400"/32, 0x20, 0x1c00}, {&(0x7f0000010d00)="00000000000400"/32, 0x20, 0x2000}, {&(0x7f0000010e00)="00000000000400"/32, 0x20, 0x2400}, {&(0x7f0000010f00)="00000000000400"/32, 0x20, 0x2800}, {&(0x7f0000011000)="00000000000400"/32, 0x20, 0x2c00}, {&(0x7f0000011100)="00000000000400"/32, 0x20, 0x3000}, {&(0x7f0000011200)="00000000000400"/32, 0x20, 0x3400}, {&(0x7f0000011300)="00000000000400"/32, 0x20, 0x3800}, {&(0x7f0000011400)="00000000000400"/32, 0x20, 0x3c00}, {&(0x7f0000011500)="00000000000400"/32, 0x20, 0x4000}, {&(0x7f0000011600)="504d4d00504d4dffd2f4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7033300075782f746573742f73797a5f6d6f756e745f696d6167655f650500"/128, 0x80, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x4800}, {&(0x7f0000011800)="ffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300"/1056, 0x420, 0x4c00}, {&(0x7f0000011d00)="0400"/32, 0x20, 0x5400}, {&(0x7f0000011e00)="0500"/32, 0x20, 0x5800}, {&(0x7f0000011f00)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x5c00}, {&(0x7f0000012000)="0200"/32, 0x20, 0x6000}, {&(0x7f0000012100)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x6400}, {&(0x7f0000012200)="0300"/32, 0x20, 0x6800}, {&(0x7f0000012300)="0400"/32, 0x20, 0x6c00}, {&(0x7f0000012400)="0500"/32, 0x20, 0x7000}, {&(0x7f0000012500)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x7400}, {&(0x7f0000012600)="0200"/32, 0x20, 0x7800}, {&(0x7f0000012700)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x7c00}, {&(0x7f0000012800)="000002ea0100000001000000270f240c000000000000000000000000000000000601f8030000000006000000779b539778617474723100000601f00300000000060000007498539778617474723200"/96, 0x60, 0x8000}, {&(0x7f0000012900)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xattr2\x00\x00xattr1\x00\x00', 0x20, 0x83e0}, {&(0x7f0000012a00)="0000000000000000d1f4655fd1f4655fd1f4655f00"/32, 0x20, 0x8c00}, {&(0x7f0000012b00)="ed41000000040000d1f4655fd2f4655fd2f4655f00000000000004000200000000000800050000000af301000400000000000000000000000100000004000000", 0x40, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d1f4655fd1f4655fd1f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014000000000000000000000000000000000000000000000000000000000000000000000000000000000000008081000000180000d1f4655fd1f4655fd1f4655f00000000000001000c00000010000800000000000af30300040000000000000000000000010000001900000001000000010000001e00000002000000040000001a00"/224, 0xe0, 0x8d00}, {&(0x7f0000012d00)="c041000000300000d1f4655fd1f4655fd1f4655f00000000000002001800000000000800000000000af301000400000000000000000000000c00000005000000", 0x40, 0x9100}, {&(0x7f0000012e00)="ed41000000040000d2f4655fd2f4655fd2f4655f00000000000002000200000000000800030000000af30100040000000000000000000000010000001f00000000000000000000000000000000000000000000000000000000000000000000000000000027951c99000000000000000000000000000000000000000000000000ed8100001a040000d2f4655fd2f4655fd2f4655f00000000000001000400000000000800010000000af30100040000000000000000000000020000002700000000000000000000000000000000000000000000000000000000000000000000000000000077475a5c000000000000000000000000000000000000000000000000ffa1000026000000d2f4655fd2f4655fd2f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3331393031383436362f66696c65302f66696c6530000000000000000000000000000000000000000000002247ea9f000000000000000000000000000000000000000000000000ed8100000a000000d2f4655fd2f4655fd2f4655f00000000000001000400000000000800010000000af301000400000000000000000000000100000029000000000000000000000000000000000000000000000000000000000000000000000000000000401f9fd3200000000000000000000000000000000000000000000000ed81000028230000d2f4655fd2f4655fd2f4655f00000000000002001200000000000800010000000af30100040000000000000000000000090000002a0000000000000000000000000000000000000000000000000000000000000000000000000000001dd000b4000000000000000000000000000000000000000000000000ed81000064000000d2f4655fd2f4655fd2f4655f00000000000001000200000000000800010000000af3010004000000000000000000000001000000330000000000000000000000000000000000000000000000000000000000000000000000000000006b8b381d00"/768, 0x300, 0x9180}, {&(0x7f0000013100)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x9c00}, {&(0x7f0000013600)='syzkallers\x00'/32, 0x20, 0xa400}, {&(0x7f0000013700)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0xcc00}], 0x0, &(0x7f0000013800))

23:24:00 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0)

23:24:00 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

23:24:00 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

23:24:00 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}}, 0x0)

[  199.571269] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  199.595759] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  199.606832] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  199.608140] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:24:00 executing program 6:
execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x0], 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)=[0x0], &(0x7f00000001c0)=[0x0], 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
write(r1, &(0x7f0000000240)="01010101", 0x4)
close(r1)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)=[0x0], &(0x7f0000000300)=[0x0], 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0)
close(r2)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0], 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff)
execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', &(0x7f00000004c0)=[0x0], &(0x7f0000000500)=[0x0], 0x0)

23:24:00 executing program 3:
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

[  199.672501] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:24:00 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x2e, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d6f4655f000000000000000001000000000000000b0000000001000008000000d2420000120300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e31333638353234303200"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000008395006fb905454792d9f392427055b7010040000c00000000000000d6f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000003700000000000000", 0x40, 0x540}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010500)="ff030000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000d6f4655fd6f4655fd6f4655f00"/2080, 0x820, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d6f4655fd7f4655fd7f4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x1500}, {&(0x7f0000010f00)="2000000098a2e27a98a2e27a00000000d6f4655f00"/32, 0x20, 0x1580}, {&(0x7f0000011000)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000300000000200000004000000320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d6f4655f00"/160, 0xa0, 0x1600}, {&(0x7f0000011100)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000400000000200000004000000420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d6f4655f00"/160, 0xa0, 0x1700}, {&(0x7f0000011200)="c041000000300000d6f4655fd6f4655fd6f4655f00000000000002002000000000000800000000000af301000400000000000000000000000c00000020000000", 0x40, 0x1e00}, {&(0x7f0000011300)="20000000000000000000000000000000d6f4655f00"/32, 0x20, 0x1e80}, {&(0x7f0000011400)="ed41000000040000d7f4655fd7f4655fd7f4655f00000000000002002000000000000800030000000af3010004000000000000000000000001000000500000000000000000000000000000000000000000000000000000000000000000000000000000005bbc60cd0000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x1f00}, {&(0x7f0000011500)="ed8100001a040000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af301000400000000000000000000000200000060000000000000000000000000000000000000000000000000000000000000000000000000000000491c1dd40000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x2000}, {&(0x7f0000011600)="ffa1000026000000d7f4655fd7f4655fd7f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3133363835323430322f66696c65302f66696c6530000000000000000000000000000000000000000000008a6df6170000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x2100}, {&(0x7f0000011700)="ed8100000a000000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af301000400000000000000000000000100000070000000000000000000000000000000000000000000000000000000000000000000000000000000b53044900000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000000002ea06015400000000000600000000000000786174747231000006014c0000000000060000000000000078617474723200000000000000000000000000000000000000000000000000000000000078617474723200007861747472310000ed81000028230000d7f4655fd7f4655fd7f4655f00000000000002002000000000000800010000000af30100040000000000000000000000090000008000000000000000000000000000000000000000000000000000000000000000000000000000000059a976290000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0x1a0, 0x2200}, {&(0x7f0000011900)="ed81000064000000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af3010004000000000000000000000001000000900000000000000000000000000000000000000000000000000000000000000000000000000000002248c6120000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x2400}, {&(0x7f0000011a00)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x80, 0x4000}, {&(0x7f0000011b00)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x8000}, {&(0x7f0000011c00)="00000000000400"/32, 0x20, 0x8400}, {&(0x7f0000011d00)="00000000000400"/32, 0x20, 0x8800}, {&(0x7f0000011e00)="00000000000400"/32, 0x20, 0x8c00}, {&(0x7f0000011f00)="00000000000400"/32, 0x20, 0x9000}, {&(0x7f0000012000)="00000000000400"/32, 0x20, 0x9400}, {&(0x7f0000012100)="00000000000400"/32, 0x20, 0x9800}, {&(0x7f0000012200)="00000000000400"/32, 0x20, 0x9c00}, {&(0x7f0000012300)="00000000000400"/32, 0x20, 0xa000}, {&(0x7f0000012400)="00000000000400"/32, 0x20, 0xa400}, {&(0x7f0000012500)="00000000000400"/32, 0x20, 0xa800}, {&(0x7f0000012600)="00000000000400"/32, 0x20, 0xac00}, {&(0x7f0000012700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0xc000}, {&(0x7f0000012800)="0200"/32, 0x20, 0xc400}, {&(0x7f0000012900)="0300"/32, 0x20, 0xc800}, {&(0x7f0000012a00)="0400"/32, 0x20, 0xcc00}, {&(0x7f0000012b00)="0500"/32, 0x20, 0xd000}, {&(0x7f0000012c00)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000c00100"/96, 0x60, 0xd400}, {&(0x7f0000012d00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x10000}, {&(0x7f0000012e00)="0200"/32, 0x20, 0x10400}, {&(0x7f0000012f00)="0300"/32, 0x20, 0x10800}, {&(0x7f0000013000)="0400"/32, 0x20, 0x10c00}, {&(0x7f0000013100)="0500"/32, 0x20, 0x11000}, {&(0x7f0000013200)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000c00100"/96, 0x60, 0x11400}, {&(0x7f0000013300)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x14000}, {&(0x7f0000013400)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x18000}, {&(0x7f0000013900)='syzkallers\x00'/32, 0x20, 0x1c000}, {&(0x7f0000013a00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x24000}], 0x0, &(0x7f0000013b00))

23:24:00 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x2c, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000700100000f000000000000000000000004000000000002000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d6f4655f000000000000000001000000000000000b0000000004000008000000d2c20100120300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e33373631313835303700"/192, 0xc0, 0x400}, {&(0x7f0000010100)="000000000000000000000000c7b2a4502ed64a6eb421652eb677bbba010040000c00000000000000d6f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000003800000000000000", 0x40, 0x540}, {&(0x7f0000010300)="0300000004000000000000000000000000000000010400"/32, 0x20, 0x640}, {&(0x7f0000010400)="03000000040000000500000017000f000300040000000000000000000f008551", 0x20, 0x800}, {&(0x7f0000010500)="ff010000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000d6f4655fd6f4655fd6f4655f00"/2080, 0x820, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d6f4655fd7f4655fd7f4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000030000000", 0x40, 0x1800}, {&(0x7f0000010f00)="20000000681d5748681d574800000000d6f4655f00"/32, 0x20, 0x1880}, {&(0x7f0000011000)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000500000000200000004000000520000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d6f4655f00"/160, 0xa0, 0x1c00}, {&(0x7f0000011100)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000600000000200000004000000620000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d6f4655f00"/160, 0xa0, 0x2000}, {&(0x7f0000011200)="c0410000002c0000d6f4655fd6f4655fd6f4655f00000000000002002000000000000800000000000af301000400000000000000000000000b00000040000000", 0x40, 0x3c00}, {&(0x7f0000011300)="20000000000000000000000000000000d6f4655f000000000000000000000000000002ea00"/64, 0x40, 0x3c80}, {&(0x7f0000011400)="ed4100003c000000d7f4655fd7f4655fd7f4655f0000000000000200000000000000001003000000020000000d0000001000050166696c65300000000e0000002800050766696c653100000000000000000000000000000000000000000000000000000097bbe33d00000000000000000000000000000000000000000000000020000000681d5748681d5748681d5748d7f4655f681d57480000000000000000000002ea04070000000000000000000000000000646174610000000000000000", 0xc0, 0x4000}, {&(0x7f0000011500)="ed8100001a040000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af301000400000000000000000000000200000070000000000000000000000000000000000000000000000000000000000000000000000000000000ba8b7ff700000000000000000000000000000000000000000000000020000000681d5748681d5748681d5748d7f4655f681d57480000000000000000", 0xa0, 0x4400}, {&(0x7f0000011600)="ffa1000026000000d7f4655fd7f4655fd7f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3337363131383530372f66696c65302f66696c6530000000000000000000000000000000000000000000008cbe886300000000000000000000000000000000000000000000000020000000681d5748681d5748681d5748d7f4655f681d57480000000000000000", 0xa0, 0x4800}, {&(0x7f0000011700)="ed8100000a000000d7f4655fd7f4655fd7f4655f000000000000010000000000000000100100000073797a6b616c6c65727300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d33368e00000000000000000000000000000000000000000000000020000000681d5748681d5748681d5748d7f4655f681d57480000000000000000000002ea040700000000000000000000000000006461746106015403000000000600000000000000786174747231000006014c0300000000060000000000000078617474723200"/256, 0x100, 0x4c00}, {&(0x7f0000011800)="0000000000000000000000000000000078617474723200007861747472310000ed81000028230000d7f4655fd7f4655fd7f4655f00000000000002002000000000000800010000000af30100040000000000000000000000090000008000000000000000000000000000000000000000000000000000000000000000000000000000000072b2bc0c00000000000000000000000000000000000000000000000020000000681d5748681d5748681d5748d7f4655f681d57480000000000000000", 0xc0, 0x4fe0}, {&(0x7f0000011900)="ed81000064000000d7f4655fd7f4655fd7f4655f000000000000010000000000000000100100000073797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c0ac393e100000000000000000000000000000000000000000000000020000000681d5748681d5748681d5748d7f4655f681d57480000000000000000000002ea04073403000000002800000000000000646174610000000000000000", 0xc0, 0x5400}, {&(0x7f0000011a00)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lersyzkallersyzkallersyzkallersyzkallers', 0x40, 0x57c0}, {&(0x7f0000011b00)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x80, 0xc000}, {&(0x7f0000011c00)="0b0000000c0001022e000000020000000c0002022e2e000000000000e8030000", 0x20, 0x10000}, {&(0x7f0000011d00)="00000000000400"/32, 0x20, 0x10400}, {&(0x7f0000011e00)="00000000000400"/32, 0x20, 0x10800}, {&(0x7f0000011f00)="00000000000400"/32, 0x20, 0x10c00}, {&(0x7f0000012000)="00000000000400"/32, 0x20, 0x11000}, {&(0x7f0000012100)="00000000000400"/32, 0x20, 0x11400}, {&(0x7f0000012200)="00000000000400"/32, 0x20, 0x11800}, {&(0x7f0000012300)="00000000000400"/32, 0x20, 0x11c00}, {&(0x7f0000012400)="00000000000400"/32, 0x20, 0x12000}, {&(0x7f0000012500)="00000000000400"/32, 0x20, 0x12400}, {&(0x7f0000012600)="00000000000400"/32, 0x20, 0x12800}, {&(0x7f0000012700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x14000}, {&(0x7f0000012800)="0200"/32, 0x20, 0x14400}, {&(0x7f0000012900)="0300"/32, 0x20, 0x14800}, {&(0x7f0000012a00)="0400"/32, 0x20, 0x14c00}, {&(0x7f0000012b00)="0500"/32, 0x20, 0x15000}, {&(0x7f0000012c00)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000100"/96, 0x60, 0x15400}, {&(0x7f0000012d00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x18000}, {&(0x7f0000012e00)="0200"/32, 0x20, 0x18400}, {&(0x7f0000012f00)="0300"/32, 0x20, 0x18800}, {&(0x7f0000013000)="0400"/32, 0x20, 0x18c00}, {&(0x7f0000013100)="0500"/32, 0x20, 0x19000}, {&(0x7f0000013200)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000100"/96, 0x60, 0x19400}, {&(0x7f0000013300)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x1c000}], 0x0, &(0x7f0000013800))

[  199.732462] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:24:00 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448e0, &(0x7f0000000000))

23:24:00 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x10, &(0x7f00000000c0), 0x4)

23:24:00 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x2e, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d6f4655f000000000000000001000000000000000b0000000001000008000000d2420000120300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e31333638353234303200"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000008395006fb905454792d9f392427055b7010040000c00000000000000d6f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000003700000000000000", 0x40, 0x540}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010500)="ff030000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000d6f4655fd6f4655fd6f4655f00"/2080, 0x820, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d6f4655fd7f4655fd7f4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x1500}, {&(0x7f0000010f00)="2000000098a2e27a98a2e27a00000000d6f4655f00"/32, 0x20, 0x1580}, {&(0x7f0000011000)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000300000000200000004000000320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d6f4655f00"/160, 0xa0, 0x1600}, {&(0x7f0000011100)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000400000000200000004000000420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d6f4655f00"/160, 0xa0, 0x1700}, {&(0x7f0000011200)="c041000000300000d6f4655fd6f4655fd6f4655f00000000000002002000000000000800000000000af301000400000000000000000000000c00000020000000", 0x40, 0x1e00}, {&(0x7f0000011300)="20000000000000000000000000000000d6f4655f00"/32, 0x20, 0x1e80}, {&(0x7f0000011400)="ed41000000040000d7f4655fd7f4655fd7f4655f00000000000002002000000000000800030000000af3010004000000000000000000000001000000500000000000000000000000000000000000000000000000000000000000000000000000000000005bbc60cd0000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x1f00}, {&(0x7f0000011500)="ed8100001a040000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af301000400000000000000000000000200000060000000000000000000000000000000000000000000000000000000000000000000000000000000491c1dd40000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x2000}, {&(0x7f0000011600)="ffa1000026000000d7f4655fd7f4655fd7f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3133363835323430322f66696c65302f66696c6530000000000000000000000000000000000000000000008a6df6170000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x2100}, {&(0x7f0000011700)="ed8100000a000000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af301000400000000000000000000000100000070000000000000000000000000000000000000000000000000000000000000000000000000000000b53044900000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000000002ea06015400000000000600000000000000786174747231000006014c0000000000060000000000000078617474723200000000000000000000000000000000000000000000000000000000000078617474723200007861747472310000ed81000028230000d7f4655fd7f4655fd7f4655f00000000000002002000000000000800010000000af30100040000000000000000000000090000008000000000000000000000000000000000000000000000000000000000000000000000000000000059a976290000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0x1a0, 0x2200}, {&(0x7f0000011900)="ed81000064000000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af3010004000000000000000000000001000000900000000000000000000000000000000000000000000000000000000000000000000000000000002248c6120000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x2400}, {&(0x7f0000011a00)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x80, 0x4000}, {&(0x7f0000011b00)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x8000}, {&(0x7f0000011c00)="00000000000400"/32, 0x20, 0x8400}, {&(0x7f0000011d00)="00000000000400"/32, 0x20, 0x8800}, {&(0x7f0000011e00)="00000000000400"/32, 0x20, 0x8c00}, {&(0x7f0000011f00)="00000000000400"/32, 0x20, 0x9000}, {&(0x7f0000012000)="00000000000400"/32, 0x20, 0x9400}, {&(0x7f0000012100)="00000000000400"/32, 0x20, 0x9800}, {&(0x7f0000012200)="00000000000400"/32, 0x20, 0x9c00}, {&(0x7f0000012300)="00000000000400"/32, 0x20, 0xa000}, {&(0x7f0000012400)="00000000000400"/32, 0x20, 0xa400}, {&(0x7f0000012500)="00000000000400"/32, 0x20, 0xa800}, {&(0x7f0000012600)="00000000000400"/32, 0x20, 0xac00}, {&(0x7f0000012700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0xc000}, {&(0x7f0000012800)="0200"/32, 0x20, 0xc400}, {&(0x7f0000012900)="0300"/32, 0x20, 0xc800}, {&(0x7f0000012a00)="0400"/32, 0x20, 0xcc00}, {&(0x7f0000012b00)="0500"/32, 0x20, 0xd000}, {&(0x7f0000012c00)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000c00100"/96, 0x60, 0xd400}, {&(0x7f0000012d00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x10000}, {&(0x7f0000012e00)="0200"/32, 0x20, 0x10400}, {&(0x7f0000012f00)="0300"/32, 0x20, 0x10800}, {&(0x7f0000013000)="0400"/32, 0x20, 0x10c00}, {&(0x7f0000013100)="0500"/32, 0x20, 0x11000}, {&(0x7f0000013200)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000c00100"/96, 0x60, 0x11400}, {&(0x7f0000013300)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x14000}, {&(0x7f0000013400)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x18000}, {&(0x7f0000013900)='syzkallers\x00'/32, 0x20, 0x1c000}, {&(0x7f0000013a00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x24000}], 0x0, &(0x7f0000013b00))

23:24:00 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = dup(r0)
bind$802154_dgram(r1, 0x0, 0x0)

23:24:00 executing program 6:
execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x0], 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)=[0x0], &(0x7f00000001c0)=[0x0], 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
write(r1, &(0x7f0000000240)="01010101", 0x4)
close(r1)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)=[0x0], &(0x7f0000000300)=[0x0], 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0)
close(r2)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0], 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff)
execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', &(0x7f00000004c0)=[0x0], &(0x7f0000000500)=[0x0], 0x0)

[  199.928340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:24:00 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x19, &(0x7f0000002680)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}}, 0x108)

23:24:00 executing program 4:
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)

23:24:00 executing program 5:
syz_emit_ethernet(0x7e, &(0x7f00000002c0)={@multicast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @dest_unreach={0xb, 0x0, 0x0, 0x0, 0x5c, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @broadcast, @rand_addr, {[@timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@private}, {@empty}, {@multicast1}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@dev}, {@local}, {@loopback}]}, @end]}}}}}}}, 0x0)

23:24:00 executing program 6:
execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x0], 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)=[0x0], &(0x7f00000001c0)=[0x0], 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
write(r1, &(0x7f0000000240)="01010101", 0x4)
close(r1)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)=[0x0], &(0x7f0000000300)=[0x0], 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0)
close(r2)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0], 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff)
execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', &(0x7f00000004c0)=[0x0], &(0x7f0000000500)=[0x0], 0x0)

[  200.070508] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  200.119658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  200.123010] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  200.181503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  203.417190] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  203.421487] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  203.423098] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  203.431001] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  203.436878] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  203.484380] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  203.486417] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  203.489666] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  203.500043] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  203.503150] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  203.672493] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  203.676060] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  203.680161] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  203.699850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  203.702555] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  205.509918] Bluetooth: hci0: command tx timeout
[  205.765879] Bluetooth: hci2: command tx timeout
[  207.557694] Bluetooth: hci0: command tx timeout
[  207.813681] Bluetooth: hci2: command tx timeout
[  209.605622] Bluetooth: hci0: command tx timeout
[  209.861780] Bluetooth: hci2: command tx timeout
[  211.653903] Bluetooth: hci0: command tx timeout
[  211.910374] Bluetooth: hci2: command tx timeout
[  214.911201] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  214.911977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  214.968147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  214.968996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  215.076516] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  215.088781] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  215.401075] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:24:16 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x19, &(0x7f0000002680)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}}, 0x108)

[  217.221941] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.223165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.261193] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.262594] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.367005] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  217.406397] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  217.407742] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  217.420739] wlan1: authenticated
[  217.421741] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  217.424057] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[  217.476309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  217.476394] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[  217.479875] wlan1: associated
[  217.805176] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  217.908713] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING)
[  220.245099] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  220.247467] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  220.249501] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  220.254741] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  220.257960] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  222.278729] Bluetooth: hci2: command tx timeout
[  224.325907] Bluetooth: hci2: command tx timeout
[  226.374728] Bluetooth: hci2: command tx timeout
[  228.423312] Bluetooth: hci2: command tx timeout
[  237.185988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.187148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.251556] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.253098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.364883] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  237.398539] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  237.399915] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  237.420032] wlan1: authenticated
[  237.420986] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  237.422728] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[  237.476460] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[  237.477868] wlan1: associated
[  237.478814] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  237.788000] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  237.837759] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:24:50 executing program 6:
execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x0], 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)=[0x0], &(0x7f00000001c0)=[0x0], 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
write(r1, &(0x7f0000000240)="01010101", 0x4)
close(r1)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)=[0x0], &(0x7f0000000300)=[0x0], 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0)
close(r2)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0], 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff)
execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', &(0x7f00000004c0)=[0x0], &(0x7f0000000500)=[0x0], 0x0)

23:24:50 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

23:24:50 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

23:24:50 executing program 4:
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)

23:24:50 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000240)={0x2c, r3, 0x1, 0x0, 0x0, {{0x39}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{}]}]}]}]}, 0x2c}}, 0x0)

23:24:50 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x2e, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d6f4655f000000000000000001000000000000000b0000000001000008000000d2420000120300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e31333638353234303200"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000008395006fb905454792d9f392427055b7010040000c00000000000000d6f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000003700000000000000", 0x40, 0x540}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010500)="ff030000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000d6f4655fd6f4655fd6f4655f00"/2080, 0x820, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d6f4655fd7f4655fd7f4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x1500}, {&(0x7f0000010f00)="2000000098a2e27a98a2e27a00000000d6f4655f00"/32, 0x20, 0x1580}, {&(0x7f0000011000)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000300000000200000004000000320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d6f4655f00"/160, 0xa0, 0x1600}, {&(0x7f0000011100)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000400000000200000004000000420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d6f4655f00"/160, 0xa0, 0x1700}, {&(0x7f0000011200)="c041000000300000d6f4655fd6f4655fd6f4655f00000000000002002000000000000800000000000af301000400000000000000000000000c00000020000000", 0x40, 0x1e00}, {&(0x7f0000011300)="20000000000000000000000000000000d6f4655f00"/32, 0x20, 0x1e80}, {&(0x7f0000011400)="ed41000000040000d7f4655fd7f4655fd7f4655f00000000000002002000000000000800030000000af3010004000000000000000000000001000000500000000000000000000000000000000000000000000000000000000000000000000000000000005bbc60cd0000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x1f00}, {&(0x7f0000011500)="ed8100001a040000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af301000400000000000000000000000200000060000000000000000000000000000000000000000000000000000000000000000000000000000000491c1dd40000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x2000}, {&(0x7f0000011600)="ffa1000026000000d7f4655fd7f4655fd7f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3133363835323430322f66696c65302f66696c6530000000000000000000000000000000000000000000008a6df6170000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x2100}, {&(0x7f0000011700)="ed8100000a000000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af301000400000000000000000000000100000070000000000000000000000000000000000000000000000000000000000000000000000000000000b53044900000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000000002ea06015400000000000600000000000000786174747231000006014c0000000000060000000000000078617474723200000000000000000000000000000000000000000000000000000000000078617474723200007861747472310000ed81000028230000d7f4655fd7f4655fd7f4655f00000000000002002000000000000800010000000af30100040000000000000000000000090000008000000000000000000000000000000000000000000000000000000000000000000000000000000059a976290000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0x1a0, 0x2200}, {&(0x7f0000011900)="ed81000064000000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af3010004000000000000000000000001000000900000000000000000000000000000000000000000000000000000000000000000000000000000002248c6120000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x2400}, {&(0x7f0000011a00)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x80, 0x4000}, {&(0x7f0000011b00)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x8000}, {&(0x7f0000011c00)="00000000000400"/32, 0x20, 0x8400}, {&(0x7f0000011d00)="00000000000400"/32, 0x20, 0x8800}, {&(0x7f0000011e00)="00000000000400"/32, 0x20, 0x8c00}, {&(0x7f0000011f00)="00000000000400"/32, 0x20, 0x9000}, {&(0x7f0000012000)="00000000000400"/32, 0x20, 0x9400}, {&(0x7f0000012100)="00000000000400"/32, 0x20, 0x9800}, {&(0x7f0000012200)="00000000000400"/32, 0x20, 0x9c00}, {&(0x7f0000012300)="00000000000400"/32, 0x20, 0xa000}, {&(0x7f0000012400)="00000000000400"/32, 0x20, 0xa400}, {&(0x7f0000012500)="00000000000400"/32, 0x20, 0xa800}, {&(0x7f0000012600)="00000000000400"/32, 0x20, 0xac00}, {&(0x7f0000012700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0xc000}, {&(0x7f0000012800)="0200"/32, 0x20, 0xc400}, {&(0x7f0000012900)="0300"/32, 0x20, 0xc800}, {&(0x7f0000012a00)="0400"/32, 0x20, 0xcc00}, {&(0x7f0000012b00)="0500"/32, 0x20, 0xd000}, {&(0x7f0000012c00)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000c00100"/96, 0x60, 0xd400}, {&(0x7f0000012d00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x10000}, {&(0x7f0000012e00)="0200"/32, 0x20, 0x10400}, {&(0x7f0000012f00)="0300"/32, 0x20, 0x10800}, {&(0x7f0000013000)="0400"/32, 0x20, 0x10c00}, {&(0x7f0000013100)="0500"/32, 0x20, 0x11000}, {&(0x7f0000013200)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000c00100"/96, 0x60, 0x11400}, {&(0x7f0000013300)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x14000}, {&(0x7f0000013400)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x18000}, {&(0x7f0000013900)='syzkallers\x00'/32, 0x20, 0x1c000}, {&(0x7f0000013a00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x24000}], 0x0, &(0x7f0000013b00))

23:24:50 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x19, &(0x7f0000002680)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}}, 0x108)

23:24:50 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

[  250.003660] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  250.004882] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  250.021509] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  250.039272] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  250.046326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  250.059847] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:24:51 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x19, &(0x7f0000002680)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}}, 0x108)

[  250.110781] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:24:51 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x2e, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d6f4655f000000000000000001000000000000000b0000000001000008000000d2420000120300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e31333638353234303200"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000008395006fb905454792d9f392427055b7010040000c00000000000000d6f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000003700000000000000", 0x40, 0x540}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010500)="ff030000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000d6f4655fd6f4655fd6f4655f00"/2080, 0x820, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d6f4655fd7f4655fd7f4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x1500}, {&(0x7f0000010f00)="2000000098a2e27a98a2e27a00000000d6f4655f00"/32, 0x20, 0x1580}, {&(0x7f0000011000)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000300000000200000004000000320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d6f4655f00"/160, 0xa0, 0x1600}, {&(0x7f0000011100)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000400000000200000004000000420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d6f4655f00"/160, 0xa0, 0x1700}, {&(0x7f0000011200)="c041000000300000d6f4655fd6f4655fd6f4655f00000000000002002000000000000800000000000af301000400000000000000000000000c00000020000000", 0x40, 0x1e00}, {&(0x7f0000011300)="20000000000000000000000000000000d6f4655f00"/32, 0x20, 0x1e80}, {&(0x7f0000011400)="ed41000000040000d7f4655fd7f4655fd7f4655f00000000000002002000000000000800030000000af3010004000000000000000000000001000000500000000000000000000000000000000000000000000000000000000000000000000000000000005bbc60cd0000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x1f00}, {&(0x7f0000011500)="ed8100001a040000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af301000400000000000000000000000200000060000000000000000000000000000000000000000000000000000000000000000000000000000000491c1dd40000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x2000}, {&(0x7f0000011600)="ffa1000026000000d7f4655fd7f4655fd7f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3133363835323430322f66696c65302f66696c6530000000000000000000000000000000000000000000008a6df6170000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x2100}, {&(0x7f0000011700)="ed8100000a000000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af301000400000000000000000000000100000070000000000000000000000000000000000000000000000000000000000000000000000000000000b53044900000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000000002ea06015400000000000600000000000000786174747231000006014c0000000000060000000000000078617474723200000000000000000000000000000000000000000000000000000000000078617474723200007861747472310000ed81000028230000d7f4655fd7f4655fd7f4655f00000000000002002000000000000800010000000af30100040000000000000000000000090000008000000000000000000000000000000000000000000000000000000000000000000000000000000059a976290000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0x1a0, 0x2200}, {&(0x7f0000011900)="ed81000064000000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af3010004000000000000000000000001000000900000000000000000000000000000000000000000000000000000000000000000000000000000002248c6120000000000000000000000000000000000000000000000002000000098a2e27a98a2e27a98a2e27ad7f4655f98a2e27a0000000000000000", 0xa0, 0x2400}, {&(0x7f0000011a00)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x80, 0x4000}, {&(0x7f0000011b00)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x8000}, {&(0x7f0000011c00)="00000000000400"/32, 0x20, 0x8400}, {&(0x7f0000011d00)="00000000000400"/32, 0x20, 0x8800}, {&(0x7f0000011e00)="00000000000400"/32, 0x20, 0x8c00}, {&(0x7f0000011f00)="00000000000400"/32, 0x20, 0x9000}, {&(0x7f0000012000)="00000000000400"/32, 0x20, 0x9400}, {&(0x7f0000012100)="00000000000400"/32, 0x20, 0x9800}, {&(0x7f0000012200)="00000000000400"/32, 0x20, 0x9c00}, {&(0x7f0000012300)="00000000000400"/32, 0x20, 0xa000}, {&(0x7f0000012400)="00000000000400"/32, 0x20, 0xa400}, {&(0x7f0000012500)="00000000000400"/32, 0x20, 0xa800}, {&(0x7f0000012600)="00000000000400"/32, 0x20, 0xac00}, {&(0x7f0000012700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0xc000}, {&(0x7f0000012800)="0200"/32, 0x20, 0xc400}, {&(0x7f0000012900)="0300"/32, 0x20, 0xc800}, {&(0x7f0000012a00)="0400"/32, 0x20, 0xcc00}, {&(0x7f0000012b00)="0500"/32, 0x20, 0xd000}, {&(0x7f0000012c00)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000c00100"/96, 0x60, 0xd400}, {&(0x7f0000012d00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x10000}, {&(0x7f0000012e00)="0200"/32, 0x20, 0x10400}, {&(0x7f0000012f00)="0300"/32, 0x20, 0x10800}, {&(0x7f0000013000)="0400"/32, 0x20, 0x10c00}, {&(0x7f0000013100)="0500"/32, 0x20, 0x11000}, {&(0x7f0000013200)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000c00100"/96, 0x60, 0x11400}, {&(0x7f0000013300)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x14000}, {&(0x7f0000013400)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x18000}, {&(0x7f0000013900)='syzkallers\x00'/32, 0x20, 0x1c000}, {&(0x7f0000013a00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x24000}], 0x0, &(0x7f0000013b00))

23:24:51 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

[  250.172211] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  250.242200] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  250.302288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  250.362740] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  252.624953] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  252.628342] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  252.630156] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  252.636101] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  252.641918] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  254.661759] Bluetooth: hci4: command tx timeout
[  256.709714] Bluetooth: hci4: command tx timeout
[  258.757657] Bluetooth: hci4: command tx timeout
[  260.806695] Bluetooth: hci4: command tx timeout
[  269.335969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  269.337567] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  269.374907] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  269.376034] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  269.530889] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  269.548016] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:25:10 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

23:25:10 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

23:25:10 executing program 4:
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)

23:25:10 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
io_setup(0xfff, &(0x7f0000000040)=<r0=>0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x140241, 0x0)
io_submit(r0, 0xa, &(0x7f0000000240)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000)='A', 0x1}])
io_submit(0x0, 0x1, &(0x7f0000000300)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)="f205e781c60c9bada35a139984fd", 0xe}])

23:25:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

23:25:10 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

23:25:10 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

23:25:10 executing program 6:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
mknodat$loop(r0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)

[  269.978950] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  269.980868] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  269.984522] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.016904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.045059] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.054390] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.055928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.076758] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.077597] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:25:11 executing program 6:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r0)
sendmsg$IEEE802154_LLSEC_LIST_KEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x311}, 0x14}}, 0x0)

[  270.097932] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.123114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.128375] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.181765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:25:11 executing program 6:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
poll(&(0x7f0000000080)=[{r0}], 0x1, 0x1)

23:25:11 executing program 2:
prctl$PR_MCE_KILL(0x21, 0x1, 0x1)

23:25:11 executing program 6:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreqn(r0, 0x0, 0x3, &(0x7f0000000080)={@broadcast, @remote}, 0xc)

23:25:11 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20901, 0x0)
pwritev2(r0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000040)="c4", 0x104e08}], 0x29, 0x0, 0x0, 0x0)

[  270.784863] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  270.785924] I/O error, dev sr0, sector 2087 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  270.790049] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  270.790864] I/O error, dev sr0, sector 2087 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  272.916037] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  272.918409] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  272.921859] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  272.927971] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  272.932764] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  273.049540] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  273.055247] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  273.057096] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  273.062339] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  273.064501] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  274.949703] Bluetooth: hci0: command tx timeout
[  275.141711] Bluetooth: hci4: command tx timeout
[  276.997995] Bluetooth: hci0: command tx timeout
[  277.189726] Bluetooth: hci4: command tx timeout
[  279.045640] Bluetooth: hci0: command tx timeout
[  279.237682] Bluetooth: hci4: command tx timeout
[  281.093615] Bluetooth: hci0: command tx timeout
[  281.286313] Bluetooth: hci4: command tx timeout
[  282.909678] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  282.910285] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  282.949652] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  282.950265] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  283.056345] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  283.068247] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  284.619314] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.621134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.659121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.659878] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.739010] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  284.749147] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:25:25 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

23:25:25 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

23:25:26 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

23:25:26 executing program 2:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000000), 0x1)

23:25:26 executing program 4:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fddbdf256000000008000300", @ANYRES32=r0, @ANYBLOB="0600b10016c10000c2002a00dda86ab4c58b31ef20c214fd695619a23f261d69c43b555f528b88f3e17a1abb4a0ac6e5f9ea30c9cb9e1ae3dd6f5c3bc109013f5d9557e38c3f25a3808c61cdf7471b5a0596c4a2d9476278249fcd263ffbd634cfe9f50fdaf857928e6630403ecd8358960e2b7c02e109689e33fee971111054819a4ad75560c8b1b98e1e5b2f7fefa965159f6f39eab7a7c95e0f0d4751067bb73439a6d0de773260766809ebad7057ebfd3fdd6bb0651205d4142e33160802110000010802110000010000"], 0xe8}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchdir(0xffffffffffffffff)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
dup(0xffffffffffffffff)
r2 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x8000009c, 0x5}, 0x3000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1}, 0x3f)
r3 = signalfd4(r2, &(0x7f0000000080)={[0x8]}, 0x8, 0x0)
r4 = syz_io_uring_setup(0x455, &(0x7f0000003a00), &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000003ac0))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x14, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x5, 0x0, r3, &(0x7f0000000440), &(0x7f0000000340)='./file1\x00', 0x8, 0x6000, 0x1, {0x0, r5}}, 0xa50)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

23:25:26 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

23:25:26 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20901, 0x0)
pwritev2(r0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000040)="c4", 0x104e08}], 0x29, 0x0, 0x0, 0x0)

23:25:26 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  285.138208] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:25:26 executing program 2:
syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @echo={0xd}}}}}, 0x0)

[  285.161677] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  285.162321] I/O error, dev sr0, sector 2087 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  285.169521] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  285.170198] I/O error, dev sr0, sector 2087 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  285.173052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  285.181208] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  285.188284] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  285.197180] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  285.204777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  285.209035] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  285.211144] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  285.244336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  285.263215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  285.267414] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:25:26 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20901, 0x0)
pwritev2(r0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000040)="c4", 0x104e08}], 0x29, 0x0, 0x0, 0x0)

[  285.310809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  285.337495] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  285.350095] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  285.351068] I/O error, dev sr0, sector 2087 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  285.364416] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  285.365362] I/O error, dev sr0, sector 2087 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
23:25:26 executing program 2:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fddbdf256000000008000300", @ANYRES32=r0, @ANYBLOB="0600b10016c10000c2002a00dda86ab4c58b31ef20c214fd695619a23f261d69c43b555f528b88f3e17a1abb4a0ac6e5f9ea30c9cb9e1ae3dd6f5c3bc109013f5d9557e38c3f25a3808c61cdf7471b5a0596c4a2d9476278249fcd263ffbd634cfe9f50fdaf857928e6630403ecd8358960e2b7c02e109689e33fee971111054819a4ad75560c8b1b98e1e5b2f7fefa965159f6f39eab7a7c95e0f0d4751067bb73439a6d0de773260766809ebad7057ebfd3fdd6bb0651205d4142e33160802110000010802110000010000"], 0xe8}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchdir(0xffffffffffffffff)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
dup(0xffffffffffffffff)
r2 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x8000009c, 0x5}, 0x3000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1}, 0x3f)
r3 = signalfd4(r2, &(0x7f0000000080)={[0x8]}, 0x8, 0x0)
r4 = syz_io_uring_setup(0x455, &(0x7f0000003a00), &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000003ac0))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x14, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x5, 0x0, r3, &(0x7f0000000440), &(0x7f0000000340)='./file1\x00', 0x8, 0x6000, 0x1, {0x0, r5}}, 0xa50)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

23:25:26 executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)={0x1c, 0x6a, 0x101, 0x0, 0x0, "", [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x1c}], 0x1}, 0x0)

23:25:26 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20901, 0x0)
pwritev2(r0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000040)="c4", 0x104e08}], 0x29, 0x0, 0x0, 0x0)

23:25:26 executing program 5:
semctl$IPC_SET(0x0, 0x0, 0x1, 0x0)

23:25:26 executing program 3:
waitid(0x3, 0x0, 0x0, 0x8, 0x0)

23:25:26 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

23:25:26 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x68, &(0x7f0000000080), 0x4)

23:25:26 executing program 4:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fddbdf256000000008000300", @ANYRES32=r0, @ANYBLOB="0600b10016c10000c2002a00dda86ab4c58b31ef20c214fd695619a23f261d69c43b555f528b88f3e17a1abb4a0ac6e5f9ea30c9cb9e1ae3dd6f5c3bc109013f5d9557e38c3f25a3808c61cdf7471b5a0596c4a2d9476278249fcd263ffbd634cfe9f50fdaf857928e6630403ecd8358960e2b7c02e109689e33fee971111054819a4ad75560c8b1b98e1e5b2f7fefa965159f6f39eab7a7c95e0f0d4751067bb73439a6d0de773260766809ebad7057ebfd3fdd6bb0651205d4142e33160802110000010802110000010000"], 0xe8}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchdir(0xffffffffffffffff)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
dup(0xffffffffffffffff)
r2 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x8000009c, 0x5}, 0x3000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1}, 0x3f)
r3 = signalfd4(r2, &(0x7f0000000080)={[0x8]}, 0x8, 0x0)
r4 = syz_io_uring_setup(0x455, &(0x7f0000003a00), &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000003ac0))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x14, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x5, 0x0, r3, &(0x7f0000000440), &(0x7f0000000340)='./file1\x00', 0x8, 0x6000, 0x1, {0x0, r5}}, 0xa50)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

[  286.111606] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  286.123911] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  286.125013] I/O error, dev sr0, sector 2087 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  286.130151] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.7'.
[  286.137013] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  286.137914] I/O error, dev sr0, sector 2087 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
23:25:27 executing program 5:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fddbdf256000000008000300", @ANYRES32=r0, @ANYBLOB="0600b10016c10000c2002a00dda86ab4c58b31ef20c214fd695619a23f261d69c43b555f528b88f3e17a1abb4a0ac6e5f9ea30c9cb9e1ae3dd6f5c3bc109013f5d9557e38c3f25a3808c61cdf7471b5a0596c4a2d9476278249fcd263ffbd634cfe9f50fdaf857928e6630403ecd8358960e2b7c02e109689e33fee971111054819a4ad75560c8b1b98e1e5b2f7fefa965159f6f39eab7a7c95e0f0d4751067bb73439a6d0de773260766809ebad7057ebfd3fdd6bb0651205d4142e33160802110000010802110000010000"], 0xe8}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchdir(0xffffffffffffffff)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
dup(0xffffffffffffffff)
r2 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x8000009c, 0x5}, 0x3000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1}, 0x3f)
r3 = signalfd4(r2, &(0x7f0000000080)={[0x8]}, 0x8, 0x0)
r4 = syz_io_uring_setup(0x455, &(0x7f0000003a00), &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000003ac0))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x14, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x5, 0x0, r3, &(0x7f0000000440), &(0x7f0000000340)='./file1\x00', 0x8, 0x6000, 0x1, {0x0, r5}}, 0xa50)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

23:25:27 executing program 0:
r0 = io_uring_setup(0x4e6f, &(0x7f0000000000))
io_uring_enter(r0, 0x7a03, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r0, 0x36db, 0x0, 0x0, 0x0, 0x0)

[  286.172402] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:25:27 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getrusage(0x0, &(0x7f0000000980))

23:25:27 executing program 7:
r0 = socket$inet(0x2, 0x80003, 0xff)
setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000000)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000200)="ec8e14e6ff6dded2defe4f69f544b573776e8f98b7dfa4db0c27c768714371156f319bd466543670da4dda09312841f6", 0x30, 0x0, &(0x7f0000000240)={0x2, 0x0, @multicast1}, 0x10)

[  286.234457] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
23:25:27 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCGSOFTCAR(r0, 0x541a, &(0x7f0000000040))

23:25:27 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000000)={0x0, 0x0, 0x6})
signalfd(0xffffffffffffffff, 0x0, 0x0)

23:25:27 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt$inet_buf(r0, 0x0, 0xe, 0x0, &(0x7f0000000280))

23:25:27 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540a, 0x3)

23:25:28 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt$inet_buf(r0, 0x0, 0xe, 0x0, &(0x7f0000000280))

23:25:28 executing program 4:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fddbdf256000000008000300", @ANYRES32=r0, @ANYBLOB="0600b10016c10000c2002a00dda86ab4c58b31ef20c214fd695619a23f261d69c43b555f528b88f3e17a1abb4a0ac6e5f9ea30c9cb9e1ae3dd6f5c3bc109013f5d9557e38c3f25a3808c61cdf7471b5a0596c4a2d9476278249fcd263ffbd634cfe9f50fdaf857928e6630403ecd8358960e2b7c02e109689e33fee971111054819a4ad75560c8b1b98e1e5b2f7fefa965159f6f39eab7a7c95e0f0d4751067bb73439a6d0de773260766809ebad7057ebfd3fdd6bb0651205d4142e33160802110000010802110000010000"], 0xe8}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchdir(0xffffffffffffffff)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
dup(0xffffffffffffffff)
r2 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x8000009c, 0x5}, 0x3000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1}, 0x3f)
r3 = signalfd4(r2, &(0x7f0000000080)={[0x8]}, 0x8, 0x0)
r4 = syz_io_uring_setup(0x455, &(0x7f0000003a00), &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000003ac0))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x14, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x5, 0x0, r3, &(0x7f0000000440), &(0x7f0000000340)='./file1\x00', 0x8, 0x6000, 0x1, {0x0, r5}}, 0xa50)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

23:25:28 executing program 7:
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
init_module(&(0x7f0000000180)='I\xf3\xa1', 0xffd82, &(0x7f0000000240)='I\xc9\x17`W1\x9bE\xe8\xfcg(]aW\xf6}c\xba\xc9\xbaP\xa4\x10\xaeNl^0\xe9?4:f\xeao\xdd\xefP\xbd\xbc\xa5\x1a\xf9\xdb\x92`\xe2\v1\xab3)\xe2\xbcB$\xe2\x83\xe6\xa6\x7fYP`\xe98K\xf4C\xbd\xbe\xee\x00\xbf\xacL\xe9\xf9|L9\x8f\xb0F\x1f\x0e_\v\xab\xa6Zo\xa0\xda\xd2\xfe\xd5f\xc5\xbb\x86DB\xa3,\xdb\xa7\xca\xa5\t6\x1b\xc6O\x17\xda\xbf')

23:25:28 executing program 3:
set_mempolicy(0x4, &(0x7f00000007c0)=0x5, 0x11)

23:25:28 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
fsetxattr$security_selinux(r0, &(0x7f0000000080), &(0x7f00000000c0)='system_u:object_r:nvram_device_t:s0\x00', 0x24, 0x0)

23:25:28 executing program 6:
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)

23:25:28 executing program 5:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fddbdf256000000008000300", @ANYRES32=r0, @ANYBLOB="0600b10016c10000c2002a00dda86ab4c58b31ef20c214fd695619a23f261d69c43b555f528b88f3e17a1abb4a0ac6e5f9ea30c9cb9e1ae3dd6f5c3bc109013f5d9557e38c3f25a3808c61cdf7471b5a0596c4a2d9476278249fcd263ffbd634cfe9f50fdaf857928e6630403ecd8358960e2b7c02e109689e33fee971111054819a4ad75560c8b1b98e1e5b2f7fefa965159f6f39eab7a7c95e0f0d4751067bb73439a6d0de773260766809ebad7057ebfd3fdd6bb0651205d4142e33160802110000010802110000010000"], 0xe8}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchdir(0xffffffffffffffff)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
dup(0xffffffffffffffff)
r2 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x8000009c, 0x5}, 0x3000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1}, 0x3f)
r3 = signalfd4(r2, &(0x7f0000000080)={[0x8]}, 0x8, 0x0)
r4 = syz_io_uring_setup(0x455, &(0x7f0000003a00), &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000003ac0))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x14, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x5, 0x0, r3, &(0x7f0000000440), &(0x7f0000000340)='./file1\x00', 0x8, 0x6000, 0x1, {0x0, r5}}, 0xa50)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

23:25:28 executing program 2:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fddbdf256000000008000300", @ANYRES32=r0, @ANYBLOB="0600b10016c10000c2002a00dda86ab4c58b31ef20c214fd695619a23f261d69c43b555f528b88f3e17a1abb4a0ac6e5f9ea30c9cb9e1ae3dd6f5c3bc109013f5d9557e38c3f25a3808c61cdf7471b5a0596c4a2d9476278249fcd263ffbd634cfe9f50fdaf857928e6630403ecd8358960e2b7c02e109689e33fee971111054819a4ad75560c8b1b98e1e5b2f7fefa965159f6f39eab7a7c95e0f0d4751067bb73439a6d0de773260766809ebad7057ebfd3fdd6bb0651205d4142e33160802110000010802110000010000"], 0xe8}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchdir(0xffffffffffffffff)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
dup(0xffffffffffffffff)
r2 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x8000009c, 0x5}, 0x3000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1}, 0x3f)
r3 = signalfd4(r2, &(0x7f0000000080)={[0x8]}, 0x8, 0x0)
r4 = syz_io_uring_setup(0x455, &(0x7f0000003a00), &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000003ac0))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x14, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x5, 0x0, r3, &(0x7f0000000440), &(0x7f0000000340)='./file1\x00', 0x8, 0x6000, 0x1, {0x0, r5}}, 0xa50)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

[  287.571556] Invalid ELF header magic: != ELF
23:25:28 executing program 6:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x44, r1, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_SECCTX={0x25, 0x7, 'system_u:object_r:sshd_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x44}}, 0x0)

[  287.627476] audit: type=1400 audit(1760657128.553:25): avc:  denied  { relabelto } for  pid=11965 comm="syz-executor.1" name="NETLINK" dev="sockfs" ino=26136 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:nvram_device_t:s0 tclass=netlink_xfrm_socket permissive=1
23:25:28 executing program 7:
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
init_module(&(0x7f0000000180)='I\xf3\xa1', 0xffd82, &(0x7f0000000240)='I\xc9\x17`W1\x9bE\xe8\xfcg(]aW\xf6}c\xba\xc9\xbaP\xa4\x10\xaeNl^0\xe9?4:f\xeao\xdd\xefP\xbd\xbc\xa5\x1a\xf9\xdb\x92`\xe2\v1\xab3)\xe2\xbcB$\xe2\x83\xe6\xa6\x7fYP`\xe98K\xf4C\xbd\xbe\xee\x00\xbf\xacL\xe9\xf9|L9\x8f\xb0F\x1f\x0e_\v\xab\xa6Zo\xa0\xda\xd2\xfe\xd5f\xc5\xbb\x86DB\xa3,\xdb\xa7\xca\xa5\t6\x1b\xc6O\x17\xda\xbf')

23:25:28 executing program 3:
msgctl$IPC_SET(0x0, 0x1, 0x0)
msgsnd(0x0, &(0x7f0000000100)={0x3, "6140c64694ad9e1d2b274886eaccfdffd1fd495cf2306c9a1bb38d48c497688e00af240d0e0706471f32c38c4e6975272b1a9b56147f047fb0190dd00769283d7eea1cf8a8eb919dc0cd90955c428e53f89411c1d0076af5e4edd41d64fab200cde22c8436e92001471556973bf9a8a883ca8e229100b490cef7b312428f33d159789831bc84e00de5187b48720482da02356a873293d13ab83a0edeaced2a56d15ddd5065965675ba5fb2850389631e2f28f821a2c843ab4f6ab4a11e7cb4daeed789955b637f58c5dd592e17574a739d5033525ea8a579c593d34af845ae6231b256810e68497b3fa1cbd4943eaed0dcd5f08cad3c6a714aecd0bbbf5d38a10745727ef9e6b2335c3c6d260a2bb76bd05cd8c98e8b916d55154b4771aff27b4857c0069872c07ee7164f37070d24aef8bfbd93b06ebb480e2882eec8eb6b5b9af7709ea38abeb730e737dbf6e5f40dc095420e0eaa8083b84f9ad34132201bf7e7f227328c9ec3ec0793a80ccdc20334a06afd3b204fb1508ef6d7d769929739b90324cc6d37f7170527a2936eee69a8c0886a4ef7ab88cb44ed79a36461fa88291198e79ef15c6821d67c7895fbcf4fc8d03ed61039ae1be9369257476a77151a985581f49a837f20cff2984d5891c75c4668b8afec4277704ac2db240d29c5b593439569bc50b60442696dbb2d142575a0abd6b5695c79f98aaf8eb73489ca0b989b872da67e02b105797613577f4f0d4b344d65d66637ca812b2efab56ea6cb4f70f91d4e8806417e57d40332924bf10a378e465870db7e15d5310e3e0e159df5a5b152d976d406447db838588bb9848a58247d41fc268ca50b7f086e564e87dcd6bbacc8acaa01d5859f3e32f2184144e4579e27ba767950583f755bc2b258ae790541686fe4141a45404d90beb1d40f18a4d1ece81025d52f0bbbac6c54c5b83055e0956c555bda4abb32b7598e99ebe1a05193d54a3c3e3a772b95c8b17b4d0728f61280c37180728b00f0ee41a43c29553684687a33331281cb1fb10a5f8e03ed99bdd15bf2b9bcc75efe105e303cc6d767a3748bc4e2ef569712ff7103c606422c2a23bc2c7e8e39f2d564b2c22c3a63cbd8f5e9b65324f52aee4656d9a3a697cdbd9c4491f99983786e52bfd91eae199f97131bda8c779d82666445a17218a0d8c19811a652aa14e0de1ae30529a2e21bc32463a4c103dbf1d95fd02c02843fd7b09e3993b3af3736733fb226506b614d1a1dc2f548473591b97b49d847dc57171c0ed0c6b158656423538270ec5ee8c08a76976702e330aca82bb52273b2a262881dcf4701cb1500c96c0296d3c6dbd6634dbbf02e1b7ddb4daf4181c11d6e3f157fdddee44a073a2eca681c79892877a8620eba4958db1e9729a745c808968d2d9c6da2d6c6807035c77192c9ddfb98218816496b5d212958873970c82464c8c40c9561415b85526761c742429c167bdb460cf2bed6d5a369eb7e4b18ae2efe4e5816b8a8ec714ebcb5a39c415c55840f350c8e53d5be90a23308531db317d5f04e185d43fa32ca978cdae64d49cd09353b919c56e062486aa9257ba1b1d0889ac5d6691d37173370286d1b604fe9163ee768bbbfe2aaeca51a0b02974a89b0d6205f404c1c4a6724056c5310d623af88f88de69be266a37239f177169db0c2375e7ddce4bb1b893762af407a982fe45faeaa755380d4845617f3de6c8f73a3820d4e9075ce59afcd66f0866618bb95f98bf92e3624bf63fce12317967eca90e78d7729008aa56cdc48feb65d6dd983753ec243d2e1822cdd898c2ac31fbd900577e4f093278fd983e72124526975f79e0f48d39cb9861a1b19dc154a6a9328fc9eb78d6549d6c591ab8fba746de4b367c98c49cb2ab891ffc615329f2ef613566b28c54b1b33bda001634519f41bbb4a7b13fb4d9a9244c9098fa0ec8f76f82df168102a8fd338ad1c6b52b5057ca97e837c298d1362057ac60111c2f81ca7b283786255425a183f64f329b1b0ea20c4f1faebb8ea9fb0cb6aa6df6cb0aee5479a9edf90afc345be563e1a19f8b974e69b023edfc0acf5e8078eb2c4ba70e08299415d248ab648c3093e4449cedd8ec1440397d7aa60132b173e3862bd30d8a4c952aa869b88e3b77f520f757e3f54077ff4790d31364e98926a7169ffcf61a04585c30fe7e24b99df2060f19ef521ddc067120b1002dd88c469e242c1a88b777bed2d1ea4f3b5e58435559e72e23b8b0b5900e640686eef38f058c30bfb1250d46c62104b9aed587159df0f9ac7179c6cb493226d448c44da712c697ebcdfc7dfdd5456d2edf9a5914bd13d030a513e3ae426e7ff323d232b678400e403cb02953c2416ff611ebb1e63436d187c2cdcbf12cc3713d3fd4c48b710ddc986da6edc4f3ee6eab4363ca650f4283abae320d936f4c0f2f82deee4d1e0cbe980533abc042076f7f41d1d5623ee01add0aec8ea550040cf775b62cf0cd58fd27fb3ae208550b422128418976b4f0e866db8d031afed8ded3ffb1ca8f668ac264177b3845bd93429ba6db048d2e50a98e32f104abad943e46b39628dbe8def6442782f2c50dde165c0d043794bcffbfd57a11770aa2351de07f097089bccd46903c9c80234598a8bad45b6edef4dc59c8f705012183e4492787777e59c1dfecd2acc8e805d48bbb246c77366ffc495df755aee10b3790ddded081282a7953bd02b06f0f6c74970bdc5c4e8b3e6dcf1e4976a948fdf074ece9061e5d1500372632bd29704845ee76ad074feb08dd105f985d05582d79cd9782f7e3fcc463d839e33e7d588e96083932aa54a5a3687e54893ffd7b6e69234d9fc6ee31f67e5e61e558232414daa439ae7b6c056f8be8579f343a4a90c3d3a53d3deefbf76d7ffbc6bb5526e11409d5032fd515bc21060659b2812b5c23b99e11ea3753ffa979f7a7966c951a8df63fa2c2f42a0d1085ccdf303bd32c328884178ebe882b1ae8d2bd5fc6a691b30bfdac1be6fe917104b13be0a49bd7c428ac1da46d8215f584d95fe30b6d5d6272627de125798458dbcf4ef088cf6936958bd8fcf8cdd4941853d6aedd6dc3ed21e0192d28c48d746081d0cb71149f7ae8ad82bb5fdd90ba9e8edf6e73f01f1ef53e9bce9d33eb05f9e397bc73f4c98a7cb2bf6154f70dcf64fc1d94db033d62e6fc672d40f8b9d83408df07221b9afd060b6d14ed0b2de366be813959414dbfc9196f8b88c4762d5fd634a3141440d84be179834ff7767d6870c54621ff4e8f228ef8a0f8440b39f12b9a08b8e8863d133957e20e1233b8efae1b9d5e417d639328efe3cf9982efb456f2941501e52e8aedb558ffe4f7661dbdb80a1244383774b9bc6918353d1c034fbe4a62d1a56a81efed6de676552c4378c8a718ea596b06b442e8b8eaa0669f130c50e7b71ae1a0b9260419f152535f2fe6d1e34ddd474ce198ed248d7ad443fdcdf815e80ff90b026f12adb2714abaf0be7d5b946a2823a381ee2a2ec27d146785e46fa573f3682cc6034cf6f5baf2dc9060a489d94535911f36a7c4f3472d6c51cc75d64ade40b5dce8457b621d9546c94e068e9031f8e257ab901b78fd01b0352a824731b2acb22f7dd8adc4ad4392936e236c6a2f5ef8f8c96e48c496cd00cdcaae4f790c16b576dcadccb7d363e45a1751478e8e6655e3ac97a18aa20d68de1908ccba90a122ffce25b607e151a9af25b829ec99683969215e6f70dfcdace1e254b3080bdca1e79b551fa2ad07d9fb036153f5bf4f950fb27392976b32ad2b49c2751e030928ae7a3ca8842a6e46a968e602451121438c1a2e1711e8202e5022a51f8065db647057655fa853a7015d84aea79b1be6a72e56014f33860bf6e15319235882d43147ef6040245746645a9141cd17f655d60deb7cc14fc17a41cd19301db06ed11e9e07f47c590bab040b2f3a39b36cbe59d305bcd2ffc2af76024a52a5f988df8bada77930d6077bd11eb91a916636f13870ccb1c3a3ce90eb4f1752ecf6e6d21e5a4db06c183982ea9598dddbb250087dd2c7c55794fbec42eb7c32fc349489c36ac0b7b594e1608ea2275a468c73ba00ae88929be367c7864cc349f8f2287ad1bcb918d4dce94082f313e193322a8ac542dfef504993d8a1d2b3fbf78108e897871dd4a74b87095e3a899b3fd8a13be91c6e13cf88487150dabe7adb20dffed6ac8c0f257d2f95d8387266dd46f51f87cd988c926bab93554bb06654122cfbd40514cc666b76fed49e0a4d628e6f472719f0ca10a6b37a52b542586cbeb8bf8bda17dcdf24aef16113b0671d64fd506a0bc2956f40ad09790c21173a32be7f1d7c80b82e2daac35df35ddeccce1d2c6169d7d64badea7f01b58e6e9e84ce63b73bbdb3b78ea6ab215bf3912c323c87f1450202a3b34595d4a70b7f18a9f305d566183337753a32a580f20ad32e3d86e17f0aec20b29691a5b9246e9c092935e98e7726674936fa6ae4703fa4185111639b2b01dd6b99ea1e5d91536aaf58d00191e0aca733bd7822c933fb8a75e76edc341ebf5f5958ffd767434645d089c43ba732242ba0d9e2208682e85764991967f7faeb7ff54adc87ca8d256ee923a6f72322a82f4f73758e68bd045c0351c20b9688a763d1ae142a2e607f6b758797e59156994e3b14fa13cbab449d7dd00c3b96083efeb744dd4183c8cfe7733051d0c161123dc2f7be570daac8b2562965ad638dcfebb429a1b4b10c71374fa25e6440ca17faa2e45ec993074b7684eaa471a2b88f038908e8684a8c01419b034b15f9497e6bbf5e59a103e1453285685ce8db12eb230a14b034ffe398045c0db93498f83bc2382e77b05ed3b5c4d30a51a6a6304ada35da124972476d269afa6f7bb15b971a16ee747fa72b6d05baa7c6b2c967484193100063aefc20302f0fbac9acfbd45440c9d7920ec199c2c98a8a72b449de078368603ee3c08bda8fdf6ad62110dfb86945cdcf9bbc20679973e8f9d71282f1c31825484264a48564fbf949196b3ff2eadafc5ea3b990580cb160a443a5162196bc65d4d24676757d6cb6a8c7a53dbc1e5d1d05b3ea9616ec82c82f695e037dd9565d0a0763feeadf41fd7ab23ff42b52b2fe3fbf0e7f0fa696c978551adacebe1d37040beb63fa3f34668e897f97a3b27a69fc18b199664eeb7d56d88ea8cf08b8c755c22b2b87f0f475d969934108dddd62a392dea06621787f130c7f43d9acb7302d3ecd624a9336b19d6469f7c970d10b6e3d13739f6312ebb47dc40f4a6fbcc31b8b26441708c08d3ccafc9ebd7bc5c59155b9cf5e7da5f139c4892c86eae26f90c66d6da2fbff7408e9eaa1173e7dd354af2374a43b914305f122ee3b4243541b50ff16cfb079758aea73b9b6bf4b4aee8c4def2a7cc3c83d67d8ca894beab253a1fa0f70d1d0ed17d677c0c70b78dcfc67baaddb0e86d4be93a32522f6ead4e792e9498f3a8389fb42118d52f14ee4b5b71bc0024c914d94035993c5c976dd1c903e69e4874e7c6acefe6915d3b83102bf5088d1da3b700c96c86e4ef88fbbedc4e8991c96a0bc3eb7facc7bc6b70fc4f09add71b156a1e957397ef5327f8223a01405f0087fdcbfed1469e6cdfb70d3247a33f73547a85445e37d70c2593945fa3e650ea2be28e4fdfc2fbe98b95dd70cd058c97f65b9584fb61fa8d22c0ab574edbe1b6c26da8a22005b64b55292ce647c3230ad4"}, 0xfd1, 0x0)
msgctl$IPC_RMID(0x0, 0x0)

23:25:28 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt$inet_buf(r0, 0x0, 0xe, 0x0, &(0x7f0000000280))

