02:25:25 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448c9, &(0x7f0000000440))
BUG: memory leak
unreferenced object 0xffff88803efa3900 (size 96):
  comm "softirq", pid 0, jiffies 4295059050 (age 24.226s)
  hex dump (first 32 bytes):
    01 00 00 00 00 01 02 ff 04 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000028583acb>] __skb_ext_alloc+0x19/0x80 net/core/skbuff.c:6224
    [<0000000048c24b0a>] skb_ext_add+0x503/0x670 net/core/skbuff.c:6319
    [<0000000006fb7421>] skb_set_kcov_handle include/linux/skbuff.h:4622 [inline]
    [<0000000006fb7421>] skb_set_kcov_handle include/linux/skbuff.h:4612 [inline]
    [<0000000006fb7421>] __alloc_skb+0x3c1/0x620 net/core/skbuff.c:253
    [<00000000197c827a>] skb_copy+0x12b/0x2e0 net/core/skbuff.c:1522
    [<000000006aa5c612>] mac80211_hwsim_tx_frame_no_nl.isra.0+0xb3e/0x1370 drivers/net/wireless/mac80211_hwsim.c:1495
    [<000000004266c16f>] mac80211_hwsim_tx_frame+0x152/0x1e0 drivers/net/wireless/mac80211_hwsim.c:1712
    [<0000000070e6c0ac>] mac80211_hwsim_beacon_tx+0x49d/0x900 drivers/net/wireless/mac80211_hwsim.c:1766
    [<0000000033adbfa0>] __iterate_interfaces+0x1f0/0x530 net/mac80211/util.c:792
    [<000000004bf355ad>] ieee80211_iterate_active_interfaces_atomic+0x72/0x180 net/mac80211/util.c:828
    [<00000000dacf3798>] mac80211_hwsim_beacon+0xd5/0x1a0 drivers/net/wireless/mac80211_hwsim.c:1789
    [<000000004c4e9f09>] __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
    [<000000004c4e9f09>] __hrtimer_run_queues+0x5e8/0xb50 kernel/time/hrtimer.c:1601
    [<000000005091e420>] hrtimer_run_softirq+0x148/0x300 kernel/time/hrtimer.c:1618
    [<00000000dbc67a98>] __do_softirq+0x1b6/0x86a kernel/softirq.c:298
    [<0000000087f7334d>] asm_call_irq_on_stack+0x12/0x20
    [<00000000fcf8bf74>] __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
    [<00000000fcf8bf74>] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
    [<00000000fcf8bf74>] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77
    [<00000000cee394ca>] invoke_softirq kernel/softirq.c:393 [inline]
    [<00000000cee394ca>] __irq_exit_rcu kernel/softirq.c:423 [inline]
    [<00000000cee394ca>] irq_exit_rcu+0x110/0x1a0 kernel/softirq.c:435