23:25:28 executing program 6:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000))
r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
pwritev2(r1, &(0x7f0000001540)=[{&(0x7f00000000c0)="fd39be952b0cf6688c522da1a7c61aea9d393df2a94f96090e3a0ab90d7c21ecca3112b45f1a5dfe361ab933f610e34167978085439ad7915874585204a06b346cbb8688025e561696b82101836d3cb0300c7d5f8e549dfa6e33331e4a10dda2d3fdf7f24b7188087b76df20f91ba3826d0c7094cb7bad3403fc39730005e79acfc52711cdc814dda8809dfffdaa73330b57980f25eb6c3dfc7d97e379460e8fd8f9b08b02b7e75762a0901c98525eba657bfd14f52b0ebaa8b692aba3bbec042747e672fe094767d90787cd5eb21bd9c8a91dbeb0c1809fd70720683050e057fdea0a20194402046a7a8042137b3164886addc5b8facdd457838496e9b909e939fb8cd68596e8d3001ff9b881a25bbaa0ee8ada5da719e82ba65301e44ce4180d16d4b8e98c0ad9d8eae12eebc0", 0x12e}, {&(0x7f0000000200)="7a81f2b5e3cc98a0f028b2f9b1d0ea80df4265d735a50b06aee7d0b60f2aca89b0aee9ce507dab669bcd22e421f32a5db20211b3908c7614ddfbd70803c4ccaeb13159cba6a68978cac3044e", 0x4c}, {&(0x7f00000002c0)="dc73652e5a0dc65b30d4230e50bc8908bdf74071c9bdd982d9ee41df34554e08f6ef3db65f143ca7e25a49578cbfabc7ec0e27f1c6aef949810795db49570f1c1ba6fd9c2d2f958f9a6893c81e474ca7915f7080aace892df01a0e40f57f0338db324c7c7f1a184d00816e022287047c02d0ee8660a9bfd049ad6604f12ebbd0fa4d07f83e606d53a58fa32b9bf57e74f0627293236e514c0bff21ba99b5c4d17f41fec6e16761ceeeb3a5de01f734ffa0c65b546fd6eff39544", 0xba}, {&(0x7f0000000400)="766a44420b10acfeab4c59ebcd91cf79149b6e23bdd1ebb56e3fb4461068f54cd8fcf4fb9c650d042c4fb3c620cec332c8625bc2de3745ac8b21e5ea6d2fff7773373087353a33b721bd3c4299cb4672836ba8c75ad2f482f70834a2528357416f0699e55fca3d69bb084a0be169b8be554e6aac795c4927f3e0b754165e4690ffbfb0ae87deec19d87bc25d5fb016794954ba8f4fb155353c5481fcd864115f01c092b52138693036d04015477dafd0121756979697c879930f445bbb2a2594cd2ac06807f7356dd2a7c817b1876e8bbf8d6eecd316b115fd112fd44566aa4b0426ce54475f5d9e4388964f0f6a9b3adcc93f02e3ca69a3a6205b9cc20a286298e14c3c511bd8a46f8686db68442fce93f70d9ffc8dfe36d909f372d3f938237af9e8533bcbe7bf6e57cbde1fe952d67bc3bc4c5bd869cad5dbcbae3fa6ed71456f237b1526479d3fa05ad0f18ba6feb47d84aa0827ef1784ba5d2c6a4cc5f8436deb8809c0a92928030fe38a223a666c39904a9349998ee6666fe6d8044ed9b27fac1caf8a10d9b46af59450ed664a55cb6e62dfe0a993bf62f38c2064ffd1f203312df57d0b63fb9785551fe6b5cde9097e8af692012609b8a92f5727b1041f1b0e45d54df6ddb63af19ea512b6e5409416ce8ff9bee3671c29d0ad8cd0c69adba815e96f43e0ab8cac97670d85f197abb82ec5c80a2b287178b15e50601a3e14a4724e604983bbf420dc0bc52cb06714e41c2ad87b816340cf34426c365e8a64f15aa7f5cc5fa42caf8216fe942ea1efe94ac5cfee5611bb62caffd983089a4c43fd4a21bad02ba3c97e541da7e5a64510e9d769951e8c33359fe0c6661c69f8c08fbbb4269b63dda52bbe3ac5d993b191a959f4751868dc491f4b7f6e126361352cb0a14dc6dd9a2c8fb59c37163c0d418b53f4369bfb995562c45064da818552a39c1397ca50fca58d5867d6823d9aca8bffe900036b303ad7d9762824d483efdd5433fbbd2f54c48b980fe5075389c787a21e75eabd6d8f08fdeba3b5a5f1429dac7c12975f29798881c306191a546bf7c73fa57f352c8884fc796d86b22a60d9672ef841fc6886c02e0e21723294ac3a0a16dadd92004fdc07315afada287ceb145f464e292c5880bbb1f8f6ebf850c471580ac971d300f4e9c04a9854704431a9236d32dea70b72359b145fd1da4e27c8b3c561f186408c897c803fc6f2816205af0d05a5120f9ee40f94fa137698bd1db9ebffa457507824f75d40d27b04cd7441b4e46f33ba68099d56e9d61fad9005196b22a2a8496c35a30d7c855f8957b29b92763c566946ee6b4f195806305bcb8c2a1c85ae2810d91e5f19f02922d44ba91328067a13c5f913dd945e64cd8226eec2e2249e3a9c8fe7e99886ffa57612b2f82954b202e0f56435f8811353227e5610d1f952b69aec8095f81d4b816075d3a2a017ba82a86bb146569030b4566c695501f9a597dee7e012408e41d9818801f39118849ef4eebd169a8ef1f70ce4d342ad6a53fd050d8c7792d2940e3a34b439b6561d6b68026eb2e2430c9f09f9b44f95a3575869c396b65273754c9d881136815511634b52b52ce854aa0fac3a803171457447520a1b6e1e5e05d140b2e919902c53d96677b825ff2fbcc6ca9d6398c69fd2feba428ca5f036191df8b1bfea97c66b279d8add88b4c2964960c147b91eaa71f64a0c5587b8111896eb10f1278df92ad9e74a9ff7f3cb82d27cc9c1c17b054f9a5e45682540f593907e2474b49f7c512def39c6fd26a5c88bf96b494ef4c3a915c7305a3fb77ed4b7f035162161cd9fe00e02c302d293e7d7814a76d60dd052925b1e93d61ad97f0e098a68268456be3030edcde765ca55c97ba0fdebb1fea78c9be09173bb8cd18fa489f66aa1d6e4dc7ec913a692e73d8cd579d9346fe3dfa267e16ff5640ca4e60637f1f54bfe2a178777e409e9e61fb057b463eec981a4ed6a7cacb00710d096240b80cf5b9d9df5020303115917afca4398bdb38a642c48c327c151797073ed70ee0b95776dab44345656eb76cb8441e5ac7720db1d06f8b01a0a1d4fa644f84f10cf4d5e31b90fdb5aa0509b2fa9d6b4a5fcf0cce44aa3fddea8dfca6ecf4f47be7da531afbfb7a3fc9b51fb60a323959790975648c6bd6292464383862f203d94fdc08a4b2df004327f7397beae2f827c5f32a60ff6afb92c62ddf3fbb6bb222b5d9fdc87e3178b6efc28357ea70235f74d4a4b22915abf17d7656e6570ccdc2e98264064018882ff168af5cfdff30efa99c864f48c7fc9ff5e0cc3de699e02a81c7a4b2a65870d1927c68595c0fb526f8df3eff19608fe678a25972bc0a13858a8f4064e2099dc2893473ef907dd7af74e2e39ae9aa3028e7b96e4ed25eafff7d27309a8cf944b32d9a494860f7ce6243da139cec61407ca0da85fec1722c9f7e3f975ed81514a6646f271fab6f033cf424092d3780c1af6c8bfaea101e9889dbf8c1c20beb01ab603a80e86359aecab56434503ad7afa2fa28b88157d9bd55581275dc26f6347401bfa051acf8fe1854e1c6afc4277fc59ba3885b0549a4073a4ed2cd0e9def9592455a875ce3284e3ecd8a52c22425cf3933c1dc80f2526a9acecc79c4f80938615fd0b37f06937257d8deaea7ac8b8dd3ece08c986d028241bfa9503d49b818c02309fabb5ebe8787e294a9ebcc1a6a1ef42a004a3c986ba961149ad21c7f6cc4ef0f0ecf43c4135445af3aedabc7a6e9b4ed30f89ab667162f0051e8a196c16350d7d2179fa64d92c4156e94b3775bb273eb0396c15b4d71a889f63e54d8cecd3f68f7f9c6fd62de5ac7a1adbebcef7164e034290dbfcb49f9ddd30c87b101d0821d75e6b448246514af1496881d7dc077d188274a588f740cdb1f048e2d0501b19560c5663474d755d4563bb207d525d6aa14a121ea0b0d2ad4e240b1dd19da955682f8608403c6471d27673e7bca238efc478c516f002891d8764e4c53ff7458f9cc1eca5bdb64002348d5ab213dac999833a572efe35e507d917da7efa3851d68cb7f9084c8856c10a8cb28ec8e369f52c5667d71645185bb12eb5472fa2c925c14706d8c1d305e134da08e1dece32bc5660b9d06ada5c85bef4365dbc90f8901db30397a60039c6e5919d5318ca23f8ece7bf7ba38053776cbc7059509d81acd37134bf8541cb0979366ce4b417116b214f20d4c77f21ecfa9ab4b713613e55480b1f0bd24ae2d84b77d3cb0a8bb3ec0efc486b3c55b95bf2c0ddb3b3b1809c0327ff5ac9c5997a9b780550acddf97a056e2f205a2a46eb4ac6b50687c445cf64583a46eee2f16480c7302613995d58f769190fa6ffc8819190278e9ec04a4776f912b2c14646cf2135dfdef5e183cda41a5cc2fa3fde9dc4a4f0a1f32fd5cfb353ca39b34c514f031b8ed7d7b470d687e051397cf1758392f46aace8ed39126bfb88ecbb031ebd87d371123bc3dee7edd16d2d816dbfcc7d845b9c68f4cb3df347caf0f5e867467039bcef3afa5e005aa4832cbbc1facfcaba2d1ee01afac2a4a1d2a7f422aa9e15287d16fa40df22b1773aba791b5315b79bfd62b103070158168c610a0cd9149bd5562e25afb01265d1b6867c353be7f6d6913fe13f99310e88f7ac44689710443ef8536edbef31d5703db432e34e38dd81c6923c80d488f9a2de064d40d7c00525b283fd9e124811f53337fa8d7fce95484240441cbb34b663ae9c55f749bacafa12fe6aa53e63caea9e9baa0214f7bf6917b02e11fbdadafb7ea40f709c230180c46df450997719c5726bea85f9a0730f386075810ad9050de99175e16247f906db274f20dcfd8a301179ee4421a6226b99b00980537ba8da762ae3c26ff45ad8376f77318d4f784b75c825dbef415d4bb7b7278cd1ebb753add0b41283055b7d49f5024a0f27180b79e8ed0c7d5bcdcb70adb9c365a169b84ffc8d7ffd87f0bf7ddc30e3bf5d6211e6f73c66919808d13312bf1e40cdc568685d86b6fc20799329a90904388518cd039a2d98e003ccb49748f1f088c3a20a2fc3f6fdedc86e49667ba94eebf6d81a77a5856f2dd25bbaddc6e53cf35a5431000681dd66cb4668144dccf709ca30ffceebf10f523c7ba8aec6b0eb42418bc9446861437caf70c5b9c48e278b0049091cd9cf565be7eab6864c32391ffed0540c614ddbea7967a4364cfad2d902431e1d8f913e62f4d8209479e8996752f79de2d2c0341342dc014a8f918d4ef796059c7169c16034984a792a9f4d0141a343842814772bf35cec228f6c986258cb098d29c1299516f9c62931e33b5c7a22a1f734eb0cca052f3eddab7098aa5372d7e5d1694d4b7b0c4c5be5d0fc20b3a42c01dcdfa4ac01d1c5c16e0d1e1e9a724895241e8186c6daa7b20ac304c7dc27ea75f7bcd737f62b4acb9189d112393addc4a9df4913a4646bac177eb150430c647c81b25f83c8a8b2e80375954e592c0bb77d3cbcc45da1d7a7f58c6529175228ac1354891f967a73fc1da19f1c17b2c97d774caf7b5a303658f54462b085a3270f6a19a717610d9c3a83ea448231f3048b06efcdaa7fc2aae47a69b5069065f1bb7387daf82deeea1fff1f26fd323c95388cd5d42cd3abf4b178a08c6728f314a9ace106e561b55db86e7b38c51a0715ae6fad0e189f03954d981077716866b59b030b24718f1cd4ed7851bf38e7ab331be6790cb3ed70c9efe72cc413522ee901c893d942a65343bbd3175e4c99fe19f427b7cfe5094c897de8fadf09d6ee1f184936a286e144239db454d32ce0e7a1d363043a3304c29cf78454ef727cf289d95228dcd10364e247ddfa3e0eb254f35bb8e744f88c9adbc5a821b56313c295683d3338dd3ef0cb81b1fac4eb41e455c3daab358cec4b11bced0d2963be22e18c73753978eaa497b10144305988a01acd95d9477a721bea6220bfde9fd662f40b0de35598f0e7d7f7b072727f379034ddac82da1674d69db0d0ea61", 0xdcd}], 0x4, 0x2400000, 0x0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x2400001)

[  287.748464] Invalid ELF header magic: != ELF
23:25:28 executing program 1:
r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$MON_IOCT_RING_SIZE(r2, 0x80089203, 0xffffffffff600000)

23:25:28 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt$inet_buf(r0, 0x0, 0xe, 0x0, &(0x7f0000000280))

23:25:28 executing program 7:
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
init_module(&(0x7f0000000180)='I\xf3\xa1', 0xffd82, &(0x7f0000000240)='I\xc9\x17`W1\x9bE\xe8\xfcg(]aW\xf6}c\xba\xc9\xbaP\xa4\x10\xaeNl^0\xe9?4:f\xeao\xdd\xefP\xbd\xbc\xa5\x1a\xf9\xdb\x92`\xe2\v1\xab3)\xe2\xbcB$\xe2\x83\xe6\xa6\x7fYP`\xe98K\xf4C\xbd\xbe\xee\x00\xbf\xacL\xe9\xf9|L9\x8f\xb0F\x1f\x0e_\v\xab\xa6Zo\xa0\xda\xd2\xfe\xd5f\xc5\xbb\x86DB\xa3,\xdb\xa7\xca\xa5\t6\x1b\xc6O\x17\xda\xbf')

23:25:28 executing program 3:
msgctl$IPC_SET(0x0, 0x1, 0x0)
msgsnd(0x0, &(0x7f0000000100)={0x3, "6140c64694ad9e1d2b274886eaccfdffd1fd495cf2306c9a1bb38d48c497688e00af240d0e0706471f32c38c4e6975272b1a9b56147f047fb0190dd00769283d7eea1cf8a8eb919dc0cd90955c428e53f89411c1d0076af5e4edd41d64fab200cde22c8436e92001471556973bf9a8a883ca8e229100b490cef7b312428f33d159789831bc84e00de5187b48720482da02356a873293d13ab83a0edeaced2a56d15ddd5065965675ba5fb2850389631e2f28f821a2c843ab4f6ab4a11e7cb4daeed789955b637f58c5dd592e17574a739d5033525ea8a579c593d34af845ae6231b256810e68497b3fa1cbd4943eaed0dcd5f08cad3c6a714aecd0bbbf5d38a10745727ef9e6b2335c3c6d260a2bb76bd05cd8c98e8b916d55154b4771aff27b4857c0069872c07ee7164f37070d24aef8bfbd93b06ebb480e2882eec8eb6b5b9af7709ea38abeb730e737dbf6e5f40dc095420e0eaa8083b84f9ad34132201bf7e7f227328c9ec3ec0793a80ccdc20334a06afd3b204fb1508ef6d7d769929739b90324cc6d37f7170527a2936eee69a8c0886a4ef7ab88cb44ed79a36461fa88291198e79ef15c6821d67c7895fbcf4fc8d03ed61039ae1be9369257476a77151a985581f49a837f20cff2984d5891c75c4668b8afec4277704ac2db240d29c5b593439569bc50b60442696dbb2d142575a0abd6b5695c79f98aaf8eb73489ca0b989b872da67e02b105797613577f4f0d4b344d65d66637ca812b2efab56ea6cb4f70f91d4e8806417e57d40332924bf10a378e465870db7e15d5310e3e0e159df5a5b152d976d406447db838588bb9848a58247d41fc268ca50b7f086e564e87dcd6bbacc8acaa01d5859f3e32f2184144e4579e27ba767950583f755bc2b258ae790541686fe4141a45404d90beb1d40f18a4d1ece81025d52f0bbbac6c54c5b83055e0956c555bda4abb32b7598e99ebe1a05193d54a3c3e3a772b95c8b17b4d0728f61280c37180728b00f0ee41a43c29553684687a33331281cb1fb10a5f8e03ed99bdd15bf2b9bcc75efe105e303cc6d767a3748bc4e2ef569712ff7103c606422c2a23bc2c7e8e39f2d564b2c22c3a63cbd8f5e9b65324f52aee4656d9a3a697cdbd9c4491f99983786e52bfd91eae199f97131bda8c779d82666445a17218a0d8c19811a652aa14e0de1ae30529a2e21bc32463a4c103dbf1d95fd02c02843fd7b09e3993b3af3736733fb226506b614d1a1dc2f548473591b97b49d847dc57171c0ed0c6b158656423538270ec5ee8c08a76976702e330aca82bb52273b2a262881dcf4701cb1500c96c0296d3c6dbd6634dbbf02e1b7ddb4daf4181c11d6e3f157fdddee44a073a2eca681c79892877a8620eba4958db1e9729a745c808968d2d9c6da2d6c6807035c77192c9ddfb98218816496b5d212958873970c82464c8c40c9561415b85526761c742429c167bdb460cf2bed6d5a369eb7e4b18ae2efe4e5816b8a8ec714ebcb5a39c415c55840f350c8e53d5be90a23308531db317d5f04e185d43fa32ca978cdae64d49cd09353b919c56e062486aa9257ba1b1d0889ac5d6691d37173370286d1b604fe9163ee768bbbfe2aaeca51a0b02974a89b0d6205f404c1c4a6724056c5310d623af88f88de69be266a37239f177169db0c2375e7ddce4bb1b893762af407a982fe45faeaa755380d4845617f3de6c8f73a3820d4e9075ce59afcd66f0866618bb95f98bf92e3624bf63fce12317967eca90e78d7729008aa56cdc48feb65d6dd983753ec243d2e1822cdd898c2ac31fbd900577e4f093278fd983e72124526975f79e0f48d39cb9861a1b19dc154a6a9328fc9eb78d6549d6c591ab8fba746de4b367c98c49cb2ab891ffc615329f2ef613566b28c54b1b33bda001634519f41bbb4a7b13fb4d9a9244c9098fa0ec8f76f82df168102a8fd338ad1c6b52b5057ca97e837c298d1362057ac60111c2f81ca7b283786255425a183f64f329b1b0ea20c4f1faebb8ea9fb0cb6aa6df6cb0aee5479a9edf90afc345be563e1a19f8b974e69b023edfc0acf5e8078eb2c4ba70e08299415d248ab648c3093e4449cedd8ec1440397d7aa60132b173e3862bd30d8a4c952aa869b88e3b77f520f757e3f54077ff4790d31364e98926a7169ffcf61a04585c30fe7e24b99df2060f19ef521ddc067120b1002dd88c469e242c1a88b777bed2d1ea4f3b5e58435559e72e23b8b0b5900e640686eef38f058c30bfb1250d46c62104b9aed587159df0f9ac7179c6cb493226d448c44da712c697ebcdfc7dfdd5456d2edf9a5914bd13d030a513e3ae426e7ff323d232b678400e403cb02953c2416ff611ebb1e63436d187c2cdcbf12cc3713d3fd4c48b710ddc986da6edc4f3ee6eab4363ca650f4283abae320d936f4c0f2f82deee4d1e0cbe980533abc042076f7f41d1d5623ee01add0aec8ea550040cf775b62cf0cd58fd27fb3ae208550b422128418976b4f0e866db8d031afed8ded3ffb1ca8f668ac264177b3845bd93429ba6db048d2e50a98e32f104abad943e46b39628dbe8def6442782f2c50dde165c0d043794bcffbfd57a11770aa2351de07f097089bccd46903c9c80234598a8bad45b6edef4dc59c8f705012183e4492787777e59c1dfecd2acc8e805d48bbb246c77366ffc495df755aee10b3790ddded081282a7953bd02b06f0f6c74970bdc5c4e8b3e6dcf1e4976a948fdf074ece9061e5d1500372632bd29704845ee76ad074feb08dd105f985d05582d79cd9782f7e3fcc463d839e33e7d588e96083932aa54a5a3687e54893ffd7b6e69234d9fc6ee31f67e5e61e558232414daa439ae7b6c056f8be8579f343a4a90c3d3a53d3deefbf76d7ffbc6bb5526e11409d5032fd515bc21060659b2812b5c23b99e11ea3753ffa979f7a7966c951a8df63fa2c2f42a0d1085ccdf303bd32c328884178ebe882b1ae8d2bd5fc6a691b30bfdac1be6fe917104b13be0a49bd7c428ac1da46d8215f584d95fe30b6d5d6272627de125798458dbcf4ef088cf6936958bd8fcf8cdd4941853d6aedd6dc3ed21e0192d28c48d746081d0cb71149f7ae8ad82bb5fdd90ba9e8edf6e73f01f1ef53e9bce9d33eb05f9e397bc73f4c98a7cb2bf6154f70dcf64fc1d94db033d62e6fc672d40f8b9d83408df07221b9afd060b6d14ed0b2de366be813959414dbfc9196f8b88c4762d5fd634a3141440d84be179834ff7767d6870c54621ff4e8f228ef8a0f8440b39f12b9a08b8e8863d133957e20e1233b8efae1b9d5e417d639328efe3cf9982efb456f2941501e52e8aedb558ffe4f7661dbdb80a1244383774b9bc6918353d1c034fbe4a62d1a56a81efed6de676552c4378c8a718ea596b06b442e8b8eaa0669f130c50e7b71ae1a0b9260419f152535f2fe6d1e34ddd474ce198ed248d7ad443fdcdf815e80ff90b026f12adb2714abaf0be7d5b946a2823a381ee2a2ec27d146785e46fa573f3682cc6034cf6f5baf2dc9060a489d94535911f36a7c4f3472d6c51cc75d64ade40b5dce8457b621d9546c94e068e9031f8e257ab901b78fd01b0352a824731b2acb22f7dd8adc4ad4392936e236c6a2f5ef8f8c96e48c496cd00cdcaae4f790c16b576dcadccb7d363e45a1751478e8e6655e3ac97a18aa20d68de1908ccba90a122ffce25b607e151a9af25b829ec99683969215e6f70dfcdace1e254b3080bdca1e79b551fa2ad07d9fb036153f5bf4f950fb27392976b32ad2b49c2751e030928ae7a3ca8842a6e46a968e602451121438c1a2e1711e8202e5022a51f8065db647057655fa853a7015d84aea79b1be6a72e56014f33860bf6e15319235882d43147ef6040245746645a9141cd17f655d60deb7cc14fc17a41cd19301db06ed11e9e07f47c590bab040b2f3a39b36cbe59d305bcd2ffc2af76024a52a5f988df8bada77930d6077bd11eb91a916636f13870ccb1c3a3ce90eb4f1752ecf6e6d21e5a4db06c183982ea9598dddbb250087dd2c7c55794fbec42eb7c32fc349489c36ac0b7b594e1608ea2275a468c73ba00ae88929be367c7864cc349f8f2287ad1bcb918d4dce94082f313e193322a8ac542dfef504993d8a1d2b3fbf78108e897871dd4a74b87095e3a899b3fd8a13be91c6e13cf88487150dabe7adb20dffed6ac8c0f257d2f95d8387266dd46f51f87cd988c926bab93554bb06654122cfbd40514cc666b76fed49e0a4d628e6f472719f0ca10a6b37a52b542586cbeb8bf8bda17dcdf24aef16113b0671d64fd506a0bc2956f40ad09790c21173a32be7f1d7c80b82e2daac35df35ddeccce1d2c6169d7d64badea7f01b58e6e9e84ce63b73bbdb3b78ea6ab215bf3912c323c87f1450202a3b34595d4a70b7f18a9f305d566183337753a32a580f20ad32e3d86e17f0aec20b29691a5b9246e9c092935e98e7726674936fa6ae4703fa4185111639b2b01dd6b99ea1e5d91536aaf58d00191e0aca733bd7822c933fb8a75e76edc341ebf5f5958ffd767434645d089c43ba732242ba0d9e2208682e85764991967f7faeb7ff54adc87ca8d256ee923a6f72322a82f4f73758e68bd045c0351c20b9688a763d1ae142a2e607f6b758797e59156994e3b14fa13cbab449d7dd00c3b96083efeb744dd4183c8cfe7733051d0c161123dc2f7be570daac8b2562965ad638dcfebb429a1b4b10c71374fa25e6440ca17faa2e45ec993074b7684eaa471a2b88f038908e8684a8c01419b034b15f9497e6bbf5e59a103e1453285685ce8db12eb230a14b034ffe398045c0db93498f83bc2382e77b05ed3b5c4d30a51a6a6304ada35da124972476d269afa6f7bb15b971a16ee747fa72b6d05baa7c6b2c967484193100063aefc20302f0fbac9acfbd45440c9d7920ec199c2c98a8a72b449de078368603ee3c08bda8fdf6ad62110dfb86945cdcf9bbc20679973e8f9d71282f1c31825484264a48564fbf949196b3ff2eadafc5ea3b990580cb160a443a5162196bc65d4d24676757d6cb6a8c7a53dbc1e5d1d05b3ea9616ec82c82f695e037dd9565d0a0763feeadf41fd7ab23ff42b52b2fe3fbf0e7f0fa696c978551adacebe1d37040beb63fa3f34668e897f97a3b27a69fc18b199664eeb7d56d88ea8cf08b8c755c22b2b87f0f475d969934108dddd62a392dea06621787f130c7f43d9acb7302d3ecd624a9336b19d6469f7c970d10b6e3d13739f6312ebb47dc40f4a6fbcc31b8b26441708c08d3ccafc9ebd7bc5c59155b9cf5e7da5f139c4892c86eae26f90c66d6da2fbff7408e9eaa1173e7dd354af2374a43b914305f122ee3b4243541b50ff16cfb079758aea73b9b6bf4b4aee8c4def2a7cc3c83d67d8ca894beab253a1fa0f70d1d0ed17d677c0c70b78dcfc67baaddb0e86d4be93a32522f6ead4e792e9498f3a8389fb42118d52f14ee4b5b71bc0024c914d94035993c5c976dd1c903e69e4874e7c6acefe6915d3b83102bf5088d1da3b700c96c86e4ef88fbbedc4e8991c96a0bc3eb7facc7bc6b70fc4f09add71b156a1e957397ef5327f8223a01405f0087fdcbfed1469e6cdfb70d3247a33f73547a85445e37d70c2593945fa3e650ea2be28e4fdfc2fbe98b95dd70cd058c97f65b9584fb61fa8d22c0ab574edbe1b6c26da8a22005b64b55292ce647c3230ad4"}, 0xfd1, 0x0)
msgctl$IPC_RMID(0x0, 0x0)

[  287.944164] Invalid ELF header magic: != ELF
23:25:29 executing program 4:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fddbdf256000000008000300", @ANYRES32=r0, @ANYBLOB="0600b10016c10000c2002a00dda86ab4c58b31ef20c214fd695619a23f261d69c43b555f528b88f3e17a1abb4a0ac6e5f9ea30c9cb9e1ae3dd6f5c3bc109013f5d9557e38c3f25a3808c61cdf7471b5a0596c4a2d9476278249fcd263ffbd634cfe9f50fdaf857928e6630403ecd8358960e2b7c02e109689e33fee971111054819a4ad75560c8b1b98e1e5b2f7fefa965159f6f39eab7a7c95e0f0d4751067bb73439a6d0de773260766809ebad7057ebfd3fdd6bb0651205d4142e33160802110000010802110000010000"], 0xe8}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchdir(0xffffffffffffffff)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
dup(0xffffffffffffffff)
r2 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x8000009c, 0x5}, 0x3000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1}, 0x3f)
r3 = signalfd4(r2, &(0x7f0000000080)={[0x8]}, 0x8, 0x0)
r4 = syz_io_uring_setup(0x455, &(0x7f0000003a00), &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000003ac0))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x14, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x5, 0x0, r3, &(0x7f0000000440), &(0x7f0000000340)='./file1\x00', 0x8, 0x6000, 0x1, {0x0, r5}}, 0xa50)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

23:25:29 executing program 7:
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
init_module(&(0x7f0000000180)='I\xf3\xa1', 0xffd82, &(0x7f0000000240)='I\xc9\x17`W1\x9bE\xe8\xfcg(]aW\xf6}c\xba\xc9\xbaP\xa4\x10\xaeNl^0\xe9?4:f\xeao\xdd\xefP\xbd\xbc\xa5\x1a\xf9\xdb\x92`\xe2\v1\xab3)\xe2\xbcB$\xe2\x83\xe6\xa6\x7fYP`\xe98K\xf4C\xbd\xbe\xee\x00\xbf\xacL\xe9\xf9|L9\x8f\xb0F\x1f\x0e_\v\xab\xa6Zo\xa0\xda\xd2\xfe\xd5f\xc5\xbb\x86DB\xa3,\xdb\xa7\xca\xa5\t6\x1b\xc6O\x17\xda\xbf')

23:25:29 executing program 3:
msgctl$IPC_SET(0x0, 0x1, 0x0)
msgsnd(0x0, &(0x7f0000000100)={0x3, "6140c64694ad9e1d2b274886eaccfdffd1fd495cf2306c9a1bb38d48c497688e00af240d0e0706471f32c38c4e6975272b1a9b56147f047fb0190dd00769283d7eea1cf8a8eb919dc0cd90955c428e53f89411c1d0076af5e4edd41d64fab200cde22c8436e92001471556973bf9a8a883ca8e229100b490cef7b312428f33d159789831bc84e00de5187b48720482da02356a873293d13ab83a0edeaced2a56d15ddd5065965675ba5fb2850389631e2f28f821a2c843ab4f6ab4a11e7cb4daeed789955b637f58c5dd592e17574a739d5033525ea8a579c593d34af845ae6231b256810e68497b3fa1cbd4943eaed0dcd5f08cad3c6a714aecd0bbbf5d38a10745727ef9e6b2335c3c6d260a2bb76bd05cd8c98e8b916d55154b4771aff27b4857c0069872c07ee7164f37070d24aef8bfbd93b06ebb480e2882eec8eb6b5b9af7709ea38abeb730e737dbf6e5f40dc095420e0eaa8083b84f9ad34132201bf7e7f227328c9ec3ec0793a80ccdc20334a06afd3b204fb1508ef6d7d769929739b90324cc6d37f7170527a2936eee69a8c0886a4ef7ab88cb44ed79a36461fa88291198e79ef15c6821d67c7895fbcf4fc8d03ed61039ae1be9369257476a77151a985581f49a837f20cff2984d5891c75c4668b8afec4277704ac2db240d29c5b593439569bc50b60442696dbb2d142575a0abd6b5695c79f98aaf8eb73489ca0b989b872da67e02b105797613577f4f0d4b344d65d66637ca812b2efab56ea6cb4f70f91d4e8806417e57d40332924bf10a378e465870db7e15d5310e3e0e159df5a5b152d976d406447db838588bb9848a58247d41fc268ca50b7f086e564e87dcd6bbacc8acaa01d5859f3e32f2184144e4579e27ba767950583f755bc2b258ae790541686fe4141a45404d90beb1d40f18a4d1ece81025d52f0bbbac6c54c5b83055e0956c555bda4abb32b7598e99ebe1a05193d54a3c3e3a772b95c8b17b4d0728f61280c37180728b00f0ee41a43c29553684687a33331281cb1fb10a5f8e03ed99bdd15bf2b9bcc75efe105e303cc6d767a3748bc4e2ef569712ff7103c606422c2a23bc2c7e8e39f2d564b2c22c3a63cbd8f5e9b65324f52aee4656d9a3a697cdbd9c4491f99983786e52bfd91eae199f97131bda8c779d82666445a17218a0d8c19811a652aa14e0de1ae30529a2e21bc32463a4c103dbf1d95fd02c02843fd7b09e3993b3af3736733fb226506b614d1a1dc2f548473591b97b49d847dc57171c0ed0c6b158656423538270ec5ee8c08a76976702e330aca82bb52273b2a262881dcf4701cb1500c96c0296d3c6dbd6634dbbf02e1b7ddb4daf4181c11d6e3f157fdddee44a073a2eca681c79892877a8620eba4958db1e9729a745c808968d2d9c6da2d6c6807035c77192c9ddfb98218816496b5d212958873970c82464c8c40c9561415b85526761c742429c167bdb460cf2bed6d5a369eb7e4b18ae2efe4e5816b8a8ec714ebcb5a39c415c55840f350c8e53d5be90a23308531db317d5f04e185d43fa32ca978cdae64d49cd09353b919c56e062486aa9257ba1b1d0889ac5d6691d37173370286d1b604fe9163ee768bbbfe2aaeca51a0b02974a89b0d6205f404c1c4a6724056c5310d623af88f88de69be266a37239f177169db0c2375e7ddce4bb1b893762af407a982fe45faeaa755380d4845617f3de6c8f73a3820d4e9075ce59afcd66f0866618bb95f98bf92e3624bf63fce12317967eca90e78d7729008aa56cdc48feb65d6dd983753ec243d2e1822cdd898c2ac31fbd900577e4f093278fd983e72124526975f79e0f48d39cb9861a1b19dc154a6a9328fc9eb78d6549d6c591ab8fba746de4b367c98c49cb2ab891ffc615329f2ef613566b28c54b1b33bda001634519f41bbb4a7b13fb4d9a9244c9098fa0ec8f76f82df168102a8fd338ad1c6b52b5057ca97e837c298d1362057ac60111c2f81ca7b283786255425a183f64f329b1b0ea20c4f1faebb8ea9fb0cb6aa6df6cb0aee5479a9edf90afc345be563e1a19f8b974e69b023edfc0acf5e8078eb2c4ba70e08299415d248ab648c3093e4449cedd8ec1440397d7aa60132b173e3862bd30d8a4c952aa869b88e3b77f520f757e3f54077ff4790d31364e98926a7169ffcf61a04585c30fe7e24b99df2060f19ef521ddc067120b1002dd88c469e242c1a88b777bed2d1ea4f3b5e58435559e72e23b8b0b5900e640686eef38f058c30bfb1250d46c62104b9aed587159df0f9ac7179c6cb493226d448c44da712c697ebcdfc7dfdd5456d2edf9a5914bd13d030a513e3ae426e7ff323d232b678400e403cb02953c2416ff611ebb1e63436d187c2cdcbf12cc3713d3fd4c48b710ddc986da6edc4f3ee6eab4363ca650f4283abae320d936f4c0f2f82deee4d1e0cbe980533abc042076f7f41d1d5623ee01add0aec8ea550040cf775b62cf0cd58fd27fb3ae208550b422128418976b4f0e866db8d031afed8ded3ffb1ca8f668ac264177b3845bd93429ba6db048d2e50a98e32f104abad943e46b39628dbe8def6442782f2c50dde165c0d043794bcffbfd57a11770aa2351de07f097089bccd46903c9c80234598a8bad45b6edef4dc59c8f705012183e4492787777e59c1dfecd2acc8e805d48bbb246c77366ffc495df755aee10b3790ddded081282a7953bd02b06f0f6c74970bdc5c4e8b3e6dcf1e4976a948fdf074ece9061e5d1500372632bd29704845ee76ad074feb08dd105f985d05582d79cd9782f7e3fcc463d839e33e7d588e96083932aa54a5a3687e54893ffd7b6e69234d9fc6ee31f67e5e61e558232414daa439ae7b6c056f8be8579f343a4a90c3d3a53d3deefbf76d7ffbc6bb5526e11409d5032fd515bc21060659b2812b5c23b99e11ea3753ffa979f7a7966c951a8df63fa2c2f42a0d1085ccdf303bd32c328884178ebe882b1ae8d2bd5fc6a691b30bfdac1be6fe917104b13be0a49bd7c428ac1da46d8215f584d95fe30b6d5d6272627de125798458dbcf4ef088cf6936958bd8fcf8cdd4941853d6aedd6dc3ed21e0192d28c48d746081d0cb71149f7ae8ad82bb5fdd90ba9e8edf6e73f01f1ef53e9bce9d33eb05f9e397bc73f4c98a7cb2bf6154f70dcf64fc1d94db033d62e6fc672d40f8b9d83408df07221b9afd060b6d14ed0b2de366be813959414dbfc9196f8b88c4762d5fd634a3141440d84be179834ff7767d6870c54621ff4e8f228ef8a0f8440b39f12b9a08b8e8863d133957e20e1233b8efae1b9d5e417d639328efe3cf9982efb456f2941501e52e8aedb558ffe4f7661dbdb80a1244383774b9bc6918353d1c034fbe4a62d1a56a81efed6de676552c4378c8a718ea596b06b442e8b8eaa0669f130c50e7b71ae1a0b9260419f152535f2fe6d1e34ddd474ce198ed248d7ad443fdcdf815e80ff90b026f12adb2714abaf0be7d5b946a2823a381ee2a2ec27d146785e46fa573f3682cc6034cf6f5baf2dc9060a489d94535911f36a7c4f3472d6c51cc75d64ade40b5dce8457b621d9546c94e068e9031f8e257ab901b78fd01b0352a824731b2acb22f7dd8adc4ad4392936e236c6a2f5ef8f8c96e48c496cd00cdcaae4f790c16b576dcadccb7d363e45a1751478e8e6655e3ac97a18aa20d68de1908ccba90a122ffce25b607e151a9af25b829ec99683969215e6f70dfcdace1e254b3080bdca1e79b551fa2ad07d9fb036153f5bf4f950fb27392976b32ad2b49c2751e030928ae7a3ca8842a6e46a968e602451121438c1a2e1711e8202e5022a51f8065db647057655fa853a7015d84aea79b1be6a72e56014f33860bf6e15319235882d43147ef6040245746645a9141cd17f655d60deb7cc14fc17a41cd19301db06ed11e9e07f47c590bab040b2f3a39b36cbe59d305bcd2ffc2af76024a52a5f988df8bada77930d6077bd11eb91a916636f13870ccb1c3a3ce90eb4f1752ecf6e6d21e5a4db06c183982ea9598dddbb250087dd2c7c55794fbec42eb7c32fc349489c36ac0b7b594e1608ea2275a468c73ba00ae88929be367c7864cc349f8f2287ad1bcb918d4dce94082f313e193322a8ac542dfef504993d8a1d2b3fbf78108e897871dd4a74b87095e3a899b3fd8a13be91c6e13cf88487150dabe7adb20dffed6ac8c0f257d2f95d8387266dd46f51f87cd988c926bab93554bb06654122cfbd40514cc666b76fed49e0a4d628e6f472719f0ca10a6b37a52b542586cbeb8bf8bda17dcdf24aef16113b0671d64fd506a0bc2956f40ad09790c21173a32be7f1d7c80b82e2daac35df35ddeccce1d2c6169d7d64badea7f01b58e6e9e84ce63b73bbdb3b78ea6ab215bf3912c323c87f1450202a3b34595d4a70b7f18a9f305d566183337753a32a580f20ad32e3d86e17f0aec20b29691a5b9246e9c092935e98e7726674936fa6ae4703fa4185111639b2b01dd6b99ea1e5d91536aaf58d00191e0aca733bd7822c933fb8a75e76edc341ebf5f5958ffd767434645d089c43ba732242ba0d9e2208682e85764991967f7faeb7ff54adc87ca8d256ee923a6f72322a82f4f73758e68bd045c0351c20b9688a763d1ae142a2e607f6b758797e59156994e3b14fa13cbab449d7dd00c3b96083efeb744dd4183c8cfe7733051d0c161123dc2f7be570daac8b2562965ad638dcfebb429a1b4b10c71374fa25e6440ca17faa2e45ec993074b7684eaa471a2b88f038908e8684a8c01419b034b15f9497e6bbf5e59a103e1453285685ce8db12eb230a14b034ffe398045c0db93498f83bc2382e77b05ed3b5c4d30a51a6a6304ada35da124972476d269afa6f7bb15b971a16ee747fa72b6d05baa7c6b2c967484193100063aefc20302f0fbac9acfbd45440c9d7920ec199c2c98a8a72b449de078368603ee3c08bda8fdf6ad62110dfb86945cdcf9bbc20679973e8f9d71282f1c31825484264a48564fbf949196b3ff2eadafc5ea3b990580cb160a443a5162196bc65d4d24676757d6cb6a8c7a53dbc1e5d1d05b3ea9616ec82c82f695e037dd9565d0a0763feeadf41fd7ab23ff42b52b2fe3fbf0e7f0fa696c978551adacebe1d37040beb63fa3f34668e897f97a3b27a69fc18b199664eeb7d56d88ea8cf08b8c755c22b2b87f0f475d969934108dddd62a392dea06621787f130c7f43d9acb7302d3ecd624a9336b19d6469f7c970d10b6e3d13739f6312ebb47dc40f4a6fbcc31b8b26441708c08d3ccafc9ebd7bc5c59155b9cf5e7da5f139c4892c86eae26f90c66d6da2fbff7408e9eaa1173e7dd354af2374a43b914305f122ee3b4243541b50ff16cfb079758aea73b9b6bf4b4aee8c4def2a7cc3c83d67d8ca894beab253a1fa0f70d1d0ed17d677c0c70b78dcfc67baaddb0e86d4be93a32522f6ead4e792e9498f3a8389fb42118d52f14ee4b5b71bc0024c914d94035993c5c976dd1c903e69e4874e7c6acefe6915d3b83102bf5088d1da3b700c96c86e4ef88fbbedc4e8991c96a0bc3eb7facc7bc6b70fc4f09add71b156a1e957397ef5327f8223a01405f0087fdcbfed1469e6cdfb70d3247a33f73547a85445e37d70c2593945fa3e650ea2be28e4fdfc2fbe98b95dd70cd058c97f65b9584fb61fa8d22c0ab574edbe1b6c26da8a22005b64b55292ce647c3230ad4"}, 0xfd1, 0x0)
msgctl$IPC_RMID(0x0, 0x0)

23:25:29 executing program 5:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fddbdf256000000008000300", @ANYRES32=r0, @ANYBLOB="0600b10016c10000c2002a00dda86ab4c58b31ef20c214fd695619a23f261d69c43b555f528b88f3e17a1abb4a0ac6e5f9ea30c9cb9e1ae3dd6f5c3bc109013f5d9557e38c3f25a3808c61cdf7471b5a0596c4a2d9476278249fcd263ffbd634cfe9f50fdaf857928e6630403ecd8358960e2b7c02e109689e33fee971111054819a4ad75560c8b1b98e1e5b2f7fefa965159f6f39eab7a7c95e0f0d4751067bb73439a6d0de773260766809ebad7057ebfd3fdd6bb0651205d4142e33160802110000010802110000010000"], 0xe8}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchdir(0xffffffffffffffff)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
dup(0xffffffffffffffff)
r2 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x8000009c, 0x5}, 0x3000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1}, 0x3f)
r3 = signalfd4(r2, &(0x7f0000000080)={[0x8]}, 0x8, 0x0)
r4 = syz_io_uring_setup(0x455, &(0x7f0000003a00), &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000003ac0))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x14, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x5, 0x0, r3, &(0x7f0000000440), &(0x7f0000000340)='./file1\x00', 0x8, 0x6000, 0x1, {0x0, r5}}, 0xa50)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

23:25:29 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$9p_tcp(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={'trans=tcp,', {}, 0x2c, {[{@privport}]}})

23:25:29 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000001480)={0x0, 0x0, 0xffffff8f})

23:25:29 executing program 2:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fddbdf256000000008000300", @ANYRES32=r0, @ANYBLOB="0600b10016c10000c2002a00dda86ab4c58b31ef20c214fd695619a23f261d69c43b555f528b88f3e17a1abb4a0ac6e5f9ea30c9cb9e1ae3dd6f5c3bc109013f5d9557e38c3f25a3808c61cdf7471b5a0596c4a2d9476278249fcd263ffbd634cfe9f50fdaf857928e6630403ecd8358960e2b7c02e109689e33fee971111054819a4ad75560c8b1b98e1e5b2f7fefa965159f6f39eab7a7c95e0f0d4751067bb73439a6d0de773260766809ebad7057ebfd3fdd6bb0651205d4142e33160802110000010802110000010000"], 0xe8}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchdir(0xffffffffffffffff)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
dup(0xffffffffffffffff)
r2 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x8000009c, 0x5}, 0x3000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1}, 0x3f)
r3 = signalfd4(r2, &(0x7f0000000080)={[0x8]}, 0x8, 0x0)
r4 = syz_io_uring_setup(0x455, &(0x7f0000003a00), &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000003ac0))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x14, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x5, 0x0, r3, &(0x7f0000000440), &(0x7f0000000340)='./file1\x00', 0x8, 0x6000, 0x1, {0x0, r5}}, 0xa50)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

23:25:29 executing program 0:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3)

[  288.758396] Invalid ELF header magic: != ELF
[  288.760748] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  288.772494] 9pnet_fd: p9_fd_create_tcp (12009): problem connecting socket to 127.0.0.1
[  288.784261] 9pnet_fd: p9_fd_create_tcp (12009): problem connecting socket to 127.0.0.1
23:25:29 executing program 6:
inotify_init()
r0 = syz_open_procfs(0x0, &(0x7f0000000980)='fdinfo/3\x00')
pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0)

23:25:29 executing program 3:
msgctl$IPC_SET(0x0, 0x1, 0x0)
msgsnd(0x0, &(0x7f0000000100)={0x3, "6140c64694ad9e1d2b274886eaccfdffd1fd495cf2306c9a1bb38d48c497688e00af240d0e0706471f32c38c4e6975272b1a9b56147f047fb0190dd00769283d7eea1cf8a8eb919dc0cd90955c428e53f89411c1d0076af5e4edd41d64fab200cde22c8436e92001471556973bf9a8a883ca8e229100b490cef7b312428f33d159789831bc84e00de5187b48720482da02356a873293d13ab83a0edeaced2a56d15ddd5065965675ba5fb2850389631e2f28f821a2c843ab4f6ab4a11e7cb4daeed789955b637f58c5dd592e17574a739d5033525ea8a579c593d34af845ae6231b256810e68497b3fa1cbd4943eaed0dcd5f08cad3c6a714aecd0bbbf5d38a10745727ef9e6b2335c3c6d260a2bb76bd05cd8c98e8b916d55154b4771aff27b4857c0069872c07ee7164f37070d24aef8bfbd93b06ebb480e2882eec8eb6b5b9af7709ea38abeb730e737dbf6e5f40dc095420e0eaa8083b84f9ad34132201bf7e7f227328c9ec3ec0793a80ccdc20334a06afd3b204fb1508ef6d7d769929739b90324cc6d37f7170527a2936eee69a8c0886a4ef7ab88cb44ed79a36461fa88291198e79ef15c6821d67c7895fbcf4fc8d03ed61039ae1be9369257476a77151a985581f49a837f20cff2984d5891c75c4668b8afec4277704ac2db240d29c5b593439569bc50b60442696dbb2d142575a0abd6b5695c79f98aaf8eb73489ca0b989b872da67e02b105797613577f4f0d4b344d65d66637ca812b2efab56ea6cb4f70f91d4e8806417e57d40332924bf10a378e465870db7e15d5310e3e0e159df5a5b152d976d406447db838588bb9848a58247d41fc268ca50b7f086e564e87dcd6bbacc8acaa01d5859f3e32f2184144e4579e27ba767950583f755bc2b258ae790541686fe4141a45404d90beb1d40f18a4d1ece81025d52f0bbbac6c54c5b83055e0956c555bda4abb32b7598e99ebe1a05193d54a3c3e3a772b95c8b17b4d0728f61280c37180728b00f0ee41a43c29553684687a33331281cb1fb10a5f8e03ed99bdd15bf2b9bcc75efe105e303cc6d767a3748bc4e2ef569712ff7103c606422c2a23bc2c7e8e39f2d564b2c22c3a63cbd8f5e9b65324f52aee4656d9a3a697cdbd9c4491f99983786e52bfd91eae199f97131bda8c779d82666445a17218a0d8c19811a652aa14e0de1ae30529a2e21bc32463a4c103dbf1d95fd02c02843fd7b09e3993b3af3736733fb226506b614d1a1dc2f548473591b97b49d847dc57171c0ed0c6b158656423538270ec5ee8c08a76976702e330aca82bb52273b2a262881dcf4701cb1500c96c0296d3c6dbd6634dbbf02e1b7ddb4daf4181c11d6e3f157fdddee44a073a2eca681c79892877a8620eba4958db1e9729a745c808968d2d9c6da2d6c6807035c77192c9ddfb98218816496b5d212958873970c82464c8c40c9561415b85526761c742429c167bdb460cf2bed6d5a369eb7e4b18ae2efe4e5816b8a8ec714ebcb5a39c415c55840f350c8e53d5be90a23308531db317d5f04e185d43fa32ca978cdae64d49cd09353b919c56e062486aa9257ba1b1d0889ac5d6691d37173370286d1b604fe9163ee768bbbfe2aaeca51a0b02974a89b0d6205f404c1c4a6724056c5310d623af88f88de69be266a37239f177169db0c2375e7ddce4bb1b893762af407a982fe45faeaa755380d4845617f3de6c8f73a3820d4e9075ce59afcd66f0866618bb95f98bf92e3624bf63fce12317967eca90e78d7729008aa56cdc48feb65d6dd983753ec243d2e1822cdd898c2ac31fbd900577e4f093278fd983e72124526975f79e0f48d39cb9861a1b19dc154a6a9328fc9eb78d6549d6c591ab8fba746de4b367c98c49cb2ab891ffc615329f2ef613566b28c54b1b33bda001634519f41bbb4a7b13fb4d9a9244c9098fa0ec8f76f82df168102a8fd338ad1c6b52b5057ca97e837c298d1362057ac60111c2f81ca7b283786255425a183f64f329b1b0ea20c4f1faebb8ea9fb0cb6aa6df6cb0aee5479a9edf90afc345be563e1a19f8b974e69b023edfc0acf5e8078eb2c4ba70e08299415d248ab648c3093e4449cedd8ec1440397d7aa60132b173e3862bd30d8a4c952aa869b88e3b77f520f757e3f54077ff4790d31364e98926a7169ffcf61a04585c30fe7e24b99df2060f19ef521ddc067120b1002dd88c469e242c1a88b777bed2d1ea4f3b5e58435559e72e23b8b0b5900e640686eef38f058c30bfb1250d46c62104b9aed587159df0f9ac7179c6cb493226d448c44da712c697ebcdfc7dfdd5456d2edf9a5914bd13d030a513e3ae426e7ff323d232b678400e403cb02953c2416ff611ebb1e63436d187c2cdcbf12cc3713d3fd4c48b710ddc986da6edc4f3ee6eab4363ca650f4283abae320d936f4c0f2f82deee4d1e0cbe980533abc042076f7f41d1d5623ee01add0aec8ea550040cf775b62cf0cd58fd27fb3ae208550b422128418976b4f0e866db8d031afed8ded3ffb1ca8f668ac264177b3845bd93429ba6db048d2e50a98e32f104abad943e46b39628dbe8def6442782f2c50dde165c0d043794bcffbfd57a11770aa2351de07f097089bccd46903c9c80234598a8bad45b6edef4dc59c8f705012183e4492787777e59c1dfecd2acc8e805d48bbb246c77366ffc495df755aee10b3790ddded081282a7953bd02b06f0f6c74970bdc5c4e8b3e6dcf1e4976a948fdf074ece9061e5d1500372632bd29704845ee76ad074feb08dd105f985d05582d79cd9782f7e3fcc463d839e33e7d588e96083932aa54a5a3687e54893ffd7b6e69234d9fc6ee31f67e5e61e558232414daa439ae7b6c056f8be8579f343a4a90c3d3a53d3deefbf76d7ffbc6bb5526e11409d5032fd515bc21060659b2812b5c23b99e11ea3753ffa979f7a7966c951a8df63fa2c2f42a0d1085ccdf303bd32c328884178ebe882b1ae8d2bd5fc6a691b30bfdac1be6fe917104b13be0a49bd7c428ac1da46d8215f584d95fe30b6d5d6272627de125798458dbcf4ef088cf6936958bd8fcf8cdd4941853d6aedd6dc3ed21e0192d28c48d746081d0cb71149f7ae8ad82bb5fdd90ba9e8edf6e73f01f1ef53e9bce9d33eb05f9e397bc73f4c98a7cb2bf6154f70dcf64fc1d94db033d62e6fc672d40f8b9d83408df07221b9afd060b6d14ed0b2de366be813959414dbfc9196f8b88c4762d5fd634a3141440d84be179834ff7767d6870c54621ff4e8f228ef8a0f8440b39f12b9a08b8e8863d133957e20e1233b8efae1b9d5e417d639328efe3cf9982efb456f2941501e52e8aedb558ffe4f7661dbdb80a1244383774b9bc6918353d1c034fbe4a62d1a56a81efed6de676552c4378c8a718ea596b06b442e8b8eaa0669f130c50e7b71ae1a0b9260419f152535f2fe6d1e34ddd474ce198ed248d7ad443fdcdf815e80ff90b026f12adb2714abaf0be7d5b946a2823a381ee2a2ec27d146785e46fa573f3682cc6034cf6f5baf2dc9060a489d94535911f36a7c4f3472d6c51cc75d64ade40b5dce8457b621d9546c94e068e9031f8e257ab901b78fd01b0352a824731b2acb22f7dd8adc4ad4392936e236c6a2f5ef8f8c96e48c496cd00cdcaae4f790c16b576dcadccb7d363e45a1751478e8e6655e3ac97a18aa20d68de1908ccba90a122ffce25b607e151a9af25b829ec99683969215e6f70dfcdace1e254b3080bdca1e79b551fa2ad07d9fb036153f5bf4f950fb27392976b32ad2b49c2751e030928ae7a3ca8842a6e46a968e602451121438c1a2e1711e8202e5022a51f8065db647057655fa853a7015d84aea79b1be6a72e56014f33860bf6e15319235882d43147ef6040245746645a9141cd17f655d60deb7cc14fc17a41cd19301db06ed11e9e07f47c590bab040b2f3a39b36cbe59d305bcd2ffc2af76024a52a5f988df8bada77930d6077bd11eb91a916636f13870ccb1c3a3ce90eb4f1752ecf6e6d21e5a4db06c183982ea9598dddbb250087dd2c7c55794fbec42eb7c32fc349489c36ac0b7b594e1608ea2275a468c73ba00ae88929be367c7864cc349f8f2287ad1bcb918d4dce94082f313e193322a8ac542dfef504993d8a1d2b3fbf78108e897871dd4a74b87095e3a899b3fd8a13be91c6e13cf88487150dabe7adb20dffed6ac8c0f257d2f95d8387266dd46f51f87cd988c926bab93554bb06654122cfbd40514cc666b76fed49e0a4d628e6f472719f0ca10a6b37a52b542586cbeb8bf8bda17dcdf24aef16113b0671d64fd506a0bc2956f40ad09790c21173a32be7f1d7c80b82e2daac35df35ddeccce1d2c6169d7d64badea7f01b58e6e9e84ce63b73bbdb3b78ea6ab215bf3912c323c87f1450202a3b34595d4a70b7f18a9f305d566183337753a32a580f20ad32e3d86e17f0aec20b29691a5b9246e9c092935e98e7726674936fa6ae4703fa4185111639b2b01dd6b99ea1e5d91536aaf58d00191e0aca733bd7822c933fb8a75e76edc341ebf5f5958ffd767434645d089c43ba732242ba0d9e2208682e85764991967f7faeb7ff54adc87ca8d256ee923a6f72322a82f4f73758e68bd045c0351c20b9688a763d1ae142a2e607f6b758797e59156994e3b14fa13cbab449d7dd00c3b96083efeb744dd4183c8cfe7733051d0c161123dc2f7be570daac8b2562965ad638dcfebb429a1b4b10c71374fa25e6440ca17faa2e45ec993074b7684eaa471a2b88f038908e8684a8c01419b034b15f9497e6bbf5e59a103e1453285685ce8db12eb230a14b034ffe398045c0db93498f83bc2382e77b05ed3b5c4d30a51a6a6304ada35da124972476d269afa6f7bb15b971a16ee747fa72b6d05baa7c6b2c967484193100063aefc20302f0fbac9acfbd45440c9d7920ec199c2c98a8a72b449de078368603ee3c08bda8fdf6ad62110dfb86945cdcf9bbc20679973e8f9d71282f1c31825484264a48564fbf949196b3ff2eadafc5ea3b990580cb160a443a5162196bc65d4d24676757d6cb6a8c7a53dbc1e5d1d05b3ea9616ec82c82f695e037dd9565d0a0763feeadf41fd7ab23ff42b52b2fe3fbf0e7f0fa696c978551adacebe1d37040beb63fa3f34668e897f97a3b27a69fc18b199664eeb7d56d88ea8cf08b8c755c22b2b87f0f475d969934108dddd62a392dea06621787f130c7f43d9acb7302d3ecd624a9336b19d6469f7c970d10b6e3d13739f6312ebb47dc40f4a6fbcc31b8b26441708c08d3ccafc9ebd7bc5c59155b9cf5e7da5f139c4892c86eae26f90c66d6da2fbff7408e9eaa1173e7dd354af2374a43b914305f122ee3b4243541b50ff16cfb079758aea73b9b6bf4b4aee8c4def2a7cc3c83d67d8ca894beab253a1fa0f70d1d0ed17d677c0c70b78dcfc67baaddb0e86d4be93a32522f6ead4e792e9498f3a8389fb42118d52f14ee4b5b71bc0024c914d94035993c5c976dd1c903e69e4874e7c6acefe6915d3b83102bf5088d1da3b700c96c86e4ef88fbbedc4e8991c96a0bc3eb7facc7bc6b70fc4f09add71b156a1e957397ef5327f8223a01405f0087fdcbfed1469e6cdfb70d3247a33f73547a85445e37d70c2593945fa3e650ea2be28e4fdfc2fbe98b95dd70cd058c97f65b9584fb61fa8d22c0ab574edbe1b6c26da8a22005b64b55292ce647c3230ad4"}, 0xfd1, 0x0)
msgctl$IPC_RMID(0x0, 0x0)

23:25:29 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$9p_tcp(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={'trans=tcp,', {}, 0x2c, {[{@privport}]}})

23:25:29 executing program 7:
perf_event_open(&(0x7f0000001400)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff86d88ffd}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

23:25:29 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)

[  288.884453] 9pnet_fd: p9_fd_create_tcp (12020): problem connecting socket to 127.0.0.1
23:25:29 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x80)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

23:25:29 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="cdf200000000000000008c00000008000300", @ANYRES32=r3], 0x28}}, 0x0)

23:25:29 executing program 6:
inotify_init()
r0 = syz_open_procfs(0x0, &(0x7f0000000980)='fdinfo/3\x00')
pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0)

[  288.982482] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'.
[  289.002309] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'.
23:25:30 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x80)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

23:25:30 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup2(r0, r2)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r4, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r5, 0x0, &(0x7f0000000000), 0x0, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x13, r3, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)

23:25:30 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

23:25:30 executing program 6:
inotify_init()
r0 = syz_open_procfs(0x0, &(0x7f0000000980)='fdinfo/3\x00')
pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0)

23:25:30 executing program 2:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmmsg$inet6(r0, &(0x7f0000003440)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, &(0x7f0000001240)=[{&(0x7f0000000100)="c1c4f3ee", 0x4}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="2800000000000000290000000b0000000001"], 0x28}}], 0x1, 0x0)

23:25:30 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)

23:25:30 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$9p_tcp(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={'trans=tcp,', {}, 0x2c, {[{@privport}]}})

[  289.903428] 9pnet_fd: p9_fd_create_tcp (12051): problem connecting socket to 127.0.0.1
23:25:30 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x80)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

23:25:30 executing program 6:
inotify_init()
r0 = syz_open_procfs(0x0, &(0x7f0000000980)='fdinfo/3\x00')
pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0)

23:25:30 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$9p_tcp(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={'trans=tcp,', {}, 0x2c, {[{@privport}]}})

23:25:30 executing program 4:
r0 = memfd_create(&(0x7f0000001b80)='(\xc8\xf5\x82j\xca', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x7fffffffffffffff})

23:25:30 executing program 2:
syz_open_dev$vcsa(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000340), 0xffffffffffffffff)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
sendmsg$IEEE802154_ASSOCIATE_RESP(0xffffffffffffffff, 0x0, 0x0)

23:25:30 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

23:25:30 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup2(r0, r2)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r4, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r5, 0x0, &(0x7f0000000000), 0x0, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x13, r3, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)

23:25:30 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)

23:25:30 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x80)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

[  290.027835] 9pnet_fd: p9_fd_create_tcp (12058): problem connecting socket to 127.0.0.1
23:25:31 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup2(r0, r2)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r4, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r5, 0x0, &(0x7f0000000000), 0x0, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x13, r3, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)

23:25:31 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

23:25:31 executing program 2:
prctl$PR_SET_NAME(0xf, 0x0)

23:25:31 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0)

23:25:31 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = dup2(r0, r0)
bind$bt_sco(r1, &(0x7f0000000080)={0x1f, @none}, 0x8)
bind$bt_sco(r0, &(0x7f0000000100)={0x1f, @fixed}, 0x8)

23:25:31 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)

23:25:31 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x2800)

23:25:31 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
poll(&(0x7f00000007c0)=[{r0}], 0x1, 0x5)

23:25:31 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000ac0), 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff)

23:25:31 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

23:25:31 executing program 0:
r0 = shmget$private(0x0, 0x5000, 0x0, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0xf000)
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x12)

23:25:31 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup2(r0, r2)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r4, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r5, 0x0, &(0x7f0000000000), 0x0, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x13, r3, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)

23:25:31 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000040))
r1 = syz_open_pts(r0, 0x0)
close(r1)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000000040))
r3 = syz_open_pts(r2, 0x0)
close(r3)
ppoll(&(0x7f0000000200)=[{r1}], 0x1, 0x0, 0x0, 0x0)

23:25:31 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@dev, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000040)=0x20)

23:25:31 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0)

23:25:31 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
poll(&(0x7f00000007c0)=[{r0}], 0x1, 0x5)

23:25:31 executing program 2:
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000b40), &(0x7f0000000b80)={'enc=', 'pkcs1', ' hash=', {'sha3-224-generic\x00'}}, 0x0, 0x0)

23:25:31 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)

23:25:31 executing program 4:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40086607, &(0x7f0000000000))

23:25:31 executing program 2:
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETVNETLE(r0, 0x400454e2, &(0x7f0000000080))

23:25:31 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)

23:25:31 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x5c, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x34, 0x8, 0x0, 0x1, [{0x30, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x5c}}, 0x0)

23:25:31 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0)

23:25:31 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
poll(&(0x7f00000007c0)=[{r0}], 0x1, 0x5)

23:25:31 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x2, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}})
fork()

23:25:31 executing program 5:
clock_gettime(0xb, &(0x7f0000001a40))

23:25:31 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)

23:25:31 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x5c, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x34, 0x8, 0x0, 0x1, [{0x30, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x5c}}, 0x0)

23:25:31 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
poll(&(0x7f00000007c0)=[{r0}], 0x1, 0x5)

23:25:31 executing program 2:
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETVNETLE(r0, 0x400454e2, &(0x7f0000000080))

23:25:31 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0)

23:25:31 executing program 5:
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETVNETLE(r0, 0x400454e2, &(0x7f0000000080))

23:25:31 executing program 4:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40086607, &(0x7f0000000000))

23:25:31 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)

23:25:31 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x5c, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x34, 0x8, 0x0, 0x1, [{0x30, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x5c}}, 0x0)

23:25:31 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000002fc0)={0x24, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @nested={0x4}, @nested={0x4, 0x16}]}, 0x24}], 0x1}, 0x0)

23:25:31 executing program 5:
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETVNETLE(r0, 0x400454e2, &(0x7f0000000080))

23:25:31 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000001a00)=ANY=[@ANYBLOB="2f0100000080003799"], 0x18)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8)

23:25:31 executing program 0:
r0 = syz_io_uring_setup(0x77bc, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000001240))
r1 = fcntl$dupfd(r0, 0x0, r0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000000380)=[{0x0}], 0x1)

23:25:31 executing program 4:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40086607, &(0x7f0000000000))

23:25:31 executing program 2:
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETVNETLE(r0, 0x400454e2, &(0x7f0000000080))

23:25:31 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x5c, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x34, 0x8, 0x0, 0x1, [{0x30, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x5c}}, 0x0)

23:25:31 executing program 7:
epoll_create1(0xa766cf74be11bd26)

23:25:31 executing program 0:
r0 = syz_io_uring_setup(0x77bc, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000001240))
r1 = fcntl$dupfd(r0, 0x0, r0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000000380)=[{0x0}], 0x1)

23:25:31 executing program 4:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40086607, &(0x7f0000000000))

23:25:31 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000004540)={0x0, 0x0, &(0x7f00000044c0)=[{&(0x7f0000000000)={0x28, 0x26, 0x303, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @generic="ec0402d0865d9466e71f4fd442"]}, 0x28}], 0x1}, 0x0)

23:25:31 executing program 5:
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETVNETLE(r0, 0x400454e2, &(0x7f0000000080))

23:25:31 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x14, &(0x7f0000000100), 0x8)

23:25:32 executing program 0:
r0 = syz_io_uring_setup(0x77bc, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000001240))
r1 = fcntl$dupfd(r0, 0x0, r0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000000380)=[{0x0}], 0x1)

23:25:32 executing program 7:
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/8250_pci', 0x412001, 0x0)

[  291.095416] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'.
23:25:32 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='$', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000140)='asymmetric\x00', &(0x7f0000000100))
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffc, r1, 0x0)

23:25:32 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0)

[  291.122618] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'.
23:25:32 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x80003, 0xa)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @private}, 0x10)

23:25:32 executing program 4:
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x18d101, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x5})

23:25:32 executing program 2:
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETVNETLE(r0, 0x400454e2, &(0x7f0000000080))

23:25:32 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000004540)={0x0, 0x0, &(0x7f00000044c0)=[{&(0x7f0000000000)={0x28, 0x26, 0x303, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @generic="ec0402d0865d9466e71f4fd442"]}, 0x28}], 0x1}, 0x0)

23:25:32 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x163002)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0)

23:25:32 executing program 3:
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
fallocate(r0, 0x0, 0x0, 0x1)

23:25:32 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x44a, &(0x7f0000000000)={0x0, 0x0, 0x2})
io_uring_enter(r0, 0x0, 0xcbffffff, 0x3, 0x0, 0x0)

23:25:32 executing program 0:
r0 = syz_io_uring_setup(0x77bc, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000001240))
r1 = fcntl$dupfd(r0, 0x0, r0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000000380)=[{0x0}], 0x1)

[  291.292914] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'.
23:25:32 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000004540)={0x0, 0x0, &(0x7f00000044c0)=[{&(0x7f0000000000)={0x28, 0x26, 0x303, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @generic="ec0402d0865d9466e71f4fd442"]}, 0x28}], 0x1}, 0x0)

23:25:32 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x163002)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0)

23:25:32 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0)
getsockopt$packet_buf(r0, 0x107, 0xb, &(0x7f00000000c0)=""/97, &(0x7f0000000140)=0x61)

23:25:32 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(0x0, 0x84, 0x0, 0x0, 0x0, 0x0)

23:25:32 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getresgid(&(0x7f0000000240), 0x0, 0x0)

23:25:32 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x44a, &(0x7f0000000000)={0x0, 0x0, 0x2})
io_uring_enter(r0, 0x0, 0xcbffffff, 0x3, 0x0, 0x0)

23:25:32 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x540a, 0x2)

23:25:32 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a4", 0x1f0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
r2 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r2, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r2, 0x4, 0x44000)
sendfile(r2, r3, 0x0, 0xfdef)
sendfile(r0, r1, 0x0, 0xfdef)

[  291.422911] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'.
23:25:32 executing program 0:
syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$cgroup(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000540), 0x0, &(0x7f0000000580)={[{@release_agent={'release_agent', 0x3d, './file0'}}, {@none}]})

[  291.484025] cgroup: Need name or subsystem set
[  291.487896] cgroup: Need name or subsystem set
23:25:32 executing program 3:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000001080)="c36d2c4f35c42a7cf52cc6a23a609fc2fb5bef7d5a1300dfc5e1fdbd8764ab9883ad9bed49a61e138d85ecdcedfa140291268b63057f5e130570cdd15ccc394ec8d82eca06f154cbae6684b60452d9d521b9fb85128c4a2324bdcf4f804f250b952a10df4b2c454c2d0f9719b9934c5186628a78e1a4aa9c95fe210f1ade2874d77a3f1ae71b7dd577a74105f10b21063a0b8e956f32d45e044b35c80b7d8f295e36600af05a26fe71ea7be3c416a2b716dd96137fd74b4110c3276975d9913ddfb5cb60af5898ff5ee46bde5b476d1368b2f60da0093bd6a8c4b837b7175a3cc7980a4d86ff4b634d35fecfe95b17e838d44cac1dce9bed7782462cff40dad83b68d42622df3be75160030210214c69b61069a656c77d0be673f54343ea17d5b17dc3edca009a53db7bff10d06100fe86fbc4b97613643dc2ad767494bbd466bfbad877b668a45c744650bb7ac6307571a7f7d7bd2f73d0b34799dd1c2d928647f0b7a398bd40ec9f220dd342c48cfd238bff2bac5fd65a2cfb8e2aadd7081052f4d0306b28d74aeb85195d0efe48fbfa00eeaa0b3feb4d98735a73023863ee7b7286548524fa415cb4e698653287bd02bbf76faef8c5dedc3b121a6f19b9cce71bf4e98e37e61a81ad2dc15530975cd6b974a3060b828bc59bfc0c89ddf83ffad8d9ebafc2847db14a2749b65a5f5c39a94b80ed2e3e235e168fbab6cbf7edb101fda38ae2da5400d294e6258eebbd289b156e1c1efabd891f5b67ac7d990b147b29cb4ad38f5b7849f7c69ec62ad9e19f0629c05a4ce8d315edc7ee1fe242f693855e5db82946fa36d69860d9da06911d094ab48d36d3d784e1c21e4134f4e29df72c9ce8ac68fd7ae9d33ebcef8ee1376e11b7989c05cd9ddf9438ed5d10aabe7948d1ca7264df19d87c25c2d99a36de57d6d73f3bddbab956762a474d11d328caf59c5f0b9ab41c295fc6db0e85a876f899e0cf481ffe2c0467e88b3d1ce8129a439bf445f3ee7354cbadbc6b402f7194d58d39d47c18a2bc48a07da46ed715d45cbf83e1fa3307a0ed18aae4334a896d481d842089c8e61332c64584be9399b43bdb132caf0edaf953d059830ecb48157c7bd623ea18273b0ac0b7cccb73f4fcc5c7b41d58a2f4fdb7af199002be0b89cad485aa381f3180afddf902f171ebec8d290cbe991ed2e5d72305081a174340a32cf8a6a1c84062d5d93ab1156e66442b2aef758833da87f1e46baaeb044c444df419f392dcf3bd2dbe5591a00ba525381152ec7880cdadb0f539ece40b6f78f05c36073412558d6c38f92999540f560d3e7b9cb0230b74d13c5abdbeb9ca0088251030bfe14df9468c586256755f1a915721bce7420cff472c748861a8e73e46a2724e71ef7d9d02a2b5ccbe3400a2fffd6583bf013200ca47e9789f6ec5c0df9baad17a6e8e7ba2257b9960a6d1ddf36d18c57d3eaf7f79644e0386798a086334a1f208ea20f4696d8a266a2abf31a3b462f0a59845e8903b5714a284e89802d1493fe3f39e018795a8588adb97f6398c59035b82467a360a3d553b9bbc6cdabb682f1cb0ad8c9ca21af3b91c14e6ca85074da6745d268864c5f8dab183d5604a24adffa88f42336e7d77be672e178e2183756cdcd4ba5cf4e82e734012cfe5935d3bc08e6d959bd0d87be37791cdd5a9867c016ae8eeee4512ffbab65d590a9b754f743404cd9312714fa05bb0f79d70d1782e39cb2138027be7438de370d229f326898521a038358985331f2230101014d72e8ac8f9c2c47c4f039c8bd6793e39423e7958a82a1294fa4cc839bb5c3ea744869698ed417e340041d69e6abdc3b637c4a942176704a26beb9914cda4577994e17c3feba226d9ca56dcbe95bfdc88de0947548e890ee0c6ebb758445786b34473ea948c193179dba31349e014bdade2cb419679417c8efbe8d44ff847eee8173df7a9015df62628be01319161a1a9f165ceaf67e74030906ccfad489c14687d4ff3a647f24dfe8035caf0f8ec14cbbc949d5c849755f6d9a05f2ca0f9f251f759927344b8a1d8f39226b734face50284442cdbdc729f7276d21fa8984fa11fe834fbcf5b1febd5c53eca0feebb664645521f6f9df8d941cf2e9b31c8224166ca65732d29671216d90a297138c461849e984183431bcee15a413f39915f5dbe9664aee2ae585d053b317c9c1e06c6f6626d390de7a9ae18a76a0f130c1de7f9e7ad0a98943dc8d0313d3d85b7016a5eb845e1a418e58f297ff567ebe93246048e03b481fd572877f34b17738e002582db3016537b294cbd98274f13c4e2d822a207bc00fde8f7f157573ddb22de9e0f1015eec136fe71d90527e33d445c3924e89abb740a33e55d3155467b01ae6544b71edf52ddc9ba6895bccc129854517263edb18938ed5aa32745dcb075c61216ea7071e10e7d394920fa70c82b9011bf69ca26955218d22d1d9f1f65bd3a8a710a61392f0642f757cc382042e1f6f2cd04029db53edc8bc075c05b898afe05fd6fa14eccea36fec04e522706cbc13c21ab4d173067a43bca9cc026dfd348b454f1e6a17823d56d470af640f6632b2e59d9ff2f5c9e0f68125185a11c45ab50509239b71e1becd61c0223603e86c84eed4754c58dc060ba8f6348b2df8fccc679ec139e473326a6cd4486d6cd4768747dec44beea7b5e6950cb020dfae00046546d36392281481fa6aaf8a40810aa77ec16d404a8f3948b1736d1113f2b0cda29b96de3a404e8304418b6e99be36cd2ac736057a0f5f5676499da4acd5e73227e368d5555a0f1dd09307c45513f544785f6551087b060dfb539441386e2363f281c44b0a5096521e8ea0873a926f3b25f6044d5a843d63b0ab46b37af042ea2bc16e9dad73a8e4a25c6689a5b18b00d7b9686e59a5707b627f2b9c566a3a0c3b075c818f3b30716b2acac78bf1f84689c99eda60c981fab2285d4f62fa1d96163abf96ecd5567412740ecb7693e87022ac60566e0752e03bf263ba49902e85ced8598e818999f4214c0a272443eed8b6cde8af63c9f902bd20eb122f4d40e6ee6db25529684296700bada251a18d7fa2df177cedd504a1840e3e87e5b098b09202208782d9e72ce0b1c9eccfa717111682d6dffe10b2d60339f303a679c08efaddc89c3c2ca42a30f8be8ee1fa02695c485e29e433e98e334606e47783fcd6367abd52657863239e4ed1c7157e32b5b27c2d7b8cad8feb2533e307375478c38796e4f97a371fe3ed0b7707dd00355a116a9c877e4178040d7126381e106b5603d7a9c5d7b1c85243441bc0225f9aa05630dc30cbc4f9f77675aa617d816a4a6757649be9d99d137c6f79c764257348471cc04c2411773fe52014d32605a4f19f82aacc95fccd559eed4e772559ce3327d5380032a11fce736c84fa7962ff25848e60a71e0a5ec4bb8965be66ab569388c57b885daba36661a744427052358684084e786489e48f23143cf6e4cc747fafd8bcbb52307a1faa4ba75fd71d01076dbf29b743f2133936e1199d3de1fe67b030acf152f8b4e4f9e2d04765812a7a97a3bb08e19ec115960b60e5bac64bd551485b67bcda30932db1a27cc56e21a38bbd9c5f08d98e962d8ab023ddc4325d3d7a3ff2e03f5919e61edb104686468b0cd3d1c903854e7458a2b25fa642745ed7c822b3166d03e6e0e3cb5653919ac0965a7d37b50827a9a2bd292552c06c960bd6f4120e92be3f70e3f91f78ef254b02af8b1af1948dd9be10bc6b3e6112dff8fb043907c56e387f68b4da691d9f58fdc6b098cab39cd1f6d1bce7f596f9156043254c7c757f7138ca54db524f1c783fe81be990b08cde59c5618ed39fd7045fdd96cf01fd7e06dc2d3b6039d3a42b4d98881f844c33383f965dd6ac1804ef751f14522086888445e4836b3ecb60a046c8ad99c7579939f3376ab6f8fe31bc7db82b3de1c8caa1c660f82f8dd2d76257282759776eb133cc20b448f685fd1c805459d88bac04be8fec19911ee02e8fa59ca42425cacd8d5fed025293435c7c05ca26364266a9edc32a69c8ddd9f726db0543af60a559291ac3ea03abcb5522567b54f86fd5ec14b519c40625871b7e00a85c244e57e5d5572a1589208b9c93cbc3370a5b69999a4ae548da7caab716b6a1c1dbebcf17b17d9b29d63903bdf689d9f77b5dc4aa1247a133396960e0606dc5de0f261a88fbe1b291b801c698639500353ffb07ef71fe6e9988947790768609aa2bcbcf531cf32aa460ba0807cc008599bac1a31aa7a5c491d738ac3e887ed5c7335d7f4a440daaa3ea16955ee966c1510a456abdfbe13879db082e85b5c4cb3090c6c658edb50257dcfc0151873a14e37a89f28d5b7f747f8b66f78d6adbaa0c9dca9fe63b9fa98a57731d47dfc0518ef61ddaafc66f303468d3bdbef41fc1d207d4037b40f92310248f29ae486e366cff89913886dabc40b071cc6ee1dff3da5dd2fd6c1a9f653da1cb58e459f8409a3d64a871ccf3323a5c106617a8679c8c3a8faadef23cfd44ef1cf0088fded955d849eeb6f89449f27c68d4c354510711ad84856e4ccf70c785fad5f6ec3662d7eda1e45af8dfdad10aa726119a13201a27d488e1ad81bad9d7e9a65688728a42b1f13907d385a8050d7e59610493b11e646d5d75117861ac866d31c29ecba32244a8ddf0820f6186f539320e9ed181abe1bbd14917c043c64c7ae032e4935b9b328d45cc341bf16291afa02c9e20c23467c6bd2bccf2dd4a2ca36ae7028af0fd2c2353232b1f2314c923d3bd8ea76deb564db613a3fedae62c67047a3bac4bfeb4d09fa441a0f1529df6678b0671968fe46e3bc405a68f0536366ee9ef3539cb660ad6bbfb06b9f75b81fae88af69d64c0083135d1b9f685cd9f6ce21d728dd3cea03997a11ca6c621c91416e4942288b67da218d0bc7f4c9d48bef61ad0a5ff8082709923669477ec0d1554f6949387264587bab122f564f19543badc5d4a2a75916e222c93ca955581a1bc0d2a34662d8109ea846fae7e3e113b50eadd8b2c7b281770bcb3ab9b15e64e922f63aab2495e30d8d135a01987bbd195a39e07c1a6e9aa42478559cb5ac40a57b8ed3d876701e161c05fbf511d99b66d2d24b97cf50be164d09183b483d9e1f265d851235aac6e9830d6c20d2b5e82bc2350f87830c00bb2f4db77b5ef5becba3e06dddbc57a288d5944f8ce4f9f48eec61a541119d7fb97437a261a6b2ec3d9c59941d79605f0115ba590106a78c9d9a8dc8493819ab7f8a501ed5f598b5d6002de4595a8d21c7990c42dca554b775d851a01221247b629f38cfc2fbd6ab79fd60dab03d17dee8a3989a3364245f26e4d372ed1ebceb653ade45d517458adec2179ea85ba206f605f29d7bab2468a309be7800caf1c37017fcd612be712d490a1f1ef38b0009664402c7a3196ebdd3bc9913b98532eb928b7ac06aac1aecd6ba9c4b92e962eca58c4025f31b5011b93ca4330ef78a009b4e66864cdcf76fabb00de421dea5281f2dc323d0922b59b80be09fa95cb379cf0a7925db8465d6d208ea5fcda33020a237238a2c430cf8dd04e9aa210690a475ca84aa7897eefcbe70e884ebbd8d602c88921c553be", 0xf81}], 0x1, 0x0)
splice(r0, 0x0, r2, 0x0, 0x802, 0x0)

23:25:32 executing program 7:
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="0186e9d6051415c90040"], 0xa)
syz_emit_vhci(&(0x7f0000000840)=ANY=[@ANYBLOB="02c850cc00c8000100034c080008000100020000000b08b00000000400bcbe84f86bcdab6fee9b6cb714ae142b9e5fb2bc4d467cdeffe6c166b243e962d44b187773554757e286dd60d8502a2469e5afeb123cb7a22d785b698abd9580bf593bb70888d45b6088de1e4e62cfacfa424792587c0a3ea438e0fba74567a9516ed834aacb7f1b80575f965c150c754074731b24dc237bfd0af009baf89b3e1ed03f84ea37c2d78fc1db9b4d0ab4e4becb9a56809aaad0431d8e0019b876881b27ffdb09d4f7ac949632a49c75e2e439064b04004000b1ee0322e726e961338c6803473077c2c0137dfeeeca5d9b1f36a7715105e394f50eb78f3a33c2d03d1993b9667be3168ea4ee18a261d487a21b3e30b8f6f7d7b170d9001c4d3f7cee5ca39482ff0d2978cb9739203aaf38506a66d00cb574af049125852d25800eaf678d5778f01d8e4326af3251e520f02a4336243c173d2f3254e41bbddbbb4c75fe2179d70722f1270ec9eccbdb38736b16dc10dc8e4d89d9d7eefd7e3861b9318b891cd88b8211fc4c5deb4404ff3d8d64949b10e5a4bf71731daf9708de3dce63b0be03622295c017e7f15f626a86bea2486406a6bade715ce2bb55be344f0dca6d01b5fbeebc609853750ab8db1f383bcaeb3ef078ac0f6161c6edda280d4a424a1f0737df9085ff40606e588bbdfb9f17e8da85b7ab64bc92b6502b39014a5c6830e76ac895ecccd0ea8b5306ecce4f52b73e581505eb89eb036656"], 0xd1)
syz_emit_vhci(&(0x7f0000000a80)=ANY=[@ANYBLOB="02c8002b01270101000c230500ff06000c0003000d0108000104ffff010004000106020045010e02030003007f0b07f500f78e8355da33ee23511e5b00e0d8243cd97e782803f4646545b73b22466badcb9114995e37b8c1c44015012b193ca5bd247a2f2a0e7665c201167c3a500073c013b640df64cdaae476827b4617d89f15fc0690a5bf69ac042743ab8ec0ebcdc663cfcf2ccde0dd9c344cc04a9aab3fb7f970c4d9239736d640003cde7fabebe01e106bda1671f2684d098bd76fe8cae8601f0d25abdfe7c590dc7fb6067906848e9f9d2053feaa2ca108b3e0cb0e6df604411f89cf89174cba48f762f7a157d6d7b4b89cad31cac7ee9c7337011b722416768b0a080c43969f1befdcb05adf6f3a8186b9596721fbc3a22be16efa6becf000000000"], 0x130)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="03c9009bc2301da5ff9150c5f6bf21f922e1bd5d81f09e76e2fde4fa06652f54c641cb2bcd5173d07d4e61232ab4bcad341e79ac04fbcacd83884c718903fe8368588a40bfbe3f3e35cb79d3ce7d9afecc2c554d22e6ba1073b5627ae24f8b574a7514ab50875b6b92736bbcb76bee493d2cc81fc2199dc5ab8e5197cc001764553c45a27545c6a8f473021e670d0fce2db2ede7913a2aae1bb941fdbb20ad9e33ad96cf7b69a35e64a51297250fc165362d9de1557cf5faa4ad2f1c72479bf315bfc0006fdccb9470772efcb3cebe286f955415de34fe3c930c4c31b32e48781784842ff06b30d70366e136b0eb786c09c3a96f3fe7a41e767f550dc83ee5589b3c26"], 0x9f)
syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="040f0404001104a8f502c7f56d7b64e8a8de75506f54588e80ba24a23f7c4f6af9aae09bb6ee1c57875aef328ca137ee37f43c9094fc209f4aa96f25caf67c31735e93fbaf989706d7907a36f7eb24ccea7e1b4a268c1a95efcf9a06297204c3d16ca08530b6d73f98b2734c1d2ee90cab81193ab5e117f85ded2403fa970c5f867c5f02457cb4f25ecc64299a320843ced0eb76f550382844a67188d025ae6304417a9055b0f872d9ee733e47e9d7a2279e1649ea2c1baf9f2beb1a87759347e1c01c22d3fe8b7a87c5907d4d5df0ec3f47fce67f11241c4ec384afa6bf7bf297e050c869a25c6ac143999e0f2d77f56ef1cf2dd1e7ec53fae4aa77bb6015e94bd0722955c5531ea54c3c8cc874076cf67162f4fa24b27bc400b48244fb0cd563f5f4c270a7409e7feba12ca6702644b1651662c795fc14d81edc0cbdee43367316dede18d0096fa844f20d39de22f33bfeafe09f885ef46115d85e46b8b7efdb3157932e23d619d3be81588bc9d04daa6c55c4331dd8a62882da5e066f32ff817c070a2fe7e521d8fbcf7f4375002734a3dd225b3ca5d4feba9890e5fabd02ef90c3b8404ec717d0ea92b9ddae"], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4c4c0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="02e52110f4c875250ad179ce0800014487223b0000000000000046ca883f149af2bdb82a1f3d89988932c4ae497edcaacd2a71973956a9487f80881d1cb5cfc5f56d5f8bda86e5d1075873118a131e327c250ca795cda0cf4822927d522693d22c999addeb68e6b407c08c6fb28f41408c"], 0x11)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x6, &(0x7f0000000080))
r1 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x40187013, &(0x7f0000000040)={0x0, 0x0, {0x1, 0x35, 0x0, 0x11, 0x0, 0x5}})
fcntl$setpipe(r1, 0x407, 0x7fff)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000085c0), &(0x7f0000008600)=0xc)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000140)={0x9, 0x8a2, 0x7, 0x1ff, 0x3})
bind$bt_l2cap(r3, &(0x7f0000000040)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe)

23:25:32 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000004540)={0x0, 0x0, &(0x7f00000044c0)=[{&(0x7f0000000000)={0x28, 0x26, 0x303, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @generic="ec0402d0865d9466e71f4fd442"]}, 0x28}], 0x1}, 0x0)

[  291.528682] Bluetooth: Unknown BR/EDR signaling command 0x0c
[  291.529363] Bluetooth: Wrong link type (-22)
[  291.534448] Bluetooth: hci4: ACL packet for unknown connection handle 485
[  291.546065] Bluetooth: Unknown BR/EDR signaling command 0x0c
[  291.546508] Bluetooth: Wrong link type (-22)
[  291.568739] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'.
[  291.571999] Bluetooth: hci4: ACL packet for unknown connection handle 485
23:25:32 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x163002)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0)

23:25:32 executing program 0:
io_setup(0x5, &(0x7f0000000100)=<r0=>0x0)
io_pgetevents(r0, 0x1, 0x1, &(0x7f0000000140)=[{}], 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])

23:25:32 executing program 4:
r0 = syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x20982)
writev(r0, &(0x7f0000000180)=[{&(0x7f00000001c0)="9811b416240000000000000092675a9eed92a8c20c45248749b781ffffffffffffff462af69d1bfa35600a54599575c5", 0x30}, {&(0x7f00000002c0)="d73a2249fe5224d594d6207bd9db4b436cc00932080bc7fb659797d89513b6364bd3b9d9e35cb1fe8152ba9b143f99c6030de8626c2c1db7e4ec201c75efea1082f570d98cea41d582ac4df08fc916146c43f5042b336987", 0x58}], 0x2)

23:25:32 executing program 6:
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
fallocate(r0, 0x21, 0x0, 0x9)

23:25:32 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x44a, &(0x7f0000000000)={0x0, 0x0, 0x2})
io_uring_enter(r0, 0x0, 0xcbffffff, 0x3, 0x0, 0x0)

23:25:32 executing program 7:
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="0186e9d6051415c90040"], 0xa)
syz_emit_vhci(&(0x7f0000000840)=ANY=[@ANYBLOB="02c850cc00c8000100034c080008000100020000000b08b00000000400bcbe84f86bcdab6fee9b6cb714ae142b9e5fb2bc4d467cdeffe6c166b243e962d44b187773554757e286dd60d8502a2469e5afeb123cb7a22d785b698abd9580bf593bb70888d45b6088de1e4e62cfacfa424792587c0a3ea438e0fba74567a9516ed834aacb7f1b80575f965c150c754074731b24dc237bfd0af009baf89b3e1ed03f84ea37c2d78fc1db9b4d0ab4e4becb9a56809aaad0431d8e0019b876881b27ffdb09d4f7ac949632a49c75e2e439064b04004000b1ee0322e726e961338c6803473077c2c0137dfeeeca5d9b1f36a7715105e394f50eb78f3a33c2d03d1993b9667be3168ea4ee18a261d487a21b3e30b8f6f7d7b170d9001c4d3f7cee5ca39482ff0d2978cb9739203aaf38506a66d00cb574af049125852d25800eaf678d5778f01d8e4326af3251e520f02a4336243c173d2f3254e41bbddbbb4c75fe2179d70722f1270ec9eccbdb38736b16dc10dc8e4d89d9d7eefd7e3861b9318b891cd88b8211fc4c5deb4404ff3d8d64949b10e5a4bf71731daf9708de3dce63b0be03622295c017e7f15f626a86bea2486406a6bade715ce2bb55be344f0dca6d01b5fbeebc609853750ab8db1f383bcaeb3ef078ac0f6161c6edda280d4a424a1f0737df9085ff40606e588bbdfb9f17e8da85b7ab64bc92b6502b39014a5c6830e76ac895ecccd0ea8b5306ecce4f52b73e581505eb89eb036656"], 0xd1)
syz_emit_vhci(&(0x7f0000000a80)=ANY=[@ANYBLOB="02c8002b01270101000c230500ff06000c0003000d0108000104ffff010004000106020045010e02030003007f0b07f500f78e8355da33ee23511e5b00e0d8243cd97e782803f4646545b73b22466badcb9114995e37b8c1c44015012b193ca5bd247a2f2a0e7665c201167c3a500073c013b640df64cdaae476827b4617d89f15fc0690a5bf69ac042743ab8ec0ebcdc663cfcf2ccde0dd9c344cc04a9aab3fb7f970c4d9239736d640003cde7fabebe01e106bda1671f2684d098bd76fe8cae8601f0d25abdfe7c590dc7fb6067906848e9f9d2053feaa2ca108b3e0cb0e6df604411f89cf89174cba48f762f7a157d6d7b4b89cad31cac7ee9c7337011b722416768b0a080c43969f1befdcb05adf6f3a8186b9596721fbc3a22be16efa6becf000000000"], 0x130)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="03c9009bc2301da5ff9150c5f6bf21f922e1bd5d81f09e76e2fde4fa06652f54c641cb2bcd5173d07d4e61232ab4bcad341e79ac04fbcacd83884c718903fe8368588a40bfbe3f3e35cb79d3ce7d9afecc2c554d22e6ba1073b5627ae24f8b574a7514ab50875b6b92736bbcb76bee493d2cc81fc2199dc5ab8e5197cc001764553c45a27545c6a8f473021e670d0fce2db2ede7913a2aae1bb941fdbb20ad9e33ad96cf7b69a35e64a51297250fc165362d9de1557cf5faa4ad2f1c72479bf315bfc0006fdccb9470772efcb3cebe286f955415de34fe3c930c4c31b32e48781784842ff06b30d70366e136b0eb786c09c3a96f3fe7a41e767f550dc83ee5589b3c26"], 0x9f)
syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="040f0404001104a8f502c7f56d7b64e8a8de75506f54588e80ba24a23f7c4f6af9aae09bb6ee1c57875aef328ca137ee37f43c9094fc209f4aa96f25caf67c31735e93fbaf989706d7907a36f7eb24ccea7e1b4a268c1a95efcf9a06297204c3d16ca08530b6d73f98b2734c1d2ee90cab81193ab5e117f85ded2403fa970c5f867c5f02457cb4f25ecc64299a320843ced0eb76f550382844a67188d025ae6304417a9055b0f872d9ee733e47e9d7a2279e1649ea2c1baf9f2beb1a87759347e1c01c22d3fe8b7a87c5907d4d5df0ec3f47fce67f11241c4ec384afa6bf7bf297e050c869a25c6ac143999e0f2d77f56ef1cf2dd1e7ec53fae4aa77bb6015e94bd0722955c5531ea54c3c8cc874076cf67162f4fa24b27bc400b48244fb0cd563f5f4c270a7409e7feba12ca6702644b1651662c795fc14d81edc0cbdee43367316dede18d0096fa844f20d39de22f33bfeafe09f885ef46115d85e46b8b7efdb3157932e23d619d3be81588bc9d04daa6c55c4331dd8a62882da5e066f32ff817c070a2fe7e521d8fbcf7f4375002734a3dd225b3ca5d4feba9890e5fabd02ef90c3b8404ec717d0ea92b9ddae"], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4c4c0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="02e52110f4c875250ad179ce0800014487223b0000000000000046ca883f149af2bdb82a1f3d89988932c4ae497edcaacd2a71973956a9487f80881d1cb5cfc5f56d5f8bda86e5d1075873118a131e327c250ca795cda0cf4822927d522693d22c999addeb68e6b407c08c6fb28f41408c"], 0x11)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x6, &(0x7f0000000080))
r1 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x40187013, &(0x7f0000000040)={0x0, 0x0, {0x1, 0x35, 0x0, 0x11, 0x0, 0x5}})
fcntl$setpipe(r1, 0x407, 0x7fff)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000085c0), &(0x7f0000008600)=0xc)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000140)={0x9, 0x8a2, 0x7, 0x1ff, 0x3})
bind$bt_l2cap(r3, &(0x7f0000000040)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe)

23:25:32 executing program 3:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000001080)="c36d2c4f35c42a7cf52cc6a23a609fc2fb5bef7d5a1300dfc5e1fdbd8764ab9883ad9bed49a61e138d85ecdcedfa140291268b63057f5e130570cdd15ccc394ec8d82eca06f154cbae6684b60452d9d521b9fb85128c4a2324bdcf4f804f250b952a10df4b2c454c2d0f9719b9934c5186628a78e1a4aa9c95fe210f1ade2874d77a3f1ae71b7dd577a74105f10b21063a0b8e956f32d45e044b35c80b7d8f295e36600af05a26fe71ea7be3c416a2b716dd96137fd74b4110c3276975d9913ddfb5cb60af5898ff5ee46bde5b476d1368b2f60da0093bd6a8c4b837b7175a3cc7980a4d86ff4b634d35fecfe95b17e838d44cac1dce9bed7782462cff40dad83b68d42622df3be75160030210214c69b61069a656c77d0be673f54343ea17d5b17dc3edca009a53db7bff10d06100fe86fbc4b97613643dc2ad767494bbd466bfbad877b668a45c744650bb7ac6307571a7f7d7bd2f73d0b34799dd1c2d928647f0b7a398bd40ec9f220dd342c48cfd238bff2bac5fd65a2cfb8e2aadd7081052f4d0306b28d74aeb85195d0efe48fbfa00eeaa0b3feb4d98735a73023863ee7b7286548524fa415cb4e698653287bd02bbf76faef8c5dedc3b121a6f19b9cce71bf4e98e37e61a81ad2dc15530975cd6b974a3060b828bc59bfc0c89ddf83ffad8d9ebafc2847db14a2749b65a5f5c39a94b80ed2e3e235e168fbab6cbf7edb101fda38ae2da5400d294e6258eebbd289b156e1c1efabd891f5b67ac7d990b147b29cb4ad38f5b7849f7c69ec62ad9e19f0629c05a4ce8d315edc7ee1fe242f693855e5db82946fa36d69860d9da06911d094ab48d36d3d784e1c21e4134f4e29df72c9ce8ac68fd7ae9d33ebcef8ee1376e11b7989c05cd9ddf9438ed5d10aabe7948d1ca7264df19d87c25c2d99a36de57d6d73f3bddbab956762a474d11d328caf59c5f0b9ab41c295fc6db0e85a876f899e0cf481ffe2c0467e88b3d1ce8129a439bf445f3ee7354cbadbc6b402f7194d58d39d47c18a2bc48a07da46ed715d45cbf83e1fa3307a0ed18aae4334a896d481d842089c8e61332c64584be9399b43bdb132caf0edaf953d059830ecb48157c7bd623ea18273b0ac0b7cccb73f4fcc5c7b41d58a2f4fdb7af199002be0b89cad485aa381f3180afddf902f171ebec8d290cbe991ed2e5d72305081a174340a32cf8a6a1c84062d5d93ab1156e66442b2aef758833da87f1e46baaeb044c444df419f392dcf3bd2dbe5591a00ba525381152ec7880cdadb0f539ece40b6f78f05c36073412558d6c38f92999540f560d3e7b9cb0230b74d13c5abdbeb9ca0088251030bfe14df9468c586256755f1a915721bce7420cff472c748861a8e73e46a2724e71ef7d9d02a2b5ccbe3400a2fffd6583bf013200ca47e9789f6ec5c0df9baad17a6e8e7ba2257b9960a6d1ddf36d18c57d3eaf7f79644e0386798a086334a1f208ea20f4696d8a266a2abf31a3b462f0a59845e8903b5714a284e89802d1493fe3f39e018795a8588adb97f6398c59035b82467a360a3d553b9bbc6cdabb682f1cb0ad8c9ca21af3b91c14e6ca85074da6745d268864c5f8dab183d5604a24adffa88f42336e7d77be672e178e2183756cdcd4ba5cf4e82e734012cfe5935d3bc08e6d959bd0d87be37791cdd5a9867c016ae8eeee4512ffbab65d590a9b754f743404cd9312714fa05bb0f79d70d1782e39cb2138027be7438de370d229f326898521a038358985331f2230101014d72e8ac8f9c2c47c4f039c8bd6793e39423e7958a82a1294fa4cc839bb5c3ea744869698ed417e340041d69e6abdc3b637c4a942176704a26beb9914cda4577994e17c3feba226d9ca56dcbe95bfdc88de0947548e890ee0c6ebb758445786b34473ea948c193179dba31349e014bdade2cb419679417c8efbe8d44ff847eee8173df7a9015df62628be01319161a1a9f165ceaf67e74030906ccfad489c14687d4ff3a647f24dfe8035caf0f8ec14cbbc949d5c849755f6d9a05f2ca0f9f251f759927344b8a1d8f39226b734face50284442cdbdc729f7276d21fa8984fa11fe834fbcf5b1febd5c53eca0feebb664645521f6f9df8d941cf2e9b31c8224166ca65732d29671216d90a297138c461849e984183431bcee15a413f39915f5dbe9664aee2ae585d053b317c9c1e06c6f6626d390de7a9ae18a76a0f130c1de7f9e7ad0a98943dc8d0313d3d85b7016a5eb845e1a418e58f297ff567ebe93246048e03b481fd572877f34b17738e002582db3016537b294cbd98274f13c4e2d822a207bc00fde8f7f157573ddb22de9e0f1015eec136fe71d90527e33d445c3924e89abb740a33e55d3155467b01ae6544b71edf52ddc9ba6895bccc129854517263edb18938ed5aa32745dcb075c61216ea7071e10e7d394920fa70c82b9011bf69ca26955218d22d1d9f1f65bd3a8a710a61392f0642f757cc382042e1f6f2cd04029db53edc8bc075c05b898afe05fd6fa14eccea36fec04e522706cbc13c21ab4d173067a43bca9cc026dfd348b454f1e6a17823d56d470af640f6632b2e59d9ff2f5c9e0f68125185a11c45ab50509239b71e1becd61c0223603e86c84eed4754c58dc060ba8f6348b2df8fccc679ec139e473326a6cd4486d6cd4768747dec44beea7b5e6950cb020dfae00046546d36392281481fa6aaf8a40810aa77ec16d404a8f3948b1736d1113f2b0cda29b96de3a404e8304418b6e99be36cd2ac736057a0f5f5676499da4acd5e73227e368d5555a0f1dd09307c45513f544785f6551087b060dfb539441386e2363f281c44b0a5096521e8ea0873a926f3b25f6044d5a843d63b0ab46b37af042ea2bc16e9dad73a8e4a25c6689a5b18b00d7b9686e59a5707b627f2b9c566a3a0c3b075c818f3b30716b2acac78bf1f84689c99eda60c981fab2285d4f62fa1d96163abf96ecd5567412740ecb7693e87022ac60566e0752e03bf263ba49902e85ced8598e818999f4214c0a272443eed8b6cde8af63c9f902bd20eb122f4d40e6ee6db25529684296700bada251a18d7fa2df177cedd504a1840e3e87e5b098b09202208782d9e72ce0b1c9eccfa717111682d6dffe10b2d60339f303a679c08efaddc89c3c2ca42a30f8be8ee1fa02695c485e29e433e98e334606e47783fcd6367abd52657863239e4ed1c7157e32b5b27c2d7b8cad8feb2533e307375478c38796e4f97a371fe3ed0b7707dd00355a116a9c877e4178040d7126381e106b5603d7a9c5d7b1c85243441bc0225f9aa05630dc30cbc4f9f77675aa617d816a4a6757649be9d99d137c6f79c764257348471cc04c2411773fe52014d32605a4f19f82aacc95fccd559eed4e772559ce3327d5380032a11fce736c84fa7962ff25848e60a71e0a5ec4bb8965be66ab569388c57b885daba36661a744427052358684084e786489e48f23143cf6e4cc747fafd8bcbb52307a1faa4ba75fd71d01076dbf29b743f2133936e1199d3de1fe67b030acf152f8b4e4f9e2d04765812a7a97a3bb08e19ec115960b60e5bac64bd551485b67bcda30932db1a27cc56e21a38bbd9c5f08d98e962d8ab023ddc4325d3d7a3ff2e03f5919e61edb104686468b0cd3d1c903854e7458a2b25fa642745ed7c822b3166d03e6e0e3cb5653919ac0965a7d37b50827a9a2bd292552c06c960bd6f4120e92be3f70e3f91f78ef254b02af8b1af1948dd9be10bc6b3e6112dff8fb043907c56e387f68b4da691d9f58fdc6b098cab39cd1f6d1bce7f596f9156043254c7c757f7138ca54db524f1c783fe81be990b08cde59c5618ed39fd7045fdd96cf01fd7e06dc2d3b6039d3a42b4d98881f844c33383f965dd6ac1804ef751f14522086888445e4836b3ecb60a046c8ad99c7579939f3376ab6f8fe31bc7db82b3de1c8caa1c660f82f8dd2d76257282759776eb133cc20b448f685fd1c805459d88bac04be8fec19911ee02e8fa59ca42425cacd8d5fed025293435c7c05ca26364266a9edc32a69c8ddd9f726db0543af60a559291ac3ea03abcb5522567b54f86fd5ec14b519c40625871b7e00a85c244e57e5d5572a1589208b9c93cbc3370a5b69999a4ae548da7caab716b6a1c1dbebcf17b17d9b29d63903bdf689d9f77b5dc4aa1247a133396960e0606dc5de0f261a88fbe1b291b801c698639500353ffb07ef71fe6e9988947790768609aa2bcbcf531cf32aa460ba0807cc008599bac1a31aa7a5c491d738ac3e887ed5c7335d7f4a440daaa3ea16955ee966c1510a456abdfbe13879db082e85b5c4cb3090c6c658edb50257dcfc0151873a14e37a89f28d5b7f747f8b66f78d6adbaa0c9dca9fe63b9fa98a57731d47dfc0518ef61ddaafc66f303468d3bdbef41fc1d207d4037b40f92310248f29ae486e366cff89913886dabc40b071cc6ee1dff3da5dd2fd6c1a9f653da1cb58e459f8409a3d64a871ccf3323a5c106617a8679c8c3a8faadef23cfd44ef1cf0088fded955d849eeb6f89449f27c68d4c354510711ad84856e4ccf70c785fad5f6ec3662d7eda1e45af8dfdad10aa726119a13201a27d488e1ad81bad9d7e9a65688728a42b1f13907d385a8050d7e59610493b11e646d5d75117861ac866d31c29ecba32244a8ddf0820f6186f539320e9ed181abe1bbd14917c043c64c7ae032e4935b9b328d45cc341bf16291afa02c9e20c23467c6bd2bccf2dd4a2ca36ae7028af0fd2c2353232b1f2314c923d3bd8ea76deb564db613a3fedae62c67047a3bac4bfeb4d09fa441a0f1529df6678b0671968fe46e3bc405a68f0536366ee9ef3539cb660ad6bbfb06b9f75b81fae88af69d64c0083135d1b9f685cd9f6ce21d728dd3cea03997a11ca6c621c91416e4942288b67da218d0bc7f4c9d48bef61ad0a5ff8082709923669477ec0d1554f6949387264587bab122f564f19543badc5d4a2a75916e222c93ca955581a1bc0d2a34662d8109ea846fae7e3e113b50eadd8b2c7b281770bcb3ab9b15e64e922f63aab2495e30d8d135a01987bbd195a39e07c1a6e9aa42478559cb5ac40a57b8ed3d876701e161c05fbf511d99b66d2d24b97cf50be164d09183b483d9e1f265d851235aac6e9830d6c20d2b5e82bc2350f87830c00bb2f4db77b5ef5becba3e06dddbc57a288d5944f8ce4f9f48eec61a541119d7fb97437a261a6b2ec3d9c59941d79605f0115ba590106a78c9d9a8dc8493819ab7f8a501ed5f598b5d6002de4595a8d21c7990c42dca554b775d851a01221247b629f38cfc2fbd6ab79fd60dab03d17dee8a3989a3364245f26e4d372ed1ebceb653ade45d517458adec2179ea85ba206f605f29d7bab2468a309be7800caf1c37017fcd612be712d490a1f1ef38b0009664402c7a3196ebdd3bc9913b98532eb928b7ac06aac1aecd6ba9c4b92e962eca58c4025f31b5011b93ca4330ef78a009b4e66864cdcf76fabb00de421dea5281f2dc323d0922b59b80be09fa95cb379cf0a7925db8465d6d208ea5fcda33020a237238a2c430cf8dd04e9aa210690a475ca84aa7897eefcbe70e884ebbd8d602c88921c553be", 0xf81}], 0x1, 0x0)
splice(r0, 0x0, r2, 0x0, 0x802, 0x0)

23:25:32 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a4", 0x1f0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
r2 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r2, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r2, 0x4, 0x44000)
sendfile(r2, r3, 0x0, 0xfdef)
sendfile(r0, r1, 0x0, 0xfdef)

[  291.842511] Bluetooth: Unknown BR/EDR signaling command 0x0c
[  291.843102] Bluetooth: Wrong link type (-22)
[  291.849113] Bluetooth: hci4: ACL packet for unknown connection handle 485
23:25:33 executing program 7:
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="0186e9d6051415c90040"], 0xa)
syz_emit_vhci(&(0x7f0000000840)=ANY=[@ANYBLOB="02c850cc00c8000100034c080008000100020000000b08b00000000400bcbe84f86bcdab6fee9b6cb714ae142b9e5fb2bc4d467cdeffe6c166b243e962d44b187773554757e286dd60d8502a2469e5afeb123cb7a22d785b698abd9580bf593bb70888d45b6088de1e4e62cfacfa424792587c0a3ea438e0fba74567a9516ed834aacb7f1b80575f965c150c754074731b24dc237bfd0af009baf89b3e1ed03f84ea37c2d78fc1db9b4d0ab4e4becb9a56809aaad0431d8e0019b876881b27ffdb09d4f7ac949632a49c75e2e439064b04004000b1ee0322e726e961338c6803473077c2c0137dfeeeca5d9b1f36a7715105e394f50eb78f3a33c2d03d1993b9667be3168ea4ee18a261d487a21b3e30b8f6f7d7b170d9001c4d3f7cee5ca39482ff0d2978cb9739203aaf38506a66d00cb574af049125852d25800eaf678d5778f01d8e4326af3251e520f02a4336243c173d2f3254e41bbddbbb4c75fe2179d70722f1270ec9eccbdb38736b16dc10dc8e4d89d9d7eefd7e3861b9318b891cd88b8211fc4c5deb4404ff3d8d64949b10e5a4bf71731daf9708de3dce63b0be03622295c017e7f15f626a86bea2486406a6bade715ce2bb55be344f0dca6d01b5fbeebc609853750ab8db1f383bcaeb3ef078ac0f6161c6edda280d4a424a1f0737df9085ff40606e588bbdfb9f17e8da85b7ab64bc92b6502b39014a5c6830e76ac895ecccd0ea8b5306ecce4f52b73e581505eb89eb036656"], 0xd1)
syz_emit_vhci(&(0x7f0000000a80)=ANY=[@ANYBLOB="02c8002b01270101000c230500ff06000c0003000d0108000104ffff010004000106020045010e02030003007f0b07f500f78e8355da33ee23511e5b00e0d8243cd97e782803f4646545b73b22466badcb9114995e37b8c1c44015012b193ca5bd247a2f2a0e7665c201167c3a500073c013b640df64cdaae476827b4617d89f15fc0690a5bf69ac042743ab8ec0ebcdc663cfcf2ccde0dd9c344cc04a9aab3fb7f970c4d9239736d640003cde7fabebe01e106bda1671f2684d098bd76fe8cae8601f0d25abdfe7c590dc7fb6067906848e9f9d2053feaa2ca108b3e0cb0e6df604411f89cf89174cba48f762f7a157d6d7b4b89cad31cac7ee9c7337011b722416768b0a080c43969f1befdcb05adf6f3a8186b9596721fbc3a22be16efa6becf000000000"], 0x130)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="03c9009bc2301da5ff9150c5f6bf21f922e1bd5d81f09e76e2fde4fa06652f54c641cb2bcd5173d07d4e61232ab4bcad341e79ac04fbcacd83884c718903fe8368588a40bfbe3f3e35cb79d3ce7d9afecc2c554d22e6ba1073b5627ae24f8b574a7514ab50875b6b92736bbcb76bee493d2cc81fc2199dc5ab8e5197cc001764553c45a27545c6a8f473021e670d0fce2db2ede7913a2aae1bb941fdbb20ad9e33ad96cf7b69a35e64a51297250fc165362d9de1557cf5faa4ad2f1c72479bf315bfc0006fdccb9470772efcb3cebe286f955415de34fe3c930c4c31b32e48781784842ff06b30d70366e136b0eb786c09c3a96f3fe7a41e767f550dc83ee5589b3c26"], 0x9f)
syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="040f0404001104a8f502c7f56d7b64e8a8de75506f54588e80ba24a23f7c4f6af9aae09bb6ee1c57875aef328ca137ee37f43c9094fc209f4aa96f25caf67c31735e93fbaf989706d7907a36f7eb24ccea7e1b4a268c1a95efcf9a06297204c3d16ca08530b6d73f98b2734c1d2ee90cab81193ab5e117f85ded2403fa970c5f867c5f02457cb4f25ecc64299a320843ced0eb76f550382844a67188d025ae6304417a9055b0f872d9ee733e47e9d7a2279e1649ea2c1baf9f2beb1a87759347e1c01c22d3fe8b7a87c5907d4d5df0ec3f47fce67f11241c4ec384afa6bf7bf297e050c869a25c6ac143999e0f2d77f56ef1cf2dd1e7ec53fae4aa77bb6015e94bd0722955c5531ea54c3c8cc874076cf67162f4fa24b27bc400b48244fb0cd563f5f4c270a7409e7feba12ca6702644b1651662c795fc14d81edc0cbdee43367316dede18d0096fa844f20d39de22f33bfeafe09f885ef46115d85e46b8b7efdb3157932e23d619d3be81588bc9d04daa6c55c4331dd8a62882da5e066f32ff817c070a2fe7e521d8fbcf7f4375002734a3dd225b3ca5d4feba9890e5fabd02ef90c3b8404ec717d0ea92b9ddae"], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4c4c0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="02e52110f4c875250ad179ce0800014487223b0000000000000046ca883f149af2bdb82a1f3d89988932c4ae497edcaacd2a71973956a9487f80881d1cb5cfc5f56d5f8bda86e5d1075873118a131e327c250ca795cda0cf4822927d522693d22c999addeb68e6b407c08c6fb28f41408c"], 0x11)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x6, &(0x7f0000000080))
r1 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x40187013, &(0x7f0000000040)={0x0, 0x0, {0x1, 0x35, 0x0, 0x11, 0x0, 0x5}})
fcntl$setpipe(r1, 0x407, 0x7fff)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000085c0), &(0x7f0000008600)=0xc)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000140)={0x9, 0x8a2, 0x7, 0x1ff, 0x3})
bind$bt_l2cap(r3, &(0x7f0000000040)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe)

23:25:33 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a4", 0x1f0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
r2 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r2, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r2, 0x4, 0x44000)
sendfile(r2, r3, 0x0, 0xfdef)
sendfile(r0, r1, 0x0, 0xfdef)

23:25:33 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a4", 0x1f0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
r2 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r2, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r2, 0x4, 0x44000)
sendfile(r2, r3, 0x0, 0xfdef)
sendfile(r0, r1, 0x0, 0xfdef)

23:25:33 executing program 6:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind(r0, &(0x7f0000000180)=@caif=@dbg, 0x80)

23:25:33 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x163002)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0)

23:25:33 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x44a, &(0x7f0000000000)={0x0, 0x0, 0x2})
io_uring_enter(r0, 0x0, 0xcbffffff, 0x3, 0x0, 0x0)

23:25:33 executing program 3:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000001080)="c36d2c4f35c42a7cf52cc6a23a609fc2fb5bef7d5a1300dfc5e1fdbd8764ab9883ad9bed49a61e138d85ecdcedfa140291268b63057f5e130570cdd15ccc394ec8d82eca06f154cbae6684b60452d9d521b9fb85128c4a2324bdcf4f804f250b952a10df4b2c454c2d0f9719b9934c5186628a78e1a4aa9c95fe210f1ade2874d77a3f1ae71b7dd577a74105f10b21063a0b8e956f32d45e044b35c80b7d8f295e36600af05a26fe71ea7be3c416a2b716dd96137fd74b4110c3276975d9913ddfb5cb60af5898ff5ee46bde5b476d1368b2f60da0093bd6a8c4b837b7175a3cc7980a4d86ff4b634d35fecfe95b17e838d44cac1dce9bed7782462cff40dad83b68d42622df3be75160030210214c69b61069a656c77d0be673f54343ea17d5b17dc3edca009a53db7bff10d06100fe86fbc4b97613643dc2ad767494bbd466bfbad877b668a45c744650bb7ac6307571a7f7d7bd2f73d0b34799dd1c2d928647f0b7a398bd40ec9f220dd342c48cfd238bff2bac5fd65a2cfb8e2aadd7081052f4d0306b28d74aeb85195d0efe48fbfa00eeaa0b3feb4d98735a73023863ee7b7286548524fa415cb4e698653287bd02bbf76faef8c5dedc3b121a6f19b9cce71bf4e98e37e61a81ad2dc15530975cd6b974a3060b828bc59bfc0c89ddf83ffad8d9ebafc2847db14a2749b65a5f5c39a94b80ed2e3e235e168fbab6cbf7edb101fda38ae2da5400d294e6258eebbd289b156e1c1efabd891f5b67ac7d990b147b29cb4ad38f5b7849f7c69ec62ad9e19f0629c05a4ce8d315edc7ee1fe242f693855e5db82946fa36d69860d9da06911d094ab48d36d3d784e1c21e4134f4e29df72c9ce8ac68fd7ae9d33ebcef8ee1376e11b7989c05cd9ddf9438ed5d10aabe7948d1ca7264df19d87c25c2d99a36de57d6d73f3bddbab956762a474d11d328caf59c5f0b9ab41c295fc6db0e85a876f899e0cf481ffe2c0467e88b3d1ce8129a439bf445f3ee7354cbadbc6b402f7194d58d39d47c18a2bc48a07da46ed715d45cbf83e1fa3307a0ed18aae4334a896d481d842089c8e61332c64584be9399b43bdb132caf0edaf953d059830ecb48157c7bd623ea18273b0ac0b7cccb73f4fcc5c7b41d58a2f4fdb7af199002be0b89cad485aa381f3180afddf902f171ebec8d290cbe991ed2e5d72305081a174340a32cf8a6a1c84062d5d93ab1156e66442b2aef758833da87f1e46baaeb044c444df419f392dcf3bd2dbe5591a00ba525381152ec7880cdadb0f539ece40b6f78f05c36073412558d6c38f92999540f560d3e7b9cb0230b74d13c5abdbeb9ca0088251030bfe14df9468c586256755f1a915721bce7420cff472c748861a8e73e46a2724e71ef7d9d02a2b5ccbe3400a2fffd6583bf013200ca47e9789f6ec5c0df9baad17a6e8e7ba2257b9960a6d1ddf36d18c57d3eaf7f79644e0386798a086334a1f208ea20f4696d8a266a2abf31a3b462f0a59845e8903b5714a284e89802d1493fe3f39e018795a8588adb97f6398c59035b82467a360a3d553b9bbc6cdabb682f1cb0ad8c9ca21af3b91c14e6ca85074da6745d268864c5f8dab183d5604a24adffa88f42336e7d77be672e178e2183756cdcd4ba5cf4e82e734012cfe5935d3bc08e6d959bd0d87be37791cdd5a9867c016ae8eeee4512ffbab65d590a9b754f743404cd9312714fa05bb0f79d70d1782e39cb2138027be7438de370d229f326898521a038358985331f2230101014d72e8ac8f9c2c47c4f039c8bd6793e39423e7958a82a1294fa4cc839bb5c3ea744869698ed417e340041d69e6abdc3b637c4a942176704a26beb9914cda4577994e17c3feba226d9ca56dcbe95bfdc88de0947548e890ee0c6ebb758445786b34473ea948c193179dba31349e014bdade2cb419679417c8efbe8d44ff847eee8173df7a9015df62628be01319161a1a9f165ceaf67e74030906ccfad489c14687d4ff3a647f24dfe8035caf0f8ec14cbbc949d5c849755f6d9a05f2ca0f9f251f759927344b8a1d8f39226b734face50284442cdbdc729f7276d21fa8984fa11fe834fbcf5b1febd5c53eca0feebb664645521f6f9df8d941cf2e9b31c8224166ca65732d29671216d90a297138c461849e984183431bcee15a413f39915f5dbe9664aee2ae585d053b317c9c1e06c6f6626d390de7a9ae18a76a0f130c1de7f9e7ad0a98943dc8d0313d3d85b7016a5eb845e1a418e58f297ff567ebe93246048e03b481fd572877f34b17738e002582db3016537b294cbd98274f13c4e2d822a207bc00fde8f7f157573ddb22de9e0f1015eec136fe71d90527e33d445c3924e89abb740a33e55d3155467b01ae6544b71edf52ddc9ba6895bccc129854517263edb18938ed5aa32745dcb075c61216ea7071e10e7d394920fa70c82b9011bf69ca26955218d22d1d9f1f65bd3a8a710a61392f0642f757cc382042e1f6f2cd04029db53edc8bc075c05b898afe05fd6fa14eccea36fec04e522706cbc13c21ab4d173067a43bca9cc026dfd348b454f1e6a17823d56d470af640f6632b2e59d9ff2f5c9e0f68125185a11c45ab50509239b71e1becd61c0223603e86c84eed4754c58dc060ba8f6348b2df8fccc679ec139e473326a6cd4486d6cd4768747dec44beea7b5e6950cb020dfae00046546d36392281481fa6aaf8a40810aa77ec16d404a8f3948b1736d1113f2b0cda29b96de3a404e8304418b6e99be36cd2ac736057a0f5f5676499da4acd5e73227e368d5555a0f1dd09307c45513f544785f6551087b060dfb539441386e2363f281c44b0a5096521e8ea0873a926f3b25f6044d5a843d63b0ab46b37af042ea2bc16e9dad73a8e4a25c6689a5b18b00d7b9686e59a5707b627f2b9c566a3a0c3b075c818f3b30716b2acac78bf1f84689c99eda60c981fab2285d4f62fa1d96163abf96ecd5567412740ecb7693e87022ac60566e0752e03bf263ba49902e85ced8598e818999f4214c0a272443eed8b6cde8af63c9f902bd20eb122f4d40e6ee6db25529684296700bada251a18d7fa2df177cedd504a1840e3e87e5b098b09202208782d9e72ce0b1c9eccfa717111682d6dffe10b2d60339f303a679c08efaddc89c3c2ca42a30f8be8ee1fa02695c485e29e433e98e334606e47783fcd6367abd52657863239e4ed1c7157e32b5b27c2d7b8cad8feb2533e307375478c38796e4f97a371fe3ed0b7707dd00355a116a9c877e4178040d7126381e106b5603d7a9c5d7b1c85243441bc0225f9aa05630dc30cbc4f9f77675aa617d816a4a6757649be9d99d137c6f79c764257348471cc04c2411773fe52014d32605a4f19f82aacc95fccd559eed4e772559ce3327d5380032a11fce736c84fa7962ff25848e60a71e0a5ec4bb8965be66ab569388c57b885daba36661a744427052358684084e786489e48f23143cf6e4cc747fafd8bcbb52307a1faa4ba75fd71d01076dbf29b743f2133936e1199d3de1fe67b030acf152f8b4e4f9e2d04765812a7a97a3bb08e19ec115960b60e5bac64bd551485b67bcda30932db1a27cc56e21a38bbd9c5f08d98e962d8ab023ddc4325d3d7a3ff2e03f5919e61edb104686468b0cd3d1c903854e7458a2b25fa642745ed7c822b3166d03e6e0e3cb5653919ac0965a7d37b50827a9a2bd292552c06c960bd6f4120e92be3f70e3f91f78ef254b02af8b1af1948dd9be10bc6b3e6112dff8fb043907c56e387f68b4da691d9f58fdc6b098cab39cd1f6d1bce7f596f9156043254c7c757f7138ca54db524f1c783fe81be990b08cde59c5618ed39fd7045fdd96cf01fd7e06dc2d3b6039d3a42b4d98881f844c33383f965dd6ac1804ef751f14522086888445e4836b3ecb60a046c8ad99c7579939f3376ab6f8fe31bc7db82b3de1c8caa1c660f82f8dd2d76257282759776eb133cc20b448f685fd1c805459d88bac04be8fec19911ee02e8fa59ca42425cacd8d5fed025293435c7c05ca26364266a9edc32a69c8ddd9f726db0543af60a559291ac3ea03abcb5522567b54f86fd5ec14b519c40625871b7e00a85c244e57e5d5572a1589208b9c93cbc3370a5b69999a4ae548da7caab716b6a1c1dbebcf17b17d9b29d63903bdf689d9f77b5dc4aa1247a133396960e0606dc5de0f261a88fbe1b291b801c698639500353ffb07ef71fe6e9988947790768609aa2bcbcf531cf32aa460ba0807cc008599bac1a31aa7a5c491d738ac3e887ed5c7335d7f4a440daaa3ea16955ee966c1510a456abdfbe13879db082e85b5c4cb3090c6c658edb50257dcfc0151873a14e37a89f28d5b7f747f8b66f78d6adbaa0c9dca9fe63b9fa98a57731d47dfc0518ef61ddaafc66f303468d3bdbef41fc1d207d4037b40f92310248f29ae486e366cff89913886dabc40b071cc6ee1dff3da5dd2fd6c1a9f653da1cb58e459f8409a3d64a871ccf3323a5c106617a8679c8c3a8faadef23cfd44ef1cf0088fded955d849eeb6f89449f27c68d4c354510711ad84856e4ccf70c785fad5f6ec3662d7eda1e45af8dfdad10aa726119a13201a27d488e1ad81bad9d7e9a65688728a42b1f13907d385a8050d7e59610493b11e646d5d75117861ac866d31c29ecba32244a8ddf0820f6186f539320e9ed181abe1bbd14917c043c64c7ae032e4935b9b328d45cc341bf16291afa02c9e20c23467c6bd2bccf2dd4a2ca36ae7028af0fd2c2353232b1f2314c923d3bd8ea76deb564db613a3fedae62c67047a3bac4bfeb4d09fa441a0f1529df6678b0671968fe46e3bc405a68f0536366ee9ef3539cb660ad6bbfb06b9f75b81fae88af69d64c0083135d1b9f685cd9f6ce21d728dd3cea03997a11ca6c621c91416e4942288b67da218d0bc7f4c9d48bef61ad0a5ff8082709923669477ec0d1554f6949387264587bab122f564f19543badc5d4a2a75916e222c93ca955581a1bc0d2a34662d8109ea846fae7e3e113b50eadd8b2c7b281770bcb3ab9b15e64e922f63aab2495e30d8d135a01987bbd195a39e07c1a6e9aa42478559cb5ac40a57b8ed3d876701e161c05fbf511d99b66d2d24b97cf50be164d09183b483d9e1f265d851235aac6e9830d6c20d2b5e82bc2350f87830c00bb2f4db77b5ef5becba3e06dddbc57a288d5944f8ce4f9f48eec61a541119d7fb97437a261a6b2ec3d9c59941d79605f0115ba590106a78c9d9a8dc8493819ab7f8a501ed5f598b5d6002de4595a8d21c7990c42dca554b775d851a01221247b629f38cfc2fbd6ab79fd60dab03d17dee8a3989a3364245f26e4d372ed1ebceb653ade45d517458adec2179ea85ba206f605f29d7bab2468a309be7800caf1c37017fcd612be712d490a1f1ef38b0009664402c7a3196ebdd3bc9913b98532eb928b7ac06aac1aecd6ba9c4b92e962eca58c4025f31b5011b93ca4330ef78a009b4e66864cdcf76fabb00de421dea5281f2dc323d0922b59b80be09fa95cb379cf0a7925db8465d6d208ea5fcda33020a237238a2c430cf8dd04e9aa210690a475ca84aa7897eefcbe70e884ebbd8d602c88921c553be", 0xf81}], 0x1, 0x0)
splice(r0, 0x0, r2, 0x0, 0x802, 0x0)

23:25:33 executing program 0:
io_setup(0x5, &(0x7f0000000100)=<r0=>0x0)
io_pgetevents(r0, 0x1, 0x1, &(0x7f0000000140)=[{}], 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])

[  292.181297] Bluetooth: Unknown BR/EDR signaling command 0x0c
[  292.181938] Bluetooth: Wrong link type (-22)
[  292.185618] Bluetooth: hci4: ACL packet for unknown connection handle 485
23:25:33 executing program 6:
io_setup(0x5, &(0x7f0000000100)=<r0=>0x0)
io_pgetevents(r0, 0x1, 0x1, &(0x7f0000000140)=[{}], 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])

23:25:33 executing program 5:
clock_settime(0x0, &(0x7f0000000080)={0x77359400})

23:25:33 executing program 1:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5419, &(0x7f0000000000))

23:25:33 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40082104, 0x0)

23:25:33 executing program 7:
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="0186e9d6051415c90040"], 0xa)
syz_emit_vhci(&(0x7f0000000840)=ANY=[@ANYBLOB="02c850cc00c8000100034c080008000100020000000b08b00000000400bcbe84f86bcdab6fee9b6cb714ae142b9e5fb2bc4d467cdeffe6c166b243e962d44b187773554757e286dd60d8502a2469e5afeb123cb7a22d785b698abd9580bf593bb70888d45b6088de1e4e62cfacfa424792587c0a3ea438e0fba74567a9516ed834aacb7f1b80575f965c150c754074731b24dc237bfd0af009baf89b3e1ed03f84ea37c2d78fc1db9b4d0ab4e4becb9a56809aaad0431d8e0019b876881b27ffdb09d4f7ac949632a49c75e2e439064b04004000b1ee0322e726e961338c6803473077c2c0137dfeeeca5d9b1f36a7715105e394f50eb78f3a33c2d03d1993b9667be3168ea4ee18a261d487a21b3e30b8f6f7d7b170d9001c4d3f7cee5ca39482ff0d2978cb9739203aaf38506a66d00cb574af049125852d25800eaf678d5778f01d8e4326af3251e520f02a4336243c173d2f3254e41bbddbbb4c75fe2179d70722f1270ec9eccbdb38736b16dc10dc8e4d89d9d7eefd7e3861b9318b891cd88b8211fc4c5deb4404ff3d8d64949b10e5a4bf71731daf9708de3dce63b0be03622295c017e7f15f626a86bea2486406a6bade715ce2bb55be344f0dca6d01b5fbeebc609853750ab8db1f383bcaeb3ef078ac0f6161c6edda280d4a424a1f0737df9085ff40606e588bbdfb9f17e8da85b7ab64bc92b6502b39014a5c6830e76ac895ecccd0ea8b5306ecce4f52b73e581505eb89eb036656"], 0xd1)
syz_emit_vhci(&(0x7f0000000a80)=ANY=[@ANYBLOB="02c8002b01270101000c230500ff06000c0003000d0108000104ffff010004000106020045010e02030003007f0b07f500f78e8355da33ee23511e5b00e0d8243cd97e782803f4646545b73b22466badcb9114995e37b8c1c44015012b193ca5bd247a2f2a0e7665c201167c3a500073c013b640df64cdaae476827b4617d89f15fc0690a5bf69ac042743ab8ec0ebcdc663cfcf2ccde0dd9c344cc04a9aab3fb7f970c4d9239736d640003cde7fabebe01e106bda1671f2684d098bd76fe8cae8601f0d25abdfe7c590dc7fb6067906848e9f9d2053feaa2ca108b3e0cb0e6df604411f89cf89174cba48f762f7a157d6d7b4b89cad31cac7ee9c7337011b722416768b0a080c43969f1befdcb05adf6f3a8186b9596721fbc3a22be16efa6becf000000000"], 0x130)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="03c9009bc2301da5ff9150c5f6bf21f922e1bd5d81f09e76e2fde4fa06652f54c641cb2bcd5173d07d4e61232ab4bcad341e79ac04fbcacd83884c718903fe8368588a40bfbe3f3e35cb79d3ce7d9afecc2c554d22e6ba1073b5627ae24f8b574a7514ab50875b6b92736bbcb76bee493d2cc81fc2199dc5ab8e5197cc001764553c45a27545c6a8f473021e670d0fce2db2ede7913a2aae1bb941fdbb20ad9e33ad96cf7b69a35e64a51297250fc165362d9de1557cf5faa4ad2f1c72479bf315bfc0006fdccb9470772efcb3cebe286f955415de34fe3c930c4c31b32e48781784842ff06b30d70366e136b0eb786c09c3a96f3fe7a41e767f550dc83ee5589b3c26"], 0x9f)
syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="040f0404001104a8f502c7f56d7b64e8a8de75506f54588e80ba24a23f7c4f6af9aae09bb6ee1c57875aef328ca137ee37f43c9094fc209f4aa96f25caf67c31735e93fbaf989706d7907a36f7eb24ccea7e1b4a268c1a95efcf9a06297204c3d16ca08530b6d73f98b2734c1d2ee90cab81193ab5e117f85ded2403fa970c5f867c5f02457cb4f25ecc64299a320843ced0eb76f550382844a67188d025ae6304417a9055b0f872d9ee733e47e9d7a2279e1649ea2c1baf9f2beb1a87759347e1c01c22d3fe8b7a87c5907d4d5df0ec3f47fce67f11241c4ec384afa6bf7bf297e050c869a25c6ac143999e0f2d77f56ef1cf2dd1e7ec53fae4aa77bb6015e94bd0722955c5531ea54c3c8cc874076cf67162f4fa24b27bc400b48244fb0cd563f5f4c270a7409e7feba12ca6702644b1651662c795fc14d81edc0cbdee43367316dede18d0096fa844f20d39de22f33bfeafe09f885ef46115d85e46b8b7efdb3157932e23d619d3be81588bc9d04daa6c55c4331dd8a62882da5e066f32ff817c070a2fe7e521d8fbcf7f4375002734a3dd225b3ca5d4feba9890e5fabd02ef90c3b8404ec717d0ea92b9ddae"], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4c4c0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="02e52110f4c875250ad179ce0800014487223b0000000000000046ca883f149af2bdb82a1f3d89988932c4ae497edcaacd2a71973956a9487f80881d1cb5cfc5f56d5f8bda86e5d1075873118a131e327c250ca795cda0cf4822927d522693d22c999addeb68e6b407c08c6fb28f41408c"], 0x11)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x6, &(0x7f0000000080))
r1 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x40187013, &(0x7f0000000040)={0x0, 0x0, {0x1, 0x35, 0x0, 0x11, 0x0, 0x5}})
fcntl$setpipe(r1, 0x407, 0x7fff)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000085c0), &(0x7f0000008600)=0xc)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000140)={0x9, 0x8a2, 0x7, 0x1ff, 0x3})
bind$bt_l2cap(r3, &(0x7f0000000040)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe)