BUG: memory leak
unreferenced object 0xffff88803efa3600 (size 96):
  comm "softirq", pid 0, jiffies 4295059051 (age 24.225s)
  hex dump (first 32 bytes):
    01 00 00 00 00 01 02 ff 04 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000028583acb>] __skb_ext_alloc+0x19/0x80 net/core/skbuff.c:6224
    [<0000000048c24b0a>] skb_ext_add+0x503/0x670 net/core/skbuff.c:6319
    [<0000000006fb7421>] skb_set_kcov_handle include/linux/skbuff.h:4622 [inline]
    [<0000000006fb7421>] skb_set_kcov_handle include/linux/skbuff.h:4612 [inline]
    [<0000000006fb7421>] __alloc_skb+0x3c1/0x620 net/core/skbuff.c:253
    [<00000000197c827a>] skb_copy+0x12b/0x2e0 net/core/skbuff.c:1522
    [<000000006aa5c612>] mac80211_hwsim_tx_frame_no_nl.isra.0+0xb3e/0x1370 drivers/net/wireless/mac80211_hwsim.c:1495
    [<000000004266c16f>] mac80211_hwsim_tx_frame+0x152/0x1e0 drivers/net/wireless/mac80211_hwsim.c:1712
    [<0000000070e6c0ac>] mac80211_hwsim_beacon_tx+0x49d/0x900 drivers/net/wireless/mac80211_hwsim.c:1766
    [<0000000033adbfa0>] __iterate_interfaces+0x1f0/0x530 net/mac80211/util.c:792
    [<000000004bf355ad>] ieee80211_iterate_active_interfaces_atomic+0x72/0x180 net/mac80211/util.c:828
    [<00000000dacf3798>] mac80211_hwsim_beacon+0xd5/0x1a0 drivers/net/wireless/mac80211_hwsim.c:1789
    [<000000004c4e9f09>] __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
    [<000000004c4e9f09>] __hrtimer_run_queues+0x5e8/0xb50 kernel/time/hrtimer.c:1601
    [<000000005091e420>] hrtimer_run_softirq+0x148/0x300 kernel/time/hrtimer.c:1618
    [<00000000dbc67a98>] __do_softirq+0x1b6/0x86a kernel/softirq.c:298
    [<0000000087f7334d>] asm_call_irq_on_stack+0x12/0x20
    [<00000000fcf8bf74>] __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
    [<00000000fcf8bf74>] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
    [<00000000fcf8bf74>] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77
    [<00000000cee394ca>] invoke_softirq kernel/softirq.c:393 [inline]
    [<00000000cee394ca>] __irq_exit_rcu kernel/softirq.c:423 [inline]
    [<00000000cee394ca>] irq_exit_rcu+0x110/0x1a0 kernel/softirq.c:435

BUG: memory leak
unreferenced object 0xffff88803efa3700 (size 96):
  comm "softirq", pid 0, jiffies 4295059134 (age 24.142s)
  hex dump (first 32 bytes):
    01 00 00 00 00 01 02 ff 03 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000028583acb>] __skb_ext_alloc+0x19/0x80 net/core/skbuff.c:6224
    [<0000000048c24b0a>] skb_ext_add+0x503/0x670 net/core/skbuff.c:6319
    [<0000000006fb7421>] skb_set_kcov_handle include/linux/skbuff.h:4622 [inline]
    [<0000000006fb7421>] skb_set_kcov_handle include/linux/skbuff.h:4612 [inline]
    [<0000000006fb7421>] __alloc_skb+0x3c1/0x620 net/core/skbuff.c:253
    [<00000000197c827a>] skb_copy+0x12b/0x2e0 net/core/skbuff.c:1522
    [<000000006aa5c612>] mac80211_hwsim_tx_frame_no_nl.isra.0+0xb3e/0x1370 drivers/net/wireless/mac80211_hwsim.c:1495
    [<000000004266c16f>] mac80211_hwsim_tx_frame+0x152/0x1e0 drivers/net/wireless/mac80211_hwsim.c:1712
    [<0000000070e6c0ac>] mac80211_hwsim_beacon_tx+0x49d/0x900 drivers/net/wireless/mac80211_hwsim.c:1766
    [<0000000033adbfa0>] __iterate_interfaces+0x1f0/0x530 net/mac80211/util.c:792
    [<000000004bf355ad>] ieee80211_iterate_active_interfaces_atomic+0x72/0x180 net/mac80211/util.c:828
    [<00000000dacf3798>] mac80211_hwsim_beacon+0xd5/0x1a0 drivers/net/wireless/mac80211_hwsim.c:1789
    [<000000004c4e9f09>] __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
    [<000000004c4e9f09>] __hrtimer_run_queues+0x5e8/0xb50 kernel/time/hrtimer.c:1601
    [<000000005091e420>] hrtimer_run_softirq+0x148/0x300 kernel/time/hrtimer.c:1618
    [<00000000dbc67a98>] __do_softirq+0x1b6/0x86a kernel/softirq.c:298
    [<0000000087f7334d>] asm_call_irq_on_stack+0x12/0x20
    [<00000000fcf8bf74>] __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
    [<00000000fcf8bf74>] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
    [<00000000fcf8bf74>] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77
    [<00000000cee394ca>] invoke_softirq kernel/softirq.c:393 [inline]
    [<00000000cee394ca>] __irq_exit_rcu kernel/softirq.c:423 [inline]
    [<00000000cee394ca>] irq_exit_rcu+0x110/0x1a0 kernel/softirq.c:435

BUG: leak checking failed