23:25:33 executing program 0:
io_setup(0x5, &(0x7f0000000100)=<r0=>0x0)
io_pgetevents(r0, 0x1, 0x1, &(0x7f0000000140)=[{}], 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])

03:33:20 executing program 6:
io_setup(0x5, &(0x7f0000000100)=<r0=>0x0)
io_pgetevents(r0, 0x1, 0x1, &(0x7f0000000140)=[{}], 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])

03:33:20 executing program 3:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000001080)="c36d2c4f35c42a7cf52cc6a23a609fc2fb5bef7d5a1300dfc5e1fdbd8764ab9883ad9bed49a61e138d85ecdcedfa140291268b63057f5e130570cdd15ccc394ec8d82eca06f154cbae6684b60452d9d521b9fb85128c4a2324bdcf4f804f250b952a10df4b2c454c2d0f9719b9934c5186628a78e1a4aa9c95fe210f1ade2874d77a3f1ae71b7dd577a74105f10b21063a0b8e956f32d45e044b35c80b7d8f295e36600af05a26fe71ea7be3c416a2b716dd96137fd74b4110c3276975d9913ddfb5cb60af5898ff5ee46bde5b476d1368b2f60da0093bd6a8c4b837b7175a3cc7980a4d86ff4b634d35fecfe95b17e838d44cac1dce9bed7782462cff40dad83b68d42622df3be75160030210214c69b61069a656c77d0be673f54343ea17d5b17dc3edca009a53db7bff10d06100fe86fbc4b97613643dc2ad767494bbd466bfbad877b668a45c744650bb7ac6307571a7f7d7bd2f73d0b34799dd1c2d928647f0b7a398bd40ec9f220dd342c48cfd238bff2bac5fd65a2cfb8e2aadd7081052f4d0306b28d74aeb85195d0efe48fbfa00eeaa0b3feb4d98735a73023863ee7b7286548524fa415cb4e698653287bd02bbf76faef8c5dedc3b121a6f19b9cce71bf4e98e37e61a81ad2dc15530975cd6b974a3060b828bc59bfc0c89ddf83ffad8d9ebafc2847db14a2749b65a5f5c39a94b80ed2e3e235e168fbab6cbf7edb101fda38ae2da5400d294e6258eebbd289b156e1c1efabd891f5b67ac7d990b147b29cb4ad38f5b7849f7c69ec62ad9e19f0629c05a4ce8d315edc7ee1fe242f693855e5db82946fa36d69860d9da06911d094ab48d36d3d784e1c21e4134f4e29df72c9ce8ac68fd7ae9d33ebcef8ee1376e11b7989c05cd9ddf9438ed5d10aabe7948d1ca7264df19d87c25c2d99a36de57d6d73f3bddbab956762a474d11d328caf59c5f0b9ab41c295fc6db0e85a876f899e0cf481ffe2c0467e88b3d1ce8129a439bf445f3ee7354cbadbc6b402f7194d58d39d47c18a2bc48a07da46ed715d45cbf83e1fa3307a0ed18aae4334a896d481d842089c8e61332c64584be9399b43bdb132caf0edaf953d059830ecb48157c7bd623ea18273b0ac0b7cccb73f4fcc5c7b41d58a2f4fdb7af199002be0b89cad485aa381f3180afddf902f171ebec8d290cbe991ed2e5d72305081a174340a32cf8a6a1c84062d5d93ab1156e66442b2aef758833da87f1e46baaeb044c444df419f392dcf3bd2dbe5591a00ba525381152ec7880cdadb0f539ece40b6f78f05c36073412558d6c38f92999540f560d3e7b9cb0230b74d13c5abdbeb9ca0088251030bfe14df9468c586256755f1a915721bce7420cff472c748861a8e73e46a2724e71ef7d9d02a2b5ccbe3400a2fffd6583bf013200ca47e9789f6ec5c0df9baad17a6e8e7ba2257b9960a6d1ddf36d18c57d3eaf7f79644e0386798a086334a1f208ea20f4696d8a266a2abf31a3b462f0a59845e8903b5714a284e89802d1493fe3f39e018795a8588adb97f6398c59035b82467a360a3d553b9bbc6cdabb682f1cb0ad8c9ca21af3b91c14e6ca85074da6745d268864c5f8dab183d5604a24adffa88f42336e7d77be672e178e2183756cdcd4ba5cf4e82e734012cfe5935d3bc08e6d959bd0d87be37791cdd5a9867c016ae8eeee4512ffbab65d590a9b754f743404cd9312714fa05bb0f79d70d1782e39cb2138027be7438de370d229f326898521a038358985331f2230101014d72e8ac8f9c2c47c4f039c8bd6793e39423e7958a82a1294fa4cc839bb5c3ea744869698ed417e340041d69e6abdc3b637c4a942176704a26beb9914cda4577994e17c3feba226d9ca56dcbe95bfdc88de0947548e890ee0c6ebb758445786b34473ea948c193179dba31349e014bdade2cb419679417c8efbe8d44ff847eee8173df7a9015df62628be01319161a1a9f165ceaf67e74030906ccfad489c14687d4ff3a647f24dfe8035caf0f8ec14cbbc949d5c849755f6d9a05f2ca0f9f251f759927344b8a1d8f39226b734face50284442cdbdc729f7276d21fa8984fa11fe834fbcf5b1febd5c53eca0feebb664645521f6f9df8d941cf2e9b31c8224166ca65732d29671216d90a297138c461849e984183431bcee15a413f39915f5dbe9664aee2ae585d053b317c9c1e06c6f6626d390de7a9ae18a76a0f130c1de7f9e7ad0a98943dc8d0313d3d85b7016a5eb845e1a418e58f297ff567ebe93246048e03b481fd572877f34b17738e002582db3016537b294cbd98274f13c4e2d822a207bc00fde8f7f157573ddb22de9e0f1015eec136fe71d90527e33d445c3924e89abb740a33e55d3155467b01ae6544b71edf52ddc9ba6895bccc129854517263edb18938ed5aa32745dcb075c61216ea7071e10e7d394920fa70c82b9011bf69ca26955218d22d1d9f1f65bd3a8a710a61392f0642f757cc382042e1f6f2cd04029db53edc8bc075c05b898afe05fd6fa14eccea36fec04e522706cbc13c21ab4d173067a43bca9cc026dfd348b454f1e6a17823d56d470af640f6632b2e59d9ff2f5c9e0f68125185a11c45ab50509239b71e1becd61c0223603e86c84eed4754c58dc060ba8f6348b2df8fccc679ec139e473326a6cd4486d6cd4768747dec44beea7b5e6950cb020dfae00046546d36392281481fa6aaf8a40810aa77ec16d404a8f3948b1736d1113f2b0cda29b96de3a404e8304418b6e99be36cd2ac736057a0f5f5676499da4acd5e73227e368d5555a0f1dd09307c45513f544785f6551087b060dfb539441386e2363f281c44b0a5096521e8ea0873a926f3b25f6044d5a843d63b0ab46b37af042ea2bc16e9dad73a8e4a25c6689a5b18b00d7b9686e59a5707b627f2b9c566a3a0c3b075c818f3b30716b2acac78bf1f84689c99eda60c981fab2285d4f62fa1d96163abf96ecd5567412740ecb7693e87022ac60566e0752e03bf263ba49902e85ced8598e818999f4214c0a272443eed8b6cde8af63c9f902bd20eb122f4d40e6ee6db25529684296700bada251a18d7fa2df177cedd504a1840e3e87e5b098b09202208782d9e72ce0b1c9eccfa717111682d6dffe10b2d60339f303a679c08efaddc89c3c2ca42a30f8be8ee1fa02695c485e29e433e98e334606e47783fcd6367abd52657863239e4ed1c7157e32b5b27c2d7b8cad8feb2533e307375478c38796e4f97a371fe3ed0b7707dd00355a116a9c877e4178040d7126381e106b5603d7a9c5d7b1c85243441bc0225f9aa05630dc30cbc4f9f77675aa617d816a4a6757649be9d99d137c6f79c764257348471cc04c2411773fe52014d32605a4f19f82aacc95fccd559eed4e772559ce3327d5380032a11fce736c84fa7962ff25848e60a71e0a5ec4bb8965be66ab569388c57b885daba36661a744427052358684084e786489e48f23143cf6e4cc747fafd8bcbb52307a1faa4ba75fd71d01076dbf29b743f2133936e1199d3de1fe67b030acf152f8b4e4f9e2d04765812a7a97a3bb08e19ec115960b60e5bac64bd551485b67bcda30932db1a27cc56e21a38bbd9c5f08d98e962d8ab023ddc4325d3d7a3ff2e03f5919e61edb104686468b0cd3d1c903854e7458a2b25fa642745ed7c822b3166d03e6e0e3cb5653919ac0965a7d37b50827a9a2bd292552c06c960bd6f4120e92be3f70e3f91f78ef254b02af8b1af1948dd9be10bc6b3e6112dff8fb043907c56e387f68b4da691d9f58fdc6b098cab39cd1f6d1bce7f596f9156043254c7c757f7138ca54db524f1c783fe81be990b08cde59c5618ed39fd7045fdd96cf01fd7e06dc2d3b6039d3a42b4d98881f844c33383f965dd6ac1804ef751f14522086888445e4836b3ecb60a046c8ad99c7579939f3376ab6f8fe31bc7db82b3de1c8caa1c660f82f8dd2d76257282759776eb133cc20b448f685fd1c805459d88bac04be8fec19911ee02e8fa59ca42425cacd8d5fed025293435c7c05ca26364266a9edc32a69c8ddd9f726db0543af60a559291ac3ea03abcb5522567b54f86fd5ec14b519c40625871b7e00a85c244e57e5d5572a1589208b9c93cbc3370a5b69999a4ae548da7caab716b6a1c1dbebcf17b17d9b29d63903bdf689d9f77b5dc4aa1247a133396960e0606dc5de0f261a88fbe1b291b801c698639500353ffb07ef71fe6e9988947790768609aa2bcbcf531cf32aa460ba0807cc008599bac1a31aa7a5c491d738ac3e887ed5c7335d7f4a440daaa3ea16955ee966c1510a456abdfbe13879db082e85b5c4cb3090c6c658edb50257dcfc0151873a14e37a89f28d5b7f747f8b66f78d6adbaa0c9dca9fe63b9fa98a57731d47dfc0518ef61ddaafc66f303468d3bdbef41fc1d207d4037b40f92310248f29ae486e366cff89913886dabc40b071cc6ee1dff3da5dd2fd6c1a9f653da1cb58e459f8409a3d64a871ccf3323a5c106617a8679c8c3a8faadef23cfd44ef1cf0088fded955d849eeb6f89449f27c68d4c354510711ad84856e4ccf70c785fad5f6ec3662d7eda1e45af8dfdad10aa726119a13201a27d488e1ad81bad9d7e9a65688728a42b1f13907d385a8050d7e59610493b11e646d5d75117861ac866d31c29ecba32244a8ddf0820f6186f539320e9ed181abe1bbd14917c043c64c7ae032e4935b9b328d45cc341bf16291afa02c9e20c23467c6bd2bccf2dd4a2ca36ae7028af0fd2c2353232b1f2314c923d3bd8ea76deb564db613a3fedae62c67047a3bac4bfeb4d09fa441a0f1529df6678b0671968fe46e3bc405a68f0536366ee9ef3539cb660ad6bbfb06b9f75b81fae88af69d64c0083135d1b9f685cd9f6ce21d728dd3cea03997a11ca6c621c91416e4942288b67da218d0bc7f4c9d48bef61ad0a5ff8082709923669477ec0d1554f6949387264587bab122f564f19543badc5d4a2a75916e222c93ca955581a1bc0d2a34662d8109ea846fae7e3e113b50eadd8b2c7b281770bcb3ab9b15e64e922f63aab2495e30d8d135a01987bbd195a39e07c1a6e9aa42478559cb5ac40a57b8ed3d876701e161c05fbf511d99b66d2d24b97cf50be164d09183b483d9e1f265d851235aac6e9830d6c20d2b5e82bc2350f87830c00bb2f4db77b5ef5becba3e06dddbc57a288d5944f8ce4f9f48eec61a541119d7fb97437a261a6b2ec3d9c59941d79605f0115ba590106a78c9d9a8dc8493819ab7f8a501ed5f598b5d6002de4595a8d21c7990c42dca554b775d851a01221247b629f38cfc2fbd6ab79fd60dab03d17dee8a3989a3364245f26e4d372ed1ebceb653ade45d517458adec2179ea85ba206f605f29d7bab2468a309be7800caf1c37017fcd612be712d490a1f1ef38b0009664402c7a3196ebdd3bc9913b98532eb928b7ac06aac1aecd6ba9c4b92e962eca58c4025f31b5011b93ca4330ef78a009b4e66864cdcf76fabb00de421dea5281f2dc323d0922b59b80be09fa95cb379cf0a7925db8465d6d208ea5fcda33020a237238a2c430cf8dd04e9aa210690a475ca84aa7897eefcbe70e884ebbd8d602c88921c553be", 0xf81}], 0x1, 0x0)
splice(r0, 0x0, r2, 0x0, 0x802, 0x0)

03:33:20 executing program 5:
clock_settime(0x0, &(0x7f0000000080)={0x77359400})

[  292.380376] Bluetooth: Unknown BR/EDR signaling command 0x0c
[  292.381092] Bluetooth: Wrong link type (-22)
[  292.386691] Bluetooth: hci4: ACL packet for unknown connection handle 485
03:33:20 executing program 0:
io_setup(0x5, &(0x7f0000000100)=<r0=>0x0)
io_pgetevents(r0, 0x1, 0x1, &(0x7f0000000140)=[{}], 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])

03:33:20 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40082104, 0x0)

03:33:20 executing program 5:
clock_settime(0x0, &(0x7f0000000080)={0x77359400})

03:33:20 executing program 7:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET_DEF(r0, 0x5416, 0x0)

03:33:20 executing program 6:
io_setup(0x5, &(0x7f0000000100)=<r0=>0x0)
io_pgetevents(r0, 0x1, 0x1, &(0x7f0000000140)=[{}], 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])

03:33:20 executing program 3:
epoll_create(0x6)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/schedstat\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f0000000080), 0x0, &(0x7f0000000100)={0x9}, &(0x7f0000000180), 0x0)

03:33:20 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a4", 0x1f0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
r2 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r2, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r2, 0x4, 0x44000)
sendfile(r2, r3, 0x0, 0xfdef)
sendfile(r0, r1, 0x0, 0xfdef)

03:33:20 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a4", 0x1f0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
r2 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r2, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r2, 0x4, 0x44000)
sendfile(r2, r3, 0x0, 0xfdef)
sendfile(r0, r1, 0x0, 0xfdef)

03:33:20 executing program 5:
clock_settime(0x0, &(0x7f0000000080)={0x77359400})

03:33:20 executing program 7:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET_DEF(r0, 0x5416, 0x0)

03:33:20 executing program 3:
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040))

03:33:20 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40082104, 0x0)

03:33:20 executing program 7:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET_DEF(r0, 0x5416, 0x0)

03:33:20 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mq_getsetattr(0xffffffffffffffff, 0x0, 0x0)

03:33:20 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40082104, 0x0)

03:33:20 executing program 7:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET_DEF(r0, 0x5416, 0x0)

03:33:20 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a4", 0x1f0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
r2 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r2, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r2, 0x4, 0x44000)
sendfile(r2, r3, 0x0, 0xfdef)
sendfile(r0, r1, 0x0, 0xfdef)

03:33:20 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000080))
r0 = shmget$private(0x0, 0x3000, 0xa50, &(0x7f0000ffd000/0x3000)=nil)
r1 = shmget$private(0x0, 0x1000, 0x40, &(0x7f0000ffd000/0x1000)=nil)
shmat(r1, &(0x7f0000ffb000/0x2000)=nil, 0xf000)
getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f00000000c0)=<r2=>0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x1100)
shmctl$IPC_RMID(r0, 0x0)
setresuid(0x0, r3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)=ANY=[@ANYBLOB="010000180000000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32=<r4=>0x0, @ANYBLOB='./file0\x00'])
shmctl$IPC_SET(r1, 0x1, &(0x7f0000000140)={{0x1, 0xffffffffffffffff, r2, r3, r4, 0x12, 0x3}, 0x55, 0x5, 0x3ff, 0x7ff, 0x0, 0xffffffffffffffff, 0x8000})
shmget$private(0x0, 0x1000, 0x10, &(0x7f0000ffe000/0x1000)=nil)
shmctl$IPC_SET(r0, 0x1, 0x0)

03:33:20 executing program 3:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000000)='nfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000000c0)=""/1, 0x1}, {0x0}], 0x2)

03:33:20 executing program 3:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000000)='nfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000000c0)=""/1, 0x1}, {0x0}], 0x2)

03:33:20 executing program 3:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000000)='nfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000000c0)=""/1, 0x1}, {0x0}], 0x2)

03:33:20 executing program 3:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000000)='nfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000000c0)=""/1, 0x1}, {0x0}], 0x2)

03:33:20 executing program 2:
openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = creat(&(0x7f0000000000)='./file1\x00', 0x0)
r1 = timerfd_create(0x0, 0x0)
timerfd_settime(r1, 0x3, &(0x7f0000000080)={{}, {0x0, 0x989680}}, 0x0)
timerfd_gettime(r1, 0x0)
dup(0xffffffffffffffff)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

03:33:20 executing program 0:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000040)={r0}, &(0x7f0000000100)={'enc=', 'oaep', ' hash=', {'sha3-512\x00'}}, 0x0, 0x0)

03:33:20 executing program 5:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000040)="a20e73f1b1812c8df6967520cdbfb383417a9437ee7abadfd3289b310750", 0x1e}], 0x1)

03:33:20 executing program 6:
sendmsg$sock(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@llc={0x1a, 0x307, 0x8, 0x64, 0x3, 0x20, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="20445a525d5ea02c8da2c2c4b4cf64dcada4338fc150dbbae070f1cac6901f92897858b5409483a612dffdecd8aab7f619eaac67d3123ff04e813d2154b5dd66d90a2139e00ffb59c47784f9700fbdba30690c224e4abb3aa7ec7802d7b74a38af8f0b9e9a24aaf727f582f0aaa29d6130d9648b142e65cfb97f43dae43772b1c48613239839a2bed699af300218595b1b4e0befef16d12e63dffa7703acde5b90340ae9f4daf065e55e94bfb281db", 0xaf}, {&(0x7f00000001c0)="85de0cf77c1f90d2ae9a3515c9c59bf505497324e31cc734123298272eb3e266cbebf9cceba344bf81794a18b24f6fa5827e3f865a8071d31b8b602acde4312c4a3d3cba0361c19e287e343a39b58c2e2624b7887dbb58c238fa0cefaeb060cce3b0e3937883ef339936cb24a3ce4bd2ce16a12bf056fff6d3f5b0f49c4b6dc9bee31960ee89eaa5da46535821fa60", 0x8f}], 0x2, &(0x7f0000000280)=[@mark={{0x14, 0x1, 0x24, 0x7fffffff}}, @timestamping={{0x14, 0x1, 0x25, 0x6d}}], 0x30}, 0x8000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, @perf_bp={0x0, 0xf}, 0x2430}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='.\x00', &(0x7f0000000440), 0x801, &(0x7f0000000480)={[{@huge_always}], [{@smackfsfloor={'smackfsfloor', 0x3d, '{#'}}]})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000014c0)={0x0, 0xfffffffffffffffc, 0x2})
stat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="610000007d010000004200bf920800000008000000000500000000000000000011410200000002000000060000000000002cef000f002f6465762f736e642f74696d6572000000000000000a006d61705f66696c657300", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0xee01], 0x61)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, 0x0)
copy_file_range(r0, &(0x7f00000000c0)=0x2703, r1, &(0x7f0000000100), 0x80000000, 0x0)
setuid(0xee01)
syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')

03:33:20 executing program 1:
io_uring_setup(0x2a28, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x49})

03:33:20 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cc, 0x0)

03:33:20 executing program 7:
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81208770}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

[  293.813084] tmpfs: Unsupported parameter 'huge'
03:33:20 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cc, 0x0)

03:33:20 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfa}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000180)='./file0\x00', 0x4000056)
dup3(r1, r0, 0x0)

03:33:20 executing program 2:
r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140))
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1)
chdir(&(0x7f0000000000)='./file0\x00')
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1000)
chown(&(0x7f00000009c0)='./file0\x00', r1, 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x0)

03:33:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @random="76847675c843"}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000040)=@mgmt_frame=@action={@with_ht={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x2}, @device_a, @broadcast, @random="6a13e741b347", {0x5}}, @ver_80211n={0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}}, @tdls_disc_req={0xc, 0xa, {0xd3, {0x65, 0x12, {@from_mac=@device_b, @device_b}}}}}, 0x33)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:33:20 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 1)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  293.920020] FAULT_INJECTION: forcing a failure.
[  293.920020] name failslab, interval 1, probability 0, space 0, times 1
[  293.921149] CPU: 1 UID: 0 PID: 12398 Comm: syz-executor.1 Not tainted 6.18.0-rc1-next-20251016 #1 PREEMPT(voluntary) 
[  293.921166] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  293.921173] Call Trace:
[  293.921177]  <TASK>
[  293.921182]  dump_stack_lvl+0xfa/0x120
[  293.921208]  should_fail_ex+0x4d7/0x5e0
[  293.921228]  ? sock_alloc_inode+0x27/0x1d0
[  293.921247]  should_failslab+0xc2/0x120
[  293.921267]  kmem_cache_alloc_lru_noprof+0x84/0x6e0
[  293.921282]  ? selinux_socket_create+0x99/0x590
[  293.921306]  ? sock_alloc_inode+0x27/0x1d0
[  293.921322]  sock_alloc_inode+0x27/0x1d0
[  293.921339]  ? __pfx_sock_alloc_inode+0x10/0x10
[  293.921357]  alloc_inode+0x67/0x250
[  293.921370]  sock_alloc+0x40/0x270
[  293.921388]  __sock_create+0xc1/0x810
[  293.921405]  __sys_socket+0x145/0x260
[  293.921418]  ? __pfx___sys_socket+0x10/0x10
[  293.921429]  ? ksys_write+0x1a3/0x240
[  293.921447]  ? __pfx_ksys_write+0x10/0x10
[  293.921468]  __x64_sys_socket+0x73/0xb0
[  293.921481]  do_syscall_64+0xbf/0x390
[  293.921501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.921514] RIP: 0033:0x7f700a616197
[  293.921523] Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  293.921535] RSP: 002b:00007f7007b890c8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  293.921547] RAX: ffffffffffffffda RBX: 00007f700a727f60 RCX: 00007f700a616197
[  293.921555] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  293.921567] RBP: 00007f7007b8a1d0 R08: 0000000000000000 R09: 0000000000000000
[  293.921574] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000001
[  293.921581] R13: 0000000000000036 R14: 0000000020000300 R15: 0000000000022000
[  293.921601]  </TASK>
[  293.934970] socket: no more sockets
[  293.942173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:21 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cc, 0x0)

03:33:21 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000000000000000076b8427a77706e00000000640001000006020202020202010882"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x64, r3, 0x302, 0x70bd26, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0x3}, @NL80211_MESHCONF_RSSI_THRESHOLD={0x8, 0x14, 0xffffffffffffffe0}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0xbc}, @NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME={0x6}, @NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0x80}]}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x3}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}]]}, 0x64}, 0x1, 0x0, 0x0, 0x4004000}, 0x4000000)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  293.964954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:21 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
set_mempolicy(0x3, &(0x7f0000000540)=0x1f, 0x2)
fork()

[  293.995227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.020500] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:21 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cc, 0x0)

[  294.031470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.052427] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:21 executing program 3:
syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7a28ac", 0x14, 0x3a, 0x0, @local, @loopback, {[], @ndisc_ns={0x87, 0x0, 0x0, @loopback}}}}}}, 0x0)

03:33:21 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x8, 0x20, 0xff, 0x2, 0x0, 0x0, 0x4020, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x80000000, 0x9}, 0x10, 0x0, 0x1ff, 0x5, 0x8, 0x858, 0x7ff, 0x0, 0x2, 0x0, 0xffff}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x1)
sigaltstack(&(0x7f0000ffc000/0x2000)=nil, &(0x7f00000004c0))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/77, 0x4d}, {&(0x7f0000000080)=""/235, 0xeb}, {&(0x7f0000000180)=""/241, 0xf1}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/75, 0x4b}], 0x6)
r1 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x54, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r2, 0xc020662a, &(0x7f0000000280)={0x3ff, 0x91, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000800)=[{&(0x7f0000000600)=""/14, 0xe}, {&(0x7f0000000640)=""/83, 0x53}, {&(0x7f0000000700)=""/231, 0xe7}], 0x3)
fork()

03:33:21 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 2)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  294.291806] tmpfs: Unsupported parameter 'huge'
03:33:21 executing program 6:
sendmsg$sock(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@llc={0x1a, 0x307, 0x8, 0x64, 0x3, 0x20, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="20445a525d5ea02c8da2c2c4b4cf64dcada4338fc150dbbae070f1cac6901f92897858b5409483a612dffdecd8aab7f619eaac67d3123ff04e813d2154b5dd66d90a2139e00ffb59c47784f9700fbdba30690c224e4abb3aa7ec7802d7b74a38af8f0b9e9a24aaf727f582f0aaa29d6130d9648b142e65cfb97f43dae43772b1c48613239839a2bed699af300218595b1b4e0befef16d12e63dffa7703acde5b90340ae9f4daf065e55e94bfb281db", 0xaf}, {&(0x7f00000001c0)="85de0cf77c1f90d2ae9a3515c9c59bf505497324e31cc734123298272eb3e266cbebf9cceba344bf81794a18b24f6fa5827e3f865a8071d31b8b602acde4312c4a3d3cba0361c19e287e343a39b58c2e2624b7887dbb58c238fa0cefaeb060cce3b0e3937883ef339936cb24a3ce4bd2ce16a12bf056fff6d3f5b0f49c4b6dc9bee31960ee89eaa5da46535821fa60", 0x8f}], 0x2, &(0x7f0000000280)=[@mark={{0x14, 0x1, 0x24, 0x7fffffff}}, @timestamping={{0x14, 0x1, 0x25, 0x6d}}], 0x30}, 0x8000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, @perf_bp={0x0, 0xf}, 0x2430}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='.\x00', &(0x7f0000000440), 0x801, &(0x7f0000000480)={[{@huge_always}], [{@smackfsfloor={'smackfsfloor', 0x3d, '{#'}}]})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000014c0)={0x0, 0xfffffffffffffffc, 0x2})
stat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="610000007d010000004200bf920800000008000000000500000000000000000011410200000002000000060000000000002cef000f002f6465762f736e642f74696d6572000000000000000a006d61705f66696c657300", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0xee01], 0x61)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, 0x0)
copy_file_range(r0, &(0x7f00000000c0)=0x2703, r1, &(0x7f0000000100), 0x80000000, 0x0)
setuid(0xee01)
syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')

[  294.333041] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.338878] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.347428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.359316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:21 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfa}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000180)='./file0\x00', 0x4000056)
dup3(r1, r0, 0x0)

[  294.369982] tmpfs: Unsupported parameter 'huge'
03:33:21 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x60, r1, 0x5, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x1}, @NL80211_ATTR_MESH_ID={0xa}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "509852ce00210a92755add1af36226746527de84e1af1552"}]]}, 0x60}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  294.409149] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.445093] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.458057] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.704458] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  294.705868] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  294.711798] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  294.714530] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  294.715425] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  294.717308] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  294.720035] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  294.720997] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  294.724160] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  294.764503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:21 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r2 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = dup2(r2, r2)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r1, 0x200, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x72}, @void, @void}}, [@NL80211_ATTR_PID={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:33:21 executing program 6:
sendmsg$sock(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@llc={0x1a, 0x307, 0x8, 0x64, 0x3, 0x20, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="20445a525d5ea02c8da2c2c4b4cf64dcada4338fc150dbbae070f1cac6901f92897858b5409483a612dffdecd8aab7f619eaac67d3123ff04e813d2154b5dd66d90a2139e00ffb59c47784f9700fbdba30690c224e4abb3aa7ec7802d7b74a38af8f0b9e9a24aaf727f582f0aaa29d6130d9648b142e65cfb97f43dae43772b1c48613239839a2bed699af300218595b1b4e0befef16d12e63dffa7703acde5b90340ae9f4daf065e55e94bfb281db", 0xaf}, {&(0x7f00000001c0)="85de0cf77c1f90d2ae9a3515c9c59bf505497324e31cc734123298272eb3e266cbebf9cceba344bf81794a18b24f6fa5827e3f865a8071d31b8b602acde4312c4a3d3cba0361c19e287e343a39b58c2e2624b7887dbb58c238fa0cefaeb060cce3b0e3937883ef339936cb24a3ce4bd2ce16a12bf056fff6d3f5b0f49c4b6dc9bee31960ee89eaa5da46535821fa60", 0x8f}], 0x2, &(0x7f0000000280)=[@mark={{0x14, 0x1, 0x24, 0x7fffffff}}, @timestamping={{0x14, 0x1, 0x25, 0x6d}}], 0x30}, 0x8000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, @perf_bp={0x0, 0xf}, 0x2430}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='.\x00', &(0x7f0000000440), 0x801, &(0x7f0000000480)={[{@huge_always}], [{@smackfsfloor={'smackfsfloor', 0x3d, '{#'}}]})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000014c0)={0x0, 0xfffffffffffffffc, 0x2})
stat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="610000007d010000004200bf920800000008000000000500000000000000000011410200000002000000060000000000002cef000f002f6465762f736e642f74696d6572000000000000000a006d61705f66696c657300", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0xee01], 0x61)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, 0x0)
copy_file_range(r0, &(0x7f00000000c0)=0x2703, r1, &(0x7f0000000100), 0x80000000, 0x0)
setuid(0xee01)
syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')

03:33:21 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x8, 0x20, 0xff, 0x2, 0x0, 0x0, 0x4020, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x80000000, 0x9}, 0x10, 0x0, 0x1ff, 0x5, 0x8, 0x858, 0x7ff, 0x0, 0x2, 0x0, 0xffff}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x1)
sigaltstack(&(0x7f0000ffc000/0x2000)=nil, &(0x7f00000004c0))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/77, 0x4d}, {&(0x7f0000000080)=""/235, 0xeb}, {&(0x7f0000000180)=""/241, 0xf1}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/75, 0x4b}], 0x6)
r1 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x54, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r2, 0xc020662a, &(0x7f0000000280)={0x3ff, 0x91, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000800)=[{&(0x7f0000000600)=""/14, 0xe}, {&(0x7f0000000640)=""/83, 0x53}, {&(0x7f0000000700)=""/231, 0xe7}], 0x3)
fork()

03:33:21 executing program 2:
sendmsg$sock(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@llc={0x1a, 0x307, 0x8, 0x64, 0x3, 0x20, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="20445a525d5ea02c8da2c2c4b4cf64dcada4338fc150dbbae070f1cac6901f92897858b5409483a612dffdecd8aab7f619eaac67d3123ff04e813d2154b5dd66d90a2139e00ffb59c47784f9700fbdba30690c224e4abb3aa7ec7802d7b74a38af8f0b9e9a24aaf727f582f0aaa29d6130d9648b142e65cfb97f43dae43772b1c48613239839a2bed699af300218595b1b4e0befef16d12e63dffa7703acde5b90340ae9f4daf065e55e94bfb281db", 0xaf}, {&(0x7f00000001c0)="85de0cf77c1f90d2ae9a3515c9c59bf505497324e31cc734123298272eb3e266cbebf9cceba344bf81794a18b24f6fa5827e3f865a8071d31b8b602acde4312c4a3d3cba0361c19e287e343a39b58c2e2624b7887dbb58c238fa0cefaeb060cce3b0e3937883ef339936cb24a3ce4bd2ce16a12bf056fff6d3f5b0f49c4b6dc9bee31960ee89eaa5da46535821fa60", 0x8f}], 0x2, &(0x7f0000000280)=[@mark={{0x14, 0x1, 0x24, 0x7fffffff}}, @timestamping={{0x14, 0x1, 0x25, 0x6d}}], 0x30}, 0x8000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, @perf_bp={0x0, 0xf}, 0x2430}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='.\x00', &(0x7f0000000440), 0x801, &(0x7f0000000480)={[{@huge_always}], [{@smackfsfloor={'smackfsfloor', 0x3d, '{#'}}]})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000014c0)={0x0, 0xfffffffffffffffc, 0x2})
stat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="610000007d010000004200bf920800000008000000000500000000000000000011410200000002000000060000000000002cef000f002f6465762f736e642f74696d6572000000000000000a006d61705f66696c657300", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0xee01], 0x61)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, 0x0)
copy_file_range(r0, &(0x7f00000000c0)=0x2703, r1, &(0x7f0000000100), 0x80000000, 0x0)
setuid(0xee01)
syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')

03:33:21 executing program 7:
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81208770}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

03:33:21 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfa}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000180)='./file0\x00', 0x4000056)
dup3(r1, r0, 0x0)

03:33:21 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x50, r1, 0x20, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x524e, 0x76}}}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x7}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0xd}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x20004080}, 0x48040)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:33:21 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 3)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  294.840401] FAULT_INJECTION: forcing a failure.
[  294.840401] name failslab, interval 1, probability 0, space 0, times 0
[  294.841082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.841354] CPU: 0 UID: 0 PID: 12459 Comm: syz-executor.1 Not tainted 6.18.0-rc1-next-20251016 #1 PREEMPT(voluntary) 
[  294.841371] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  294.841379] Call Trace:
[  294.841384]  <TASK>
[  294.841392]  dump_stack_lvl+0xfa/0x120
[  294.841418]  should_fail_ex+0x4d7/0x5e0
[  294.841439]  ? security_inode_alloc+0x3e/0x130
[  294.841454]  should_failslab+0xc2/0x120
[  294.841474]  kmem_cache_alloc_noprof+0x80/0x690
[  294.841488]  ? __pfx_map_id_range_down+0x10/0x10
[  294.841510]  ? security_inode_alloc+0x3e/0x130
[  294.841524]  security_inode_alloc+0x3e/0x130
[  294.841540]  inode_init_always_gfp+0xc94/0xff0
[  294.841562]  alloc_inode+0x8d/0x250
[  294.841574]  sock_alloc+0x40/0x270
[  294.841594]  __sock_create+0xc1/0x810
[  294.841611]  __sys_socket+0x145/0x260
[  294.841624]  ? __pfx___sys_socket+0x10/0x10
[  294.841635]  ? ksys_write+0x1a3/0x240
[  294.841653]  ? __pfx_ksys_write+0x10/0x10
[  294.841674]  __x64_sys_socket+0x73/0xb0
[  294.841687]  do_syscall_64+0xbf/0x390
[  294.841706]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.841720] RIP: 0033:0x7f700a616197
[  294.841729] Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  294.841742] RSP: 002b:00007f7007b890c8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  294.841754] RAX: ffffffffffffffda RBX: 00007f700a727f60 RCX: 00007f700a616197
[  294.841762] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  294.841769] RBP: 00007f7007b8a1d0 R08: 0000000000000000 R09: 0000000000000000
[  294.841776] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000001
[  294.841783] R13: 0000000000000036 R14: 0000000020000300 R15: 0000000000022000
[  294.841803]  </TASK>
[  294.841860] socket: no more sockets
[  294.846695] tmpfs: Unsupported parameter 'huge'
[  294.857507] tmpfs: Unsupported parameter 'huge'
[  294.858465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:21 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfa}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000180)='./file0\x00', 0x4000056)
dup3(r1, r0, 0x0)

[  294.868375] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.876265] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.911319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:21 executing program 6:
sendmsg$sock(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@llc={0x1a, 0x307, 0x8, 0x64, 0x3, 0x20, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="20445a525d5ea02c8da2c2c4b4cf64dcada4338fc150dbbae070f1cac6901f92897858b5409483a612dffdecd8aab7f619eaac67d3123ff04e813d2154b5dd66d90a2139e00ffb59c47784f9700fbdba30690c224e4abb3aa7ec7802d7b74a38af8f0b9e9a24aaf727f582f0aaa29d6130d9648b142e65cfb97f43dae43772b1c48613239839a2bed699af300218595b1b4e0befef16d12e63dffa7703acde5b90340ae9f4daf065e55e94bfb281db", 0xaf}, {&(0x7f00000001c0)="85de0cf77c1f90d2ae9a3515c9c59bf505497324e31cc734123298272eb3e266cbebf9cceba344bf81794a18b24f6fa5827e3f865a8071d31b8b602acde4312c4a3d3cba0361c19e287e343a39b58c2e2624b7887dbb58c238fa0cefaeb060cce3b0e3937883ef339936cb24a3ce4bd2ce16a12bf056fff6d3f5b0f49c4b6dc9bee31960ee89eaa5da46535821fa60", 0x8f}], 0x2, &(0x7f0000000280)=[@mark={{0x14, 0x1, 0x24, 0x7fffffff}}, @timestamping={{0x14, 0x1, 0x25, 0x6d}}], 0x30}, 0x8000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, @perf_bp={0x0, 0xf}, 0x2430}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='.\x00', &(0x7f0000000440), 0x801, &(0x7f0000000480)={[{@huge_always}], [{@smackfsfloor={'smackfsfloor', 0x3d, '{#'}}]})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000014c0)={0x0, 0xfffffffffffffffc, 0x2})
stat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="610000007d010000004200bf920800000008000000000500000000000000000011410200000002000000060000000000002cef000f002f6465762f736e642f74696d6572000000000000000a006d61705f66696c657300", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0xee01], 0x61)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, 0x0)
copy_file_range(r0, &(0x7f00000000c0)=0x2703, r1, &(0x7f0000000100), 0x80000000, 0x0)
setuid(0xee01)
syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')

03:33:21 executing program 2:
sendmsg$sock(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@llc={0x1a, 0x307, 0x8, 0x64, 0x3, 0x20, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="20445a525d5ea02c8da2c2c4b4cf64dcada4338fc150dbbae070f1cac6901f92897858b5409483a612dffdecd8aab7f619eaac67d3123ff04e813d2154b5dd66d90a2139e00ffb59c47784f9700fbdba30690c224e4abb3aa7ec7802d7b74a38af8f0b9e9a24aaf727f582f0aaa29d6130d9648b142e65cfb97f43dae43772b1c48613239839a2bed699af300218595b1b4e0befef16d12e63dffa7703acde5b90340ae9f4daf065e55e94bfb281db", 0xaf}, {&(0x7f00000001c0)="85de0cf77c1f90d2ae9a3515c9c59bf505497324e31cc734123298272eb3e266cbebf9cceba344bf81794a18b24f6fa5827e3f865a8071d31b8b602acde4312c4a3d3cba0361c19e287e343a39b58c2e2624b7887dbb58c238fa0cefaeb060cce3b0e3937883ef339936cb24a3ce4bd2ce16a12bf056fff6d3f5b0f49c4b6dc9bee31960ee89eaa5da46535821fa60", 0x8f}], 0x2, &(0x7f0000000280)=[@mark={{0x14, 0x1, 0x24, 0x7fffffff}}, @timestamping={{0x14, 0x1, 0x25, 0x6d}}], 0x30}, 0x8000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, @perf_bp={0x0, 0xf}, 0x2430}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='.\x00', &(0x7f0000000440), 0x801, &(0x7f0000000480)={[{@huge_always}], [{@smackfsfloor={'smackfsfloor', 0x3d, '{#'}}]})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000014c0)={0x0, 0xfffffffffffffffc, 0x2})
stat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="610000007d010000004200bf920800000008000000000500000000000000000011410200000002000000060000000000002cef000f002f6465762f736e642f74696d6572000000000000000a006d61705f66696c657300", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0xee01], 0x61)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, 0x0)
copy_file_range(r0, &(0x7f00000000c0)=0x2703, r1, &(0x7f0000000100), 0x80000000, 0x0)
setuid(0xee01)
syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')

[  294.965829] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:22 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x8, 0x20, 0xff, 0x2, 0x0, 0x0, 0x4020, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x80000000, 0x9}, 0x10, 0x0, 0x1ff, 0x5, 0x8, 0x858, 0x7ff, 0x0, 0x2, 0x0, 0xffff}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x1)
sigaltstack(&(0x7f0000ffc000/0x2000)=nil, &(0x7f00000004c0))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/77, 0x4d}, {&(0x7f0000000080)=""/235, 0xeb}, {&(0x7f0000000180)=""/241, 0xf1}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/75, 0x4b}], 0x6)
r1 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x54, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r2, 0xc020662a, &(0x7f0000000280)={0x3ff, 0x91, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000800)=[{&(0x7f0000000600)=""/14, 0xe}, {&(0x7f0000000640)=""/83, 0x53}, {&(0x7f0000000700)=""/231, 0xe7}], 0x3)
fork()

[  295.050703] tmpfs: Unsupported parameter 'huge'
[  295.059825] tmpfs: Unsupported parameter 'huge'
[  295.176475] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  295.282122] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  295.331398] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  295.380865] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  295.671051] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  295.672083] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  295.673331] Bluetooth: hci4: Opcode 0x0c1a failed: -4
03:33:22 executing program 2:
sendmsg$sock(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@llc={0x1a, 0x307, 0x8, 0x64, 0x3, 0x20, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="20445a525d5ea02c8da2c2c4b4cf64dcada4338fc150dbbae070f1cac6901f92897858b5409483a612dffdecd8aab7f619eaac67d3123ff04e813d2154b5dd66d90a2139e00ffb59c47784f9700fbdba30690c224e4abb3aa7ec7802d7b74a38af8f0b9e9a24aaf727f582f0aaa29d6130d9648b142e65cfb97f43dae43772b1c48613239839a2bed699af300218595b1b4e0befef16d12e63dffa7703acde5b90340ae9f4daf065e55e94bfb281db", 0xaf}, {&(0x7f00000001c0)="85de0cf77c1f90d2ae9a3515c9c59bf505497324e31cc734123298272eb3e266cbebf9cceba344bf81794a18b24f6fa5827e3f865a8071d31b8b602acde4312c4a3d3cba0361c19e287e343a39b58c2e2624b7887dbb58c238fa0cefaeb060cce3b0e3937883ef339936cb24a3ce4bd2ce16a12bf056fff6d3f5b0f49c4b6dc9bee31960ee89eaa5da46535821fa60", 0x8f}], 0x2, &(0x7f0000000280)=[@mark={{0x14, 0x1, 0x24, 0x7fffffff}}, @timestamping={{0x14, 0x1, 0x25, 0x6d}}], 0x30}, 0x8000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, @perf_bp={0x0, 0xf}, 0x2430}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='.\x00', &(0x7f0000000440), 0x801, &(0x7f0000000480)={[{@huge_always}], [{@smackfsfloor={'smackfsfloor', 0x3d, '{#'}}]})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000014c0)={0x0, 0xfffffffffffffffc, 0x2})
stat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="610000007d010000004200bf920800000008000000000500000000000000000011410200000002000000060000000000002cef000f002f6465762f736e642f74696d6572000000000000000a006d61705f66696c657300", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0xee01], 0x61)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, 0x0)
copy_file_range(r0, &(0x7f00000000c0)=0x2703, r1, &(0x7f0000000100), 0x80000000, 0x0)
setuid(0xee01)
syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')

03:33:22 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 4)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:33:22 executing program 5:
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81208770}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

03:33:22 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x8, 0x20, 0xff, 0x2, 0x0, 0x0, 0x4020, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x80000000, 0x9}, 0x10, 0x0, 0x1ff, 0x5, 0x8, 0x858, 0x7ff, 0x0, 0x2, 0x0, 0xffff}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x1)
sigaltstack(&(0x7f0000ffc000/0x2000)=nil, &(0x7f00000004c0))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/77, 0x4d}, {&(0x7f0000000080)=""/235, 0xeb}, {&(0x7f0000000180)=""/241, 0xf1}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/75, 0x4b}], 0x6)
r1 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x54, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r2, 0xc020662a, &(0x7f0000000280)={0x3ff, 0x91, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000800)=[{&(0x7f0000000600)=""/14, 0xe}, {&(0x7f0000000640)=""/83, 0x53}, {&(0x7f0000000700)=""/231, 0xe7}], 0x3)
fork()

03:33:22 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x8, 0x20, 0xff, 0x2, 0x0, 0x0, 0x4020, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x80000000, 0x9}, 0x10, 0x0, 0x1ff, 0x5, 0x8, 0x858, 0x7ff, 0x0, 0x2, 0x0, 0xffff}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x1)
sigaltstack(&(0x7f0000ffc000/0x2000)=nil, &(0x7f00000004c0))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/77, 0x4d}, {&(0x7f0000000080)=""/235, 0xeb}, {&(0x7f0000000180)=""/241, 0xf1}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/75, 0x4b}], 0x6)
r1 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x54, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r2, 0xc020662a, &(0x7f0000000280)={0x3ff, 0x91, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000800)=[{&(0x7f0000000600)=""/14, 0xe}, {&(0x7f0000000640)=""/83, 0x53}, {&(0x7f0000000700)=""/231, 0xe7}], 0x3)
fork()

03:33:22 executing program 7:
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81208770}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

03:33:22 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=ANY=[@ANYBLOB="10050000080211000001080211000000080211000000200001000000a2f7a353f50c95790c121824"], 0x28)

[  295.729679] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  295.736749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:22 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0xe8, r3, 0x100, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xf8, 0x55}}}}, [@NL80211_ATTR_QOS_MAP={0x20, 0xc7, {[{0x4, 0x5}, {0x0, 0x5}, {0x3, 0x6}, {0x10}, {0x9d, 0x3}, {0xff, 0x2}, {0x1, 0x7}, {0xc, 0x6}, {0x1, 0x6}, {0x1, 0x5}], "882b3deb3ba00dbb"}}, @NL80211_ATTR_QOS_MAP={0x22, 0xc7, {[{0xab, 0x2}, {0xf8, 0x3}, {0x1, 0x1}, {0x9, 0x4}, {0x89, 0x6}, {0x7, 0x3}, {0x5, 0x3}, {0xfb, 0x6}, {0x12, 0x3}, {0x2, 0x3}, {0x1, 0x7}], "07f148de7113cf21"}}, @NL80211_ATTR_QOS_MAP={0x10, 0xc7, {[{}, {0x64, 0x4}], "c25f086035c36ed8"}}, @NL80211_ATTR_QOS_MAP={0x20, 0xc7, {[{0x8}, {0x4, 0x4}, {0x6, 0x3}, {0x9b, 0x2}, {0x4, 0x6}, {0x3, 0x6}, {0x5, 0x3}, {0x0, 0x4}, {0x40, 0x2}, {0xff, 0x7}], "6f9fca7ea37fa9ee"}}, @NL80211_ATTR_QOS_MAP={0x16, 0xc7, {[{0x4}, {0xc8, 0x2}, {0x7f, 0x6}, {0x6e, 0x1}, {0x20, 0x4}], "44e83eb1dee4622b"}}, @NL80211_ATTR_QOS_MAP={0x34, 0xc7, {[{0x6, 0x3}, {0x80, 0x4}, {0x8, 0x6}, {0x20}, {0x4}, {0x48}, {0x40}, {0x20, 0x5}, {0xff, 0x3}, {0x81, 0x2}, {0x98, 0x2}, {0x9}, {0x3, 0x6}, {0x3, 0x5}, {0xc0, 0x5}, {0x5, 0x6}, {0x80, 0x3}, {0x8, 0x5}, {0x8, 0x3}, {0x1, 0x7}], "a7651b966c89c360"}}]}, 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0xc000)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r4, 0x800, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x9}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05000000b10053", @ANYRES32=r2, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300), &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="50bc020008021100000008021100000150505050505038001001000800f601000202020100"/50], 0x32)

[  295.739404] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  295.773142] tmpfs: Unsupported parameter 'huge'
[  295.778791] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  295.793378] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  295.794487] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  295.850109] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.104340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.108917] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.156924] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.206472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.555659] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  296.557319] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  296.559640] Bluetooth: hci4: Opcode 0x0c1a failed: -4
03:33:23 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 5)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:33:23 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x8, 0x20, 0xff, 0x2, 0x0, 0x0, 0x4020, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x80000000, 0x9}, 0x10, 0x0, 0x1ff, 0x5, 0x8, 0x858, 0x7ff, 0x0, 0x2, 0x0, 0xffff}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x1)
sigaltstack(&(0x7f0000ffc000/0x2000)=nil, &(0x7f00000004c0))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/77, 0x4d}, {&(0x7f0000000080)=""/235, 0xeb}, {&(0x7f0000000180)=""/241, 0xf1}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/75, 0x4b}], 0x6)
r1 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x54, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r2, 0xc020662a, &(0x7f0000000280)={0x3ff, 0x91, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000800)=[{&(0x7f0000000600)=""/14, 0xe}, {&(0x7f0000000640)=""/83, 0x53}, {&(0x7f0000000700)=""/231, 0xe7}], 0x3)
fork()

03:33:23 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x8, 0x20, 0xff, 0x2, 0x0, 0x0, 0x4020, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x80000000, 0x9}, 0x10, 0x0, 0x1ff, 0x5, 0x8, 0x858, 0x7ff, 0x0, 0x2, 0x0, 0xffff}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x1)
sigaltstack(&(0x7f0000ffc000/0x2000)=nil, &(0x7f00000004c0))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/77, 0x4d}, {&(0x7f0000000080)=""/235, 0xeb}, {&(0x7f0000000180)=""/241, 0xf1}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/75, 0x4b}], 0x6)
r1 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x54, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r2, 0xc020662a, &(0x7f0000000280)={0x3ff, 0x91, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000800)=[{&(0x7f0000000600)=""/14, 0xe}, {&(0x7f0000000640)=""/83, 0x53}, {&(0x7f0000000700)=""/231, 0xe7}], 0x3)
fork()

03:33:23 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x6)
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x4, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0x38, r8, 0x1, 0x0, 0x0, {{0x39}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x5}]}]}]}, 0x38}}, 0x0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r4, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x80, r1, 0x20, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0xfffffffa, 0x16}}}}, [@NL80211_ATTR_QOS_MAP={0x20, 0xc7, {[{0x1f, 0x3}, {0x8, 0x4}, {0x0, 0x4}, {0x40, 0x6}, {0x0, 0x2}, {0x0, 0x1}, {0x6, 0x4}, {0x7, 0x7}, {0x5, 0x1}, {0x51, 0x3}], "17cb4bf1974ab6b7"}}, @NL80211_ATTR_QOS_MAP={0x36, 0xc7, {[{0x20, 0x4}, {0x3, 0x4}, {0xb3, 0x7}, {0x0, 0x4}, {0x49}, {0x2, 0x5}, {0x6, 0x4}, {0x7f, 0x4}, {0x4, 0x6}, {0x9, 0x1}, {0x7, 0x7}, {0x40, 0x7}, {0x5, 0x3}, {0x78, 0x5}, {0x2, 0x2}, {0x6, 0x6}, {0x4, 0x1}, {0x4, 0x7}, {0x5, 0x2}, {0xff, 0x2}, {0x80, 0x1}], "9c50297f7ca88d6d"}}]}, 0x80}, 0x1, 0x0, 0x0, 0x8004}, 0x6e6f8498c0f1c018)
sendmsg$TIPC_CMD_SET_LINK_TOL(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x8, 0x70bd28, 0x25dfdbfd, {{}, {}, {0x4c, 0x18, {0x4, @media='ib\x00'}}}, ["", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x40001)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:33:23 executing program 7:
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81208770}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

03:33:23 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000680)={'wlan1\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r3, @ANYBLOB="080000004f8a4270defc666a5aaf00008d6d461b1fcf46cf9a0b217d6d274872c457a2dc31932ede086d67e5a762bde5caf614c3eaec486285b7aab683b2aecf06a2aa10a60d04311dea2db705bd6ab3d68ca7bd65981f866a6b77427cae0526b6a650053f6b0b3e2d08b5df2d2f24e071ae284d7796ab251895144b88c16f7712f8484f"], 0x24}}, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000006c0), r0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r3, @ANYBLOB="0a00340002020202020200000a004d87e75198e67b06000802110000000000080035000000000008"], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {0x8}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)={0x2c, r2, 0x20, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1f}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x24020010)
openat$sr(0xffffffffffffff9c, &(0x7f0000000180), 0x20102, 0x0)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=ANY=[@ANYBLOB="b000000008021100000600021100000008022f0000001000000002000000"], 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:33:23 executing program 5:
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81208770}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

[  296.775449] FAULT_INJECTION: forcing a failure.
[  296.775449] name failslab, interval 1, probability 0, space 0, times 0
[  296.776899] CPU: 0 UID: 0 PID: 12522 Comm: syz-executor.1 Not tainted 6.18.0-rc1-next-20251016 #1 PREEMPT(voluntary) 
[  296.776921] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  296.776931] Call Trace:
[  296.776937]  <TASK>
[  296.776943]  dump_stack_lvl+0xfa/0x120
[  296.776977]  should_fail_ex+0x4d7/0x5e0
[  296.777003]  should_failslab+0xc2/0x120
[  296.777029]  __kmalloc_noprof+0xd6/0x770
[  296.777048]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  296.777069]  ? sk_prot_alloc+0x157/0x280
[  296.777090]  ? sk_prot_alloc+0x157/0x280
[  296.777103]  sk_prot_alloc+0x157/0x280
[  296.777121]  sk_alloc+0x34/0xbd0
[  296.777140]  ? __pfx_genl_release+0x10/0x10
[  296.777162]  __netlink_create+0x5d/0x280
[  296.777177]  ? __wake_up+0x3f/0x60
[  296.777198]  netlink_create+0x3ad/0x620
[  296.777215]  ? __pfx_genl_bind+0x10/0x10
[  296.777233]  ? __pfx_genl_unbind+0x10/0x10
[  296.777255]  __sock_create+0x369/0x810
[  296.777275]  __sys_socket+0x145/0x260
[  296.777290]  ? __pfx___sys_socket+0x10/0x10
[  296.777304]  ? ksys_write+0x1a3/0x240
[  296.777324]  ? __pfx_ksys_write+0x10/0x10
[  296.777349]  __x64_sys_socket+0x73/0xb0
[  296.777364]  do_syscall_64+0xbf/0x390
[  296.777387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.777403] RIP: 0033:0x7f700a616197
[  296.777414] Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  296.777428] RSP: 002b:00007f7007b890c8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  296.777442] RAX: ffffffffffffffda RBX: 00007f700a727f60 RCX: 00007f700a616197
[  296.777451] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  296.777460] RBP: 00007f7007b8a1d0 R08: 0000000000000000 R09: 0000000000000000
[  296.777469] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000001
[  296.777477] R13: 0000000000000036 R14: 0000000020000300 R15: 0000000000022000
[  296.777498]  </TASK>
[  296.792178] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:23 executing program 3:
sendmsg$sock(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@llc={0x1a, 0x307, 0x8, 0x64, 0x3, 0x20, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="20445a525d5ea02c8da2c2c4b4cf64dcada4338fc150dbbae070f1cac6901f92897858b5409483a612dffdecd8aab7f619eaac67d3123ff04e813d2154b5dd66d90a2139e00ffb59c47784f9700fbdba30690c224e4abb3aa7ec7802d7b74a38af8f0b9e9a24aaf727f582f0aaa29d6130d9648b142e65cfb97f43dae43772b1c48613239839a2bed699af300218595b1b4e0befef16d12e63dffa7703acde5b90340ae9f4daf065e55e94bfb281db", 0xaf}, {&(0x7f00000001c0)="85de0cf77c1f90d2ae9a3515c9c59bf505497324e31cc734123298272eb3e266cbebf9cceba344bf81794a18b24f6fa5827e3f865a8071d31b8b602acde4312c4a3d3cba0361c19e287e343a39b58c2e2624b7887dbb58c238fa0cefaeb060cce3b0e3937883ef339936cb24a3ce4bd2ce16a12bf056fff6d3f5b0f49c4b6dc9bee31960ee89eaa5da46535821fa60", 0x8f}], 0x2, &(0x7f0000000280)=[@mark={{0x14, 0x1, 0x24, 0x7fffffff}}, @timestamping={{0x14, 0x1, 0x25, 0x6d}}], 0x30}, 0x8000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, @perf_bp={0x0, 0xf}, 0x2430}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='.\x00', &(0x7f0000000440), 0x801, &(0x7f0000000480)={[{@huge_always}], [{@smackfsfloor={'smackfsfloor', 0x3d, '{#'}}]})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000014c0)={0x0, 0xfffffffffffffffc, 0x2})
stat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="610000007d010000004200bf920800000008000000000500000000000000000011410200000002000000060000000000002cef000f002f6465762f736e642f74696d6572000000000000000a006d61705f66696c657300", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0xee01], 0x61)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, 0x0)
copy_file_range(r0, &(0x7f00000000c0)=0x2703, r1, &(0x7f0000000100), 0x80000000, 0x0)
setuid(0xee01)
syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')

[  296.804500] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.829731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.832548] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  296.838414] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.902069] tmpfs: Unsupported parameter 'huge'
03:33:23 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x8, 0x20, 0xff, 0x2, 0x0, 0x0, 0x4020, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x80000000, 0x9}, 0x10, 0x0, 0x1ff, 0x5, 0x8, 0x858, 0x7ff, 0x0, 0x2, 0x0, 0xffff}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x1)
sigaltstack(&(0x7f0000ffc000/0x2000)=nil, &(0x7f00000004c0))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/77, 0x4d}, {&(0x7f0000000080)=""/235, 0xeb}, {&(0x7f0000000180)=""/241, 0xf1}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/75, 0x4b}], 0x6)
r1 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x54, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r2, 0xc020662a, &(0x7f0000000280)={0x3ff, 0x91, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000800)=[{&(0x7f0000000600)=""/14, 0xe}, {&(0x7f0000000640)=""/83, 0x53}, {&(0x7f0000000700)=""/231, 0xe7}], 0x3)
fork()

[  296.927934] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:24 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x8, 0x20, 0xff, 0x2, 0x0, 0x0, 0x4020, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x80000000, 0x9}, 0x10, 0x0, 0x1ff, 0x5, 0x8, 0x858, 0x7ff, 0x0, 0x2, 0x0, 0xffff}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x1)
sigaltstack(&(0x7f0000ffc000/0x2000)=nil, &(0x7f00000004c0))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/77, 0x4d}, {&(0x7f0000000080)=""/235, 0xeb}, {&(0x7f0000000180)=""/241, 0xf1}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/75, 0x4b}], 0x6)
r1 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x54, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r2, 0xc020662a, &(0x7f0000000280)={0x3ff, 0x91, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000800)=[{&(0x7f0000000600)=""/14, 0xe}, {&(0x7f0000000640)=""/83, 0x53}, {&(0x7f0000000700)=""/231, 0xe7}], 0x3)
fork()

[  296.985434] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:24 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x8, 0x20, 0xff, 0x2, 0x0, 0x0, 0x4020, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x80000000, 0x9}, 0x10, 0x0, 0x1ff, 0x5, 0x8, 0x858, 0x7ff, 0x0, 0x2, 0x0, 0xffff}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x1)
sigaltstack(&(0x7f0000ffc000/0x2000)=nil, &(0x7f00000004c0))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/77, 0x4d}, {&(0x7f0000000080)=""/235, 0xeb}, {&(0x7f0000000180)=""/241, 0xf1}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/75, 0x4b}], 0x6)
r1 = syz_io_uring_setup(0x6133, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x54, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r2, 0xc020662a, &(0x7f0000000280)={0x3ff, 0x91, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000800)=[{&(0x7f0000000600)=""/14, 0xe}, {&(0x7f0000000640)=""/83, 0x53}, {&(0x7f0000000700)=""/231, 0xe7}], 0x3)
fork()

03:33:24 executing program 3:
sendmsg$sock(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@llc={0x1a, 0x307, 0x8, 0x64, 0x3, 0x20, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="20445a525d5ea02c8da2c2c4b4cf64dcada4338fc150dbbae070f1cac6901f92897858b5409483a612dffdecd8aab7f619eaac67d3123ff04e813d2154b5dd66d90a2139e00ffb59c47784f9700fbdba30690c224e4abb3aa7ec7802d7b74a38af8f0b9e9a24aaf727f582f0aaa29d6130d9648b142e65cfb97f43dae43772b1c48613239839a2bed699af300218595b1b4e0befef16d12e63dffa7703acde5b90340ae9f4daf065e55e94bfb281db", 0xaf}, {&(0x7f00000001c0)="85de0cf77c1f90d2ae9a3515c9c59bf505497324e31cc734123298272eb3e266cbebf9cceba344bf81794a18b24f6fa5827e3f865a8071d31b8b602acde4312c4a3d3cba0361c19e287e343a39b58c2e2624b7887dbb58c238fa0cefaeb060cce3b0e3937883ef339936cb24a3ce4bd2ce16a12bf056fff6d3f5b0f49c4b6dc9bee31960ee89eaa5da46535821fa60", 0x8f}], 0x2, &(0x7f0000000280)=[@mark={{0x14, 0x1, 0x24, 0x7fffffff}}, @timestamping={{0x14, 0x1, 0x25, 0x6d}}], 0x30}, 0x8000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, @perf_bp={0x0, 0xf}, 0x2430}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='.\x00', &(0x7f0000000440), 0x801, &(0x7f0000000480)={[{@huge_always}], [{@smackfsfloor={'smackfsfloor', 0x3d, '{#'}}]})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000014c0)={0x0, 0xfffffffffffffffc, 0x2})
stat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="610000007d010000004200bf920800000008000000000500000000000000000011410200000002000000060000000000002cef000f002f6465762f736e642f74696d6572000000000000000a006d61705f66696c657300", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0xee01], 0x61)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, 0x0)
copy_file_range(r0, &(0x7f00000000c0)=0x2703, r1, &(0x7f0000000100), 0x80000000, 0x0)
setuid(0xee01)
syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')

03:33:24 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 6)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  297.149955] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  297.153454] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  297.190765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:24 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2)

[  297.201321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:24 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@fat=@codepage={'codepage', 0x3d, '932'}}]})

[  297.269252] No source specified
[  297.270888] No source specified
[  297.281297] tmpfs: Unsupported parameter 'huge'
03:33:24 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r2, 0x1, 0x6, @multicast}, 0x10)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000001700)={r2, 0x1, 0x6, @multicast}, 0x10)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
io_submit(0x0, 0x0, &(0x7f0000000080))

03:33:24 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)

[  297.346782] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
03:33:24 executing program 3:
sendmsg$sock(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@llc={0x1a, 0x307, 0x8, 0x64, 0x3, 0x20, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="20445a525d5ea02c8da2c2c4b4cf64dcada4338fc150dbbae070f1cac6901f92897858b5409483a612dffdecd8aab7f619eaac67d3123ff04e813d2154b5dd66d90a2139e00ffb59c47784f9700fbdba30690c224e4abb3aa7ec7802d7b74a38af8f0b9e9a24aaf727f582f0aaa29d6130d9648b142e65cfb97f43dae43772b1c48613239839a2bed699af300218595b1b4e0befef16d12e63dffa7703acde5b90340ae9f4daf065e55e94bfb281db", 0xaf}, {&(0x7f00000001c0)="85de0cf77c1f90d2ae9a3515c9c59bf505497324e31cc734123298272eb3e266cbebf9cceba344bf81794a18b24f6fa5827e3f865a8071d31b8b602acde4312c4a3d3cba0361c19e287e343a39b58c2e2624b7887dbb58c238fa0cefaeb060cce3b0e3937883ef339936cb24a3ce4bd2ce16a12bf056fff6d3f5b0f49c4b6dc9bee31960ee89eaa5da46535821fa60", 0x8f}], 0x2, &(0x7f0000000280)=[@mark={{0x14, 0x1, 0x24, 0x7fffffff}}, @timestamping={{0x14, 0x1, 0x25, 0x6d}}], 0x30}, 0x8000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, @perf_bp={0x0, 0xf}, 0x2430}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000f40), 0x0)
r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='.\x00', &(0x7f0000000440), 0x801, &(0x7f0000000480)={[{@huge_always}], [{@smackfsfloor={'smackfsfloor', 0x3d, '{#'}}]})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000014c0)={0x0, 0xfffffffffffffffc, 0x2})
stat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="610000007d010000004200bf920800000008000000000500000000000000000011410200000002000000060000000000002cef000f002f6465762f736e642f74696d6572000000000000000a006d61705f66696c657300", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0xee01], 0x61)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, 0x0)
copy_file_range(r0, &(0x7f00000000c0)=0x2703, r1, &(0x7f0000000100), 0x80000000, 0x0)
setuid(0xee01)
syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')

[  297.381326] mac80211_hwsim hwsim15 wlan1: entered promiscuous mode
[  297.392483] mac80211_hwsim hwsim15 wlan1: left promiscuous mode
[  297.397526] mac80211_hwsim hwsim15 wlan1: entered promiscuous mode
[  297.399067] mac80211_hwsim hwsim15 wlan1: left promiscuous mode
[  297.401390] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:24 executing program 2:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x3c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0xc116}, @NL80211_ATTR_IE={0x18, 0x2a, [@link_id={0x65, 0x12, {@random="05d4142e3316", @device_b, @device_b}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
r2 = dup(0xffffffffffffffff)
r3 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r3, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

[  297.502845] tmpfs: Unsupported parameter 'huge'
[  297.627586] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  297.628233] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  297.628840] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  297.715658] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING)
[  299.653795] Bluetooth: hci4: command 0x0c1a tx timeout
[  299.654893] Bluetooth: hci0: command 0x0c1a tx timeout
[  300.113297] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  300.115751] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  300.118091] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  300.123844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  300.127404] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  301.524326] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.525457] I/O error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 2
[  301.527030] buffer_io_error: 30 callbacks suppressed
[  301.527046] Buffer I/O error on dev sr0, logical block 0, lost async page write
[  301.529339] Buffer I/O error on dev sr0, logical block 1, lost async page write
[  301.530720] Buffer I/O error on dev sr0, logical block 2, lost async page write
[  301.532102] Buffer I/O error on dev sr0, logical block 3, lost async page write
[  301.533465] Buffer I/O error on dev sr0, logical block 4, lost async page write
[  301.534866] Buffer I/O error on dev sr0, logical block 5, lost async page write
[  301.536250] Buffer I/O error on dev sr0, logical block 6, lost async page write
[  301.537645] Buffer I/O error on dev sr0, logical block 7, lost async page write
[  301.539448] Buffer I/O error on dev sr0, logical block 8, lost async page write
[  301.540799] Buffer I/O error on dev sr0, logical block 9, lost async page write
[  301.553207] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.554443] I/O error, dev sr0, sector 127 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 2
[  301.626178] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.627323] I/O error, dev sr0, sector 254 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 2
[  301.638215] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.639067] I/O error, dev sr0, sector 381 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 2
[  301.674088] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.674993] I/O error, dev sr0, sector 508 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 2
[  301.685023] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.685891] I/O error, dev sr0, sector 635 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 2
[  301.703112] Bluetooth: hci4: command 0x0c1a tx timeout
[  301.704624] Bluetooth: hci0: command 0x0c1a tx timeout
[  301.726299] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.727355] I/O error, dev sr0, sector 762 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 2
[  301.739126] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.740199] I/O error, dev sr0, sector 889 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 2
[  301.786349] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.787375] I/O error, dev sr0, sector 1016 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 2
[  301.798811] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.799795] I/O error, dev sr0, sector 1143 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 2
[  301.838972] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.849629] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.886629] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.896976] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.934705] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.945186] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  301.970344] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  301.971981] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] 
[  301.973310] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code
[  301.974692] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 01 fc 00 00 0c 00
[  302.149658] Bluetooth: hci2: command tx timeout
[  303.750656] Bluetooth: hci4: command 0x0c1a tx timeout
[  303.751499] Bluetooth: hci0: command 0x0c1a tx timeout
[  304.198749] Bluetooth: hci2: command tx timeout
[  306.245771] Bluetooth: hci2: command tx timeout
[  308.293658] Bluetooth: hci2: command tx timeout
[  317.059946] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  317.061089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  317.140297] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  317.141802] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  317.293139] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  317.298925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  317.405961] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  317.461955] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  317.800750] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  317.802917] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  317.842951] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  317.847720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:44 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 7)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:33:44 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x1c, 0x18, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x2, 0x0, 0x0, @str='wla\x021\x00'}]}, 0x1c}], 0x1}, 0x0)

03:33:44 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$DVD_READ_STRUCT(r0, 0x2284, &(0x7f0000000cc0)=@type=0x3)

03:33:44 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)

03:33:44 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x20000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x20008010)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="98003a4b", @ANYRES16=r1, @ANYBLOB="04002bbd7000fbdbdf250c00000008000300", @ANYRES32=r4, @ANYBLOB="0c009900b80000003c0000000800090005ac0f000400280030005080080007000100000011000100a9ecdd3d849a9c52d93b337c8600000008000700000000000800070001000000090007008e7f1539fa0000000a00060008021100000000000a000600080211000001000008003700010000000500080080000000"], 0x98}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:33:44 executing program 5:
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81208770}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

03:33:44 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0xfffffffffffffce0, r3, 0x5, 0x0, 0x4000, {{}, {@void, @void}}, [@mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x0, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE, @NL80211_MNTR_FLAG_FCSFAIL, @NL80211_MNTR_FLAG_PLCPFAIL, @NL80211_MNTR_FLAG_ACTIVE, @NL80211_MNTR_FLAG_PLCPFAIL, @NL80211_MNTR_FLAG_CONTROL, @NL80211_MNTR_FLAG_FCSFAIL, @NL80211_MNTR_FLAG_COOK_FRAMES, @NL80211_MNTR_FLAG_OTHER_BSS]}]]}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000040)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac=@broadcast}, 0x100000000, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @void, @void, @val={0x4, 0x6, {0x1, 0x4, 0x2, 0x3}}, @void, @void, @val={0x72, 0x6}, @void}, 0x3c)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:33:44 executing program 2:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x3c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0xc116}, @NL80211_ATTR_IE={0x18, 0x2a, [@link_id={0x65, 0x12, {@random="05d4142e3316", @device_b, @device_b}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
r2 = dup(0xffffffffffffffff)
r3 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r3, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

[  317.912849] FAULT_INJECTION: forcing a failure.
[  317.912849] name failslab, interval 1, probability 0, space 0, times 0
[  317.914554] CPU: 0 UID: 0 PID: 13049 Comm: syz-executor.1 Not tainted 6.18.0-rc1-next-20251016 #1 PREEMPT(voluntary) 
[  317.914589] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  317.914602] Call Trace:
[  317.914609]  <TASK>
[  317.914617]  dump_stack_lvl+0xfa/0x120
[  317.914656]  should_fail_ex+0x4d7/0x5e0
[  317.914689]  should_failslab+0xc2/0x120
[  317.914723]  __kmalloc_noprof+0xd6/0x770
[  317.914745]  ? __kasan_kmalloc+0x7f/0x90
[  317.914779]  ? trace_kmalloc+0x1f/0xb0
[  317.914810]  ? security_sk_alloc+0x101/0x160
[  317.914842]  ? security_sk_alloc+0x101/0x160
[  317.914866]  security_sk_alloc+0x101/0x160
[  317.914894]  sk_prot_alloc+0x20b/0x280
[  317.914919]  sk_alloc+0x34/0xbd0
[  317.914946]  ? __pfx_genl_release+0x10/0x10
[  317.914978]  __netlink_create+0x5d/0x280
[  317.915001]  ? __wake_up+0x3f/0x60
[  317.915031]  netlink_create+0x3ad/0x620
[  317.915057]  ? __pfx_genl_bind+0x10/0x10
[  317.915085]  ? __pfx_genl_unbind+0x10/0x10
[  317.915119]  __sock_create+0x369/0x810
[  317.915149]  __sys_socket+0x145/0x260
[  317.915172]  ? __pfx___sys_socket+0x10/0x10
[  317.915193]  ? ksys_write+0x1a3/0x240
[  317.915223]  ? __pfx_ksys_write+0x10/0x10
[  317.915261]  __x64_sys_socket+0x73/0xb0
[  317.915284]  do_syscall_64+0xbf/0x390
[  317.915319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.915341] RIP: 0033:0x7f700a616197
[  317.915358] Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  317.915379] RSP: 002b:00007f7007b890c8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  317.915400] RAX: ffffffffffffffda RBX: 00007f700a727f60 RCX: 00007f700a616197
[  317.915415] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  317.915427] RBP: 00007f7007b8a1d0 R08: 0000000000000000 R09: 0000000000000000
[  317.915440] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000001
[  317.915453] R13: 0000000000000036 R14: 0000000020000300 R15: 0000000000022000
[  317.915485]  </TASK>
[  317.973436] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  317.990694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.028416] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.051859] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:45 executing program 3:
rmdir(&(0x7f0000000000)='.\x00')

03:33:45 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$DVD_READ_STRUCT(r0, 0x2284, &(0x7f0000000cc0)=@type=0x3)

[  318.118024] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:45 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$DVD_READ_STRUCT(r0, 0x2284, &(0x7f0000000cc0)=@type=0x3)

[  318.180539] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.308450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.315608] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:45 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
r3 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = dup2(r3, r3)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0x38, r8, 0x1, 0x0, 0x0, {{0x39}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x5}]}]}]}, 0x38}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r1, 0x20, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000404}, 0xc814)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:33:45 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 8)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  318.461554] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.470465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.490289] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.493861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.496974] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.510034] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.536599] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:45 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\b', @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r2, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=ANY=[@ANYBLOB="b00c00000008021100000900800000000000028d5ba596a37d1100000010"], 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

[  318.588812] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.644216] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.698118] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.830365] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  318.834644] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  318.836381] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  318.838827] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  318.850423] Bluetooth: hci2: Opcode 0x0406 failed: -4
03:33:45 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 9)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  318.865196] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.877047] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.916107] FAULT_INJECTION: forcing a failure.
[  318.916107] name failslab, interval 1, probability 0, space 0, times 0
[  318.918069] CPU: 0 UID: 0 PID: 13089 Comm: syz-executor.1 Not tainted 6.18.0-rc1-next-20251016 #1 PREEMPT(voluntary) 
[  318.918099] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  318.918112] Call Trace:
[  318.918119]  <TASK>
[  318.918127]  dump_stack_lvl+0xfa/0x120
[  318.918167]  should_fail_ex+0x4d7/0x5e0
[  318.918199]  ? __d_alloc+0x31/0xa10
[  318.918229]  should_failslab+0xc2/0x120
[  318.918263]  kmem_cache_alloc_lru_noprof+0x84/0x6e0
[  318.918288]  ? perf_trace_lock+0xb5/0x5d0
[  318.918327]  ? __d_alloc+0x31/0xa10
[  318.918356]  __d_alloc+0x31/0xa10
[  318.918392]  d_alloc_pseudo+0x1d/0xc0
[  318.918415]  alloc_file_pseudo+0xbe/0x220
[  318.918441]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  318.918463]  ? _raw_spin_unlock+0x1e/0x40
[  318.918487]  ? alloc_fd+0x2c1/0x560
[  318.918521]  sock_alloc_file+0x53/0x220
[  318.918556]  __sys_socket+0x1ba/0x260
[  318.918586]  ? __pfx___sys_socket+0x10/0x10
[  318.918607]  ? ksys_write+0x1a3/0x240
[  318.918637]  ? __pfx_ksys_write+0x10/0x10
[  318.918674]  __x64_sys_socket+0x73/0xb0
[  318.918698]  do_syscall_64+0xbf/0x390
[  318.918732]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.918755] RIP: 0033:0x7f700a616197
[  318.918771] Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  318.918792] RSP: 002b:00007f7007b890c8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  318.918813] RAX: ffffffffffffffda RBX: 00007f700a727f60 RCX: 00007f700a616197
[  318.918828] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  318.918841] RBP: 00007f7007b8a1d0 R08: 0000000000000000 R09: 0000000000000000
[  318.918854] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000001
[  318.918866] R13: 0000000000000036 R14: 0000000020000300 R15: 0000000000022000
[  318.918898]  </TASK>
03:33:46 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="2400000024ca9bdc225d04240b82d7dceddd9951ccbe55b8629640161ee0e45e01f0c777c22510cc239d44e9999f9b476bc001bc283e08714b62fda493f134948aaf64535203c5cd178703339d21c89c47c4ad03005eb18ff2e006a48d2996f73fa7610bab5bc3912e2e150743103b841745bdd7dea4b02634c67e89d132e62421d50f46fc1b46aa48cb41dfb0e829e94dee0c2cc13910994d766eeb1de7be35a4a2d9a6ff170ff776f02f32ab2d8b0ad1b5de5fe57dd6f4b82293c30d2ae01bb0fd8911595c0fa5ecf6875a9ba04154980635f80926a73e4ebba96dc028350dc112d55dbcec60c657", @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000dd0000040000210000ff08000300", @ANYRES32=r2, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  318.981415] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  319.009293] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  319.019141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  319.030714] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  319.059863] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:46 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

[  319.165934] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  319.196173] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  319.202330] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  319.224729] wlan1: authenticated
[  319.227203] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[  319.309342] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  319.469955] wlan1: aborting association with 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING)
[  320.069792] Bluetooth: hci0: command 0x0c1a tx timeout
[  320.837817] Bluetooth: hci4: command 0x0c1a tx timeout
[  321.808774] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  321.812194] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  321.815028] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  321.821358] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  321.827322] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  323.845665] Bluetooth: hci2: command tx timeout
[  325.893725] Bluetooth: hci2: command tx timeout
[  327.941662] Bluetooth: hci2: command tx timeout
[  329.989971] Bluetooth: hci2: command tx timeout
[  338.343798] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  338.344976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.420355] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  338.421956] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.559645] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  338.588737] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  338.590096] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  338.616668] wlan1: authenticated
[  338.618745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  338.618754] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[  338.675017] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[  338.676811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  338.677038] wlan1: associated
[  338.985252] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  339.035849] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:06 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$DVD_READ_STRUCT(r0, 0x2284, &(0x7f0000000cc0)=@type=0x3)

03:34:06 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$DVD_READ_STRUCT(r0, 0x2284, &(0x7f0000000cc0)=@type=0x3)

03:34:06 executing program 2:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x3c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0xc116}, @NL80211_ATTR_IE={0x18, 0x2a, [@link_id={0x65, 0x12, {@random="05d4142e3316", @device_b, @device_b}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
r2 = dup(0xffffffffffffffff)
r3 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r3, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

03:34:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000008b40), 0x1, 0x0)
sendmsg$NL80211_CMD_GET_KEY(r3, &(0x7f0000008c80)={&(0x7f0000008b80)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000008c40)={&(0x7f0000008bc0)={0x5c, r1, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fbed7bff80"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY={0x24, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "19d60307ec062b479aad7dff4b"}]}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}]}, 0x5c}, 0x1, 0x0, 0x0, 0x14}, 0x20040000)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r2, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c0900006c3e"], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
syz_80211_inject_frame(&(0x7f0000000240)=@broadcast, &(0x7f0000000540)=@data_frame={@qos_ht={{{@type00={{0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x214}, @broadcast, @broadcast, @random="c7ccc297ee3c", {0xa, 0x2}}, {0x5, 0x0, 0x1, 0x0, 0x7}}, {@type10={{0x0, 0x2, 0xe}, {0x8}, @initial, @broadcast, @from_mac, {0x0, 0x41}}, {0x9, 0x1, 0x1, 0x1, 0x81}}}, @ver_80211n={0x0, 0x3cc3, 0x2, 0x3, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1}}, @random="1b065e6e9c30481248f45154ec84d04115805278022c4c8186a4f49ffa9f0b35baa223268ab178b5e6200272196c2e40b5dd57ee34f66aab9fd80d1cbde48789f491d8c7480abbaa4ff263bcb43e167ef9f9de1e071dc46a2d1e51d4f9cbe243306a01778b538257936de4f91f68c807e2356800d30018613d35e8dc6dffec0e9be4015e74eb27bd52452eb7f8b45e84a789b1f5d5"}, 0xcd)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)
clock_gettime(0x0, &(0x7f0000000280)={<r4=>0x0, <r5=>0x0})
nanosleep(&(0x7f0000000640)={r4, r5+10000000}, &(0x7f0000000680))

03:34:06 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)

03:34:06 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 10)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:06 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)

03:34:06 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_PBSS={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x10008001)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10800208}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x0, 0x8, 0x70bd26, 0x25dfdbfe, {{}, {}, {0x14, 0x19, {0x2, 0x4, 0x3, 0x14d800}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  339.113043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  339.116680] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  339.131090] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  339.135611] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:06 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$DVD_READ_STRUCT(r0, 0x2284, &(0x7f0000000cc0)=@type=0x3)

[  339.233740] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:06 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$DVD_READ_STRUCT(r0, 0x2284, &(0x7f0000000cc0)=@type=0x3)

[  339.302774] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  339.314931] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  339.378260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  339.464963] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  339.470089] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  340.346155] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  340.397828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:07 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 11)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:07 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)

03:34:07 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500000000000000000006000000080003002652e25eaadd237546c42d94cb8e2e4eb12d1aad819753e9b7a982d39de234ef82acf201c89fbd6dbbde57cf43c43c0eeef6fcf12b142b2c3b0e416f5cd7bfd30a77f497f01090d72460d2a65e61f9b9bf46c32477c3", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000000)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c12182453c189cc3931c042ed88cf49f83af1282cb828032a9114aee1d918fd2d4972c00d9091e9543d423fcbc7dc6524bffcb5a990adfff617965ec672482f5c9738089a30b44da292014f9c64"], 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000180)=ANY=[@ANYBLOB="100000000802110000010802110000000802110085afb30337e87f00002000010000000100010882848b960c121824"], 0x28)

03:34:07 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)

03:34:07 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)

03:34:07 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r3=>r0, @in_args={0x2}}, './file0\x00'})
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r0)
sendmsg$TIPC_NL_PEER_REMOVE(r3, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)={0x108, r4, 0x300, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_MEDIA={0x7c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:07 executing program 2:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x3c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0xc116}, @NL80211_ATTR_IE={0x18, 0x2a, [@link_id={0x65, 0x12, {@random="05d4142e3316", @device_b, @device_b}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
r2 = dup(0xffffffffffffffff)
r3 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r3, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

03:34:07 executing program 6:
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond})

[  340.576711] FAULT_INJECTION: forcing a failure.
[  340.576711] name failslab, interval 1, probability 0, space 0, times 0
[  340.578628] CPU: 0 UID: 0 PID: 13595 Comm: syz-executor.1 Not tainted 6.18.0-rc1-next-20251016 #1 PREEMPT(voluntary) 
[  340.578658] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  340.578670] Call Trace:
[  340.578677]  <TASK>
[  340.578685]  dump_stack_lvl+0xfa/0x120
[  340.578724]  should_fail_ex+0x4d7/0x5e0
[  340.578756]  ? alloc_empty_file+0x58/0x1e0
[  340.578778]  should_failslab+0xc2/0x120
[  340.578811]  kmem_cache_alloc_noprof+0x80/0x690
[  340.578837]  ? d_instantiate+0x79/0xa0
[  340.578878]  ? alloc_empty_file+0x58/0x1e0
[  340.578897]  alloc_empty_file+0x58/0x1e0
[  340.578921]  alloc_file_pseudo+0x12b/0x220
[  340.578946]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  340.578970]  ? alloc_fd+0x2c1/0x560
[  340.579003]  sock_alloc_file+0x53/0x220
[  340.579038]  __sys_socket+0x1ba/0x260
[  340.579061]  ? __pfx___sys_socket+0x10/0x10
[  340.579081]  ? ksys_write+0x1a3/0x240
[  340.579111]  ? __pfx_ksys_write+0x10/0x10
[  340.579148]  __x64_sys_socket+0x73/0xb0
[  340.579172]  do_syscall_64+0xbf/0x390
[  340.579207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.579229] RIP: 0033:0x7f700a616197
[  340.579246] Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  340.579266] RSP: 002b:00007f7007b890c8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  340.579287] RAX: ffffffffffffffda RBX: 00007f700a727f60 RCX: 00007f700a616197
[  340.579302] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  340.579314] RBP: 00007f7007b8a1d0 R08: 0000000000000000 R09: 0000000000000000
[  340.579327] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000002
[  340.579340] R13: 0000000000000036 R14: 0000000020000300 R15: 0000000000022000
[  340.579372]  </TASK>
[  340.593238] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  340.619359] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  340.637995] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  340.658421] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  340.674438] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:07 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x0, r1})

[  340.727547] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  340.784824] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:07 executing program 6:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = dup(r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r1)

03:34:07 executing program 6:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = dup(r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r1)

03:34:07 executing program 6:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = dup(r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r1)

03:34:08 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 12)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  341.054388] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:08 executing program 6:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = dup(r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r1)

[  341.058370] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  341.075430] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  341.082638] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  341.091780] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  341.119512] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  341.153526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:08 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="240000b7", @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="11fa2900dd0b616768696a6b00000010002d800a00000002020202020200000000000000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
socket$nl_generic(0x10, 0x3, 0x10)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:08 executing program 6:
newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='\x00', &(0x7f00000002c0), 0x1000)

[  341.298793] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'.
03:34:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

[  341.332527] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  341.345524] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:08 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/rpc\x00')
getdents(r0, &(0x7f0000000100)=""/98, 0x62)

[  341.458646] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:08 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)

03:34:08 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 13)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:08 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)

03:34:08 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)

03:34:08 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/rpc\x00')
getdents(r0, &(0x7f0000000100)=""/98, 0x62)

[  341.535670] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  341.597714] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  341.612140] FAULT_INJECTION: forcing a failure.
[  341.612140] name failslab, interval 1, probability 0, space 0, times 0
[  341.613426] CPU: 1 UID: 0 PID: 13640 Comm: syz-executor.1 Not tainted 6.18.0-rc1-next-20251016 #1 PREEMPT(voluntary) 
[  341.613448] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  341.613457] Call Trace:
[  341.613463]  <TASK>
[  341.613470]  dump_stack_lvl+0xfa/0x120
[  341.613500]  should_fail_ex+0x4d7/0x5e0
[  341.613525]  ? security_file_alloc+0x35/0x130
[  341.613548]  should_failslab+0xc2/0x120
[  341.613579]  kmem_cache_alloc_noprof+0x80/0x690
[  341.613599]  ? __create_object+0x59/0x80
[  341.613622]  ? security_file_alloc+0x35/0x130
[  341.613647]  security_file_alloc+0x35/0x130
[  341.613672]  init_file+0x95/0x4c0
[  341.613689]  alloc_empty_file+0x76/0x1e0
[  341.613707]  alloc_file_pseudo+0x12b/0x220
[  341.613726]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  341.613743]  ? alloc_fd+0x2c1/0x560
[  341.613769]  sock_alloc_file+0x53/0x220
[  341.613795]  __sys_socket+0x1ba/0x260
[  341.613812]  ? __pfx___sys_socket+0x10/0x10
[  341.613827]  ? ksys_write+0x1a3/0x240
[  341.613849]  ? __pfx_ksys_write+0x10/0x10
[  341.613877]  __x64_sys_socket+0x73/0xb0
[  341.613894]  do_syscall_64+0xbf/0x390
[  341.613920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.613937] RIP: 0033:0x7f700a616197
[  341.613950] Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  341.613965] RSP: 002b:00007f7007b890c8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  341.613981] RAX: ffffffffffffffda RBX: 00007f700a727f60 RCX: 00007f700a616197
[  341.613991] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  341.614001] RBP: 00007f7007b8a1d0 R08: 0000000000000000 R09: 0000000000000000
[  341.614010] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000002
[  341.614020] R13: 0000000000000036 R14: 0000000020000300 R15: 0000000000022000
[  341.614044]  </TASK>
03:34:08 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/rpc\x00')
getdents(r0, &(0x7f0000000100)=""/98, 0x62)

[  341.672443] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'.
[  341.673033] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'.
[  341.677122] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  341.681807] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:08 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xff07, 0x0)

03:34:08 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/rpc\x00')
getdents(r0, &(0x7f0000000100)=""/98, 0x62)

[  341.715381] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  341.917324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  341.966295] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  341.968151] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:09 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000100)={0x0, @l2={0x1f, 0x7, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0xffff, 0x1}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3b}}, @phonet={0x23, 0x3, 0x7f, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x401, &(0x7f0000000000)='xfrm0\x00', 0x0, 0x80000001, 0x4})
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:09 executing program 6:
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000008bc0)=[{{0x0, 0x0, &(0x7f0000001940)=[{&(0x7f0000001580)="77055b14e74247cc6e8778db4548c3dd1aa8296897", 0x15}], 0x1}}], 0x1, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x23, &(0x7f0000001580), 0x0)

03:34:09 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
write(r0, 0x0, 0x0)

03:34:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
r3 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = dup2(r3, r3)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x0)
sendmsg$NL80211_CMD_DEL_PMK(r4, &(0x7f00000005c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x64, r1, 0x20, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x24000000)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:34:09 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 14)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:09 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)

03:34:09 executing program 5:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$nbd(r0, &(0x7f0000000000)=ANY=[], 0xfdef)
ppoll(&(0x7f0000000100)=[{r0}], 0x1, &(0x7f0000000140), 0x0, 0x0)

03:34:09 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="aa981e579c4ac4e41f77ca19b61530", 0xf}, {&(0x7f00000010c0)="75def3b7062d929cf44e13bd5ebe8f310043b499bce72459c729e092323040b08a16697230a0152caf54f15090f4b46f5adabdce802fd1b1d9da752af1370c3684b61ff0f053d37fc0ab71efd413e3236815eb5ca8f43f7bb6061356e8955f6227dc65d71b24126235a7e792d24839550e7eaf755332fd39c35a29ccc941d26b32e133a5685312bd96bd6589cbe1715066d1e022526b833509a6bdb11527d97608e92f4f9ca87f56a0289ead3198dc58cd9b9434b14be764932bb9f426c3fd91d238b2f5bdf8c8abbfef326c57e5ea8b793d12bdd6fc4307a61cbcbf056dc4490b6ee5eec544da9d481a58b8a51b74d6bc85844581e4c4a6635ba756f5121363210b303f4f095af78d693a90f6ca7c878ca7018a72eb7bf08e68285a9f606a3b700ec9e5f759499997532e8eb61793ae7f4e6b48d0afb572d0e64c043b1a65c5200b820fb2f79e2d271d4cd124552ac3c4a638e50e5e989bb163525e4df83c20486cc09a2440f999166d07a3f6bf449e63d51b26045743f481e455c734840a87d76d79b17e5b1bfffd494d89a175013005c88541d452cd9e330af908738d16fe26812d9a0368b39cef72c80593e431f1188f7e57d0eabc2e7272191253bcf968cee443e0157b162cdd72550361984d268eb06f1daa328223d7ae6fc3fdc7905b48a8bd5ee0f3a1ba7d0b8489dda17a05693fb3aef6d592447595aea01be7155acc5f0fe88492499ba9761f10fae2f0535ef81c1a99123db6be20de981319cda3f63ef34df6aa73f45cdb6117854bb49e6291b766bd49352b4b707d2f4d4e61646450ce840ed3efd9dd156b9414e5b3831cbc5546f4d26f6947de327ddb745da0a1b85d3e12a0fb8deac520b01ddc2a3d63fd057d814899c0c2f60039d33670cfb4cc474cc61a83f3497335e5bce8f36462943bf9e04f0cf4d972743ec0adac86e624b97595a8d28d4aa4f9cd1c57b17f1312ddd58e42e469a303c9b09af34658ce7d67997be34cf1d65904eb5b8d1207e77d59971212b4da87063f1e4433047f08c155d870bcef18e03d373aa56e18f72d28cb0fc96329ab613abd99b0b71883ee988e5057752c336c1343e039f740e2f66193c1346cf6dcc6626b46d4f874c28c10edd91261befda6f18d367dfea447e009fcc94a39b11a11189b67844994bf0c487f7cab98e67e45a428224bc1241eeae8955069d37a5234846c60a62748d58f4cfba5504fc9fcd3816e294858fcea48a343d02a8e9189f61320c01187189b4b2ce3fdd7cae23014f185b65067e5f01e201517fb7b8d54d99677700021ad1370e5a4eef17f7d341126449994eb71712c1e0ac7d42e4384f09c0346c65877faebd4ac011587dcfbd6aaa6bf70df91a92deaa46cf0bfd7ced62b2138706515e975602ed8f32d11b224d490e094466309478e032a2b3d5a2222d946abc8bc6c3e785ac2cf787d00181e293f507ee2a931126cef5f3a13a49ea58626969d32600ec63a42a93c4a99d34f1c66cdde211f0273fc2e970b948496ab16b58afd0e59edf09d68ddbdecf42e2695a27909ff4efdfec0f776523edc5c14f444430a601cf17dfad01ae2b26e23c954956743977ba7cdac6794b88d06881cb11a824316fbf3293cf1397a9e83ed65582aa50cc5267b2c0393a0460df52ea09121d205b2cb4a41eda524ebeb556a69442a8c55b3a5cacfc62b99c060e9c41244a4200df28c13298a5d1d68cfbb2e49114d2023f196daf8f1522d4aae489ff2d6e47af6e1ae467674366b8674b221410b10dd2164ca777eb05a0f270022eb259813518e40cc4a2e010398d2fdcba4c71ca762027a3b7f51562f51125de6a31be8dada44c53b77ae7a066b4287057af7a9728224af3a488b20d254bbf12520da8e3baa00e2a027c4c9d49e53fbad65d3e3515af815058716bbad3140e6975569e32f533021823d968d114eec7e71496f57d47d3b4b42125311bb0586d98f3586359a6a5fb75a07b8ba8579f6768bac7aa9", 0x58a}], 0x2}}], 0x1, 0x0)

[  342.587419] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  342.588788] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  342.606946] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  342.608516] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:09 executing program 6:
modify_ldt$write2(0x11, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3}, 0x10)

[  342.643959] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:09 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlink(0x0)

03:34:09 executing program 2:
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
fadvise64(r0, 0x0, 0xc989a43, 0x4)

03:34:09 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

[  342.757928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:09 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="aa981e579c4ac4e41f77ca19b61530", 0xf}, {&(0x7f00000010c0)="75def3b7062d929cf44e13bd5ebe8f310043b499bce72459c729e092323040b08a16697230a0152caf54f15090f4b46f5adabdce802fd1b1d9da752af1370c3684b61ff0f053d37fc0ab71efd413e3236815eb5ca8f43f7bb6061356e8955f6227dc65d71b24126235a7e792d24839550e7eaf755332fd39c35a29ccc941d26b32e133a5685312bd96bd6589cbe1715066d1e022526b833509a6bdb11527d97608e92f4f9ca87f56a0289ead3198dc58cd9b9434b14be764932bb9f426c3fd91d238b2f5bdf8c8abbfef326c57e5ea8b793d12bdd6fc4307a61cbcbf056dc4490b6ee5eec544da9d481a58b8a51b74d6bc85844581e4c4a6635ba756f5121363210b303f4f095af78d693a90f6ca7c878ca7018a72eb7bf08e68285a9f606a3b700ec9e5f759499997532e8eb61793ae7f4e6b48d0afb572d0e64c043b1a65c5200b820fb2f79e2d271d4cd124552ac3c4a638e50e5e989bb163525e4df83c20486cc09a2440f999166d07a3f6bf449e63d51b26045743f481e455c734840a87d76d79b17e5b1bfffd494d89a175013005c88541d452cd9e330af908738d16fe26812d9a0368b39cef72c80593e431f1188f7e57d0eabc2e7272191253bcf968cee443e0157b162cdd72550361984d268eb06f1daa328223d7ae6fc3fdc7905b48a8bd5ee0f3a1ba7d0b8489dda17a05693fb3aef6d592447595aea01be7155acc5f0fe88492499ba9761f10fae2f0535ef81c1a99123db6be20de981319cda3f63ef34df6aa73f45cdb6117854bb49e6291b766bd49352b4b707d2f4d4e61646450ce840ed3efd9dd156b9414e5b3831cbc5546f4d26f6947de327ddb745da0a1b85d3e12a0fb8deac520b01ddc2a3d63fd057d814899c0c2f60039d33670cfb4cc474cc61a83f3497335e5bce8f36462943bf9e04f0cf4d972743ec0adac86e624b97595a8d28d4aa4f9cd1c57b17f1312ddd58e42e469a303c9b09af34658ce7d67997be34cf1d65904eb5b8d1207e77d59971212b4da87063f1e4433047f08c155d870bcef18e03d373aa56e18f72d28cb0fc96329ab613abd99b0b71883ee988e5057752c336c1343e039f740e2f66193c1346cf6dcc6626b46d4f874c28c10edd91261befda6f18d367dfea447e009fcc94a39b11a11189b67844994bf0c487f7cab98e67e45a428224bc1241eeae8955069d37a5234846c60a62748d58f4cfba5504fc9fcd3816e294858fcea48a343d02a8e9189f61320c01187189b4b2ce3fdd7cae23014f185b65067e5f01e201517fb7b8d54d99677700021ad1370e5a4eef17f7d341126449994eb71712c1e0ac7d42e4384f09c0346c65877faebd4ac011587dcfbd6aaa6bf70df91a92deaa46cf0bfd7ced62b2138706515e975602ed8f32d11b224d490e094466309478e032a2b3d5a2222d946abc8bc6c3e785ac2cf787d00181e293f507ee2a931126cef5f3a13a49ea58626969d32600ec63a42a93c4a99d34f1c66cdde211f0273fc2e970b948496ab16b58afd0e59edf09d68ddbdecf42e2695a27909ff4efdfec0f776523edc5c14f444430a601cf17dfad01ae2b26e23c954956743977ba7cdac6794b88d06881cb11a824316fbf3293cf1397a9e83ed65582aa50cc5267b2c0393a0460df52ea09121d205b2cb4a41eda524ebeb556a69442a8c55b3a5cacfc62b99c060e9c41244a4200df28c13298a5d1d68cfbb2e49114d2023f196daf8f1522d4aae489ff2d6e47af6e1ae467674366b8674b221410b10dd2164ca777eb05a0f270022eb259813518e40cc4a2e010398d2fdcba4c71ca762027a3b7f51562f51125de6a31be8dada44c53b77ae7a066b4287057af7a9728224af3a488b20d254bbf12520da8e3baa00e2a027c4c9d49e53fbad65d3e3515af815058716bbad3140e6975569e32f533021823d968d114eec7e71496f57d47d3b4b42125311bb0586d98f3586359a6a5fb75a07b8ba8579f6768bac7aa9", 0x58a}], 0x2}}], 0x1, 0x0)

03:34:09 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x34, r1, 0x5, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a8}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8}]]}, 0x34}}, 0x0)

03:34:09 executing program 2:
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="04227f09ffffffffffff80022571ac060001aaaaaaaaaa120440f3e2f6690008aaff0100001006fc3a43030008050000000000000309d597d20600130000000000002000acc74905005aaaaaaaaaaa100302b884888c0a03a6010000000000000405f76e7a0200ffaaaaaaaaaa127f67a58ea6ff0006000000000080000000000000"], 0x82)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x81, 0x0, 0x804}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x3, 0xc}, {0x401, 0x6a7, 0x4, 0xff, [0x1, 0x6]}}}}, 0x19)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="030000502bbbe9325c2f4825ed4e2e796d40f44ecf7770235540cb73eb566be076f0696fc8ae901899bb90f39e9190b003e9e4cbae11c89a05bab2b57521c5d80fdc4c248dbc73be336b0e1cb200"/87], 0x54)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES32], 0x19)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x14}, @l2cap_cid_signaling={{0x10}, [@l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0x8, 0xfe00}}, @l2cap_disconn_req={{0x6, 0x3, 0x4}, {0xfff8, 0x1}}]}}, 0x19)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b42038000"], 0xf)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x9})
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd6797e9c758f317a6737bec40f18abe884c05ed0745a531794b2f525f129dab8e37335760c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d30184a898d9adbeb3577cb0bed498c50e66007d7289b6ce000ec28b248930641c540532e2ab9e17d839d20c78e46ee790697cab862c6f0830309ff1ce8f37606e47e8eb2d83fd08809ae61930be0f57ef178e46aae459"], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  342.816633] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:09 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{}, {0x0, 0x989680}}, 0x0)

[  342.934392] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  343.125174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  343.175778] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:10 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 15)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r3, &(0x7f0000000140)=' ', 0x1, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r3, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r4, 0x0, &(0x7f0000000000), 0x0, 0x4)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000000)=@IORING_OP_NOP={0x0, 0x1}, 0x400)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:34:10 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, r1, 0x1, 0x0, 0x0, {0x3}}, 0x14}}, 0x0)

03:34:10 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r3, 0x2, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x9, 0x50}}}}, [@NL80211_ATTR_SMPS_MODE={0x5, 0xd5, 0x1}]}, 0x30}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0x38, r7, 0x1, 0x0, 0x0, {{0x39}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x5}]}]}]}, 0x38}}, 0x0)
sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x28, r1, 0x406, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004000}, 0x84)

03:34:10 executing program 2:
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="04227f09ffffffffffff80022571ac060001aaaaaaaaaa120440f3e2f6690008aaff0100001006fc3a43030008050000000000000309d597d20600130000000000002000acc74905005aaaaaaaaaaa100302b884888c0a03a6010000000000000405f76e7a0200ffaaaaaaaaaa127f67a58ea6ff0006000000000080000000000000"], 0x82)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x81, 0x0, 0x804}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x3, 0xc}, {0x401, 0x6a7, 0x4, 0xff, [0x1, 0x6]}}}}, 0x19)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="030000502bbbe9325c2f4825ed4e2e796d40f44ecf7770235540cb73eb566be076f0696fc8ae901899bb90f39e9190b003e9e4cbae11c89a05bab2b57521c5d80fdc4c248dbc73be336b0e1cb200"/87], 0x54)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES32], 0x19)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x14}, @l2cap_cid_signaling={{0x10}, [@l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0x8, 0xfe00}}, @l2cap_disconn_req={{0x6, 0x3, 0x4}, {0xfff8, 0x1}}]}}, 0x19)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b42038000"], 0xf)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x9})
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd6797e9c758f317a6737bec40f18abe884c05ed0745a531794b2f525f129dab8e37335760c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d30184a898d9adbeb3577cb0bed498c50e66007d7289b6ce000ec28b248930641c540532e2ab9e17d839d20c78e46ee790697cab862c6f0830309ff1ce8f37606e47e8eb2d83fd08809ae61930be0f57ef178e46aae459"], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

03:34:10 executing program 6:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)

03:34:10 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="aa981e579c4ac4e41f77ca19b61530", 0xf}, {&(0x7f00000010c0)="75def3b7062d929cf44e13bd5ebe8f310043b499bce72459c729e092323040b08a16697230a0152caf54f15090f4b46f5adabdce802fd1b1d9da752af1370c3684b61ff0f053d37fc0ab71efd413e3236815eb5ca8f43f7bb6061356e8955f6227dc65d71b24126235a7e792d24839550e7eaf755332fd39c35a29ccc941d26b32e133a5685312bd96bd6589cbe1715066d1e022526b833509a6bdb11527d97608e92f4f9ca87f56a0289ead3198dc58cd9b9434b14be764932bb9f426c3fd91d238b2f5bdf8c8abbfef326c57e5ea8b793d12bdd6fc4307a61cbcbf056dc4490b6ee5eec544da9d481a58b8a51b74d6bc85844581e4c4a6635ba756f5121363210b303f4f095af78d693a90f6ca7c878ca7018a72eb7bf08e68285a9f606a3b700ec9e5f759499997532e8eb61793ae7f4e6b48d0afb572d0e64c043b1a65c5200b820fb2f79e2d271d4cd124552ac3c4a638e50e5e989bb163525e4df83c20486cc09a2440f999166d07a3f6bf449e63d51b26045743f481e455c734840a87d76d79b17e5b1bfffd494d89a175013005c88541d452cd9e330af908738d16fe26812d9a0368b39cef72c80593e431f1188f7e57d0eabc2e7272191253bcf968cee443e0157b162cdd72550361984d268eb06f1daa328223d7ae6fc3fdc7905b48a8bd5ee0f3a1ba7d0b8489dda17a05693fb3aef6d592447595aea01be7155acc5f0fe88492499ba9761f10fae2f0535ef81c1a99123db6be20de981319cda3f63ef34df6aa73f45cdb6117854bb49e6291b766bd49352b4b707d2f4d4e61646450ce840ed3efd9dd156b9414e5b3831cbc5546f4d26f6947de327ddb745da0a1b85d3e12a0fb8deac520b01ddc2a3d63fd057d814899c0c2f60039d33670cfb4cc474cc61a83f3497335e5bce8f36462943bf9e04f0cf4d972743ec0adac86e624b97595a8d28d4aa4f9cd1c57b17f1312ddd58e42e469a303c9b09af34658ce7d67997be34cf1d65904eb5b8d1207e77d59971212b4da87063f1e4433047f08c155d870bcef18e03d373aa56e18f72d28cb0fc96329ab613abd99b0b71883ee988e5057752c336c1343e039f740e2f66193c1346cf6dcc6626b46d4f874c28c10edd91261befda6f18d367dfea447e009fcc94a39b11a11189b67844994bf0c487f7cab98e67e45a428224bc1241eeae8955069d37a5234846c60a62748d58f4cfba5504fc9fcd3816e294858fcea48a343d02a8e9189f61320c01187189b4b2ce3fdd7cae23014f185b65067e5f01e201517fb7b8d54d99677700021ad1370e5a4eef17f7d341126449994eb71712c1e0ac7d42e4384f09c0346c65877faebd4ac011587dcfbd6aaa6bf70df91a92deaa46cf0bfd7ced62b2138706515e975602ed8f32d11b224d490e094466309478e032a2b3d5a2222d946abc8bc6c3e785ac2cf787d00181e293f507ee2a931126cef5f3a13a49ea58626969d32600ec63a42a93c4a99d34f1c66cdde211f0273fc2e970b948496ab16b58afd0e59edf09d68ddbdecf42e2695a27909ff4efdfec0f776523edc5c14f444430a601cf17dfad01ae2b26e23c954956743977ba7cdac6794b88d06881cb11a824316fbf3293cf1397a9e83ed65582aa50cc5267b2c0393a0460df52ea09121d205b2cb4a41eda524ebeb556a69442a8c55b3a5cacfc62b99c060e9c41244a4200df28c13298a5d1d68cfbb2e49114d2023f196daf8f1522d4aae489ff2d6e47af6e1ae467674366b8674b221410b10dd2164ca777eb05a0f270022eb259813518e40cc4a2e010398d2fdcba4c71ca762027a3b7f51562f51125de6a31be8dada44c53b77ae7a066b4287057af7a9728224af3a488b20d254bbf12520da8e3baa00e2a027c4c9d49e53fbad65d3e3515af815058716bbad3140e6975569e32f533021823d968d114eec7e71496f57d47d3b4b42125311bb0586d98f3586359a6a5fb75a07b8ba8579f6768bac7aa9", 0x58a}], 0x2}}], 0x1, 0x0)

03:34:10 executing program 3:
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="04227f09ffffffffffff80022571ac060001aaaaaaaaaa120440f3e2f6690008aaff0100001006fc3a43030008050000000000000309d597d20600130000000000002000acc74905005aaaaaaaaaaa100302b884888c0a03a6010000000000000405f76e7a0200ffaaaaaaaaaa127f67a58ea6ff0006000000000080000000000000"], 0x82)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x81, 0x0, 0x804}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x3, 0xc}, {0x401, 0x6a7, 0x4, 0xff, [0x1, 0x6]}}}}, 0x19)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="030000502bbbe9325c2f4825ed4e2e796d40f44ecf7770235540cb73eb566be076f0696fc8ae901899bb90f39e9190b003e9e4cbae11c89a05bab2b57521c5d80fdc4c248dbc73be336b0e1cb200"/87], 0x54)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES32], 0x19)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x14}, @l2cap_cid_signaling={{0x10}, [@l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0x8, 0xfe00}}, @l2cap_disconn_req={{0x6, 0x3, 0x4}, {0xfff8, 0x1}}]}}, 0x19)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b42038000"], 0xf)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x9})
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd6797e9c758f317a6737bec40f18abe884c05ed0745a531794b2f525f129dab8e37335760c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d30184a898d9adbeb3577cb0bed498c50e66007d7289b6ce000ec28b248930641c540532e2ab9e17d839d20c78e46ee790697cab862c6f0830309ff1ce8f37606e47e8eb2d83fd08809ae61930be0f57ef178e46aae459"], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  343.562973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  343.572948] FAULT_INJECTION: forcing a failure.
[  343.572948] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  343.574549] CPU: 1 UID: 0 PID: 13712 Comm: syz-executor.1 Not tainted 6.18.0-rc1-next-20251016 #1 PREEMPT(voluntary) 
[  343.574577] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  343.574588] Call Trace:
[  343.574594]  <TASK>
[  343.574601]  dump_stack_lvl+0xfa/0x120
[  343.574632]  should_fail_ex+0x4d7/0x5e0
[  343.574658]  should_fail_alloc_page+0xe0/0x110
[  343.574687]  prepare_alloc_pages+0x1eb/0x550
[  343.574712]  ? __is_insn_slot_addr+0x2e/0x290
[  343.574733]  __alloc_frozen_pages_noprof+0x17f/0x1f20
[  343.574757]  ? __is_insn_slot_addr+0x140/0x290
[  343.574775]  ? kernel_text_address+0x5b/0xc0
[  343.574797]  ? __kernel_text_address+0xd/0x40
[  343.574819]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  343.574836]  ? arch_stack_walk+0x9c/0xf0
[  343.574870]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  343.574895]  ? policy_nodemask+0xeb/0x4e0
[  343.574918]  alloc_pages_mpol+0xed/0x340
[  343.574938]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  343.574959]  ? __pfx_perf_trace_lock+0x10/0x10
[  343.574981]  ? get_vma_policy+0x23b/0x350
[  343.575005]  vma_alloc_folio_noprof+0xe9/0x440
[  343.575027]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  343.575047]  ? find_held_lock+0x2b/0x80
[  343.575073]  ? __handle_mm_fault+0x7ed/0x3320
[  343.575092]  ? lock_release+0xc8/0x290
[  343.575115]  __handle_mm_fault+0x1497/0x3320
[  343.575133]  ? reacquire_held_locks+0xd1/0x200
[  343.575153]  ? lock_vma_under_rcu+0x117/0x530
[  343.575178]  ? __pfx___handle_mm_fault+0x10/0x10
[  343.575197]  ? lock_vma_under_rcu+0x174/0x530
[  343.575239]  handle_mm_fault+0x2c3/0x9b0
[  343.575257]  ? access_error+0x17d/0x380
[  343.575282]  do_user_addr_fault+0x501/0x12b0
[  343.575311]  exc_page_fault+0xb0/0x180
[  343.575337]  asm_exc_page_fault+0x26/0x30
[  343.575356] RIP: 0033:0x7f700a5c7879
[  343.575371] Code: b8 2c 00 00 00 0f 05 48 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 <89> 7c 24 08 89 4c 24 28 e8 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24
[  343.575387] RSP: 002b:00007f7007b88ff0 EFLAGS: 00010206
[  343.575401] RAX: 0000000000000001 RBX: 00007f7007b890f0 RCX: 0000000000000000
[  343.575412] RDX: 0000000000000028 RSI: 00007f7007b89140 RDI: 0000000000000005
[  343.575422] RBP: 0000000000000001 R08: 00007f7007b89044 R09: 000000000000000c
[  343.575432] R10: 0000000000000000 R11: 00007f700a66e72b R12: 00007f7007b89098
[  343.575442] R13: 00007f7007b89140 R14: 0000000000000005 R15: 0000000000000000
[  343.575467]  </TASK>
[  343.586170] Bluetooth: hci0: unexpected event for opcode 0x0804
[  343.586718] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  343.589283] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  343.589769] Bluetooth: hci0: SCO packet for unknown connection handle 0
[  343.593317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  343.622179] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:10 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_adjtime(0x0, &(0x7f0000000200)={0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})
clock_adjtime(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x6})
openat$cgroup_pressure(0xffffffffffffffff, 0x0, 0x2, 0x0)

03:34:10 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="aa981e579c4ac4e41f77ca19b61530", 0xf}, {&(0x7f00000010c0)="75def3b7062d929cf44e13bd5ebe8f310043b499bce72459c729e092323040b08a16697230a0152caf54f15090f4b46f5adabdce802fd1b1d9da752af1370c3684b61ff0f053d37fc0ab71efd413e3236815eb5ca8f43f7bb6061356e8955f6227dc65d71b24126235a7e792d24839550e7eaf755332fd39c35a29ccc941d26b32e133a5685312bd96bd6589cbe1715066d1e022526b833509a6bdb11527d97608e92f4f9ca87f56a0289ead3198dc58cd9b9434b14be764932bb9f426c3fd91d238b2f5bdf8c8abbfef326c57e5ea8b793d12bdd6fc4307a61cbcbf056dc4490b6ee5eec544da9d481a58b8a51b74d6bc85844581e4c4a6635ba756f5121363210b303f4f095af78d693a90f6ca7c878ca7018a72eb7bf08e68285a9f606a3b700ec9e5f759499997532e8eb61793ae7f4e6b48d0afb572d0e64c043b1a65c5200b820fb2f79e2d271d4cd124552ac3c4a638e50e5e989bb163525e4df83c20486cc09a2440f999166d07a3f6bf449e63d51b26045743f481e455c734840a87d76d79b17e5b1bfffd494d89a175013005c88541d452cd9e330af908738d16fe26812d9a0368b39cef72c80593e431f1188f7e57d0eabc2e7272191253bcf968cee443e0157b162cdd72550361984d268eb06f1daa328223d7ae6fc3fdc7905b48a8bd5ee0f3a1ba7d0b8489dda17a05693fb3aef6d592447595aea01be7155acc5f0fe88492499ba9761f10fae2f0535ef81c1a99123db6be20de981319cda3f63ef34df6aa73f45cdb6117854bb49e6291b766bd49352b4b707d2f4d4e61646450ce840ed3efd9dd156b9414e5b3831cbc5546f4d26f6947de327ddb745da0a1b85d3e12a0fb8deac520b01ddc2a3d63fd057d814899c0c2f60039d33670cfb4cc474cc61a83f3497335e5bce8f36462943bf9e04f0cf4d972743ec0adac86e624b97595a8d28d4aa4f9cd1c57b17f1312ddd58e42e469a303c9b09af34658ce7d67997be34cf1d65904eb5b8d1207e77d59971212b4da87063f1e4433047f08c155d870bcef18e03d373aa56e18f72d28cb0fc96329ab613abd99b0b71883ee988e5057752c336c1343e039f740e2f66193c1346cf6dcc6626b46d4f874c28c10edd91261befda6f18d367dfea447e009fcc94a39b11a11189b67844994bf0c487f7cab98e67e45a428224bc1241eeae8955069d37a5234846c60a62748d58f4cfba5504fc9fcd3816e294858fcea48a343d02a8e9189f61320c01187189b4b2ce3fdd7cae23014f185b65067e5f01e201517fb7b8d54d99677700021ad1370e5a4eef17f7d341126449994eb71712c1e0ac7d42e4384f09c0346c65877faebd4ac011587dcfbd6aaa6bf70df91a92deaa46cf0bfd7ced62b2138706515e975602ed8f32d11b224d490e094466309478e032a2b3d5a2222d946abc8bc6c3e785ac2cf787d00181e293f507ee2a931126cef5f3a13a49ea58626969d32600ec63a42a93c4a99d34f1c66cdde211f0273fc2e970b948496ab16b58afd0e59edf09d68ddbdecf42e2695a27909ff4efdfec0f776523edc5c14f444430a601cf17dfad01ae2b26e23c954956743977ba7cdac6794b88d06881cb11a824316fbf3293cf1397a9e83ed65582aa50cc5267b2c0393a0460df52ea09121d205b2cb4a41eda524ebeb556a69442a8c55b3a5cacfc62b99c060e9c41244a4200df28c13298a5d1d68cfbb2e49114d2023f196daf8f1522d4aae489ff2d6e47af6e1ae467674366b8674b221410b10dd2164ca777eb05a0f270022eb259813518e40cc4a2e010398d2fdcba4c71ca762027a3b7f51562f51125de6a31be8dada44c53b77ae7a066b4287057af7a9728224af3a488b20d254bbf12520da8e3baa00e2a027c4c9d49e53fbad65d3e3515af815058716bbad3140e6975569e32f533021823d968d114eec7e71496f57d47d3b4b42125311bb0586d98f3586359a6a5fb75a07b8ba8579f6768bac7aa9", 0x58a}], 0x2}}], 0x1, 0x0)

[  343.633695] Bluetooth: hci0: ACL packet for unknown connection handle 200
03:34:10 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
fchmod(r0, 0x0)

[  343.651712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  343.665164] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  343.666927] Bluetooth: hci0: SCO packet for unknown connection handle 201
[  343.672514] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  343.685313] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  343.702684] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:10 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETA(r1, 0x5406, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x82, 0x0, "cc64134bec075f95"})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xa)

03:34:10 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100))
msync(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0)

[  344.001392] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.039464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.052094] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.056404] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.100702] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:11 executing program 2:
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="04227f09ffffffffffff80022571ac060001aaaaaaaaaa120440f3e2f6690008aaff0100001006fc3a43030008050000000000000309d597d20600130000000000002000acc74905005aaaaaaaaaaa100302b884888c0a03a6010000000000000405f76e7a0200ffaaaaaaaaaa127f67a58ea6ff0006000000000080000000000000"], 0x82)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x81, 0x0, 0x804}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x3, 0xc}, {0x401, 0x6a7, 0x4, 0xff, [0x1, 0x6]}}}}, 0x19)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="030000502bbbe9325c2f4825ed4e2e796d40f44ecf7770235540cb73eb566be076f0696fc8ae901899bb90f39e9190b003e9e4cbae11c89a05bab2b57521c5d80fdc4c248dbc73be336b0e1cb200"/87], 0x54)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES32], 0x19)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x14}, @l2cap_cid_signaling={{0x10}, [@l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0x8, 0xfe00}}, @l2cap_disconn_req={{0x6, 0x3, 0x4}, {0xfff8, 0x1}}]}}, 0x19)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b42038000"], 0xf)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x9})
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd6797e9c758f317a6737bec40f18abe884c05ed0745a531794b2f525f129dab8e37335760c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d30184a898d9adbeb3577cb0bed498c50e66007d7289b6ce000ec28b248930641c540532e2ab9e17d839d20c78e46ee790697cab862c6f0830309ff1ce8f37606e47e8eb2d83fd08809ae61930be0f57ef178e46aae459"], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  344.152343] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:11 executing program 7:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000040)=0xffffffffffffffff)

03:34:11 executing program 6:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x50, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}})

03:34:11 executing program 3:
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="04227f09ffffffffffff80022571ac060001aaaaaaaaaa120440f3e2f6690008aaff0100001006fc3a43030008050000000000000309d597d20600130000000000002000acc74905005aaaaaaaaaaa100302b884888c0a03a6010000000000000405f76e7a0200ffaaaaaaaaaa127f67a58ea6ff0006000000000080000000000000"], 0x82)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x81, 0x0, 0x804}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x3, 0xc}, {0x401, 0x6a7, 0x4, 0xff, [0x1, 0x6]}}}}, 0x19)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="030000502bbbe9325c2f4825ed4e2e796d40f44ecf7770235540cb73eb566be076f0696fc8ae901899bb90f39e9190b003e9e4cbae11c89a05bab2b57521c5d80fdc4c248dbc73be336b0e1cb200"/87], 0x54)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES32], 0x19)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x14}, @l2cap_cid_signaling={{0x10}, [@l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0x8, 0xfe00}}, @l2cap_disconn_req={{0x6, 0x3, 0x4}, {0xfff8, 0x1}}]}}, 0x19)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b42038000"], 0xf)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x9})
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd6797e9c758f317a6737bec40f18abe884c05ed0745a531794b2f525f129dab8e37335760c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d30184a898d9adbeb3577cb0bed498c50e66007d7289b6ce000ec28b248930641c540532e2ab9e17d839d20c78e46ee790697cab862c6f0830309ff1ce8f37606e47e8eb2d83fd08809ae61930be0f57ef178e46aae459"], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

03:34:11 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 16)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:11 executing program 5:
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
acct(&(0x7f0000000040)='./file0\x00')
acct(0x0)

03:34:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000000, 0x10, 0xffffffffffffffff, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=ANY=[@ANYBLOB="1000001c870209000001080211000000087667485242a6d8b80080000182848b960c121824"], 0x28)

03:34:11 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/bdi', 0x8000, 0xc9)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r0)
sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2310f8}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0x68, r3, 0x300, 0x70bd25, 0x25dfdbfb, {{}, {}, {0x4c, 0x18, {0x5, @link='broadcast-link\x00'}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x10000001}, 0x40040)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  344.180389] Bluetooth: hci0: unexpected event for opcode 0x0804
[  344.181120] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  344.181468] Process accounting resumed
[  344.182071] Bluetooth: hci0: SCO packet for unknown connection handle 0
[  344.186932] FAULT_INJECTION: forcing a failure.
[  344.186932] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  344.188851] CPU: 0 UID: 0 PID: 13753 Comm: syz-executor.1 Not tainted 6.18.0-rc1-next-20251016 #1 PREEMPT(voluntary) 
[  344.188871] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  344.188881] Call Trace:
[  344.188886]  <TASK>
[  344.188892]  dump_stack_lvl+0xfa/0x120
[  344.188920]  should_fail_ex+0x4d7/0x5e0
[  344.188944]  _copy_from_user+0x30/0xd0
[  344.188966]  move_addr_to_kernel.part.0+0x40/0x120
[  344.188984]  __sys_sendto+0x1da/0x570
[  344.189004]  ? __pfx___sys_sendto+0x10/0x10
[  344.189030]  ? __pfx_perf_trace_lock+0x10/0x10
[  344.189049]  ? find_held_lock+0x2b/0x80
[  344.189072]  ? handle_mm_fault+0x590/0x9b0
[  344.189089]  ? lock_release+0xc8/0x290
[  344.189107]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  344.189124]  ? find_held_lock+0x2b/0x80
[  344.189147]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  344.189162]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  344.189178]  ? lock_release+0xc8/0x290
[  344.189194]  ? access_error+0x17d/0x380
[  344.189219]  __x64_sys_sendto+0xe1/0x1c0
[  344.189236]  ? do_syscall_64+0x85/0x390
[  344.189257]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  344.189275]  do_syscall_64+0xbf/0x390
[  344.189298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.189313] RIP: 0033:0x7f700a5c78ac
[  344.189325] Code: fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 20 fb ff ff 48 8b
[  344.189339] RSP: 002b:00007f7007b88ff0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  344.189354] RAX: ffffffffffffffda RBX: 00007f7007b890f0 RCX: 00007f700a5c78ac
[  344.189363] RDX: 0000000000000028 RSI: 00007f7007b89140 RDI: 0000000000000005
[  344.189372] RBP: 0000000000000000 R08: 00007f7007b89044 R09: 000000000000000c
[  344.189381] R10: 0000000000000000 R11: 0000000000000293 R12: 00007f7007b89098
[  344.189390] R13: 00007f7007b89140 R14: 0000000000000005 R15: 0000000000000000
[  344.189412]  </TASK>
[  344.195615] Process accounting resumed
[  344.195771] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  344.211024] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.212513] Bluetooth: hci0: ACL packet for unknown connection handle 201
03:34:11 executing program 7:
setgroups(0xfffffffffffffd7b, 0x0)

03:34:11 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:11 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x11, &(0x7f0000000040), 0x4)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

[  344.213280] Bluetooth: hci0: SCO packet for unknown connection handle 201
[  344.255626] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.267634] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.284446] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:11 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000200)={0x53, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

03:34:11 executing program 2:
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="04227f09ffffffffffff80022571ac060001aaaaaaaaaa120440f3e2f6690008aaff0100001006fc3a43030008050000000000000309d597d20600130000000000002000acc74905005aaaaaaaaaaa100302b884888c0a03a6010000000000000405f76e7a0200ffaaaaaaaaaa127f67a58ea6ff0006000000000080000000000000"], 0x82)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x81, 0x0, 0x804}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x3, 0xc}, {0x401, 0x6a7, 0x4, 0xff, [0x1, 0x6]}}}}, 0x19)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="030000502bbbe9325c2f4825ed4e2e796d40f44ecf7770235540cb73eb566be076f0696fc8ae901899bb90f39e9190b003e9e4cbae11c89a05bab2b57521c5d80fdc4c248dbc73be336b0e1cb200"/87], 0x54)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES32], 0x19)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x14}, @l2cap_cid_signaling={{0x10}, [@l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0x8, 0xfe00}}, @l2cap_disconn_req={{0x6, 0x3, 0x4}, {0xfff8, 0x1}}]}}, 0x19)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b42038000"], 0xf)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x9})
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd6797e9c758f317a6737bec40f18abe884c05ed0745a531794b2f525f129dab8e37335760c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d30184a898d9adbeb3577cb0bed498c50e66007d7289b6ce000ec28b248930641c540532e2ab9e17d839d20c78e46ee790697cab862c6f0830309ff1ce8f37606e47e8eb2d83fd08809ae61930be0f57ef178e46aae459"], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

03:34:11 executing program 7:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0xda6)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r1, &(0x7f0000000140)='x', 0x1)
splice(r0, 0x0, r2, 0x0, 0x1, 0x0)

[  344.344011] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.356845] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:11 executing program 7:
clock_adjtime(0x0, &(0x7f0000000000)={0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000})

03:34:11 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x11, &(0x7f0000000040), 0x4)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

03:34:11 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000200)={0x53, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

03:34:11 executing program 7:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSKBENT(r0, 0x4b2f, 0x0)

03:34:11 executing program 3:
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="04227f09ffffffffffff80022571ac060001aaaaaaaaaa120440f3e2f6690008aaff0100001006fc3a43030008050000000000000309d597d20600130000000000002000acc74905005aaaaaaaaaaa100302b884888c0a03a6010000000000000405f76e7a0200ffaaaaaaaaaa127f67a58ea6ff0006000000000080000000000000"], 0x82)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x81, 0x0, 0x804}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x3, 0xc}, {0x401, 0x6a7, 0x4, 0xff, [0x1, 0x6]}}}}, 0x19)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="030000502bbbe9325c2f4825ed4e2e796d40f44ecf7770235540cb73eb566be076f0696fc8ae901899bb90f39e9190b003e9e4cbae11c89a05bab2b57521c5d80fdc4c248dbc73be336b0e1cb200"/87], 0x54)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES32], 0x19)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x14}, @l2cap_cid_signaling={{0x10}, [@l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0x8, 0xfe00}}, @l2cap_disconn_req={{0x6, 0x3, 0x4}, {0xfff8, 0x1}}]}}, 0x19)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b42038000"], 0xf)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x9})
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd6797e9c758f317a6737bec40f18abe884c05ed0745a531794b2f525f129dab8e37335760c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d30184a898d9adbeb3577cb0bed498c50e66007d7289b6ce000ec28b248930641c540532e2ab9e17d839d20c78e46ee790697cab862c6f0830309ff1ce8f37606e47e8eb2d83fd08809ae61930be0f57ef178e46aae459"], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  344.516964] Bluetooth: hci0: unexpected event for opcode 0x0804
03:34:11 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8971, &(0x7f0000001e00)={'wlan1\x00'})

03:34:11 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x11, &(0x7f0000000040), 0x4)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

[  344.524264] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  344.525326] Bluetooth: hci0: SCO packet for unknown connection handle 0
[  344.529592] Bluetooth: hci0: ACL packet for unknown connection handle 200
03:34:11 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000200)={0x53, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  344.538727] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  344.540531] Bluetooth: hci0: SCO packet for unknown connection handle 201
[  344.578471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.598716] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.609526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.619487] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.636027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:11 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8971, &(0x7f0000001e00)={'wlan1\x00'})

03:34:11 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8971, &(0x7f0000001e00)={'wlan1\x00'})

03:34:11 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x0}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:11 executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6tnl0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000000)={0x11, 0x4, r2, 0x1, 0x0, 0x6, @dev}, 0x14)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000006c0)={'ip6_vti0\x00', &(0x7f0000000640)={'syztnl0\x00', <r3=>0x0, 0x4, 0x80, 0x5, 0x9, 0x8, @private2, @private0, 0x0, 0x20, 0xb7}})
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r6=>0x0})
bind$packet(r4, &(0x7f0000000000)={0x11, 0x4, r6, 0x1, 0x0, 0x6, @dev}, 0x14)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000800)={&(0x7f0000000700)={0xf4, 0x0, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0xf416152e23f93e8a}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='D!\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r9, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000040)=@mgmt_frame=@assoc_resp={@with_ht={{{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, {}, @device_a, @broadcast, @initial, {0x9, 0x5}}, @ver_80211n={0x0, 0x8, 0x2, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x2c)

03:34:11 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r2 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = dup2(r2, r2)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r3)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r4=>0x0})
r5 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r6 = dup2(r5, r5)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r6, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x2, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:11 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x11, &(0x7f0000000040), 0x4)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

03:34:11 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000200)={0x53, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  344.799694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.814201] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.901140] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.929719] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.937679] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.955330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.007890] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.127439] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.133521] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.268992] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.270972] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.327755] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.376364] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.428534] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:12 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8971, &(0x7f0000001e00)={'wlan1\x00'})

03:34:12 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "68cf96"})
pipe2(0x0, 0x0)

03:34:12 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)

03:34:12 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfdef)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

03:34:12 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x2}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:12 executing program 2:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x24, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}, @loopback, @rand_addr=' \x01\x00', 0x1, 0x5, 0x0, 0xc00, 0x6, 0x80280})

03:34:12 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="8000000008021100000108021100190008021100000000000000000000000000640001000006020202020202012882848b960c121824"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
r3 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = dup2(r3, r3)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r1, 0x400, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}]}, 0x24}, 0x1, 0x0, 0x0, 0x20044840}, 0x4800)

03:34:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @broadcast, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

[  345.488479] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.508044] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.522606] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.530987] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.537011] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:12 executing program 7:
openat$sr(0xffffffffffffff9c, &(0x7f00000009c0), 0x8801, 0x0)

03:34:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000540))
timer_getoverrun(0x0)

03:34:12 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)

[  345.587659] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:12 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfdef)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

03:34:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfdef)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

03:34:12 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfdef)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

[  345.647251] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.816940] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.853368] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.859112] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.955441] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.007165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.389991] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  346.390862] Bluetooth: hci0: Opcode 0x0401 failed: -4
03:34:13 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)

03:34:13 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfdef)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

03:34:13 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfdef)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

03:34:13 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x3}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:13 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfdef)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

03:34:13 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r1=>r0, {0x1, 0x4}}, './file0\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="340000007139adeee9a1a1ff65aaf7eb5aa376cc61df3ef3ec078ac808f677affe2e3cd306615dbd4f09dabbb2b9b2f78a054dde0dbd9aa8643cdb27b45a21a5ebe8cde2889614dab15daeb42ae534f71c2148f33a9eb662cbc52935d48694d06e584868a8218e739b0e6cae53dcc20724694655d9cda7da662225d4b03eec3b0c684a0571f373780a6b340109fcb1e841696dd1724efa38c4a2b59cb7b50b539cefec86f34f38ed48e6a12f62d1f5267c229074b8a5729e2e9cf8f0bd598641517fd1b48b2d96a3aef51984b1064a71c4cd67534f438f4c5e1f174f6547237174ffb14846c86cc56ac542a285e71bfe6c9f03db02456805f1535dafecbd60847206ba", @ANYRES16=r2, @ANYBLOB="050000000000fedbdf252100000008000300", @ANYRES32=r3, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000004002d80"], 0x34}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="800008021100000000000000000000e7ffff630001000006020202020202010882848b960c121824"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
syz_80211_inject_frame(&(0x7f0000000200)=@device_b, &(0x7f0000000280)=@ctrl_frame=@pspoll={{}, @random=0x6, @initial, @device_b}, 0x10)
ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f0000000000))
syz_80211_inject_frame(&(0x7f0000000100), &(0x7f0000000140)=@ctrl_frame=@cf_end_cf_ack={{}, {0x8}, @broadcast}, 0x10)

03:34:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000ac0)=@IORING_OP_WRITEV={0x2, 0x5, 0x4000, @fd_index=0x6, 0x7fffffff, &(0x7f0000000a00)=[{&(0x7f0000000000)="68e6cb40857ec60b047ac21bffc295120567019cc3edb3242ab9048944f9f28d96952e78d3b7410a6e2c93055287d6a5b5d440d0623eb6e4d82489ddf28893fe42caca21c274a3f62de01874732b46", 0x4f}, {&(0x7f0000000540)="3125d0151ba475b01df3e805ad2b9b610dc35cc470389e2906d69775e71e4ed363c6f78dce87a40f75130236a2587ec479c49114c62583fde5ced53e2763d2f73b42d1a9ec3d6638e9b5fb1f04531f46dc68bf5df4e8064ccb30f6c5002af785cd778f42536608aa816c0e00da429f16bf9d0bcc0325a89193e59095a3e689", 0x7f}, {&(0x7f00000005c0)="931ec9a7b950cf897ea39b81c27ea2b1e31b9d3a9f779a85c39277678d7dbfd5e28ebe0a1b13383d5fb3254baabdab3d46cda1c4a2b0e359bfa578f998f23f951a771bef3e2a4a7bf9bfad14fec43cd5886fa9b377313ce5f55b6c8e80c680b7c0f7b42733138e9c41aa8b2b101a382f90b470da7bf2b7fd0641187a44d32ede9ec80cb11cd08a3ac1b989a8f7d78c7bc39a3f0a21cfc61826ad3dfe7ed008d815348f7603f5d0a1cf33bd81656d17a9155067565433100d640187ed66db3d3961081068bb9b58b1f1d3e53e28ea098c5093f74661d15a76e63c3b3c85f85df4ffc39e8c0cfdaaa7eb78b7e90805248a7849948e8db4f4", 0xf7}, {&(0x7f00000006c0)="22a0938d74b98eb99255b875184a69557d28037a80491a71cdc14de1605f7649fba4967283c2890f611a627e3166cc9cae2ac3a4aee4094b02064bd0536d7a92b9ca0f14968fc2b529c8140040684777eae617201b79e15c48d91a938bfbb5c6cfa242e24c36d0cc8b9927e2877e67dd1d63f91df4274899e6f697ab57f7dc2042d895eda50d5f19a73b4fa5e89477749080610f14b45d65d3102cdfec8afc57cb8f0ff973506976be6ac326590a12183ad394ad48dc90563ffea397fa2229a6", 0xc0}, {&(0x7f0000000780)="a53e79e7cb35407bde100396f700c9b731fcffae04fe3e48d410ccdd377baabd590fd9a26c376cf67ec4437b9467d79e92bcb9b86ffc3db612d3411cd29706bd6ccc1b1847d1389e03c8f6f3cf19a0640d5105ce55df", 0x56}, {&(0x7f0000000800)="44ed8890b850203fbd52f306af34fa36975b7e7b9d1bea72da42207df867672eae282cccc6a5af901b3e275db20ab1cd3c616e54d459e0ceb1a25cc6dad159a8e6d1feea5d743fc118af98ab04012aea1c099e50489121e49330526e062b11c1684a11df44aae0b9f3d7b507a30109cfe9b7aa026ced96412aebda01dd49ec33fea83af06e2972a1a42f2b7854123b775ae54aaa6bca544bcffcc0122a36", 0x9e}, {&(0x7f00000008c0)="4f667fa7ba9a146409d3457d", 0xc}, {&(0x7f0000000900)="343cccb4d1e98c8ed5cf2d58a6b03233db1744ae72459de5109bc8bab61b0ed30fd18567df73824ad5d274e177593cbd97", 0x31}, {&(0x7f0000000940)="92e6a7a66bd2ee48e6003286b4a374d954fc73d415e16c7f9e256cae102cf87abc7f7ca247b30edfbd9ab1ac5035c16ecee03b29cc0ee5ea4c100555ad7d98b9b723144866d906bf0a056512d599a1e3b6cfabd41b9488bbec3fbea589692290f568e654883f5bee1c934671f24f277c1361efbf0b3220656d52e38a4993539af5de03a4a71c40b48969a9432834e7c009074e8f9dfd22b70defd25c3d634964cc7b012cd0eda003c9f24a2d9b451f25d6864a8e1a868c7352", 0xb9}], 0x9, 0xc, 0x0, {0x1}}, 0x798b)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000b00), 0x200100)
ioctl$AUTOFS_IOC_PROTOVER(r3, 0x80049363, &(0x7f0000000b40))
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x402}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:34:13 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "68cf96"})
pipe2(0x0, 0x0)

[  346.454106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.464920] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.482647] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.496120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:13 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfdef)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

[  346.506346] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.511640] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.520867] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:13 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)

03:34:13 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfdef)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

03:34:13 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfdef)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

[  346.572050] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.632721] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:13 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_int(r0, 0x1, 0x2b, 0x0, &(0x7f0000000280))

[  346.773445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.829814] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.832397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.834797] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.948383] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.954368] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.970352] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  347.306067] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  347.525645] Bluetooth: hci0: command 0x0c1a tx timeout
[  347.590312] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  347.591090] Bluetooth: hci0: Injecting HCI hardware error event
[  347.591882] Bluetooth: hci0: hardware error 0x00
[  349.394208] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  349.400022] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  349.402009] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  349.408491] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  349.412105] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  349.638097] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  351.429691] Bluetooth: hci5: command tx timeout
[  353.477753] Bluetooth: hci5: command tx timeout
[  355.525666] Bluetooth: hci5: command tx timeout
[  357.573872] Bluetooth: hci5: command tx timeout
[  366.068062] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  366.069180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  366.123934] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  366.125012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  366.226206] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  366.234166] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  366.238144] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  366.242708] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  366.551056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  366.555438] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  366.560727] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:33 executing program 3:
clock_settime(0x0, &(0x7f00000045c0)={0x77359400})

03:34:33 executing program 5:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x11, 0x0, 0x0)

03:34:33 executing program 7:
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r0, 0x541b, 0x0)

03:34:33 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000000))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:33 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "68cf96"})
pipe2(0x0, 0x0)

03:34:33 executing program 2:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040))
epoll_wait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0)

03:34:33 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x4}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:33 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = dup2(r2, r2)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r5, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x10}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x64, r5, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_MESH_CONFIG={0x3c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x8}, @NL80211_MESHCONF_PATH_REFRESH_TIME={0x8, 0x9, 0x4}, @NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0x20}, @NL80211_MESHCONF_HOLDING_TIMEOUT={0x6, 0x3, 0x4a}, @NL80211_MESHCONF_PATH_REFRESH_TIME={0x8, 0x9, 0x7}, @NL80211_MESHCONF_HWMP_RANN_INTERVAL={0x6, 0x10, 0xbd6c}, @NL80211_MESHCONF_FORWARDING={0x5, 0x13, 0x1}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000800}, 0x20049041)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
clock_gettime(0x0, &(0x7f0000000540))
r7 = socket$inet(0x2, 0x6, 0x499)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r7, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000500)=0x14)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000000)=@mgmt_frame=@assoc_resp={@with_ht={{{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x2}, @device_b, @device_b, @initial, {0x1}}, @ver_80211n={0x0, 0x20, 0x3, 0x3, 0x0, 0x2, 0x1}}, 0x1, 0x0, @random=0x4, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x2c)

[  366.690550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  366.707958] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  366.709282] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  366.727525] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:20 executing program 5:
migrate_pages(0x0, 0x800, &(0x7f00000002c0)=0x8000000000000, &(0x7f0000002b80)=0x1)

03:33:20 executing program 3:
clock_settime(0x0, &(0x7f00000045c0)={0x77359400})

03:33:20 executing program 7:
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r0, 0x541b, 0x0)

[  366.759387] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
03:33:20 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)={0x20, r1, 0x1, 0x0, 0x0, {0x1d}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0)

[  366.786162] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:20 executing program 7:
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r0, 0x541b, 0x0)

[  366.846167] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  366.868524] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:20 executing program 2:
setrlimit(0x9, &(0x7f0000000100))
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
io_setup(0x200, &(0x7f00000000c0))

03:33:20 executing program 3:
clock_settime(0x0, &(0x7f00000045c0)={0x77359400})

03:33:20 executing program 5:
migrate_pages(0x0, 0x800, &(0x7f00000002c0)=0x8000000000000, &(0x7f0000002b80)=0x1)

03:33:20 executing program 7:
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r0, 0x541b, 0x0)

[  367.040844] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  367.065189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  367.083726] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  367.122198] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  367.187480] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  367.199136] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  367.206202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  367.214630] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  367.479804] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  369.997245] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  369.999459] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  370.004109] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  370.008651] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  370.012341] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  372.037740] Bluetooth: hci3: command tx timeout
[  374.085705] Bluetooth: hci3: command tx timeout
[  376.133690] Bluetooth: hci3: command tx timeout
[  378.182118] Bluetooth: hci3: command tx timeout
[  387.479205] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  387.480652] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  387.555166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  387.556246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  387.677502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  387.694936] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  388.003763] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  388.009117] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  390.417007] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  390.420098] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  390.422149] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  390.428263] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  390.433789] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  392.453756] Bluetooth: hci3: command tx timeout
[  394.501702] Bluetooth: hci3: command tx timeout
[  396.549871] Bluetooth: hci3: command tx timeout
[  398.597670] Bluetooth: hci3: command tx timeout
[  407.597940] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  407.599232] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  407.672744] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  407.673861] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  407.797699] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  407.812267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  408.120660] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:01 executing program 5:
migrate_pages(0x0, 0x800, &(0x7f00000002c0)=0x8000000000000, &(0x7f0000002b80)=0x1)

03:34:01 executing program 3:
clock_settime(0x0, &(0x7f00000045c0)={0x77359400})

03:34:01 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x10}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:01 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000005c0)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c121824e99619c58e3f7db138e17846209e23cfd16ef89c330ba7f13d2b94b8d4949d978d4bf76b830fdda3d18132b1a14078fd99078c071269d248f25013df736b6fcea6b67728de82bfe77121cef9d597ce7882cce40a093150c84ba7326af551bea697e41b00ecf32d0e7257"], 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
r3 = memfd_secret(0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r3, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1200}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)={0x1c, 0x0, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x6a}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:34:01 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "68cf96"})
pipe2(0x0, 0x0)

03:34:01 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
clock_getres(0x0, 0x0)

03:34:01 executing program 2:
setrlimit(0x9, &(0x7f0000000100))
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
io_setup(0x200, &(0x7f00000000c0))

03:34:01 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0x38, r7, 0x1, 0x0, 0x0, {{0x39}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x5}]}]}]}, 0x38}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0xd4, r3, 0x400, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x9}}}}, [@NL80211_ATTR_DISABLE_HT={0x4}, @NL80211_ATTR_KEYS={0x74, 0x51, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_MODE={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0x4}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}, {0x54, 0x0, 0x0, 0x1, [@NL80211_KEY_SEQ={0x13, 0x4, "a16f0aba241917ca2147e4007c28b4"}, @NL80211_KEY_SEQ={0x10, 0x4, "8af8f73beb4db5cf71357b16"}, @NL80211_KEY_SEQ={0x10, 0x4, "40b29c1bddc19893b7e0d87b"}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "d3faea22f691cfa505f5ec0a77"}, @NL80211_KEY_TYPE={0x8, 0x7, 0x2}]}]}, @NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0x10000000, {0xd7, 0x401, 0x3, 0x6}}}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x2}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x1f}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7ff}], @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0xd4}, 0x1, 0x0, 0x0, 0x48800}, 0x24000005)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  408.253870] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  408.301403] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  408.303492] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  408.320147] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  408.325427] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:20 executing program 3:
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8}]}, @ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x2c}}, 0x0)

03:33:20 executing program 5:
migrate_pages(0x0, 0x800, &(0x7f00000002c0)=0x8000000000000, &(0x7f0000002b80)=0x1)

03:33:20 executing program 2:
setrlimit(0x9, &(0x7f0000000100))
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
io_setup(0x200, &(0x7f00000000c0))

[  408.333689] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:20 executing program 7:
r0 = perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280), 0x8}, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x1204}], 0x1, 0x4)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000200)=0x1, &(0x7f0000000240)=0x4)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
fchdir(0xffffffffffffffff)
r3 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
pwritev2(r3, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
dup(r2)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0))
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x40002, 0x0)
sync_file_range(r1, 0xffffffffffffffc0, 0x2, 0x8)

[  408.400437] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:20 executing program 2:
setrlimit(0x9, &(0x7f0000000100))
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
io_setup(0x200, &(0x7f00000000c0))

03:33:20 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180), 0x0, 0x0)
ioctl$IOC_PR_RESERVE(r0, 0x401070c9, 0x0)

[  408.650845] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:20 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180), 0x0, 0x0)
ioctl$IOC_PR_RESERVE(r0, 0x401070c9, 0x0)

03:33:20 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

[  408.739545] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  408.777988] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  408.779639] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  408.812561] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  408.827224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  409.054232] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  411.598136] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  411.601234] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  411.603204] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  411.608773] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  411.612319] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  413.637785] Bluetooth: hci3: command tx timeout
[  415.686190] Bluetooth: hci3: command tx timeout
[  417.733742] Bluetooth: hci3: command tx timeout
[  419.782253] Bluetooth: hci3: command tx timeout
[  428.871139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  428.872209] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  428.914113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  428.915201] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  429.025919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.042286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.352329] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.356806] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:41 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180), 0x0, 0x0)
ioctl$IOC_PR_RESERVE(r0, 0x401070c9, 0x0)

03:33:41 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x8000, 0x0, 0x3, 0x0)

03:33:41 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CHANNEL(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000001500)={0x1c, r2, 0xd, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0)

03:33:41 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000640)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0xa4, 0x0, 0x400, 0x70bd2d, 0x6, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x800, 0x55}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_BSS_BASIC_RATES={0x1f, 0x24, [{0x9, 0x1}, {0x7}, {0x18, 0x1}, {0xb}, {0x4, 0x1}, {0xb}, {0x16}, {0x18}, {0x6, 0x1}, {0x30, 0x1}, {0xb, 0x1}, {}, {0x9}, {0x18, 0x1}, {0xb}, {0x12}, {0x36, 0x1}, {0x18, 0x1}, {0x18, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0xb}, {0x6, 0x1}, {0x48, 0x1}, {0x18, 0x1}, {0x48}, {0x18}]}, @NL80211_ATTR_MESH_SETUP={0x18, 0x70, [@NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}, @NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC={0x5}, @NL80211_MESH_SETUP_AUTH_PROTOCOL={0x5, 0x8, 0x3f}]}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x99e}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0xfa7458ea1fab5db8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2bc}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x34}]]}, 0xa4}, 0x1, 0x0, 0x0, 0x90}, 0x4000040)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x4c, r2, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x10, 0x2, 0x1, 0x0, {0x8, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1}, 0x6, 0x2c3, 0x38}}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_WANT_1X_4WAY_HS={0x4}]}, 0x4c}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="5018000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b96165e1824"], 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=ANY=[@ANYBLOB="b0000800000000000000081a110000000802110000001000000002000000"], 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:33:41 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, r3, 0x200, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x2, 0x67}}}}, [@NL80211_ATTR_IE={0x16, 0x2a, [@mic={0x8c, 0x10, {0xc3e, "1aabdd53e623", @short="d74ca22fa8c5bbe1"}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10000}, 0x40000)
syz_80211_inject_frame(&(0x7f00000002c0), &(0x7f0000000380)=@mgmt_frame=@disassoc={@with_ht={{{0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x4}, @broadcast, @broadcast, @random="72f86b13943c", {0x3}}, @ver_80211n={0x0, 0x7800, 0x1, 0x0, 0x0, 0x1}}, 0x23, @void}, 0x1e)
syz_80211_inject_frame(&(0x7f00000003c0), &(0x7f0000000400)=@ctrl_frame=@ack, 0xa)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000280)=@mgmt_frame=@disassoc={@with_ht={{{0x0, 0x0, 0xa, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x1}, @device_b, @broadcast, @initial, {0x0, 0x7}}, @ver_80211n={0x0, 0x80, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1}}, 0x35, @val={0x8c, 0x18, {0xd69, "c8c6491e6034", @long="9f352833dfe66408af90cc1aad68bc39"}}}, 0x38)

03:33:41 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x0)

03:33:41 executing program 7:
r0 = perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280), 0x8}, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x1204}], 0x1, 0x4)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000200)=0x1, &(0x7f0000000240)=0x4)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
fchdir(0xffffffffffffffff)
r3 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
pwritev2(r3, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
dup(r2)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0))
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x40002, 0x0)
sync_file_range(r1, 0xffffffffffffffc0, 0x2, 0x8)

03:33:41 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x50}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  429.462691] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.508204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.521817] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.535290] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.542903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:41 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180), 0x0, 0x0)
ioctl$IOC_PR_RESERVE(r0, 0x401070c9, 0x0)

[  429.557248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:41 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CHANNEL(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000001500)={0x1c, r2, 0xd, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0)

03:33:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CHANNEL(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000001500)={0x1c, r2, 0xd, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0)

[  429.579502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.591338] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.606225] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:33:41 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x0)

03:33:41 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CHANNEL(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000001500)={0x1c, r2, 0xd, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0)

03:33:41 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x0)

03:33:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CHANNEL(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000001500)={0x1c, r2, 0xd, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0)

03:33:41 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x0)

03:33:41 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CHANNEL(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000001500)={0x1c, r2, 0xd, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0)

03:33:41 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x0)

[  429.880106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.943282] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.951730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.986204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  430.052707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  432.593449] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  432.596543] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  432.600951] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  432.605639] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  432.609764] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  434.629760] Bluetooth: hci5: command tx timeout
[  436.677742] Bluetooth: hci5: command tx timeout
[  438.725652] Bluetooth: hci5: command tx timeout
[  440.774336] Bluetooth: hci5: command tx timeout
[  445.893739] Bluetooth: hci2: command 0x0406 tx timeout
[  449.272681] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  449.273815] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  449.344157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  449.345662] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  449.448896] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  449.460466] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  449.463498] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  449.467432] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  449.774166] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  449.780367] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:01 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CHANNEL(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000001500)={0x1c, r2, 0xd, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0)

03:34:01 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x0)

03:34:01 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x0)

03:34:01 executing program 2:
r0 = perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280), 0x8}, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x1204}], 0x1, 0x4)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000200)=0x1, &(0x7f0000000240)=0x4)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
fchdir(0xffffffffffffffff)
r3 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
pwritev2(r3, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
dup(r2)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0))
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x40002, 0x0)
sync_file_range(r1, 0xffffffffffffffc0, 0x2, 0x8)

03:34:01 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
r3 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = dup2(r3, r3)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r4, &(0x7f0000000740)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x1cc, 0x0, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8}, {0x6, 0x11, 0x2}, {0x8, 0x13, 0x7}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0x6, 0x11, 0xfff}, {0x8, 0x13, 0x7ff}, {0x5, 0x14, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0xd86b}, {0x8, 0x13, 0x5}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0x6, 0x11, 0x7f}, {0x8, 0x13, 0x20}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0x46}, {0x8, 0x13, 0x7f}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1000}, {0x6, 0x11, 0x1}, {0x8, 0x13, 0x3ff}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x8001}, {0x8, 0x13, 0x9941}, {0x5, 0x14, 0x1}}]}, 0x1cc}}, 0x20000800)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
perf_event_open(&(0x7f0000000800)={0x6, 0x80, 0x81, 0x0, 0x7, 0x8, 0x0, 0x2, 0x200, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xfffffffa, 0x1, @perf_config_ext={0xca1a, 0x9}, 0x0, 0xffffffff, 0x0, 0x9, 0x100000000, 0x7fff, 0xfffd, 0x0, 0x401, 0x0, 0x3}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)
r5 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r6 = dup2(r5, r5)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r6, 0x0)
perf_event_open(&(0x7f0000000780)={0x1, 0x80, 0x80, 0x8, 0x6, 0x40, 0x0, 0xcec2, 0x10200, 0xb, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x4, @perf_config_ext={0x20}, 0x10, 0x3ff, 0x6, 0x2, 0x6, 0x7, 0x6a6e, 0x0, 0x5, 0x0, 0x2}, 0xffffffffffffffff, 0x0, r6, 0x0)

03:34:01 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000002c0)=<r2=>0x0)
r3 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = dup2(r3, r3)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x5c, r1, 0xc12, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x65}, @val={0x8}, @void}}, [@NL80211_ATTR_PID={0x8, 0x52, r2}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x7c}, @NL80211_ATTR_PID={0x8, 0x52, 0xffffffffffffffff}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x7f}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r4}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20008002}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r6, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x22}, @void, @val={0xc, 0x99, {0xffff0001, 0x4a}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x20000884)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:01 executing program 7:
r0 = perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280), 0x8}, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x1204}], 0x1, 0x4)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000200)=0x1, &(0x7f0000000240)=0x4)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
fchdir(0xffffffffffffffff)
r3 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
pwritev2(r3, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
dup(r2)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0))
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x40002, 0x0)
sync_file_range(r1, 0xffffffffffffffc0, 0x2, 0x8)

03:34:01 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x58}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  449.887689] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  449.907333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  449.930440] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  449.965006] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  449.999480] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:01 executing program 6:
r0 = gettid()
setpgid(0x0, r0)

03:34:01 executing program 5:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='cgroup2\x00', 0x0, 0x0)

03:34:01 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x453, 0x0, 0x0, 0x0, "de"}, 0x14}}, 0x0)

03:34:01 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
rt_sigtimedwait(&(0x7f0000000780), 0x0, &(0x7f00000007c0)={0x0, 0x989680}, 0x8)

[  450.253441] audit: type=1107 audit(2000000042.023:26): pid=16378 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 msg='Þ'
[  450.266617] audit: type=1107 audit(2000000042.036:27): pid=16378 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 msg='Þ'
[  450.307754] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:02 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000780)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @void, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {}]}, @void, @void, @void, @void, @val={0x72, 0x6}, @void}, 0x36)

03:34:02 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
sendfile(r0, r1, 0x0, 0xfdef)

[  450.339403] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  450.399204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:02 executing program 6:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='reno\x00', 0x5)

[  450.563900] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  450.565837] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:02 executing program 6:
r0 = getpid()
kcmp$KCMP_EPOLL_TFD(r0, r0, 0x5, 0xffffffffffffffff, 0x0)

[  450.765911] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:02 executing program 6:
r0 = getpid()
kcmp$KCMP_EPOLL_TFD(r0, r0, 0x5, 0xffffffffffffffff, 0x0)

[  450.823670] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:02 executing program 6:
r0 = getpid()
kcmp$KCMP_EPOLL_TFD(r0, r0, 0x5, 0xffffffffffffffff, 0x0)

[  453.456379] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  453.459103] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  453.460954] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  453.464407] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  453.466896] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  453.589223] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  453.593868] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  453.595319] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  453.603807] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  453.609837] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  455.557702] Bluetooth: hci3: command tx timeout
[  455.685729] Bluetooth: hci5: command tx timeout
[  457.605754] Bluetooth: hci3: command tx timeout
[  457.733649] Bluetooth: hci5: command tx timeout
[  459.655001] Bluetooth: hci3: command tx timeout
[  459.781797] Bluetooth: hci5: command tx timeout
[  461.701725] Bluetooth: hci3: command tx timeout
[  461.829707] Bluetooth: hci5: command tx timeout
[  464.255675] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  464.256244] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  464.297162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  464.297738] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  464.369954] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  464.370826] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  464.422129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  464.422835] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  464.463462] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.471533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.504476] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.513119] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.782677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.784993] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.820258] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:16 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x99ad)
pread64(r1, &(0x7f0000000180)=""/76, 0x4c, 0x0)
pwritev2(r0, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

03:34:16 executing program 2:
r0 = perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280), 0x8}, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x1204}], 0x1, 0x4)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000200)=0x1, &(0x7f0000000240)=0x4)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
fchdir(0xffffffffffffffff)
r3 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
pwritev2(r3, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
dup(r2)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0))
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x40002, 0x0)
sync_file_range(r1, 0xffffffffffffffc0, 0x2, 0x8)

03:34:16 executing program 7:
r0 = perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280), 0x8}, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x1204}], 0x1, 0x4)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000200)=0x1, &(0x7f0000000240)=0x4)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
fchdir(0xffffffffffffffff)
r3 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
pwritev2(r3, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
dup(r2)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0))
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x40002, 0x0)
sync_file_range(r1, 0xffffffffffffffc0, 0x2, 0x8)

03:34:16 executing program 6:
r0 = getpid()
kcmp$KCMP_EPOLL_TFD(r0, r0, 0x5, 0xffffffffffffffff, 0x0)

03:34:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x8, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x24}}, 0x14)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x3c, r1, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x3c}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:34:16 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
sendfile(r0, r1, 0x0, 0xfdef)

03:34:16 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000080211000001080211000000080211000000000000000000000000f5640001000006020202020202010882848b960c121824"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0xa8, r1, 0x100, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x800, 0x23}}}}, [@NL80211_ATTR_MESH_CONFIG={0x3c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0x4}, @NL80211_MESHCONF_FORWARDING={0x5}, @NL80211_MESHCONF_MAX_RETRIES={0x5, 0x5, 0x3}, @NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x3f}, @NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0x6}, @NL80211_MESHCONF_TTL={0x5, 0x6, 0x81}, @NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0xffff}]}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x2}, @NL80211_ATTR_BSS_BASIC_RATES={0x16, 0x24, [{0xb, 0x1}, {0x1, 0x1}, {0x18}, {0x16, 0x1}, {0x30, 0x1}, {0x5, 0x1}, {0x9}, {0x60, 0x1}, {0x24, 0x1}, {0x9}, {0x1}, {0x16, 0x1}, {0xb}, {0x1b, 0x1}, {0x30, 0x1}, {0x24, 0x1}, {0x5, 0x1}, {0x0, 0x1}]}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x2}]}, 0xa8}}, 0x20000000)

03:34:16 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x3}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  464.926719] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.929073] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.939184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.943298] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.971176] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:16 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0)
ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0xc9b57)

[  465.050292] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:16 executing program 6:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
shutdown(r0, 0x1)

[  465.120145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:16 executing program 6:
alarm(0x1)
alarm(0x0)

[  465.258045] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  465.260434] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  465.278435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  465.456362] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  465.507006] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:17 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x99ad)
pread64(r1, &(0x7f0000000180)=""/76, 0x4c, 0x0)
pwritev2(r0, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

03:34:17 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
nanosleep(&(0x7f0000000000)={0x77359400}, &(0x7f0000000040))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:34:17 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x4}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:17 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
sendfile(r0, r1, 0x0, 0xfdef)

03:34:17 executing program 2:
r0 = perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280), 0x8}, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x1204}], 0x1, 0x4)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000200)=0x1, &(0x7f0000000240)=0x4)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
fchdir(0xffffffffffffffff)
r3 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
pwritev2(r3, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
dup(r2)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0))
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x40002, 0x0)
sync_file_range(r1, 0xffffffffffffffc0, 0x2, 0x8)

03:34:17 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x99ad)
pread64(r1, &(0x7f0000000180)=""/76, 0x4c, 0x0)
pwritev2(r0, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

03:34:17 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000001100)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000080)="a3c16d1b381e", 0x0, 0x0, 0x0, 0x0, 0x0})

03:34:17 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r1=>0x0})
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r2=>r0, {0xfffffffffffffff8}}, './file0\x00'})
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000580)={{{@in6=@loopback, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@multicast2}, 0x0, @in6=@ipv4={""/10, ""/2, @multicast1}}}, &(0x7f00000002c0)=0xe8)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r2, 0x89fb, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f0000000680)={'syztnl1\x00', r3, 0x29, 0x4, 0x7, 0x4, 0x11, @mcast1, @rand_addr=' \x01\x00', 0x7, 0x1, 0x5fd, 0x3ff}})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="a8010000dc3bc47faab36356f6c180fce2296abff0261863b434a939f3cae289167a8d6d6d62847e345c47c5de97e12a7964da86c47d06bd0833dc7dde8b3db267379b35f98f6da6d776", @ANYRES16=0x0, @ANYBLOB="000129bd7000fbdbdf25150000001400018008000300000000000800030000000000240001800800030001000000080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000300010000004c0001801400020076657468315f746f5f6261746164760008000100", @ANYRES32=0x0, @ANYBLOB="140002006d6163736563300000000000000000000800030001000000080003000000000008000100", @ANYRES32=r1, @ANYBLOB="0c000180080003000200000004000180"], 0xa8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r4, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000840)={&(0x7f0000000780)={0x94, 0x0, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xd59}, @IPVS_CMD_ATTR_SERVICE={0x60, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x5e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x551f88be}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x32}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xb, 0x20}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}]}, 0x94}, 0x1, 0x0, 0x0, 0x400}, 0x810)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="2c8f", @ANYRES32=r6, @ANYBLOB="c93d10ec39d1735557a46bc777b361cd34d37bc6ee2751f3f830de43"], 0x24}}, 0x0)
r7 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = dup2(r7, r7)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r8, 0x0)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r8, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="000000a3", @ANYRES16=r5, @ANYBLOB="000127bd7000fddbdf25870000000c00990008000000240000000a00060008021100000000000a0006000802110000010000"], 0x38}, 0x1, 0x0, 0x0, 0x8004}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="800000000108021100000008021100000000000000000000000000640001000006020202025ecd0202010882848b960c12"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:17 executing program 7:
madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x17)
mremap(&(0x7f0000871000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffd000/0x1000)=nil)
pkey_mprotect(&(0x7f0000870000/0x3000)=nil, 0x3000, 0x0, 0xffffffffffffffff)
mbind(&(0x7f0000872000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x3)

[  466.116101] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  466.127690] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  466.146535] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  466.162961] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:17 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="28010000170001"], 0x128}}, 0x0)

[  466.232363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  466.238799] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:18 executing program 7:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @empty}]}, 0x24}}, 0x0)

[  466.358283] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  466.446088] Zero length message leads to an empty skb
03:34:18 executing program 7:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @empty}]}, 0x24}}, 0x0)

[  466.470005] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  466.529383] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:18 executing program 7:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @empty}]}, 0x24}}, 0x0)

03:34:18 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
sendfile(r0, r1, 0x0, 0xfdef)

03:34:18 executing program 7:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @empty}]}, 0x24}}, 0x0)

03:34:18 executing program 7:
munmap(&(0x7f0000630000/0x800000)=nil, 0x800000)
munmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000)

[  467.271346] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  467.320782] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  467.370704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  469.398473] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  469.403405] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  469.407852] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  469.414423] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  469.421525] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  469.523898] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  469.527740] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  469.531709] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  469.540993] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  469.543289] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  471.497667] Bluetooth: hci3: command tx timeout
[  471.557669] Bluetooth: hci5: command tx timeout
[  473.541625] Bluetooth: hci3: command tx timeout
[  473.605723] Bluetooth: hci5: command tx timeout
[  475.589717] Bluetooth: hci3: command tx timeout
[  475.653609] Bluetooth: hci5: command tx timeout
[  477.637624] Bluetooth: hci3: command tx timeout
[  477.701608] Bluetooth: hci5: command tx timeout
[  480.129977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  480.130842] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  480.185738] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  480.186387] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  480.246621] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  480.247237] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  480.312049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  480.313029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  480.317148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  480.327038] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  480.393295] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  480.401762] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  480.631751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  480.709387] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:32 executing program 7:
syz_mount_image$msdos(&(0x7f0000000800), &(0x7f0000000840)='./file0\x00', 0x0, 0x0, 0x0, 0x69ca0, &(0x7f0000000b00))

03:34:32 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x99ad)
pread64(r1, &(0x7f0000000180)=""/76, 0x4c, 0x0)
pwritev2(r0, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

03:34:32 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x99ad)
pread64(r1, &(0x7f0000000180)=""/76, 0x4c, 0x0)
pwritev2(r0, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

03:34:32 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000080))
set_tid_address(0x0)

03:34:32 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="08000000000000001a64d9"])

03:34:32 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x5}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  480.768737] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  480.776800] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO
03:34:32 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="08000500020000003847e66fe6b24996bfffbfff897cdc0a99d0ab636a022dd7d125f96a88dccd249e23f3398dc10f260a99469d0c3fdd8f4ba6b3e282190b8c04112f27b6c72f87ef8d7746158e3b1d9c89f4e633bdfd5ea13bcf7bb23e946debe47049a5975964bbeea124c220c34b491d8d9bf12de9cd704b3fd6c3098d89ba30ac376d8c6bbb6844546083ae17d1873decf1023ed245512b282df005bfe9fa993e505cc6bcb2c7317aea9ad635cea03d6b2a33fd3ea15039d871d212b210a51577bb2b540ed7c9529341ff6b1e2a81f59abbeac972db74956a7cf41e9ceb47592a3cc800bb8e95ca1950bf38be77e577e8f8d66df0fa3a7a3756a15214241bd77feaad3bb010bfd95d938aa41d44a677af4033643759ed59040b3075fe12b01a3677a4a6e7aa8dcd74ee4c0ef3e53d6fdd91936308c8a4731913402d156903acb3a74e42f0836531513e93b05bc4fd8460f83236668164f472dc7cbd5bf1df7efd294ffb81ee639bdda054c745bb1dbd0401c482c5185da2a96a0cc8f1ca2735be9aa13fef55b80f5a25dd4e18d4782d5df192e61248b4daadd873903485eeb1b7a89321de4d97b7152a5db1061161bfdb1c8c04c31e3af862ae0bc1"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r4=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x4, r4, 0x1, 0x0, 0x6, @dev}, 0x14)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000600)={'gretap0\x00', &(0x7f0000000540)={'syztnl2\x00', <r5=>0x0, 0x1, 0x80, 0x1, 0x3cad, {{0x1d, 0x4, 0x0, 0x7, 0x74, 0x66, 0x0, 0x7f, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x1d}, {[@ssrr={0x89, 0x1b, 0x5, [@multicast1, @dev={0xac, 0x14, 0x14, 0x12}, @rand_addr=0x64010101, @rand_addr=0x64010100, @remote, @rand_addr=0x64010101]}, @lsrr={0x83, 0x27, 0xe8, [@loopback, @empty, @local, @empty, @private=0xa010102, @broadcast, @multicast2, @rand_addr=0x64010101, @multicast1]}, @timestamp_prespec={0x44, 0x14, 0x41, 0x3, 0x0, [{@rand_addr=0x64010102, 0x8}, {@broadcast, 0x100}]}, @ssrr={0x89, 0x7, 0xe0, [@local]}]}}}}})
r6 = dup2(r0, r0)
getsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000000c00)={{{@in=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@multicast2}, 0x0, @in6=@mcast1}}, &(0x7f0000000740)=0xe8)
ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000800)={'ip6_vti0\x00', &(0x7f0000000780)={'ip6_vti0\x00', <r8=>0x0, 0x4, 0x0, 0x7, 0x6, 0x8, @private1, @dev={0xfe, 0x80, '\x00', 0xf}, 0x40, 0x80, 0x400, 0xef}})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f00000009c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000840)={0x124, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x800}, 0x2005)
syz_80211_inject_frame(&(0x7f00000002c0), &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

[  480.799372] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  480.813734] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:32 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r4, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x10}, @void}}}, 0x1c}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0x38, r8, 0x1, 0x0, 0x0, {{0x39}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x5}]}]}]}, 0x38}}, 0x0)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r4, 0x100, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x10)

03:34:32 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
lseek(r0, 0x0, 0x3)

03:34:32 executing program 3:
syz_mount_image$iso9660(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000740)={0x414001}, 0x18)

03:34:32 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000000)='nfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x8, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

[  480.853691] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  480.884390] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  480.894752] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  480.904184] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
03:34:32 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TIOCGSID(r0, 0x5429, 0x0)

[  480.914495] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:32 executing program 3:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timer_create(0x8, 0x0, &(0x7f0000001480))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)

[  480.976061] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:32 executing program 7:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f0000000140)='./file0/file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000080)=@filename='./file0/file1\x00', &(0x7f0000000200)='./file0/file1\x00', &(0x7f0000000240)='tracefs\x00', 0x0, 0x0)

03:34:32 executing program 2:
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x80041, 0x0)

[  481.042621] audit: type=1400 audit(2000000072.811:28): avc:  denied  { add_name } for  pid=18323 comm="syz-executor.2" name="18324" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1
[  481.046833] audit: type=1400 audit(2000000072.812:29): avc:  denied  { create } for  pid=18323 comm="syz-executor.2" name="18324" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:kernel_t:s0 tclass=file permissive=1
03:34:32 executing program 3:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCRMFF(r0, 0x40044581, 0x0)

03:34:32 executing program 2:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, 0x0, &(0x7f0000000200))

[  481.129888] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.224758] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.231517] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  481.232251] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.286431] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.291066] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.293143] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:33 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/fib_triestat\x00')
pread64(r0, &(0x7f0000000240)=""/4096, 0x1000, 0x0)

03:34:33 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x6}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:33 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @broadcast, @from_mac}, 0x3, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @val={0x6, 0x2, 0xffff}, @val={0x5, 0x32, {0x80, 0x71, 0x11, "1685527a1862873151a8fbbbd438d64f59caba22a9f8148f2a4cd0b39e0db1a843509ffe1fd22c1daf9ed4790a3a59"}}, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @void}, 0x76)
syz_80211_inject_frame(&(0x7f0000000040)=@broadcast, &(0x7f0000000380)=@data_frame={@qos_ht={{{@type10={{0x0, 0x2, 0xc, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x7ff7}, @random="7da122542de1", @broadcast, @device_a, {0xe, 0x6fd}}, {0x8, 0x0, 0x2, 0x0, 0xba}}, {@type10={{0x0, 0x2, 0xa, 0x1, 0x0, 0x1, 0x1, 0x1}, {0x9}, @random="c5e3cf47f030", @device_b, @from_mac=@broadcast, {0x5, 0xede}}, {0x1, 0x1, 0x2, 0x1, 0x40}}}, @ver_80211n={0x0, 0x2, 0x3, 0x3, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1}}, @a_msdu=[{@device_a, @broadcast, 0xdc, "9eb629acfbdfd56ab8bd758177f3310aa25787bfea5a8f8bbedbdc055c50b38e389c8c3c56647284350cbde8f23888ed9dbcbba79b77c97e6d3c74d5896b9f62d08e235720eafff29a7dcec7131090557b041159e89d10a9d679fcf546be77ece3ae451ed787be7a64d58f7d6b8115dc3b156f344c9294dfcda534809eadabcbfc9602e4d60fb51a7b9c8b47d30f35108879cec1187ae56d04049065e8feef33ee7aa063d2563d3885c4861a716d5f160b5e563b7d302d5ce3c9aaa8f9ff252b01131950e901dc9b89b01a4b08c818cbf5a7f26dfa291f295c4007f0"}, {@broadcast, @broadcast, 0xcc, "4290e062ea20f24fbc9a8804f852b5c3ae2eab36998814b96194d667fdf0c17cc83eeee2f04df1b0abdbc468dee0b19e646dec392ea1cb76e0bbb4e769e970f8e3db6cd445ca8ce11757108829bcf0b0e9a0a10500d8ce6ae5385df35212d1c3e9733c1c01353c4e6ad92064fbd3ae88e9c723b3e1888f8088044d9a75e4525b5f966236142b5fb98c7fa2c956325492c3a008c8a3c5a0409e22d8cfafa8ef1cf5b18c99d4bb1c6980aab42910570e0af113d66549413f1d55ec61dd5fb8e64969e2faf37ea90c3d5f439666"}, {@device_b, @device_b, 0x1c, "5bef36e0281fb91ca5d3a760e2245a66a2e0bfcf0758231aec94c741"}, {@broadcast, @broadcast, 0x23, "3b4aaac01bb23598e55e15f2155e0ff1d151db2e9de8f90afcad75eb85c4d9fb829d36"}, {@broadcast, @device_b, 0x6, "9eaaaa3ef87b"}]}, 0x274)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000000)=@ctrl_frame=@cts={{}, {0x4}, @broadcast}, 0xa)

03:34:33 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x99ad)
pread64(r1, &(0x7f0000000180)=""/76, 0x4c, 0x0)
pwritev2(r0, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

03:34:33 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = dup2(r3, r3)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x0)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000005c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x5c, r1, 0x8, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xffffff81, 0xd}}}}, [@crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x8, 0x49, [0xfac0c]}], @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x88b5}], @NL80211_ATTR_PBSS={0x4}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16d5}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}]]}, 0x5c}, 0x1, 0x0, 0x0, 0x20008000}, 0x4)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:34:33 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x99ad)
pread64(r1, &(0x7f0000000180)=""/76, 0x4c, 0x0)
pwritev2(r0, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

03:34:33 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
io_setup(0x208, &(0x7f0000000080))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xffffffffffffffff}}, './file0\x00'})
mlockall(0x3)

03:34:33 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100), 0x6)
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000140))

[  481.676326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.684610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.695814] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.701260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.712981] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.727284] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:33 executing program 3:
get_robust_list(0xffffffffffffffff, &(0x7f0000000100)=&(0x7f00000000c0)={&(0x7f0000000040)}, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$FIONREAD(r0, 0x4b4c, &(0x7f00000000c0))

[  481.787086] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:33 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100), 0x6)
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000140))

[  481.839223] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:33 executing program 3:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
fcntl$setstatus(r0, 0x4, 0x6c00)
io_setup(0x200, &(0x7f00000000c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000480)="c9a30aee2491bc1544648f8ebed193a188d62123d10418479b60e3255228771943f1263ac7a1a6fdb8670a0b554ee2a242029ac9cb89efc94eb37529b0e7a1009757f74f24e84a0b29aaa02d98acd5f1657b90cb6b56ff35653b78cc8c2171c4cb6a0526584c4418d08ec721ad52d3a843d9ee7b08212bb21a3689353b391f03935abca9118fd36b6dd36b56b236d95cfef1257cd371106a3ec8dbb8fb7c2d2053cde003671fd45da47a62ed33e50fd7389fceaabe0d8d46eb84e0d7866c83740270d9c214760397feab0b286bebbbca90f66d79e05cd565691ab5df757c5b16d01c4d5440fe15214e8b7cc91cd270f71a56e3d966b8c6e70814d03c91ebc8ad04e0640a096ce2b17d3962fcfe0a7038c31f271ddbeec82bd94643da1b9995bc9d193a4ca5d4253fbed6b5ab196ce9f0db26f3148a28abc26344f1618d14546273b7e2598455479b0dd87b6d82e99f1f71b5040d165da4b375b1d8426f29afecb7d75fb0fa902fe3a69c694a8c2dc7ad4e33368df829279405f695d95e729660f02a46d2baad5ca601a8bfa67d73d0e52647ab4f5a4818e48ac6ee62c826ac6039617d53962493820c1e4a292e4d24f3b9558d06103f275f34db11b5e63303b3a4421335241a40b0362a3af98605a766d25d001be3b1356ebeb2a0416056bb627ad05011e7bf102df9f34f2470dc0430667a9d93d2477035482da457457524cc", 0xfffffeaf}])

03:34:33 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100), 0x6)
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000140))

03:34:33 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100), 0x6)
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000140))

[  481.993152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.998478] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  482.026414] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:33 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x7}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  482.034056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:33 executing program 3:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
dup3(r0, r1, 0x0)

03:34:33 executing program 7:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000080)={{0x2, 0x0, @remote}, {0x0, @link_local}, 0x68, {0x2, 0x0, @empty}, 'lo\x00'})

03:34:33 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r1, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}, @NL80211_ATTR_REG_RULES={0x10, 0x22, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x81}]}]}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x4800}, 0x20008000)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x34, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}]]}, 0x34}}, 0x10)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x38, r1, 0x5, 0x70bd2b, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x38}}, 0x0)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  482.103905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  482.115701] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:33 executing program 7:
setrlimit(0x7, &(0x7f0000000140)={0x5, 0x88})
epoll_create(0x7fff)
pipe2$9p(0x0, 0x0)

[  482.150301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  482.181000] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  482.200884] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  482.251289] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  482.435517] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:34 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
io_setup(0x208, &(0x7f0000000080))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xffffffffffffffff}}, './file0\x00'})
mlockall(0x3)

03:34:34 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
arch_prctl$ARCH_GET_GS(0x1022, &(0x7f0000000080))

03:34:34 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x8}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:34 executing program 6:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0)
lseek(r0, 0x2, 0x0)

03:34:34 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r3=>r0}, './file0\x00'})
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r0)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, r4, 0x100, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xcd4}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x48014}, 0x20000010)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x21, @val={0x0, 0x1, @random="a5"}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x31)

03:34:34 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
io_setup(0x208, &(0x7f0000000080))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xffffffffffffffff}}, './file0\x00'})
mlockall(0x3)

03:34:34 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
r3 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = socket(0x26, 0x4, 0x400)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x4204}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x34, r1, 0x400, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x3, 0x5d}}}}, [@NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x40001)
syz_80211_inject_frame(&(0x7f00000006c0)=@device_b, &(0x7f0000000700)=@data_frame={@qos_ht={{{@type11={{0x0, 0x2, 0xc, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x20}, @device_a, @device_b, @device_a, {0x9, 0x8}, @broadcast}, {0x4, 0x0, 0x2, 0x0, 0x7}}, {@type00={{0x0, 0x2, 0xd, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x6}, @broadcast, @device_b, @initial, {0x7}}, {0x3, 0x0, 0x1, 0x1, 0x2}}}, @ver_80211n={0x0, 0x9, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1}}, @a_msdu=[{@device_b, @device_b, 0x8a, "218f6d7cf2f068075bf435b2c1de61d080a96bea26db62347cbfcd53d90928a0c23ba00e90274a3991df7a9f10f0fe7a9dca60b31e91785e39ef78f967326e3ed4329a9677292e8b6785f95b5be8284ba8897f01691423d6b05db0ff35627d557f879bd77fdd937d84f389c6386d7828bef46742aa864c9c965818ff258c05dfcf03840839c33f8f79d0"}, {@device_a, @device_a, 0x1000, "25aac086279e7ddf6bd0d37fa5df8d98a3a6aeb6e8137a28b35b8d4eef7a38f5663579e3e618eacfb9b7365db478adc4a22eefd2005ca2990ff9679b50447ef23395615d22db0641dd0a817621beef13fe677076466069822d8809b8f336a8a7a96793b8c6703af0ce571213356f4ee82c0ae36c39f24d4e50a90985e6ec2c25473b10521440ff18750f52b8076c78083aa61cc397f0c6fc756950559079ccfcc9acf0ebff247c2e857bb828125935eb3d03c2ca9d87a935fa5411208bad77c66da8b83b603f51587e89554a65e3a3108bdce0e124ea2af574f69deba19c9b2b620827180d5530d776428443767b7a66e9d4e015b10a2ec4e82f016aed2ddfe771f1c2fd58dc5144a45400706df49380db9cc1148ac4c789f237967f4cbb36ed1668c2d0e8e685dcb93c2b948672c08bbc1b9d2f9229296d33e48b8da602931e91dc5b1eee925960fb453973d40fd61bee6260ceb8d1969889c3bc53969dfab1006d5f578c8b648590f793957efd878ee9978df2b07e08c002dc842c68218e1ab1bd1da052e5acd909b8bfcef09536f77c68adbf4d434089849d524386aa2395183e6493098db56d7605029d000f3aed51e42afce4494337702e123d2d249ddbd8bcadab654fce8f0c8a3d6e4e3f8010508f3726b7532fba5fda7e8bfc26c104e10b854ccc4bc68d29f1b66a3f7aa5c4cc2444c8279d7c7b100722ffe2866b78e0869f40c9d09ca623211e7a63545f4e2546235c94d0067fd00cd9faccc8ddbbcb83254015f3d8ea60a294477f821db34296ef5da867c4185a3d2fb45bbee039b37b1005723caf7509c93ca48ccb8f98fe61e0e026275598ef7416c0008c5afcc6aee8876c36b102685c43613324369e58af23476b07b318e11e46830fb6f2edc4637a730b9b4dc178383a39a515e53148a08f1efcf57fbbd271530f126e886a8dddc5d09a54851d940514730276be21fd89b4abf47210e3f57fbef5d4a8b6e454e59cf16d1e39128f834147ac7b0dcae5bb29e69eb29e1f391510235a7a64c84b61e24b66b76ca5c9b29286f8752efbabfdcf1d3d92473bf67a4646e40b776e70bd1044eca3cb02f7c83034581872a97ca3513dc8720696fa3442aa28db1acdf6dd82849be528840826563edd70d96897ab64492a40e94de1fd8e35e31aad7fbc69aefcb2d93e3a5bde81a62fd525c90d9491c10fa00198a50b342ad16cb2018ac05e39bc776cfaecf0e584b5930c359987c3734b33bfa439ffdb8f1d6a114c061a800c2ef0e46d550cb2ccf6cf42af0961930c9d340881a503c5e03c3834770da3bf7eb055557a010be4281fe98a76ccedac7ea231ec0ee05059aa11fc27be8f5de1403659f8a1da89153cf35b37a07be1d84d6f76df3bee14b0aa693a96be87025b7ccb4a8ca8d7f8e400b99172e130f920308fa641f1421cf518301b0a473a0f91d8abf2ffbe40f91746551ef9c9529bbaf48d30db3b3109065d58f6f34b662a4fb68d9602122138a290e9a9eb6b5d2d033ad8cba0885e87b253659f74ba741df83095f1ce133e9768ceaf88de7aa40131d59a2f554f427ddd642d9b4e0550add55a92ab4724b9c486987f31bad848ad1cf309c2f73d06c6ebb24d924ed7b8bec8d867241e1f47cd465b113a1e53e2f6782873f2093eab84c10e8bd708f62b196705494caa114ae2a751abcbd132d9ee84e6a605ee45ef18cce5b47ae65025b47519b45333556b23b28cce479a806db3a44c48ea71d9bf210c24f3e649fb03f555e3e8bd385774284e55bf4f6cde5f172058714b065e192b08f76f41fbffbff5cabb8414c3d5f7578ff88eee3d08d0eeba864bbbd5f53dfeeeecef0c034daeef8c2813c7426bbf7350b2d966c0d8068f10ed692bb53b28315cfd0b4e7137cc3f7869f144706a3af10daac8949b20b8433a35c2dc2cc48d84de4cda27f64f37b4451e7865324c1872b1367ca045cba9a1ea9dcd98424258fb6eae7399ffb0b5ca32b8d83247ff645c04c82326fbe6831d08f3195071001cd5032975beb9dabd90f22a01b22d641c2c2bf1e4b0a0168abcdb76a64ae54f1d7f0d79bd5ecc5cf33727405d13ffdb36d59c8178c0af7fd8e828c14d74f76d5447b2cff6df93a19aedbfd33d2c57c6e672ee02f43595535d9602f218f03ede5b39088a8ef4c67a821e96d1adc7c6086afe5327e0f9b8c7ed6b746cec7123a4265002a0f4b6accd65b22ff1df445db07f523be14726ac7e2f873dfc9ef203307f6f1dbaed6f2547db620bdc38f5d38d340c32158f7e30a130ec70080f3235b386300a3ec6d3dbd52f491ce527c29b6cbea5cb346bd3f049eaf1a8d34e53a164551ed00a2d6febabf5f8587733d0aa647bfb8c58575f055cddb9040a8479baa68716af6a6797e16f037b4d9ee4e764b09885a4b3b254395ddcef668d5a57016fe1fa91598c32b6f1c360176d22ee6f9e14a3178cab773614090f2b3003545106a12188e914c697683ea0c18fe56c933e3b9aa2c30914337697121633c5476a034ba78079dafc2cc16cc49c4c3fc20289c1038bb45560269f6806043cd79c0db52036e307a1c74ade7c628429bf20c68ec8d8dcd0e78f361a810afe77db511d1cd28b772ec79122b074856a25b9d74a7759cdc4dd09594e845ffcba7c283f54ecb83c04a2578a7def97faa7f51cd3082c0a1528992c03dbacc4eacf67a0fdb8d86bac91bb406e219e38761abb9a90be60d7a6d0a970ed48f13b05e6c1a2e90bd296d7f898a7c996d29c5623f54ef4e3f49795c178fe03b899b33db0107b10acf23477d17edaa8a37012220ddef28da31ae293310df9d2fe5f93aefee4066531c79a82518a26aa28ecdf3cc803634a54b663a6eaab100fad1b864794dae0576cb0143ec41882c3eff0078a3d18e5f3ab8630779865297a13b77e483b439724122008ce7c481222bc1ad78f476250d677438bbdb85bc8514622c7a423d19db78d1bd57aa8d3b07b30d10841dd3ca33318048ec08e6b645de47f4777778316f7b5a5b1615853d1cfd3d1a3f5cd6844ee48beea0c64e59b10526b5a0c6694663f772e7c0cb61d50d9d1415ef3dbaeabfdae372ba78ed9e2eced50257673b8ae9dc13ecff460be199535235446e21fb6767640dfc9ed8816d76ac7bf0d5e332884a86925a2d3874bdad8e7e2cf22d8d3167d6a9700ab3c52caf28d62bbf55b3294f1f939b29d5e7de47df357eb2532b4b0caacc226dba9ea2b0705a5e3464c7d1df1dccc12105243f17fb096d4e578c244070535b9f2766cbc21ccdf6d17986fe7628d80c1d02598e06cd61795b65d3106c326c31f5a27c04937c62902c04bb7a2dd186413a7cc2260ba84c38933093d30f5c8b5773eb1e8e4f2c7e41e74a3830d3664ab0f396868901f5143e3c4b645198076a83c16adb3f86f3bd8a832a40451a469f5cd1406ace6eecfcddf3526b52dce400659dd9eac87f3524b5d6bb700c91a80c3a3d6566b049c62d5909c2c90f8151a0c94d26a17671a941f0ec30a5e0a622f7de36b441394c602c167027b0630b0b27f4d3b008b26879cd2b237c3d58cefe91629bcebab73692b047d7790ecf1f4c89f0a5b0e4bc5d6b8f93dacc81bc0836183bbbe827280fea45cc8d99541601289718e8a0e55fb8a32ee47e560896e363c7d0637cd1f0f2c33eeed4c092512014420b2cec9f7963fff851579bcc362ce5da915aa80d2e8351602f20623960c5840be4fbfb7dbcf7b40cb57631361aae00a077a90c175d7d5f951213659962f9467db447563e37b489d9a7e275bdb58398945258529d06f1247ca1f0b827b7c942f26ad29dc58f208b573f1b1d2dd4348a3baae2d8e19dd58fb93299a0feb18cda941520e3ab44f84e3da4d13b224459ec67b64e7a339ea38be89ed7707f8a7c94c3be1c8075465ff210e28fb68bb7e5e2dbf356a8cd95c67e690ae61e2c184c31a90a5039fd899c48fa17736252ead30c4bd00c875a380e92affdb5c633e9201622a7044d459dd47bdb1bafc0119e9ca372b4515d6e92ee36d01111fb87606d8ce3d28438a98119d8feee4487f9d170b3af7bd104bae758996ebaa472e6d8e0f918384bf94acd9eedafa483e834087e92553cfa102a85a801214b1d0255868b015c3faf1fc7d96a3b46769baa540f9bc1528ab690d4450525f3250dc58629e7ffca99f4c457207353c4a8b6ac3255895f943cd794b3c1277cb3ea7faef02d30cfe1bf96015720ba43c1a07cc1d1d227c79b97bba77cbd3a1c8c79e0459cca5bc470292129b9ca9261066bb917c599c10bf1a4fe874ed4235cc01434fb19689be65879cd31713cdaeb343fc6661acdb0587be66fb6ea474fc9a203da4c61e43c73c598f6adfdcbe140839c2e6bb6ea0c17e4695b5576820e00924b3360331ca9c49856745a0fc70cbb51f38d5f54465f0eff7fa14effd013da20c6574347092e0ab4453cc5b11842d82d4987263eff0ef924d42073115aa7e4aa3d3dd80e452105ab3deddf6fe338c6e5af91159948ea52d1cfbc7100caaca92a1b472dfb7423edcc7f67561a48350d775ac0da0bb31fb281253201e2ea71e372e50ae00d07d9853480385551bb8534223a2bb5b9ae3de1478acbbd6ec4705f65e5061634db18957be2edf9ef213703b46eefadfb1052e026c88bbe20aaef0f130723e0cf8edcc366c432b4067f6f8a9bdb2162df4de2d7914b42bedf46bc942dcde0b51797a8546d9cca1b0be2858d6e734f0c90cbd0a43a14133a4ca157c9ef6b0cade6238edfc600e9c09bd6741ee32201cf18190f75b7feff31ffd64565b64801b967a08808094fb99ec88c191de19428ba3e1a0579dab0dc870dcfaaf2c5e31fcb1f5f15319039117600f5d682f059fd4f769ae8a3ba0c9b4c724e1a08e8079b288606c5ce3565f856022aa3ab976ea3310f6c37d359ad74224d62d1a3b82bddb7a2ecac27fadd1e8cdf81d8218806dd4ee88b9a2ec22ea052eaf9bca67f4f3c813c44bf8a20e69a8386d90fc6d5f18f5a25d09c6b103283c23ef4573a28b23475d7e3002d7a1b9cd2eea40ea3b7c9b3563658de71004e68f6853dec23750b8a2180100dc497375c99df999a8e34aa9fc2873f6f43ec194446c835ff01f75eb8dbc6ec9040dd5b3dccf4ef126e35a872d237b73f7084b49838a4cf234433281d1b27b40f67ff8530606ecac189a58cae2c8727f8f3ee6906a3d61845bb11bbe09a9e6a9ddb02d16eda52ef103e9ef44ed6a51b66f99afb9e88080ef678ce33ca206c105f80fa3e669b137ef96bfc7556ff7ee505b54dd6a4f83615f4c471feb1fa3a3d76ec189673354a803b0efd4f520cb6b1d5d0fc2b403fd78766825eb5eedb841981455ca00e003613c0a2461064d5ca26978159ed67ab5e338239e21d2f8ade49be68ea87989e0a63f1de94f99c3038e7959142bc2d8fcd50878198b2a9c05e1fee130138a3baa20a621e5d90c143cfcdf1455f52e4bb6e5fe900734ab0c49dafc4eb26da0323680f39a370e6fcb3fc19dcb71959196e77e3fe256559994251148aa634b778aea81459bf2f548afc691a8ba0b332340fb72b5eef478631b5b42f7c5680b88402865ba5b42e50c871566f0ec7ef161bab7baab90f99aba2350a23fb3d0a84cc2a5e8c2de99ad002e2497b96177ff960567168e4bfb40e2ebe9006ed1f04f7657d744f33d668aab8e0044fa751acf51d7104e58300e20d0a616bcbf3761a0d915125be0a66ec5c0555767ccd4b41e7fc805e401ca8b9e138eaec9fe4dcf7523369c5f1ef19a8954e3ef7061d18166eb9d5f0ec17b9f"}, {@device_b, @device_b, 0xf2, "cd50f907e61490d11a5821f887601924bf83ea041a18b8eb46eb0e15d9a21fd887f58123bf9e67b947e26bef1f294d6953a1ad51daa9c4227cf496265b55cc4970c4756d2b63bf8027697a5ff18bfdf9b2f958ae4adae0ddc8437cebab9861b0c66ef12d80fdc039941a99389e748c8e52373587fc4ff5c38756dad02e73c8f6de6bfec232ce3109a9e08eea80c7dd9ec39a47ff192cd60f971c05101b7eb3a9658d3859ca069df1132e28a3c522ab5e688fadb880b9b3b95c9fa45924935575a922aba230bcf60501514120520e3af8cd2c58e61a89599602c26d8aaa68c6165c5fdb779a8830fff57bc191e00e0b7cfe24"}]}, 0x11e6)
r5 = dup2(r3, r3)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r5, 0x0)
sendmsg$BATADV_CMD_TP_METER(r5, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)={0x3c, 0x0, 0x300, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x9}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x200}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4000000)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)
sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x10}, @void}}}, 0x1c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001940)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000001a40)={&(0x7f0000001900)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001a00)={&(0x7f0000001980)={0x54, 0x0, 0x400, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0xff, 0x42}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000084}, 0xc000)

[  482.989339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  483.007382] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  483.017823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:34 executing program 6:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0)
lseek(r0, 0x2, 0x0)

03:34:34 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x105000, 0x0)
read(r0, &(0x7f0000000000), 0x400000)

[  483.034300] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:34 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000001a00)=0x4082, 0x4)
sendmsg$inet(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10, 0x0}, 0x0)

03:34:34 executing program 6:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0)
lseek(r0, 0x2, 0x0)

[  483.065064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:34 executing program 6:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0)
lseek(r0, 0x2, 0x0)

[  483.181516] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:34 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})

03:34:35 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000001a00)=0x4082, 0x4)
sendmsg$inet(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10, 0x0}, 0x0)

03:34:35 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x105000, 0x0)
read(r0, &(0x7f0000000000), 0x400000)

[  483.342386] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  483.345823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:35 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000001a00)=0x4082, 0x4)
sendmsg$inet(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10, 0x0}, 0x0)

[  483.496015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  483.551731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  483.559166] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  485.908042] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  485.910785] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  485.915699] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  485.923934] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  485.927851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  486.094277] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  486.097015] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  486.102100] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  486.113333] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  486.117695] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  487.942665] Bluetooth: hci3: command tx timeout
[  488.134621] Bluetooth: hci5: command tx timeout
[  489.989750] Bluetooth: hci3: command tx timeout
[  490.181726] Bluetooth: hci5: command tx timeout
[  492.037615] Bluetooth: hci3: command tx timeout
[  492.229726] Bluetooth: hci5: command tx timeout
[  494.085651] Bluetooth: hci3: command tx timeout
[  494.277691] Bluetooth: hci5: command tx timeout
[  495.727106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  495.728018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  495.810186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  495.810847] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  495.949947] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  495.953094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  495.953863] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  495.975090] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  495.976003] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  495.976805] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  496.040613] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.048546] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.300287] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.304960] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.353409] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:48 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.group_wait_time\x00', 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x48, r1, 0x200, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xe7a4, 0x27}}}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "c00f9b2f5ea7d55344c83d0d9028849706eb1e1e13fcede5"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}]]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x20048005)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:34:48 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000001a00)=0x4082, 0x4)
sendmsg$inet(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10, 0x0}, 0x0)

03:34:48 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x105000, 0x0)
read(r0, &(0x7f0000000000), 0x400000)

03:34:48 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
io_setup(0x208, &(0x7f0000000080))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xffffffffffffffff}}, './file0\x00'})
mlockall(0x3)

03:34:48 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
io_setup(0x208, &(0x7f0000000080))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xffffffffffffffff}}, './file0\x00'})
mlockall(0x3)

03:34:48 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0xc}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:48 executing program 6:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
ioctl$VT_ACTIVATE(r0, 0x127e, 0x4000000000000)

03:34:48 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x311c00, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="5748a224763e5e48c4d196719020cfc13e6bf2a7e8fd5d99e17944da9dbdfc39c7782027bc0332fc3478e5e9", @ANYRES16=r4, @ANYBLOB="00022cbd7000fbdbdf250100000004000300040003004c0002802c000180080001000200000008000100060000000800010000000000080001000400000008000100070000001c0001800800010008000000080001000100000008000100060000006801028014000180080001000300000008000100040000003c00018008000100060000000800010007000000080001000100000008000100040000000800010002000000080001000600000008000100060000003c000180080001000a0000000800010000000000080001000600000008000100020000000800010006000000080001000700000008000100000000004c0001800800010001000000080001000500000008000100020000000800010008000000080001000100000008000100060000000800010005000000080001000700000008000100010000002400018008000100080000000800010005000000080001000100000008000100040000003c00018008000100040000000800010003000000080001000600000008000100060000000800010003000000080001000000000008000100000000002c0001800800010008000000080001000700000008000100010000000800010003000000080001000600000018000180140002006272696467655f736c6176655f30000018000180140002006970366772653000000000000000000038010280340001800800010006000000080001000600000008000100020000000800010007000000080001000200000008000100080000002c000180080001000300000008000100050000000800010004000000080001000200000008000100010000002400018008000100070000000800010006000000080001000300000008000100000000002c0001800800010006000000080001000500000008000100020000000800010003000000080001000500000044000180080001000000000008000100030000000800010000000000080001000100000008000100080000000800010000000000080001000100000008000100050000001c00018008000100080000000800010005000000080001000700000024000180080001000800000008000100000000000800010001000000080001000700000004000300"], 0x33c}}, 0x4)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  496.438233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.441086] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.453459] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.460983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:48 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f0000000140), 0x0, 0x44043)

[  496.496882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:48 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={[{@mpol={'mpol', 0x3d, {'default', '=static', @val={0x22}}}}], [{@context={'context', 0x3d, 'system_u'}}]})

[  496.509347] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:48 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x105000, 0x0)
read(r0, &(0x7f0000000000), 0x400000)

[  496.548108] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  496.557184] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  496.571957] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:48 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000380)={0x2, &(0x7f0000000340)=[{0x6c}, {0x6}]})
pread64(0xffffffffffffffff, 0x0, 0x0, 0x0)

03:34:48 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000fc0)=0xffffffffffffffff)
sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1d", 0x1}], 0x1}, 0x40011)

[  496.643492] audit: type=1326 audit(2000000088.406:30): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=19364 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb0791eb19 code=0x0
[  496.771250] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.779128] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.819283] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.883129] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.933898] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  497.468377] audit: type=1326 audit(2000000089.239:31): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=19364 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb0791eb19 code=0x0
03:34:49 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
semctl$SEM_STAT(0x0, 0x0, 0x10, 0x0)

03:34:49 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000fc0)=0xffffffffffffffff)
sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1d", 0x1}], 0x1}, 0x40011)

03:34:49 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
r3 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = dup2(r3, r3)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(r4, &(0x7f0000000640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000328bd7000fbdbdf250a000000340003800800030020000000080003000100010008000100ff070000000001000900000008000200000200004b000200140000004c0001800d0001007564703a73797a3100000000000003000300000000000480280001800d0001007564703a73797a31000000001400028008000300060000000800040009000000"], 0xe8}, 0x1, 0x0, 0x0, 0x20000014}, 0x4)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000600)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x28, 0x12, 0xffffffffffffffff, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0x4}, @typed={0x4, 0x1d, 0x0, 0x0, @u32}]}]}, 0x28}], 0x1}, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000680)={0x9, 0x0, {0x4, @usage=0x6ba3dd91, 0x0, 0x80000001, 0x7, 0xd013, 0x1000, 0x9, 0x41, @usage=0x80, 0x8, 0xfffffff9, [0x6, 0x6, 0xb19, 0x8, 0x8, 0x86]}, {0xfffffffffffffffc, @usage=0x40, 0x0, 0x0, 0x6, 0x2522, 0xa1eb, 0x3, 0x0, @struct={0xfffffffd, 0x1c0}, 0xb41f, 0x1, [0x2, 0x9, 0x80000000, 0x2, 0x3f, 0x58b4]}, {0x1, @usage=0x9, 0x0, 0x2, 0x7, 0xb3cc, 0x3f, 0x1, 0x2, @struct={0x8001, 0x7fff}, 0x8, 0xb25, [0x2, 0x8, 0x6, 0x2, 0x64, 0x8]}, {0x9, 0x4, 0x4}})
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:34:49 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0xf}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:49 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
io_setup(0x208, &(0x7f0000000080))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xffffffffffffffff}}, './file0\x00'})
mlockall(0x3)

03:34:49 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
io_setup(0x208, &(0x7f0000000080))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xffffffffffffffff}}, './file0\x00'})
mlockall(0x3)

03:34:49 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
get_robust_list(0x0, &(0x7f0000000200)=0x0, &(0x7f0000000240))

03:34:49 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f00000006c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)={0xe8, r1, 0x400, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x14, 0xc7, {[{0x0, 0x4}, {0x0, 0x3}, {0x8, 0xf9}, {0x2, 0x1}], "07f3ec5eefb7abb6"}}, @NL80211_ATTR_QOS_MAP={0x30, 0xc7, {[{0x3, 0x6}, {0x7, 0x5}, {0x40, 0x6}, {0x81, 0x7}, {0x5, 0x6}, {0x1f, 0x4}, {0x64, 0x3}, {0x7f, 0x4}, {0xd, 0x1}, {0x5, 0x6}, {0x0, 0x7}, {0x69, 0x4}, {0x8, 0x2}, {0x3f, 0x7}, {0x0, 0x5}, {0xbe, 0x7}, {0x1f, 0x4}, {0x1}], "3b9c412a34643bcd"}}, @NL80211_ATTR_QOS_MAP={0x20, 0xc7, {[{0x18, 0x7}, {0x80, 0x3}, {0xc8, 0x3}, {0x0, 0x2}, {0x9, 0xb6}, {0x6, 0x2}, {0x2, 0x4}, {0x2}, {0x8, 0x2}, {0x1, 0x2}], "dd8240627a4a6eaf"}}, @NL80211_ATTR_QOS_MAP={0x10, 0xc7, {[{0x2, 0x4}, {0x3, 0x6}], "0502b4a744984152"}}, @NL80211_ATTR_QOS_MAP={0x2a, 0xc7, {[{0x1, 0x3}, {0x8, 0x4}, {0x2, 0x7}, {0x8, 0x7}, {0x0, 0x5}, {0x40, 0x4}, {0x6, 0x7}, {0x7, 0x6}, {0x2c, 0x6}, {0x7f}, {0x90, 0x1}, {0x81, 0x6}, {0x4, 0x3}, {0x0, 0x5}, {0x29, 0x1}], "816dc4743b0b7f5b"}}, @NL80211_ATTR_QOS_MAP={0x32, 0xc7, {[{0x8, 0x4}, {0x1}, {0x1f, 0x3}, {0x5, 0x21}, {0x3, 0x4}, {0x20}, {0x4, 0x7}, {0x7, 0x2}, {0x10, 0x5}, {0x0, 0x7}, {0x81, 0x4}, {0x2, 0x6}, {0x7, 0x3}, {0xe1, 0x1}, {0x2, 0x2}, {0x3, 0x1}, {0xff, 0x1}, {0x5}, {0x1, 0x3}], "5721e127b6c353cf"}}]}, 0xe8}, 0x1, 0x0, 0x0, 0x4000001}, 0x4804)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), r0)
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000380)={0x11c, r3, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x2}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x11c}, 0x1, 0x0, 0x0, 0x20048804}, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x321100, 0x0)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r4, &(0x7f00000001c0)={&(0x7f0000000140), 0xc, &(0x7f0000000180)={&(0x7f0000000740)={0x420, 0x0, 0x4, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x5d}, @NL80211_ATTR_IE={0x16e, 0x2a, [@peer_mgmt={0x75, 0x6, {0x0, 0xfff, @val=0x80, @void, @void}}, @rann={0x7e, 0x15, {{}, 0x5, 0x3f, @device_a, 0x6, 0x3f3e, 0x7}}, @gcr_ga={0xbd, 0x6, @device_b}, @cf={0x4, 0x6, {0x80, 0x7f, 0x1f, 0x7ff}}, @random={0xd, 0x40, "60d8c01c89b4fc8686968ef6edbd52a93695a980f26d67bc3ac2f2aaf5bd28cc870fd56ecabb61ce7ae7c59f05e6a91c2c989e0290c5e8175181ebd86b85aa83"}, @perr={0x84, 0x62, {0x1, 0x6, [@not_ext={{}, @device_a, 0x2f3, "", 0x2a}, @ext={{}, @broadcast, 0x1f, @device_a, 0x3e}, @not_ext={{}, @device_b, 0x7, "", 0x14}, @ext={{}, @device_a, 0x1, @device_a, 0x34}, @ext={{}, @broadcast, 0x9, @device_a, 0x15}, @not_ext={{}, @broadcast, 0x8eb4, "", 0x21}]}}, @random_vendor={0xdd, 0x88, "6de1eac8f1de5666342b6265f9bbea06a93c3ff00e6052cc1818a12227374aecff2909a0abd6cc695b7ccec771d393fb9bf80f7287cffd3952053abda984252d455b2b5d449c7a1bc35632d40441dfc2dcffde28a186f7069059a7db6861a555beb90a0d7b96e280ed7e28c32c3837810c5399466b7ada64fca7c19e88a5f281520f0d28a8f0e62d"}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x8, 0xb7, 0x7f}}, @channel_switch={0x25, 0x3, {0x0, 0x68, 0x1}}]}, @NL80211_ATTR_IE={0x94, 0x2a, [@ibss={0x6, 0x2, 0x2}, @cf={0x4, 0x6, {0x5, 0x8, 0x800, 0x7}}, @fast_bss_trans={0x37, 0x68, {0x8, 0x1, "3685cc604dd7f369d7e8634cc869e9c5", "bc75cf570c0a3d7771596903a5a836641c4dd3a5853234a908763e709f4298a3", "e77f23e3b990fef6db2e63ddf8221a899815a5c5e4c91b6875d88b4a2de1d8d0", [{0x2, 0x14, "80731ecff64aa79f13bee7b7302e84c10266af02"}]}}, @mic={0x8c, 0x18, {0x47c, "98bc804fa901", @long="7d68ea2b5cbe2a691128bbb2c3e93430"}}]}, @NL80211_ATTR_IE={0xe7, 0x2a, [@measure_req={0x26, 0xe1, {0x2, 0x20, 0x8, "aeb3584054ba4f76d0f5b7eca6c85a0f1cee53a1712315af81465e1e89ee4691c82e64ea00b7e5a1d2fd410c7be42c174f202f747fac2bff13aaf9d8aed970899b99ae0b7573d5b99f760884059a277bf998ce8df1159cb9aecc98bf54a1dec5dbc43eb771a4ccd38177bdbbf41c0b9c945032a635d07edbca9793f2e81a2efdf04702968bf3c872b0f4384b19a414cdaad49db842ebf0a87669a68cfaff250b346f8f5a97aff91e1d14efad9c6364a83812a86976781b59cf36775f658f52c5b5d006c90241cbab034f0ce351d1905ec71f39c808eb25210529ba111dcd"}}]}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_IE={0xda, 0x2a, [@peer_mgmt={0x75, 0x4, {0x1, 0x6d, @void, @void, @void}}, @dsss={0x3, 0x1, 0xc}, @ht={0x2d, 0x1a, {0x1, 0x2, 0x1, 0x0, {0x7f, 0xffa, 0x0, 0x60, 0x0, 0x0, 0x1}, 0x400, 0x8, 0x7}}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x2, 0x28, 0x40}}, @rann={0x7e, 0x15, {{0x1, 0x6}, 0x6, 0x0, @broadcast, 0x5527, 0xabe, 0x2a}}, @preq={0x82, 0x78, @ext={{0x0, 0x1}, 0xff, 0x9, 0x0, @device_a, 0x9, @device_a, 0x7fffffff, 0x4, 0x8, [{{0x1, 0x0, 0x1}, @device_a, 0x5}, {{}, @broadcast, 0x3}, {{0x1}, @device_b, 0x3}, {{0x1, 0x0, 0x1}, @device_b, 0x8db4a80}, {{0x1, 0x0, 0x1}, @broadcast, 0x1}, {{}, @device_b, 0x3}, {{0x1, 0x0, 0x1}, @device_b, 0x800}, {{}, @device_b, 0x4}]}}, @chsw_timing={0x68, 0x4, {0x2, 0x2}}, @link_id={0x65, 0x12, {@random="c0964f85395c", @broadcast, @device_b}}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x420}}, 0x2000c000)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="40a90b4c", @ANYRES16=0x0, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  497.644267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  497.672674] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:49 executing program 5:
msgctl$IPC_SET(0x0, 0x9, 0x0)

03:34:49 executing program 7:
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
madvise(&(0x7f0000430000/0x1000)=nil, 0x1000, 0x4)

[  497.703472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:49 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000fc0)=0xffffffffffffffff)
sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1d", 0x1}], 0x1}, 0x40011)

[  497.750028] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  497.767401] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  497.768909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:49 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000000))

[  497.829350] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
[  497.840981] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:49 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f00000000c0)='./file1\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2)
unlink(&(0x7f0000000040)='./file0\x00')

03:34:49 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000fc0)=0xffffffffffffffff)
sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1d", 0x1}], 0x1}, 0x40011)

03:34:49 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000180)='($\x18\xe5=\x11c\x86g\x02\x00\x00\x00?\x00\x00\x00\a\x00\x00\x00S\xc8\xe8*\xcc\xff\x7f\xcb\x9e@G\x96\x1e>\xdb\xa1J\xab\xd0\xb7.k^mq\xc2\xc4Q{\x14J\xb3i\x82\xa18\xf6\x04\x7f\x14RT?\xd2\x01J\xf5E\xc1\xf8\x1f\x80(\x9b?\xb6\xac_l\x17\xd1\f \xbf\xb8\xf8\xfc\xb5\xf8\xf4\x0e\xc3\xd6\xdf\xa3 \x00\x00\x00\n>\xdfm\f\xd5\xc4?\x04\x00\x00\x00\x00\x00\x00\x00\xd6j\xe7\x00-Y\x99\x03\xdf\xcc(\xa7t\xf4)\xf5\xf9s8@U\xca$Jd\xf3G\xcd\xfdAno\xc7\b\x92\xa7\x18\xf09@\x10\xb3\xe4\xdd\x14\xbfoO', 0x5)
lseek(r0, 0x0, 0x0)

[  497.997013] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:49 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x10}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:49 executing program 6:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffe}, 0x14)

[  498.169266] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  498.174228] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  498.227956] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  498.273453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  498.291068] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  498.315949] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:50 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f00000000c0)='./file1\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2)
unlink(&(0x7f0000000040)='./file0\x00')

03:34:50 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000180), 0x4)
dup(0xffffffffffffffff)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)

03:34:50 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = signalfd4(r0, &(0x7f0000000100)={[0x2]}, 0x8, 0x1000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000000000000000000000000640001000006020882848b968a8b1824000000000000"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:50 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f00000000c0)='./file1\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2)
unlink(&(0x7f0000000040)='./file0\x00')

[  498.411818] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  498.426773] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:50 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f00000000c0)='./file1\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2)
unlink(&(0x7f0000000040)='./file0\x00')

03:34:50 executing program 5:
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080), 0x4)

03:34:50 executing program 0:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r1=>0xffffffffffffffff, @ANYBLOB="07000001000000002e1f66696c653000"])
ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000540)={{0x1, 0x1, 0x18, r1, {0x200, 0x20}}, './file0\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:34:50 executing program 3:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x8008662c, &(0x7f0000000400))

03:34:50 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f00000000c0)='./file1\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2)
unlink(&(0x7f0000000040)='./file0\x00')

03:34:50 executing program 2:
ioprio_set$pid(0x2, 0x0, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000000))
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
fcntl$setstatus(r0, 0x4, 0x6c00)
io_setup(0x200, &(0x7f00000000c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}])

[  498.661113] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:50 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f00000000c0)='./file1\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2)
unlink(&(0x7f0000000040)='./file0\x00')

[  498.718744] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  498.758203] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  498.774894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  499.082503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  499.086999] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  499.091839] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:50 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000c0b000/0x4000)=nil)
shmctl$SHM_LOCK(r0, 0xb)
shmctl$SHM_UNLOCK(r0, 0xc)

03:34:50 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f00000000c0)='./file1\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2)
unlink(&(0x7f0000000040)='./file0\x00')

03:34:50 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x8, 0x32, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast2, {[], @echo_request}}}}}, 0x0)

03:34:50 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=ANY=[@ANYBLOB="500000000802110000010802110000000802110000db458e5349cc4644000000640001000006020202020202010882848b960c121824"], 0x36)

03:34:50 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x53}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:34:50 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x3c, r1, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x3c}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000040)=@ctrl_frame=@ack={{}, {0x81}}, 0xa)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:34:50 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0)

03:34:50 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(0xffffffffffffffff, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b9", 0xe6)
r1 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r1, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x24800, 0x0)
sendfile(r1, r2, 0x0, 0xfdef)
r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x24800, 0x0)
sendfile(r0, r3, 0x0, 0xfdef)

[  499.160523] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:50 executing program 3:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x4})

[  499.186358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  499.212499] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:50 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @remote}, 0x10)

[  499.233737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  499.236826] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:51 executing program 3:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0)
keyctl$clear(0x7, r1)
keyctl$clear(0x7, r0)
keyctl$clear(0x7, 0x0)
add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0)

[  499.303062] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:51 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0)

[  499.320009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:51 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0)

03:34:51 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0)

03:34:51 executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick=0x3, {}, {}, @addr}], 0x1c)
write$sndseq(r0, &(0x7f0000001100)=[{0x5, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0x1c)

[  499.384067] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:51 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0)

03:34:51 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0)

03:34:51 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0)

[  499.505374] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:34:51 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b33, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0})

[  499.556053] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  499.701647] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  499.751670] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  499.754731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  499.759192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  501.969608] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  501.974058] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  501.977761] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  501.984471] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  501.995365] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  504.069781] Bluetooth: hci5: command tx timeout
[  506.117629] Bluetooth: hci5: command tx timeout
[  508.165723] Bluetooth: hci5: command tx timeout
[  510.213685] Bluetooth: hci5: command tx timeout
[  519.019896] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  519.021376] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  519.095969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  519.097416] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  519.210673] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  519.220508] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  519.529227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:11 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0)

03:35:11 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0)

03:35:11 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f0000000100)=@ctrl_frame=@ba={{}, {0x9}, @device_b, @broadcast, @compressed={{0x1, 0x0, 0x1, 0x0, 0x5}, {0x2, 0x6}, "cb536e7d0bacbaca"}}, 0x1c)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=ANY=[@ANYBLOB="505331beae73e46119957541582bf695000000000802110000000000060200000000400000000000000000"], 0x36)

03:35:11 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(0xffffffffffffffff, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b9", 0xe6)
r1 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r1, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x24800, 0x0)
sendfile(r1, r2, 0x0, 0xfdef)
r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x24800, 0x0)
sendfile(r0, r3, 0x0, 0xfdef)

03:35:11 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000002180)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)}}], 0x1, 0x44894)
shutdown(r0, 0x0)

03:35:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="61000000080211000001000000000000640001000006020202020202010882848b960c12182400000000"], 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000000)=@mgmt_frame=@action_no_ack={@wo_ht={{0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x7ffe}, @device_a, @device_b, @initial, {0x0, 0xff}}, @sp_mp_open={0xf, 0x1, {0x1000, {0x1, 0x4, [{0x60, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x2, 0x1}]}, @void, @val={0x2d, 0x1a, {0x4000, 0x3, 0x1, 0x0, {0x5509, 0x4, 0x0, 0xff, 0x0, 0x1, 0x1}, 0x300, 0x7, 0x20}}}}}, 0x3e)

03:35:11 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0)

03:35:11 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  519.651215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  519.673460] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  519.677949] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  519.695238] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  519.695824] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  519.710087] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  519.743341] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  519.809479] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.025404] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.034496] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.051453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.153919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.203641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="34000000080211001101080211000000080211000000000000000000001b0000030000000000f1ff02e15250d438684dddbf"], 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r4, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x10}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)={0x20, r4, 0x4, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x0, 0x7e}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x2404c044}, 0x4000040)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:35:12 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(0xffffffffffffffff, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b9", 0xe6)
r1 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r1, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x24800, 0x0)
sendfile(r1, r2, 0x0, 0xfdef)
r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x24800, 0x0)
sendfile(r0, r3, 0x0, 0xfdef)

03:35:12 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000002180)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)}}], 0x1, 0x44894)
shutdown(r0, 0x0)

03:35:12 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x2}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:35:12 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000004c0)={&(0x7f0000000740)={0x510, r3, 0x100, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0xaab8}, @NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0xffff440d}, {0x8, 0x0, 0x3}]}, @NL80211_ATTR_IE={0x10, 0x2a, [@gcr_ga={0xbd, 0x6, @broadcast}, @ibss={0x6, 0x2, 0x4}]}, @NL80211_ATTR_SCAN_SUPP_RATES={0x49c, 0x7d, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xff, 0x0, "ee5de5d55c18ace86940beb71e08e13b5971fed7610ba3e09a6ce332ab2ff648bb3c224e4d7231695c9686648014357ea7a2277e3e0fb0807a561831cdb6eac03292a227c28765ef7c3acc949a131f1e17d0e63ba1c18d06a64d1bf6795ffc94e28d5ed5fd1da65827f1e673af96dbb86a890cab6cf7c0201aa48c7b94767cdfd4799dc241a57008494745cb5738515d1132addb0d204b2522f72eb1609741f92fd31241a4854a1e52066c52705a4de24beb142186c6b14085bf4718316f6d5a519d94dc6c508f9368c89fdc8db053606055878435353c333a0ff27e1370cb7fea6a1dc096e8e18151724487c8eb4618cd795511f5d753b67c3698"}, @NL80211_BAND_6GHZ={0xce, 0x3, "c51d0e252f9898a52af5fb4e386bd8053e8af72394686626d571c424f07847300bbeb8647a41784a2b8653c67e1d8f514cddb47088b2c7bb2bb399cbdbe012a43ed5aa892f8f5cc5a4043837169ad7ce04ded7ab150979d49926516d59a8e412884d6367237b69fe482da10c03b75055813ed7727cf1a7c429404fd6df1a43adae757ddf8df17702e78478349ebee2f38b9aa17436dd228ca2ef82d00889c1ebb24e12c6a71aca5cdd0210410aa5b4d5f6adcea89f7bda139ba5318142ec838dfa485a1eb2251b4cbfe5"}, @NL80211_BAND_6GHZ={0x81, 0x3, "432816356c016f5311690b6ffbaea90005b1364eb32577cf1518dcab40fa7f01569a8e79fcee7f9163adb8fca1c02f9b4816720907e03b446c226f4c069e8e17bd03b0c6be579b5d904adf7e3481a0b4c50dea5a95ad0b2127e5e887788142edd00eccf05d444bec1a4865e395b62596eaea79fd23c0b31803e8e8f9af"}, @NL80211_BAND_6GHZ={0x9f, 0x3, "a0951190aea4fda804db128834b4d93bef57fd73ba935044594f940255115faf6e0a0316d5e27bd8d1024c728d78d08c4aa3e64e3e4a8dc0630c5ec1e5d42db38d900d6bcd1a19512e1e5ef17595b25c29d926595c58368a96ef26a091d2edefd454adc11878d47b703e9e874134cbabeb4ef7a2ccf90e55c75cfb560c9aa5b552dfd340bfd83b7a9220fd47421a056abca6754bb698ddc143c059"}, @NL80211_BAND_2GHZ={0x5a, 0x0, "99d8476efec67974ed39295314983f14c31b4085feb61d1249830b1ab06a9c38bb4765fb8b8454deb960f02cac9970015652c063fd6dd790d295e1f53b4a432097c9e71b13a5f85952f76cad0b90a5b5d1de96be31a2"}, @NL80211_BAND_5GHZ={0xa2, 0x1, "ecfbdf5151da3de9b1b307936d22bc7c4d052cca392db7bba3a04ce070b318c7bfabfdcf58be24482b577434d297c50e14c9c42ab0834d425c364157ee919ebf6b2c4015fd6ba279f2e3599b441f02ffbb7eb6e31cedd310d2525068c9f52df6536c5e713253fbf283aaa4e33fd33929df3554124fbdac09451ae07f288ef408800b3e28ddf6bccc0c49e534e2a0a805821785424357d52843506f185102"}, @NL80211_BAND_2GHZ={0xa4, 0x0, "99c801eda61baec9cc8145712ac1a76671643525700f078419a10f2000e240de909e2edc2b303760fecc1106630b894f5ed69325e0a728725282de3355c2cfdc02c5a5d2cc08dcd33e7b95e6a77298f6460e99fd33f0513954d1f9c2479a09a1a35070f96ce99eb2105949ccb45e05e6318c1fa90c20000e31fc397a80feccea22d48b4706831e80621067ded5a905937c63df4b2d13deedb61484951ce1b921"}]}, @NL80211_ATTR_SCHED_SCAN_MATCH={0xc, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x400}]}, @NL80211_ATTR_SCAN_FREQUENCIES={0x24, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x7}, {0x8, 0x0, 0x4}, {0x8, 0x0, 0xffffb62d}, {0x8, 0x0, 0xfff}]}]}, 0x510}, 0x1, 0x0, 0x0, 0x4040000}, 0x20000000)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
syz_80211_inject_frame(&(0x7f0000000100)=@device_b, &(0x7f0000000140)=@ctrl_frame=@bar={{}, {0x2}, @device_a, @broadcast, @basic={{0x0, 0x0, 0x0, 0x0, 0x9}, {0x2}}}, 0x14)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
r4 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = dup2(r4, r4)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r5, 0x0)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e20, 0x1, @loopback, 0x9}, 0x1c)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40, 0x60)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x28, 0x12, 0xffffffffffffffff, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0x4}, @typed={0x4, 0x1d, 0x0, 0x0, @u32}]}]}, 0x28}], 0x1}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x22, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@access_client}, {@mmap}, {@mmap}, {@cache_mmap}, {@nodevmap}, {@version_L}], [{@hash}, {@pcr={'pcr', 0x3d, 0x40}}, {@appraise}, {@audit}]}})

03:35:12 executing program 6:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$DVD_AUTH(r0, 0x530f, &(0x7f0000000000)=@lstk={0x7, 0x0, "12ddf8f084"})

03:35:12 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000002180)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)}}], 0x1, 0x44894)
shutdown(r0, 0x0)

03:35:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000002180)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)}}], 0x1, 0x44894)
shutdown(r0, 0x0)

[  520.367480] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.388330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.411108] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.424543] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  520.432804] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.465121] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.470395] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:12 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000002180)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)}}], 0x1, 0x44894)
shutdown(r0, 0x0)

03:35:12 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="280000002000f9ffff7f00000000000002"], 0x28}], 0x1}, 0x0)

[  520.530411] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  520.541470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:12 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000002180)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)}}], 0x1, 0x44894)
shutdown(r0, 0x0)

[  520.609523] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'.
[  520.613407] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000002180)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)}}], 0x1, 0x44894)
shutdown(r0, 0x0)

[  520.743883] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.755106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.813183] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.865044] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.948673] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.997475] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  521.003093] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  523.345503] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  523.350906] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  523.354847] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  523.359268] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  523.362326] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  525.445657] Bluetooth: hci5: command tx timeout
[  527.494765] Bluetooth: hci5: command tx timeout
[  529.541639] Bluetooth: hci5: command tx timeout
[  531.589746] Bluetooth: hci5: command tx timeout
[  540.242253] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  540.243503] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  540.294831] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  540.296179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  540.433334] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.450097] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.759662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:32 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000002180)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)}}], 0x1, 0x44894)
shutdown(r0, 0x0)

03:35:32 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="280000002000f9ffff7f00000000000002"], 0x28}], 0x1}, 0x0)

03:35:32 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x8c, r1, 0x200, 0x70bd25, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x80000001, 0x4b}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}], @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x5}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x5}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_4ADDR={0x5}]}, 0x8c}}, 0x24004000)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:35:32 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(0xffffffffffffffff, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b9", 0xe6)
r1 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r1, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x24800, 0x0)
sendfile(r1, r2, 0x0, 0xfdef)
r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x24800, 0x0)
sendfile(r0, r3, 0x0, 0xfdef)

03:35:32 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000002180)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)}}], 0x1, 0x44894)
shutdown(r0, 0x0)

03:35:32 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x3}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:35:32 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000002180)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)}}], 0x1, 0x44894)
shutdown(r0, 0x0)

03:35:32 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000640)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x20040054}, 0x40000)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b00)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="0000000000000000b406938cfc7df44ef66bdc37c796f0936ea0037a1a836dde4a9e6d723347d75b83641ff9bc41c520cd3b71bdb973ba644e8302f74572683a034bf97b63ad9a69000000000000000285a62f654829aaec25694c362f288c7621d62547d4ef9cad7f78631e7e2a57de54e9f3b28a811112ed5a60b6c659a31a1fb123c6c1a6b9292c4c994dfb48920701ed47d92c24bea8a7959b73515b4f2791ba66072098b5e6"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)=ANY=[@ANYBLOB="44000000b4ca5e0a4bb2f3a4d7f5c7d8a77cd488a1feb40a2e95abdf638de9d9d469451d08241331bad67045d0b57ed398b2715ff861233f197c7c1802", @ANYRES16=r1, @ANYBLOB="0501000000000336106d589dd543fbe7ff002e00000008000300", @ANYRES32=r2, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}, 0x1, 0x0, 0x0, 0xb0}, 0x40880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000ec0)=ANY=[@ANYBLOB="280000001200ffff000000000000000008000000", @ANYRES32, @ANYBLOB="1000008004000000040004f90000001084b43c4b67a0d96aab7dd454e64d6c901c354e1966070000002f84009e9dd25c6acd42832080286b9c0f073fe3875406b60e6c6cdaa29ebefc75bff47b9ff904aee811c45fba309e04802dd632eac7c5d3136ab40b2391be8d38bfec00001fae6347bbccc9780621b170140983785eb9def4686e8815749bf54c5db3e3de1623d5b5741380603d15532cb94226586fda7f89f779d75f5e768f206918c4f055e49e9b8324faa0772c0be932d834149d0a77d3cf8a20c05d2172cb5ae42c6de3ca38874c6272dd54eea3ec204bfa2161d5d4e2e8355853f4f084ee197243add32f788ab6c0338b93dd0e6f3403ec5d4f5dcce337097ce46e29aabad4cd7b223aa3a7beaf6fd20dcdaa8e83924f7e13b4b1d524e7f05b5108a1850ca3a28113a804cbf784a49c2411d216b31d697c803c35def25422e5d0ed25cbc4f1ec356d573712d42000000000000000cee3400df710f1317d2258"], 0x28}], 0x1}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000a40)={0x98, 0x0, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x80}, @ETHTOOL_A_LINKMODES_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}]}, @ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x4}]}, 0x98}, 0x1, 0x0, 0x0, 0x10}, 0x80)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001040)={0x10c, 0x12, 0xffffffffffffffff, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @generic="98eecf44bc0f931551f6e0274a6e66907c68b26598bdd00f2a3263c05b790cf3dce1a4f337912522a56dfc3ea0e03f172de202ad861c2eeee6ed524087fba7a9306d60b02c0ca2002af1fd1ad9db01d3bd8b4f7d3021cc00ee2510adca4a4bd152305f860a4897db1a4fe12291dbf0226bb361cd1745bd06b48ad5093f23dfe10e696795f397db89068b887b1966475bd8f33c59ff6e62afe959a16706f9aad18d10564f1daa17c8e8eff508d5ac621c27d807b070a59b9921fc1ee16f15f496baccfb53f032f713502f9c3007119196fac0fae97b635d94f85317ef0246a0c6783787bc842c34386a6d0b7fa4200b4d9528ba"]}, 0x10c}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$netlink(r0, &(0x7f00000032c0)={&(0x7f0000000680)=@kern={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000a00)=[{&(0x7f0000001280)={0x3c4, 0x33, 0x100, 0x70bd2b, 0x25dfdbff, "", [@generic="743f537cf222b14044399d7a7c6b74080f93587017ab54bdd57e9429c17ae50a6bfcec07aabed4807f82e0f5ab9658da902b760421e34a8c7b67c83e301dbc79daceb1a6f88181e75de6be0a2fa8804584edc42217afd01f077fbca36831897b99d03be0cbf1001df2e8be201ad1a3a8c5c407e63784c42e3c5c8c921e52a718d9b9af45202d2ab3af8d61976bf4562fcddefb3b9f5a5c18bd16f4a87411ddac492c69fb2950b85365c87747777d31a441a4db2880f497fc4bdea63a0fd23d25b83c979e8f312d279cce5797bc01f4c4c2da5160405f341680ef8b41eb1140de5dba", @typed={0x14, 0x39, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @nested={0x1b1, 0x41, 0x0, 0x1, [@generic="81acf1cb5152f69bb887b272854f5eafd43a597f4bf60e67d54dc918784a2bd12747e20382c82eaf99bc6c14075e63cb363bdc7917294cc4cb6ac120db88484ed9f60d22f13560a96b608abddf7c636c0ac9313e07f27c64fa5112c192635f1e37de205d2a285f5bec8c351a5ff4d6ed4371965d581a4051bd99420ac033288a1628b73cfb3f10cda6dc5e34a3dce4c21eb16827d21b4129d04a9780e09a64e284572628b21c07b8c36f8f", @generic="b9e384adf1b488363a195ceb969ccb1fd7556cb8697f5da7892332ea00f38b3c9adf1d598e7161d7593d86b439dbf4059b82b1dd3a4b2fde94aa71dfa82242924955874bd1561fc6339be4dc2f84f37dab07d238d39fcee04140f76d86db48be9b41f426a9079be1b4c1dd5cbbc13feed9c1d40f72d369de07b001f1577a47e3c946249cf87b6584f42374761e7d4e88aea751968394c9087f95c60cff6131859dcb33961cdb49657f684fe6da71e3a74ccfce8b5ea54065", @typed={0x8, 0x7e, 0x0, 0x0, @uid=0xffffffffffffffff}, @generic="8cde86979956da5066000400008aa32500decd1aec50", @typed={0x1e, 0x89, 0x0, 0x0, @str='T\x04\xc7\xaa.\xb8\xb8\x9c\xe4\xa1\x06\xccv\xba\xe5\xa2\x00\xe9\x97~\xd3\x83\xf7\x02x\xa0'}, @typed={0xa, 0x15, 0x0, 0x0, @str='\x02\x02\x02\x02\x02\x02'}]}, @typed={0xc, 0x45, 0x0, 0x0, @u64=0x1}, @typed={0x8, 0x23, 0x0, 0x0, @u32=0x8000}, @generic="605836374becb5f2faa41f9bee3b321d37cebe6a3249f88ac2c8a6835662248e23cbf5bca36a12abc55621b68b1485ace8c7508799316c6668bd34b30fc307859939f38f9f35eb8e845493ba9a01cdf87d8d037aebac92243765956c239d25fd1826e20e5476959274aac3d7de5cac331737ded03c5a87f96312f310999411a562d4d217dda9dceef4536b59af1985076abf8dcc0ca8e952092937b9c4da5c6e1d918b3b3a8ec1fc94c83cc885eca2df3315f5325aaadb25f8df57cb45a4696706a75de6af9fe1ec862e9f4fb944ca0b50b71000cf8721", @nested={0xd, 0x7d, 0x0, 0x1, [@generic="bb", @typed={0x8, 0x46, 0x0, 0x0, @uid=0xee01}]}, @typed={0xc, 0xa, 0x0, 0x0, @u64=0x3}]}, 0x3c4}], 0x1, &(0x7f0000000880)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @rights={{0x1c, 0x1, 0x1, [r0, r0, r5]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [r0, 0xffffffffffffffff, r0, 0xffffffffffffffff, r0]}}, @rights={{0x10}}, @rights={{0x1c, 0x1, 0x1, [r3, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r3, r0, r4, r5, r0]}}], 0x118, 0x4000000}, 0x1)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000001180)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010a82848b960ccd0630507b9756984f5f775d66de2671121824660c472a443d6a4a842a4a29bcb4cbf3d449a01f3ea066bcb2b1ee17a5a99f6be3a4c645dc5cb4c278e5d6c2cdda10fa6fe30f33b0f50ea780ce851699d143f96c5fbcdf5a6262dbd1c95c78f0a9793d3a7a19fc5c26a3d6857b7d8065bf76717192b88f87770dd2a3d10ef270ab3083242f783f35fa970d57aa0ab86f3e840eb126ea44cc8935afff7b1659a97b59f75896228fe299df20aa570f14996996eb4e6933b82851083d3777df9457834b22dbc726f3c7b4fe"], 0x36)
clock_gettime(0x0, &(0x7f0000000000))
nanosleep(&(0x7f0000000340)={0x77359400}, &(0x7f0000000040))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

[  540.874231] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  540.879610] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'.
[  540.881181] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.896232] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.898533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.902464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.915542] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:32 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="280000002000f9ffff7f00000000000002"], 0x28}], 0x1}, 0x0)

[  540.971910] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  541.001890] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'.
[  541.050997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:32 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)={0x34, 0x15, 0x1, 0x0, 0x0, "", [@nested={0x23, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @generic="8dfd178807e9c14f81b3770fc6fd57eb68e153abc10dc3", @generic]}]}, 0x34}], 0x1}, 0x0)

03:35:32 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="280000002000f9ffff7f00000000000002"], 0x28}], 0x1}, 0x0)

03:35:32 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x18, 0x0, 0xce3, 0x0, 0xfbd6, 0xa7})

03:35:32 executing program 2:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000000580)=[{&(0x7f0000000080)='J', 0x1}], 0x1, 0x0)
read(r0, 0x0, 0x47)

03:35:33 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0x9}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58)

[  541.209656] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'.
[  541.214423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  541.216764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  541.265855] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:33 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)

03:35:33 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x4}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  541.483727] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  541.496132] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  541.815379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  541.986331] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  541.991948] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.045478] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:33 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
sendfile(r0, r1, 0x0, 0x5)

[  542.147533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.161668] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:33 executing program 6:
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3, 0x10031, 0xffffffffffffffff, 0x0)
mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
munmap(&(0x7f0000ec4000/0x1000)=nil, 0x1000)
mlock2(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1)
mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)

03:35:33 executing program 4:
r0 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x28, 0x12, 0xffffffffffffffff, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0x4}, @typed={0x4, 0x1d, 0x0, 0x0, @u32}]}]}, 0x28}], 0x1}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2}, './file0\x00'})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:35:33 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0x9}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58)

03:35:33 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)

03:35:33 executing program 7:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@local, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x10, 0x0, 0x0, 0x0, 0xee00}}}, 0xb8}}, 0x0)

03:35:33 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x5}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:35:33 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000600), 0x7c5ece0e4cde45ca, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r5, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x10}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r3, &(0x7f0000000780)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000740)={&(0x7f0000000680)={0x8c, r5, 0x0, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x4, 0x58}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x3c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x3a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x3c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x23}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x3d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4f}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000004}, 0x40004)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)
r6 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r7 = dup2(r6, r6)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r7, 0x0)
sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000005c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x5c, 0x0, 0x10, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffffffb, 0x58}}}}, [@NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_MAC_HINT={0xa, 0xc8, @random="3add0a16db17"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_DISABLE_VHT={0x4}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x1000}, @NL80211_ATTR_DISABLE_HT={0x4}, @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x800, {0x8, 0x9, 0x4, 0x1}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)

[  542.282248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:34 executing program 6:
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_CAP_ACK(r1, 0x10e, 0xa, &(0x7f0000000180)=0x7, 0x4)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x14, r0, 0x1}, 0x14}}, 0x0)

03:35:34 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
r1 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r1, &(0x7f0000400000/0xc00000)=nil, 0x5000)

[  542.305464] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  542.350270] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.351445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.357273] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
03:35:34 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)

03:35:34 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
r1 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r1, &(0x7f0000400000/0xc00000)=nil, 0x5000)

[  542.430330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:34 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
r1 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r1, &(0x7f0000400000/0xc00000)=nil, 0x5000)

[  542.438401] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:34 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0x9}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58)

[  542.487796] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:34 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
setresuid(0x0, 0xee01, 0x0)
ioctl$KDSETLED(r0, 0x4b4b, 0x0)

03:35:34 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x6}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:35:34 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)

03:35:34 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
r1 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r1, &(0x7f0000400000/0xc00000)=nil, 0x5000)

[  542.806198] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.844784] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.905537] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.906899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.925716] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  542.928353] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  545.239755] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  545.245944] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  545.249509] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  545.255400] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  545.258767] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  545.358502] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  545.362529] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  545.364543] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  545.367952] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  545.372843] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  547.333806] Bluetooth: hci3: command tx timeout
[  547.397765] Bluetooth: hci5: command tx timeout
[  549.381619] Bluetooth: hci3: command tx timeout
[  549.447575] Bluetooth: hci5: command tx timeout
[  551.429618] Bluetooth: hci3: command tx timeout
[  551.493591] Bluetooth: hci5: command tx timeout
[  553.477762] Bluetooth: hci3: command tx timeout
[  553.541676] Bluetooth: hci5: command tx timeout
[  554.618952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  554.619586] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  554.674256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  554.674954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  554.764541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  554.775748] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  555.082698] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  555.955124] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  555.956161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  555.995310] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  555.996322] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  556.097654] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  556.116907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.126152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.432447] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  556.440365] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:48 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
r1 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r1, &(0x7f0000400000/0xc00000)=nil, 0x5000)

03:35:48 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
setresuid(0x0, 0xee01, 0x0)
ioctl$KDSETLED(r0, 0x4b4b, 0x0)

03:35:48 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c121824a8be4d983c8c8858fdbe4ae2b571c615cdf651ffb69b4c57799cf9d1cc1e6cd70fc7cccd56cfb3a3b237b385f73cdc551b76354bb90d3f5c99d8fe8e420bd10db152e4b61e35d587482d9c52a2ab3b17670987704a77878711f005a7819ca06696f129fb98a17299994b30e4cd68356e2bcf2c1a614828ea0a13dac25e8d0649a74569cc0a86369f8fd7bfa536deba5f83f5e8bf81bbe0fd25719c329cc0c4d03fc4db4f002e3512caf9b87fd4eb7a43308a61040000000000000098180957acb5a5"], 0x36)

03:35:48 executing program 5:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000001840))

03:35:48 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
r1 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r1, &(0x7f0000400000/0xc00000)=nil, 0x5000)

03:35:48 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0x9}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58)

03:35:48 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)
syz_80211_inject_frame(&(0x7f0000000a40), &(0x7f0000000a80)=@ctrl_frame=@cf_end={{}, {0x3}, @device_b, @from_mac=@broadcast}, 0x10)
syz_80211_inject_frame(&(0x7f0000000040)=@device_b, &(0x7f0000000ac0)=@data_frame={@no_qos=@type11={{0x0, 0x2, 0x6, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0xc6}, @device_b, @broadcast, @device_b, {0x5, 0x1}, @broadcast}, @random="bcaedd715d17cdc5103add2431043b0e566e65b40d4a7045c6ce2287e303bb758a44bc566e01f3a6216259708560ce0ce40d442bff03135c48ee38c84e1247f3680b796be24ffbf7805df677195fc61917076548155a42ca8177e932c271a4446a7c510cb12ece90d72182ee3559b09858406147dcad652b135d4188cb0c8c511a2bf680846f1f6099d72c39ce917e13cab1aecc67e2e2e6a51caa9fa3af70e501648e2018064e9256565f85fe7d455e55ca382b08df186490b77e069f13f4fa57b3c9e056694248876a0dbe08bc0620f8aff7616bc3f5de71d845a92d3d1b3aaf1739a99857cc8d1fc64f7176e829184a2d1fe6ccb0c1fa8f71d5c0678b7612dbb3db489dc15757f0f841fe6cf55c17f92df3aada600ae1e9cfaf377089c22f16034ff66ffcff10099e74c7bcd15d45ec92515ffbc2f5f1d87185894d2a798a7d1d30ef908851e0366d621c3d62f407b4a6db37f4f2ff0b6779f7be0f003d9799919be08460158a988ffb0fdfd3e812313e90f3e59b818f66d187b4a0d821254b95b4393eea97b76fe8072fcc5576db1d31bda3f372f9b0c54d07512735d121688a327543cfae209b4f3cd2fcb6a3f1e4968fa92ed84303b7aa74ef7b9febd940fd386bb6c2ec927a97b6a5884c19eded720edb916c482eaa1938f25fac3b038bbef1f41620aa9e6cc5b6018c6d490bc4424967c5a16df3fed4b0d6ad82726654e522402ce3ea77f0e20eac53a72a676f346499447077ea2771ef4d3b461a0169bef22944d57f4ca516c1a578e118034ab5d4c7f8fcef6ef975346375c1705fd169dceb1f18e95a72b0bfdc562ab56779be0c360899a223c5aadba399de4ab1b59118394ec1b81045459e29c34a0e9305ff46a92bf4a5db58bb16de129a497357ed95fff4d942a2f2c0420c"}, 0x2aa)
syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000540)=@data_frame={@no_qos=@type00={{0x0, 0x2, 0x7, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x5}, @broadcast, @broadcast, @random="681b243a98aa", {0x1, 0x6}}, @random="81b1159e3318e3f3934bb1cce106d7520784dec005b53a8a58d7f80750bb16645ab1fd534a6f5362616d1333c34a5d5aaf53f3e1c8318c102b1f45487b2f6fe9aebf48a1811b3915bb0286b9ff543530f709416613b160205eec3ab3f024ebc0efe3931cc71a835e6d1ec48a0e3449e6ab4c9fdabb8cf150a99ce01278cc48712667cc3d901a5506a9f75ff1931c06a94898f5f544dea93cf39958a3a1e0f57d0eb28579259655f5b5a62a05af7acd83d2af6fe03506a94d91c1e9ca1a13784a8f378ef96223627f513c8e317d4e07c4edb8351bfd85c2cd9192f2fad2f30479d420ee84e879c5af57a8e51032c0939360d12cb42b4cfe2888dc5a8ccfecabee39836a5083d9cedb83ffb0d35de8f7ebecd727f0bb64d687e7064461922f0d287a3c55ff2990e7afce288618a29ff7e8611054ee37e1fffc903ab116eb6dbf4dd54e3fcc21c66af7c7ee0bd8c312e51471fad8358ff42a14a7274bb563188d2890a44545f2d1a255367e97d920b6dbec4c5c2c9ee00a64eb230e8bb888e3e520942ebf052ea0af317d8d8758035bdbf4c5ce9134adc57fee4a1a6f4a19040b54e58eb3f75e03d1d281c818a449b8a19bf5f0ca88c4db6b1ceeb19598ff25ae30f89320cfb19fe2956ca9ab443dcad354a0baecf573202f9888ebdeb2f7282aab5dcb03e7d18f9efb1c524a024017922d3c1e2f818ae7c06fda4c4ec168eed671a6fb1a9f0b19e1fd1c621ffd7f8f2eb803a7686f82139a8118d447917804994d2cff2006d75201757ad670be6e4df32dd9678b3d29f763307f53c2b7b02621f52c030b615c6c8440d58da3cc3b25066a96018683e6c20b7f10e3dc0bc87f3267c586980c4d73e8be5f58f42dbb3a6b94ac6e644afa2c5cfb2c2e85e894371b369d4ab0770e346cc65837424f02e63d9473870f8737bbb1db50c2d50388724489b40d701350e6da3af1d1d36e9f4e34035d27f5c6a8be232fbfbb7c09c93478907e890c92a34839d93bb23ba4cd480b597d976ddb5ca2ef8c314dbc2311863cf9bc6df77d10c826d98fe7dc71cefdd2724352c147c67acc919474f6ebe23595a0dfc1985418dfdd75150451fe3b3671a92116db50a6b46672bf062c3910f7d9bef091a1ca93e493ebbda706c4df80c88706621a1e8b9a2092076cd142b272c6c84dc7ec73b7eea7bbd96564f47743ba81c659b736ad5a940c1d2f1972b8e7133fed00510a5cb59d8e7ec1b639f4bf6b1f3eec77547123facfc4a4ba865cc863e5d1026e8edae2dc2a23b34627878b207d47f239e7590d31fd00094e2dbcc13412e3b354304ea1b378ca5b9b99156e87b6848c42ff087bfb82623c8637872c77c5a7a26ce7984b1359ae57949dbfa521c5edaa27ed9c07335de8c76bc487b269a0873c9d9c7b0cd46c1ab9a6bf7eec7a01c84ea1a5438fb771f4ff32f576d951b700f74a1f4a974d4d5aad193fa384d08a91aa4a5c2f84fccc27ab9c5023e967693c41e58def8849d31c6a4b6a04e44c7a78dd8714eac27c1bd69c59fded092b2653094aebae29963ce5526f115a449f03e67d48765b775e81072726cde24eb4617de1f9c3508f58b16f3c2c9802e79f16e75570d41ef637b663c6532f3e8d0d981e5ef24fa6729974a6356328d450f63c4c5c3f97863e125c7ee56af64ea8804c8052539553dd4e068ba3d58953c3"}, 0x4c6)

03:35:48 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x7}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  556.586669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:48 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
setresuid(0x0, 0xee01, 0x0)
ioctl$KDSETLED(r0, 0x4b4b, 0x0)

[  556.613785] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.617524] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.633803] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:48 executing program 5:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000280)=@req3={0x1000, 0xffffffff, 0x400}, 0x1c)

03:35:48 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
r1 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r1, &(0x7f0000400000/0xc00000)=nil, 0x5000)

[  556.686396] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.734196] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.750012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.771067] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.790248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:35:48 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
setresuid(0x0, 0xee01, 0x0)
ioctl$KDSETLED(r0, 0x4b4b, 0x0)

[  556.954899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  557.114846] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  557.164602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  557.173914] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  559.374931] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  559.377480] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  559.379938] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  559.386940] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  559.390285] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  561.414759] Bluetooth: hci5: command tx timeout
[  563.462668] Bluetooth: hci5: command tx timeout
[  565.509639] Bluetooth: hci5: command tx timeout
[  567.558106] Bluetooth: hci5: command tx timeout
[  577.008026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  577.009144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  577.095216] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  577.096414] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  577.205363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  577.217217] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  577.526758] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:09 executing program 2:
perf_event_open(&(0x7f0000000600)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000004800)={0x3f00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

03:36:09 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x9}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:36:09 executing program 4:
ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f0000000000))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0)
sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x90200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r2, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x29}}}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040040)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
r4 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = dup2(r4, r4)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r5, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x80220448}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, r2, 0x4, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8}, @NL80211_ATTR_IFTYPE={0x8}]}, 0x44}}, 0x4000800)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x44, 0x1, 0x4, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFULA_CFG_CMD={0x5, 0x1, 0x4}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x80ac}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x80000000}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x9}, @NFULA_CFG_CMD={0x5, 0x1, 0x3}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x4000084)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x3e, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r7, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x10}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000540)={&(0x7f00000007c0)={0x4c, r7, 0x100, 0x70bd28, 0x25dfdc02, {{}, {@val={0x8, 0x1, 0x1e}, @val={0x8}, @val={0xc, 0x99, {0x24e, 0x80}}}}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x1000, 0x1ff}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_PID={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44010}, 0x20000800)

03:36:09 executing program 3:
mlock(&(0x7f0000870000/0x2000)=nil, 0x2000)
mremap(&(0x7f0000871000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffd000/0x1000)=nil)
mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

03:36:09 executing program 6:
socket$inet6(0xa, 0x3, 0x87)

03:36:09 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r0, 0x4b45, 0x2)

03:36:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
r3 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = dup2(r3, r3)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x0)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r4, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010029bd7000fedbdf25530000000c0099000900000015000000c366ebc25cda12156fae47b20d020029c4819f77a65e439d7a1bb8a020882d6578b18eb94b89282f7606ae2d3e3aa00c59"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x42044)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=ANY=[@ANYBLOB="100000000802110000010802110000000100010882848b960c12182400000000000000006cf63e1d"], 0x28)

03:36:09 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000140)={{}, 0x8})

[  577.624131] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  577.650466] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
03:36:09 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r1, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x80000}, 0x0)

[  577.681390] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  577.690620] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  577.713388] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:09 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000080)={@private, @multicast1}, 0x8)

[  577.747293] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:09 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r0, 0x4b45, 0x2)

[  577.763721] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
03:36:09 executing program 2:
r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x5452, &(0x7f00000000c0)={0x1})

[  577.808887] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  577.816799] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:09 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setrlimit(0x0, &(0x7f0000000000))

03:36:09 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x8910, &(0x7f0000000080)={'sit0\x00', 0x0})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)

03:36:09 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r0, 0x4b45, 0x2)

03:36:09 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f00000001c0)={0x0, {{0x2, 0x0, @multicast2}}, 0x0, 0x2}, 0x90)

03:36:09 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r1, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x80000}, 0x0)

[  578.005285] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  578.009316] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  578.018344] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  578.074910] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  578.165765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  578.187295] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  578.215986] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  580.625347] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  580.630425] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  580.632481] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  580.638078] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  580.641978] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  582.725643] Bluetooth: hci5: command tx timeout
[  584.773668] Bluetooth: hci5: command tx timeout
[  586.821695] Bluetooth: hci5: command tx timeout
[  588.869677] Bluetooth: hci5: command tx timeout
[  598.075370] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  598.077042] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  598.155005] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  598.156143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  598.292892] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  598.306223] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  598.617540] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:30 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r0, 0x4b45, 0x2)

03:36:30 executing program 2:
timer_create(0x1, &(0x7f0000000240)={0x0, 0x0, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000280))
clock_gettime(0x0, &(0x7f00000005c0)={0x0, <r0=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000600)={{0x0, r0+60000000}, {0x77359400}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x77359400}, {0x77359400}}, &(0x7f0000000200))

03:36:30 executing program 7:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000000)=0x20, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, 0x0, 0x0)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[], 0x6)

03:36:30 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="4041bf000000", @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:36:30 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/psched\x00')
pread64(r0, &(0x7f0000000380)=""/255, 0xff, 0x3)

03:36:30 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r1, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x80000}, 0x0)

03:36:30 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f0000000540)=@data_frame={@no_qos=@type11={{0x0, 0x2, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1}, {0x2}, @broadcast, @device_a, @device_a, {0x8, 0x8}}, @random="51f633b299293b58c1dffb60883671fd7483a0a3009b30c65c6a2f0fc271c8e47cd04627e4b557b2c66d20a8bd198a6db1444e988e9f0a65ede623c73300fc63f1c3a8bb921c0fe87a245b49474b11e8a862cc15a0a9ea9a2c750db0eaebe43a23248f403a99969d43ea383a5586153fc33fd4e36a3658c045b80682da7d3a6757bdda272bfa6c400b27f044fa1994a7082fea5699760bdd6083569cf4c05f3c09d405bfabee60f3720b3ffb7c48f55370a8b2b71072cc0a7b85a6d78f567e8d2bcee1b97b01f79f58d313650407e3ad72a6d61b68ee721eb674599dfc7d7aed71525b4a3ce0bc1c7491267ecdc2b11bd088ea6f8a09cdcd95cf5c3eb52914f312022167ca7b407a0c721e76960cd48793ff92b125d773d5abec6cf5d2bea0776a35d6dc286129560877320c49cdf23799de8a7036be01da5f52c42525df48de50b037e832e7a3e1b24f90331a8c4e0114ed60deb18e45d0c73f6a85593caa912906df0bbde97dbaab56c0e1c8d2bf6b5c27c8e19285c94ac9be7d68f97aec48914d86e52e8a6e0816ec50f5e072ee1ad1d35ead5fe4b732874b6d14c8aed799a4f5dc450f9203c28d30c25de00ec80da7ae59fe60efd85cd78b0b0e71808ec24d6686011a9c919558aa00d1d573e2fa5198c41fd706d373c1b057c9a5525e0e174cb202392c545de1134e6cb36c2cc19f7e555c7300615c931ae7691c47dd6abcf01017d502ba5c87e159846d2b30c220513dc17424e0972378acfb9b3ae1e4a7d8032e71da6e069ccd5bdb7e684d9092c94ce98683b343af9175ce8310dadfeacbaeda99bf0624960a5fa965e4f32db639ba678ed04be17efb7b3730f9daa0f8489ffa08ece606afc2a0f2bbca391f14caaadfa7eeafd924db66835291b63b3ba24fac96e9378fb7e9663a8283e89d8ddfe6158539ef5bef3ab484f5dcd6dfdd7a8ef0c96fcc3256e295b560d99780fb710a7ceff92c2f379ae1ac49c549eb3236ef9498f78d1b460fc5609487bf51012149f138735dd64e5e2dda4e10da39b82bbff01a4446de9ab1f552e23afa663e01a24c78440ab5e138b0432c12a93696a53d004bd4f4d468d21664b1119b4e126ea72189a20c36e12db9e8dbecb85c91010bb8c26bc3386b36deb1027fe8538b7df36c1ce3f9257bf66b5859f956bee3ee1489ca439f27d4d5104391352baa67d43b39e4668c9cf4f24814d37ad7062fd7a185e2ce4a58539c72124405816e9f8afac5d17bc191f31cb772b05c41a454eba6d240d044b85157e8af5045c8501ac513856a98c497e27c0f8b19cb62394ec4c819fd281ba2ab806dcf1144deebcd3e583f7f0e409371c068eef10b6ac187da7cc7656cb3d886f87ca97f0830a613fa17811a614256d9c478bedb81cf509f8807777ca77c74c39e540e4d3c2aac0d16d91fd4d276cd2a08c6bd01bad49f5b1a47b1df7c0797e6a4959052f42050e5f0a49eef2330cb5f73e088e43fd4e9b49970c2bd1a3864e1e2ff8f5bbde60af45621e2be95de85e8c3ff8404608dff9f3e7f2d987141da38ca621ec485baf53d384a878a2c9f3342bc3f2c8a6f9fe89b77eb113b9fc2137e4d77b63f043df8576d9916a9c2666ed100970d4d25e92846a3b86ca040825d5f4ff836dafeedd36ea1d52d56f413f449c7266cbf2b24b21cc9a0ac4571bd5aa1412574700df81873082c56e94809999d26b79ec9ebe4d6336d38602c6615f05512b223b92b2a7f8b31ba23b51446d8b4ec7bce3b36436b4962a6ae6b52f1f94040fefb42c31f5c30859d8cb06c036cae78224aea241c08269c06a38ea105ccb0bfbd2697983bcf10669636aa0bac3e32c751de559be05286d4843c957c3f77db25d47510a391d60afd8ba9351bf186c30fbd4e9f36f79e35b3463b2604747936dd15e2befec7cc01418af872a3262312e80d8f316ebb519b7b39965b7e0007055921f03e26bdb257439974b447d5a341373652a2f860cefa62255b816dfad1a4afb19a8d357875a63a0fd5509965fe53caa7512f31bcd0c1822a9f70f61ce8c95a0ab7a1ebd68b8658028512d20eb14cea56f9ee471328f0148d0e2534a05d350f38fca44a5a84602e3209dcedf8080c0d846380fad07f6a3204fbf4facc982f9c9bcc1303865d315ce811462fe9d3754fcc18c6a4fc6d21f99e9ab5cb0eaeec1c48338ec80fea477fdb86b1ce34778d18aeaf32025ac2aa8d2efca35ee33236ae71d0e68542f44c9d569f9dd7d3193b54e4aff6dff4315e11750750b28fb425171d0a8acae205b40fd31b0e9cd29e81fd9b179d939d22e648f36974793a0cc7a878608352bea0413f1928b98c4a607be6e10630130f714bc705578fecacb68540c69210890254251b45e4f160f2e394a433b5fb1a3518b32567a84691739dc8b6e86cd7ea27fa090c0ab4cb0f295ea50987952641d4710372693d24d4e68cffc3a096fd2b3f6a95892b37d18ca2725dcd1d85218d73a127189ad2495f"}, 0x704)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:36:30 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0xf}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  598.717896] Bluetooth: MGMT ver 1.23
[  598.725146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  598.745654] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  598.769625] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  598.791717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  598.809468] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
03:36:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f80100200040000000000000000000800029e3286cf153595a4b414c4c4552202046415431362020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a00", 0xc0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ffffffff078000ffffff00"/64, 0x40, 0x1e0}, {&(0x7f0000010200)="f8fffffff0ffffffff078000ffffff00"/32, 0x20, 0x400}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e980325132510000e980325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100094e970325132510000e970325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200094e970325132510000e970325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200094e970325132510000e970325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200094e970325132510000e9703251090064000000", 0x120, 0x600}, {&(0x7f0000010500)="2e20202020202020202020100094e970325132510000e97032510300000000002e2e202020202020202020100094e970325132510000e970325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200094e970325132510000e970325104001a040000", 0x80, 0x2400}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x3400}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0x4400}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x8400}], 0x0, &(0x7f0000010d00))

03:36:30 executing program 7:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000000)=0x20, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, 0x0, 0x0)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[], 0x6)

[  598.851856] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:30 executing program 3:
unshare(0x8000000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
unshare(0x0)
unshare(0xa000000)

03:36:30 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000140), 0x0, 0x0)
r2 = dup2(r1, r0)
ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f0000000180))

[  598.929126] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:30 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r1, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x80000}, 0x0)

[  598.950204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:30 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_security(0x11, r0, 0x0, 0x0)

03:36:30 executing program 7:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000000)=0x20, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, 0x0, 0x0)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[], 0x6)

[  599.030030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  599.067271] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  599.076009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:30 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000040))

[  599.132706] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:30 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c121824018e03adb9a73baf3128ce1b86e75585b073cb7d08c7b99e894cfb5fa1293d6ca086dbb65e5ad2d1fd13c09b8161739b497e31116f43fd8136de1042cd751bb351d8ce5b4f17cb18a166718a90ceffa2854d412b23619d16be9186581d1af4ba5513ebd6c9bbe7"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="209b573ba7f6c189c025120000000500c22308000023060012010100a4b2"], 0x24}, 0x1, 0x0, 0x0, 0x40004}, 0x40000)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:36:30 executing program 7:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000000)=0x20, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, 0x0, 0x0)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[], 0x6)

[  599.279470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  599.291778] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  599.350813] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  599.401065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  599.604587] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  599.610730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:31 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_security(0x11, r0, 0x0, 0x0)

03:36:31 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0x15, &(0x7f0000000080)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x0, 0x0, "9e2550c22db3e71843aef7ed344e875f82ad11808b6f453b40abf8c2a09fbef9396c024d7e16ef99b6002dc647a600e4c072cbb15053db46562576eaffe309a49cae78a40c3b228860c5c66f4283c102"}, 0xd8)

03:36:31 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x11}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:36:31 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000040))

03:36:31 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000040))

03:36:31 executing program 7:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
lseek(r0, 0x0, 0x0)

03:36:31 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = accept(r0, &(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @link_local}}, &(0x7f0000000540)=0x80)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r2, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r1, 0x200, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x6c}, @val={0x8}, @void}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0xebc47624c7af8274)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r4 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = dup2(r4, r4)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r5, 0x0)
sendmsg$AUDIT_GET(r5, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x10, 0x3e8, 0x400, 0x70bd2d, 0x25dfdbfc, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000010}, 0x48000)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000780)=ANY=[@ANYBLOB="500000000a021100000108021100000008021100000000000000000200000000000000000006020202020202010882848b960c12182403970fd8fa4e1124c7ea11e3460054427afc2bc3af6a566f44fd6fd86a24739e9cf744ef838de44fd429cfb2c0c8450c2e6e5840356b5eb4ea42dc3f7d291618d8b98b63bf193371aad6d6d3c82f66fb12c521f65e4bcc5703e214e02d44ad"], 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:36:31 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x28, r1, 0x800, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x5}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0x4, 0x6}}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x28}}, 0x15)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
r3 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = dup2(r3, r3)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r6, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x10}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1804000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x6c, r6, 0x300, 0x70bd2c, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_SCAN_SSIDS={0x48, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0x12, 0x0, @random="78ac94ecc7e009140feb134bfe24"}, {0xa, 0x0, @default_ap_ssid}, {0xb, 0x0, @random="6e779654964fcf"}]}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x6}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x9}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40084}, 0x2000c010)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000140)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x1, 0xffffffffffffffff, 0x5, 0x28}}}, 0x3f)
getsockopt$bt_hci(r0, 0x0, 0x1, &(0x7f0000000000)=""/42, &(0x7f0000000100)=0x2a)

[  599.749391] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  599.799441] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  599.800712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:31 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000040))

03:36:31 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_security(0x11, r0, 0x0, 0x0)

03:36:31 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000040))

03:36:31 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_security(0x11, r0, 0x0, 0x0)

03:36:31 executing program 5:
syz_mount_image$tmpfs(0x0, &(0x7f0000005400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',aname=r'])

[  599.846519] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  599.876492] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  599.881909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:31 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000040))

[  599.942492] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  600.004992] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  600.116743] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  600.208578] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  600.218178] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  600.219470] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  600.333237] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  600.381910] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  602.574364] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  602.577344] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  602.580183] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  602.585833] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  602.588403] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  604.613694] Bluetooth: hci5: command tx timeout
[  606.661805] Bluetooth: hci5: command tx timeout
[  608.710678] Bluetooth: hci5: command tx timeout
[  610.757674] Bluetooth: hci5: command tx timeout
[  620.211653] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  620.212896] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  620.259381] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  620.260657] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  620.403288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  620.414505] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  620.721395] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:52 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_security(0x11, r0, 0x0, 0x0)

03:36:52 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000040))

03:36:52 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_security(0x11, r0, 0x0, 0x0)

03:36:52 executing program 5:
syz_mount_image$tmpfs(0x0, &(0x7f0000005400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',aname=r'])

03:36:52 executing program 6:
io_setup(0x2, &(0x7f0000000000)=<r0=>0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100), 0x6)
io_submit(r0, 0x1, &(0x7f00000006c0)=[&(0x7f00000005c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000500)="cdf40b60", 0x4}])

03:36:52 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = dup2(r3, r3)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r1, 0x400, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x6f}, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x2, 0x49}}}}, [@NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x73083c3832952b7b)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:36:52 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x12}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:36:52 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = dup2(r1, r1)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0x38, r6, 0x1, 0x0, 0x0, {{0x39}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x5}]}]}]}, 0x38}}, 0x0)
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r2, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)={0x38, 0x0, 0x100, 0x70bd29, 0x7ce, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x4, 0x3f}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x20008800}, 0x40001)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000008, 0x100010, 0xffffffffffffffff, 0x98507000)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

[  620.844398] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  620.860083] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  620.867209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  620.880531] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:52 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_security(0x11, r0, 0x0, 0x0)

[  620.900505] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:52 executing program 2:
r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$search(0xa, 0x0, &(0x7f0000000000)='keyring\x00', 0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, r0)
keyctl$read(0x1d, r1, &(0x7f0000000000)=""/246, 0xf6)

[  620.941489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:52 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setuid(r1)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
pipe2(&(0x7f00000000c0), 0x80000)
ioctl$TCSETSF2(r2, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"})

03:36:52 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000002fc0)={0x30, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @nested={0x4}, @nested={0x10, 0x16, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x30}], 0x1}, 0x0)

03:36:52 executing program 7:
shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x4000)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x2)

[  621.012004] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:52 executing program 5:
syz_mount_image$tmpfs(0x0, &(0x7f0000005400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',aname=r'])

03:36:52 executing program 6:
r0 = memfd_secret(0x0)
fallocate(r0, 0x43, 0x0, 0x8000)

03:36:52 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x0, 0x0, 0x2000007, 0x0, 0xffffffffffffffff})
fcntl$lock(r0, 0x24, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2})

03:36:52 executing program 7:
clock_gettime(0x0, &(0x7f0000000300))

03:36:52 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_PASTESEL(r0, 0x5600, &(0x7f0000000240))

[  621.201363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.216209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.229510] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:53 executing program 6:
r0 = memfd_create(&(0x7f0000001b80)='(\xc8\xf5\x82j\xca', 0x0)
write(r0, 0x0, 0x0)

03:36:53 executing program 2:
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x28002, 0x0)
read(r0, 0x0, 0x0)

03:36:53 executing program 7:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000001100)=[{0x23, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0x1c)

[  621.371347] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.430176] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:53 executing program 5:
syz_mount_image$tmpfs(0x0, &(0x7f0000005400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',aname=r'])

03:36:53 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x14}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:36:53 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f00000004c0)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @val={0x5, 0x8b, {0x9, 0x44, 0x7f, "587b7212b39cdbb4d1e212b45dda24474106d71a2a0e2ef294fd030e4c67ee007f8028f3fe462785d9356c1423096336d318d98c1380187a0e585148f515bb09d91249b4dc66a1e50f369ca23c30b2ba4f732bd5ecb6a2d2d0d2e69c567fdfcf0bd7b41954201e37dd1ef5fbf2197846869b544f7cdb99dfdc560ae8d2e947de4e9ff56bc8849e23"}}, @void, @void, @val={0x3c, 0x4, {0x0, 0x7f, 0x6, 0x81}}, @void, @void, @val={0x71, 0x7, {0x0, 0xffffffffffffffff, 0x1, 0x1, 0x2, 0x2, 0x40}}, @void}, 0xd2)
syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000380)=@data_frame={@qos_no_ht={{@type10={{0x0, 0x2, 0xe, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x54}, @from_mac=@broadcast, @device_b, @broadcast, {0x7}}, {0x2, 0x0, 0x2, 0x0, 0x8}}, {@type00={{0x0, 0x2, 0xe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x4}, @device_a, @device_b, @initial, {0x8, 0x5}}, {0x7, 0x1, 0x2, 0x1, 0x8}}}, @random="ff2f5d0f10bf44f65a7c97f92a12b1bd8b00cb8a2a4dc135dd78e4116b963be29e4f6a07fa2df2f851f7e58c0fdec4edfdad4bcd4259020403c7af26cf663cde3d272eaa274b7561bdedc38b8c5c51860cafab1d78d2945c1f39da2fe4622543cc444cfa3dbeaa16c0c072f77fb90328a22e240bc395c5d03373502ef4cee22fab393883a796711dcec37fc4a483a70c10b9f43f85fa43a7e4349ed81225a0396b6a71bc2d1c3355eac22a02b912c91b4de0f625274bf099feec83796bbb1a001b66c9dedc56292cf5dafccd0f656a11d91577f60fa9e5bf5b0917cf504d668102013502627a5a09a367c52cfb"}, 0x121)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
syz_80211_inject_frame(&(0x7f0000000040)=@broadcast, &(0x7f0000000740)=@mgmt_frame=@reassoc_resp={@with_ht={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0xe, 0xf7f}}, @ver_80211n={0x0, 0x81, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}}, 0x2, 0x1d, @random=0x6, @val={0x1, 0x4, [{0x24}, {0x9}, {0xb}, {0x1}]}, @void, [{0xdd, 0xeb, "020ed6aca99ca8f3613092e1fb644feed06edb069bb4a2ce01c5672751e5dd10fba07b14f398c2e60975ffb48c31d6ecad7714c9508beac4f8ad04dbce6c7ae988936e65d2edd82a9e53b0c92d32c66d4b9f19a480d9b1f4e3a23c1ed4993913adb83cfcb3519c9ff3f8db061fc35a81d0660722057d3a49608b6e871eefe23dde24a2b8374a590a3f06b7e5fae722275c273c7ba32892fb3b8f1244199d2aa8bf9ce4b85b5d5c7246b3a0b0b102ea23cd0322a6e872283282989efe6095d53f3cd8077428cda3467e6509b1386c746c9379815dd0e629bf0f9796e1b8b85ce3dd5e82a08b410d202a3f0d"}, {0xdd, 0x2a, "c3b84c7e9cb5c4f26891d204290d2a044c5a6071d81ee25b5f9644e6a59c4a79b3016936d6da1f57e787"}, {0xdd, 0x42, "0730f7dd3ea2e737470fb7da4000061de299649879ecaf715d27a8f69d0a50b6068ca65be41b9f0c12cc5ed752b2f92d8403c26bc0100d6da4d1e711e18ed426c9a3"}, {0xdd, 0xd3, "85c5ae72f5c8cec7b0ec7c4e678876a0b593c77299558dcc52ad474e32f5b01124a236da09a1d3ba292f96463c3844025b1502c0ae323c7383858c533a4964fec13c0392868cfb7b4219deb23a8566ae46e33c10b4c1e5eadc90a547d6dde88e00ed4f8c171784d3aae48f42ef04750c5e7aa495b333f1423485829aaa33d3c0ab420d4484ba48a35a5ea18a26a11cefb0c66992967c84be8bd88e9547b5a85f14c66bec76db1d3789292b05c7099034bedb633be4e9fe9d8fb60f46f7471b1393fdad475b8fba3296626c703ac5eab1a9eef7"}, {0xdd, 0xe3, "918bdffc95a0abcdac288eac75add6753ef2c8999ff23a56b9d8e92f1eafed935a2168edc8ef5e2dba6dcee6b9174179da721220b6222ef2a817b561cb49269796d08d1714cd334499714031a7bb0b5c3b96415262d48008e15d88396b8665f465cc682d0a65b2b621cc96ca7bd4ae865ddbc6334eba8600b7b09ddbe0836b3881de1e7e38b24c7499136682dfef615060d9e2b896c50a305fb8f4081054095260e45e196bae32d24154300033dbe00d3d3048ec6a7c81cd5b2fe7e8beb16d16b683336da2ba275049db8b957ec4f0f2eecb712c883f9831d87663376d545e9e0ea0cf"}, {0xdd, 0xe3, "9b9c48cc0cc54f8c0988307d02986848b26cb3ae8d155a7e2d844ecac92c44242897a8c80f2c8e826bd3eabccbecb3311e6e86f8a72a623aa03f0711f6f1a7c9f687b11a49c14e010b4d299f080d8a1268112e23a4a5c1d96e2901d7515a27e6190c314bfeeca9db0101d896d7aafaae31ccbe8521b28fcf6301f946e7f858ee7adcecfdfc944b38e53d4718c695b20e271d7631da046f4cbcbf68ebb0ecfdf174cc483c754c4dd54b3a0031cb9acd9f3bc2144ea62ef57845ef1cb3862906c8babb41835a2be21af6dd0c8a13f55fa7e676d49d6a33c1e10e1c80c1b5d53fa4c6e6cb"}, {0xdd, 0xf2, "7b443e6892f99c111fdd408efe90bec8a53285d6dccb5c17735f1d81c0d864b3c3846be271b9845f6b188f10a9a647b15b03bffacb64038533137b852d5ff09a59df397528a8296ab76ac64587598e79bf25fff09276945982fbe6c7ce9abf1317d816bd76903a22f76fd286bb6ff5acfd33ea0aeab955175382598325c22051ed1c68295b9739bdca62ac04bddb39f6166fa4938db8936d4ba57cdef44c32975f6545a2f3c2e087ea934534b4d52c1b4439cb405faf058e84113be18b4518931bb1c697317a0c660f2be41de3fe9d4195746de20b8d49df6801e4d433547f4ee900d481865e05e9fd87d09c18cabcc6b248"}, {0xdd, 0xd7, "74b81e5a125d07426a68e5076f676bf846f5048fc6a57d9669f84b6ee67dbf46b078d4c36b51d9a165139eb80782e6afbf83f2dc7e907d39b5e17408cdd7cbc6d0d2f00d9dead165daa67a8c3b10fd2b14516d02b5e0d6b51548af4cc7f6f0f95b15cc25dfba102013ef0c3daf18edbb04a21c991b2cbe3e32d22c677577245e45b863ad920b1b53c735453807bb1a88ed52be5f06ee0d32b2d77bd01aa1b7f425c47ee1f3f955cccd07c87882438e4f58a4479e6a1402d79c7794d1ffa44cb3eab48851e11af64efd977a1c5087f5df67bd90a0ed236a"}, {0xdd, 0x9b, "da6c8adac86e82d4344c28371668e2eb471c96754678e338448d9acda25a55070e1d4d02cec86e565ed87863bd99155e08fe978656736f0a6a2c8230d4391d6ed732c42fd057a833f2f60492eeba0cb54621b9217df1114b4574fe2d652747930816fdf79f9a36e98abb9739d20094e0c48efeabe356dac53297f313bf6fcf0d675b9b5890bee0e99112c89babf32000c3f38a2f88e9956c35a965"}, {0xdd, 0x6a, "dfdb953fc385f5b9171b167cb69ced97a2e696b1d258e8dee2a4247b3da3b5c19a789149f701877f8b7285d1db8b1b6d234d315a0a90c9601d8f7be8a83881ae5a46c6ed7772d504e3b127428532e29d96af8e6de7bd1addee0cabf72468d56644a995ad075a72af357f"}]}, 0x6fa)

03:36:53 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
sendmmsg$inet6(r0, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)='1', 0x1}], 0x1}}], 0x1, 0x159909a46ddc7bc9)

03:36:53 executing program 6:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000180)={0x6, &(0x7f0000000140)=[{0x9, 0x6, 0x4, 0x8}, {0x773, 0x3, 0x6, 0x2}, {0x1ff, 0x1, 0x0, 0x100}, {0x0, 0x1f, 0x81, 0x2}, {0x6, 0x2, 0x3, 0xffffffff}, {0x1, 0x2, 0x97, 0x3}]})
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x17, &(0x7f0000000000)={0x401}, 0x4)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000080)={<r2=>r0, 0x6, 0x1ff})
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f00000001c0)={0x0, 0x1}, 0x4)
getresgid(&(0x7f0000000000), &(0x7f00000190c0), &(0x7f0000019100))

03:36:53 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000000c0)=0x5, 0x4)
sendmmsg$inet6(r0, &(0x7f0000002280)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @mcast1}, 0x1c, 0x0}}], 0x1, 0x0)

03:36:53 executing program 3:
mincore(&(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f0000000000)=""/120)

03:36:53 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x3ff, 0x200)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r5, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x10}, @void}}}, 0x1c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_STOP_NAN(r3, &(0x7f0000000680)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="000425bd7000ffdbdf257400000008000300", @ANYRES32=r6, @ANYBLOB="0c0099000101000075000000"], 0x28}, 0x1, 0x0, 0x0, 0x44000}, 0x4000801)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0xfffffffffffffe41}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000740)=ANY=[@ANYBLOB="b00000000802110000010802110ca96e5628b86001b900000008021100000010a90000020000000391fdc0752dbf5c0706195453eae149bb022f81f3a83c3e8f4a37e95c05b9ed71a8eda431531fcc2591d6dc3b64b6967987a0385155f9d5f5201a9a973ec3c64572a974726b8adc6151e4a56b2e6a2130e20ca2060737e08452e3ddf43a0d57627adc89d71a61dfc41e12e26ab3b330ef3d25ca3c77b0ae87364da16ffd2af030909a203a65851a9b80a1946e8d4def468ba4afdeb6c8e993370ee1bea6dcd41f6f947fbb7a4bc21f87010d540db3f8f2ceb7004efebf416f3a892573525f57e36129f519f563e2aadcb042f1311edcd25bcd7a193cf0c9022ed8919298c67bbdc882271447a579d808e44041ab4456188598c4871c49a052d3c4e833f314f26eb0c2e461d98c56660679c369b85d668bc049320658609630b090c11113a2ffcf0c83a58afb1fda4022e04f13a3802baeb266355dc490e31dfdbb76b00063959b7836523d49a0b2ea96fc5d697d500036ce64945f2cb31882eeb88470513258da6c806647a3537c9fbe017b8c1a8131aa7ab933034ca4601bb64ad95386a9b2b39f115adbe1a079689a8c23efe95b7feeacc5c53909434ebd7aeeff24b0c14499fdff14b1a4d5339824ff50859592eb455c88"], 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r8, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x10}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY(r0, &(0x7f00000006c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x24, r8, 0x800, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x8}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000094)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000540)=@mgmt_frame=@assoc_resp={@with_ht={{{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, {0xff}, @device_a, @device_a, @from_mac=@device_b, {0x4}}, @ver_80211n={0x0, 0x4, 0x2, 0x3, 0x0, 0x2, 0x0, 0x0, 0x1}}, 0x1, 0x0, @random=0xff, @void, @void}, 0x22)

[  621.627405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.647271] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.650361] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  621.651939] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.661460] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.672695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.685898] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:53 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_buf(r0, 0x6, 0x1c, 0x0, &(0x7f0000000040))

[  621.742399] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:36:53 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2f, &(0x7f0000000100)={@local, @empty, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9, 0x0, @opaque="05"}}}}}, 0x0)

03:36:53 executing program 7:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

03:36:53 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000000), 0x4)

[  621.764106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.809157] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  621.823335] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  622.000424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  622.004428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  622.015688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  622.135137] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  622.137950] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  622.188122] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  622.238355] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  624.278517] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  624.284191] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  624.286868] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  624.296172] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  624.299429] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  626.373670] Bluetooth: hci5: command tx timeout
[  628.422672] Bluetooth: hci5: command tx timeout
[  630.470659] Bluetooth: hci5: command tx timeout
[  632.517714] Bluetooth: hci5: command tx timeout
[  641.780242] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  641.781329] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  641.832266] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  641.833685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  641.947463] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  641.958997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  642.267007] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:37:14 executing program 6:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

03:37:14 executing program 2:
getgroups(0x4023, &(0x7f0000000300))

03:37:14 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81208770}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

03:37:14 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x15}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:37:14 executing program 7:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

03:37:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r4, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x10}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000000680)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x50, r4, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x1ff, 0x57}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x4004000}, 0x2400808c)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, r1, 0x200, 0x2, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000540)=@mgmt_frame=@probe_request={@with_ht={{{0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x4}, @broadcast, @device_b, @random="445fbb77a41a", {0x8, 0x81}}, @ver_80211n={0x0, 0x4407, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1}}, @void, @void, @void, @val={0x2d, 0x1a, {0x40, 0x3, 0x6, 0x0, {0x80000001, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2}, 0x400, 0x0, 0x5}}, @void, [{0xdd, 0x1d, "c37ba4fb954e0c16a7f4ab4296112c3c01adb0771f908b9dac51dfcee7"}]}, 0x57)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:37:14 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r1)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0x58, 0x0, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x81}, @NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [{0x8}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x7fffffff}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0x58}}, 0x48800)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x10, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x3e}, @void, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000440), &(0x7f0000000480)=@mgmt_frame=@probe_request={@wo_ht={{0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, {0x2}, @device_b, @device_b, @initial, {0x8, 0x7}}, @void, @val={0x1, 0x6, [{0x60, 0x1}, {0x1b, 0x1}, {0x24}, {0x16}, {0x30}, {0x24, 0x1}]}, @void, @val={0x2d, 0x1a, {0x1, 0x0, 0x5, 0x0, {0x0, 0x3, 0x0, 0x28b, 0x0, 0x1, 0x0, 0x1}, 0x1, 0xfffffff9, 0x2c}}, @void, [{0xdd, 0x26, "8e27ccee3c8785a7de2fce616756b1bc94919361446b9dc6c68fcdde346b823ca6ee0f6cf5f9"}, {0xdd, 0xa2, "a6d5257dd79dcf70a025eab30d85620b3dd65ea6613178c62428d9e31f91ab931bc85b59396f33a647fcfa1e45f5bd7c01df5cdb12fb0575e95ccceaff05baccf7e0b90156162cd3d99ef0a26fd187c5baa21d75c74734fb5c8461ecc6eb9f0ecacb11fd5308bf58c9f6cf545c0cca967420e1a9e60ef68fa524338c90edf0286b8be17a3fbec0ef564e3a6eedccd31d98ede6fe8f6ede23f3c89a207224bf2f5497"}, {0xdd, 0x77, "31da552b0b32d32061c66988c6d7eabba2282a17b9014aefe196ef150d8cdc94999e07240278f946c2f2f48e0731e487242338e03567dec3074bc4b6a06092598c15ed1cc2f9f9777839ee37032f1b0eec2ec57f11115fe38a84d853c3207af2c61549434863c503f39e2960a22c4f558cb3a634a876c0"}]}, 0x181)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000400)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac=@broadcast, {0x0, 0x8}}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @val={0x72, 0x6}, @void}, 0x3e)

03:37:14 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2f, &(0x7f0000000100)={@local, @empty, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9, 0x0, @opaque="05"}}}}}, 0x0)

03:37:14 executing program 2:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff})
getsockopt$sock_buf(r0, 0x1, 0x3b, 0x0, &(0x7f0000000000)=0xf0)

[  642.425532] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  642.429206] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  642.441591] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  642.453427] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  642.471359] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  642.509327] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:37:14 executing program 7:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

03:37:14 executing program 6:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

[  642.582469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:37:14 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2f, &(0x7f0000000100)={@local, @empty, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9, 0x0, @opaque="05"}}}}}, 0x0)

[  642.611340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:37:14 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
stat(0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
msgctl$IPC_SET(0xffffffffffffffff, 0x1, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000240)={0x2c, r1, 0x1, 0x0, 0x0, {0x14}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)

03:37:14 executing program 7:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

03:37:14 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2f, &(0x7f0000000100)={@local, @empty, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9, 0x0, @opaque="05"}}}}}, 0x0)

[  642.806990] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:37:14 executing program 6:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

03:37:14 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x16}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  642.948540] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
03:37:14 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
sendmmsg$sock(r0, &(0x7f0000000680)=[{{&(0x7f0000000200)=@nfc={0x27, 0x1}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000540)="e557ce7e76d9520b8bdf9db0e011", 0xe}], 0x1}}, {{&(0x7f0000000000)=@nfc_llcp={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "e8afc870753ff6119517271f31116d25438a6fe9b5be0fe0bc98ec86fa7d229ea58ff66ffeeeeaacf7659d58bb0c057b08a4030000000000000100"}, 0x80, 0x0}}], 0x2, 0x0)

[  643.057756] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  643.087263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  643.097292] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:37:14 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x40, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev}]}, 0x40}}, 0x0)

03:37:14 executing program 6:
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x0)
ioctl$int_out(r0, 0x127d, 0x0)

03:37:14 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
sendmmsg$sock(r0, &(0x7f0000000680)=[{{&(0x7f0000000200)=@nfc={0x27, 0x1}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000540)="e557ce7e76d9520b8bdf9db0e011", 0xe}], 0x1}}, {{&(0x7f0000000000)=@nfc_llcp={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "e8afc870753ff6119517271f31116d25438a6fe9b5be0fe0bc98ec86fa7d229ea58ff66ffeeeeaacf7659d58bb0c057b08a4030000000000000100"}, 0x80, 0x0}}], 0x2, 0x0)

[  643.361060] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING)
[  643.414439] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  645.518530] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  645.524238] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  645.526394] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  645.530400] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  645.535184] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  645.716681] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  645.720897] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  645.723181] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  645.727600] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  645.732859] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  647.558948] Bluetooth: hci2: command tx timeout
[  647.750295] Bluetooth: hci3: command tx timeout
[  649.605654] Bluetooth: hci2: command tx timeout
[  649.797598] Bluetooth: hci3: command tx timeout
[  651.656665] Bluetooth: hci2: command tx timeout
[  651.847275] Bluetooth: hci3: command tx timeout
[  653.702744] Bluetooth: hci2: command tx timeout
[  653.894595] Bluetooth: hci3: command tx timeout
[  656.028054] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  656.028698] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  656.083850] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  656.084420] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  656.190006] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  656.199992] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  656.205177] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  656.520809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  656.525146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  657.748766] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  657.750169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  657.810202] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  657.811448] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  657.919479] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  657.926632] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  657.981035] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  658.037135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  658.041096] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  658.349347] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  658.352870] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  658.402680] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  658.453582] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:37:30 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind(r0, &(0x7f0000000200)=@un=@file={0x0, './file0\x00'}, 0x80)

03:37:30 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x76, &(0x7f0000000080)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cc30cc", 0x40, 0x3a, 0x0, @local, @mcast2, {[], @time_exceed={0x3, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "a37f80", 0x0, 0x0, 0x0, @loopback, @private2, [@hopopts={0x32}], "867c461d64b189e0"}}}}}}}, 0x0)

03:37:30 executing program 6:
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x0)
ioctl$int_out(r0, 0x127d, 0x0)

03:37:30 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000600000000f000000000000000100000001000000004000000040000020000000d2f4655fd2f4655f0100ffff53ef010001000000d0f4655f000000000000000001000000000000000b00000080000000080000005247", 0x62, 0x400}, {&(0x7f0000010200)="01000000000005000c", 0x9, 0x560}, {&(0x7f00000000c0)="020000001200000022", 0x9, 0x800}, {&(0x7f0000000080)="504d4d00504d4dff", 0x8, 0x6000}, {&(0x7f0000012e00)="ed41000000080000d0f4655fd2f4655fd2f4655f000000000000040004", 0x1d, 0x11080}], 0x0, &(0x7f0000013c00)=ANY=[])

03:37:30 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
sendmmsg$sock(r0, &(0x7f0000000680)=[{{&(0x7f0000000200)=@nfc={0x27, 0x1}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000540)="e557ce7e76d9520b8bdf9db0e011", 0xe}], 0x1}}, {{&(0x7f0000000000)=@nfc_llcp={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "e8afc870753ff6119517271f31116d25438a6fe9b5be0fe0bc98ec86fa7d229ea58ff66ffeeeeaacf7659d58bb0c057b08a4030000000000000100"}, 0x80, 0x0}}], 0x2, 0x0)

03:37:30 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x17}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

03:37:30 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000540)=@mgmt_frame=@reassoc_resp={@wo_ht={{0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7ffc}, @device_a, @device_a, @initial, {0x5, 0xff}}, 0x0, 0x2b, @default, @val, @val={0x2d, 0x1a, {0x2, 0x0, 0x0, 0x0, {0x0, 0x9, 0x0, 0x5, 0x0, 0x1, 0x0, 0x1}, 0x1, 0x0, 0x9}}, [{0xdd, 0xd6, "a7374579a48437776d9e69a0989215c00ff941ce3a84d56c7aa567c27fdca9e5f35e66214ff5ea55031578a22dc9f486985c7cda9a3981cfa3af870add70811697f92a6350fdba8332238c1634d6b517308a9ff678d49d19d41ff7a3bb4111e82d5cd350d7c882f905fe4092ed11ddbe6dfb1947c7dac16835f8c9b88fbbee0bbc79c16066711ce9514d606205110ee31579b7e66699ca317a8d276611f5ff191cb02446cfbdf684b534db756f2c298657b95ab9dca49100c8fa6ec28f0eb75ee186f7b099f75b8e20240de3f0b47ecfbc27606478a5"}, {0xdd, 0x26, "b9fb49e5260ad1a6432ef05f37568793fc48e2a363d979233ac41597657063bc93992918e940"}]}, 0x13c)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

03:37:30 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500f507000300", @ANYRES32=r2, @ANYBLOB="08ea040002000000"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000fedbdf2521000000080003009f265a7b55b3309476e55f7d6547974baad551efc6f928e2f12df1e98907120ed268ff537c6d67bd4cca50a85f2b2ae85d7ac163fc55ed8a88e65d2ccdc5dcef2da36d081f6c75083bf9902b36eb755a7c60ba906b6c785b0eebcbe9b7834b463e3a7496fcec56c928374012866358c9831759302db22575118eff491d82af863b570b0e1641d9b5925976a9bbd4971291f64d8d65ab7f2b82bd4c733c7ec82f3e9991fce57dddbb4e", @ANYRES32=r2, @ANYBLOB="11002a00dd0b61620ee2ffffffffffff6b00000004002d80"], 0x34}}, 0x10)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000800000000000000000000640001000006020202020202010882848b960c121824"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r3=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x4, r3, 0x1, 0x0, 0x6, @dev}, 0x14)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r6=>0x0})
bind$packet(r4, &(0x7f0000000000)={0x11, 0x4, r6, 0x1, 0x0, 0x6, @dev}, 0x14)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r9=>0x0})
bind$packet(r7, &(0x7f0000000000)={0x11, 0x4, r9, 0x1, 0x0, 0x6, @dev}, 0x14)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vxcan1\x00'})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c020000", @ANYRES16=0x0, @ANYBLOB="000126bd7000fddbdf2502000000740001800800030003000000140002006970766c616e310000000000000000000800030001000000140002007767320000000000000000000000000014000200767863616e3100000000000000000000140002006d6163766c616e30000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="080003000000000078000180080003000200000014000200726f736530000000000000000000000008000300030000000800030000000000080003000100000008000100", @ANYRES32=0x0, @ANYBLOB="140002007465616d5f736c6176655f300000000008000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468315f746f5f6261746164760008000300000000000c000180080003000200000028000180140002006272696467655f736c6176655f310000080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="2c00018008000100", @ANYRES32, @ANYBLOB="0800030001000000080003000200000008000100", @ANYRES32=r3, @ANYBLOB="08000300000000002c0001801400020076657468315f766972745f77696669001400020076657468305f766c616e000000000000340001801400020065727370616e3000000000000000000014000200766c616e310000000000000000000000080003000000000068000180080003000000000014000200000000000000000000000000000000001400020076657468315f766c616e0000000000001400020076657468315f746f5f6873720000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYRESDEC=r2, @ANYRES32=r9, @ANYBLOB="340001801400020076657468f483ec26616e00000000000010295b26", @ANYRESDEC, @ANYBLOB="1400020073797a6b616c6c657231000000000000"], 0x25c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
syz_80211_inject_frame(&(0x7f0000000280)=@device_b, &(0x7f0000000740)=@mgmt_frame=@assoc_resp={@wo_ht={{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0xff}, @device_b, @broadcast, @initial, {0x2, 0x3}}, 0x0, 0x2e, @random=0x8, @val={0x1, 0x6, [{0x6c}, {0x9, 0x1}, {0x36, 0x1}, {0x60}, {0x69}, {0x9}]}, @void, [{0xdd, 0xcd, "51cefe0e3e34f04c0b5d45f2b44021b91cbc949587d69ddeca4b9869ff9d73d6af4e8fefbcec493ee72a37922a8e492ee05fe367b6a21ddc55549445889725eddee02ab0b80a440000a6b1c1f78d5bbc783ad88b68fa60159695eb97df5ef273e83ee61d55d0f60db40c0242cc045b787112d3776f5ef1b70b915a17ea092ef0bf9ae3172af7817055906f0c22ad76e648d7cf62f3ae29eb2621136767caf6bc279639cfb5717fcc2e76a23e79a4b703cc34241da97e804bfb6deb0e5da128f106cbbd04adc74ec811b3f2d284"}, {0xdd, 0x99, "74e84755e0f76c788107a6803fca2ce54efb94f0198196330264eb6aa4c3369e1f5065c2fc9c87ec45c5675b86655196a5c2585a905c1f4d0b38bb8b089acd310c7a74377f36869484ffb91378ac5f9b13c7d375c1a22bcff3a558701cc182b51476b76fdb19e06890e4ef058db6b2fd1a04b10bf88a79d039a6e7c61a20fd41e1ccbb722d546bfb3593e87dc5e1a1ab4db4e513d40745ee19"}, {0xdd, 0x6d, "abacec8bf883b798f9af5e68802d92fb387f492eaa30baca8fc7bf133f0327e82cea80e910e25d9e33de3c3b9af34de7da65bd93dbddbc230c24d6291753a31218ac94533ba4ea00700152d5651feb7772ddab159c9a7ac68b6df31ef28cf0a55b7fa144c2ec474e716c504265"}, {0xdd, 0x33, "463239151a7967efa0a227606ac7f4d7986b7f426556a40ad6e6011dd3a7e6d8ae43ca1786b7a87046ae2c55061f934760150c"}, {0xdd, 0x9, "528c2ea555095af8cb"}, {0xdd, 0xcd, "b6001525e06c90dc6c83e2661d61a1df8df399b25386883872a4508feb67ff4d5609179dbef4e37b3295a690448465eda684e5dfe439dd9f4a906dac3878b8324b4e0fdfdafaa61ea076587b869dbde79bbe67e14a6cea71e50f3ab233e8381f839cd98772738543ee4692b7bfbd8981ad2a8d8d98716caca31567d448b08052d75eca3a9316a877df3de14bb54474352236cdb469241d6c396cbf02ea82700a1f7d9122c13fd0670f06e26761b87cce551d286f12ea247d24feaf4da4dbaf897061dfa5047245f3dca6d2d446"}]}, 0x30e)

[  658.570783] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  658.586021] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  658.588492] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  658.604199] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:37:30 executing program 2:
r0 = getpgid(0x0)
ioprio_set$pid(0x2, r0, 0x0)

03:37:30 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
sendmmsg$sock(r0, &(0x7f0000000680)=[{{&(0x7f0000000200)=@nfc={0x27, 0x1}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000540)="e557ce7e76d9520b8bdf9db0e011", 0xe}], 0x1}}, {{&(0x7f0000000000)=@nfc_llcp={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "e8afc870753ff6119517271f31116d25438a6fe9b5be0fe0bc98ec86fa7d229ea58ff66ffeeeeaacf7659d58bb0c057b08a4030000000000000100"}, 0x80, 0x0}}], 0x2, 0x0)

03:37:30 executing program 6:
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x0)
ioctl$int_out(r0, 0x127d, 0x0)

[  658.658526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:37:30 executing program 3:
ioprio_set$uid(0x0, 0x0, 0x0)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000080)=""/203, 0xcb, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x2)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x8b)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)

[  658.675188] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  658.687013] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  658.694303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  658.694848] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:37:30 executing program 5:
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000001280), 0x20041, 0x0)
write$binfmt_misc(r0, &(0x7f00000013c0)={'syz1'}, 0x4)

[  658.769540] wlan1: authenticated
[  658.773124] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  658.782813] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
03:37:30 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000000)=0x80000000, 0x4)

[  658.849419] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[  658.852800] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  658.858866] wlan1: associated
03:37:30 executing program 6:
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x0)
ioctl$int_out(r0, 0x127d, 0x0)

03:37:30 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/rt_cache\x00')
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000740)='8', 0x1}], 0x1)

[  658.918583] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
03:37:30 executing program 3:
ioprio_set$uid(0x0, 0x0, 0x0)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000080)=""/203, 0xcb, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x2)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x8b)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)

03:37:30 executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000b00), r0)
sendmsg$NLBL_UNLABEL_C_ACCEPT(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x1c, r1, 0x121, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}]}, 0x1c}}, 0x0)

03:37:30 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r1, 0x0)
sigaltstack(&(0x7f0000ffc000/0x3000)=nil, 0x0)
syz_io_uring_submit(r2, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0)
r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, r3, 0x0)

03:37:30 executing program 6:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='rpc_pipefs\x00', 0x0, 0x0)

03:37:30 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x1b, &(0x7f0000000100)=[@window={0x4}, @timestamp, @mss, @sack_perm], 0x4)

03:37:30 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x18}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[  659.141612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.162996] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.204330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.219404] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  659.223312] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  659.223717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.230870] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.240171] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.243614] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.495826] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.616424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.625114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.633122] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.673532] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.947332] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.952609] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.999051] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.094474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.113426] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.119575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.131523] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.267190] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.331393] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.387013] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.428440] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.443202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.449807] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.696223] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.745222] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.909956] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.919624] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.921061] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.929054] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.931934] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  660.986413] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.039948] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.236236] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.236290] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.241697] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.294633] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.303392] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.310355] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.319481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.345759] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.395629] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.501305] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.555799] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.611704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.612187] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.620853] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.628433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.697841] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.708769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.718410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.730025] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.931245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  661.981331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.018346] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.031641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.082715] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.089487] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.154761] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.164809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.174055] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.194369] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.205405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.221865] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.278541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.483106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.516779] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.588319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.591309] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  662.597244] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.600703] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.606356] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.611703] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.647331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.748182] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.803091] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.857167] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.917832] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.921066] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  662.928707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.933786] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.934258] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  662.994227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.006007] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.036009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.047060] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.164055] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.214138] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.321617] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.373816] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.383352] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.409661] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING)
[  663.489880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.503675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.551618] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.566226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.814481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.902237] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.945224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.025065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.035190] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.236162] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.248245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.557058] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.564143] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.619280] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.630999] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.634639] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  664.636445] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  664.637943] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  665.753010] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  665.758432] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  665.762965] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  665.765525] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  665.785770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  666.126014] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  666.128969] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  666.131007] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  666.139979] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  666.142353] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  666.458326] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  666.463847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  666.467221] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  666.474985] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  666.481288] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  668.166715] Bluetooth: hci2: command tx timeout
[  668.250797] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  668.252513] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  668.253459] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  668.255469] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  668.256743] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  668.549732] Bluetooth: hci3: command tx timeout
[  670.213661] Bluetooth: hci2: command tx timeout
[  670.278617] Bluetooth: hci5: command tx timeout
[  670.598625] Bluetooth: hci3: command tx timeout
[  672.261800] Bluetooth: hci2: command tx timeout
[  672.325690] Bluetooth: hci5: command tx timeout
[  672.645705] Bluetooth: hci3: command tx timeout
[  674.310642] Bluetooth: hci2: command tx timeout
[  674.373596] Bluetooth: hci5: command tx timeout
[  674.693593] Bluetooth: hci3: command tx timeout
[  676.421878] Bluetooth: hci5: command tx timeout
[  678.759268] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  678.759903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  678.841192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  678.842573] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  678.963105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  678.982317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  679.287394] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  679.343156] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  679.355787] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  679.669474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  679.956349] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  679.956981] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  679.998439] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  679.999092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  680.088941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  680.141324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  680.193881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  680.500289] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  680.551045] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  681.479942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  681.480879] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  681.525312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  681.526504] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  681.619882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  681.627951] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  681.629840] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  681.632925] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  681.634073] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  682.737669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  682.742036] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  682.743407] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  682.745530] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  682.749453] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  682.846784] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  682.848476] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  682.854238] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  682.870959] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  682.881359] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  682.888168] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  682.895917] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  682.908718] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  682.910357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  682.958627] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  682.964074] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.061652] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  683.165632] wlan1: authentication with 08:02:11:00:00:00 timed out
[  683.191215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.229363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.249192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.258282] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.280849] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.334883] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.346344] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.358177] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.368739] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.419426] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.474648] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.528537] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.566237] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.621638] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.630607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.695918] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.844220] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.850917] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.854509] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.877865] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  683.879931] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  683.947513] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.982342] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  684.023410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.060871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.071853] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.081737] wlan1: authenticated
[  684.083627] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[  684.085273] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.140023] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[  684.142268] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.143913] wlan1: associated
[  684.379263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.430124] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.439461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.454860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.464856] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.474831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.539283] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.543923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.598215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.651967] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.656136] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.660918] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.747743] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.803811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.817003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.968506] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.973424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.023355] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.072146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.142888] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.148373] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.153361] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.209946] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.234523] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.246038] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.267835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.556224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.576009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.613272] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.622284] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.629173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.726363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.780017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.847777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.930980] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.972387] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING)
[  686.022121] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  686.034772] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  686.289956] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  686.292195] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  686.294077] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  686.298611] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  686.302497] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  686.367452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  686.466388] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  686.482929] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  686.795160] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  686.802360] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  686.882446] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  686.903872] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  687.234038] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  687.330254] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  687.340273] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  687.648087] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  688.326648] Bluetooth: hci2: command tx timeout
[  688.340428] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  688.346721] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  688.349241] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  688.355253] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  688.361484] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  690.373964] Bluetooth: hci2: command tx timeout
[  690.437679] Bluetooth: hci5: command tx timeout
[  692.423639] Bluetooth: hci2: command tx timeout
[  692.485664] Bluetooth: hci5: command tx timeout
[  694.469616] Bluetooth: hci2: command tx timeout
[  694.533823] Bluetooth: hci5: command tx timeout
[  696.582609] Bluetooth: hci5: command tx timeout
[  698.311942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  698.312670] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  698.371601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  698.372262] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  698.472166] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  698.530012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  698.582747] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  698.893693] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  698.895778] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  698.896340] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  698.926102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  698.926718] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  698.943479] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  698.997124] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.001238] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.012208] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.318137] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.322383] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.383162] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.396771] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.409841] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.412222] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.419159] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.440071] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.493922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.719086] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.741687] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.817450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.870526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.884273] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  700.078995] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  700.102924] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  700.104264] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  700.141936] wlan1: authenticated
[  700.143136] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  700.144638] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[  700.205385] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  700.206876] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[  700.209067] wlan1: associated
[  700.525277] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  700.529609] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  700.537187] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  700.612965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  700.618089] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  700.673166] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  700.727832] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.038175] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.046225] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.052917] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.146005] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  701.155140] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.209057] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.267291] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.572388] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  701.576737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.626157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.630297] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.685504] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.739471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.793286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  702.101164] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  702.153244] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  702.235203] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  702.241852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  702.243826] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  702.248855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  702.252094] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  702.300921] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  702.354414] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  702.416025] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  702.418083] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  702.423915] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  702.425367] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  702.429824] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  702.433248] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  703.434249] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  703.484974] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  703.486508] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  703.579796] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  703.643947] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  703.712260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  704.325669] Bluetooth: hci2: command tx timeout
[  704.455940] Bluetooth: hci3: command tx timeout
[  704.692701] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  704.742955] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  704.793944] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  704.877233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  704.942927] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  705.004446] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  705.325979] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  705.382479] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  705.428534] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  705.523169] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  705.580648] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  705.638736] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  705.948376] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  706.001504] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  706.053921] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  706.098867] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  706.153368] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  706.205527] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  706.375155] Bluetooth: hci2: command tx timeout
[  706.502265] Bluetooth: hci3: command tx timeout
[  706.537916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  706.639610] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING)
[  708.423680] Bluetooth: hci2: command tx timeout
[  708.549618] Bluetooth: hci3: command tx timeout
[  708.950998] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  708.954252] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  708.955144] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  708.957367] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  708.959137] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  710.470640] Bluetooth: hci2: command tx timeout
[  710.597604] Bluetooth: hci3: command tx timeout
[  710.981688] Bluetooth: hci5: command tx timeout
[  713.030623] Bluetooth: hci5: command tx timeout
[  713.360810] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  713.361454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  713.437858] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  713.438442] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  713.520145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  713.532089] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  713.843457] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  713.911619] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  713.921413] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  714.229262] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  714.293114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  714.308505] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  714.627032] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  714.719484] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  714.722583] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  714.723151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  714.766264] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  714.769467] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  714.770262] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  714.860808] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  714.870233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  715.071938] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  715.077631] Bluetooth: hci5: command tx timeout
[  715.089820] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  715.109150] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  715.119188] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  715.174184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  715.179923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  715.424301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  715.459916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  715.468093] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  715.776583] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  717.125719] Bluetooth: hci5: command tx timeout
[  717.517692] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  717.521379] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  717.524934] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  717.532245] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  717.535852] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  719.557632] Bluetooth: hci3: command tx timeout
[  720.780229] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  720.780883] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  720.816937] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  720.817582] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  720.896623] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  720.928101] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  720.928846] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  720.951818] wlan1: authenticated
[  720.952387] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  720.953159] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[  721.005938] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x301 status=0 aid=1)
[  721.006748] wlan1: associated
[  721.007322] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  721.314192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  721.367781] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  721.605603] Bluetooth: hci3: command tx timeout
[  723.653638] Bluetooth: hci3: command tx timeout
[  725.701776] Bluetooth: hci3: command tx timeout
[  731.369487] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  731.371164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  731.435424] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  731.436088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  731.536804] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  731.546283] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  731.852288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  731.913073] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  731.924775] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  731.940079] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  731.958043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  731.968599] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  731.982190] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  731.993082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.024816] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.267812] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.301947] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  732.310275] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.319733] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.346187] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.351169] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.363267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.392017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.446921] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.459713] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.508198] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.562054] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.616218] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.673749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.728525] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.737368] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.782448] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.931223] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.935011] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.943210] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.031437] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.051249] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.127997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.133472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.142272] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.185333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.465826] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.495004] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.543129] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.552298] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.672441] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.736381] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.793129] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  733.820646] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  734.133224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  734.184323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  734.389490] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  734.445513] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  734.500763] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  734.887945] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  734.939955] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  734.989950] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  735.309359] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  735.312689] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  735.314480] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  735.323084] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  735.328298] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  735.952971] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  735.958857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  735.960426] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  735.967364] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  735.969735] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  737.351109] Bluetooth: hci2: command tx timeout
[  737.992579] Bluetooth: hci3: command tx timeout
[  739.397620] Bluetooth: hci2: command tx timeout
[  740.037630] Bluetooth: hci3: command tx timeout
[  741.446609] Bluetooth: hci2: command tx timeout
[  742.086770] Bluetooth: hci3: command tx timeout
[  743.493598] Bluetooth: hci2: command tx timeout
[  744.133623] Bluetooth: hci3: command tx timeout
[  745.845628] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  745.846253] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  745.909526] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  745.910880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  746.004749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.018769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.161431] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  746.162112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  746.196942] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  746.197564] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  746.254624] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.262583] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.325486] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.570254] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.633698] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.644099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.666867] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  746.676201] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.688699] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.700051] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.732349] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.786077] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  746.953111] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.030275] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.038154] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.043507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.045340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.100393] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.110132] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.121038] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.164651] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.198597] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.255342] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.311708] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.367799] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.467114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.496015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.635214] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.692912] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.801694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.807220] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.861301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.916139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.223835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.229777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.235960] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.300838] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.356488] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.410811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.718246] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.768234] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.898914] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.953947] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  749.008829] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  749.326225] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  749.333038] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  749.337834] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  749.400879] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  749.455378] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  749.509268] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  749.711496] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  749.714105] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  749.716203] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  749.720935] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  749.726166] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  749.817406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  749.867168] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  749.905422] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  749.909283] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  749.912935] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  749.920025] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  749.922717] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  750.065052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  750.122734] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  750.131132] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  750.194498] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  750.510828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  750.522394] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  750.533110] netlink: 'syz-executor.0': attribute type 16 has an invalid length.
[  750.534297] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  750.676996] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  750.739106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  750.806302] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  751.128187] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  751.175118] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  751.342267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  751.350937] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
[  751.355122] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
[  751.414946] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  751.469816] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  751.750625] Bluetooth: hci2: command tx timeout
[  751.816770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  751.816905] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
[  751.823639] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  751.830711] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  751.910144] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  751.942819] Bluetooth: hci3: command tx timeout
[  751.973727] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  752.027465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  752.336440] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  752.387460] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  752.440497] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  752.525142] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  752.580909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  752.633731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  752.948894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  752.999948] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  753.797806] Bluetooth: hci2: command tx timeout
[  753.990663] Bluetooth: hci3: command tx timeout
[  755.846220] Bluetooth: hci2: command tx timeout
[  756.038601] Bluetooth: hci3: command tx timeout
[  757.894835] Bluetooth: hci2: command tx timeout
[  758.086642] Bluetooth: hci3: command tx timeout
[  764.188804] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  764.189454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  764.222214] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  764.222867] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  764.329680] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  764.336962] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  764.600866] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  764.601991] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  764.666595] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  764.667668] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  764.773792] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  764.784941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.092219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.163261] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.166457] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  765.170062] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.179814] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.187493] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.325251] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  765.330165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.382573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.437600] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.474921] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  765.475660] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.480179] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.553655] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  765.556197] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  765.558941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.566257] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.574484] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.586172] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.742583] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  765.747434] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.800435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.858694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.871219] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  765.873389] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  765.876219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.896753] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.913021] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.920115] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  765.965307] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.269414] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.272221] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.275274] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.326845] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.379533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.405260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.433095] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.441292] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.748673] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.800781] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.851939] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.914087] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  766.968034] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  767.020444] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  767.329747] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  767.379640] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  767.496337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  767.552931] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  767.607505] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  767.916415] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  767.966771] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  768.077782] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  768.139175] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  768.193924] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  768.398185] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  768.401070] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  768.404492] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  768.409714] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  768.412446] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  768.498950] perf: interrupt took too long (4026 > 4023), lowering kernel.perf_event_max_sample_rate to 49000
[  768.502086] perf: interrupt took too long (5253 > 5032), lowering kernel.perf_event_max_sample_rate to 38000
[  768.503506] perf: interrupt took too long (6569 > 6566), lowering kernel.perf_event_max_sample_rate to 30000
[  768.507072] perf: interrupt took too long (8248 > 8211), lowering kernel.perf_event_max_sample_rate to 24000
[  768.511191] perf: interrupt took too long (10323 > 10310), lowering kernel.perf_event_max_sample_rate to 19000
[  768.517162] perf: interrupt took too long (12912 > 12903), lowering kernel.perf_event_max_sample_rate to 15000
[  768.527666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  768.539207] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  768.549378] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  768.641344] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  768.701678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  768.758827] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  768.762810] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  768.783276] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  768.789056] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  768.791459] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  768.797793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  768.804526] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  769.071230] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  769.121382] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  769.172620] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  769.180416] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  769.328842] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  769.386003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  769.445321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  769.764411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  769.814028] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  769.918978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  769.982481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  770.046903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  770.357101] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  770.407790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  770.437615] Bluetooth: hci2: command tx timeout
[  770.458793] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  770.538685] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  770.598252] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  770.655759] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  770.663933] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  770.885719] Bluetooth: hci3: command tx timeout
[  770.973246] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  771.024472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  771.074281] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  771.156378] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  771.220020] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  771.292748] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  771.602822] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  771.657420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  772.485689] Bluetooth: hci2: command tx timeout
[  772.933589] Bluetooth: hci3: command tx timeout
[  774.533710] Bluetooth: hci2: command tx timeout
[  774.981605] Bluetooth: hci3: command tx timeout
[  776.581614] Bluetooth: hci2: command tx timeout
[  777.029719] Bluetooth: hci3: command tx timeout
[  778.734598] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  778.735720] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  778.817652] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  778.818262] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  778.920538] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  778.921249] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  778.925009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  778.955132] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  778.957773] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  778.958348] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  779.051993] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.062758] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.260918] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.372223] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.432754] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[  779.436075] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.444485] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.457987] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.463493] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.467325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.471513] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.475180] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.773624] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.778852] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.795844] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.892103] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.894198] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.894383] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.905916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.917061] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  779.949296] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.007905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.216695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.229755] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.259308] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.297430] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.306372] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.321203] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.343461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.373185] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.377522] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.476476] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.544062] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.601449] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.622939] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.914105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.968367] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  781.018928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  781.072411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  781.126158] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  781.180349] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  781.486339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  781.536502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  781.636148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  781.689925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  781.744874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  782.052013] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  782.101165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  782.204325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  782.260602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  782.391491] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  782.806362] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  782.810688] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  782.814364] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  782.821090] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  782.825214] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  783.064213] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  783.066903] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  783.068977] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  783.073186] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  783.078360] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  783.340244] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  783.346017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  783.402993] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  783.589242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  783.651674] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  783.709351] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  784.043919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  784.056048] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  784.066189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  784.188079] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  784.246385] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  784.304802] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  784.618399] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  784.666967] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  784.818318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  784.882654] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  784.901634] Bluetooth: hci2: command tx timeout
[  784.937572] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  785.095509] Bluetooth: hci3: command tx timeout
[  785.251266] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  785.300085] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  785.452408] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  785.509894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  785.568683] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  785.884844] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  785.933957] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  786.949646] Bluetooth: hci2: command tx timeout
[  787.141675] Bluetooth: hci3: command tx timeout
[  788.997807] Bluetooth: hci2: command tx timeout
[  789.189721] Bluetooth: hci3: command tx timeout
[  791.045758] Bluetooth: hci2: command tx timeout
[  791.238326] Bluetooth: hci3: command tx timeout
[  793.289958] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  793.291115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  793.352835] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  793.353473] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  793.459904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  793.468784] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  793.776977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  797.300977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  797.302423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  797.359647] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  797.360744] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  797.456942] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  797.469939] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  797.777487] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  797.844833] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  797.864835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  797.875221] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  797.889089] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  797.899882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  797.955835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  798.182481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  798.198307] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  798.260523] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  798.267888] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  798.305398] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  798.314759] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  798.317949] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  798.325940] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  798.634623] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  798.721303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  798.761469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  800.848405] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  800.853122] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  800.856214] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  800.864193] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  800.867171] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  801.233299] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  801.237131] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  801.240846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  801.244285] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  801.250611] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  802.885864] Bluetooth: hci2: command tx timeout
[  803.270823] Bluetooth: hci3: command tx timeout
[  804.933624] Bluetooth: hci2: command tx timeout
[  805.317880] Bluetooth: hci3: command tx timeout
[  806.981683] Bluetooth: hci2: command tx timeout
[  807.365651] Bluetooth: hci3: command tx timeout
[  809.029671] Bluetooth: hci2: command tx timeout
[  809.413775] Bluetooth: hci3: command tx timeout
[  810.615387] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  810.616119] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  810.687993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  810.688807] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  810.754221] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  810.763288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  811.073305] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  811.080725] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  811.187186] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  813.646952] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  813.649214] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  813.651167] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  813.655949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  813.666858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  815.041426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  815.042096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  815.103029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  815.104204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  815.191738] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  815.206002] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  815.513665] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  815.633505] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  815.639064] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  815.649302] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  815.749689] Bluetooth: hci3: command tx timeout
[  815.962502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  815.964161] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  815.968445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  816.024978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  816.066342] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  817.797737] Bluetooth: hci3: command tx timeout
[  818.527323] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  818.533520] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  818.535975] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  818.541418] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  818.544454] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  819.845608] Bluetooth: hci3: command tx timeout
[  820.613810] Bluetooth: hci2: command tx timeout
[  821.893643] Bluetooth: hci3: command tx timeout
[  822.661612] Bluetooth: hci2: command tx timeout
[  824.709749] Bluetooth: hci2: command tx timeout
[  826.758042] Bluetooth: hci2: command tx timeout
[  827.876053] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  827.876707] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  827.906051] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  827.906839] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  827.975633] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  827.976192] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  827.999415] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  828.000007] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  828.049499] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.056420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.074803] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.085631] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.362469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.393005] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.412128] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.426874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.448003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.456303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.733178] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.770762] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.794470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  828.808085] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.119725] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.184141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.192876] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.198477] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.202452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.518447] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.534576] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.578765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.591849] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.899621] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.948724] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.972859] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  831.952767] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  831.956872] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  831.960807] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  831.966672] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  831.969357] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  832.399839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  832.402362] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  832.404027] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  832.407401] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  832.409856] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  834.053995] Bluetooth: hci2: command tx timeout
[  834.437617] Bluetooth: hci3: command tx timeout
[  835.013896] Bluetooth: hci5: command 0x0406 tx timeout
[  836.101617] Bluetooth: hci2: command tx timeout
[  836.485619] Bluetooth: hci3: command tx timeout
[  838.149658] Bluetooth: hci2: command tx timeout
[  838.533606] Bluetooth: hci3: command tx timeout
[  840.197821] Bluetooth: hci2: command tx timeout
[  840.582027] Bluetooth: hci3: command tx timeout
[  841.980931] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  841.981589] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  842.064785] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  842.065394] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  842.217087] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  842.229896] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  842.542283] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  842.552336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  842.610883] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  842.640991] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  842.712762] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  842.735854] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  843.045149] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  843.142550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  843.554603] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  843.555230] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  843.584888] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  843.585460] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  843.678474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  843.686982] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  843.993745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  844.054953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  844.067273] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  844.375278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  844.382003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  844.444053] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  844.454784] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  844.763429] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  844.819321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  844.828592] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  845.139476] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  845.234103] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  845.584616] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  845.587191] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  845.588975] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  845.593008] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  845.595925] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  847.621658] Bluetooth: hci2: command tx timeout
[  847.643968] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  847.647042] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  847.649976] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  847.654736] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  847.658361] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  849.669638] Bluetooth: hci2: command tx timeout
[  849.733726] Bluetooth: hci3: command tx timeout
[  851.718644] Bluetooth: hci2: command tx timeout
[  851.781772] Bluetooth: hci3: command tx timeout
[  853.765663] Bluetooth: hci2: command tx timeout
[  853.829664] Bluetooth: hci3: command tx timeout
[  855.878611] Bluetooth: hci3: command tx timeout
[  857.623386] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  857.624026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  857.668174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  857.669034] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  857.702082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  857.702695] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  857.742367] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  857.742971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  857.796690] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  857.803487] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  857.846846] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  857.854135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.111233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.164455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.171071] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.193858] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.210248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.229991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.237698] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.515610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.550130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.608006] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.617011] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.622586] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.628505] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.637033] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.945016] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.954267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.954456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.006941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.017323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.326527] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.389779] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.417459] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.431015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.737421] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.783805] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.808154] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  861.778253] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  861.782667] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  861.784444] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  861.789895] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  861.793781] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  862.224642] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  862.229530] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  862.231435] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  862.239879] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  862.243493] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  863.813654] Bluetooth: hci2: command tx timeout
[  864.262790] Bluetooth: hci3: command tx timeout
[  865.862274] Bluetooth: hci2: command tx timeout
[  866.309840] Bluetooth: hci3: command tx timeout
[  867.909610] Bluetooth: hci2: command tx timeout
[  868.357592] Bluetooth: hci3: command tx timeout
[  869.958692] Bluetooth: hci2: command tx timeout
[  870.405927] Bluetooth: hci3: command tx timeout
[  871.946942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  871.947893] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  872.005475] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  872.006099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  872.094351] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  872.103261] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  872.106293] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  872.413853] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  872.420096] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  872.459714] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  872.468604] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  872.776656] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  872.779941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  872.851777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  872.861798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  872.864431] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  873.170386] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  873.179298] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  873.232722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  873.242330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  873.555504] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  873.576831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  875.354647] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  875.357172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  875.404216] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  875.405493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  875.520286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  875.530878] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  875.839892] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  875.898017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  875.908906] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  876.053424] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  876.059874] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  876.061883] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  876.066999] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  876.070939] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  876.219263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  876.311854] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  876.329642] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  876.637226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  876.691364] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  876.714790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  878.099810] Bluetooth: hci2: command tx timeout
[  879.192526] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  879.196970] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  879.199063] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  879.203918] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  879.206613] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  880.133646] Bluetooth: hci2: command tx timeout
[  881.222040] Bluetooth: hci3: command tx timeout
[  882.181662] Bluetooth: hci2: command tx timeout
[  883.269651] Bluetooth: hci3: command tx timeout
[  884.229683] Bluetooth: hci2: command tx timeout
[  885.317722] Bluetooth: hci3: command tx timeout
[  886.966571] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  886.967181] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  887.027294] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  887.028017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  887.113720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  887.122143] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  887.365929] Bluetooth: hci3: command tx timeout
[  887.427392] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  887.429759] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  887.474828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  887.486719] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  887.796293] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  887.803300] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  887.864321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  887.883014] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  888.187805] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  888.194718] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  888.230487] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  888.238670] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  888.242625] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  888.541870] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  888.542572] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  888.575271] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  888.576677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  888.579790] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  888.580418] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  888.643155] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  888.659333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  888.674443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  888.993418] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  891.024058] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  891.028914] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  891.031028] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  891.037319] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  891.040037] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  891.407807] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  891.410076] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  891.411851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  891.415266] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  891.417673] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  893.062668] Bluetooth: hci2: command tx timeout
[  893.445609] Bluetooth: hci3: command tx timeout
[  895.110667] Bluetooth: hci2: command tx timeout
[  895.494278] Bluetooth: hci3: command tx timeout
[  897.158592] Bluetooth: hci2: command tx timeout
[  897.542742] Bluetooth: hci3: command tx timeout
[  899.205684] Bluetooth: hci2: command tx timeout
[  899.591574] Bluetooth: hci3: command tx timeout
[  900.920130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  900.920760] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  900.996276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  900.997182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  901.096941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.105452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.199748] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  901.200387] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  901.245586] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  901.246155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  901.321958] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.331250] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.411401] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.445195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.452428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.639498] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.678716] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.707794] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.757115] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.794468] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.803770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.015400] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.112030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.116727] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.167496] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.179173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.183496] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.247428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.493488] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.559586] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.571603] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.592589] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.893191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  904.973399] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  904.979910] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  904.983258] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  904.989490] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  904.992247] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  905.293469] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  905.300860] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  905.302175] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  905.306650] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  905.311125] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  907.077593] Bluetooth: hci2: command tx timeout
[  907.333883] Bluetooth: hci3: command tx timeout
[  909.125604] Bluetooth: hci2: command tx timeout
[  909.382000] Bluetooth: hci3: command tx timeout
[  911.173623] Bluetooth: hci2: command tx timeout
[  911.429589] Bluetooth: hci3: command tx timeout
[  913.221737] Bluetooth: hci2: command tx timeout
[  913.477659] Bluetooth: hci3: command tx timeout
[  914.213935] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  914.214649] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  914.293000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  914.293677] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  914.407663] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  914.469023] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  914.783397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  914.789378] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  914.834645] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  914.839145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  914.847966] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.150730] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  915.157751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.161120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.286679] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  915.287330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  915.287683] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.319727] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.321521] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.325133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  915.325883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  915.400504] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.408263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.627719] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.632622] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.679472] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[  915.686404] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  915.695290] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.704939] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.714391] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.771685] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.781775] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.012825] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[  916.017047] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  916.024291] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.029187] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.095316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.098509] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.110805] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.182196] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.200843] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.417385] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.486695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.496999] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  916.501240] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.509267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.515119] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.573522] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.583352] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.815725] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.821939] netlink: 'syz-executor.4': attribute type 16 has an invalid length.
[  916.824846] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.830511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.888995] netlink: 'syz-executor.4': attribute type 3 has an invalid length.
[  916.893938] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.904455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.915950] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  917.229646] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  919.308742] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  919.311879] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  919.313896] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  919.317202] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  919.320512] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  919.634263] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  919.637960] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  919.639435] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  919.642420] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  919.644516] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  921.349808] Bluetooth: hci2: command tx timeout
[  921.669623] Bluetooth: hci3: command tx timeout
[  923.397596] Bluetooth: hci2: command tx timeout
[  923.719568] Bluetooth: hci3: command tx timeout
[  925.445587] Bluetooth: hci2: command tx timeout
[  925.765671] Bluetooth: hci3: command tx timeout
[  927.493713] Bluetooth: hci2: command tx timeout
[  927.813739] Bluetooth: hci3: command tx timeout
[  929.168912] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  929.169583] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  929.233137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  929.233819] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  929.336478] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  929.344152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  929.403078] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  929.403766] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  929.434209] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  929.434830] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  929.485951] netlink: 'syz-executor.4': attribute type 3 has an invalid length.
[  929.488361] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  929.495629] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  929.657707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  929.805847] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  929.918240] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  929.927213] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  930.234249] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  930.374956] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  930.385501] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  930.757371] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  930.761718] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  930.828823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  930.837031] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  930.844095] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  930.891983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  932.053158] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  932.056064] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  932.059898] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  932.066976] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  932.069706] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  933.344507] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  933.347506] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  933.359736] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  933.363049] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  933.365338] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  934.150807] Bluetooth: hci2: command tx timeout
[  935.429708] Bluetooth: hci3: command tx timeout
[  936.199269] Bluetooth: hci2: command tx timeout
[  937.477610] Bluetooth: hci3: command tx timeout
[  938.245629] Bluetooth: hci2: command tx timeout
[  939.525716] Bluetooth: hci3: command tx timeout
[  940.293777] Bluetooth: hci2: command tx timeout
[  941.573698] Bluetooth: hci3: command tx timeout
[  943.837184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  943.837811] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  943.893950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  943.894647] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  943.973697] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  943.980185] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  943.982991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  943.989041] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  943.991747] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  944.297449] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  944.300451] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  944.304952] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  944.310095] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  945.886225] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  945.887803] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  945.951910] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  945.953215] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  946.057603] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.068693] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.376437] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.448737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.457888] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.462347] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.476435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.769526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.788246] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.826396] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.836371] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.894399] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.913099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.146919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.215032] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.228634] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.250346] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.388180] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.402209] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  947.409474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.446247] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.456219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.814023] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.823314] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  947.828720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.836824] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.842573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  948.206428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  948.216986] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  948.224787] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  948.236442] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  948.243099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  948.662917] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  949.780172] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  949.784278] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  949.786228] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  949.793067] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  949.796922] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  951.065106] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  951.068622] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  951.071128] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  951.076867] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  951.078811] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  951.813673] Bluetooth: hci2: command tx timeout
[  953.093608] Bluetooth: hci3: command tx timeout
[  953.861688] Bluetooth: hci2: command tx timeout
[  955.141657] Bluetooth: hci3: command tx timeout
[  955.909591] Bluetooth: hci2: command tx timeout
[  957.189586] Bluetooth: hci3: command tx timeout
[  957.957610] Bluetooth: hci2: command tx timeout
[  959.238100] Bluetooth: hci3: command tx timeout
[  961.294174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  961.295001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  961.351619] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  961.352239] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  961.445200] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  961.459881] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[  961.491445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  961.748438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  961.749233] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  961.800466] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  961.801049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  961.905815] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  961.920209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  962.231443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  962.289152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  962.299013] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  962.606745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  962.659090] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  962.669600] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  962.977489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  963.053380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  963.921081] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  963.923170] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  963.924724] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  963.931314] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  963.933415] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  965.466332] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  965.468702] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  965.470392] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  965.478640] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  965.485909] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  965.957914] Bluetooth: hci2: command tx timeout
[  967.557771] Bluetooth: hci3: command tx timeout
[  968.006192] Bluetooth: hci2: command tx timeout

VM DIAGNOSIS:
23:36:49  Registers:
info registers vcpu 0
RAX=ffffffff87cbddd8 RBX=ffff88800a4db700 RCX=0000000000000000 RDX=000000000000009f
RSI=0000000000000000 RDI=ffffffff85ef5260 RBP=ffff88800a4dc158 RSP=ffff8880424575e0
R8 =0000000000000000 R9 =000000000000009f R10=0000000000000001 R11=0000000000000000
R12=ffff88800a4dc180 R13=0000000000000000 R14=0000000000000001 R15=0000000000040000
RIP=ffffffff8151ca13 RFL=00000007 [-----PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e53ba000 00000000 00000000
LDT=0000 ffff888000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fd227509310 CR3=000000003eb8d000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=6461657268747062696c2f756e672d78
XMM02=00302e6f732e6461657268747062696c XMM03=2f756e672d78756e696c2d34365f3638
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000020005 RBX=ffff888048e63700 RCX=0000000000000000 RDX=0000000000000005
RSI=0000000000000000 RDI=ffffffff85e1d9a0 RBP=ffff888048e64158 RSP=ffff888040d3f358
R8 =0000000000000000 R9 =0000000000000005 R10=0000000000000001 R11=0000000000000000
R12=ffff888048e64180 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8151c9d4 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f89dd63f540 00000000 00000000
GS =0000 ffff8880e54ba000 00000000 00000000
LDT=0000 fffffe7c00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f89dd710710 CR3=00000000172f8000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000ff0000000000000000000000ff00 XMM01=ffff00ffffffffffffffffffffff00ff
XMM02=4c4700362e322e325f4342494c470035 XMM03=00000000000000000000000000470035
XMM04=4342494c4700362e322e325f4342494c XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000